A recent report revealed how computer hackers use crypto assets to launder money collected through large-scale frauds.
The report was produced by BAE Systems Applied Intelligence and commissioned by SWIFT.
It is entitled “Follow the Money” and describes the complex network of front companies that hackers use to obtain liquid assets by avoiding the traceability of funds.
Hackers often use unsuspecting jobseekers to act as “money mules” and use the help of people inside financial institutions.
Money mules are used to make fiat cash withdrawals in their name at ATMs so that the name of the hackers is not associated with the stolen funds, but that of the unsuspecting intermediaries.
Then, thanks to the complicity of people inside the financial institutions, they deposit the money without the necessary KYC checks, compliance and due diligence on the opening of new current accounts.
Once the fiat currencies have been cashed, they use them to buy goods such as real estate or jewellery, i.e. assets that are more capable of maintaining their value over time, and less likely to attract the attention of law enforcement agencies.
Alternatively, they convert the funds into cryptocurrencies, which they then pour on wallets tied to debit cards that can be fuelled with crypto after using mixers to obscure where they come from, so that they can be spent freely.
Cybercriminals also tend to invest in textiles, clothing, fishing and marine products to hide the origin of their funds, and they operate mostly in some parts of East Asia where less stringent regulations make it easier to carry out these activities.
The total number of cases identified as money laundering through cryptocurrency is still very low, although there have been at least a couple of major incidents involving millions of dollars.
The system described in the report is highly complex, involving many people, and has been unveiled in this report to enable the more than 11,000 financial institutions that are part of the SWIFT consortium to learn how best to protect themselves.
The Head of SWIFT’s Customer Security Programme, Brett Lancaster, said:
“The threat posed by cyber-attacks to the financial sector has never been greater. Attackers are well-resourced, constantly evolving their modus operandi and using untraceable money laundering techniques. The report highlights how the growth in cyber-attacks is increasing the need for the convergence of anti-money laundering, fraud and cybersecurity processes in financial institutions. It calls for them to increase information sharing, tighten due diligence requirements and smartly invest in maintaining systems to strengthen their defences”.
The Cyber Security Financial Services Sector Lead of BAE Systems Applied Intelligence, Simon Viney, commented:
“The activity from cyber criminals and gangs across the world is estimated to result in over $1.5 trillion dollars in annual losses. This report focuses on money laundering related activities necessary for cyber attackers to conduct and ‘cash out’ a successful attack and avoid the money subsequently being traced. As technology and criminals’ techniques evolve at a rapid pace, so will the need for institutions, both private sector and law enforcement, to collaborate and maintain awareness of evolving money laundering techniques, in order to reduce the opportunities for threat groups to benefit from committing high-value cyber heists”.