A picture of the Norse Attack Map, which tracks global cyberattacks in real time, 13 September 2015. Photo credit: Christiaan Colen (CC BY-SA 2.0) 

States are meeting this week at the UNODC in Geneva to discuss criminal justice responses to prevent and counter cybercrime, which uses new technologies to generate some $1.5tn in revenue per year, with a rapidly increasing amount laundered via equally cutting-edge digital methods that often avoid detection.

From £2,000 fake ebooks on Amazon and phony listings on Airbnb to ghost journeys on Uber and in-game currencies on video games, the cyberlaunderer’s black market has come a long way from Walter White’s car wash.

Today’s cybercriminals operate in another orbit to yesterday’s crooks thanks to these new and unlikely ways to wash dirty money. And because traditional methods of tracking money laundering rely heavily on the policing of bank transactions, they’re leaving authorities for dust.

“Keeping track of the ingenious ways in which cybercriminals are utilising digitally enabled means of laundering is one of the major policing challenges of the moment,” says Dr Michael McGuire, a professor of criminology at the University of Surrey and author of a new study on cybercrime.

Around $200bn, 10% of the estimated $2tn laundered annually, is cyberlaundered today. By 2020 the proportion laundered digitally v traditional cash methods is expected to double, as economies become increasingly cashless.

“Confronted with a quickly evolving landscape of digital laundering techniques and increasingly affluent cybercriminal groups, under-funded and under-resourced policing agencies are finding it hard to match [them],” says McGuire.

The rapid expansion of fintech, e-commerce and mobile app services has made doing business and transferring money faster and more seamless than ever before. But it has also opened the floodgates to cyberlaunderers who are now finding ways to co-opt legitimate sites and platforms for their own means.

Accordingly, transaction laundering has become a huge financial blindspot for authorities.

“The spike in digital financial crime accompanying the frictionless payments systems these technologies promote suggests criminals may be innovating as quickly, if not quicker,” wrote Izabella Kaminska, editor of the Financial Times’ Alphaville blog, in March 2017. “For now at least, more fintech equals more ‘crimtech’”.

Products listed at astronomically high prices on eBay appear to be real transactions when sold but are in fact methods to launder and secretly send cash. This simple, popular ruse has been used by Islamic State to funnel cash to operatives in the Middle East, according to the FBI.

Similar fake transactions are found elsewhere. Books of gibberish are listed on Amazon for thousands of dollars and are believed to facilitate money laundering.

Titles such as I Have Abundance Overflowing In My Life Forever: Brinks Trucks Follow Me Everrywhere I Go Eternally (Whatever You Ask Believe Receive) are advertised for around $2,000.

One author, who was contacted by US tax authorities, claims fraudulent sales of his obscure books were used to send almost $24,000.

A simulated cyberattack at an IBM security centre in Cambridge, in the US state of Massachusetts, 6 October 2015. Photo credit: John Mottern/Feature Photo Service for IBM
A simulated cyberattack at an IBM security centre in Cambridge, in the US state of Massachusetts, 6 October 2015. Photo credit: John Mottern/Feature Photo Service for IBM

Much the same thing happens through “ghost journeys” on Uber, where complicit drivers accept ride requests from money laundering clients at pre-established rates. There are even guides online explaining how to do this.

On Airbnb, properties are apparently let out without anyone actually staying in them. It has been reported that fraudsters use stolen credit cards to launder their dirty money in cahoots with obliging Airbnb hosts who then send back a percentage of the sum.

Elsewhere, Paul Manafort, Donald Trump’s former campaign chairman, allegedly used laundered money from an offshore account in Cyprus to buy a $2.85m Manhattan apartment that he made thousands renting through Airbnb, despite it being against the terms of the lease.

Video games including Fifa and Counter Strike sell in-game items that allow users to more quickly progress through the game.

These items are resold for thousands on gaming marketplaces where laundering reportedly occurs, while it is also possible to send convertible virtual money to associates abroad.

“Cyberlaundering is on an upward trajectory. It’s rising with the everyday use of the internet,” says Michael Perklin, a digital forensic investigator responsible for catching cyberlaunderers.

Payments for items on eBay are often made via PayPal, which was previously the de rigeur tool for cyberlaundering before the rise of cryptocurrencies such as ZCash and Monero that offer near-total anonymity, but remains popular with criminals.

“Microlaundering is the most obvious way to circumvent PayPal’s payment limits,” says Dr McGuire. “You just run thousands of payments through various accounts. It’s almost impossible to detect.”

PayPal processed $49bn in the first quarter of 2018 alone and was subpoenaed last year by US federal prosecutors investigating the effectiveness of its anti-money laundering programme.

woman using laptop in dark room 27 Aug 2012_Flickr_Andrés Nieto Porras (CC BY-SA 2.0)
Photo credit: Andrés Nieto Porras (CC BY-SA 2.0)

The world is shifting away from traditional banking systems, thanks to the rapid growth of alternative payment options such as Alipay, WeChat Pay, Circle Pay and M-Pesa, which is now Africa’s leading digital money platform. As these mobile payment systems have grown in popularity, so too have they become an integral tool within the developing cybercrime economy.

The US Department of State recently warned that m-payment systems, which accounted for over $700bn transactions globally in 2017, are highly vulnerable to money laundering.

“Financial regulators have their heads in their hands over this kind of thing,” McGuire continues. “It’s almost like how the postal system is used as part of the cybercrime economy, you simply cannot examine every single packet or, indeed, a transaction of less than £1,000.”

“Either it will just have to be accepted as a fact of the day, or if there’s a real keenness to control it there’s going to have to be a mindset change on how small payments are handled and tackled.”

Mattha Busby