DIGITAL FUTURES PROJECT November 2017

Follow the Money: Civilizing the Darkweb Economy By Tom Kellermann, Global Fellow

Introduction Digital payment systems and financial services have the global financial system has not been without its become an essential part of modern technological share of problems. The growing use of cyber as a infrastructure, growing exponentially over the past domain for financial activity has inherently expanded three decades and continuously innovating to meet the potential attack surface for would-be cyber crim- the demands of the international financial system.1 inals and the World Economic Forum now estimates These systems and services have already revolu- that the cost to the global economy due to cyber- tionized payments in many parts of the world. Re- crime is roughly $445 billion a year.3 search indicates that widespread adoption and use of digital financial services could provide access to Yet despite this increased potential for wrongdoing, an additional 1.6 billion unbanked and underbanked the pervasiveness of cybercrime that we observe today is not inevitable. Rather, this modern epi- people.2 By 2025, this could increase the GDPs of demic of cybercrime is sustained via the transfer of all emerging economies by 6 percent, or a total of capital associated with virtual currencies. $3.7 trillion. While many digital services implement Anti-Money Despite the real utility that such innovation has Laundering (AML) and Know Your Customer (KYC) delivered, however, the increasing digitization of DIGITAL FUTURES PROJECT November 2017

protocols, criminal entities have demonstrated to successfully transport the illicit goods and ser- innovative rigor in their efforts to continuously abuse vices around the world. The goal of this report is to the loopholes and take advantage of selective en- “civilize” one leg of the stool—the utility of financial forcement and defensive vulnerabilities that plague vehicles to allow for the exchange of illegal goods the financial services sector today. The international and services and the application of AML practices to financial system is constantly facing new threats as curb cybercrime. technology proliferates and diversifies. Increasingly, Before launching into individuals and syndicates use these systems to by- potential policy prescrip- is pass traditional indicator and warning systems relied tions, however, in order upon by regulators and law enforcement. Accord- distinct from common to properly understand ing to a recent FBI statistic, “three in four money mediums of exchange why virtual currencies laundering cases involve digital currencies.”4 While are central to the in- because it is not fund- digital currency is still a relatively specialized mar- creasing prevalence of ket, one continuous issue has been the increasing ed by a central bank cybercrime and the seri- number of security breaches and thefts on digital or government. ous financial implications currency exchange platforms.5 This is because there of this, it is useful to are few cryptocurrency exchanges that perform KYC conceptualize what is meant by “digital currencies” procedures and basic security checks, both of which and to examine innovation in the realm of virtual have been commonplace protocols in major ex- currencies and the underlying technology involved changes for over a decade.6 can in payment systems. easily take place in these virtual environments, as they can provide high levels of anonymity and low levels of detection. Digital Currencies 101: Money laundering through digital currency and payment systems is just one example of illicit Digital currency is defined as “digital certificates of activity online. Other criminal markets include child ownership of real currencies or precious metals, pornography, weapons and drug sales, hackers and with the digital certificate being the virtual curren- murder for hire, zero day exploits, and false identity c y .” 8 Digital currency is distinct from common medi- documents. The advent of these criminal markets ums of exchange because it is not funded by a cen- enabled by anonymous virtual currencies have creat- tral bank or government. The borderless features of ed a global bazaar for criminals and organized crime the Internet allow this privately issued currency to to reach a mass global market.”7 complete instantaneous transactions worldwide. In regard to digital currency, there are generally two Collectively, these digital infrastructures represent main types: centralized and decentralized. a “3-legged stool” of illicit activity: it allows for the storage of illicit goods and services, it provides Centralized digital currency is stored in a central utility of financial vehicles to allow for the exchange repository, where users can exchange the digital of goods and services, and it develops techniques currency with other account holders.9 When con- DIGITAL FUTURES PROJECT November 2017

Definitions

• Virtual Currency: As defined by FATF this includes cryptocurrencies like bitcoin, but also a range of other digital payment systems like the Russian’s WebMoney, the Chinese AliPay, and PayPal as well as many others.

• Dark Web: An Internet within the Internet of mainly anonymous sites which include many criminal markets and forums. Accessible through easy to obtain special software.

• Deep Web: Password protected and unindexed sites on the regular Internet which in- cludes many criminal sites and forums.

• Darkweb: A term which collectively includes the criminal and terrorist sites on the Deep Web and the DarkWeb defined above.

• Exchanges: Serving to exchange fiat currency (dollars, euros….) for Virtual Currencies like bitcoin, WebMoney, stored value cards and many others these exchanges are currently regulated in the United States and some other countries. They are the key choke point in the use of these systems for illegal purposes.

verting conventional currency into digital currency, itor and verify the creation and transfer of digital these central repositories typically partner with currency between users.12 A log is maintained of currency “exchangers,” who are responsible for the every transaction between users, which is updated conversion. A large quantity of digital currency is by user machines participating in the mining of this purchased from the central repository by the ex- currency. changers, who then credit the account holder after receiving the conventional currency. When account Since their creation, Internet-based virtual currencies holders wish to convert their digital currency to a such as bitcoin, the Chinese AliPay and Russian Web- conventional currency, a reverse transaction is car- Money systems have appreciated with incredible ried out back through the exchangers. speed. Bitcoin’s capitalization is $100B globally, while WebMoney possesses that value in Russia alone. Decentralized digital currency, the most well-known of which is Bitcoin, has no central monetary author- ity and is instead exchanged through a peer-to-peer Modernizations of Money Laundering payment system consisting of its users’ computers and devices.10 This means that the digital currency and Virtual Currencies is a direct exchange, and there are no intermediar- Virtual currencies, alternative payments, and remit- ies. The digital currency is generated, or “mined,” tance systems have been major economic forces by a mathematical algorithm on computers which for the more than 3 billion people living in underde- can execute complex number-crunching tasks.11 The veloped societies around the world.13 One of the network of user computers is used to both mon- DIGITAL FUTURES PROJECT November 2017

most significant aspects of these payment systems money laundering schemes are estimated at 2% to is that they “are part of a thriving ecosystem of not 5% of global GDP, or roughly $1-2 trillion annually only virtual currencies but also other digital, mobile and estimated in the United States at $300 billion in and stored value systems that cumulatively number illicit proceeds.”19 in the thousands.”14 The ecosystem is revolution- izing payment capabilities through the financial Many illicit transactions on the Dark Web take place inclusion and growth of regions such as Africa and using virtual currencies, like Bitcoin. However, the use of more anonymous cryptocurrencies is rap- South Asia.15 Take Kenya for example, which in 2007 idly increasing and gaining market share, including launched M-Pesa—a mobile phone-based platform Monero, Dash, and Zcash.20 for the transfer of money and financial services.16 Many centralized virtual Today, 43 percent of Kenya’s GDP flows through currencies and “the thousands of websites that M-Pesa which has over 237 million person-to-person buy and sell decentralized virtual currencies like bitcoin, lie outside of the western financial system’s transactions.17 network of detection points.”21 Suspicious Activity Reports (SARs) are not generated, and the sheer scale of potential criminal use of the financial ser- vices are unknown. Effective regulatory responses to virtual currencies continue to pose a significant challenge because they operate on a global scale and cut across the responsibilities of many different agencies.22

The modernization of digital payment systems and internet-connected devices is also fueling the growth of both offenders and victims of child por- nography.23 While the vast majority of child sexual But while most new financial technology (FinTech) exploitation material (CSEM) is still produced by is being used for legitimate purposes, they are hands-on offenders, a growing number of Darkweb ripe for abuse. According to Tom Glaessner, “while forums are facilitating the exchange of CSEM lead- these sorts of financial services firms are important ing to an overall increase in volume of this material 24 for purposes of efficiency, they also present sub- on the Darkweb. Offenders are increasingly using stantial ‘operational risks’ in light of the dark web these forums to produce, share, and distribute and lack incentives for proper intrusion detection.” CSEM. Offenders are also producing CSEM for Not surprisingly then, criminals are abusing digital financial gain, particularly in the commercial produc- currencies and alternative payment systems to fuel tion of Live Distant Child Abuse (LDCA)—where the underground illicit economies and launder money offender pays “to direct the live abuse of children on a pre-arranged specific time-frame through video across international borders.18 Trend Micro’s Chief sharing platforms.”25 Cybersecurity Officer Ed Cabrera states that, “global Researchers have discovered DIGITAL FUTURES PROJECT November 2017

that crypto-currencies, such as Bitcoin, are purchas- These P2P systems could be used to destabilize ing CSEM ranging from $1 to hundreds of dollars.26 the global norms established by GATT, FATF, and The UK’s Internet Watch Foundation revealed that other international agreements and structures upon almost 200 child pornography websites accepted which modern civilized Bitcoin, and over 30 of these sites accepted only society has been built. This policy could allow Bitcoin.27 According to Scott Dueweke, it has been This is true not only Russia to profit from observed in the last year that many of these sites because of criminal money laundering and are now moving to the more anonymous cryptocur- and transnational rencies, like Monero. Effective regulation of virtual terrorist organizations’ other financial crimes. currency exchanges, with KYC and AML rules that use of these systems, form a common identity standard, will help to com- but because of potential systemic destabilization by bat child exploitation online and disrupt the provision nations states such as Russia (WebMoney), China of payments for cybercrime conspiracies. (AliPay), and even North Korea ( use of bitcoin and cryptocurrency exchange hacks). Russia In addition to organized crime, extremist organiza- just recently approved a cryptocurrency regulation tions are also known to use cryptocurrency and al- framework, which would allow the government to ternative payment systems for operational purposes “levy a 13% tax on individuals and organizations and to raise funds. Many of these payment services who attempt to trade their ‘cryptorubles’ for a flat and cryptocurrencies offer true or relative anonym- currency but cannot demonstrate that the coins ity. For many users, privacy rather than anonymity were obtained legally.”28 This policy could allow may be their primary interest, as they do not seek Russia to profit from money laundering and other to hide illegitimate behavior. However, the ano- financial crimes. nymity offered by some of these systems facilitate illicit financial flows (IFF) as well as offering privacy. Advice is available on various social media platforms regarding jihadists’ potential use of Dark Wallet, a Digital Currency: E-Gold and Liberty bitcoin wallet that provides anonymity, and on how Reserve Case Studies to set up an anonymous donation system to send money using bitcoin. This advice is clearly motivated Few cases exemplify the historic nefarious utility to mask the provision of funds to ISIL. of centralized digital currencies like that of two exchanges: E-Gold and Liberty Reserve. The central- This raises the necessity of increased regulation ized company E-Gold, a digital currency backed by of digital money. From a macro perspective: during gold, was founded in 1996. E-Gold was the first-of- the past century global trade agreements, formal its-kind, circulating a private currency around the financial infrastructure and the legal norms under- globe and independent of government controls.29 pinning these systems have been dominated by the Customers could open accounts anonymously and West. The explosion of decentralized P2P (Napster, complete quick, borderless transactions. By 2001, Bitcoin, etc.) systems has, and increasingly will, customer accounts for the company had grown destabilize these centrally organized systems. to approximately 288,000 and held $16 million in DIGITAL FUTURES PROJECT November 2017

value.30 E-Gold’s reserves of sovereign coins were Though not backed by gold, Liberty Reserve was converted into bars and transferred to bank vaults a centralized virtual currency service incorporated in London and Dubai. At its peak, E-Gold’s reserves in 2006 in Costa Rica.35 From 2009 through 2013, were valued at nearly $85 million. Liberty Reserve was a leading digital platform for cyber-criminals to launder money.36 The company’s E-gold ran into several setbacks over the next few more than one million customers could move mon- years, including system performance issues with ey worldwide through its multiple layers of ano- the company’s growing traffic load and cyber scam- nymity. Liberty Reserve customers could open an mers launching phishing attacks to drain customer account using an email, name, and physical address. accounts.31 But the company rebounded in 2004 However, both the name and physical address could after scaling its infrastructure and deploying an an- be fake, which was demonstrated by the criminal ti-phishing remedy, growing its customer accounts monikers “Russia Hackers” and “Hacker Account” to 3.5 million in 165 countries by 2005.32 Although found during the investigation.37 The customer the company was enjoying success, E-Gold caught would then transfer money to a money “exchanger,” the attention of U.S. law enforcement who discov- who would deposit an equivalent amount of Liber- ered that the company was a money-transfer plat- ty Reserve currency into the customer’s account form used by cyber criminals because the criminals for a five percent transaction fee.38 The majority of could remain anonymous. these exchangers were operating unlicensed money E-Gold had not been adhering to regulatory proto- transmitting businesses and were concentrated in cols, such as registering with the Department of countries including Malaysia, Russia, Nigeria, and 39 Treasury’s Financial Crimes Enforcement Network Vietnam, which had little government oversight. (FinCEN) or authenticating the identity of its cus- When the money had been successfully exchanged tomers through KYC protocols.31 FBI and Secret into Liberty Reserve currency, Liberty Reserve Service agents raided E-Gold business locations customers could exchange the currency for any type in mid-December 2005, freezing the company’s of good or service, including stolen credit cards, domestic bank accounts.33 Authorities had discov- drugs, and computer hackers for hire.40 In addition to ered that cybercriminals were using E-Gold not only exchanges for goods and services, criminal trans- to transfer money worldwide, but also to park and actions through Liberty Reserve included proceeds accumulate value in the system. Over the next two for drug trafficking, , computer hacking, years, the founder of E-Gold provided integral infor- and child pornography, to name a few.41 Liberty Re- mation to investigators on cyber criminals using his serve was also used to transfer funds and distribute platform and assisted in tracking the criminals down proceeds among criminal associates in countries for arrests. 1 around the world including the United States, Viet- nam, Nigeria, Hong Kong, and China.42

1 In April 2007, E-Gold executives were indicted on federal Liberty Reserve was contacted by a Costa Rican charges of money laundering and running an unlicensed agency known as Superintendencia General de Enti- money transmitting business. The executives plead guilty dades Financieras (SUGEF) around 2009 to apply for to the charges in 2008, but were spared jail time for a license to operate the money transmitting busi- unintentionally engaging in the illegal activity. ness. SUGEF, which was a financial regulating insti- DIGITAL FUTURES PROJECT November 2017

tution, refused to grant Liberty Reserve a license company as a prima- when the company sent in its application because ry money laundering These measures Liberty Reserve lacked even basic AML controls. concern and allowing successfully eliminat- Liberty Reserve did not have KYC procedures, for the imposition of ed the Liberty Reserve which included verifying the identity of the compa- special measures to be currency from the U.S. ny’s clients, nor did the company track suspicious taken against Liber- activity within its system.43 ty Reserve.49 These financial system. measures successfully Liberty Reserve had failed to obtain the license to eliminated the Liberty operate by 2011, and that same year a notice to Reserve currency from the U.S. financial system. financial institutions was issued by the U.S. De- In addition to FinCEN’s regulatory success, the partment of Treasury’s FinCEN warning them about international community played a significant role in providing financial services to Liberty Reserve supporting the investigation process. The Liberty because it was “being used by criminals to conduct Reserve case demonstrated a global alliance to 44 anonymous transactions to move money globally.” counter money-laundering and enhance transpar- Within two weeks of obtaining this notice, Liberty ency involving digital currency transactions. The Reserve informed SUGEF that the company had following paragraphs describe several enforcement been sold and was no longer operating in Costa mechanisms that have made significant strides in Rica. But the company just moved underground, AML and regulation of digital currencies worldwide. continuing to work in Costa Rica and out of offices held in the name of shell companies owned by a Liberty Reserve executive.45 Domestic and International Efforts to When Liberty Reserve executives began emptying Improve Financial Security the bank accounts of Liberty Reserve and trans- ferring millions of dollars from Costa Rica to shell Domestically, the Financial Crimes Enforcement companies in Cyprus and Russia, the Costa Rican Network (FinCEN) operates as the chief American government seized $19.5 million left in Liberty Re- Financial Intelligence Unit (FIU) and is the designat- serve Costa Rican bank accounts at the request of ed administrator of the Bank Secrecy Act (BSA) of U.S. law enforcement.46 When the U.S. government 1970.50 The BSA was established to help identify the shut down Liberty Reserve in 2013, “it had more source and movement of currency through the Unit- than 5 million user accounts worldwide, including ed States and into financial institutions, requiring more than 600,000 accounts associated with users U.S. financial institutions to establish AML programs in the United States, and had processed millions of and maintain records.51 The BSA has been integral transactions.”47 In January 2016, Liberty Reserve in combating money laundering and acts as the pri- executives plead guilty to running a digital currency mary federal AML law.52 FinCEN is currently work- business used by criminals around the world that ing to determine the key vulnerabilities of virtual laundered more than $250 million.48 currency that could be exploited by illicit actors and developing a corresponding regulatory approach for FinCEN was key in implementing regulatory action industry to mitigate those vulnerabilities.53 One ex- against Liberty Reserve, including targeting the DIGITAL FUTURES PROJECT November 2017

ample of success in this endeavor is FinCEN’s coor- highlighted the significance of FATF in working with dination with federal law enforcement in May 2015 the BIS Financial Stability Board to address the to assess the first civil enforcement action against vulnerabilities of banks de-risking and de-marketing. Ripple Labs Inc., a virtual currency exchanger, for These practices could lead to “financial exclusion failure to register with FinCEN as a money services and an increase in the risks of money laundering business and uphold sufficient AML measures.54 and terrorist financing, as well as indirectly encour- Presently, all cash seized as a result of money laun- aging the use of cash and informal or non-regulated dering is placed in the Treasury Forfeiture Fund (TFF) channels.”56 Major financial institutions have been or the Department of Justice Assets Forfeiture Fund severing foreign banking clients, where money laun- (AFF), depending on the law enforcement agencies dering and terrorist financing concerns are high, in involved in the seizure. an attempt to avoid compliance issues and manage risk. This is detrimental to regions around the world Internationally, the Financial Action Task Force (FATF) who have limited access to the global financial has been integral to worldwide efforts in combating network, or have lost access entirely. With these AML/ATF through the production of its Forty Rec- banking clients severed from the global financial that facilitate regulatory reforms ommendations network, there is concern that criminals will launder in these areas. These recommendations form the money no longer through financial institutions but foundation for a coordinated response to threats through underground or unregulated means. on the financial system, as well as help to ensure a level playing field for those involved.55 In a recent speech the FATF President, Santiago Otamendi, DIGITAL FUTURES PROJECT November 2017

The Strategic Opportunity for Action The strategic plan must be international in nature and thus incorporate the Bank of International Cyberspace is not a peaceful environment. In 2018 Settlements. The Bank for International Settlements cybercrime conspiracies will become increasingly (BIS), an organization that has been at the forefront punitive and destructive. As the use of virtual cur- of fostering international coordination in the pursuit rencies and financial systems continues to increase of monetary and financial stability for over eight and innovate, so too does global crime. Fintech decades. Established in 1930, this international firms themselves present significant ‘operational financial entity is “owned by 60 member central risks,’ lacking the incentive for proper intrusion banks, representing countries from around the detection or KYC/AML protocols. Given that 50% world that together make up about 95% of world of all crimes now have a cyber component, it is GDP.”57 The US, in cooperation with the BIS, could high time that we follow the money to create an galvanize the international community to participate international e-forfeiture fund. The modern epidem- in AML efforts and create an incentive for partners ic of cybercrime and cyberespionage can also be to tackle corruption with international transparency. mitigated through modernization of existing author- Global crime is facilitated by the use of cyber cur- ities to empower FATF, FinCEN and TFF to combat rencies, and more needs to be done to regulate and cyber-money laundering. Virtual currencies and supervise digital payment systems and ensure basic other alternative payment systems that facilitate KYC and information reporting protocols. The U.S., money-laundering associated with cybercrime, as in partnership with the BIS, can incentivize the in- well as terrorist financing, must be held to account. ternational community to participate in this effort by Every digital payment service should abide by KYC the capital gains that will ultimately be afforded as and cooperate in all law enforcement initiatives a result of hindering criminal activity from the illegal regarding cybercrime conspiracy, or it should be buying and selling of goods and services. Finally, shut down. We can prioritize this effort through the due to lack of incentives for developing nations to establishment of an international Fund, maintained participate, we must provide the proverbial “car- by the forfeiture of all money laundering and ter- rot”. In order to facilitate international cooperation rorist financing seizures. Proceeds from the Fund 40% of the funds forfeited must be distributed to will be allocated specifically to critical infrastructure the host countries critical infrastructure protection protection of the global financial system. The Fund efforts or other international efforts to secure pay- would represent a global public/private partnership ment systems and e-governance. It is time to civilize to combat money laundering using these alter- cyberspace via thoughtful, strategic action. native payment systems. Furthermore, creating global, enforceable rule sets through such a public/ private partnership could help the private sector flourish and simultaneously meet the needs of the unbanked and underbanked throughout the world. Virtual currencies who refuse to know their custom- ers or freeze accounts of those engaged in criminal conspiracies should be subject to Treasury Executive Office for Asset Forfeiture (TEOAF). DIGITAL FUTURES PROJECT November 2017

Appendix: or terrorist financing.”65 In July of this year, FinCEN and the U.S. Department of Treasury launched its FinCEN second supervisory action, assessing a civil mone- FinCEN was originally created in 1990 to provide an tary penalty of $110,003,314 against Canton Busi- intelligence and analytical network that would sup- ness Corporation (BTC-e).66 BTC-e was a foreign port investigations, detections, and prosecutions of entity operating one of the largest virtual currency both domestic and international money laundering. exchanges in the world, with activities in the United The mission of FinCEN was broadened in 1994 to States.67 include regulatory responsibilities and the organiza- tion merged with the Treasury Department’s Office of Financial Enforcement (OFE) to create a single, The Genesis of FATF unified AML agency.58 Today, the mission of FinCEN “is to safeguard the financial system from illicit use The Financial Action Task Force (FATF) was es- and combat money laundering and promote national tablished in 1989 at the G-7 Summit in Paris in security through the collection, analysis, and dis- response to growing concern over money launder- semination of financial intelligence and strategic use ing.68 The original Task Force was convened by the of financial authorities.”59 G-7 member states, eight additional countries, and the European Commission. The major economic FinCEN works closely with law enforcement, powers of the world came to realize that non-state industry, and international partners to regulate actor groups who threatened the stability of their 60 and protect the U.S. financial system. Currency regimes were being empowered with asymmetrical Transaction Reports (CTRs) and Suspicious Activi- capabilities due to their capacity to launder mon- ty Reports (SARs) are two reporting streams that ey. According to FATF, the objectives of the Task contribute to the majority of BSA data collected by Force “are to set standards and promote effective 61 FinCEN. These reporting streams are fulfilled by implementation of legal, regulatory and operational financial institutions which are required to report measures for combating money laundering, terrorist both suspicious transactions and cash transactions financing and other related threats to the integrity 62 totaling more than $10,000. This information pro- of the international financial system. The FATF is vides FinCEN and other law enforcement agencies therefore a ‘policy-making body’ which works to the necessary data “to detect and prevent money generate the necessary political will to bring about 63 laundering, other financial crimes, and terrorism.” national legislative and regulatory reforms in these Highlighted by its then Acting Director Jamal El-Hin- areas.”69 Initial responsibilities of the Task Force di, virtual currency is one of the current focus areas included examining techniques and trends of money 64 FinCEN is working to actively address. laundering and setting the measures that needed to FinCEN plays a key role in addressing new vul- be taken by the international community to combat nerabilities of the current period of technological money laundering. In 1990, FATF released its first innovation and growth that characterize the financial Forty Recommendations which provided “a com- industry. According to El-Hindi, “any financial institu- prehensive plan of action needed to fight against tion, payment system, or medium of exchange has money laundering.” the potential to be exploited for money laundering DIGITAL FUTURES PROJECT November 2017

Eight Special Recommendations were added to FATF has had success with its methodologies in the report in 2001 in response to the fight against assessing whether countries are effectively prevent- terrorist financing, with a ninth special recommen- ing financial crime. Countries around the world are dation published in 2004. FATF has conducted sev- identifying and disrupting organized crime groups eral comprehensive revisions of its Forty Recom- and terrorist networks, cutting them off from the mendations in response to the continued evolution financial system.72 of money laundering techniques. The most current revised version of the FATF recommendations were published in 2012, which now include measures to deal with new threats including the financing of pro- Forfeiture Laws liferation of weapons of mass destruction (WMD). The Treasury Forfeiture Fund (TFF) is administered The updated recommendations are also meant to by the Treasury Executive Office for Asset Forfeiture be “clearer on transparency and tougher on corrup- (TEOAF), and was established in 1992 as a succes- tion,” and have fully integrated the Nine Special sor to the Customs Forfeiture Fund.73 All forfeitures on terrorist financing with the Recommendations made by Treasury and participating law enforce- measures against money laundering. ment agencies are placed in the TFF, a special fund Presently, FATF has expanded to a total of 37 earmarked by law for specific purposes which are 74 members and observers representing most major defined by Title 31 U.S.C. 9703. Once property or financial hubs around the world. There are also 31 cash is seized, the forfeiture process begins. The additional regional and international organizations seized currency is initially deposited into a holding that are Observers or Associate Members of FATF account and then transferred to the Fund as forfeit- 75 and participate in its work.70 The Task Force has a ed revenue. The participating agencies of the TFF fixed lifespan which requires a specific decision by include: U.S. Immigration and Customs Enforce- its Ministers to continue. The decision-making body ment (ICE), Internal Revenue Service Criminal Inves- of FATF, the Plenary, meets three times per year to tigations Division (IRS-CI), U.S. Customs and Border discuss the progress of its members in implement- Protection (CBP), U.S. Secret Service (USSS), and ing measures established by the FATF and to review U.S. Coast Guard. tactics, techniques, and countermeasures of money The forfeited cash or proceeds from forfeited 71 laundering and terrorist financing criminals. The property cannot be retained by any Treasury investi- current mandate of FATF was adopted in April 2012 gative agency.76 Seized cash, unless being used as and extends to 2020. The threat from money laun- evidence, is deposited into the Suspense Account dering, terrorist financing, and WMD proliferation until the forfeiture is approved. If valued at $5,000 financing has never been greater. The FATF is now or less, seized cash can be held with approval from focused on ensuring the effectiveness of countries the Attorney General, and amounts over $5,000 can in implementing financial laws and the capacity be held with approval from the Chief of the DOJ’s of those countries to deal with these threats. The Asset Forfeiture and Money Laundering Section.77 DIGITAL FUTURES PROJECT November 2017

First and foremost, the forfeiture revenue is obligat- Over the last ten years, the annual forfeiture reve- ed to meet the expenses of running the TFF.78 Any nue to the AFF has evolved into a multi-billion-dollar unobligated balances remaining are deposited in the national program.88 Most of this increase in forfei- general fund of the Treasury of the United States ture revenue can be attributed to large fraud and and are available for the Secretary to allocate to economic crime forfeiture cases.89 The future of any of the participating Treasury law enforcement this Fund is hard to predict, however, due to unpre- agencies, as well as other law enforcement agen- dictable timing and outcome of judicial forfeiture cies that do not have forfeiture authority, such as processes. Large forfeiture cases (i.e. assets valued FinCEN and the Tax and Trade Bureau.79 Specifically, at $20 million or more) are more volatile, but are an the proceeds of asset forfeiture from the TFF are increasingly significant part of the AFF’s revenue as allocated to fund programs or activities aimed at smaller seizures and forfeiture of non-cash assets disrupting criminal activity, as well as enhance forfei- appear to be in decline.90 The Fund has three types ture capabilities.80 The Secretary also has Discretion- of spending authority: Mandatory Budget Authority, ary Category Expenses, where the Secretary “has Discretionary Budget Authority, and Super Surplus.91 the discretion to make payments from the Fund for Mandatory Authority is used to defray the cost of other specifically authorized expenses when the forfeiture related activities, victim compensation, funds are appropriated for that purpose.”81 and equitable share of the proceeds to state and local partners. Discretionary Authority funds non-for- The Department of Justice also maintains an Asset feiture related activities, which fall under three cate- 82 Forfeiture Program (AFP). The Department of Jus- gories: purchase of evidence, equipping of convey- tice Assets Forfeiture Fund (AFF) is a special fund ances, and awards for information. Super Surplus within the Department of Treasury and was estab- represents the remaining balance of the Fund that lished by the Comprehensive Crime Control Act of the Attorney General is authorized to use “for any 83 1984. The AFF receives the proceeds of forfeited federal law enforcement, litigative/prosecutive, and 84 assets used to facilitate federal crimes. The DOJ correctional activity, or any other authorized purpose participants that contribute to the AFF include, but of the DOJ.”92 are not limited to the following agencies: Money Laundering and Asset Recovery Section (MLARS), Bureau of Alcohol, Tobacco, and Firearms and Explosives (ATF), Drug Enforcement Agency (DEA), and the Federal Bureau of Investigation (FBI).85 The Attorney General has authorization to use the Fund to pay any expenses associated with forfeiture op- erations, as well as to finance general investigative expenses.86 These authorized uses are detailed in 87 Title 28 U.S.C. DIGITAL FUTURES PROJECT November 2017

Endnotes 15 Ibid.

1 T.S. “How does Bitcoin work?” The Economist, 16 Ibid. April 11, 2013, http://www.economist.com/bitcoin- 17 Kristen Schweizer, “Bitcoin Payments by Pedo- explained philes Frustrate Child Porn Battle,” Japan Times, 2 Ibid. October 10, 2014, https://www.japantimes.co.jp/ news/2014/10/10/world/crime-legal-world/bitcoin- 3 Ibid. payments-by-pedophiles-frustrate-child-porn-bat- tle/#.WezF8EzMy3U 4 Scott Dueweke, “Hearing entitled Virtual Currency: Financial Innovation and National Security Implica- 18 Ibid. tions.” 19 Josiah Wilmoth, “Putin Approves Framework for 5 Ibid. ICO, Cryptocurrency Regulation,” Cryptocoins News, October 28, 2017, https://www.cryptocoins- 6 Ibid. news.com/putin-approves-framework-for-ico-regu- lation/ 7 Daniel Runde, “M-Pesa and the Rise of the Global Mobile Money Market,” Forbes, August 20 Kim Zetter, “Bullion and Bandits: The Improbable 12, 2015, https://www.forbes.com/sites/daniel- Rise and Fall of E-Gold,” WIRED, June 9, 2009, runde/2015/08/12/m-pesa-and-the-rise-of-the-glob- https://www.wired.com/2009/06/e-gold/ al-mobile-money-market/#79ac1e615aec 21 Ibid. 8 Ibid. 22 Ibid. 9 Ed Cabrera, “Risk and Reward of Alternative Pay- ment Systems,” Trend Micro, October 26, 2016, 23 Ibid. http://blog.trendmicro.com/risk-and-reward-of-alter- native-payment-systems/ 24 Ibid.

10 Ibid. 25 Ibid.

11 Scott Dueweke, “Hearing entitled Virtual Currency: 26 Seth Robbins, “Liberty Reserve Case Exposes Financial Innovation and National Security Implica- New Frontiers in Laundering Digital Cash,” InSight tions.” Crime, June 4, 2013, http://www.insightcrime. org/news-analysis/liberty-reserve-case-expos- 12 Ibid. es-new-frontiers-in-laundering-digital-cash

13 Dong He, et al, “Virtual Currencies and Beyond: 27 “Sealed Indictment: United States v. Liberty Re- Initial Considerations,” International Monetary serve S.A.” Fund, January 2016, https://www.imf.org/external/ pubs/ft/sdn/2016/sdn1603.pdf 28 Ibid.

14 “European Union Serious and Organised Crime 29 Seth Robbins, “Liberty Reserve Case Exposes New Threat Assessment 2017,” p. 31 Frontiers in Laundering Digital Cash.” DIGITAL FUTURES PROJECT November 2017

30 “Sealed Indictment: United States v. Liberty Re- 44 Ibid. serve S.A.” 45 Ibid. 31 Seth Robbins, “Liberty Reserve Case Exposes New Frontiers in Laundering Digital Cash.” 46 Ibid. 47 32 “Sealed Indictment: United States v. Liberty Re- Ibid. serve S.A.” 48 https://www.bis.org/about/index.htm?m=1%7C1 33 Ibid. 49 “FinCEN—History,” Federation of American Sci- 34 Ibid. entists, https://fas.org/irp/agency/ustreas/fincen/ history.htm 35 Ibid. 50 “Mission,” Financial Crimes Enforcement Net- 36 Ibid. work, https://www.fincen.gov/about/mission

37 Ibid. 51 “Statement of Acting Director Jamal El-Hindi be- fore the House Committee on Financial Services, 38 “Founder of Liberty Reserve Pleads Guilty to Subcommittee on Terrorism and Illicit Finance,” Laundering More Than $250 Million through His Financial Crimes Enforcement Network. Digital Currency Business,” Department of Justice, January 29, 2016, https://www.justice.gov/opa/pr/ 52 Ibid. founder-liberty-reserve-pleads-guilty-laundering- more-250-million-through-his-digital 53 Ibid. 54 39 Ibid. Ibid. 55 40 “Notice of Finding That Liberty Reserve S.A. Is a “Statement of Acting Director Jamal El-Hindi be- Financial Institution of Primary Money Launder- fore the House Committee on Financial Services, ing Concern,” Department of Treasury, May 28, Subcommittee on Terrorism and Illicit Finance,” 2013, https://www.fincen.gov/sites/default/files/ Financial Crimes Enforcement Network, pg. 9 shared/311--LR-NoticeofFinding-Final.pdf 56 “Statement of Acting Director Jamal El-Hindi be- 41 “History of Anti-Money Laundering Laws,” Fi- fore the House Committee on Financial Services, nancial Crimes Enforcement Network, https://www. Subcommittee on Terrorism and Illicit Finance,” fincen.gov/history-anti-money-laundering-laws Financial Crimes Enforcement Network. pg. 11 57 42 “Statement of Acting Director Jamal El-Hindi be- Weinstein, Jason and Alan Cohn, “Significant Fin- fore the House Committee on Financial Services, CEN Action Against BTC-e, Implications for Virtu- Subcommittee on Terrorism and Illicit Finance,” al Currency Exchangers,” Miami Legal Resources, Financial Crimes Enforcement Network, April 27, July 31, 2017, http://www.miamilegalresources. 2017, https://www.fincen.gov/news/testimony/state- com/files/124842499.pdf ment-acting-director-jamal-el-hindi-house-commit- 58 Ibid. tee-financial-services 59 “History of the FATF,” Financial Action Task 43 Ibid. Force, http://www.fatf-gafi.org/about/historyofthe- fatf/ DIGITAL FUTURES PROJECT November 2017

60 “Who We Are,” Financial Action Task Force, 72 “Guidelines for Seized and Forfeited Property,” http://www.fatf-gafi.org/about/whoweare/ Department of the Treasury.

61 “Member Countries and Observers,” Financial 73 “Asset Forfeiture Program,” Department of Justice, Action Task Force, http://www.fatf-gafi.org/faq/ https://www.justice.gov/afp membercountriesandobservers/#d.en.11224 74 “U.S. Department of Justice Asset Forfeiture Pro- 62 “Who We Are,” Financial Action Task Force. gram: FY 2017 Performance Budget Congressional Justification,”Department of Justice, https://www. 63 “Speech by FATF Executive Secretary,” Financial justice.gov/jmd/file/821291/download Action Task Force, http://www.fatf-gafi.org/publi- cations/fatfgeneral/documents/fatf-apg-speech-ju- 75 “The Fund,” Department of Justice, https://www. ly-2017.html justice.gov/afp/fund

64 “Resource Center: Asset Forfeiture,” Department of 76 https://www.justice.gov/afp/participants-and-roles Treasury, https://www.treasury.gov/resource-center/ terrorist-illicit-finance/Pages/Asset-Forfeiture.aspx 77 “The Fund,” Department of Justice. 78 65 “Terrorism and Financial Intelligence: Treasury Ibid. Executive Office for Asset Forfeiture,” Department 79 “U.S. Department of Justice Asset Forfeiture Pro- of Treasury, https://www.treasury.gov/about/organi- gram: FY 2017 Performance Budget Congressional zational-structure/offices/Pages/The-Executive-Of- Justification,”Department of Justice. fice-for-Asset-Forfeiture.aspx 80 Ibid. 66 “Treasury Forfeiture Fund,” Department of Trea- sury, https://www.treasury.gov/about/budget-perfor- 81 Ibid. mance/Documents/13_Treasury_Forfeiture_GTG. pdf 82 “U.S. Department of Justice Asset Forfeiture Pro- gram: FY 2018 Performance Budget Congressional 67 “Guidelines for Seized and Forfeited Property,” De- Justification,”Department of Justice. https://www. partment of the Treasury, July 2001, https://www. justice.gov/file/968796/download treasury.gov/resource-center/terrorist-illicit-finance/ Asset-Forfeiture/Documents/redbook.pdf 83 Ibid.

68 “39 CFR 233.7-Forfeiture authority and proce- dures,” Cornell Law School, https://www.law.cor- nell.edu/cfr/text/39/233.7

69 “31 U. S. Code 9705-Department of the Treasury Forfeiture Fund,” Cornell Law School, https://www. law.cornell.edu/uscode/text/31/9705

70 “Terrorism and Financial Intelligence: Treasury Executive Office for Asset Forfeiture,” Department of Treasury.

71 Ibid. DIGITAL FUTURES PROJECT November 2017

Acknowledgments Tom Kellermann

A special note of gratitude to Katherine Vockery CEO of Strategic Cyber Ventures as Lead Researcher and the following individu- and serves as a Global Fellow for als who provided sage insights: Scott Dueweke; the Wilson Center. Meg King; Tom Glaessner. [email protected]

Over his career, Tom has acted as a trusted advisor to Fortune 100 clients and the U.S. government regarding their cybersecurity postures and the cyber threat landscape. Tom served as a Commissioner on the Congressionally Appointed Commission on Cybersecurity for the 44th Presidency. He has also served on the board of the National Cyber Security Alliance, The International Cyber Security Protection Alliance (ICSPA), and the National Board of Infor- mation Security Examiners Panel for Penetration Testing. Tom has held the positions of CISO at Trend Micro, Vice President for Cybersecurity at Trend Micro, Chief Technology Officer at AirPatrol Corpo- ration, and Vice President of Security Awareness for Core Security. Previously, Tom was the Senior Data The opinions expressed in this article are those Risk Management Specialist for the World Bank Trea- solely of the author. sury Security Team, where he was responsible for internal cyber-intelligence and policy and for advising central banks around the world about their cyber-risk posture and layered security architectures. Tom was The Wilson Center also an Adjunct Instructor in the School of Interna- wilsoncenter.org tional Service and the Kogod School of Business at American University for eight years. facebook.com/WoodrowWilsonCenter @TheWilsonCenter 202.691.4000

Digital Futures Program Woodrow Wilson International Center for Scholars One Woodrow Wilson Plaza wilsoncenter.org/program/digital-futures- 1300 Pennsylvania Avenue NW project Washington, DC 20004-3027 [email protected] facebook.com/WilsonCenterDFP @WilsonCenterDFP 202.691.4002