DOCSLIB.ORG

Research Report on Criminal Money Flows on the Internet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Research Report on Criminal Money Flows on the Internet PREMS83012 MONEYVAL RESEARCH REPORT Criminal money flows on the Internet: methods, trends and multi-stakeholder counteraction March 2012 www.coe.int/moneyval www.coe.int/cybercrime PREMS 83012 GBR 2104 Typology research march 2012.indd 1 05/02/13 16:07 www.coe.int/moneyval www.coe.int/cybercrime Criminal money flows on the Internet: methods, trends and multi-stakeholder counteraction1 1 Ref. MONEYVAL(2012)6, dated 9 March 2012, adopted by MONEYVAL at its 38th Plenary meeting (5-9 March 2012). Criminal money flows on the Internet – March 2012 Table of contents 1 Introduction ....................................................................................................... 7 1.1 Objective of the study ......................................................................................................... 7 1.2 Methodology ...................................................................................................................... 8 2 Overview of initiatives and issues involved ...................................................... 10 2.1 Context ........................................................................................................................... 10 2.1.1 Measures against cybercrime ......................................................................................... 10 2.1.2 Measures aimed at money laundering and the financing of terrorism, and at the search, seizure and confiscation of proceeds from crime ....................................................................................... 11 2.1.3 Key international standards ........................................................................................... 12 2.2 Cybercrime: threats, trends, tools and infrastructure ............................................................ 13 2.2.1 Types of cybercrime ...................................................................................................... 13 2.2.2 Cybercrime tools and infrastructure ................................................................................ 14 2.2.3 New platforms for cybercrime ........................................................................................ 18 2.2.4 Organising for cybercrime .............................................................................................. 19 2.3 Proceeds generating offences on the Internet ...................................................................... 21 2.3.1 Fraud .......................................................................................................................... 22 2.3.2 Other proceeds generating offences on the Internet .......................................................... 31 2.4 Mapping cyber laundering risks and vulnerabilities ................................................................ 34 2.4.1 Technological risks ........................................................................................................ 35 2.4.2 Anonymity ................................................................................................................... 35 2.4.3 Licensing and supervision limitations ............................................................................... 36 2.4.4 Geographical or jurisdictional risks .................................................................................. 37 2.4.5 Complexity of laundering schemes .................................................................................. 38 2.4.6 Other risks ................................................................................................................... 38 3 Typologies and selected case studies................................................................ 39 3.1 Criminal money flows on the Internet and money laundering methods, techniques, mechanisms and instruments ........................................................................................................................... 39 3.1.1 Money remittance providers ........................................................................................... 40 3.1.2 Wire transfers /take over or opening of bank accounts ...................................................... 42 3.1.3 Cash withdrawals ......................................................................................................... 44 3.1.4 Internet payment services ............................................................................................. 45 3.1.5 Money mules................................................................................................................ 48 3.1.6 International transfers .................................................................................................. 51 3.1.7 Digital/electronic currency ............................................................................................. 52 3.1.8 Purchase through the Internet........................................................................................ 53 3.1.9 Shell companies ........................................................................................................... 54 3.1.10 Prepaid cards ............................................................................................................... 55 3.1.11 Online gaming and online trading platforms ..................................................................... 57 3.2 Indicators of potential money laundering activity: money laundering red flags/ indicators ......... 57 4 Countermeasures .............................................................................................. 60 4.1 E-crime reporting ............................................................................................................. 64 4.1.1 Internet Crime Complaint Centre (IC3) ............................................................................ 65 4.1.2 MELANI ....................................................................................................................... 65 4.1.3 National Fraud Reporting Centre ..................................................................................... 66 4.1.4 Internet Crime Reporting Online System (I-CROS) ............................................................ 66 3 Criminal money flows on the Internet – March 2012 4.1.5 Signal Spam ................................................................................................................ 66 4.1.6 E-Crime reporting: using a common data format .............................................................. 67 4.2 Prevention and public awareness ........................................................................................ 67 4.3 Regulatory and supervisory measures ................................................................................. 67 4.3.1 Risk management and due diligence measures ................................................................. 67 4.3.2 Due diligence for registrars and registries ........................................................................ 69 4.4 Harmonised legal framework based on international standards ............................................... 70 4.4.1 Implementation of the Budapest Convention on Cybercrime ............................................... 70 4.4.2 Implementation of the Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism ................................................................. 70 4.5 Establishment of specialised units for high-tech crime ........................................................... 71 4.6 Inter-agency co-operation ................................................................................................. 73 4.6.1 Germany: Project group “Electronic payment systems” ..................................................... 73 4.6.2 Albania: Memoranda of co-operation ............................................................................... 74 4.7 Public-private co-operation and information exchange........................................................... 74 4.7.1 The Irish Bankers Federation (IBF) High Tech Crime Forum ............................................... 74 4.7.2 Hungary: Incident management working group ................................................................ 75 4.7.3 US National Cyber-Forensics & Training Alliance - NCFTA ................................................... 75 4.7.4 Information Sharing and Analysis Centres (ISAC) for the financial sector ............................. 76 4.7.5 European Financial Coalition against Commercial Sexual Exploitation of Children Online ........ 77 4.7.6 Electronic Crimes Task Forces (US Secret Service) ............................................................ 77 4.7.7 The European Electronic Crime Task Force (EECTF) ........................................................... 77 4.7.8 Contact Initiative against Cybercrime for Industry and Law Enforcement (CICILE) ................ 78 4.7.9 Guidelines for law enforcement/ISP co-operation in the investigation of cybercrime .............. 78 4.8 Training .......................................................................................................................... 79 4.8.1 The European Cybercrime Training and Education Group (ECTEG) ...................................... 79 4.8.2 The University College Dublin Centre for Cybercrime Investigation (UCD CCI) ...................... 80 4.8.3 South-eastern Europe – law enforcement training strategies .............................................. 80 4.8.4 Council
Load more

Recommended publications
  • Identity Theft Literature Review
    The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Identity Theft Literature Review Author(s): Graeme R. Newman, Megan M. McNally Document No.: 210459 Date Received: July 2005 Award Number: 2005-TO-008 This report has not been published by the U.S. Department of Justice. To provide better customer service, NCJRS has made this Federally- funded grant final report available electronically in addition to traditional paper copies. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S. Department of Justice. This document is a research report submitted to the U.S. Department of Justice. This report has not been published by the Department. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S. Department of Justice. IDENTITY THEFT LITERATURE REVIEW Prepared for presentation and discussion at the National Institute of Justice Focus Group Meeting to develop a research agenda to identify the most effective avenues of research that will impact on prevention, harm reduction and enforcement January 27-28, 2005 Graeme R. Newman School of Criminal Justice, University at Albany Megan M. McNally School of Criminal Justice, Rutgers University, Newark This project was supported by Contract #2005-TO-008 awarded by the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the author and do not necessarily represent the official position or policies of the U.S.
    [Show full text]
  • Russland–Analysen
    www.laender-analysen.de/russland Nr. 403 | 08.06.2021 Russland–Analysen • Duma-Wahlen • Repressionen ■ KOMMENTAR Schrumpfende Freiräume für Russlands Medien 25 Die Duma-Wahlen 2021: Hochmut kommt vor dem Fall – oder doch Esther Somfalvy (Forschungsstelle Osteuropa an der Universität nicht? 2 Bremen) Boris Ginzburg und Alexander Libman (Freie Universität Berlin) Russland drosselte Twitter, um Inhalte zu zensieren 27 Informationskriege, Oppositionskoordination und die Dumawahl Natalia Krapiva (Access Now) im Jahr 2021 4 ■ Regina Smyth (Indiana University und Woodrow Wilson Center, DEKODER »Hätten wir eine andere Wahl gehabt? Nein.« 30 Washington D.C.) Konstantin Gaase und Leonid Wolkow Wird das Putin-Regime überleben? 6 ■ DOKUMENTATION Andreas Heinemann-Grüder (Universität Bonn) Repressive Gesetze, die von Wladimir Putin am 30. Dezember 2020 Vorbereitung auf die Parlamentswahlen 2021 8 unterzeichnet wurden 35 Andrei Semenov (Zentrum für vergleichende Geschichts- und Politische Strafverfahren nach den Protesten im Januar 2021 37 Politikwissenschaft, Staatliche Universität Perm) April-Chronik der Repressionen: Der Journalist Ilja Asar hat Buch geführt 40 Vor den Dumawahlen weitet Russland die elektronische Überblick: Hochverrat, Spionage und Staatsgeheimnisse 47 Stimmabgabe aus – warum und mit welchen potenziellen Folgen? 10 »Haben Sie Angst vor…?« Umfrageergebnisse Stas Gorelik (George Washington-Universität, Washington D.C. / des Lewada-Zentrums 48 Forschungsstelle Osteuropa, Bremen) Teilnehmende an den Protesten aus Solidarität mit Alexej
    [Show full text]
  • What Every CEO Needs to Know About Cybersecurity
    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
    [Show full text]
  • Synthesizing Near-Optimal Malware Specifications from Suspicious
    Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors Somesh Jha∗, Matthew Fredrikson∗, Mihai Christodoresu†, Reiner Sailer‡, Xifeng Yan§ ∗University of Wisconsin–Madison, †Qualcomm Research Silicon Valley, ‡IBM T.J Watson Research Center, §University of California–Santa Barbara Abstract—Behavior-based detection techniques are a promis- and errors. ing solution to the problem of malware proliferation. However, We make the observation that behavioral specifications they require precise specifications of malicious behavior that do not result in an excessive number of false alarms, while still are best viewed as a form of discriminative specification.A remaining general enough to detect new variants before tradi- discriminative specification describes the unique properties tional signatures can be created and distributed. In this paper, of a given class, in contrast to the properties exhibited by we present an automatic technique for extracting optimally discriminative specifications a second mutually-exclusive class. This paper presents an , which uniquely identify a class automated technique that combines program analysis, graph of programs. Such a discriminative specification can be used by a behavior-based malware detector. Our technique, based mining, and stochastic optimization to synthesize malware on graph mining and stochastic optimization, scales to large behavior specifications. We represent program behaviors as classes of programs. When this work was originally published, graphs that are mined for discriminative patterns. As there the technique yielded favorable results on malware targeted are many ways in which malware can accomplish the same towards workstations (~86% detection rates on new malware). goal, we use these patterns as building blocks for construct- We believe that it can be brought to bear on emerging malware- based threats for new platforms, and discuss several promising ing discriminative specifications that are general across vari- avenues for future work in this direction.
    [Show full text]
  • Cyber Warfare a “Nuclear Option”?
    CYBER WARFARE A “NUCLEAR OPTION”? ANDREW F. KREPINEVICH CYBER WARFARE: A “NUCLEAR OPTION”? BY ANDREW KREPINEVICH 2012 © 2012 Center for Strategic and Budgetary Assessments. All rights reserved. About the Center for Strategic and Budgetary Assessments The Center for Strategic and Budgetary Assessments (CSBA) is an independent, nonpartisan policy research institute established to promote innovative thinking and debate about national security strategy and investment options. CSBA’s goal is to enable policymakers to make informed decisions on matters of strategy, secu- rity policy and resource allocation. CSBA provides timely, impartial, and insight- ful analyses to senior decision makers in the executive and legislative branches, as well as to the media and the broader national security community. CSBA encour- ages thoughtful participation in the development of national security strategy and policy, and in the allocation of scarce human and capital resources. CSBA’s analysis and outreach focus on key questions related to existing and emerging threats to US national security. Meeting these challenges will require transforming the national security establishment, and we are devoted to helping achieve this end. About the Author Dr. Andrew F. Krepinevich, Jr. is the President of the Center for Strategic and Budgetary Assessments, which he joined following a 21-year career in the U.S. Army. He has served in the Department of Defense’s Office of Net Assessment, on the personal staff of three secretaries of defense, the National Defense Panel, the Defense Science Board Task Force on Joint Experimentation, and the Defense Policy Board. He is the author of 7 Deadly Scenarios: A Military Futurist Explores War in the 21st Century and The Army and Vietnam.
    [Show full text]
  • The Botnet Chronicles a Journey to Infamy
    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
    [Show full text]
  • Typologies of the Use of Preventive Measures of Financial Institutions for Crime Detection and Risk Assessment
    ЕВРАЗИЙСКАЯ ГРУППА по противодействию легализации преступных доходов и финансированию терроризма EURASIAN GROUP on combating money laundering and financing of terrorism EAG TYPOLOGY PROJECT TYPOLOGIES OF THE USE OF PREVENTIVE MEASURES OF FINANCIAL INSTITUTIONS FOR CRIME DETECTION AND RISK ASSESSMENT TYPOLOGICAL STUDY REPORT 2021 Contents General ....................................................................................................................... 3 Preventive Measures and Suspicious Transaction Reporting in the EAG members 3 Approaches Used by FIUs for Analyzing Incoming STRs and Service Denial Reports ....................................................................................................................... 9 Feedback on STRs ................................................................................................... 16 Trends and risks in the spread of COVID-19 .......................................................... 21 Impact of COVID-19 on AML/CFT supervisory activities and implementation of preventive measures ................................................................................................ 24 Summary of recommendations following the results of the study: ......................... 26 General Application by entities engaged in transactions with funds or other assets of preventive measures as well as identification of suspicious transactions and submission of suspicious transaction reports (STRs) to the financial investigation units (FIUs) is one of the most important measures aimed
    [Show full text]
  • RUSSIA INTELLIGENCE Politics & Government
    N°66 - November 22 2007 Published every two weeks / International Edition CONTENTS KREMLIN P. 1-4 Politics & Government c KREMLIN The highly-orchestrated launching into orbit cThe highly-orchestrated launching into orbit of of the «national leader» the «national leader» Only a few days away from the legislative elections, the political climate in Russia grew particu- STORCHAK AFFAIR larly heavy with the announcement of the arrest of the assistant to the Finance minister Alexey Ku- c Kudrin in the line of fire of drin (read page 2). Sergey Storchak is accused of attempting to divert several dozen million dol- the Patrushev-Sechin clan lars in connection with the settlement of the Algerian debt to Russia. The clan wars in the close DUMA guard of Vladimir Putin which confront the Igor Sechin/Nikolay Patrushev duo against a compet- cUnited Russia, electoral ing «Petersburg» group based around Viktor Cherkesov, overflows the limits of the «power struc- home for Russia’s big ture» where it was contained up until now to affect the entire Russian political power complex. business WAR OF THE SERVICES The electoral campaign itself is unfolding without too much tension, involving men, parties, fac- cThe KGB old guard appeals for calm tions that support President Putin. They are no longer legislative elections but a sort of plebicite campaign, to which the Russian president lends himself without excessive good humour. The objec- PROFILE cValentina Matvienko, the tive is not even to know if the presidential party United Russia will be victorious, but if the final score “czarina” of Saint Petersburg passes the 60% threshhold.
    [Show full text]
  • Iptrust Botnet / Malware Dictionary This List Shows the Most Common Botnet and Malware Variants Tracked by Iptrust
    ipTrust Botnet / Malware Dictionary This list shows the most common botnet and malware variants tracked by ipTrust. This is not intended to be an exhaustive list, since new threat intelligence is always being added into our global Reputation Engine. NAME DESCRIPTION Conficker A/B Conficker A/B is a downloader worm that is used to propagate additional malware. The original malware it was after was rogue AV - but the army's current focus is undefined. At this point it has no other purpose but to spread. Propagation methods include a Microsoft server service vulnerability (MS08-067) - weakly protected network shares - and removable devices like USB keys. Once on a machine, it will attach itself to current processes such as explorer.exe and search for other vulnerable machines across the network. Using a list of passwords and actively searching for legitimate usernames - the ... Mariposa Mariposa was first observed in May 2009 as an emerging botnet. Since then it has infected an ever- growing number of systems; currently, in the millions. Mariposa works by installing itself in a hidden location on the compromised system and injecting code into the critical process ͞ĞdžƉůŽƌĞƌ͘ĞdžĞ͘͟/ƚŝƐknown to affect all modern Windows versions, editing the registry to allow it to automatically start upon login. Additionally, there is a guard that prevents deletion while running, and it automatically restarts upon crash/restart of explorer.exe. In essence, Mariposa opens a backdoor on the compromised computer, which grants full shell access to ... Unknown A botnet is designated 'unknown' when it is first being tracked, or before it is given a publicly- known common name.
    [Show full text]
  • Computer Security Fundamentals Third Edition
    Computer Security Fundamentals Third Edition Chuck Easttom 800 East 96th Street, Indianapolis, Indiana 46240 USA Computer Security Fundamentals, Third Edition Executive Editor Brett Bartow Copyright © 2016 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or Acquisitions Editor transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, Betsy Brown without written permission from the publisher. No patent liability is assumed with respect Development Editor to the use of the information contained herein. Although every precaution has been taken in Christopher Cleveland the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information Managing Editor contained herein. Sandra Schroeder ISBN-13: 978-0-7897-5746-3 ISBN-10: 0-7897-5746-X Senior Project Editor Tonya Simpson Library of Congress control number: 2016940227 Copy Editor Printed in the United States of America Gill Editorial Services First Printing: May 2016 Indexer Brad Herriman Trademarks All terms mentioned in this book that are known to be trademarks or service marks have Proofreader been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this Paula Lowell information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Technical Editor Dr. Louay Karadsheh Warning and Disclaimer Publishing Coordinator Every effort has been made to make this book as complete and as accurate as possible, but Vanessa Evans no warranty or fitness is implied.
    [Show full text]
  • Is the Mafia Taking Over Cybercrime?*
    Is the Mafia Taking Over Cybercrime?* Jonathan Lusthaus Director of the Human Cybercriminal Project Department of Sociology University of Oxford * This paper is adapted from Jonathan Lusthaus, Industry of Anonymity: Inside the Business of Cybercrime (Cambridge, Mass. & London: Harvard University Press, 2018). 1. Introduction Claims abound that the Mafia is not only getting involved in cybercrime, but taking a leading role in the enterprise. One can find such arguments regularly in media articles and on blogs, with a number of broad quotes on this subject, including that: the “Mafia, which has been using the internet as a communication vehicle for some time, is using it increasingly as a resource for carrying out mass identity theft and financial fraud”.1 Others prescribe a central role to the Russian mafia in particular: “The Russian Mafia are the most prolific cybercriminals in the world”.2 Discussions and interviews with members of the information security industry suggest such views are commonly held. But strong empirical evidence is rarely provided on these points. Unfortunately, the issue is not dealt with in a much better fashion by the academic literature with a distinct lack of data.3 In some sense, the view that mafias and organised crime groups (OCGs) play an important role in cybercrime has become a relatively mainstream position. But what evidence actually exists to support such claims? Drawing on a broader 7-year study into the organisation of cybercrime, this paper evaluates whether the Mafia is in fact taking over cybercrime, or whether the structure of the cybercriminal underground is something new. It brings serious empirical rigor to a question where such evidence is often lacking.
    [Show full text]
  • Financial Fraud and Internet Banking: Threats and Countermeasures
    Report Financial Fraud and Internet Banking: Threats and Countermeasures By François Paget, McAfee® Avert® Labs Report Financial Fraud and Internet Banking: Threats and Countermeasures Table of Contents Some Figures 3 U.S. Federal Trade Commission Statistics 3 CyberSource 4 Internet Crime Complaint Center 4 In Europe 5 The Many Faces of Fraud 6 Small- and large-scale identity theft 7 Carding and skimming 8 Phishing and pharming 8 Crimeware 9 Money laundering 10 Mules 10 Virtual casinos 11 Pump and dump 12 Nigerian advance fee fraud (419 fraud) 12 Auctions 14 Online shopping 16 Anonymous payment methods 17 Protective Measures 18 Scoring 18 Europay, MasterCard, and Visa (EMV) standard 18 PCI-DSS 19 Secure Sockets Layer (SSL) and Transport Secured Layer (TLS) protocols 19 SSL extended validation 20 3-D Secure technology 21 Strong authentication and one-time password devices 22 Knowledge-based authentication 23 Email authentication 23 Conclusion 24 About McAfee, Inc. 26 Report Financial Fraud and Internet Banking: Threats and Countermeasures Financial fraud has many faces. Whether it involves swindling, debit or credit card fraud, real estate fraud, drug trafficking, identity theft, deceptive telemarketing, or money laundering, the goal of cybercriminals is to make as much money as possible within a short time and to do so inconspicuously. This paper will introduce you to an array of threats facing banks and their customers. It includes some statistics and descriptions of solutions that should give readers—whether they are responsible for security in a financial organization or a customer—an overview of the current situation. Some Figures U.S.
    [Show full text]