Feeds

Russian cybercrooks shun real currencies, develop private altcoins

Only n00bs need real-world cash in the cryptocurrency era

Next gen security for virtualised datacentres

Fraudsters are using private currencies to conduct transactions with each other on Russian-language cybercrime forums.

The advent of new private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between different fraudster boards in the digital underground, according to security researchers at RSA.

"Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without the risk of losing them in a bust," the researchers explain in a blog post.

"The obvious choices were Perfect Money and BitCoin, but both currencies carry inherent risk. Perfect Money is of questionable background, while BitCoin does not provide fraudsters the required level of anonymity and is not immune to seizure. These risks have pushed the underground to adopt - or really create - unique currency systems to help protect the financial security of its dwellers."

Examples of new underground digital currencies include MUSD. The MUSD currency, first seen in November 2013, is used in a single underground board. Forum members can use the currency to purchase services from each other, as well as pay for advertising on the board itself. The currency provides a built-in escrow-service and guarantees anonymity. One exchange agent is "offering to cash out MUSD for hard currency in person at an office in Kiev, Ukraine," RSA’s Fraud Intelligence agent reports.

Another currency, United Payment System, is shared by four different Russian language forums. Each forum has its own official exchange agent, and each exchange agent has an administrator who is supervised by a senior forum member to keep him or or "honest". Cash-out options include refilling different pre-paid cards as well as using the exchange agent.

Yet another digital currency, UAPS, is referred to as the ‘First Commercial Bank’ on one of the most powerful boards in the Russian-language cybercrime community. RSA researchers rate it as the "most advanced and secure option for fraudsters" of the three nascent currencies. Adding funds and cashing out is available directly from the UAPS system. And there's a strict policy of retaining data for only two months, an approach that brings privacy benefits.

Researchers at RSA conclude that the use of bespoke digital currencies on underground forums creates a huge headache for law enforcement.

Private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between fraudster boards in the cybercrime world.

These new internal currencies are carefully administered and secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for law enforcement to trace, block, or seize funds and accounts.

Michael Jackson, the former COO at Skype, a decentralised comms network just as Bitcoin is a decentralised digital currency, and an expert in digital currencies told El Reg that cybercrooks may be moving away from BitCoin because of its volatility.

"It is clear that criminals are often the first to exploit new technology, so it comes as no surprise that fraudsters are using underground forum-specific currencies as a system for value transfer," said Jackson, partner at early-stage venture capital firm Mangrove Capital Partners "Indeed, e-gold and even less supervised mainstream products such as DMZ have been used as currency on botnets for a long time."

"This demonstrates to us, as investors, that virtual currencies can be useful rather than just speculative. It also shows us that there will be various iterations on virtual currencies and Bitcoin itself may not be the dominant one. Furthermore, it suggests that criminals don't trust Bitcoin - I hope this is because they think the police will find them, but I suspect it's more to do with the fact that they don't like volatility. Even an online dope seller wants predictability in his business."

Jackson added that there are historical precedents for undergrounds currencies finding their own exchange commodities.

"Systems for value transfer have obviously been used for many years in criminal circles. There is reasonable certainty that art stemming from high value art thefts are used as collateral," he added. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New twist as rogue antivirus enters death throes
That's not the website you're looking for
ISIS terror fanatics invade Diaspora after Twitter blockade
Nothing we can do to stop them, says decentralized network
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.