Feeds

Russian cybercrooks shun real currencies, develop private altcoins

Only n00bs need real-world cash in the cryptocurrency era

The Essential Guide to IT Transformation

Fraudsters are using private currencies to conduct transactions with each other on Russian-language cybercrime forums.

The advent of new private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between different fraudster boards in the digital underground, according to security researchers at RSA.

"Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without the risk of losing them in a bust," the researchers explain in a blog post.

"The obvious choices were Perfect Money and BitCoin, but both currencies carry inherent risk. Perfect Money is of questionable background, while BitCoin does not provide fraudsters the required level of anonymity and is not immune to seizure. These risks have pushed the underground to adopt - or really create - unique currency systems to help protect the financial security of its dwellers."

Examples of new underground digital currencies include MUSD. The MUSD currency, first seen in November 2013, is used in a single underground board. Forum members can use the currency to purchase services from each other, as well as pay for advertising on the board itself. The currency provides a built-in escrow-service and guarantees anonymity. One exchange agent is "offering to cash out MUSD for hard currency in person at an office in Kiev, Ukraine," RSA’s Fraud Intelligence agent reports.

Another currency, United Payment System, is shared by four different Russian language forums. Each forum has its own official exchange agent, and each exchange agent has an administrator who is supervised by a senior forum member to keep him or or "honest". Cash-out options include refilling different pre-paid cards as well as using the exchange agent.

Yet another digital currency, UAPS, is referred to as the ‘First Commercial Bank’ on one of the most powerful boards in the Russian-language cybercrime community. RSA researchers rate it as the "most advanced and secure option for fraudsters" of the three nascent currencies. Adding funds and cashing out is available directly from the UAPS system. And there's a strict policy of retaining data for only two months, an approach that brings privacy benefits.

Researchers at RSA conclude that the use of bespoke digital currencies on underground forums creates a huge headache for law enforcement.

Private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between fraudster boards in the cybercrime world.

These new internal currencies are carefully administered and secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for law enforcement to trace, block, or seize funds and accounts.

Michael Jackson, the former COO at Skype, a decentralised comms network just as Bitcoin is a decentralised digital currency, and an expert in digital currencies told El Reg that cybercrooks may be moving away from BitCoin because of its volatility.

"It is clear that criminals are often the first to exploit new technology, so it comes as no surprise that fraudsters are using underground forum-specific currencies as a system for value transfer," said Jackson, partner at early-stage venture capital firm Mangrove Capital Partners "Indeed, e-gold and even less supervised mainstream products such as DMZ have been used as currency on botnets for a long time."

"This demonstrates to us, as investors, that virtual currencies can be useful rather than just speculative. It also shows us that there will be various iterations on virtual currencies and Bitcoin itself may not be the dominant one. Furthermore, it suggests that criminals don't trust Bitcoin - I hope this is because they think the police will find them, but I suspect it's more to do with the fact that they don't like volatility. Even an online dope seller wants predictability in his business."

Jackson added that there are historical precedents for undergrounds currencies finding their own exchange commodities.

"Systems for value transfer have obviously been used for many years in criminal circles. There is reasonable certainty that art stemming from high value art thefts are used as collateral," he added. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.