Feeds

Russian cybercrooks shun real currencies, develop private altcoins

Only n00bs need real-world cash in the cryptocurrency era

Security for virtualized datacentres

Fraudsters are using private currencies to conduct transactions with each other on Russian-language cybercrime forums.

The advent of new private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between different fraudster boards in the digital underground, according to security researchers at RSA.

"Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without the risk of losing them in a bust," the researchers explain in a blog post.

"The obvious choices were Perfect Money and BitCoin, but both currencies carry inherent risk. Perfect Money is of questionable background, while BitCoin does not provide fraudsters the required level of anonymity and is not immune to seizure. These risks have pushed the underground to adopt - or really create - unique currency systems to help protect the financial security of its dwellers."

Examples of new underground digital currencies include MUSD. The MUSD currency, first seen in November 2013, is used in a single underground board. Forum members can use the currency to purchase services from each other, as well as pay for advertising on the board itself. The currency provides a built-in escrow-service and guarantees anonymity. One exchange agent is "offering to cash out MUSD for hard currency in person at an office in Kiev, Ukraine," RSA’s Fraud Intelligence agent reports.

Another currency, United Payment System, is shared by four different Russian language forums. Each forum has its own official exchange agent, and each exchange agent has an administrator who is supervised by a senior forum member to keep him or or "honest". Cash-out options include refilling different pre-paid cards as well as using the exchange agent.

Yet another digital currency, UAPS, is referred to as the ‘First Commercial Bank’ on one of the most powerful boards in the Russian-language cybercrime community. RSA researchers rate it as the "most advanced and secure option for fraudsters" of the three nascent currencies. Adding funds and cashing out is available directly from the UAPS system. And there's a strict policy of retaining data for only two months, an approach that brings privacy benefits.

Researchers at RSA conclude that the use of bespoke digital currencies on underground forums creates a huge headache for law enforcement.

Private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between fraudster boards in the cybercrime world.

These new internal currencies are carefully administered and secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for law enforcement to trace, block, or seize funds and accounts.

Michael Jackson, the former COO at Skype, a decentralised comms network just as Bitcoin is a decentralised digital currency, and an expert in digital currencies told El Reg that cybercrooks may be moving away from BitCoin because of its volatility.

"It is clear that criminals are often the first to exploit new technology, so it comes as no surprise that fraudsters are using underground forum-specific currencies as a system for value transfer," said Jackson, partner at early-stage venture capital firm Mangrove Capital Partners "Indeed, e-gold and even less supervised mainstream products such as DMZ have been used as currency on botnets for a long time."

"This demonstrates to us, as investors, that virtual currencies can be useful rather than just speculative. It also shows us that there will be various iterations on virtual currencies and Bitcoin itself may not be the dominant one. Furthermore, it suggests that criminals don't trust Bitcoin - I hope this is because they think the police will find them, but I suspect it's more to do with the fact that they don't like volatility. Even an online dope seller wants predictability in his business."

Jackson added that there are historical precedents for undergrounds currencies finding their own exchange commodities.

"Systems for value transfer have obviously been used for many years in criminal circles. There is reasonable certainty that art stemming from high value art thefts are used as collateral," he added. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.