We took a deep dive into why AML is such an important line of defence businesses can take to protect themselves and society from cybercrime.
The allure of money laundering for cyber criminals (yes, crypto features strongly.
In early May 2021, US’s biggest fuel pipeline operator, Colonial Pipeline was forced to shut down as it was hit by ransomware. A few months earlier, a small family-owned publisher was under attack with a $US1.75m ransom being demanded. In exchange they’d get their website back and the criminals wouldn’t release false allegations of seized publishing data being used to create fake IDs and allowing paedophiles to enter schools. And just a few weeks ago, Germany’s fuel-distribution system was also attacked.
Each of these are just a few examples in a long list of attacks executed by ‘ransomware-as-a-service’ provider DarkSide. In the months leading up to the attacks, communications, surfaced by The New York Times, revealed a criminal operation on the rise, raking in millions of dollars of ransom payments per month.
These attacks come on the tail of REvil’s sudden disappearance. Like DarkSide, this group of hackers claimed to have stolen more than $100m a year through ‘ransomware’ attacks. This brave claim was evidenced through, ‘crypto-wallets containing untold volumes of digital currency…[and] dozens of stacks of hundred dollar bills’ seized by Russia’s special forces when 25 locations were raided and the criminals arrested.
What has been happening for years has suddenly burst into the spotlight, thanks to the large scale attacks and share breadth of them.
Suddenly, anyone can organise a successful attack. What used to be the domain of the uber-smart is suddenly available to anyone willing to partner with, and pay, the likes of DarkSide. Small time criminals and ‘wannabe’ hackers now have the world, and its money, at their fingertips.
‘Ransomware-as-a-service’ providers offer services common to any SaaS company; tech support, negotiations with targets, payment processing and ‘marketing campaigns’ designed to pressure and blackmail targets to pay. They even use sliding scale user fees, ensuring everyone can join the game.
Show me the money?
So what happens to all that money and why should we care? In this article we take a look at the very real, and often very bad, results of cybercrime. We also look into why AML is such an important line of defence businesses can take to protect themselves and society at large.
Why should I care?
The idea of criminals holding businesses to ransom may elicit schadenfreude for some. Who cares, right? The corporate and banking world has been creaming it for years; never caring about the impact on staff or the general public, all the while making eye-watering profits. Here’s looking at you Jeff Bezos and CBA to name a few. But while the pleasure derived from another’s misfortune may feel vindicating, it’s also incredibly short sighted.
Ransomware as a service (RaaS), is akin to SaaS companies, scaling in the same way. That is, the more profit and revenue generated from their services, the more prominent and faster they will expand. Stopping the funds generated from RaaS being washed through the financial system can prevent their expansion and significantly reduce the social harm caused by these illegitimate enterprises.
Numerous studies by the UN, its affiliate The Financial Accountability Transparency & Integrity panel (FACTI) and inter-governmental watchdog, Financial Action Task Force (FATF) have shown time and again that money laundering is not a victimless crime. In fact, the EU considers it to be a key enabler of:
- Human trafficking
- Drug trafficking
- Theft and
- Terrorist activities
That’s just the social impact. Economically, money laundering has an outsized impact on countries leading to:
- Lost tax revenue
- Reduced GDP
- Decreasing trust in government and financial institutions
- Burgeoning organised crime
The economic impact also affects individuals. Money laundering means companies may lose revenue so can’t pay their employees as well and then there’s the major problem of identity theft.
What’s the link to cybercrime?
Back in the old days (aka, <2010) money laundering was a highly manual process:
- Place illegally obtained money into a cash-intensive business and combine the dirty and clean cash (can physically move the money in suitcases / on people / mules)
- Layer it – split the money into <10k amounts and deposit into ‘cuckoo’ accounts or move it to offshore shell accounts or simply hide it for a time
- Integrate it – take it out move it around (maybe buy gems, artwork, property, businesses, boats, etc) then convert from those assets into cash
But we are living in a new world. One where everyone with an internet connection (that’s ~60% of the entire global population, or ~4.7 billion people) can access:
- Virtual worlds – e.g. Metaverse
- Alternative crowdfunding sites e.g https://swarmnetwork.org/
- MMORPGs — Massively Multiplayer Online Role-Playing Games e.g. World of War Craft
So? You may say. Well here’s the thing. All of these environments allow for financial transactions. And the easiest form of currency? That’s right, crypto.
According to Chainalysis, a blockchain data analysis platform, “Cryptocurrency-linked crime surged to a record high last year in terms of value, with illegal addresses receiving $14 billion in digital currencies, up 79% from $7.8 billion in 2020.”
So now we have huge amounts of money being gained through illicit means, be that ransomware attacks, phishing schemes or even just good old fashioned investment scams that are held in crypto and can be easily used in unregulated, fast paced, entirely digital environments.
Adding to that, crypto can now be stored in mixed wallets e.g. Coinjoin with transactions hidden via anonymous browsers such as Tor so not only can the illegally gained funds be mixed and hidden with legitimate sources (placement) it can also be layered via online entities. It’s a simple step to move from there to integration and then onto illegal activities.
These activities are highly complex, lighting fast and cross multiple borders. All of which is far too difficult for humans to detect using old approaches, better suited to 2010 or old fashioned mules and cuckoo accounts.
What can be done?
We’re now caught in a game of cat and mouse between businesses and cyber criminals. Governments have been slow to legislate, global cooperation is waning, working from home is here to stay and with inflation on the rise, it’s only time before federal budgets for financial crime fighting are slashed.
However, only the biggest crimes are getting federal focus – remember the Colonial Pipeline attack from the start of this article? They got full press coverage and federal support to boot. But the family-owned publisher? They don’t even show up in a Google search. It was up to the New York Times to find a small example to contrast with the large. Sadly this is true everywhere, not just the US. Smaller cybercrimes fall to the private sector to detect and prevent.
Some of the world’s best organisations (note we didn’t say biggest) are taking tangible and relatively easy steps to protect their staff, customers, company name and society as a whole, all while meeting compliance requirements. These leaders are AML champions, embracing compliance as a competitive differentiator through exceptional user experiences.
The most obvious strategy they’re employing is technology. Industry leaders are fighting fire with fire / tech with tech, easing the burden of compliance while defending against cyber criminals by embracing:
- AI for transaction monitoring
- AI and machine learning for identity verification.
- Mandatory EIV for Metaverse accounts (not likely given Facebook has stated users just need a valid Facebook account)
But human interactions play a vital part too. The best in the business are:
- Adopting a security-first mindset that extends to suppliers and technology
- Embedding closer intra-team collaboration
- Increasing inter-agency information sharing and cooperation
- Keeping the human element as a prominent feature of most processes
All of these strategies are aiding in the fight against cybercrime. Employing all of them may seem a daunting task, but it can be possible with the right balance of tech solutions and human interventions when required. We must continue to level up our defences as the cyber criminals level up their attacks.
The government has been holding off AML regulations for 15 years, and the ramifications will continue to worsen without Tranche 2.
About First AML
First AML is an AML technology provider, and the maker of Source, an all-in-one AML platform. Source powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Its enterprise-wide, long term approach to the KYC / CDD data lifecycle addresses time and cost challenges while minimising compliance, reputational and security risks.