Bitcoin 2019: Illicit Use of Cryptocurrencies and the Global Regulatory Response, Tom Robinson


Okay, good morning everyone. Can you hear
me?
Little low… is that better?
Okay great. So good morning everyone I’m
Tom Robinson one of the cofounders of
Elliptic and today I’m going to talk to
you about the illicit slash criminal use
of crypto currencies. So why should we be
interested in this? Well if we’re serious
about preventing this kind of criminal
activity in crypto or even if we just
want to try to dispel the myth that
crypto is only used by criminals then I
think it’s important that we understand
exactly how criminals are using it today
obviously on a fairly small scale. It’s
the, first of all, a little bit about
Elliptic. So our mission as a company is
to empower our clients to detect and
prevent the criminal use of crypto
currencies. So our clients are mainly
cryptocurrency businesses such as
exchanges and financial institutions, so
we help them to assess risk on their
transactions and ensure that they’re not
laundering proceeds of crime. So we do
that through two software tools. The
first is a transaction screening tool
called Elliptic AML so this allows
exchanges for example to screen all of
their transactions for risk and identify
whether the funds originate from some
kind of criminal activity. And then we
also offer an investigations tool so
this enables our clients to do deep dive
investigations into individual wallet
entities transactions and see where
funds are coming from or going to. So
criminal use of crypto currencies so I
think as an industry we need to be
realistic and accept that like any
payment system criminals are going to
use it.
However, compares with other payment
systems the level of illicit usage I
think we all accept is very low. However
there are some new cyber criminal news
cases which really have been enabled by
cryptocurrencies. The likes of ransomware,
crypto jacking, simply didn’t exist
before crypto so in order to sort of
characterize how criminals are using
crypto we wrote this report. It’s called
A guide to money laundering and
terrorist financing typologies and
cryptocurrencies. And so this lays out
exactly how criminals are using crypto
and how businesses such as exchanges can
detect it and prevent it and this is
based on our own research as well as
discussions with cryptocurrency
exchangers and law enforcement
professionals. And today I want to go
through five key trends and learnings
that we we have found in the course of
writing this reports. So first of all
typologies are increasing in complexity so
the ways that criminals use crypto and
the way that they’re trying to launder
those proceeds are increasing in
complexity as the kinds of products that
are available within within crypto
currencies also increase in complexity. So it’s no longer just about depositing
your dart market proceeds as an exchange
there are debit cards products there are
ICO products there are lending products
all of which can be combined by
criminals in order to try and obfuscate
the trail of the proceeds.
Another key trend we’re seeing is the
use of money mules. So in traditional
finance, a money mule is typically an
individual who will receive proceeds of
crime from the criminal and then send it
on somewhere else on their behalf
usually in return for a fee. Although
sometimes criminals also recruit money
mules through online dating and so they
will meet some on online dating
sites and basically get them to launder
their funds for them for romantic
reasons. So what’s starting to see in
crypto is that money mules are starting
to launder proceeds of crime through
crypto services via crypto ATMs or
crypto exchangers. And so one particular
case study which in the States both of
these trends was the the carbanak
incident. So this was an organized this
was a group a hacking group that
developed some malware that was used to
infiltrate the IT systems of banks all
around the world. So around a hundred
banks in 40 countries. And what
this malware allowed the attackers to do
is basically steal funds from these
banks in a number of different ways. So
first of all it basically allowed them
to arbitrarily change the account
balances of people’s accounts. So they
would get their money mules to open
accounts with these banks and then
basically increase their balances. The
mules could then withdraw that cash and
send them on to the criminal the the
group. They were also able to infiltrate
their ATM systems so what they’re able
to do was at a specific time make the
ATM machines just spew cash. So they’re
able to tell the money mules go to these
ATMs at this specific time and you will
simply be able to take cash from the ATM
without putting a card in or doing
anything else.
So what do those mules do next? Well in a
number of cases they convert to that
cash into crypto so they would deposit
the cash for instance with their bank
accounts and then send the funds to an
exchange and then convert that into
crypto. They then generally used debit
cards linked to those accounts to buy a
range of high value luxury goods and
services especially luxury cars and even
property.
The third key theme we’ve picked up on
was that new types of criminal actors are
now starting to use crypto currencies. So
it’s no longer small-scale narcotics
dealers, it’s organized crime groups,
it’s drug cartels who are starting to use
crypto as part of the money-laundering
process. We’re even starting to see
nation-states use crypto currencies and
I’ll discuss that in more detail in a
moment. The one type of actor that is
particularly interesting to us and which
have been following in some detail is
terrorist groups and their use of crypto
for terrorist financing. So the image you
see here at the top is a screen grab
from the video that was posted on a
telegram group by this group called Al
Sadiqar and they well the video showed
was basically a terrorist training camp
in Syria and what they were saying was
look how bad our facilities are look how
little resources we have if you want to
better equip us then send bitcoins to
this address. So obviously we can track
how much they receive and it was fairly
small scale a few thousand dollars worth
of crypto and they posted the follow-up
video a few weeks later basically
showing had they been able to buy more
resources more equipment from these
donations. But I think in terms of
terrorist financing there are a few
three key takeaways. First of all it’s
all very small at the moment.
The campaigns are sporadic, they don’t
tend to earn very much. There are
generally better ways of raising funds
than through crypto. They are also
starting to experiment with privacy
coins so this is from one of their
campaigns where they’re also soliciting
donations in the licensed Ashton Manero
as well as Bitcoin. And thirds where we
have seen a big uptake in fundraising is
with right-wing extremist groups. So
these groups are being off bordered by
the likes of PayPal and they’re looking
to Bitcoin as an alternative to receive
donations. One fairly hope high-profile
campaign we were monitoring recently was
by al-qassam brigades. So this is the
militant wing of Hamas regarded as a a
terrorist group in the US and many other
current countries and this demonstrates
how the becoming these groups are
becoming much more sophisticated both on
the technical side and the marketing
side. So this campaign has its own
dedicated website at a video showing you
exactly which exchanges to go to to buy
your crypto and what to do with that
crypto in order to prevent it being
traced back to you before you make a
donation. And on the right hand side we
have a screen grab from our software
just showing us tracking the payments
into and out of this campaign.
The fourth trend is that criminals can
of course continue to seek anonymity but
they’ve probably been doing it in different
in different ways now. So whereas a
couple of years ago centralized mixers
with the primary means of obfuscating
transaction trails. Not so much anymore. I
think that there is a trust issue around
centralized mixers there is a concern
that they might do an exit scam that
they might actually be being they might
actually be being run by law enforcement
and so we are seeing a switch towards
privacy coins. Now of course it is by
their very nature very difficult to
quantify to what extent privacy coins
are being used for criminal purposes.
However I think one good proxy is to
track which start marketplaces are using
these currencies. So here we list some of
the largest start marketplaces out there
and the different currencies that they
accept in terms of payments. Now this is
a little bit out of date some of these
marketplaces don’t exist
following law enforcement takedowns but
I still think it’s useful useful insight.
And so my first takeaway from this is
that they all like said Bitcoin. I think
it’s true to say that the majority of
illicit use of crypto currencies is
still in Bitcoin and that’s because it’s
simply the most liquid cryptocurrency
out there, it’s the easiest to use, it’s
the easiest to get hold of. So if you are
for example thinking about launching
your own ransomware campaign then you
need to balance your anonymity with
actually generating some cash out of
this campaign and you might want to use
a privacy coin to maintain your privacy
but it probably won’t maximize your
revenue. If you want to maximize your
revenue then you’re probably going to
ask for Bitcoin because it’s much more
likely that your victims are going to
pay out pay up if you ask Bitcoin rather
than some obscure cryptocurrency privacy
privacy corner. The other key take away
from for me here is the the fact that
over half these marketplaces now accept
Monero.
And that’s the trend that’s been
accelerating over the past year or so
and to a lesser extent z cash as well.
The fifth key trend we’ve been tracking is the
use of crypto currencies by nation-state
actors who are seeking to promotes their
influence abroad through the use of
crypto. And they’re using it I guess in
three pretty distinct ways. So first of
all for espionage. So one finding of the
Mueller reports was that Russian military
intelligence engaged in acts of service
belonging to the DNC going to the
Clinton presidential campaign in an
effort to influence the 2016
presidential elections. And so the
Russian military intelligence it turned
out used infrastructure in order to do
that that was paid for in Bitcoin
presumably in an attempt to prevent that
hacking activity being traced back to
them. The material that they are able to
obtain through that hacking was then
leaked through the DC leaks website and
also through the online persona guseva
2.0 both of those personas denied any
link to Russia however one finding of
the investigation through blockchain
analysis was that all three of these
actors were actually spending Bitcoin
that came from the same wallet so
enabled those three seemingly
independent actors to be linked together.
The second way we’re seeing crypto used
by nation-states is for sanctions
evasion. So when the new Maduro announced
the oil backed petro cryptocurrency last
year i think one of the key reasons they
used to justify this was
they actually wanted to bypass
international financial sanctions that
they were subject to. And then finally is
simple monetary gain and again this is
particularly relevant to those countries
which are currently under financial
sanctions and a desperate need of cash.
So the WannaCry ransomware campaign the
current working theory is that this was
perpetrated by North Korea and their
primary motivation for doing this was to
raise hard currency. It wasn’t a
particularly successful ransomware
campaign but this is believed to the
justification behind it. So those are our
five key takeaways if you would like a
copy of this reports then you can either
go to this website and request one or
simply come to our booth in the
exhibition area this afternoon. I haven’t
had a chance to talk about global
regulation in this session but if you
want to know more about that then I’m on
a panel tomorrow afternoon at 2:40 along
with some very interesting case
speakers. So thank you very much for
listening,
grab me afterwards if you’d like to
discuss this in any more detail thank
you.

Add a Comment

Your email address will not be published. Required fields are marked *