Digital Currency and Getting Paid In The Underground

6 January 2016

It’s been said that money makes the world go round.  People expect to be paid for their time, goods, and services, and cyber criminals are no different. Cyber criminals expect to be paid for their efforts and will go to great lengths to see their payoff and, consequently, the development and maturity of cyber criminal markets continues at an alarming rate.

 

Getting paid in the underground has significantly changed over the course of the last two decades. Traditional payment systems, such as wire transfers, began giving way to digital currency in the mid to late 1990s. These new digital currencies afforded the users – criminal and non-criminal alike – the opportunity to continue to buy and sell goods and services in relative anonymity and safety, while encouraging ease of use and the ability to convert digital currency into other forms of currency. Nowadays, it is commonplace to see criminals offering illegal goods and services in return for payment using digital currencies. As an example, items such as those contained in Figure 1, a botnet known as Kronos, can be purchased anonymously on various market places within the Internet. 

 Kronos Banking Trojan

                  

Figure 1: Example of Kronos Botnet Which Can Be Acquired Anonymously Using Bitcoin

 

Digital currencies can be transacted in a variety of ways.  They may be converted for other forms of currency - such as in the case of Webmoney or PerfectMoney.  Many digital currencies rely on blockchain cryptography and have come to be known as cryptocurrencies for this reason. Services have been established that provide enhanced anonymization of digital currencies . Some of these services are known as tumblers. There are even examples of services that intentionally launder money through other cryptocurrencies such as Darkcoin (now known as Dash). Digital currencies can be cashed out with relative ease by moving money through payment systems such as WebMoney or PerfectMoney or through other forms of exchange depending on the type of digital currency in question (cryptocurrencies, such as BitCoin or Dash for example). There are four common ways to cash out:

 

  1. Direct trade with another person (intermediary)
  2. Online exchanges (via anonymous exchanges like CoinChimp
  3. Peer-to-peer trading marketplaces where Bitcoins are exchanged for discounted goods via others who want to obtain the cryptocurrency with credit/ debit cards
  4. Selling Bitcoin in person

 CoinChimp

Figure 2 provides an example of an online anonymous exchange where Bitcoin users can cash out their currency.

 

Digital currency continues to evolve quickly, and Digital Shadows has counted more than 23 digital currencies, a significant proportion of which are cryptocurrencies. Their appeal continues to grow due to the flexibility offered to users through centralized and decentralized marketplaces.  The benefits of the anonymity and privacy afforded by some currencies make them attractive to many people, and especially to cyber criminals. Ongoing currency innovation is driving ease of use for the cyber criminal – for paying, being paid and for cashing out. This complicates matters for security researchers and law enforcement, but does not deter our efforts in tracking and observing criminals and their activities.