Money laundering using virtual worlds, Bitcoin on watchdog's radar
Financial watchdog AUSTRAC says that money laundering using virtual worlds, such as MMOs, and digital currencies, such as Bitcoin, are emerging threats
Over the last two decades cybercrime has matured from the early days of curiosity-driven hackers and pranksters to a fully fledged industry. In the process, much of the distinction between ‘traditional’ crime and online crime has been eliminated: On the one hand organised crime now uses the internet as another tool for communication and tras*ferring criminal proceeds; on the other hand spam, phishing and malware are mature criminal industries.
At the same time as the internet has changed the way people socialise, entertain themselves and work, it’s helped tras*form the criminal underworld, offering new ways to make money — and new ways to use launder proceeds whether from traditional crimes or cybercrime.
In July, the Australian tras*action Reports and Analysis Centre (better known by its acronym, AUSTRAC) issued one of its periodic typologies reports, which summarise money laundering case studies as well as making an assessment of emerging approaches for laundering the proceeds of crime. Two of the “potential vulnerabilities” flagged by the recent typologies report were the use of ‘virtual worlds’ — think World of Warcraft or Second Life — and digital currencies, such as Bitcoin.
“While the nature and extent of money laundering through digital currencies and virtual worlds are unknown, it is important to recognise their potential for criminal exploitation, particularly in response to tighter regulation of established or traditional financial channels,” the report stated.
"At this stage, the misuse of digital currencies and virtual worlds for money laundering is still very much an emerging vulnerability," AUSTRAC CEO John Schmidt says.
"That said, AUSTRAC has undertaken research into the potential money laundering threats posed by electronic payment systems and new payment methods."
Virtual worlds, such as massively multiplayer online games (MMOs), offer the opportunity for money laundering in those cases where there’s a mechanism for converting some form of in-game credit (be it items or a fictional currency employed by the game) into ‘real world’ money.
“The criteria for virtual world money laundering to take place is that the world needs to have their own financial currency which can have real world money going in and out of,” explains Dr Clare Chambers-Jones, associate professor in banking and finance law at the University of the West of England and author of Virtual Economies and Financial Crime: Money Laundering in Cyberspace.
“This process of placing and layering allows the dirty money to be laundered. There are few regulations which prevent this from occurring,” Chambers-Jones says.
“Some stored value card providers also allow their products to be used in a virtual world. These can then be exchanged for real world currency,” Schmidt adds.
Real threat or emerging vulnerability?
Employing virtual worlds to launder money is not a new idea, but whether it's currently being used to hide proceeds of crime on any significant scale is still a subject of debate. But it's not just AUSTRAC that has been keeping an eye on the potential for money laundering; the Financial Action Task Force, the global body that monitors money laundering, issued a report in October 2010, Money Laundering Using New Payment Methods, that noted these digital methods were emerging avenues for hiding illicit profits.
One of the earliest virtual worlds that offered a mechanism for exchanging 'real world' money for in-world credits, and, crucially, back again, was Linden Lab's Second Life, which launched in 2003. Money can be exchanged for Second Life's virtual currency, 'Linden Dollars', and back again using Linden Lab's currency exchange or a third-party provider. "Second Life has been a focus of mine as to virtual world money laundering and there are instances of money laundering taking place," Chambers-Jones says.
In Q2 of 2011, the total amount of Linden Dollars held by Second Life users was in the region of US$30 million, which makes it relatively small fry given that the FATF estimates that the cost of money laundering and the underlying crime is two to five per cent of global GDP.
Bitcoin and digital currencies
Digital currencies offer much of the appeal of virtual world tras*actions, such increased anonymity, and have the added benefit of being designed for tras*ferring money between parties and paying for goods and services. Particularly appealing for those who want stay off the radar of financial watchdogs are currencies that offer the ability to tras*fer value without the oversight of a central body such as a bank, with all the regulations that being a registered financial institution entails.
Bitcoin is by far the best known purely digital currency. The cryptocurrency, based on 'coins' generated through a mathematical algorithm (which is progressively 'solved' in blocks to generate coins using computer power, most commonly employing GPUs), holds particular appeal for those of a libertarian bent, because of its non-government-backed and decentralised nature.
There is no central bank that issues Bitcoins and tras*actions are peer-to-peer, so they do not need to go through any central authority. It offers a great deal of potential for at least somewhat anonymous tras*actions, although anonymity is not guaranteed (all Bitcoin tras*actions between 'wallets' can be viewed on the decentralised 'blockchain' database, but individuals can easily generate wallets that have no obvious connection to their real-world identity) .
Although Bitcoin supporters have made efforts to encourage adoption by 'above ground' retailers and service providers, the best known example of Bitcoin-facilitated tras*actions is Silk Road, an underground online market for illegal drugs that uses the Tor network to obscure the location of its servers on the internet (a recent estimate was that Silk Road is making annual sales of $22 million).
"AUSTRAC is aware that digital currencies, such as those offered by Bitcoin, may become more attractive to criminal groups, particularly in response to tighter regulation and monitoring of established or traditional financial channels by both government and the traditional financial service providers themselves," Schmidt says.
As a result, AUSTRAC and other law enforcement organisations "actively monitor developments across the range of digital currencies currently available in Australia".
While Bitcoin is known to have been used for illegal tras*actions, the small size of the Bitcoin economy and the frequently wild fluctuations of its exchange rate with 'real world' currency (and the limited avenues for exchanging Bitcoins with conventional currency or goods) miccionan its potential for money laundering is still largely theoretical.
A leaked FBI report (PDF) issued by the bureau in April notes that although the organisation "assesses with medium confidence that, in the near term, cyber criminals will treat Bitcoin as another payment option alongside more traditional and established virtual currencies which they have little reason to abandon," it "assess with low confidence, based on current user and vendor acceptance, that malicious actors will exploit Bitcoin to launder money. This assessment is based on observed criminal activities, investigations and prosecutions of individuals exploiting other virtual currencies, such as e-Gold and WebMoney..."
However, the report adds, if the currency stabilises and its popularity increases, "it will become an increasingly useful tool for various illegal activities beyond the cyber realm... Bitcoin might ... logically attract money launderers and other criminals who avoid traditional financial systems by using the Internet to conduct global monetary tras*fers.
The appeal
The advantage of these emerging avenues for money laundering is that they tend to be somewhat anonymous and less subject to oversight by governments and law enforcement.
"New payment methods such as the use of digital currencies or virtual worlds are not issued under the authority of a government body, or backed by traditional currencies," Schmidt says.
"This potentially allows individuals and entities to use them to conduct quick and complex tras*fers which are not regulated by authorities, making it a challenge for government agencies to ***ow the money trail."
"By not being able to easily trace either the criminal or the placement of money, and coupled with the issue of which country should criminal proceedings be brought in, it is appealing to criminals who want to quickly launder money," Chambers-Jones argues.
However, for now at least, traditional methods of money laundering still dominate. "By far the bulk of attempted money laundering activity continues to be undertaken through the mainstream financial system," Schmidt says.
'Virtual' money laundering comes with additional administrative overheads and potential limitations on volume, and at some point, funds need to be tras*ferred back into traditional financial channels.
"At this stage, digital currencies are not widely accepted as payment for goods and services, limiting the opportunities for criminals to use digital currency to convert, move and launder illicit funds, as well as the amount of illicit funds that can be laundered," Schmidt says.
"Accordingly, at present, digital currency markets may only be of use to those conducting niche crimes in the cyber environment and individual or smaller scale illicit activity."
AUSTRAC's CEO says Australian authorities have observed cases of criminals using digital currencies or credits in virtual worlds for tras*actions, but the tras*actions have been low-value. However, Schmidt adds, the extent of their use by organised crime groups is unknown.
"It’s much more difficult for [criminals] to utilise an environment where it’s a game or a virtual world to move money," says Detective Superintendent Colin Dyson, commander of the NSW's Police Fraud and Cybercrime Squad. Dyson believes that virtual worlds hold more appeal to criminals as a platform for communication and co-ordination, than for laundering the proceeds of crime.
However, Chambers-Jones believes that it is "a real threat even that it has taken time for it to be recognised as a real crime".
Law enforcement's response
Chambers-Jones believes that laws have not managed to keep pace with the changing nature of money laundering. “Most convictions are still using out of date cybercrime laws or money laundering laws which relate to the real, not the virtual, world, ” she says
Schmidt says that AUSTRAC and the Attorney-General's Department continue to assess the effectiveness of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, and the emergence of new payment methods, such as Bitcoin, is an area that the agency is monitoring.
"The global use of electronic payment systems and new payment methods is set to continue to grow in coming years, as these systems evolve to handle high values and volumes of tras*actions and broaden in global reach. As their use expands, so does the threat of them being exploited for criminal purposes," Schmidt says.
Existing money laundering legislation can generally be used to prosecute the use of virtual worlds and digital currencies for financial crimes, Dyson says. "We have legislation in relation to the offences being committed online; of course the proceeds that they’re after is the reward at the end... Current anti-laundering legislation could cover it if the objective is to gain legitimate forms of currency at the end."
Chambers-Jones believes that while governments and law enforcement agencies are aware of the potential of virtual world money laundering, there needs to be political will to specifically regulate the area.
"You need to get all countries to agree on a policy and this is going to be incredible difficult to get a consensus on because of the societal difference which underpin legislation," she says.
"You can see that governments are taking the threat more seriously. Criminals will always exploit loopholes and this area is no exception. The law needs to keep pace but political will must be in place before the law has a chance to regulate effectively."
Potential legislative gaps are not the only issue facing authorities, however. The murky jurisdictional boundaries of crimes committed using internet services can make law enforcement tough.
"Jurisdictions and boundaries and borders don’t exist for criminals and in a sense they’re operating in a global environment," Dyson says.
"We really have to, as a law enforcement agency, build very strong networks, which we’re doing with overseas jurisdictions, plus be able to respond rapidly enough to meet that challenge. Criminals with new technologies of course can commit these crimes in a split second — we need to respond much more rapidly than we have in the past to be effective."
"No one country or body regulates and monitors the internet, and therefore no-one can control in the most part what goes on within the internet," Chambers-Jones says.
"However," she adds, "individual countries can use domestic legislation to ensure application of their laws on websites and virtual worlds. When there are clear jurisdictional boundaries — i.e. if a games developer is based in the USA then it will be American laws which should be applied — but nothing is simple and the games developer could have offices in other countries, servers in other countries, and so on and so forth."
¡Pues no hay formas de ofuscar protocolo! Mucha suerte snifando todo el tráfico de paquetes de datos de internet.
