How cybercriminals launder money stolen from banks
#1
Lightbulb 
Quote:
[Image: money-laundering-schemes-featured.jpg]

Before the thieves can enjoy them, the proceeds of cybercrime have to jump through a few hoops. We discuss the complexities involved.

For some cybercriminal groups, attacks on banks and other financial institutions are like an assembly line. Many people know tracing stolen funds is usually impossible, but not everyone knows why. A joint report by BAE Systems and researchers from the payment system SWIFT details how cybercriminals launder stolen money.

Money source and destination

There are two bank attack scenarios — against infrastructure and accounts, or against ATMs and related systems. The various schemes for extracting and then laundering money all differ slightly, but the essence and goal are the same: to put criminally derived funds back into the legitimate financial system.

Traditionally, the money laundering process consists of three stages:
  • Placement: the first transfer from a victim’s account to fraudsters’ accounts, or a deposit of stolen cash;
  • Layering: a series of transactions designed to conceal the origin of the funds and their real owner;
  • Integration: investment of the now-laundered money in legal or criminal business.
The final stage — reintegration of the laundered funds back into the economy — could fill a separate post, so we shall not consider it in detail here. However, a successful attack requires careful planning beginning long before the funds are stolen and the legalization mechanisms are in place. That’s an additional stage: preparation.

Preparation

To enable the fast movement of stolen funds, cybercriminals usually set up many accounts owned by individuals or legal entities. They can belong to unsuspecting victims hacked by intruders, people duped into taking part in the fraudulent operation, or volunteers.

The latter are commonly known, unflatteringly, as mules. Some employ mules to open accounts using fake or stolen documents (a complex task requiring a bank insider). Recruiting agencies may hook up the parties with job description wording such as “facilitating the investment of funds” or something equally vague. In many cases, mules know full well what they’re doing is less than legal but are blinded by the payout. But often, the “accomplices” end up getting deceived as well.

Placement

Once the cybercriminals have transferred stolen money to an account (using malware, social engineering, or an insider), the mules come into play:
  • They may move funds to other accounts to throw potential trackers off the scent;
  • They may order goods — to their own or another address;
  • They may withdraw money from ATMs.
One ruse to attract unwitting mules involves hiring them to work for a company that supposedly helps foreigners buy goods in stores that don’t deliver abroad, receiving and forwarding parcels by international mail. That kind of work lasts for a month or two, until the local police come knocking.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>