Liberty Reserve suspension and impact on criminal underground

Private currency exchange system Liberty Reserve was shut down by US law enforcement, it is considered most popular payment system by cyber criminals.

Liberty Reserve is a private currency exchange system issued by Liberty Reserve S.A. Of San José, Costa Rica that was shut down by US law enforcement with a deep impact on cybercriminal underground. The popular money transfer service is used mainly by cyber criminals, it is the most adopted payment services in the Russian underground considered most active criminal community in the cyber space. Liberty Reserve, founded by Arthur Budovsky, is considered a secure payment channel by criminals due the anonymity of the transactions, it is considered the official currency schema for cybercrime. Let’s step back, from 1999 to 2006 was operating the digital currency exchange known as Gold Age, a legal corporate entity registered in Panama, that was closed by regulators in 2006. Following a note from an interesting blog post on the closure of Liberty Reserve published by Idan Aharoni, head of cyber intelligence at RSA:

“The original e-currency that fraudsters adopted – e-gold – was not much different in concept than Liberty Reserve. The company was US-based and offered electronic currency backed by real gold. When prices of gold fluctuated, so did the value of an e-gold. At the time, e-gold reigned supreme in the cybercriminal circles, to the point that fraudsters were trying to defraud funds from one another.”

Following a resume proposed by Wikipedia on the end of Gold Age:

“On July 27, 2006 the New York County District Attorney’s office announced the indictment of Arthur Budovsky and Vladimir Kats for allegedly violating Article 13-B of New York State Banking Law, after a six month sting operation that began in January 2006. Budovsky and Kats declared their innocence saying “We believe this is a legitimate business practice, which does not require a state license.” Represented by Igor Niman, they were found guilty and sentenced to five years in prison. The sentence reduced to five years probation.

Budovsky left the country for Costa Rica and founded Liberty Reserve renouncing to U.S. Citizenship and became a Costa Rican citizen in 2011 so that Liberty Reserve could remain undetected by law enforcement. On May 27th, 2013 Budovsky was arrested in Spain on charges of money laundering following an investigation which also involved the US, the company website, LibertyReserve.com, only features a message saying it’s been seized by U.S. law enforcement. The service was allegedly favored by cybercriminals and mules who took part in the recent Bank robbery of $45 million considered the biggest theft realized by a gang of hackers, the activities laundered cash that was drained from banks via ATMs around the world.

  The figures related to Liberty Reserve activities are frightening, it had more than one million users and since 2006 until its suspension it processed around 55 million transactions, according to an indictment in U.S. District Court in New York. The indictment states that Liberty is accused of having laundered money for a total amount of $6 billion in criminal earnings, Budovsky and six other individuals ate the defendants. Liberty Reserve allegedly facilitated numerous illegal activities including credit card fraud, drug trafficking, investment fraud and child pornography.

“lying to anti-money laundering authorities in Costa Rica, pretending to shut down LIBERTY RESERVE after learning the company was being investigated by U.S. law enforcement, and moving tens of millions of dollars through shell-company accounts maintained in Cyprus, Russia, Hong Kong, China, Morocco, Spain, and Australia among other places.”

The suspension of the payment service has a dramatic impact on the underground considering that majority of sale use the current schema, but according security experts the effect will have a limited impact in the time, a black market in fact is very dynamic and many vendors are also already accepting many other payment methods such as the Bitcoin.

“This is going to be devastating for the underground economy, but it’s only going to be devastating for a short period of time,” “It’s been around for a long time and it’s become a bit of a mainstay of the underground economy.” said Steve Santorelli, director of security research nonprofit Team Cymru, to SCMagazine.

The use of Liberty Reserve was easy, users can open accounts and operate secure and rapid transactions, the indictment defines it as “bank of choice for the criminal underground,”. Liberty Reserve allowed the user’s registration without any verification of information provided, it was enough to provide a name, dates of birth and the email address. The service provided  instantaneous payment transfers and charged them with a maximum of $2.99 (£1.98) for each transaction, it also offered a private messaging facility much more private and secure than “email or instant messenger services“. Idan Aharoni, head of cyber intelligence at RSA highlighted the that fraudsters will explore other channels as they have already done in the past. Cyber criminals may brush up old virtual currency schema such as WebMoney despite it doesn’t offer a friendly services such like Liberty Reserve. Another possibility is the migration to Bitcoin currency due its maturity and reliability of its transactions and of course this will cause a further intensification of criminal activities that try to exploit any system to circumvent Bitcoin Users. A serious problem for Bitcoin is the instability of the currency’s value, recently its Bitcoin went from $260 to as low as $105 and this is a not auspicable for long period business as declared by Alphonse Pascual, analyst for Javelin Strategy and Research:

“Big time criminals are businessmen, so they want to protect their investments, protect their profits, and Bitcoin is too unstable to do that,”.

Following the price related to Bitcoin, an event like the closure of Liberty Reserve could influence Bitcoin final prices, influence not yet evident.

The shut down of Liberty Reserve has alerted anyway the Bitcoin world, Mt. Gox the world’s largest bitcoin exchange is requiring all users to verify their accounts in order to make non-bitcoin currency deposits and withdrawals. Mt. Gox announced the decision on Thursday,  deposits and withdrawals using the bitcoin virtual currency, however, will not require account verification.

Mt. Gox made the policy change to comply with “strict anti-money laundering rules” and to prevent “other malicious activity.”

… let’s wait what will happen, for sure the cybercrime industry will not be caught unprepared.

Pierluigi Paganini

(Security Affairs – Liberty Reserve)