Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Investigating and prosecuting cyberlaundering: challenges.

Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Investigating and prosecuting cyberlaundering: challenges faced by the prosecutors INTERNET-RELATED MONEY LAUNDERING Budapest, 3-4 March 2016 The Attorney General’s Office of the State of Hesse – Centre for Combating Cybercrime – Cai Rueffer, Public Prosecutor Co-funded by the Justice Programme of the European Union 2014-2020

2 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Cyberlaundering as a part of the secret Underground Economy

3 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Cybercrime 2.0: A secret Underground Economy Underground Economy (UE) is a global market place where criminal buyers and sellers of goods and services meet and do business. Aspects of interest are as follows: + Phishing, carding, malware, botnets, trading illicit goods + Criminal infrastructures (bulletproof hosting, proxies, dropz for goods, faked parcel stations and, of course, money mules or other money laundering services etc.) + Successful modi operandi, countermeasures taken by bank institutes and industry as well as the police + Stolen full digital identities The forums of the digital underground economy are where crimeware components and services and stolen data are traded. It is here that skills are recruited for crimeware enterprises, and budding cybercriminals learn their trade by means of tutorials.

4 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Forums – where cybercriminal operations begin Advertisers in UE forums are usually self-policing and will report rippers to the administrators of the forums. They will also broadcast this information across the channels to warn others. Evaluation systems similar to Ebay and Amazon Marketplace ensure that rippers ("scammers" or "fraudsters") are uncovered and excluded from the community as quickly as possible to prevent them from causing damage to other criminals. Reliable escrow services have given a considerable boost to the UE´s activities. Advertisers looking to establish a reputation may use the same nickname across many forums; the more trusted they can become, the more business they can obtain.

5 Darknet Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität -

6 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität -

7 Crime-as-a-Service Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität -

8 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Personal data as merchandise: a cybercriminal seeks to sell a database of personal information on 11 million UK consumers

16 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Tutorial section: instructions for installing your first botnet or information about current security holes or Remote Administration Tools (RATs). Experienced members will often offer help to newcomers in exchange for payment.

17 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Here XXX denounces an unreliable partner YYY (ripper) within a forum

18 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Just like eBay – vendor’s profiles help to select the business partners

20 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - The role of Electronic Money (E-money)

21 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - The role of Electronic Money (E-money) However varied the tools and strategies are, they all have the same purpose: to earn money for the criminals. To purchase most commodities/goods in the UE, digital money (also known as e-currency, e-money, electronic cash, electronic currency, digital cash, digital currency, cyber currency) is used. There are several electronic money systems available on the internet. There are centralised systems, e.g. PayPal, Paysafecard or Ukash. The most common decentralised electronic money is Bitcoin, a peer-to-peer electronic monetary system based on cryptography. Bitcoin is not inherently anonymous. In some cases, users and their transactions can be identified.

22 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Cash can be exchanged for paysafecard at a local sales outlets, filling stations, small shops etc. The customer receives paysafecard as a 16-digit PIN. Available amounts are 10, 25, 50 und 100 EUR. This PIN is used to pay on the internet. Up to 10 paysafecard PINs can be combined to pay for larger amounts or as a way to use up your remaining credit.

25 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - From phishing to conversion to digital currencies Transaction numbers were initially " phished" by Trojans. The "phishing transfer" was made to a bank account held by a financial agent. The financial agent withdrew the money – deducting his commission - in cash. He subsequently purchased credit vouchers of an Internet payment system at various issuing offices, like petrol stations, kiosks, for a maximum amount of 500 €. The purchase was anonymous without identification of the buyer. In this way, real money was converted to virtual money. The financial agent sent the voucher number by e - mail to the person giving instructions. The PIN code was used on the Internet for payment of goods and services, casino and gambling websites on the Internet. Several vouchers for smaller amounts could be used jointly and combined. A conversion to other digital currencies by using various exchangers acting on the Internet was possible. The law enforcement authorities were unable to trace the transaction channels. Ref. MONEYVAL(2012)6, dated 9 March 2012, adopted by MONEYVAL at its 38 th Plenary meeting (5-9 March 2012).

26 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - WebMoney transactions do not require a credit card or bank account, are final, and cannot be retracted. This is similar to cash. WebMoney isn't integrated into an international financial system. It doesn't offer to fill the purse using international credit cards. It doesn't accept Western Union or Paypal transfers. There are some third parties offering such services for commission fees.

27 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Bitcoin The most common decentralised electronic money is Bitcoin, a peer-to-peer electronic monetary system based on cryptography. Bitcoin is a digital currency that enables pseudonymous, real time transactions The currency uses encryption technology and decentralized services to ensure that the currency can not be falsified Transactions can be carried out without any centralized control Therefore traditional control instruments do not apply Bitcoin uses a public register (“peer-to-peer distributed timestamp server“) Bitcoin is not inherently anonymous. In some cases, users and their transactions can be identified.

28 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Bitcoin Pseudonymous transactions possible as no authentication necessary Similarity to “cash” payment Bitcoin is not inherently anonymous. In some cases, users and their transactions can be identified. While the use of encryption technology protects Bitcoin from various manipulations, offences in regard to the currency have been discovered Course manipulations as well as cases where Bitcoins were illegally obtained from unprotected server (comparable to cash) Bitcoin increasingly used for international money transfer – costs a few cents to transfer value over encrypted P2P – average transfer time 10 minutes.

29 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - The ‘Cashout‘ ‘Cashout’ involves turning virtual money into real money without making it obvious where the money has come from. Thus, cashout in UE always means money laundering. There is a number of ways of executing the cashout: - Purchasing goods on the internet and sell them through trading platforms such as Ebay (unsafe, requires drop zones) - Money mules - Online casinos - In-game currencies of virtual worlds - Anonymous online banking services of the UE

32 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Online Casinos and Cyberlaundering A money launderer, in collusion with an operator of an offshore gambling website, deposits funds obtained from criminal activities in the gambling account and withdraws such funds as winnings. The website operator keeps a percentage of the proceeds as a commission while the launderer declares the winnings to the tax authorities and then uses the funds for legitimate purposes. Ref. MONEYVAL(2013)9, dated 11 April 2013, adopted by MONEYVAL at its 41 st plenary meeting (8-12 April 2013)

33 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Online Casinos and Cyberlaundering A money launderer sets up a company in an offshore jurisdiction through various frontmen. The company then applies for an online gambling licence in the offshore jurisdiction. Funds deriving from criminal activity are then laundered through the online gambling website which is controlled by the launderer Ref. MONEYVAL(2013)9, dated 11 April 2013, adopted by MONEYVAL at its 41 st plenary meeting (8-12 April 2013)

34 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Online Casinos and Cyberlaundering Illegally obtained funds are deposited into an online gambling account using a false identity. The player engages in minimal gambling activity which is sufficient to make the account appear genuine. After incurring minimal losses the funds are then transferred from the gambling account to a legitimate bank account. Ref. MONEYVAL(2013)9, dated 11 April 2013, adopted by MONEYVAL at its 41 st plenary meeting (8-12 April 2013)

35 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Money Mules A money mule is a person who transfers money acquired illegally in person, through a courier service, or electronically, on behalf of others. The mule is paid for their services, typically a small part of the money transferred. Money mules are often dupes recruited on-line for what they think is legitimate employment, not aware that the money they are transferring is the product of crime. The money is transferred from the mule's account to the scam operator, typically in another country. Similar techniques are used to transfer illegal merchandise.

36 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Recruitment of money mules: bogus job offer

38 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Recruitment of money mules as a crime business, using automated techniques

42 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Recruitment of money mules as an international crime business service, using automated techniques and databases

43 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Recruitment of money mules as an international crime business service, using automated techniques and databases

44 Bankdrops-as-a-service Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität -

45 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Darknet Investigation methods in Germany Technical Approach Standard investigations Use of tracking-services with ability to track the real ip-address Find the link from the virtual to the real world Undercover work, surveillance, telecommunication interception

46 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Case study Operation CIRCUS (German part of the international Operation TRIDENT TRIBUNAL)

47 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - They display fake pop-up warnings, launch messages in the task bar and make changes to the screensaver and desktop Their design is similar to that of a real antivirus Fake antivirus programs make a series of alterations to the operating system in order to prevent their fake warnings from being removed. Rogue antivirus programs’ interfaces are carefully crafted and extremely convincing, indicating that cyber-criminals are spending enormous amounts of time and effort developing and distributing these programs. Users are barraged with aggressive and disruptive notifications until they supply their credit card number Victim‘s computer systems were infected with the help of the Conficker Worm Scareware (Rogue-AV, Fake-AV-Software)

51 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Overview of the transaction process for fake antivirus business card issuing bank fake AV website (merchant) victim payment processor webmoneyshell companies affiliates ringleaders 9. Commission 8. Withdraw funds 2. Victim provides credit card information 1. Victim is infected with fake AV malware 3. Credit card data is forwarded to payment processor 4. Payment information is forwarded to credit card company 7. Merchant Payments 5. Issuing bank approves transaction 6. Bank charges victim's credit card account

52 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Dimension of the Operation Trident Tribunal $92 Million in attempted sale transactions (1 Million Victims) $71 Million in successful sale transactions cyber crime ring spanned multiple countries ongoing, coordinated enforcement action targeting an international group of criminals 12 countries participating the investigation, including United States, Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Sweden, Lithuania, Romania, Canada, and the United Kingdom In a coordinated enforcement action in June 2011, more than 40 computers, servers, and bank accounts were seized worldwide Investigation methods included transnational telecommunications interception and quick exchange of evidence data, not only using the traditional MLAT process

53 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Involved LEAs and prosecutors U.S. Federal Bureau of Investigation (FBI) Security Service of Ukraine Netherlands National High-Tech Crime Unit London Metropolitan Police Swedish National Police Cyber Unit Cyprus National Police and Unit for Combating Money Laundering (MOKAS) Russian Federation Federal Security Service (FSB) German Federal Criminal Police (BKA) Latvian State Police (LSP) Lithuanian Criminal Police Bureau Royal Canadian Mounted Police (RCMP) Romania’s Directorate for Combating Organized Crime French Police Judiciare U.S. Attorney’s Office – Western District of Washington U.S. Attorney’s Office – District of Minnesota General Prosecutor‘s Office – German Federal State of Hesse (CDCC)

54 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - The role of the internet payment service providers

58 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - PoA= Power of Attorney

60 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Conclusion

61 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Challenges I The internet is a key money laundering and monetarisation tool for the OC. New payment systems, especially e-currencies, play an important role But many crime business schemes still require multi-party payment networks with a range of distinct member banks The open loop systems of VISA and MC are used for money laundering with the help of third party processing. Traditional elements of ML, such as shell companies and straw men, are still of high importance. There is a dynamic relationship between online and offline ML tools and techniques. This demands that investigators be equally aware of the online and offline environments in which criminals operate.

62 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - In transnational prosecutions, it is more and more frequently the case that the relevant data for local preliminary investigations and criminal proceedings are stored on foreign servers. Traditional ways of international cooperation in those criminal cases are often too slow, which leads to the loss of evidence data. Letters rogatories, a traditional instrument of transnational cooperation, are mostly ineffective in investigations relating to the internet. For investigations involving the Internet, the time factor plays a decisive role due to the lack of data retention in several states. Criminals know about these advantages and exploit them for their own purposes, deliberately using several networked intermediary systems in different countries. Challenges II

63 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - The Convention on Cybercrime is helpful, but does not provide sufficient investigative means for exigent circumstances/situations. In particular, Art. 32 is unsatisfactory for cases in which exceptional situations make it necessary to rapidly access data stored abroad that is not freely accessible. The implementation of an international contractual agreement for the admissability of unilateral measures to access data which are stored on servers in third countries (transborder searches) is therefore crucial. Besides that, combating cybercrime and cyberlaundering will require new international operational partnerships, not only of police forces, but also of the prosecution. Challenges III

64 Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - The Attorney General’s Office of the State of Hesse – Centre for Combating Cybercrime – Gießen branch, Ostanlage 7, 35390 Gießen Tel. +49 641/934-3656 E-Mail: cai.rueffer@gsta.justiz.hessen.de Thank you for your attention!

Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Investigating and prosecuting cyberlaundering: challenges.

Ähnliche Präsentationen

Präsentation zum Thema: "Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Investigating and prosecuting cyberlaundering: challenges."— Präsentation transkript:

Ähnliche Präsentationen

Über Projekt

Feedback

Anmelden

Anmeldung über soziales Netzwerk:

Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Investigating and prosecuting cyberlaundering: challenges.

Ähnliche Präsentationen

Präsentation zum Thema: "Generalstaatsanwaltschaft Frankfurt am Main - Zentralstelle zur Bekämpfung der Internetkriminalität - Investigating and prosecuting cyberlaundering: challenges."— Präsentation transkript:

Ähnliche Präsentationen

Über Projekt

Feedback