As Interpol puts aside all the back chatter and controversy surrounding the selection of its new leader, the world is awash in various forms of crypto crime ranging from SIM-switching scams driven most frequently by solo crypto hackers to much more elaborate schemes and possible conspiracies such as the one now under investigation involving potential suspicious trading activities suggesting a strange synergy between Tether and Bitcoin transactions.
Countries like North Korea along with China, Russia and Iran are devoting considerable manpower for a variety of purposes and are definitely on US Deputy Attorney General Rod Jay Rosenstein’s radar screen. Unit 121 of North Korea’s Reconnaissance General Bureau oversees much of North Korea’s far reaching cyber warfare and cybercrime-related activities.
For more than a decade, Unit 121 has carried out dozens of cyber attacks – 77 attacks alone in 2009 – and has been constantly refining its offensive ability to infiltrate and cripple critical infrastructures worldwide including telecommunications, electric power and transportation networks.
Seungjoo Kim, a professor at Korea University’s Graduate School of Information Security, told VOA News that North Korea benefits enormously from the fact that its army of computer hackers operate from sites worldwide, and can be found in North America, China, Europe and elsewhere. In addition, they engage in “real-world trials” in order to “obtain the knowledge needed to test systems or prevent hostile attacks.”
More importantly, he emphasized “North Korea practices their craft under real conditions, like hacking crypto-currency sites or stealing information. These repeated exercises help to improve their skills.”
On November 18, US Department of Justice Deputy Attorney General Rod Rosenstein delivered a speech at Interpol’s 87th General Assembly in Dubai which touched on many international law enforcement concerns and priorities.
During his presentation, Rosenstein put the global legion of cyber criminals and crypto hackers – state actors or not – on notice as he proclaimed that, among other things, “we must not allow cyber criminals to hide behind crypto-currencies.”
“Bad actors are using them to fund crimes and to hide illicit proceeds. For example, Bitcoin was the exclusive method of payment for the WannaCry ransomware attack that spread around the globe, causing billions of dollars in losses,” said Rosenstein.
“In addition, fraudsters use the lure of coin offerings and the promise of new currencies to bilk unsuspecting investors, promote scams and engage in market manipulation. The challenges of regulating, seizing and tracing virtual currencies demand a multinational response. We must work together to make clear that the rule of law can reach the entire blockchain.”
He highlighted the recent indictment by US authorities of Alexander Vinnick and the virtual currency exchange he allegedly operated.
“That exchange received more than $4 billion of virtual currency. It was designed without any means to control money laundering, so predictably it served as a hub for international criminals seeking to hide and launder ill-gotten gains. We filed criminal charges and assessed a $110 million civil penalty against the exchange for willfully violating our anti-money laundering laws, as well as a $12 million penalty against Vinnick,” he said.
“To prevent virtual currency from being abused by criminals, terrorist financiers, or sanctions evaders, all of us must implement policies that mitigate the risks posed by the new technology. My country includes virtual currencies in our anti-money laundering regulations,” he added.
“And the Financial Action Task Force (FATF) urges all nations to make clear that global anti-money laundering standards apply to virtual currency products and service providers. We must guard against abuses of digital currency.”
By design, Rosenstein immediately turned his attention to the need “to protect against abuses of encrypted communications” as well.
“Encryption can be useful in the fight against cybercrime. Encrypting data makes it more safe and secure. But the proliferation of warrant-proof encryption also poses a challenge to effective law enforcement,” he said.
“Encryption technologies designed to be impervious to legal process impede our ability to access investigative data. In September, the chief law enforcement officials of the US, the UK, Canada, Australia and New Zealand joined together to issue a “Statement of Principles on Access to Evidence and Encryption.”
“While acknowledging the benefits of encryption, they called for urgent, sustained attention and informed discussion about the increasing difficulty law enforcement agencies face in accessing evidence of criminal conduct,” he added. “We will continue to work closely with technology companies to establish responsible practices that consider both privacy concerns and public safety imperatives.”
Resources to tackle the problem?
Asia Times reached out to a few private sector experts who have day to day responsibility in terms of both intelligence-gathering and issuing advisories to various clients, among other things.
“Cybercriminals have a clear preference for crypto-currencies. The potential for anonymity is a big factor in that, but irrevocable, fast settlement is an equally big factor. The information that crypto-currency transactions yield is different than what banking transactions yield, and it remains to be seen whether the information that crypto-currency transactions currently produce is sufficient to support systemic disruption of criminal organizations,” said David Murray, vice-president for product development and services at the Washington-based Financial Integrity Network.
Murray describes FATF as “the indispensable global standard setter in this space. It should continue focusing on developing the anti-money laundering and combating the financing of terrorism regulatory framework for crypto-currencies, and it should ensure implementation across the international financial system,” he said.
Julie Myers Wood, CEO of NYC-based Guidepost Solutions LLC, sees achieving a better understanding and addressing risks with crypto-currencies as a top priority for Interpol along with the global law enforcement community at large.
“In terms of resources, however, Interpol currently serves more as a conduit for law enforcement discussion, rather than actively guiding the priority and focus around crypto-currencies. Additional resources could enable Interpol to be more proactive in its approach to combatting transnational crime,” said Wood.
In order to be more effective, Wood recommends that FATF should “focus on educating law enforcement on the risks of virtual currencies and how new FinTech and RegTech products/services work in the context of money laundering and terror financing.
“(FATF) should also increase efforts to further institutionalize effective information sharing frameworks and coordination, regarding transnational crime, as well as terrorism financing investigations and cases,” said Wood, who added that “educating law enforcement on understanding beneficial ownership and the role of gatekeeper professions, such as lawyers, would be helpful as well.”
Yaya Fanusie, director of analysis for the Washington-based Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance, noted that the FATF is not an enforcement body and its primary role is to set standards that countries should follow to curb money laundering, financing of terrorism and nuclear proliferation.
“FATF is going to have to provide more specific direction on how these standards should be applied to the virtual asset space. It has started in the right direction by updating its general recommendations, but FATF is going to have to make sure that its officials understand the innovations happening within the quickly evolving crypto/blockchain space,” said Fanusie.
“The US government needs more people to gain technical knowledge of crypto-currencies because more people in the public are experimenting with the technology, even for speculation. More important than physical resources is skill level. As digital tokens get used more in crime, it will be critical for officers to have knowledge of how crypto-currencies work and for them to know how to analyze blockchain transactions,” he added.
More surveillance in Asia?
Wood is aware that countries in Asia “may not welcome what they view as an expanded mandate by Interpol if future actions by Interpol take the form of ‘surveillance’ rather than the execution of Interpol’s current mandate.”
“It is more likely that countries in Asia would not welcome more intrusive surveillance or intrusion from member countries like the US as the US and other countries more actively pursue investigations and cases that cross multiple national borders,” said Wood.
The role of the FATF differs considerably from Interpol and most nations are prepared to take the FATF’s actions in stride.
“Countries in Asia participate in FATF, but not with an expectation or understanding of ‘surveillance.’ Rather, FATF identifies jurisdictions that have strategic deficiencies in their frameworks – as a result, those jurisdictions are monitored by FATF,” said Wood.
“Countries are also subject to a peer review called a Mutual Evaluation, on a cyclical basis, but the methodology and timing around those mutual evaluations is public and discussed in advance. FATF may certainly criticize laws and regulations in a mutual evaluation, but much of the organization’s efforts are pointed towards assisting in the updating of laws and regulations.”
Murray is optimistic and does not expect to see any considerable push back emanating from Asia or elsewhere.
“Countries that are serious about being players in the crypto-currency space should welcome FATF’s efforts to develop a common set of standards and to hold all countries to those standards. Crypto-currencies will not be sustainable as financial products unless the current rate of criminal use drops. In setting standards and holding countries to those standards, FATF can prevent a race to the bottom and ensure the integrity of crypto-currencies,” said Murray.
Fanusie also does not detect any signs of resistance in Asia.
“Most states understand how cyber-crime impacts them negatively. Interpol and FATF are not seeking to be intrusive, but rather to encourage nation-states and their financial authorities and law enforcement to cooperate across borders,” he said. “In terms of citizens, there will always be tensions relating to the line between privacy and security, but pushback will not be directed toward these international bodies. (However,) you may continue to see pushback within countries as societies struggle to balance that tenuous line.”