Latin America’s Dark, Crypto-Driven, Cybercrime Underbelly

cybercrime

To get a sense of the new frontiers in cybercrime, and how cryptocurrency helps fraudsters cover their tracks or finance their schemes … look, perhaps, to Latin America.

In a  report titled “The Dark Side of Latin America,” IntSights, which monitors cyberthreats, said Latin America is among the top regions for money laundering, done at least in part through cryptocurrency, and that such tactics are favored by organized crime.

That’s due in part to a confluence of “sophisticated hackers” and “extensive schemes targeting banks,” along with unregulated and even illegal exchanges. Regulations, said the report, are “extremely lax” especially when it comes to Know Your Customer (KYC) and anti-money laundering (AML) efforts.

“Researchers estimate that after cryptocurrencies have been cleaned on exchanges, 97 percent end up in countries that have extremely lax KYC/AML regulations, with Latin American economies topping the charts,” the report said, noting, “Economic struggles, political corruption, internet censorship, and the rise of organized crime in Latin America all contribute to the growth of cybercrime.”

The tailwinds for cybercrime? IntSights reported that there were 453.7 million internet users in Latin America, at 69 percent of the total population, and where digitization of the population expands the potential for threats, especially as retail eCommerce has topped $50 billion.

“As with any new financial endeavor, criminals are taking advantage of unregulated exchanges that do not require registration information and proof of identification for tracking purposes. These illegal exchanges are appealing to criminal groups that are looking to move large amounts of money through untracked channels,” according to the report.

In giving some insight into methodology, Intsights said the method used “is similar to mixers, where the actor will deposit Bitcoin into the exchange account and trade it for various Altcoins. Each time a trade is made, it further distances that original payment from its source account.”

In one example cited in the paper, an official of the Panamanian payment processing firm Crypto Capital, Ivan Manual Molina, was arrested as part of a probe conducted by Polish authorities. That official had allegedly laundered drug sale proceeds on behalf of an international crime group. Poland’s ministry of justice seized $350 million from a Polish bank that was allegedly tied to money laundering.

Separately, in terms of fraud against companies, banking trojans, malware and ransomware have been coming from the Latin American region, the paper said. Last year, the criminal gang known as “Bandidos Revolution Team” and their leader, Héctor Ortiz Solares — known as “El H-1” or “Bandido Boss” — was arrested by authorities. In that gang, hackers were deployed to write malware code to infect banks and ATM, through compromising the Interbanking Electronic Payment system – and depositing funds to third-party accounts. The gang was estimated by authorities to be stealing as much as the equivalent of $5 million a month — and had orchestrated a cyberattack that cost five financial institutions $15 million in fraudulent transfers.

“Carding” is also a fraudster favorite, according to the report. This practice involves the use of stolen credit cards to make fraudulent purchases.

“This practice is widespread in the Latin American cybercrime community, and threat actors have made millions of dollars. They call this practice ‘compras.’ Spanish for ‘purchase’ or Portuguese for ‘shopping,’” noted the paper.

The criminals advertise that they will pay a bill for customers at a discounted rate; the customer deposits money into the criminal’s bank account at a convenience or grocery store. The criminal uses stolen cards to pay the bill and pockets money from the customer.