Cybercriminals use digital currency to buy and sell goods and services in underground hacking forums. Virtual currency is used to rent out botnets to spread spam and malware, carry out distributed denial-of-service attacks, and buy and sell data that has been stolen through a successful data breach. Security experts point out that while virtual currency plays a significant role in cybercriminal activity, a black hat hacker's reputation in underground forums matters most.
In the new report, "Digital Currency: An analysis of online currencies and their use in cybercrime," (.PDF) McAfee researchers Raj Samani, Francois Paget and Matthew Hart outline why cybercriminals turn to virtual currency to conduct businesses and services. Despite law enforcement action against Liberty Reserve, shuttering that digital currency service in May, alternative currencies are thriving, the researchers said. The researchers provided five reasons digital currency is thriving.There is no disputing a transaction in the virtual currency world, making transactions irrevocable, the McAfee experts said. With little documentation, anonymity and the lack of a central authority, disputes are typically handled in underground forums. Cybercriminals value their reputation in underground hacker forums, keeping most disputes to a minimum to avoid a tarnished image.
Imperva's Hacker Intelligence Initiative monitors hacking forums and found experienced hackers teaching novices how to successfully carry out campaigns. The firm found that most of the forum messages were requests for hacking tools, followed by website hacking discussions and ways to rent botnets for campaigns. Hackers often take transaction discussions into invitation only and instant relay chats to finalize a transaction.
Hackers combine expertise, virtual currency and their reputation to form partnerships, say security experts. Cisco Systems recently highlighted the increasing sophistication of hacker business models. Some of the ebb and flow of cybercriminal activity can be traced to changes in the global economy, the firm said. The firm tracked some cybercriminals brokering partnerships for parts of attack campaigns from using botnets to penetrate corporate networks, to data exfiltration and cracking encrypted passwords.
Digital currencies are not 100 percent reliable, but virtual currencies have strong built-in mechanisms, McAfee said. The researchers noted the peer-to-peer nature of Bitcoin's architecture in combination with cryptography to avoid a central authority for the currency.
Virtual currencies make it easy for cybercriminals to transfer money instantly. International money transfers require a verification process that can take from one to eight days, the McAfee researchers said. Cost is also a factor, with virtual currency transfers far less costly than international transfers.
Using virtual currency, cybercriminals that connect anonymously in an underground forum can quickly conduct a transaction and provide the goods or services that were bought or sold. In 2009, researchers at security firm Finjan, now part of Trustwave, uncovered a platform called Golden Cash that was used to buy and sell botnets used by cybercriminals to conduct attacks or spread malware and spam. The network sold batches of infected machines to the highest bidder. Prices ranged from $5 to $100, depending on location.
Purchasing virtual currencies sometimes requires a registration process at some exchanges, but there are services that allow users to purchase currency by merely providing funds, the McAfee researchers said. The level of privacy depends on the nature of the initial currency purchase.
The McAfee report highlighted Ukash, a service aimed at people that do not have a credit or debit card. The service is thriving, supported by more than 420,000 outlets, in more than 55 countries.
Digital currencies offer a way for cybercriminals to collaborate on campaigns, obtain email addresses for phishing campaigns or purchase automated tools to set up attack websites, according to the McAfee researchers. "Ease of use is one of the biggest benefits of digital currencies," the researchers said.
Popular digital currency Bitcoin can be accessed from any location. It has no registration requirements or fees and anyone can join and participate. Developed in 2009, the peer‑to‑peer currency system allows direct online payments and is used by some legitimate businesses. It's also linked to criminal activity. Bitcoin is one of several virtual currencies that are the preferred method of payment for the release of kidnap victims, according to the McAfee report.