Warlord
05-27-2013, 04:53 AM
Looks like the DoJ are going after the digital currencies:
-
The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reportedly arrested in Spain this week on suspicion of money laundering. News of the law enforcement action may help explain an ongoing three-day outage at libertyreserve.com: On Friday, the domain registration records for that site and for several other digital currency exchanges began pointing to Shadowserver.org, a volunteer organization dedicated to combating global computer crime.
According to separate reports in The Tico Times (http://www.ticotimes.net/More-news/News-Briefs/Costa-Rican-arrested-in-Spain-for-alleged-financial-crimes_Friday-May-24-2013) and La Nacion (http://translate.google.com/translate?act=url&depth=1&hl=en&ie=UTF8&prev=_t&rurl=translate.google.com&sl=auto&tl=en&u=http://www.nacion.com/%28F%28ETT6Nwk_uE5acfPC7kWHCvXAFy_kLwAmniwWw5asi9Z 88AlwF-EjZOnOy15_X0vRcDZEgNDiLr4C0voktA66CBOODIt0f7tltSIG 5OaapkvtXcvR8qoZFLUYgYNrCHNgkRT1FWW2zxCtiKsR5umAc3 dfX850RPSnWExTbyqV3ki1Iyo_a-zQ0mIBR89NPsXxKyaK_Q2%29%29/2013-05-25/Sucesos/espana-captura-a-costarricense-por-lavado-de-dinero-a-pedido-de-estados-unidos.aspx), two Costa Rican daily newspapers, police in Spain arrested Arthur Budovsky Belanchuk, 39, as part of a money laundering investigation jointly run by authorities in New York and Costa Rica.
The papers cited Costa Rican prosecutor José Pablo González saying that Budovsky, a Costa Rican citizen of Ukrainian origin, has been under investigation since 2011 for money laundering using Liberty Reserve, a company he created in Costa Rica. “Local investigations began after a request from a prosecutor’s office in New York,” Tico Times reporter L. Arias wrote. “On Friday, San José prosecutors conducted raids in Budovsky’s house and offices in Escazá, Santa Ana, southwest of San José, and in the province of Heredia, north of the capital. Budovsky’s businesses in Costa Rica apparently were financed by using money from child pornography websites and drug trafficking.”
For those Spanish-speaking readers out there, Gonzalez can be seen announcing the raids in a news conference documented in this youtube.com video (https://www.youtube.com/watch?v=UH1ryOM-iyk) (the subtitles option for English do a decent job of translation as well).
Liberty Reserve is a largely unregulated money transfer business that allows customers to open accounts using little more than a valid email address, and this relative anonymity has attracted a huge number of customers from underground economies, particularly cybercrime.
The trouble started on Thursday, when libertyreserve.com inexplicably went offline. The outage set off increasingly anxious discussions on several major cybercrime forums online, as many that work and ply their trade in malicious software and banking fraud found themselves unable to access their funds. For example, a bulletproof hosting provider on Darkode.com known as “off-sho.re” (a hacker profiled in this blog last week (http://krebsonsecurity.com/2013/05/conversations-with-a-bulletproof-hoster/)) said he stood to lose $25,000, and that the Liberty Reserve shutdown “could be the most massive ownage in the history of e-currency.”
That concern turned to dread for some after it became apparent that this was no ordinary outage. On Friday, the domain name servers for Libertyreserve.com were changed and pointed to ns1.sinkhole.shadowserver.org and ns2.sinkhole.shadowserver.org. Shadowserver is an all-volunteer nonprofit organization that works to help Internet service providers and hosting firms eradicate malware infections and botnets located on their servers (http://www.washingtonpost.com/wp-dyn/content/article/2006/03/21/AR2006032100279.html).
In computer security lexicon, a sinkhole (http://en.wikipedia.org/wiki/DNS_Sinkhole) is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. In its 2011 takedown of the Coreflood botnet (http://krebsonsecurity.com/2011/04/u-s-government-takes-down-coreflood-botnet/), for example, the U.S. Justice Department relied on sinkholes maintained by the nonprofit Internet Systems Consortium (ISC). Sinkholes are most often used to seize control of botnets, by interrupting the DNS names the botnet is programmed to use. Ironically, as of this writing Shadowserver.org is not resolving, possibly because the Web site is under a botnet attack (hackers from at least one forum (http://krebsonsecurity.com/wp-content/uploads/2013/05/hf-lr.png) threatened to attack Shadowserver.org in retaliation for losing access to their funds).
Reached via Twitter, a representative from Shadowserver declined to comment on the outage or about Liberty Reserve, saying “We are not able to provide public comment at this time.” I could find no official statement from the U.S. Justice Department on this matter either.
Libertyreserve.com is not the only virtual currency exchange that has been redirected to Shadowserver’s DNS servers. According to passive DNS data collected by the ISC, at least five digital currency exchanges –milenia-finance.com (http://milenia-finance.com/), asianagold.com (http://asianagold.com/), exchangezone.com (http://exchangezone.com/), moneycentralmarket.com (http://moneycentralmarket.com/) and swiftexchanger.com (http://swiftexchanger.com/) – also went offline this week, their DNS records changed to the same sinkhole entries at shadowserver.org.
Assuming the reports at The Tico Times and El Nacion are accurate, this would not be the first time Mr. Budovsky has attracted attention from authorities for money laundering. According to the Justice Department, on July 27, 2006, Arthur Budovsky and a man named Vladimir Kats were indicted by the state of New York on charges of operating an illegal money transmittal business, GoldAge Inc., from their Brooklyn apartments. From a Justice Department account of that case (http://www.justice.gov/archive/ndic/pubs28/28675/sub.htm):
“The defendants had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002. The digital currency exchanger, GoldAge, received and transmitted $4 million between January 1, 2006, and June 30, 2006, as part of the money laundering scheme. Customers opened online GoldAge accounts with limited documentation of identity, then GoldAge purchased digital gold currency through those accounts; the defendants’ fees sometimes exceeded $100,000. Customers could choose their method of payment to GoldAge: wire remittances, cash deposits, postal money orders, or checks. Finally, the customers could withdraw the money by requesting wire transfers to accounts anywhere in the world or by having checks sent to any identified individual.”
http://krebsonsecurity.com/2013/05/reports-liberty-reserve-founder-arrested-site-shuttered/
-
The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reportedly arrested in Spain this week on suspicion of money laundering. News of the law enforcement action may help explain an ongoing three-day outage at libertyreserve.com: On Friday, the domain registration records for that site and for several other digital currency exchanges began pointing to Shadowserver.org, a volunteer organization dedicated to combating global computer crime.
According to separate reports in The Tico Times (http://www.ticotimes.net/More-news/News-Briefs/Costa-Rican-arrested-in-Spain-for-alleged-financial-crimes_Friday-May-24-2013) and La Nacion (http://translate.google.com/translate?act=url&depth=1&hl=en&ie=UTF8&prev=_t&rurl=translate.google.com&sl=auto&tl=en&u=http://www.nacion.com/%28F%28ETT6Nwk_uE5acfPC7kWHCvXAFy_kLwAmniwWw5asi9Z 88AlwF-EjZOnOy15_X0vRcDZEgNDiLr4C0voktA66CBOODIt0f7tltSIG 5OaapkvtXcvR8qoZFLUYgYNrCHNgkRT1FWW2zxCtiKsR5umAc3 dfX850RPSnWExTbyqV3ki1Iyo_a-zQ0mIBR89NPsXxKyaK_Q2%29%29/2013-05-25/Sucesos/espana-captura-a-costarricense-por-lavado-de-dinero-a-pedido-de-estados-unidos.aspx), two Costa Rican daily newspapers, police in Spain arrested Arthur Budovsky Belanchuk, 39, as part of a money laundering investigation jointly run by authorities in New York and Costa Rica.
The papers cited Costa Rican prosecutor José Pablo González saying that Budovsky, a Costa Rican citizen of Ukrainian origin, has been under investigation since 2011 for money laundering using Liberty Reserve, a company he created in Costa Rica. “Local investigations began after a request from a prosecutor’s office in New York,” Tico Times reporter L. Arias wrote. “On Friday, San José prosecutors conducted raids in Budovsky’s house and offices in Escazá, Santa Ana, southwest of San José, and in the province of Heredia, north of the capital. Budovsky’s businesses in Costa Rica apparently were financed by using money from child pornography websites and drug trafficking.”
For those Spanish-speaking readers out there, Gonzalez can be seen announcing the raids in a news conference documented in this youtube.com video (https://www.youtube.com/watch?v=UH1ryOM-iyk) (the subtitles option for English do a decent job of translation as well).
Liberty Reserve is a largely unregulated money transfer business that allows customers to open accounts using little more than a valid email address, and this relative anonymity has attracted a huge number of customers from underground economies, particularly cybercrime.
The trouble started on Thursday, when libertyreserve.com inexplicably went offline. The outage set off increasingly anxious discussions on several major cybercrime forums online, as many that work and ply their trade in malicious software and banking fraud found themselves unable to access their funds. For example, a bulletproof hosting provider on Darkode.com known as “off-sho.re” (a hacker profiled in this blog last week (http://krebsonsecurity.com/2013/05/conversations-with-a-bulletproof-hoster/)) said he stood to lose $25,000, and that the Liberty Reserve shutdown “could be the most massive ownage in the history of e-currency.”
That concern turned to dread for some after it became apparent that this was no ordinary outage. On Friday, the domain name servers for Libertyreserve.com were changed and pointed to ns1.sinkhole.shadowserver.org and ns2.sinkhole.shadowserver.org. Shadowserver is an all-volunteer nonprofit organization that works to help Internet service providers and hosting firms eradicate malware infections and botnets located on their servers (http://www.washingtonpost.com/wp-dyn/content/article/2006/03/21/AR2006032100279.html).
In computer security lexicon, a sinkhole (http://en.wikipedia.org/wiki/DNS_Sinkhole) is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. In its 2011 takedown of the Coreflood botnet (http://krebsonsecurity.com/2011/04/u-s-government-takes-down-coreflood-botnet/), for example, the U.S. Justice Department relied on sinkholes maintained by the nonprofit Internet Systems Consortium (ISC). Sinkholes are most often used to seize control of botnets, by interrupting the DNS names the botnet is programmed to use. Ironically, as of this writing Shadowserver.org is not resolving, possibly because the Web site is under a botnet attack (hackers from at least one forum (http://krebsonsecurity.com/wp-content/uploads/2013/05/hf-lr.png) threatened to attack Shadowserver.org in retaliation for losing access to their funds).
Reached via Twitter, a representative from Shadowserver declined to comment on the outage or about Liberty Reserve, saying “We are not able to provide public comment at this time.” I could find no official statement from the U.S. Justice Department on this matter either.
Libertyreserve.com is not the only virtual currency exchange that has been redirected to Shadowserver’s DNS servers. According to passive DNS data collected by the ISC, at least five digital currency exchanges –milenia-finance.com (http://milenia-finance.com/), asianagold.com (http://asianagold.com/), exchangezone.com (http://exchangezone.com/), moneycentralmarket.com (http://moneycentralmarket.com/) and swiftexchanger.com (http://swiftexchanger.com/) – also went offline this week, their DNS records changed to the same sinkhole entries at shadowserver.org.
Assuming the reports at The Tico Times and El Nacion are accurate, this would not be the first time Mr. Budovsky has attracted attention from authorities for money laundering. According to the Justice Department, on July 27, 2006, Arthur Budovsky and a man named Vladimir Kats were indicted by the state of New York on charges of operating an illegal money transmittal business, GoldAge Inc., from their Brooklyn apartments. From a Justice Department account of that case (http://www.justice.gov/archive/ndic/pubs28/28675/sub.htm):
“The defendants had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002. The digital currency exchanger, GoldAge, received and transmitted $4 million between January 1, 2006, and June 30, 2006, as part of the money laundering scheme. Customers opened online GoldAge accounts with limited documentation of identity, then GoldAge purchased digital gold currency through those accounts; the defendants’ fees sometimes exceeded $100,000. Customers could choose their method of payment to GoldAge: wire remittances, cash deposits, postal money orders, or checks. Finally, the customers could withdraw the money by requesting wire transfers to accounts anywhere in the world or by having checks sent to any identified individual.”
http://krebsonsecurity.com/2013/05/reports-liberty-reserve-founder-arrested-site-shuttered/