May 29, 2013, 1:20 PM —
Image credit: REUTERS/Mike Segar
When authorities in Spain busted in on Arthur Budovsky, the founder and CEO of online payments firm Liberty Reserve, they may have struck one of the most decisive blows to the cyber criminal underground in recent memory.
The takedown of Liberty Reserve and the arrest of Mr. Budovsky, didn't eliminate a spam-spewing botnet, dismantle a shadowy cyber crime group or stop China's Unit 61398 – it's true. But its impact on the cyber crime world may be far more profound. Here are five reasons that the Liberty Reserve bust may be the biggest cyber crime story of the year:
Reason 1: It's the liquidity, stupid. Focus was on the system criminals use to pay one another.
There have been big cyber crime busts before – lots of them. Botnet takedowns like those of Bredolab, Coreflood, Zeus, and Kelihos have become a common occurrence. In February, Europol arrested members of a Russian cybercrime gang in Spain and Dubai who were accused of using "ransomware" to elicit bribes from unsuspecting computer users. But – similar to crime in the physical world - new botnets and crime groups merely pop up to take their place. The Liberty Reserve crackdown is different by targeting the beating heart of the cyber criminal underworld: the system criminals use to pay one another for everything from botnet rentals to exploit kits to stolen credit card data. The exchange, which relied on gold and other precious metals to back deposits, made cross-border transactions simple and put a huge volume of online transactions outside the reach of banks and bank regulators. Now, without a way to safely and anonymously exchange money, wringing a profit from illegal online activities becomes much harder.
Reason 2: Follow the money. Authorities learned more about how the cyber criminal underworld operates.
Arthur Budovsky's arrest was, perhaps, the least important element of the coordinated crackdown last week. After all, Budovsky had been arrested before in the U.S. for operating a very similar kind of business. Much more important were the raids on Budovsky's home and Liberty Reserve's Costa Rican headquarters. With access to all of Liberty Reserve's data, investigators have acquired a treasure-trove of information about the functioning of the cyber criminal underworld, from bank accounts to e-mail and even physical addresses. At the very least, that could be grounds for further charges of tax evasion, money laundering or other criminal acts.
Reason 3: No more whack-a-mole. Approach was more holistic vs. a targeted takedown of a specific threat.
The Liberty Reserve arrests may also signal a shift in approach for international law enforcement from targeted takedowns of specific threats or actors (basically playing whack-a-mole with determined criminals) to a more holistic approach focused on erecting barriers to conducting illegal business. This has been a consensus among security experts, who have watched for years as botnet takedowns have been followed by their resurgence, or the emergence of new, more powerful botnets to take their place. In each case, the effects of the takedown – a reduction in the volume of spam - and denial of service attacks – are merely temporary. In a recent debate on music piracy sites, a Google executive expressed similar doubts over the current practice of blocking access to piracy web sites like MegaUpload. Better to "go after them as a business" by pushing advertisers to blacklist the sites, starving them of revenue, said Theo Bertram, Google's UK policy manager.
Reason 4: Hit them in the wallet. Financial impact was immediate.
The arrest of Budovsky and the seizure of more than two dozen domains he controlled accomplished something few other stings have: it hit cyber criminals right in the wallet. In all, Budovsky's various online operations are alleged to have processed around $6 billion in online commerce. The impact of those arrests was felt almost immediately. Brian Krebs of Krebsonsecurity.com reported that the shutdown of liberty Reserve prompted immediate chatter in underground forums, fretting about money left on deposit at Liberty Reserve, with some carders and other online criminals claiming to have tens of thousands of dollars on reserve at accounts managed by Libertyreserve. Those funds may total millions of dollars, according to the Costa Rican daily Tico Times.
Reason 5: Nowhere to hide. International support critical, spanned three countries.
Every mole needs a hole to hide in. In recent years, the holes that cyber criminals have hidden in have been located just beyond the reach of law enforcement: in Russia, the former Soviet republics of Eastern Europe and in Central America. It's no surprise that Budovsky moved to Costa Rica after running afoul of law enforcement in New York in 2006. Central America is home to countless online gaming outfits and has a reputation for lax, "see no evil" governments. One of the biggest sticking points in cyber crime crackdowns has been a lack of international cooperation to round up these criminals in the countries where they operate. Simply put: not every country is interested in enforcing anti-cyber crime laws. And, even those that are interested often don't have the proper statutes on the books to be able to go after the cybercriminals in their midst. The arrest of Budovsky and the takedown of Liberty Reserve are notable in that the bust spanned three countries: the U.S., Costa Rica and Spain. Costa Rican officials launched an investigation into Liberty Reserve, following complaints from the U.S. in 2011. And the crackdown featured an arrest in Spain and raids in Costa Rica. Ultimately, the defendants may be extradited to the U.S. to stand trial for money laundering. That should make cyber criminal operations wary. In fact, one of Liberty Reserve's main competitors, Perfect Money, is headquartered right next door in Panama. That company responded to the raid by shutting its doors to new customers from the U.S. – a sign of things to come.