How cybercriminals launder money stolen from banks

Where and how does the money come from?

An attack on banks can occur in two scenarios: directly on the bank’s infrastructure and accounts, or on ATMs and related systems. Of course, the schemes for withdrawal and subsequent money laundering after this are slightly different. But the essence is the same - attackers are trying to return funds obtained through illegal means to the economy.

Traditionally, in forensic science, the direct process of money laundering is divided into three stages:

• placement - the first transfer from the victim’s account to the accounts of the scammers or the deposit of stolen cash;
• layering - carrying out numerous operations that are designed to hide the origin of funds and their real owner;
• integration - laundered money is invested in legal or criminal businesses.

The last stage - the integration of already laundered funds back into the economy - is a separate topic that deserves a separate post. Therefore, we will not consider it in detail here. However, since searching for money laundering methods after a successful attack is not an option, another phase is added. Long before the funds are stolen and the financial legalization mechanisms come into effect, the preparation process begins.

Opposition

To combat this practice, Russia has a special “anti-money laundering law” (115-FZ). According to it, all bank transactions of a business with cash in the amount of 600,000 rubles or more are under the hood of the financial authorities. If financial monitoring suspects something is wrong, it will block the entrepreneur’s account. The law is constantly being tightened.

In addition, the Central Bank announced a platform for banks on which it will assess the reliability of companies and distribute borrowers into three zones: green, yellow and red. Firms that fall into the latter category will be cut off from service.

Preparation

To ensure that stolen funds can be quickly transferred, attackers typically prepare multiple accounts belonging to individuals or legal entities. These could be accounts of unsuspecting people whose access has been seized by attackers; people who are tricked into a fraudulent operation; or volunteer assistants to cybercriminals.

The people who assist the attackers are usually called "mules". Sometimes they are used to open accounts using fake or stolen documents (of course, this cannot be done so easily - so that the bank does not recognize the forgery, the criminals must have an insider). Sometimes mules are recruited through recruiting agencies, masking the outright illegality of their offer with vague formulations like “organizing a convenient investment method.” In fact, such people, as a rule, clearly understand that they are participating in something illegal, but prefer to turn a blind eye to it - it’s a very lucrative offer. Such “accomplices” are most often deceived.

Shell companies

The use of nominee legal entities is a very common method of laundering criminal proceeds, notes Rosfinmonitoring.

The state is implementing a set of measures to eliminate nominal legal entities: mechanisms have been introduced to prevent the registration of such companies and the use of front individuals for this.

In addition, a mechanism has been introduced to include legal entities in a unified blacklist of banking clients who are denied transactions and the opening of a current account.

Thus, in 2022, banks made 620 thousand decisions to refuse to carry out operations, which made it possible to stop the withdrawal of more than 181 billion rubles into the shadow sector, RFA boasts.

The Federal Tax Service of Russia is working to verify the authenticity of the Unified State Register of Legal Entities. Another measure is the ASK VAT-2 system, which allows you to identify actions aimed at minimizing VAT payable to shell companies and fictitious invoices.

Accommodation

So, the attackers managed to transfer money to a certain account using malware, social engineering, or an insider. At this point the mules come into play. They operate as follows:

• transfer finances to other accounts to confuse their tracks;
• order goods to their address (or to an address to which they have access in some way);
• withdraw money from ATMs.

There is also this type of scam: people are hired to work for a company that supposedly helps foreigners buy goods from stores that do not ship goods abroad. That is, they receive and send parcels by international mail. Such organizations usually operate for a month or two. Then the local police come to them.

Risks

Risks are divided into categories (high risk, increased, moderate, low).

Let us dwell in more detail on some types of risk and tell you how the state intends to combat these factors.

Layering

When goods or money from ATMs are obtained by accomplices acting consciously, the loot is legalized according to long-established schemes of ordinary crime. Money is exchanged for freely convertible currency (most often dollars); things (most often electronics) are handed over to buyers. Of course, both exchange offices and stores that buy items must have some kind of mechanisms in place to detect potentially illegal transactions, but they most often get around, either through negligence or through the use of bribes. The money received is transferred through some third parties to the organizers of the scheme. Of course, mules can be caught. But the most that representatives of the law can find is the mules themselves and their percentage. Neither the bulk of the stolen goods nor the contacts of the organizers of the crime could be found.

Next, cash is about criminal schemes: buying jewelry or metals (this business still often prefers to work with cash) or buying and then selling chips in a casino.

If the money is transferred further by bank transfer, then shell companies operating in different countries are involved in the process. They are usually located in countries where there are no strict controls over financial transactions, or where there are very strict laws protecting the secrets of commercial transactions. Several transfers with splitting and conversion into different currencies - and now the origin of the money cannot be traced. And these are not necessarily fly-by-night companies; they may also have a partially legal business, into which the stolen money flows in an imperceptible stream.

Relatively recently, cryptocurrencies began to be used for money laundering. They attract attackers because the user does not need to provide his personal data to complete transactions. However, this method is not as simple as it seems. Indeed, along with anonymity, blockchain-based currencies are also absolutely transparent. So you have to make a lot of transactions to withdraw funds. For example, in 2022, the Lazarus group, after hacking a cryptocurrency exchange, withdrew $30 million, and then made 68 transfers between different wallets in four days.

Examples of money laundering schemes

Criminals are usually well versed in all matters related to money laundering. Therefore, when one scheme is exposed, a new one is immediately developed. Here are the most famous ones:

• Through offshore companies. Even very large sums can be laundered in this way. Through intermediaries in tax haven countries, offshore accounts are opened where money is transferred. They are then transferred to bank accounts in third countries. There they can be stored, invested in real estate, securities or other objects. The use of offshore companies is a well-known method of money laundering, since state currency control of these organizations is simply absent. Plus, account holders are guaranteed anonymity.
• Via bitcoins. Bitcoin or other cryptocurrency wallets are not considered official means of payment in most countries and are anonymous. Therefore, they can be easily used to withdraw funds to any country, including those where cryptocurrency can be used in the same way as regular money - to pay for goods. Currency from the wallet is transferred to a bank account and converted into dollars, euros, etc. The primary source of income is no longer known.
• Through an individual entrepreneur or organization. A very simple and relatively reliable scheme is running a fictitious business. Intermediaries open cafes, bars, a network of payment terminals, retail stores, etc. Regardless of the flow of real cash received from customers, illegal money is introduced into the business. It is almost impossible to track and calculate them, and if taxes are paid on time and documentation is maintained, neither the bank through which the funds are circulated nor other regulatory authorities will be suspicious.
• Through capital structuring. Example: a large amount of money is divided into small shares that will not arouse suspicion from the tax authorities. They are then transferred through bank cards to intermediaries, after which they withdraw them and transfer them to the original owner, but in cash minus commissions. For example, an amount of 10,000 rubles received on an individual’s account/card does not raise suspicion. Moreover, in each bank you can open a card account and have 10, 20 or 30 of them.

The described schemes are widely known and are currently little used in this form. To launder income, criminals invest a lot of money and involve intermediaries. Proven methods are modified and adapted to modern capabilities. For example, today there are already cases of money laundering through electronic wallet accounts QIWI , WebMoney , Yandex . Money .

Practical conclusions

As we can see, cybercriminals have built a complex and multi-stage money laundering scheme. In the process, they change accounts, companies, presentation, currency, jurisdiction many times. And all this takes a matter of days. During this time, some companies do not even notice that they have been attacked.

Therefore, it makes the most sense for banks to take matters into their own hands and build a cybersecurity system in such a way as to minimize the possibility of hacking financial systems and gaining control over them. We have a special product aimed specifically at banks and other financial institutions: the Kaspersky Fraud Prevention platform. It allows you not only to provide behavioral analysis of users and control of transactions and financial transactions, but also to monitor attempts to launder stolen money through your bank. You can find out more about it on the solution website.

Definition of the concept

In simple words, “money laundering” is its legalization. People create fictitious documents, organizations and businesses to appear as official income. But there are other ways. Unlike cashing, laundering is associated with illegal income-generating activities. In this case, as a rule, we are talking about large sums that are difficult to bring into legal channels without a plausible explanation to the regulatory authorities. In addition, cashing is the withdrawal of non-cash money into cash, and laundering often involves the opposite: cash is deposited into bank accounts for legalization, after which it can be cashed out legally.

In this case, funds are converted from cash to non-cash form (for example, using an instant payment terminal), and in the opposite direction (fictitious receipt of a prize on a lottery ticket or the purchase of a winning ticket from the rightful owner, the cost of which may be greater than the winning itself).

The essence of money laundering is concealing the real source of income. And evading tax payments or cashing out may serve as secondary or auxiliary factors. “Laundered” funds are used for various purposes - company financing, personal needs.

The need to launder money or other material assets may arise under the following circumstances:

1. If monetary earnings are obtained as a result of illegal activities, be free to use it for any purpose. This could be trade in prohibited items, bribes, kickbacks.
2. If an organization hides an illegal source of income that violates the law, it avoids paying money to the state in the form of tax deductions. The money is “laundered”, reflecting a different nature of earnings, after which it is invested in the business.

References

1. Royal Spanish Academy and Association of Spanish Language Academies. "bleaching" Dictionary of the Spanish Language
   (23rd edition). Retrieved February 10, 2011
2. “Prevention of money laundering” (undefined). State Treasury
   . Retrieved December 2, 2022.
3. Rodolfo Uribe
4. "VII. LAW OF THE SEA. TERRITORIAL SEA AND HERITAGE SEA". librarydigital.ilce.edu.mx
   . Retrieved December 2, 2022.
5. https://web.archive.org/web/20130626024403/https://www.diputados.gob.mx/cedia/sia/spi/SAPI-ISS-01-13.pdf
6. Money laundering: how do banks detect criminal activity? . n26.com. October 26, 2022
7. "Government systematically 'legalizes' money laundering, even if it comes from abroad". dailycritico.com. Retrieved April 4, 2013.
8. “Tax money laundering” (undefined). www.laredaccion.org. Archived from the original on October 10, 2022. Retrieved April 4, 2013.
9. “Money laundering” (undefined). Crime Research
   . Retrieved June 7, 2022.
10. BIS (Bureau of Industry and Security).
11. OFSI (Office for Financial Sanctions Implementation).
12. "Financial Information Department" (undefined). Argentina.gob.ar
    . September 28, 2016. Retrieved April 28, 2022.
13. https://www.uaf.cl/acerca/quehacemos.aspx
14. https://dof.gob.mx/nota_detalle.php?codigo=5273403&fecha=10/17/2012

Laundering process steps

The traditional scheme goes through four main stages:

1. Committing a crime, the proceeds of which must be hidden (corruption, drug trafficking, fraud, terrorism, etc.).
2. The placement of dirty money, the so-called “mixing”, when the flows of legal and illegal funds are mixed and merged into single receipts.
3. Concealment – ​​combining cash flows across bank accounts, “obfuscating the tracks”, placing them in assets, transfers to other countries.
4. Integration - money is officially legalized, collected in a legal bank account or invested in an official asset.

Read also: If you urgently need money

Criminal liability under Articles 174 of the Criminal Code of the Russian Federation and 174.1 of the Criminal Code of the Russian Federation

Criminal liability for money laundering is regulated by Articles 174 and 174.1 of the Criminal Code of the Russian Federation. The differences between the articles are that Article 174 provides penalties for people involved in money laundering, and Article 174.1 regulates the criminal liability of people not only laundering, but also participating in the illegal receipt of money.

For persons whose criminal acts are reflected in Article 174 of the Criminal Code of the Russian Federation, penalties corresponding to the gravity of the crime are provided:

1. For a crime of average gravity, a fine of up to 120 thousand rubles is provided, or the amount of wages for a 12-month period, or the amount of other income for 1 year.
2. For a crime committed on an especially large scale, it is punishable by measures ranging from a fine in the amount of 12 to 24 salaries, to imprisonment for up to two years with a fine of up to 50 thousand rubles or without a fine.
3. For a crime committed by a group of persons or an official - penalties range from deprivation of the right to engage in the previous type of activity for up to 3 years and a fine of up to 500 thousand to imprisonment for up to 5 years or a combination of several penalties.
4. For a crime committed by an organized group, as well as a group of persons or an official on an especially large scale, penalties range from forced labor for up to 5 years or a fine of up to 1 million rubles to imprisonment for up to 7 years. Also, methods of punishment can be combined.

Income received from money laundering will, if possible, be confiscated in favor of the state.

How money laundering occurs and how the tax office identifies cash-out schemes - watch the video:

Main objectives of the fight against the shadow economy

The fight against money laundering has long been a kind of policy development. Therefore, it is not surprising that the complex itself has main goals and objectives, among which we can especially highlight:

— development of a legal system that would counteract criminal fraud;

— formation of administrative levers for managing the fight against money laundering, emergence of competent authorities;

— supervision of all financial institutions that have access to money channels;

— implementation of an international policy of cooperation in the field of combating illicit circulation of funds.

Laundering methods

Several methods have been developed and are functioning, the manipulations of which have been calculated by investigative authorities and inspection authorities. But due to their numerous variations and modifications, it is not always possible to promptly stop a criminal scheme that operates in one way or another. The most striking and well-known example of the legalization of dirty money can be considered the situation in the movie “The Diamond Arm,” when the boss’s unearned income was given the form “ treasure." A widespread method of laundering in the 90s of the 20th century was structuring, that is, artificially splitting income into many small transactions, the proceeds from which were placed in various banks, mutual funds, pawnshops, transferred through post offices, and, ultimately, collected at one legal account. For larger transactions, a network of fictitious enterprises was used. Their founders are dummies or nominal objects using stolen passports. Certain amounts of money are transferred to their accounts, corporate and personal, and then withdrawn to the account of third parties (any company located in an offshore zone, etc.). However, due to the prevalence of modern means of communication, communication and tracking, electronic circulation and documentation, today these schemes are no longer viable and are quickly calculated in practice.