Money laundering is one of the most common ways adversaries are able to have their illicit activities fly under the radar. Anti-money laundering (AML) laws and compliance programs aim to reduce these types of crimes, but without the requisite insight into illicit communities where adversaries congregate and upcoming schemes are cultivated, organizations can be more susceptible to certain risks.
Flashpoint recognizes that intelligence gleaned from these communities can bolster a company’s AML efforts. Our analysts’ expertise on the threat landscape and visibility throughout illicit communities enables us to provide organizations across all sectors with a decision advantage over money-laundering threats and adversaries in areas such as:
PEER-TO-PEER PAYMENT (P2P) PLATFORMS
While peer-to-peer (P2P) payment platforms enable consumers to transfer funds easily and efficiently, they also serve as valuable tools for adversaries seeking to engage in fraudulent activities. The use of P2P payment platforms for money laundering is particularly attractive to cybercriminals because of the speed in which currency transfers are conducted. In fact, cybercriminals frequently congregate on illicit communities to plan and develop new methods for laundering funds via these platforms. This means that despite many AML programs’ ongoing efforts to bolster security measures and AML policies, those without visibility into these communities where new money-laundering methods are developed may be unable to stay abreast of this acclimatizing threat.
Flashpoint’s ongoing monitoring of illicit communities equips organizations with insight into emerging money-laundering methods. For instance, Flashpoint analysts recently identified the most popular P2P payment platforms threat actors use to commit financial indiscretions, including money-laundering. From the Flashpoint dataset, analysts assessed threat actor spending habits and new money-laundering methods developed in response to the financial industry’s latest AML regulations and defensive approaches. Flashpoint then alerted organizations affected by these new methods so they could enhance their AML security measures and mitigate any exposure.
The expanding role of technology and rapidly evolving variables behind terrorist financing have made it increasingly difficult for financial institutions to accurately assess their risk of being exploited. Awareness is key, and when an organization is not fully aware of the technologically advanced ways in which terrorists launder funds, the red flags of terrorist financing, or the risks associated with certain geographic areas, it is difficult to implement effective anti-terrorist financing (ATF) programs that mitigate the associated risks.
For instance, Flashpoint leveraged intelligence gleaned from illicit communities to analyze the patterns, technology, and primary risk factors behind the funding strategies of terrorist groups. This intelligence was instrumental in helping financial institutions bolster ATF programs by identifying the most critical insights pertaining to historical trends in terrorist groups’ financing tactics, the role of technology, and geographical risk factors and indicators.
With all the currency being exchanged on illicit communities, laundering illegally earned cryptocurrency continues to be an ongoing threat due to the growing popularity of platforms that convert cryptocurrency to payment card funds. Many of these services are legitimate and not inherently criminal, however without visibility into the activities and motivations of threat actors in this space, organizations may be more susceptible to potential fraud and money laundering schemes from criminals taking advantage of these services.
In one instance, Flashpoint analysts observed a number of actors on an illicit forum discussing services that allow users to convert cryptocurrencies. Analysts then observed discussions on how to best transfer funds from their crypto wallets to another actor or service providing payment cards, physical cards, or virtual bank accounts. This intelligence was vital for organizations legally providing these services because it enabled them to better understand their risk and properly defend themselves against these threats.
KNOW YOUR CUSTOMER (KYC) SECURITY
In order to move, hold, and eventually collect money from various illicit schemes—a process commonly referred to as cashing out—criminals almost always require so-called drop accounts in which to hold and transfer funds. One of the greatest obstacles cybercriminals face when opening these fraudulent accounts is the presence of know-your-customer (KYC) security measures. By requiring a user to provide several types of identification—such as passport, driver’s license, or proof of residence—before they are issued a bank account, these measures aim to deter criminals from opening accounts under fake identities. But given that cybercriminals operating in illicit communities continually develop new tactics, techniques, and procedures (TTPs) for circumventing KYC security measures, AML programs without ongoing visibility into these emerging TTPs may be unaware of the full extent to which drop accounts are present and/or abused at their organization.
When organizations maintain a window into illicit communities where cybercriminals congregate, TTPs are developed, and illicit schemes are born, they remain more aware of potential threats that could compromise the integrity of their business. In one case, Flashpoint observed a number of financial institutions being discussed among members of a top-tier cybercrime forum. Specifically, the threat actors identified the financial institutions with the least-stringent KYC security measures and explained how they circumvented these measures to open drop accounts. They then evaluated various services on illicit communities selling the falsified documents required to verify the fake identities under which drop accounts could be opened. Based on the widespread availability and validity of these falsified document services, Flashpoint analysts assessed that threat actors seeking to open drop accounts are likely able to find the required documents relatively easily. This intelligence enabled financial institutions to bolster their KYC security measures accordingly to better detect existing drop accounts and proactively combat the creation and abuse of new accounts moving forward.