How cybercriminals launder money stolen from banks


Where and how does the money come from?

An attack on banks can occur in two scenarios: directly on the bank’s infrastructure and accounts, or on ATMs and related systems. Of course, the schemes for withdrawal and subsequent money laundering after this are slightly different. But the essence is the same - attackers are trying to return funds obtained through illegal means to the economy.

Traditionally, in forensic science, the direct process of money laundering is divided into three stages:

  • placement - the first transfer from the victim’s account to the accounts of the scammers or the deposit of stolen cash;
  • layering - carrying out numerous operations that are designed to hide the origin of funds and their real owner;
  • integration - laundered money is invested in legal or criminal businesses.

The last stage - the integration of already laundered funds back into the economy - is a separate topic that deserves a separate post. Therefore, we will not consider it in detail here. However, since searching for money laundering methods after a successful attack is not an option, another phase is added. Long before the funds are stolen and the financial legalization mechanisms come into effect, the preparation process begins.

Opposition

To combat this practice, Russia has a special “anti-money laundering law” (115-FZ). According to it, all bank transactions of a business with cash in the amount of 600,000 rubles or more are under the hood of the financial authorities. If financial monitoring suspects something is wrong, it will block the entrepreneur’s account. The law is constantly being tightened.

In addition, the Central Bank announced a platform for banks on which it will assess the reliability of companies and distribute borrowers into three zones: green, yellow and red. Firms that fall into the latter category will be cut off from service.

Preparation

To ensure that stolen funds can be quickly transferred, attackers typically prepare multiple accounts belonging to individuals or legal entities. These could be accounts of unsuspecting people whose access has been seized by attackers; people who are tricked into a fraudulent operation; or volunteer assistants to cybercriminals.

The people who assist the attackers are usually called "mules". Sometimes they are used to open accounts using fake or stolen documents (of course, this cannot be done so easily - so that the bank does not recognize the forgery, the criminals must have an insider). Sometimes mules are recruited through recruiting agencies, masking the outright illegality of their offer with vague formulations like “organizing a convenient investment method.” In fact, such people, as a rule, clearly understand that they are participating in something illegal, but prefer to turn a blind eye to it - it’s a very lucrative offer. Such “accomplices” are most often deceived.

Laundering methods

Several methods have been developed and are functioning, the manipulations of which have been calculated by investigative authorities and inspection authorities. But due to their numerous variations and modifications, it is not always possible to promptly stop a criminal scheme that operates in one way or another. The most striking and well-known example of the legalization of dirty money can be considered the situation in the movie “The Diamond Arm,” when the boss’s unearned income was given the form “ treasure." A widespread method of laundering in the 90s of the 20th century was structuring, that is, artificially splitting income into many small transactions, the proceeds from which were placed in various banks, mutual funds, pawnshops, transferred through post offices, and, ultimately, collected at one legal account. For larger transactions, a network of fictitious enterprises was used. Their founders are dummies or nominal objects using stolen passports. Certain amounts of money are transferred to their accounts, corporate and personal, and then withdrawn to the account of third parties (any company located in an offshore zone, etc.). However, due to the prevalence of modern means of communication, communication and tracking, electronic circulation and documentation, today these schemes are no longer viable and are quickly calculated in practice.

Read also:

Step-by-step instructions for obtaining a taxi license

Accommodation

So, the attackers managed to transfer money to a certain account using malware, social engineering, or an insider. At this point the mules come into play. They operate as follows:

  • transfer finances to other accounts to confuse their tracks;
  • order goods to their address (or to an address to which they have access in some way);
  • withdraw money from ATMs.

There is also this type of scam: people are hired to work for a company that supposedly helps foreigners buy goods from stores that do not ship goods abroad. That is, they receive and send parcels by international mail. Such organizations usually operate for a month or two. Then the local police come to them.

Laundering process steps

The traditional scheme goes through four main stages:

  1. Committing a crime, the proceeds of which must be hidden (corruption, drug trafficking, fraud, terrorism, etc.).
  2. The placement of dirty money, the so-called “mixing”, when the flows of legal and illegal funds are mixed and merged into single receipts.
  3. Concealment – ​​combining cash flows across bank accounts, “obfuscating the tracks”, placing them in assets, transfers to other countries.
  4. Integration - money is officially legalized, collected in a legal bank account or invested in an official asset.

Layering

When goods or money from ATMs are obtained by accomplices acting consciously, the loot is legalized according to long-established schemes of ordinary crime. Money is exchanged for freely convertible currency (most often dollars); things (most often electronics) are handed over to buyers. Of course, both exchange offices and stores that buy items must have some kind of mechanisms in place to detect potentially illegal transactions, but they most often get around, either through negligence or through the use of bribes. The money received is transferred through some third parties to the organizers of the scheme. Of course, mules can be caught. But the most that representatives of the law can find is the mules themselves and their percentage. Neither the bulk of the stolen goods nor the contacts of the organizers of the crime could be found.

Next, cash is about criminal schemes: buying jewelry or metals (this business still often prefers to work with cash) or buying and then selling chips in a casino.

If the money is transferred further by bank transfer, then shell companies operating in different countries are involved in the process. They are usually located in countries where there are no strict controls over financial transactions, or where there are very strict laws protecting the secrets of commercial transactions. Several transfers with splitting and conversion into different currencies - and now the origin of the money cannot be traced. And these are not necessarily fly-by-night companies; they may also have a partially legal business, into which the stolen money flows in an imperceptible stream.

Relatively recently, cryptocurrencies began to be used for money laundering. They attract attackers because the user does not need to provide his personal data to complete transactions. However, this method is not as simple as it seems. Indeed, along with anonymity, blockchain-based currencies are also absolutely transparent. So you have to make a lot of transactions to withdraw funds. For example, in 2021, the Lazarus group, after hacking a cryptocurrency exchange, withdrew $30 million, and then made 68 transfers between different wallets in four days.

Examples of money laundering schemes

Criminals are usually well versed in all matters related to money laundering. Therefore, when one scheme is exposed, a new one is immediately developed. Here are the most famous ones:

  • Through offshore companies. Even very large sums can be laundered in this way. Through intermediaries in tax haven countries, offshore accounts are opened where money is transferred. They are then transferred to bank accounts in third countries. There they can be stored, invested in real estate, securities or other objects. The use of offshore companies is a well-known method of money laundering, since state currency control of these organizations is simply absent. Plus, account holders are guaranteed anonymity.
  • Via bitcoins. Bitcoin or other cryptocurrency wallets are not considered official means of payment in most countries and are anonymous. Therefore, they can be easily used to withdraw funds to any country, including those where cryptocurrency can be used in the same way as regular money - to pay for goods. Currency from the wallet is transferred to a bank account and converted into dollars, euros, etc. The primary source of income is no longer known.
  • Through an individual entrepreneur or organization. A very simple and relatively reliable scheme is running a fictitious business. Intermediaries open cafes, bars, a network of payment terminals, retail stores, etc. Regardless of the flow of real cash received from customers, illegal money is introduced into the business. It is almost impossible to track and calculate them, and if taxes are paid on time and documentation is maintained, neither the bank through which the funds are circulated nor other regulatory authorities will be suspicious.
  • Through capital structuring. Example: a large amount of money is divided into small shares that will not arouse suspicion from the tax authorities. They are then transferred through bank cards to intermediaries, after which they withdraw them and transfer them to the original owner, but in cash minus commissions. For example, an amount of 10,000 rubles received on an individual’s account/card does not raise suspicion. Moreover, in each bank you can open a card account and have 10, 20 or 30 of them.

The described schemes are widely known and are currently little used in this form. To launder income, criminals invest a lot of money and involve intermediaries. Proven methods are modified and adapted to modern capabilities. For example, today there are already cases of money laundering through electronic wallet accounts QIWI , WebMoney , Yandex . Money .

Practical conclusions

As we can see, cybercriminals have built a complex and multi-stage money laundering scheme. In the process, they change accounts, companies, presentation, currency, jurisdiction many times. And all this takes a matter of days. During this time, some companies do not even notice that they have been attacked.

Therefore, it makes the most sense for banks to take matters into their own hands and build a cybersecurity system in such a way as to minimize the possibility of hacking financial systems and gaining control over them. We have a special product aimed specifically at banks and other financial institutions: the Kaspersky Fraud Prevention platform. It allows you not only to provide behavioral analysis of users and control of transactions and financial transactions, but also to monitor attempts to launder stolen money through your bank. You can find out more about it on the solution website.

Definition of the concept

In simple words, “money laundering” is its legalization. People create fictitious documents, organizations and businesses to appear as official income. But there are other ways. Unlike cashing, laundering is associated with illegal income-generating activities. In this case, as a rule, we are talking about large sums that are difficult to bring into legal channels without a plausible explanation to the regulatory authorities. In addition, cashing is the withdrawal of non-cash money into cash, and laundering often involves the opposite: cash is deposited into bank accounts for legalization, after which it can be cashed out legally.

In this case, funds are converted from cash to non-cash form (for example, using an instant payment terminal), and in the opposite direction (fictitious receipt of a prize on a lottery ticket or the purchase of a winning ticket from the rightful owner, the cost of which may be greater than the winning itself).

The essence of money laundering is concealing the real source of income. And evading tax payments or cashing out may serve as secondary or auxiliary factors. “Laundered” funds are used for various purposes - company financing, personal needs.

The need to launder money or other material assets may arise under the following circumstances:

  1. If monetary earnings are obtained as a result of illegal activities, be free to use it for any purpose. This could be trade in prohibited items, bribes, kickbacks.
  2. If an organization hides an illegal source of income that violates the law, it avoids paying money to the state in the form of tax deductions. The money is “laundered”, reflecting a different nature of earnings, after which it is invested in the business.

Fraudulent schemes

One of the most common fraudulent schemes is opening a shell company. Her entrepreneurial activity is limited only to opening a bank account, depositing funds into it and withdrawing these funds, ostensibly in order to pay for the services of counterparties.

Today, bank plastic cards have become widespread. And they are no less popular among fraudsters, who every now and then pull off a new scam, trying to hide income and mislead tax officials and law enforcement agencies. To date, the following fraudulent schemes involving bank cards are known:

  • opening an account and receiving a card by a figurehead;
  • opening an account for a non-existent person;
  • cashing out funds for a reward (the card owner receives a percentage of the withdrawn amount, the rest is given to the “customer”).

Fraudsters can open plastic cards in their own name. They do this under any pretext: obtaining a loan, paying for services, issuing wages, etc. But funds are always withdrawn from the bank that issued the card, since you have to pay a commission for withdrawing funds from your account through an ATM of another bank. At the same time, the organizers of such a fraudulent scheme try not to “shine” personally in front of ATM cameras. Specially hired people withdraw money for them.

Actions of bank employees

Employees of financial institutions try to protect themselves: they may deliberately increase the percentage for withdrawing funds or refuse to issue these funds altogether, confident that an organization with a dubious reputation is unlikely to sue them.

In the summer of 2021, another way to counter such money laundering was introduced: a daily limit on money transfers. If the owner of a bank card receives more than 600,000 rubles into his account, employees of the financial institution have the right to request information about the source of such high income. In addition, at the first suspicion of an attempt to launder income, they can refuse service to such a client and block his account.

Features of judicial practice

Money laundering is a non-obvious crime that is quite difficult to prove. The law considers as a criminal any counterparty who makes a transaction with a criminal. But it is problematic to prove the fact that a person knew about the illegal origin of funds. To do this, it is necessary to rely on the results of high-quality operational developments.

The crime itself, in terms of its composition, is described in several documents. First of all, these are articles 174 and 174.1 of the Criminal Code of the Russian Federation. In addition, the content of the act is determined by the Federal Law “On Combating the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism.” There is an opinion among lawyers that cases under Articles 174 and 174.1 are exclusive. The reason lies in the imperfection of the legal apparatus and the lack of a unified interpretation of the content of the objective side of this crime. The possibility of incriminating the suspect with the main crime and money laundering is not clearly presented.

Some representatives of the law argue that first the criminal must be convicted of committing the main crime, and only then proceeding with money laundering is carried out. In addition, it is not entirely clear what to do if part of this income has already been spent. Only an explanation from the Supreme Court can put an end to this issue.

The Supreme Court, as expected, brought some clarity to the qualifications of money laundering actions. The court makes conclusions about criminal activity based on:

  • Conviction for the underlying crime.
  • Resolutions of preliminary investigation bodies to terminate a criminal case on non-rehabilitative grounds.
  • Resolutions to suspend a criminal case due to failure to identify a person as an accused.

The court must establish exactly the purpose of laundering funds or other property obtained by criminal means. This goal is realized through the acquisition of property, making transactions for its alienation, falsifying the grounds for transferring rights to ownership of funds, conducting financial transactions with the help of shell companies, front men, and offshore accounts.

The very fact of committing one of the above operations is not a reason for bringing a person to criminal liability. The prosecution must prove that the person intentionally carried out such a transaction in order to give the legitimate appearance of ownership of the property.

Both the prosecution and the defense are facing difficulties. The difficulty for the prosecution is that it is necessary to prove the sequence of actions: commission of the main crime, receipt of income, legalization of income. For the defense, the difficulty lies in the bias of the court. The court does not want to pay attention to proving the presence of a crime, artificially increasing the statistics of consideration of money laundering cases.

Earnings from cashing out

Advertisements periodically appear on the Internet about the possibility of “easy” earnings without investment. It turns out that to receive income, it is enough to accept a certain amount on your bank card, cash it out at an ATM, and then transfer the money to the customer. As payment for the service provided, the customer will leave you part of the cashed money. Sometimes the reward can be purely symbolic. Sometimes very significant amounts are offered as commissions.

As you probably already guessed, we are talking about complicity in a scheme for illegal “cash-out” and money laundering. You should definitely refuse such easy money.

.

What will happen if you start cashing transfers from your card and transferring money to other people? Your customer, who is most likely in trouble with the law, will be able to remain in the shadows. You run the risk that the bank will block your card. Police officers (or FSB) may be interested in you. And sometimes connections with the criminal world end tragically (for the reason that “he knew too much”).

Consequences for the country and the economy

Crime and corruption are the main causes of illegal activities. Criminal structures find ways to withdraw money or other material assets and reinvest them in their development and strengthening. Bribery damages people's social lives and infringes on the rights of honest businesses. The country's budget also suffers, as it does not receive funds in the form of tax deductions, but when it comes to criminal business, this damage is the lesser of the evils.

At the state level, appropriate measures are being introduced to combat money laundering and other material assets in any form; this requires investment from the budget. Legitimate businesses suffer financial losses, as part of their capacity is spent on reporting and taxation. For example, the introduction of online cash registers that allow the Federal Tax Service to track all transactions of an individual entrepreneur or LLC requires money both for the purchase of equipment and for its maintenance.

The history of the origin of the concept of “money laundering” dates back to the moment when states introduced restrictions on various types of business and began to fight crime. You need to understand that all measures taken by governments are aimed at reducing illegal money making and suppressing criminal structures. The latter, having finances, are capable of causing damage to entire countries and to each individual individual.

What is the difference between AML and KYC?

Know Your Customer practices are an obligation of financial institutions and service providers as part of AML compliance. The KYC procedure requires the user to provide personal data confirming his identity and makes the user responsible for all financial transactions made. KYC is a proactive part of AML , which is part of the due diligence procedure for the client. This distinguishes it from other AML mechanisms aimed at investigating suspicious behavior.

Rating
( 2 ratings, average 4.5 out of 5 )
Did you like the article? Share with friends:
For any suggestions regarding the site: [email protected]
Для любых предложений по сайту: [email protected]