recommended reading

How to Launder Billions of Digital Dollars

Mythili Raman, Acting Assistant Attorney General for the Criminal Division of the Dept. of Justice

Mythili Raman, Acting Assistant Attorney General for the Criminal Division of the Dept. of Justice // Richard Drew/AP

Money laundering, that staple of films, both comic and thriller, has changed since the days when gangsters ran local fronts that only dealt in cash. 

A recent Justice Department indictment of the founders of Liberty Reserve, a digital currency company, allows us a rare peek into the mechanics of cleaning criminal lucre. One of those founders, Vladimir Kats, pled guilty on Friday in a New York court.

"Vladimir Kats, by his own admission, helped to create and operate an anonymous digital currency system that provided cybercriminals and others with the means to launder criminal proceeds on an unprecedented scale," said acting assistant attorney general Mythili Raman.

Liberty Reserve, the DOJ claims, laundered more than $6 billion of dirty money between 2006 and May 2013. They had more than a million clients and processed 55 million financial transactions. The founders were able to skim tens of millions of dollars, prosecutors allege, which were stored in bank accounts all over the world. 

This, then, reveals a new age of cleaning loot: whinging currency across the globe and routing it through the places that have the weakest regulations and regulators. It turns out that, for a few years, money laundering hasn't been that hard—more like clicking around PayPal than contracting with the Yakuza. 

Here's how it worked. Liberty Reserve created a digital currency, LR credits. People could open account with Liberty Reserve and then store their money in the form of these credits. When they wanted to get money in or out, they couldn't just send a wire or go to an ATM. Instead, Liberty Reserve contracted with other companies they controlled known as "exchangers" which bought and sold regular money in exchange for LR credits. These outfits, like AsianaGold, Swiftexchanger, and MoneyCentralMarket, were not licensed to transmit money, but operated seemingly sneakily in Malaysia, Russia, Nigeria, and Vietnam. As money traveled the system, each company took a cut. The exchangers often took five percent.

Liberty Reserve's role was to serve as a broken link in the paper trail, so that transactions could not be traced to or from anyone. Hard currency would go in via an exchanger and then pop out the other side through a different exchanger and into a bank account in some other country. 

LR's most basic criminal offense is simple: It didn't know or want to know the identities of its clients. They allowed people to transfer big sums of money without checking their identification. That's a cardinal sin in the UN rulebook on money laundering.  

For example, a DOJ attorney signed up for an account with the name "Joe Bogus" with an address of "123 Main Street, Completely Made Up City, New York." Then, when sending LR credits between this entity and another DOJ account put things like "your share of the cashout," "for atm skimming," and "for the cocaine," into the memo field (where you'd put "Rent" on a check). Mr. Bogus did not have a difficult time completing transactions.

Neither did users with names like "Russian Hackers" and "Hacker Account." 

The whole operation started to unravel when authorities in the U.S. and Costa Rica, the country where its American founders had set up shop, began to get suspicious. Eventually, the DOJ put the company under heavy surveillance with help from the U.S. Secret Service and more than a dozen countries.

Agents working on the investigation have executed search warrants for more than 30 separate email and Internet accounts; installed more than two dozen pen registers on multiple phone and email accounts; reviewed hundreds of thousands of documents, including emails and bank records; set up undercover accounts and conducted transactions; and also executed one of the first-ever "cloud"-based search warrants, directed to a service provider [Amazon] used to process Liberty Reserve's Internet traffic. The prosecutors also obtained judicial authorization for a wiretap on the email account of one of the principal defendants in the case, and pursuant to MLAT requests, the Netherlands conducted a wiretap on the cellphone and Internet connection of another of the principal targets in the case. 

What's remarkable is that it took all that effort to shut down a baldly criminal enterprise acting as a billion-dollar monetary chop shop for cybercriminals. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.