How to Launder Billions of Digital Dollars

Mythili Raman, Acting Assistant Attorney General for the Criminal Division of the Dept. of Justice

Mythili Raman, Acting Assistant Attorney General for the Criminal Division of the Dept. of Justice Richard Drew/AP

Less like the gangsterism of old; more like a lawless Paypal.

Money laundering, that staple of films, both comic and thriller, has changed since the days when gangsters ran local fronts that only dealt in cash. 

A recent Justice Department indictment of the founders of Liberty Reserve, a digital currency company, allows us a rare peek into the mechanics of cleaning criminal lucre. One of those founders, Vladimir Kats, pled guilty on Friday in a New York court.

"Vladimir Kats, by his own admission, helped to create and operate an anonymous digital currency system that provided cybercriminals and others with the means to launder criminal proceeds on an unprecedented scale," said acting assistant attorney general Mythili Raman.

Liberty Reserve, the DOJ claims, laundered more than $6 billion of dirty money between 2006 and May 2013. They had more than a million clients and processed 55 million financial transactions. The founders were able to skim tens of millions of dollars, prosecutors allege, which were stored in bank accounts all over the world. 

This, then, reveals a new age of cleaning loot: whinging currency across the globe and routing it through the places that have the weakest regulations and regulators. It turns out that, for a few years, money laundering hasn't been that hard—more like clicking around PayPal than contracting with the Yakuza. 

Here's how it worked. Liberty Reserve created a digital currency, LR credits. People could open account with Liberty Reserve and then store their money in the form of these credits. When they wanted to get money in or out, they couldn't just send a wire or go to an ATM. Instead, Liberty Reserve contracted with other companies they controlled known as "exchangers" which bought and sold regular money in exchange for LR credits. These outfits, like AsianaGold, Swiftexchanger, and MoneyCentralMarket, were not licensed to transmit money, but operated seemingly sneakily in Malaysia, Russia, Nigeria, and Vietnam. As money traveled the system, each company took a cut. The exchangers often took five percent.

Liberty Reserve's role was to serve as a broken link in the paper trail, so that transactions could not be traced to or from anyone. Hard currency would go in via an exchanger and then pop out the other side through a different exchanger and into a bank account in some other country. 

LR's most basic criminal offense is simple: It didn't know or want to know the identities of its clients. They allowed people to transfer big sums of money without checking their identification. That's a cardinal sin in the UN rulebook on money laundering.  

For example, a DOJ attorney signed up for an account with the name "Joe Bogus" with an address of "123 Main Street, Completely Made Up City, New York." Then, when sending LR credits between this entity and another DOJ account put things like "your share of the cashout," "for atm skimming," and "for the cocaine," into the memo field (where you'd put "Rent" on a check). Mr. Bogus did not have a difficult time completing transactions.

Neither did users with names like "Russian Hackers" and "Hacker Account." 

The whole operation started to unravel when authorities in the U.S. and Costa Rica, the country where its American founders had set up shop, began to get suspicious. Eventually, the DOJ put the company under heavy surveillance with help from the U.S. Secret Service and more than a dozen countries.

Agents working on the investigation have executed search warrants for more than 30 separate email and Internet accounts; installed more than two dozen pen registers on multiple phone and email accounts; reviewed hundreds of thousands of documents, including emails and bank records; set up undercover accounts and conducted transactions; and also executed one of the first-ever "cloud"-based search warrants, directed to a service provider [Amazon] used to process Liberty Reserve's Internet traffic. The prosecutors also obtained judicial authorization for a wiretap on the email account of one of the principal defendants in the case, and pursuant to MLAT requests, the Netherlands conducted a wiretap on the cellphone and Internet connection of another of the principal targets in the case. 

What's remarkable is that it took all that effort to shut down a baldly criminal enterprise acting as a billion-dollar monetary chop shop for cybercriminals.