Tag Archives: Liberty Reserve

Money For Nothing


A few weeks ago, a story broke about arrests made related to a series of incredible ATM heists. A group of criminals struck twice, in over 25 countries and took in over $45 million. The thefts were incredible, not only because they took in so much money, but also because of how well-executed they were, with the thieves striking quickly and efficiently, in so many cities across the globe. How were they able to do this?

They began with prepaid debit cards. Computer hackers hacked into the systems of two prepaid debit card processors and stole debit card numbers. The first time they stole five prepaid debit card numbers from a processor in India and the second time they stole twelve account numbers from a United States based processor. After stealing the numbers, they raised the limits on the debit cards, or removed them completely. This was possible, in part, because prepaid debit cards start out as a blank slate, unconnected to an individual’s account. The limits are set by the amount of cash paid into the account. This information is what was manipulated by the hackers. The hackers then sent the card information to their team members who were scattered around in over 25 countries around the world.

In the same way that a hotel programs a key card for a guest’s room, these criminals programmed the magnetic strips on blank cards, using a machine known as a skimmer, and cloned the prepaid debit cards. In fact, even hotel key cards can be used to clone debit or credit cards, as the technology used to create bank cards is the same technology used to make hotel room cards – not very comforting, is it? Finally, armed with cloned prepaid seemingly limitless debit cards, teams went out onto the streets and withdrew cash. A  lot of cash. During the first heist, using five prepaid numbers, the thieves withdrew $5 million from ATMs in 20 countries. During the second heist, using twelve prepaid accounts, the thieves withdrew $40 million from ATMs in 26 countries in under 10 hours. This is not the first time that this has occurred – theft using prepaid debit card information has happened several times – but this is the grandest scale to date. In a highly coordinated and organized action, the teams of people went from ATM to ATM, swiftly withdrawing funds. They knew which ATMs had the highest maximum withdrawal limits and they knew the most efficient routes to take in order to maximize their intake in the least amount of time. The New York Times reported that from the ATM cameras, one can see a crew member’s backpack getting heavier and heavier, as he went from one machine to the next. There is something to be said for the criminal network; reporting on the shutdown of Liberty Reserve stated that the ATM thieves laundered some of their ill-gotten gains through the shady currency exchange business. When MasterCard, noticed that something was amiss with their prepaid debit cards, they contacted the Secret Service who, among other things, investigates various financial crimes.

The thieves likely targeted prepaid debit cards because of several weaknesses that they were able to exploit. Regular debit cards are connected to a person’s checking account meaning, generally, that a thief is limited to stealing the victim’s checking account balance and not much more than that. A credit card, though a thief can try to go to town with it, is connected to individuals who will notice pretty quickly if a lot of money is taken out of their account. Also, because credit cards come with the history of the user, credit card companies tend to flag them if they notice behavior that is out of the ordinary. The prepaid debit card is a different animal. Prepaid debit cards are a very convenient way for people, who do not wish or are unable to use bank accounts, to go cashless. For a small fee, cash is simply loaded onto a card that will then work as a regular debit card, until the money pre-loaded onto the card is used up. Because it is not connected to a person’s account or spending history, if this card is manipulated, it will take a while before anyone notices that something is amiss.

Because of the nature of the prepaid debit card – that it is not connected to an individual’s account – the thieves needed to steal only a few numbers and raise the limits on a few cards to very high levels. Because only a few were taken, again, it decreased the risk of the theft being immediately noticed. When credit or regular debit cards are stolen, thieves tend to have to steal great numbers of them if they want to make a lot of money out of them. Once a lot of cards are stolen, the chances that someone will notice go up a lot.

As I mentioned before, debit and credit card technology itself is not secure. The magnetic strip technology used on credit and debit cards in the US, is the same technology used to program hotel room keys. The technology has not changed in decades and the machines used to clone credit and debit cards can be bought for $25. The US is the only nation in the G-20 that still uses this magnetic strip technology. The other members use newer chip technology that is more secure.

There are several benefits to the prepaid debit card, some of which are:

  • They can be cheaper for some than having to pay all the fees involved in having a bank account;
  • Despite the skimming and cloning risk, they tend to be safer than holding large amounts of cash;
  • They are good for travel, especially since traveler’s checks are no longer as widely accepted as they used to be and debit cards can be used wherever credit cards are accepted;
  • They are great gift cards as they are not limited to a particular vendor.

One challenge for the issuers and processors of these prepaid debit cards is to make them more secure so that they do not end up losing more and more money to heists such as these ones. Though US banks may believe that newer card technology is too expensive, as thieves steal more and more, they may decide that the benefits of the technology outweigh its costs.  There is also the challenge of protecting the banks and processors against hackers. There have been arrests of the team members who made the ATM withdrawals, and one has even been found shot dead, however the hackers are still at large. They are probably the most dangerous, for without them the prepaid debit account information could not have been stolen and manipulated. That is an ongoing battle that financial institutions and law enforcement fight; as our systems become more sophisticated, so too do cyber criminals.

Tagged , , , , , ,

So Fresh And So… Not Clean


Last week, online currency exchange, Liberty Reserve, was shut down, several individuals were arrested and an indictment was filed by the United States Justice Department in New York. filed and indictment accusing six individuals of, among several other things, money laundering. Media outlets all over keep throwing out that term but how exactly does money laundering happen?

In the United States, money that is earned, whether by legal or illegal means, is subject to taxation. Al Capone went to jail, not for the many (as I gather from watching Boardwalk Empire) people he killed and his unlawful business ventures but for tax evasion. When the government sees you spending money and you do not give them a reasonable reason for your having that money, they will work hard to find out just where your money is coming from. However, if they find out that this money comes from illegal sources, they can arrest and prosecute you for your unlawful activities. This is where money laundering comes in. People who make money via illegal methods, find ways to make their money look clean, as though it came from lawful sources. How does this happen?

  1. The first step in money laundering is referred to as placement. At this stage, money is put into the financial system. This can be risky as US banks are required to report large cash deposits, and wires and checks contain the payer’s information and are, therefore, quite traceable. This is where Liberty Reserve was very handy. First of all, the only honest information Liberty Reserve required from an account holder was an email address. Although they requested a name and birth date, none of that information was verified. This gave the account holders anonymity. Also, Liberty Reserve did not accept money directly from users. Instead, users took their money to approved exchangers who then issued LR currency, Liberty Reserve’s currency. These exchangers were located in countries with little or no oversight over their financial systems, such as Malaysia and Vietnam, so questions were not asked about where the money came from. This LR currency was then deposited into the users’ Liberty Reserve accounts with no clear path to where the money originally came from.
  2. The second step in money laundering is layering. During this phase, money is moved around, through many different sources, in an attempt to make the money difficult to trace. Under ordinary circumstances this involves moving funds from one bank account to another, generally in different countries and in varying amounts, buying expensive items and then selling them and changing money from one currency to another. The goal is to make the money’s path as complicated and difficult to trace as possible. Liberty Reserve made this relatively simple. Money going into a Liberty Reserve account holder’s account was already pretty anonymous and difficult to trace. Funds could then be moved, as LR currency, between various anonymous Liberty Reserve accounts. The sources of the funds became near, if not totally, impossible to trace, without having to go through the complications of multiple bank transfers through different countries and bank accounts.
  3. The final step in money laundering is integration. Here, the money re-enters the economy, disguised as coming from a legitimate source. The funds are transferred into a business that is probably a front for the illegal business but now that its origin has been disguised, it appears to be coming from a legal source. In the case of Liberty Reserve, the LR currency was transferred to money exchangers who converted the LR currency back to US dollars and then moved that money to wherever it was the Liberty Reserve account holder requested.

It is pretty clear just how handy Liberty Reserve was to those involved in illegal business and wanting to launder money so that it looked clean. By removing identification and making money transactions anonymous, placement and layering of dirty money a far less complicated endeavor than it tends to be. It is not surprising that Liberty Reserve had over a million users, 200,000 of which were in the United States, and that over $6 billion went through its system.

Tagged , , , , , , , , ,