In the dark

While bitcoin remains the preferred cryptocurrency for cyber criminals demanding ‘ransom’ payments from victims, there are worrying signs of a new wave of ‘secure and anonymous’ virtual currencies increasingly being used in the digital underground market. Although bitcoin boasts of its anonymity in online transactions, only those with a high level of cyber skills are able to take advantage of full ‘identity protection’. The newer cryptocurrencies are said to make this process much easier. In its newly-published 2017 Internet Organised Crime Threat Assessment (IOCTA) report, Europol warns that one particular currency, Monero, is becoming increasingly popular on the Darknet – the hidden part of the internet where illegal transactions take place – because of its “additional security and privacy features”. According to the report: “Cryptocurrencies continue to be exploited by cyber criminals, with bitcoin being the currency of choice in criminal markets, and as payment for cyber-related extortion attempts such as from ransomware or a DDoS (distributed denial of service) attack. However, other cryptocurrencies such as Monero, Ethereum and Zcash, are gaining popularity within the digital underground”. Earlier this year, Europol shut down the Darknet drug market known as AlphaBay, which was openly selling drugs, weapons and other illegal items, as part of an internationally coordinated operation. It is understood large quantities of bitcoin, Ethereum, Zcash and “an unknown amount of Monero” were seized from the site administrator. The IOCTA report says the Darknet remains “a key cross-cutting enabler for a variety of crime areas”, adding: “It provides access to, among other things: the supply of drugs such as Fentanyl and new psychoactive substances, which internationally have directly led to many fatalities; the supply of firearms that have been used in terrorist acts; compromised payment data to commit various types of payment fraud; and fraudulent documents to facilitate fraud, trafficking in human beings and illegal immigration.” Bitcoin’s dominant position in the cybercrime market is chiefly down to its size. The total value of all bitcoins in circulation is more than twice that of the nearest of hundreds of rivals combined. This makes it easy for victims to access enough to pay ransoms and for hackers to ‘cash out’ via online exchanges to spend in the ‘real world’. One of the newer cryptocurrencies, Zcash, immediately attracted interest from ‘investor cybercriminals’ when it appeared on the market in October 2016 promising users total anonymity. It not only masks the identity of users, but also the identity of the transaction’s recipient and the value of the transaction. However, according to the IOCTA report, Zcash has yet to directly feature in cybercrime activity. The same can not be said for other emerging cryptocurrencies. In March, cybersecurity researchers discovered a Star Trek-themed ransomware strain called Kirk, which demanded payment in Monero rather than bitcoin. The number of victims and total ransom paid remains unknown. The new cryptocurrencies are also creating ‘other’ victims. The huge growth in the value of bitcoin over the past ten years has led to growing interest from legitimate investors, some of whom are keen to “get in on the ground floor” with alternative products. New cryptocurrencies typically raise funds using an Initial Coin Offering (ICO), a process that shares similarities with an IPO (Initial Public Offering) in which companies sell shares to raise capital. According to Chainalysis, a New York-based firm that analyses transactions and provides anti-money laundering software, more than 30,000 people have fallen prey to scams involving ICOs linked to the currency known as Ethereum, losing an average of $7,500 each. The first such scam, in June 2016, resulted in a total of £57.6 million being stolen from 11,000 victims. There are also reports of thousands of computers being infected with viruses that enable cyber criminals to jointly use their processi