High-Tech Crime: A New Frontier for Transnational Criminal Organizations

Revised by Bachir El Nakib

From identity theft and fraud to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments.

Hacking experts warn there are plenty more security risks ahead in 2016 as cyber criminals become more sophisticated. While "traditional" cybercrime such as internet password fraud will still be widespread in 2016, larger scale espionage attacks and hacking the Internet of Things (IoT) will also be risks.

 At the same time, these transformations have also given rise to a new set of dangers, as some of the same technologies that enable people across the globe to connect instantaneously with one another and exchange money or information also facilitate criminal exploitation:

Dangers posed to our information systems and networks. Information systems and networks serve as the primary platform for our digital economy, while at the same time house the sensitive personal information of millions of consumers and citizens. Highly vulnerable to intrusion and manipulation, these systems and networks are regularly breached. As a result, millions have been subjected to identity theft and fraud, to say nothing of the severe damage this causes to the overall economy.

Dangers stemming from consumer vulnerability in the online marketplace. As consumer trust in online commerce has grown, so also has criminal interest in exploiting that trust. The result is an explosion in Internet-reliant scams aimed at defrauding unsuspecting consumers. Every year, thousands of Americans report being victims of online marketing fraud schemes and suffering losses exceeding tens of millions of dollars as a result.144 The losses of Californians are higher than those of residents of any other state.145

Dangers arising from Internet-enabled markets for illicit goods and content. The Internet has helped foster new economic models fueling the sale and distribution of counterfeit goods, counterfeit pharmaceuticals, pirated entertainment content, illegal drugs, and child pornography. These markets not only enable criminals to profit from illicit goods and content, but also further fuel the growth of the underlying illicit activities. The Mexican Attorney General estimated in 2009 that the total revenues from La Familia’s sophisticated network for distributing counterfeit movies, music, and software could be more than $2 million a day.146 

Eager to exploit these vulnerabilities in their quest for profit and power, organized crime has developed increasingly sophisticated techniques and patterns of organization. The result is a new generation of transnational criminal organizations that are more flexible, decentralized, and global than ever before.

Transnational Criminal Organizations Are Trageting Information Systems and Networks for Attack and Exploitation.

The digital infrastructure upon which consumers, businesses, and government all rely to store, process, and share information is highly vulnerable to attacks by sophisticated assailants operating remotely. Once breached, this infrastructure affords assailants the freedom to impersonate legitimate users, assume their privileges, and ultimately steal from them. According to the White House, cybercrime "costs consumers billions of dollars annually, threatens sensitive corporate and government computer networks, and undermines worldwide confidence in the international financial system."147 

These dangers are particularly acute in California. By a large margin, California tops all states in the number of hacked systems, the number of computer systems infected by malware, the number of victims of Internet crimes, the losses suffered as a result of those crimes, and the number of victims of identity fraud. In addition, because of the outsized role new technologies and mass-media entertainment play in its information-based economy, California is particularly vulnerable when its networks become infected and its intellectual property is stolen. 

In 2012, the Privacy Rights Clearinghouse recorded at least 331 breaches in the U.S. caused by criminals who were purposefully trying to compromise databases or networks.148 Seventeen percent of these intentional breaches occurred in California – a far higher percentage than in any other state – which, in turn, contributed to putting at risk the sensitive personal information of at least 2.5 million Californians that year.149 At the same time, 12.6 million U.S. adults – or 5.3 percent of the adult population – became victims of identity fraud in 2012. Costs associated with this pool of victims are estimated to be a staggering $21 billion.150

Figure 27Number of Intentional Data Breaches Designed to Compromise Systems
Figure 27: Number of Intentional Data Breaches Designed to Compromise Systems (2009-2012)Source: Privacy Rights Clearinghouse

The data represented in Figure 27 shows that the problem is getting worse. Between 2009 and 2012, the number of intentional breaches in the U.S. jumped by 280 percent.151 With new breaches now numbering in the hundreds per year, the rate of increase may be finally slowing, but it remains high. Between 2011 and 2012 alone, the number of breaches rose by 32 percent nationwide and by 27 percent in California, while the number of identity fraud victims in the U.S. increased by 8 percent.152

Information Systems and Networks Are Highly Vulnerable to Intrusion and Exploitation

When cybercrime first emerged, it was mostly orchestrated by people with strong technical skills who primarily wanted to enhance their reputation and popularity within a relatively small hacker network.153 Those days are over. As the potential profitability of cybercrime has become clearer, it has attracted a flood of individuals and groups with more pecuniary motives.154

There are several ways in which criminals can engineer breaches of databases, networks, and computer systems.

    • In a phishing attack, a victim is tricked into giving an assailant system access by being directed to a website that purports to be that of the victim’s financial institution. This website asks the unsuspecting victim to enter his account number, username, password, and other personal identification information. Although the website is in fact a fake, the victim frequently complies with the request because the website appears to be legitimate – complete with bank logos and legal disclaimers.
    • An assailant may also trick a victim into installing malware – or malicious software – on a targeted computer system. This malware is usually installed surreptitiously after the victim is induced to click on an attachment or link embedded in an e-mail message. In one recent case, an e-mail appeared as if it were from the National Center for Missing and Exploited Children.155 Once installed, malware can redirect information within a system to the assailant’s computer. Some types of malware can log a user’s keystrokes or record screen shots whenever a victim attempts to connect to a targeted financial website and enter account information.156 Other types are even more sophisticated. "Web injects" associated with the Gozi virus and the Citadel botnet, for example, actually alter how the webpages of particular banks appear on infected computers in order to trick a victim into divulging sensitive information (Figure 28).157
Figure 28Webpage Screen Shot of a "Web Inject"Figure 28: Webpage Screen Shot of a Source: Microsoft Corporation
    • "Skimming" is a type of attack that targets payment card networks in particular. It involves the installation of devices at credit/debit card terminals (usually located at gas stations or retail stores) that surreptitiously record card information as cards are swiped and PINs entered (Figure 29).
Figure 29Skimmer Placed in a Gas Station Payment Terminal in Martinez, CAFigure 29: Skimmer Placed in a Gas Station Payment Terminal in Martinez, CASource: Northern California Computer Crimes Task Force
  • Less technologically sophisticated, breaches by insiders occur when insiders abuse access privileges and supply sensitive information to criminals for a profit. Many breaches caused by insiders are never detected.

 Once a victim’s unique credentials are stolen, a criminal can use them to transact business instantaneously and from anywhere in the world. Criminals can withdraw cash, digitally transfer money to their own accounts, or purchase goods in exactly the same way as the legitimate account holder. All of this can happen before a victim even realizes his or her credentials have been stolen.

Because governments also rely heavily on unique identification numbers (e.g., Social Security numbers) to assign benefits or process taxes, a wide range of fraud becomes possible when government databases are breached or these numbers are otherwise stolen. Successful schemes have included billing the government for medical services never provided and pocketing another taxpayer’s refund.158 Through such high-tech fraud, large sums of taxpayer money may be siphoned off to criminals and away from its intended purposes.

Botnets Pose an Additional Risk to Information Systems and Networks

The threat posed by digital infrastructure vulnerability is not limited to identity theft and associated fraud. Computer networks and systems themselves may also be hijacked and used to launch attacks against additional computer systems. The principal way in which this occurs is through a "botnet," or a network of computers infected with malicious software – usually without the knowledge of the end-user. Computers may become infected when a user "inadvertently interacts with a malicious website advertisement, clicks on a malicious e-mail attachment, or downloads malicious software."159 Once infected, "the malicious software establishes a secret communications link to a remote ‘botmaster’ in preparation to receive new commands to attack a specific target."160 The computers can then be controlled by the botmaster to "operate in concert to disrupt or block Internet traffic for targeted victims, harvest information, or [] distribute spam, viruses, or other malicious code."161 Because of their versatility, botnets such as Citadel (Figure 33) have been described as the "Swiss Army knives of the underground economy."162 Moreover, because Citadel and similarly dangerous botnets concentrate in areas with substantial technology presence, California is uniquely affected. The Los Angeles and Silicon Valley areas in particular have suffered significant infections by malware linked to Citadel (Figure 30).

Figure 30Hot Spot Locations of Malware Infections Linked to the Citadel BotnetFigure 30: Map of Hot Spot Locations of Malware Infections Linked to the Citadel BotnetSource: Microsoft Corporation (2013)

By dramatically increasing the numbers of victims that can be targeted by a single scheme, botnets are a game-changer for criminals. Botnets enable criminals to launch millions of attacks against protected networks or computer systems and exploit vulnerabilities within hours, if not minutes. This ability to exponentially expand the pool of victims, in turn, can make otherwise unprofitable criminal strategies successful.163

Botnets significantly increase the profitability of any scheme that depends on taking small amounts of money from large numbers of victims so as to avoid detection.164 In the same way, botnets increase the threat posed by transnational criminal organizations exponentially by allowing perpetrators based outside the country to reach out to millions of Americans at once through spam e-mail.165

Transnational Criminal Organizations Are Fueling the Epidemic

Not surprisingly, transnational organized crime has tapped into this new criminal frontier. Cases strongly suggest that transnational criminal organizations are behind the biggest schemes to breach systems and exploit captured identification credentials.

A particularly devastating phishing operation involved an Egypt-based transnational criminal organization that expanded its operations into California. The Egypt-based hackers used phishing tactics to obtain bank account numbers and related identification of U.S. bank customers. They then teamed up with three California-based individuals who supplied them with California bank accounts to which they could transfer stolen funds.166 

Figure 31: Operation Phish Phry Steps










The individuals who opened the California accounts then withdrew these fraudulently obtained funds, which were eventually transferred to the original hackers in Egypt.167 The multinational investigation into this crime, dubbed Operation Phish Phry, resulted in charges against 53 defendants in the U.S. (Figure 31). Most were arrested and prosecuted in Southern California. Authorities in Egypt also charged 47 defendants linked to the scheme.168 

  • In U.S. v. Drinkman (D.N.J. 2013), one of the largest hacking and data breach cases ever, a confederacy of Eastern European criminals harvested over 160 million credit card numbers by attacking numerous companies around the world, including national retailer Wet Seal, Inc., which is headquartered in California.169 Unique malware placed within the targeted payment networks allowed the organization to capture payment card credentials and other information in real time as the information moved through the network.170 The organization then sold the credentials on the black market (priced at $10 for American credit card numbers and $50 for European numbers) and the information was eventually used to make counterfeit payment cards.171 Losses from the scheme totaled in the hundreds of millions of dollars.172
  • In 2009, members of the Armenian Power transnational criminal organization caused more than $2 million in losses when they installed skimming devices at several 99¢ Only Stores in Southern California, and then used the skimmed information to create counterfeit credit and debit cards.173
  • In the largest Medicare fraud scheme ever committed by a single enterprise and criminally prosecuted by the U.S. Department of Justice, an Armenian-American transnational criminal organization, the Mirzoyan-Terdjanian Organization, used fraudulent Medicare billings to steal more than $163 million.174 After stealing the identities of real doctors, the organization set up phony clinics and applied to become Medicare providers. Once approved, the clinics used stolen information from beneficiaries from around the country to bill Medicare for services never provided. Although Medicare was able to identify and shut down many of the fake clinics, they were promptly replaced by new ones, often in another state.175 In all, at least 118 bogus clinics were opened in 25 states.176 Many of the 73 defendants eventually prosecuted operated out of the Los Angeles area.177

As these cases suggest, transnational criminal organizations are leading efforts in California to target information systems and networks to steal identification credentials that can be converted into money. One of the largest global surveys on data breaches has found that in 2012 organized criminal groups were responsible for at least 55 percent of all incidents of unauthorized access to confidential information of a business or government entity by an external actor.178 Many of these criminal groups were transnational criminal organizations operating out of Eastern Europe that targeted businesses and governments in the U.S. and Western Europe.179 

Transnational Criminal Organizations Are Uniquely Positioned To Exploit High-Tech Criminal Opportunities

Like drug trafficking, high-tech crimes tend to be highly profitable – in many cases even more so than trafficking. For example, DVDs containing pirated software can be produced for just $0.50, but sold for more than $50.180 Credit card information linked to personal information about the owner can be obtained for as little as $10 and then exploited to reap hundreds or even thousands of dollars’ worth of goods.

Yet, unlike drug trafficking, the risks to criminal organizations of much of this activity are comparatively low.181 High-tech crimes are often extremely difficult to detect. And even if prosecuted, offenders are likely to receive penalties that are lower by comparison to violent crimes and drug trafficking.182

Transnational criminal organizations are uniquely able to exploit the opportunities presented by the high-tech criminal frontier. Their ability to structure criminal activity transnationally in many cases makes them virtually immune from arrest or prosecution due to formidable obstacles that law enforcement often encounters when trying to track perpetrators from one country into a foreign jurisdiction.

Transnational criminal organizations also have greater access to the expertise, specialization, and coordination required to successfully pull off most high-tech crimes.183 And while in the past criminal cross-border cooperation was cumbersome, expensive, and vulnerable to law enforcement, the Internet and other advances in high-speed international communication have dramatically reduced these "transaction costs." Now, far-flung criminal network operatives can exploit new criminal opportunities from their desktops without even having to leave their homes – let alone their home countries.184

Outsourcing of Specialized Services Is Making the Technology of Cybercrime More Accessible

In the past, a criminal organization entering the cybercrime arena may have needed to possess a fairly high level of computer hacking skills. But increasingly the specialization needed to launch high-tech criminal attacks is being achieved by outsourcing – specifically, by purchasing highly specialized services online from the "dark market." Clandestine websites offer virtually any service needed to perpetrate high-tech crime. Pay-per-install services, for example, take malware and disseminate it by infecting computer and Internet systems for a price as low as $100 per 1,000 downloads. (See Figure 32.) Transnational criminal organizations are turning to this market with increasing frequency precisely because of the diversity of specialized and competitively-priced services offered. Buyers can even comparison shop to get the best price.185

Figure 32Price List for Services Available on the "Dark Market" 
Offering Price
Malware installation (pay-per-install) 
(targeting U.S.-based computers)
$100–150 (per 1,000 downloads)
Distributed Denial-of-Service (DDoS) Attack
Cheap e-mail spamming service $10 (per 1 million e-mails)
ZeuS Botnet builder kit $100
Purchase of botnet capable of launching 
DDoS attack
Hacking Email
(gmail.com account) 
(corporate email account)
Source: Max Goncharov, Russian Underground 101, Trend Micro Incorporated (2012)

This dark market offers hacking services that are not only highly specialized but that can even be customized to the particular target of the criminal enterprise. This customization promotes accessibility – particularly for non-specialists – and is enabling "a much wider range of people to become [high-tech crime] offenders, not just those with a special gift for computing."186 In response to demand for these services, providers are offering ever more sophisticated products. For example:

      • Whether the service offered is a "distributed denial-of-service" attack, spamming, or pay-per-install, multiple options exist on the dark market for tailoring the service to the attacker’s specific needs. For example, a distributed denial-of-service attack, in which a computer is used to attack a website by sending overwhelming data requests, is not only available for purchase, but can be tailored to persist as long as one month and as short as one hour.187
      • Malware, botnets, and other products are increasingly being packaged with "a high degree of after-sales service."188 The creator of the Citadel botnet, for example, uses a "customer relationship management" tool to communicate with "customers" who purchased a botnet "builder kit" about "updates to Citadel code, support with technical problems, and best practices in deploying, running, and defending their Citadel botnets."189 According to Microsoft, the Citadel creator is "swift to add new features and fix bugs and has released multiple versions on a fast schedule to provide the Citadel botnet operators with the latest updates."190 In addition, the Citadel creator collaborates with customers, inviting them to suggest new features and vote on which features should be implemented.191
Figure 33Citadel Botnet CaseFigure 33: Diagram of Citadel Botnet CaseSource: Complaint, Microsoft Corp. v. John Does 1–82, No. 3:13-cv-319 (W.D.N.C. May 29, 2013)


Not Just About the Money

Although most transnational organized cyber attacks are motivated by money, some appear to be triggered by malice or political ideology instead. While this small category of actors lacks the greed for money generally associated with transnational criminal organizations, these groups do share one important commonality: they operate transnationally to commit crimes and cause millions of dollars in damages.

"Anonymous," "Internet Feds," and "LulzSec" are some of the groups that have displayed such multifaceted motives. Beginning in late 2010, members of Anonymous targeted the websites of Visa, MasterCard, and PayPal in retaliation for those companies’ refusal to process donations to Wikileaks. By bombarding them with distributed denial-of-service attacks, Anonymous was able to crash the companies’ websites. In similar fashion, Anonymous temporarily brought down websites used by the Algerian and Tunisian governments.

In the first half of 2011, the groups Internet Feds and LulzSec went on a global cyber rampage by hacking into the computer systems of Fox Broadcasting Company, Nintendo, the U.S. Senate, PBS, Sony, and the publisher of the Chicago Tribune and the Los Angeles Times, among many others. In addition to stealing confidential information from the compromised servers, the attackers defaced websites and inserted a fake news article on the website of PBS’s News Hour.

The attack on PBS was allegedly in retaliation for what was perceived as unfavorable news coverage about Wikileaks. According to a court document revealed during the 2012 prosecution of the groups’ key members in the Central District of California, LulzSec’s overall goal was to see the "raw, uninterrupted, chaotic thrill of entertainment and anarchy" and to provide stolen personal information "so that equally evil people can entertain us with what they do with it."

These groups are not the only ones whose motives extend beyond money. Others include anti-American hacker groups apparently originating from the Middle East. In September 2012, the "Izz ad-Din al-Qassam Cyber Fighters" launched a series of denial-of-service attacks against the websites of several major U.S. banks, allegedly out of indignation at an anti-Islam online video mocking the Prophet Muhammad. And in early 2013 the "Syrian Electronic Army" compromised the New York Times’ website and the Twitter feed of the Associated Press, among others, again apparently out of political motives.

Sources: U.S. Attorney’s Office, Southern District of New York, Six Hackers in the United States and Abroad Charged for Crimes Affecting Over One Million Victims, news release (Mar. 6, 2012); Indictment at pp. 3-15, United States v. Mosegur, No. 1:11-cr-00666 (S.D.N.Y. Aug. 15, 2011); U.S. Attorney’s Office, Central District of California, Second Member of Hacking Group Sentenced to More Than a Year in Prison for Stealing Customer Information from Sony Pictures Computers, news release (Aug. 8, 2013); Nicole Perlroth, Attacks on 6 Banks Frustrate Consumers, New York Times (Sept. 30, 2012).

Emerging High-Tech Crime Trends

Fraud in the Online Marketplace

The shift toward selling and buying goods online is one of the most significant transformations ushered in by the Internet. It would not be possible if consumers did not trust that goods they purchased online would be reliably delivered days later. But the same trust that helps fuel online commerce is also ripe for exploitation. One industry estimate in 2009 suggested that various online scams swindled more than $2 billion from U.S. companies and citizens.192

Criminals may trick a buyer into thinking he is part of a legitimate transaction. Once the buyer has made a payment – often for a high-value item, such as a car – the goods are never delivered.193 To enhance the con, the criminals may make it appear as if a "third-party" agent is receiving the payment. These agents sometimes even maintain websites with online delivery tracking systems.194

A related type of fraud dupes victims into thinking they can acquire a large sum of money by paying a small amount in advance. Many Americans know this type of fraud from having received an unsolicited e-mail from a well-connected person who attempts to enlist them in a plot to smuggle millions of dollars out of Nigeria.195 The solicitor asks only that the victim pay a small amount – often for a bribe – to secure a percentage of the millions in loot. Other versions of this fraud trick people into believing they have won a lottery and promise delivery of the winnings once the victim has paid the requisite taxes, legal fees, or escrow fees.196 While these "advance fee" schemes have existed for decades, the Internet and other technologies have helped expand their reach exponentially.197

Because it is estimated that only one percent of people or businesses need to be duped for the fraud to be profitable, botnets frequently determine whether such schemes succeed.198 For example, because most people no longer open – let alone act on – the spam e-mail messages that underlie phishing attacks and mass-marketing fraud, the profitability of these strategies is heavily dependent on whether huge numbers of spam messages can be sent out in a short period of time.199 By employing multitudes of computers to automatically send millions of such e-mails, botnets make these schemes viable.200 In one mass-marketing fraud case, botnets were employed to distribute spam aimed at fraudulently driving up the prices of certain stocks. Once the stock prices rose, the chief organizer of the worldwide conspiracy sold the stocks at the artificially inflated prices, reaping approximately $2.8 million.201

Data from the Internet Crime Complaint Center confirms that mass-marketing fraud schemes continue to be both widespread and highly profitable. In 2012, for example, thousands of Americans reported being victims of online auto fraud, with direct losses exceeding tens of millions of dollars.202 Online scams involving housing rentals, timeshares, and various limited-time investment "opportunities" are also common, causing millions of dollars in reported losses nationwide in 2012.203 According to the Internet Crime Report, the losses Californians suffer as a result of these crimes top by a large margin the losses reported in any other state.204

Illegal Online Gambling

Debuting in the mid-1990s, online gambling illustrates the way in which transnational criminal organizations have used the Internet and cross-border havens to transform traditional criminal activity.

Last June, the U.S. Attorney for the Southern District of California offered details about one case, which appeared to employ a common model. The case involved a transnational criminal organization that ran a corporation named Macho Sports. Macho Sports operated several sports gambling websites hosted on servers primarily located outside the U.S. The corporation was initially registered in Panama and later moved to Peru in 2008, where it set up the physical platform for its online gambling activities. California-based customers connected to gambling accounts through Macho Sports websites to place bets, while teams of "bookies" and "runners" in the Los Angeles and San Diego areas were used by Macho Sports to recruit customers, pay off winning bets, and collect on losing bets – sometimes violently. The enterprise earned millions of dollars, which were then laundered through check-cashing businesses that took part of the cut.

Sources: Jerome P. Bjelopera & Kristin M. Finklea, Organized Crime: An Evolving Challenge for U.S. Law Enforcement, Congressional Research Service (2012), p. 11; Indictment at pp. 2-6, United States v. Portocarrero et al., No. 3:13-cr-02196 (S.D. Cal. June 13, 2013); U.S. Attorney’s Office, Southern District of California, Members of International Sports Gambling Ring Charged with Racketeering and Extortion, news release (June 19, 2013).

As with other types of cybercrime, fraudulent mass-marketing schemes are increasingly perpetuated by transnational criminal organizations.205 Transnational criminal organizations based in Romania, for example, have orchestrated two of the biggest cases involving fraudulent online sales. In both cases, the Romanian organizations advertised high-value items for sale online, using Internet auction sites popular with Americans, such as eBay or Cars.com.206 The organizations instructed the buyers where to wire payments. "Arrows," U.S.-based accomplices recruited to retrieve those payments, then transmitted the funds to Romania.207 Both schemes netted millions of dollars, with the gains in one topping $10 million.208 Many "advance fee" fraud scams have also been linked to West African transnational criminal organizations,209 whose loosely connected cells are located not only in Africa but around the world.210 And an Israel-based transnational criminal organization employed a lottery scam over several years to defraud hundreds of U.S. victims, mostly elderly, out of approximately $25 million.211

Counterfeit Goods and Pharmaceuticals

Online commerce not only makes it easier for consumers to shop and purchase goods, but has also obviated the need for sellers targeting the U.S. market to be located in the U.S. This, in turn, has created a significant regulatory hole, as government regulators can no longer effectively regulate what consumers purchase simply by targeting the U.S.-based entities that directly sell to consumers. Because of this regulatory hole, myriad illicit markets have been able to emerge and thrive alongside online markets for legitimate goods and services. Growth in the market for counterfeit goods and pharmaceuticals has exploded as the Internet has helped link price-conscious consumers in the U.S. with manufacturers in Asia that can produce increasingly sophisticated goods at low cost. Other markets experiencing Internet-related growth involve illegal drugs and child pornography. By directly linking suppliers to vast numbers of consumers worldwide, online illicit markets help increase the profitability – and, therefore, the growth – of criminal activity. 

The new marketplace for counterfeit goods is dominated by transnational criminal organizations. According to the United Nations Interregional Crime and Justice Research Institute (UNICRI), "[c]ounterfeiting and piracy have long presented a tempting target market for organized criminals." But especially in recent years, UNICRI notes, transnational criminal organizations have moved "deliberately and in great numbers" to grab control of supply chains and consolidate power over these rapidly growing black markets.212 For example, Italian transnational criminal organizations like the Neapolitan Camorra have long played a major role in the production and distribution of counterfeit luxury goods. With the massive growth of Chinese manufacturing, Italian transnational criminal organizations are adapting by increasingly partnering with Chinese criminal enterprises.213 Pursuant to these partnerships, the Chinese enterprises manufacture the products, while the Camorra sells and distributes them.214

Because the success of an Internet-based business model depends on attracting sufficient numbers of customers to the counterfeiters’ websites, counterfeiters may outsource their advertising work to specialized transnational criminal organization that deploy botnets. These botnets help counterfeiters reach millions through spam e-mail and the sophisticated manipulation of search engine results.215 The success of these Internet-enabled counterfeiting networks has significant consequences. In the global pharmaceutical market, for example, sales for legitimate businesses that play by the rules decline, reducing incentives for expensive investments into potentially life-saving drugs. In addition, since counterfeiters may dilute or misrepresent the active ingredients in counterfeit pharmaceuticals, recipients may not get the treatment they need, imperiling their health.216

Digital Piracy

Today, the Internet provides virtually unfettered access to a range of intellectual property content. However, the creators of this content are also arguably more vulnerable than ever to having their works stolen and distributed without their consent. According to a recent study by the British brand-protection firm NetNames, the amount of Internet traffic used for copyright infringement in North America, Europe, and the Asia Pacific has grown nearly 160 percent from 2010 to 2012 and now accounts for 24 percent of total Internet traffic.217 In 2011, it was estimated that more than 17 percent of Internet traffic in the U.S. was infringing.218 While new digital services for the authorized dissemination of music, film, television, and software have proliferated,219 services facilitating illicit distribution continue to evolve and thrive. Such services include cyber lockers, peer-to-peer networks, BitTorrent, streaming websites, and literally hundreds of mobile applications.220 Another major source of pirated content are China-based enterprises that produce and ship pirated DVDs with packaging that is often "shockingly sophisticated and nearly indistinguishable from legitimate product."221 These developments, in turn, have fostered astonishing growth in the global market for pirated digital content. For example, in 2011, the global commercial value of pirated software is estimated to have reached $63.4 billion, more than double what it was in 2003.222

Contrary to the myth that illicit distribution services are only interested in helping to propagate content, these services are in fact primarily profit-driven. One business model offers paid subscriptions for the pirated content. Another model offers the content free, but profits by inducing consumers to click online ads. In either case, as consumers use these piracy services to view content or download software, they siphon revenues away from content creators and into the pockets of criminals. Given the importance of the music, television, and film industries in California, the economic damage within the state of such Internet-enabled digital piracy is disproportionately severe. While estimates of exact losses vary greatly, there is little doubt that over the years digital piracy has robbed creative industries based in California of hundreds of millions of dollars in revenue and jobs.

In addition to depriving intellectual property creators of their earnings, a further threat posed by the marketplace for digital piracy is the distribution of malware. More and more, pirated content – whether downloaded or on a physical disk – is "laced" with malware that, once installed on a computer, can steal information or otherwise compromise that system.223 According to McAfee, 12 percent of sites known to distribute pirated content "are actively distributing malware to users who download [the] content." Moreover, some of these sites appear to "have associations with known cyber crime organizations."224

La Familia Michoacána Branches Into Counterfeit Software

One of the most alarming developments in piracy has been the entrance of some of Mexico’s most dangerous transnational criminal organizations into the piracy market.

In March 2009, Mexican law enforcement cracked down on a counterfeit software ring run by La Familia Michoacána out of the Mexican state of Michoacán. The ring was producing counterfeit versions of software such as Microsoft Office and Xbox video games, complete with "FMM" stamps (for "Familia Morelia Michoacana") on the disks. The New York Times reported that La Familia was distributing the software "through thousands of kiosks, markets and stores in the region and demand[ing] that sales workers meet weekly quotas." Through sophisticated distribution networks such as this, it was estimated by the Mexican Attorney General that La Familia was potentially earning more than $2 million per day. How this figure has changed since 2009 is unknown.

Digital Piracy Photos

Like La Familia, Los Zetas are widely reported to have counterfeiting operations within many Mexican states. The Zetas imprint their unique stamp – either a "Z" or a bucking bronco – on counterfeit CDs and DVDs they help produce and distribute.

Sources: Ashley Vance, Chasing Pirates: Inside Microsoft’s War Room, New York Times (Nov. 6, 2010); Francisco Gomez, Pirateria, el Otro Frente del Narco El Universal (Mar. 1, 2009),http://www.eluniversal. com.mx/nacion/166099.html, accessed on Jan. 2, 2014; Patrick Manner,Drug Cartels Take Over Mexican Black Market, Fox News Latino (Aug. 22, 2012); Motion Picture Association of America.

Virtual Currencies Offer New Tools for Money Laundering

New Internet-reliant technologies threaten to revolutionize the way in which transnational criminal organizations finance their activities and launder their proceeds. Until now, these organizations have had to sacrifice speed and profit margins in order to transfer money securely and secretly. For example, to avoid the registration and reporting requirements of banks and other international money transmitters, transnational criminal organizations avoid digital bank transfers in favor of physically transporting cash in bulk and participating in complicated trade-based money laundering schemes. These schemes are not only slow and subject to law enforcement interdiction, but also involve multiple "fees" to compensate launderers for their efforts and risk-taking. However, the emergence of new technologies over the last few years hints at a future in which speed and profit margins no longer need to be sacrificed in exchange for security and secrecy.

One example of these new technologies is the pre-paid, open-system stored-value cards such as "Green Dot" cards. Prepaid open-system cards allow their holder to connect to global debit and automated teller machine (ATM) networks. These prepaid cards often do not require the cardholder to open a bank account or verify his or her identity.225 This lack of an accountholder relationship, coupled with the fact that the cards are not subject to any cross-border reporting requirements,226can enable a cardholder to transfer an unlimited amount of money across the global payment system anonymously.227

Perhaps the most notorious new technology in transnational criminal organization finance is virtual currency, a category that includes e-Gold, Liberty Reserve, and Bitcoin, as well as currencies used in online games that can be bought and exchanged for dollars.228 These currencies are "virtual" because they operate like currency within their designated ecosystems, but lack the legal tender status of real currencies in any jurisdiction.229 Virtual currencies can be used to quickly and confidently move illicit proceeds from one country to another. And as long as the government is unable to link virtual currency accounts or addresses to their owners, the identities of those sending and receiving the proceeds are effectively shielded. According to the U.S. Secret Service, "[t]hese attributes make [virtual] currencies a preferred tool of transnational criminal organizations for conducting their criminal activities, transmitting their illicit revenue internationally, and laundering their profits."230 The following examples illustrate this trend.


Founded in 1996, e-Gold was a pseudonymous digital currency that was originally backed with gold coins stored in a safe deposit box in Florida. To open an e-Gold account, a person needed no more than a valid e-mail address. Once the account was established and funded, the account holder "could gain access through the Internet and conduct anonymous transactions with other e-Gold account holders anywhere in the world."231 As a result, e-Gold "quickly became the preferred financial transaction method of transnational cyber criminals – particularly those involved in the trafficking of stolen financial information and [personally identifiable information] of U.S. citizens – and a tool for money laundering by cyber criminals."232 At its peak, e-Gold moved more than $6 million each day for more than 2.5 million accounts.233 In 2007, the federal government shut down e-Gold. Its owners pleaded guilty to charges of money laundering and operating an unlicensed money transmitting business.234

Liberty Reserve

Incorporated in Costa Rica in 2006, Liberty Reserve S.A. for years operated one of the world’s most widely used virtual currencies. It provided what it described as "instant, real-time currency for international commerce," but it was allegedly designed to intentionally help criminals conduct illegal transactions and launder the proceeds of their crimes. In particular, it permitted users to conduct financial transactions under multiple layers of anonymity.235

According to federal prosecutors, Liberty Reserve was one of the principal means by which cyber criminals from around the world, including credit card thieves and computer hacking rings, laundered their illicit proceeds.236 Liberty Reserve’s website offered a "shopping cart interface" that "merchant" websites could use to accept Liberty Reserve currency as payment.237 The "merchants" who accepted Liberty Reserve currency were overwhelmingly engaged in criminal activities. They included traffickers in stolen credit card data, computer hackers for hire, and underground drug-dealing websites.238

With an estimated one million users worldwide, and more than 200,000 in the United States, Liberty Reserve processed more than 12 million financial transactions annually, with a combined value of more than $1.4 billion.239 From 2006 to May 2013, Liberty Reserve is believed to have laundered in excess of $6 billion in criminal proceeds.240

In May 2013, federal prosecutors in New York charged Liberty Reserve and its founders with operating an unlicensed money transmitting business, and conspiring to commit money laundering.241 The principal founder, as well as two other defendants, are pending extradition.242 Another defendant has entered a guilty plea and two others are at large. The site has been shuttered and effectively put out of business.

Bitcoin and Silk Road

Unlike most other virtual currencies, such as e-Gold and Liberty Reserve, Bitcoin is a decentralizeddigital-payments system. In other words, there is no centralized repository or administrator who serves to mediate transactions. Instead, all users install the open-source software on their computing devices, thereby creating a peer-to-peer network through which Bitcoin transactions are conducted and bitcoin "balances" are independently calculated. Significantly, Bitcoin transactions are possible from anywhere in the world there is an Internet connection. They are irreversible once conducted, and have few, if any, fees.

Figure 35Screenshot of Illicit Drugs For Sale on Silk Road WebsiteFigure 35: Screenshot of Illicit Drugs For Sale on Silk Road Website

Bitcoin was established in 2009 and its popularity has grown wildly in the past two years. While its use in legitimate commerce is growing, its use in criminal financial transactions was illustrated by its adoption as the exclusive payment mechanism for Silk Road. Often referred to as the "eBay for drugs," Silk Road was an anonymous online market that sold everything from marijuana to prescription drugs to weapons (Figure 35). According to the FBI, it was "the most sophisticated and extensive criminal marketplace on the Internet."243 One FBI inventory found 13,000 listings for controlled substances, 159 offerings for "services" (including a tutorial on hacking ATMs), as well as hundreds of offerings of hacked accounts and counterfeit IDs.244 Between February 2011 and July 2013, this "dark market" served more than 100,000 customers and facilitated approximately $1.2 billion worth of transactions.

Catching Up With Bitcoin

Ever since Bitcoin’s emergence in 2009, businesses, government regulators, and criminals have all wondered how best to characterize it. Is it money? A security? Or perhaps it is better understood as a commodity? The answer to this question has significant real-world implications, basically determining what regulations – including disclosure requirements – apply to the entities that use and transmit it.

Under guidance issued by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the federal Bank Secrecy Act and its various registration, record-keeping, and reporting requirements can apply to businesses that transmit not only real currency, but also "other value that substitutes for currency," such as Bitcoin. FinCEN guidance from March and December 2013 further clarified the scope of this regulation, explaining that any entity that serves as a digital currency administrator or as an intermediary for digital currency transmission is a money transmitter. Consequently, such entities are subject to FinCEN regulations, including its anti-money laundering compliance protocols and state licensure. Reflecting the significance of these regulations, U.S.-based entities that have attempted to skirt them have been shut down. For example, in May 2013, federal authorities seized a U.S. subsidiary of a leading Japanese-based Bitcoin exchange service, Dwolla, on the ground that it was operating as an unlicensed money transmitter. Despite these actions, hearings held over the last few months by the U.S. Senate and New York’s top financial regulator underscore that real concerns remain about the best way to address the money laundering threat posed by Bitcoin.

In California, special state laws that protect against money laundering also have a clear role to play in curbing misuse of Bitcoin. In fact, there is a strong argument that the California Money Transmission Act already applies to businesses that electronically exchange and transmit Bitcoin because Bitcoin is "a medium of exchange." What is certain is that, if transnational criminal organizations turn to Bitcoin to launder their illicit proceeds from the state, regulatory scrutiny will intensify.

Sources: 31 C.F.R. § 1010.100(ff); U.S. Department of the Treasury, Financial Crimes Enforcement Network, Guidance on the Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (Mar. 18, 2013), FIN-2013-G001; Seizure Warrant, In Matter of Seizure of One Dwolla Account Case, No. 13-1162 (D. Md. 2013).

In October 2013, the federal government shut down Silk Road, arrested the principal operator – a U.S. citizen living in the Bay Area – and charged him with narcotics trafficking, computer hacking, and money laundering, among other crimes.245 Top sellers and significant users in other locations around the world were also arrested. Most recently, in January 2014, federal authorities arrested a co-founder and chief executive of one of the Internet’s most popular bitcoin-dollar exchangers for conspiring to sell and launder over $1 million in bitcoins in connection with Silk Road drug purchases.246 Nonetheless, attempts to resurrect Silk Road continue.


As information systems and networks, consumer bank accounts, and digital content have all become vulnerable to high-tech exploitation, organized crime has evolved to seize new profit opportunities. In this new world, identification credentials and intellectual property have become the primary targets for illicit acquisition and distribution, criminals can purchase data and highly specialized skills from each other on the "dark market," and cutting-edge technologies enable transnational criminal organizations to evade detection and protect their illicit gains from law enforcement authorities in ways that are still not adequately understood.

Source: https://oag.ca.gov/transnational-organized-crime/ch5

Download File