In the aftermath of Liberty Reserve's shutdown, security experts have begun deciphering what cyber criminals will run to next for their under-the-table online transactions.
While it's no surprise that Bitcoin, a fledgling form of digital money that has fluctuated in value, has surfaced as a potential contender, those in the industry say it's not without its drawbacks.
Currently valued at close to $100 each, Bitcoins were created in 2009 and can be earned through an open source program that rewards computational power. One can anonymously transfer Bitcoins online, but to fill a Bitcoin “wallet,” a user must solve mathematical problems that become increasingly harder and result in smaller payments as one progresses, or “mines,” the currency.
Levi Gundert, a member of internet security research nonprofit Team Cymru, told SCMagazine.com that because Bitcoin is open source and has no “central authority” – even the true identity of the currency's developer is unknown – it could be a promising system for miscreants to take advantage of without major concerns of their operations being stamped out by law enforcement.
“It's truly an anonymous system, and bad guys really like that,” Gundert said. “And there is no central authority, unlike with Liberty Reserve.”
Researchers have already uncovered orchestrated efforts to amass Bitcoins, such as botnets that use their network of infected computers to conduct Bitcoin mining. In April, security firm Fortinet found that the ZeroAccess botnet was the top threat among its devices during the first quarter of the year. Bitcoin mining was only one of the botnet's tricks, but the feat was definitely a testament to the currency's value to some criminals.
Not all are convinced of Bitcoin's attraction, however. Limor Kessem, a cyber crime and online fraud expert at RSA's FraudAction Research Lab, told SCMagazine.com that she was dubious about the appeal of Bitcoins in the underground, primarily because of its worth to saboteurs who prefer cold, hard cash as quickly as possible.
According to Kessem, Bitcoin doesn't easily and directly provide bad guys with the liquid funds – as Bitcoins are converted worldwide into government-recognized currencies through third-party exchanges.
“[Bitcoin] is somewhat interesting, but not very,” Kessem said. “It's all about how fast [criminals] can turn it into cash money. You can't have someone transfer you an unlimited amount of Bitcoin, because it has to be created with a computer and it is limited.”
Steve Santorelli, Team Cymru's director of security research, told SCMagazine.com that sometimes a “virtual exchange” is all that is needed to get the job done, however.
“You don't necessarily need to convert it into cash,” he explained. "You can use it as virtual money to do a virtual exchange, like to buy credit card information, for instance. Or if someone rents your botnet, they may pay you in Bitcoins."
The virtual currency is already universally accepted on the “underweb,” he added, an off-the-grid online environment that isn't searchable by the go-to search engines of the world, like Google, and is often used by shady characters, like hitmen, drug traffickers or petty criminals who revel in veiling their identities.
Earlier this month, a panel of experts gathered at the Bitcoin 2013 conference in London to discuss the legal and regulatory challenges facing the currency – factors that could have significant influence over the lure it pulls in the underground.
Patrick Murck, general counsel for the Bitcoin Foundation, the nonprofit that supports the standardization of Bitcoin through public education and advocacy, told conference attendees (see video here) that the complexity of U.S. financial regulation, which varies from state to state, carries a “huge barrier to entry” for widescale adoption of Bitcoin.
“I refer to the U.S. as a payment technology backwater, and it's mainly because of this issue,” Murck said of challenges regulators present to Bitcoin entrepreneurs and exchangers.
For example, at the end of May, the California Department of Financial Institutions sent a cease-and-desist letter to the foundation for potentially engaging in the “business of money transmission” without authorization or a license.
In response, the foundation wrote a letter defending its position, saying it wasn't technically a money transmitter under California law.
According to Team Cymru's Santorelli, the appeal of Bitcoin will likely be driven by how the currency is governed, rather than if online communities vet its value.
“A lot depends on how the U.S. government decides to treat Bitcoin,” Santorelli said.