With Liberty Reserve Down, What’s In Store for Cybercriminals Now?

With Liberty Reserve being taken down and its owner arrested, many fraudsters now find themselves having to recuperate from substantial financial losses. As the e-currency service was to the equivalent of US dollars in the underground economy, the impact of this sudden shutdown is severe, and the dust it raised may take a while to settle. That being said, savvy fraudsters would have known not to put all their electronic eggs in one basket, as history has a nasty tendency to repeat itself – and this case is no different. The Liberty Reserve era may have ended, but its fate was no different than what befell the eras that came before it.

The original e-currency that fraudsters adopted – e-gold – was not much different in concept than Liberty Reserve. The company was US-based and offered electronic currency backed by real gold. When prices of gold fluctuated, so did the value of an e-gold. At the time, e-gold reigned supreme in the cybercriminal circles, to the point that fraudsters were trying to defraud funds from one another. Much as recent Liberty Reserve cases, various phishing and other scams against e-gold existed, mainly targeting other fraudsters. Eventually, in 2007 the operation of the service was stopped by the US government, and the company was indicted (the defendants later plead guilty as part of a plea bargain). Once e-gold was shut down, fraudsters found themselves in a similar pickle to today’s generation of cybercriminals. The predicament was similar – suffer losses and move to another e-currency: WebMoney.

WebMoney is a Moscow-based currency service that garnered popularity in Russian underground circles. Once the e-gold business hit the fan, many non-Russians discovered the service. It seemed as though the underground economy was ready to adopt a new currency –one that wasn’t only located in the US but located in cybercrime-haven Russia. All the better! But WebMoney’s operators had other thoughts in mind. When fraudsters started using WMZ en-mass, WebMoney refused to become a platform for cybercrime dealings, putting many new hurdles into place to limit using their service without a real identity.

Even if various underground services did offer ways of circumventing these security measures, the cost of using WebMoney went up and many fraudsters began looking for yet another alternative. And so… along came Liberty Reserve.

Compared to WebMoney, Liberty Reserve was considered ‘promiscuous’ when it came to identifying oneself – and fraudsters loved it. For a while, most vendors accepted both WebMoney and Liberty Reserve, but eventually Liberty Reserve took over the criminal-market-share. Liberty Reserve was the undisputed star of the cybercrime arena and the preferred payment method for malware authors, Fraud-as-a-Service (FaaS) merchants and small-time peddlers alike.

Now that star has faded.  So, what’s next? Looking back to what happened with e-gold, there are three likely scnearios that will play out.

First, fraudsters may re-discover WebMoney. Although it is relatively challenging for fraudsters to use it compared to Liberty Reserve, its familiarity and global availability may attract the return of some of the underground vendors, especially Russians and East Europeans.

Second, fraudsters may migrate to a new e-currency that exists on the market. Just as fraudsters moved to WebMoney after the e-Gold takedown, and then again to Liberty Reserve when WebMoney became too hard to use, another similar migration is possible. It’s not like there aren’t any other e-currency services out there.

The third likely option, as Brian Krebs already noted, is that fraudsters will adopt the “hacker currency” – Bitcoin. While Bitcoin has certainly made a lot of noise and became quite popular in certain circles, the fraudster underground remained faithful to Liberty Reserve. As an alternative, Bitcoin is a relatively mature option with a better infrastructure than most of the e-currency alternatives. If that ends up being the case and Bitcoin does eventually get adopted (and there is evidence that it’s already happening), its legitimate users may become even bigger targets for fraudsters.  Although it is too early to say where the chips will fall, the next few weeks will tell.