Cryptocurrency Fraud , Cybercrime , Fraud Management & Cybercrime
Russians Can Use Crypto to Evade Sanctions, Researchers Warn'Reshippers' and Prepaid Cryptocurrency Virtual Credit Cards Can Facilitate Evasion
Dark web merchants have been offering Russians - consumers and criminals alike - services for bypassing international sanctions that may indirectly involve U.S. financial institutions, researchers warn.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
In a new report, threat intelligence firm Recorded Future says cybercrime markets have been advertising two strategies for evading sanctions: cryptocurrency virtual credit cards and mail-forwarding services, aka "reshippers."
Sellers on darknet markets and Telegram channels can of course claim whatever they like. But many markets feature reviews from buyers, attesting to whether or not service providers can be trusted. Some also feature escrow services, to ensure buyers get what they pay for.
Russians' cat-and-mouse games to evade Western sanctions to obtain desired goods and service appear likely to increase as sanctions' effects start to accumulate.
"While the Russian economy managed to navigate the first year of the war in Ukraine, the coming months and years could prove substantially more challenging," economist Gubad Ibadoghlu wrote in a recent blog post. For the Russian government, the cost of sustaining the war in Ukraine continues to grow, not least as war materiel has been depleted.
Already as a result of the sanctions and cost of the war, "2022 was a bad year for the Russian economy," the World Bank, the International Monetary Fund and the Organization for Economic Cooperation and Development reported. They estimate Russia's gross domestic product dropped in 2022 by between 2.2% and 3.9%, and they forecast that it could shrink further this year.
Experts say Russian residents appear to be turning to cryptocurrency to obtain goods and services from abroad, and in the case of domestic cybercriminals, to monetize illicit activities (see: How Russia's Ukraine War Disrupted the Cybercrime Ecosystem).
To test the identity checks in place for obtaining a cryptocurrency virtual credit card, Recorded Future researchers obtained one without having to verify their identity, registering a card carrying a value below the threshold at which firms must do identity checks.
When the researchers traced the card's origin, they found it had been issued by a U.S. financial services firm.
Given the international sanctions that have been imposed on Russia, "international financial institutions and merchants that are indirect participants of these workarounds may be at risk of falling under secondary sanctions," Recorded Future warns.
Waves of Sanctions
When Russian President Vladimir Putin on Feb. 24, 2022, ordered his forces to further invade Ukraine, the U.S. and 37 allied nations responded with fresh sanctions against the country. The U.S. Department of the Treasury said the newly unveiled sanctions were designed to "target the core infrastructure of the Russian financial system," including 80% of the country's banking assets. They also prohibited Sberbank and VTB Bank, the country's two largest banks, from processing payments using the U.S. financial system.
Successive waves of sanctions added SWIFT bans for more banks in Russia and Belarus, denied Russian aircraft access to EU airspace and prohibited the import or export of various goods and services to or from Russia, making it more difficult for Putin to finance the war.
In the early days of Russia's war of all-out conquest, both Visa and Mastercard suspended their Russian operations. While Russians could still use cards with either of the brands for domestic purchases, at least until the cards expire, they were blocked from using them for international purchases.
More than 1,000 companies have now curtailed operations in Russia, reducing access to goods and services.
In March 2022, Deputy U.S. Treasury Secretary Wally Adeyemo warned that there would be repercussions for organizations that facilitated sanctions evasion.
"What we want to make very clear to crypto exchanges, to financial institutions, to individuals, to anyone who may be in a position to help Russia take advantage and evade our sanctions: We will hold you accountable," Adeyemo told CNBC.
Recorded Future says the potential use of cryptocurrency virtual credit cards to evade sanctions could be better mitigated if firms add additional "know your customer" and anti-money laundering checks.
But while such safeguards should help, stolen personal identifiable information abounds, via which individuals can attempt to fake their identity with a cryptocurrency exchange. The Recorded Future researchers say dark web forums also offer fraudulent verification as a service.
Where the illicit delivery of goods is concerned, the cybercrime-as-a-service ecosystem already provides similar capabilities. Users of stolen payment card data - aka carders - rely on money mules to use the information to purchase subscriptions or stolen goods. These can be sold on auction sites or via dark web markets to monetize the stolen payment card data.
With the sanctions in place in Russia, these processes have been updated to facilitate getting stolen, banned, prohibited or blocked goods into the country. According to cybercrime underground chatter, as well as warnings posted by service providers, while not all goods get through, the success rate appears to remain relatively high. Service providers often advertise their ability to get goods delivered to warehouses outside Russia, from which they get routed to buyers inside the country.
"For example, the Telegram channel 'Tekhnika BestShopx' markets third-party delivery services to Russian cybercriminals who obtain goods from abroad via fraudulent purchases with stolen payment cards," the Recorded Future researchers say. They add that the channel's admin, in a Jan. 13 post, warned that these services, "which require a network of couriers and a positive relationship with customs officials to execute effectively, were growing in complexity."
But the admin claimed that 90% of orders were getting approved by customs officials, and while there were also some losses due to couriers for goods in transit, in either case, they guaranteed they would automatically reorder and attempt redelivery of the goods, unless buyers asked for a refund.