Security experts have begun deciphering what cyber criminals will run to next for their under-the-table online transactions following the shuttering of Liberty Reserve.
While it's no surprise that Bitcoin, a fledgling form of digital money that has fluctuated in value, has surfaced as a potential contender, those in the industry say it's not without its drawbacks.
Currently valued at close to $100 each, Bitcoins were created in 2009 and can be earned through an open source program that rewards computational power. One can anonymously transfer Bitcoins online, but to fill a Bitcoin “wallet,” a user must solve mathematical problems that become increasingly harder and result in smaller payments as one progresses, or “mines,” the currency.
Team Cymru member Levi Gundert said that because Bitcoin is open source and has no “central authority” – even the true identity of the currency's developer is unknown – it could be a promising system for miscreants to take advantage of without major concerns of their operations being stamped out by law enforcement.
“It's truly an anonymous system, and bad guys really like that,” Gundert said. “And there is no central authority, unlike with Liberty Reserve.”
Researchers have already uncovered orchestrated efforts to amass Bitcoins, such as botnets that use their network of infected computers to conduct Bitcoin mining. In April, security firm Fortinet found that the ZeroAccess botnet was the top threat among its devices during the first quarter of the year. Bitcoin mining was only one of the botnet's tricks, but the feat was definitely a testament to the currency's value to some criminals.
RSA researcher Limor Kessem said she was dubious about the appeal of Bitcoins in the underground, primarily because it doesn't easily and directly provide bad guys with the liquid funds – as Bitcoins are converted worldwide into government-recognized currencies through third-party exchanges.
“It's all about how fast [criminals] can turn it into cash money," Kessem said. "You can't have someone transfer you an unlimited amount of Bitcoin, because it has to be created with a computer and it is limited.”
Team Cymru security research director Steve Santorelli said a “virtual exchange” may be all that is needed to get the job done.
“You don't necessarily need to convert it into cash,” he explained. "You can use it as virtual money to do a virtual exchange, like to buy credit card information, for instance. Or if someone rents your botnet, they may pay you in Bitcoins."
The virtual currency is already universally accepted on the “underweb,” he added, an off-the-grid online environment that isn't searchable by the go-to search engines of the world, like Google, and is often used by shady characters, like hitmen, drug traffickers or petty criminals who revel in veiling their identities.
Earlier this month, a panel of experts gathered at the Bitcoin 2013 conference in London to discuss the legal and regulatory challenges facing the currency – factors that could have significant influence over the lure it pulls in the underground.
Patrick Murck, general counsel for the Bitcoin Foundation, the nonprofit that supports the standardization of Bitcoin through public education and advocacy, told conference attendees (see video here) that the complexity of U.S. financial regulation, which varies from state to state, carries a “huge barrier to entry” for widescale adoption of Bitcoin.
“I refer to the U.S. as a payment technology backwater, and it's mainly because of this issue,” Murck said of challenges regulators present to Bitcoin entrepreneurs and exchangers.
For example, at the end of May, the California Department of Financial Institutions sent a cease-and-desist letter to the foundation for potentially engaging in the “business of money transmission” without authorization or a license.
In response, the foundation wrote a letter defending its position, saying it wasn't technically a money transmitter under California law.
According to Team Cymru's Santorelli, the appeal of Bitcoin will likely be driven by how the currency is governed, rather than if online communities vet its value.
“A lot depends on how the U.S. government decides to treat Bitcoin,” Santorelli said.