You may have heard about the Panama Papers—documents from a Panamanian law firm that revealed politicians, businessmen, and prominent individuals from countries all over the world were using offshore companies to cut their tax bills. It occurred to us to ask: Do cybercriminals avail of these services? Our research revealed that ads for offshore banking can also be found in underground forums. Offshore companies in Panama, the British Virgin Islands, and the Dominican Republic are used to hide the proceeds from cybercrime. How did we learn about these? Once we heard about the Panama Papers, we decided to check our sources to see if we could find anything related to shell companies in the various underground communities we monitor. At the end of the day, the same person who is trying to infect your computer and/or impersonate you is getting tons of money from victims all over the world. Are cybercriminals using offshore companies to hide their ill-gotten gains? We took a closer look. Shell companies have been popular for some time now. Their purpose is clear: to allow individuals to operate outside their home countries, hide their real identities, and make funds inaccessible to tax agencies. Cybercriminals have been using money-laundering services to move funds around without raising red flags, so offshoring funds should be a no-brainer for them. A quick look in underground communities revealed a variety of ads promoting money laundering in offshore countries. Several players on these underground forums offer off-the-shelf services to set up offshore shell companies. What do these ads offer? They will set up a fake company for you, which will have a named representative. They will handle all paperwork and open bank accounts, and you will receive a set of credit cards. Here is what one can expect as part of this offer:
- A person or company will be named as the nominal owner of the cybercriminal's new offshore company.
- A "trust" agreement will be signed, specifying that the nominal owner is not in control of the assets of the offshore company.
- A set of banking accounts in the offshore country will be registered to process any funds.
- False monetary transactions will be carried out on these accounts to prove that the company is alive.
- A set of credit cards tied to the bank accounts will be provided.
- A formal WebMoney (WM) passport which binds these cards to WM wallets will be given to the "customer." Although they are a legitimate financial service, WebMoney is often abused by cybercriminals to illegally move money around.
Figures 1 and 2. Posts from A6 advertising his services, claiming 10 years of experience (Click to enlarge)When we compared the offshore account offerings to simple money-laundering services, we found big differences. Money-laundering ads usually offer money exchange services, as well as pickup/store/placement. For instance, a user named Seva has been offering these services since 2011. He is even considered one of the most reliable sellers in the underground market. His activity log includes hundreds of thank you notes for “great and fast service". One poster claimed to have laundered millions of dollars via Seva's services.