Whilst cyber-crime is now a major business, one of the key challenges for cyber-criminals is how to legitimise the revenue stream from illegal activities in such a way that the authorities cannot confiscate the assets.
Security researcher Brian Krebs has reported on the use of so-called money mules - legitimate bank account users who allow accounts to be used as way-points as money is siphoned out of a given country - but almost all major banks on both sides of the Atlantic now have systems in place to spot such activity.
It's against this backdrop that a report from McAfee claims to have identified the increasing use of online gaming and gambling sites as a means of money laundering from cyber-criminal activities.
According to the study, which is entitled `Jackpot! Money Laundering Through Online Gambling', the high volumes of money flowing through some sites makes it relatively easy for cyber-criminals to `hide' their own transactions and effectively end up with legitimate and trackable money in their accounts after laundering the money through gaming websites.
With a `house edge' (commission) of 2.7 per cent on European roulette and 5.26 per cent on American roulette, SCMagazineUK.com notes that if a criminal were to back every number on the table with their account, the commission is much less than when using other laundering processes, such as using corrupt banks or pre-paid debit cards to make purchases for later sale on auction websites.
McAfee's analysis says that the sheer number of online casinos makes them hard to police, and with payouts being tax-free in most countries, the infrastructure for monitoring transactions is non-existent in most cases - and the anonymity afforded to online players again helps criminals evade arrest.
"Given the growing and ever-changing landscape of online gambling players and enablers, those working to apprehend cyber-criminals must have a variety of skills and perspectives into this extensive money-laundering infrastructure,” says the report.
“These actors must be able to leverage cross-sector/border and public-private partnerships, combining the capabilities of law enforcement, ISPs, Internet security companies, independent monitoring organisations, academia, and the financial institutions ultimately in receipt of suspicious fund transfers," it adds.
The study concludes that the IT industry - including ISPs and government agencies - need to produce threat assessments, including trend analyses and forecasts, as well as new developments on cyber-criminal activity and functional processes.
"Without a means to cash out, the volume of cyber-crime would decrease," says the report, adding that the anonymous online money-laundering marketplace today is growing rapidly with the volume of attacks.
The good news is that the US Government is now investigating the problem, after a professional poker player wrote to the New Jersey Director of Gaming Enforcement back in January, warning that online poker is vulnerable to money-laundering and collusion, and requested the opportunity to show how it worked, if provided immunity from prosecution.
As a result of this letter and other concerns, the US Congress is now considering two bills that would either create an `Office of Internet Poker Oversight' in the Commerce Department or a broader `Office of Internet Gambling Oversight' in the US Treasury.
Commenting on the report, digital forensics specialist Professor Peter Sommer, said the cyber-criminal use of casinos is not a new phenomenon - as back in 2006 he was acting as an expert witness in testing the evidence in the trial of a group of Eastern Europeans allegedly involved in money laundering.
“They were organised by a Russian who fled to Moscow just before the UK authorities got on to him,” he said, adding that the money mules bought gambling chips at a succession of London casinos.
Sommer – a Visiting Professor with de Montfort University – went onto say that the mules were using bank accounts that had been acquired using classic rogue mail and malware activities.
“They then participated in modest gambling activity before claiming their winnings,” he said, noting that that the actual events in the case took place in 2004 – some ten years ago.