In the context of the recent Panama Papers scandal, Trend Micro's security and threat laboratory – a company specializing in the defense of digital threats and security in the cloud era – decided to go deep and analyze whether cybercriminals would also use such illegal services.
Research revealed that advertisements for offshore banking can be found on underground forums: companies in Panama, the British Isles and the Dominican Republic are used to hide profits from cybercrime.
The process began when Trend Micro threat researchers decided to check the various underground communities monitored for anything related to shell companies or illicit earnings.
A survey of underground communities revealed several advertisements promoting money laundering in offshore companies. Several members offer "off-the-shelf" services to set up an offshore shell company.
See the items included in this offer:
1. A person or company will be named as the nominal owner of the cybercriminal's new offshore company;
2. A "trust" agreement will be signed specifying that the nominal owner does not control the offshore company's assets;
3. A set of bank accounts will be opened in the offshore country to carry out any type of transaction;
4. False monetary transactions will be performed on these accounts to prove that the company "exists";
5. A series of credit cards linked to bank accounts will be provided;
6. A formal WebMoney (WM) passport, which connects these credit cards to WM wallets, will be given to the "client". WM is a very popular way that cybercriminals use to move money.
Trend Micro found a provider dubbed A6, which offers a full range of money laundering services for offshore accounts.
A6 publications advertising their services
When comparing offshore bank account offerings to simple money laundering offerings, Trend Micro found stark differences.
Money laundering ads often offer currency exchange as well as withdrawal/storage/insertion services. For example, a user named Sava is considered to be one of the most trusted sellers in the black market and has been offering these services since 2011. His activity log includes hundreds of thank you notes for "great and fast service".
Most offshore services found in German or Russian on underground forums seem to use companies located in Panama, the British Virgin Islands and the Dominican Republic. Apparently, these three countries are the most sought after locations by the cybercriminal community.
Trend Micro didn't find a lot of feedback from user reviews regarding offshore services, but this is likely due to the fact that cybercriminals need to make large money transfers and want to remain inconspicuous.
On the other hand, newbies or small-time cybercriminals do not need this type of service and simply use money laundering services.
Based on what Trend Micro has observed, it is safe to say that some cybercriminals are offshore account holders. The company has plans to investigate this topic further, bringing new data on the subject.
Research revealed that advertisements for offshore banking can be found on underground forums: companies in Panama, the British Isles and the Dominican Republic are used to hide profits from cybercrime.
The process began when Trend Micro threat researchers decided to check the various underground communities monitored for anything related to shell companies or illicit earnings.
A survey of underground communities revealed several advertisements promoting money laundering in offshore companies. Several members offer "off-the-shelf" services to set up an offshore shell company.
See the items included in this offer:
1. A person or company will be named as the nominal owner of the cybercriminal's new offshore company;
2. A "trust" agreement will be signed specifying that the nominal owner does not control the offshore company's assets;
3. A set of bank accounts will be opened in the offshore country to carry out any type of transaction;
4. False monetary transactions will be performed on these accounts to prove that the company "exists";
5. A series of credit cards linked to bank accounts will be provided;
6. A formal WebMoney (WM) passport, which connects these credit cards to WM wallets, will be given to the "client". WM is a very popular way that cybercriminals use to move money.
Trend Micro found a provider dubbed A6, which offers a full range of money laundering services for offshore accounts.
A6 publications advertising their services
When comparing offshore bank account offerings to simple money laundering offerings, Trend Micro found stark differences.
Money laundering ads often offer currency exchange as well as withdrawal/storage/insertion services. For example, a user named Sava is considered to be one of the most trusted sellers in the black market and has been offering these services since 2011. His activity log includes hundreds of thank you notes for "great and fast service".
Most offshore services found in German or Russian on underground forums seem to use companies located in Panama, the British Virgin Islands and the Dominican Republic. Apparently, these three countries are the most sought after locations by the cybercriminal community.
Trend Micro didn't find a lot of feedback from user reviews regarding offshore services, but this is likely due to the fact that cybercriminals need to make large money transfers and want to remain inconspicuous.
On the other hand, newbies or small-time cybercriminals do not need this type of service and simply use money laundering services.
Based on what Trend Micro has observed, it is safe to say that some cybercriminals are offshore account holders. The company has plans to investigate this topic further, bringing new data on the subject.
EN 
PT 
