How the Liberty Reserve Crackdown Threatens Your Online Anonymity
Liberty Reserve allowed people to make anonymous online transactions. It was a favored payment method among cybercriminals.
CREDIT: Denis Vrublevski
Last week the U.S. Federal Court filed an indictment against Liberty Reserve, an online currency exchange website that allowed users to anonymously transfer funds anywhere in the world. Liberty Reserve was also known to be popular among cybercriminals.
Liberty Reserve and its seven principal operators are charged with money laundering and operating an unlicensed money-transmitting business.
Liberty Reserve's website domain, as well as all its financial assets and accounts, were seized last week. At the same time, founder Arthur Budovsky was arrested in Spain and several of his Liberty Reserve colleagues were arrested in Costa Rica, where the website was based and Budovsky was a citizen after having renounced his U.S. citizenship in 2012. Another colleague was arrested in Brooklyn, N.Y.
The indictment, issued by the U.S. District Court for the Southern District of New York, alleges that Liberty Reserve was created for the express purpose of enabling money laundering.
"Virtually all of Liberty Reserve's business derived from suspected criminal activity," the indictment stated.
To open a Liberty Reserve account, prosecutors alleged that users had only to provide a name, birth date and email address. They could deposit funds via bank account, credit card or other electronic method, which would then be translated to Liberty Reserve's currency, called "LR."
The LR could then be redeemed for cash from various third-party merchants and companies throughout the world.
Money exchanged through Liberty Reserve has allegedly been connected to a variety of crimes both cyber and otherwise, from child pornography and drugs to the purchase of hacking technology.
[See also: Don't Believe the Hype about Hollywood Malware]
"Through the defendants' efforts, Liberty Reserve has emerged as one of the principal means by which cyber-criminals around the world distribute, store and launder the proceeds of their illegal activity," the U.S. indictment reads.
Who shot Liberty Reserve?
For the prosecutors, there appears to be little question that Budovsky and his colleagues used the site they created for illegal activities, or even that the site was created for the express purpose of facilitating crime.
But it's not as simple as that. By shutting down the entire Liberty Reserve system as well as arresting the operators, the U.S. and its international allies have cracked down on anonymous digital currency.
The indictment specifically links anonymous digital currency with criminal activity, saying: "The defendants deliberately attracted and maintained a customer base of criminals by making financial activity on Liberty Reserve anonymous and untraceable."
Robert David Graham, the CEO of Atlanta-based private cybersecurity firm Errata Security, agreed that Liberty Reserve was a criminal institution.
"Liberty Reserve wasn't a normal bank. They didn't desire to be a normal bank. It was set up to be a bank for criminals — that's what all the evidence points to."
But, Graham added, "Just because you want privacy doesn't mean you're up to no good. …That needs to be stressed."
"Anonymous cash is becoming more and more illegal as far as the government is concerned," Graham said. "Any transaction the government can't monitor they get unhappy about."
Online privacy advocate Aestetix, who makes a point of using only a pseudonym, points out that even if cracking down on online anonymity wasn't the intention of the Liberty Reserve takedown, online privacy will still be affected.
"The main impact is in public perception. A lot of people don't know very much about online anonymity, and the only times they hear about it are when bad things happen," Aestetix wrote in an email to TechNewsDaily.
"So in an event like the Liberty Reserve shutdown, a lot of people may draw the conclusion that a solution to prevent illegal activity from happening is to force people to use their legal names online, which winds up impacting all kinds of other people who need online anonymity."
Crime and punishment
It was technically possible to use Liberty Reserve in an entirely legal way. For example, Mitchell Rossetti of Houston-based Mitver Holdings says he used Liberty Reserve legally to run a service called epay-cards.com, which provided users around the world with prepaid debit cards.
Rossetti said he used Liberty Reserve, and not a more respected alternative like Paypal, because Liberty Reserve ensured that charges couldn't be reversed. Reversing charges is a frequent critique of PayPal.
When the U.S. seized Liberty Reserve, Mitver Holdings lost thousands of dollars in capital. Rossetti says he is in contact with the New York district attorney's office, however, and hopes to get the money returned.
But the warning signs were there. PayPal stopped processing payments through Liberty Reserve five years ago. In 2011, the Costa Rican government denied Liberty Reserve an operating license.
Budovsky had previously been arrested in the U.S. for operating a similar site, called GoldAge, which was shut down in 2006. Budovsky was sentenced to five years of probation, at which point he fled the U.S. for Costa Rica and began setting up Liberty Reserve.
Still, aside from failing to get a license there was nothing inherently criminal about the way Liberty Reserve operated. What made it stand out from other online currency exchanges — and what attracted so many criminals — is the great lengths to which it went to protect users' identities.
"So there's nothing about the architecture [of Liberty Reserve] that's unusual, nothing about how this online payment system worked [as opposed to other systems]," said Paul F. Roberts, an editor at The Security Ledger, a Boston-based security news site. "It really came down to [the fact that Liberty Reserve] was not asking anybody information…and taking a lot of steps to protect their anonymity, and that is aiding these cybercriminal operatives."
Roberts says that the takedown of Liberty Reserve represents a new way of going after cybercriminals — instead of taking them on one at a time, the U.S. and its international partners are focusing on undermining the systems that criminals depend on to perpetrate crime.
"It's kind of like a 'drain the swamp' [approach]," Roberts said. "If you go after one Ukrainian cybercrime operation that can be good at breaking up an individual scam and putting a few people behind bars — if you can get the Ukraine to actually prosecute them — but if you go after Liberty Reserve or other tools that are shared in common among all these gangs, you haven't arrested anyone but you've made it a lot harder for them to continue making money."