How Tech Companies and Social Media Help Money Launderers

It was bigger than an Ocean's Eleven-level heist. Except it happened without explosions and in slow motion.

When North Korean hackers cracked into Bangladesh Bank in 2015, they didn't actually move any money until 2016. Why the wait to steal a billion dollars?

The answer was another question: "Where do you put a billion dollars? They didn't know—that's what took the time," says cybercrime investigative journalist Geoff White.

"Had they not been able to find a route for the money, they wouldn't have stolen the money."

By this logic, if you can stop money laundering—the process of illegally concealing the source of ill-gotten money—you can stop the types of fraud, drug dealing and sex trafficking that need it to function.

In Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks, White takes us around the world—Russia, the U.K., Colombia, Nigeria—to chronicle modern money laundering.

His case studies are varied: Cryptocurrency schemes used to hide drug smuggling money through a beauty product website run out of a suburban English town. A team of earnest tech bros in Ohio who accidentally help their boss with his secret side business laundering money for  darknet criminals. And a forensic accounting case that ends the rampant child sex trafficking problem on the website Backstage.

We talk to White—who has been investigating cybercrime for more than a decade and hosts a podcast called "The Dark Web" on the subject—about the dangerous effects of money laundering on the tech industry and why "smurfing" on Snapchat isn't as cute as it sounds.

Why do you think the average person needs to know about cybercrime, money laundering, hack heists and the dark web?

The short answer is, it's the only way we can ever increase our safety. The idea that some government somewhere, some corporation, is going to protect us—that's just not going to work. I can access my bank accounts in the jiffy. I can access all the folders at work. I've got access to thousands of emails. All that power we have over the information is great, it allows us to do things [with it]. But, to quote the Spider-Man movies, 'With great power comes great responsibility.'

[Moreover], increasingly, people will know somebody who's lost money in a romance scam or who's been ripped off in crypto. They will know somebody who's been hooked on drugs and suffered as a result of it. And that all comes from money laundering.

Why do criminals need to launder money?

If you sell a lot of drugs on the street to make a lot of money, that money is vulnerable. It's vulnerable to getting stolen by your rivals. It's vulnerable to getting surveilled by the police. Money is innately suspicious.

Also, it's vulnerable to inflation—that's the other thing about having cash! Cash doesn't make any interest; it just sits there. So, you want to try and get that cash into some kind of financial institution. And of course, as soon as you turn up at the bank with a million dollars in cash, they can ask very awkward questions.

What exactly is 'smurfing?' And why might this old school money laundering method be a problem on social media apps?

With 'smurfing,' what you can do instead is divide it between 1,000 friends. You give them each $1,000 and they each deposit $1,000 into the bank. The bank probably won't ask any questions. These are fairly small amounts of money, but then you get your friends to send those small amounts into your account, and  presto, you've got your million.

This is called smurfing, because of the cartoon with little blue characters. You know you're using an army of anonymous individuals.

What's caught people out, traditionally, with this smurfing is that most people don't have 1,000 friends. Creating a sort of army of smurfs, unless you're an incredibly gregarious and convincing person, is difficult. So, the reason you might use social media is you can put a post on Instagram or Snapchat and you can say, 'Hey, would anyone like quick buck? Give me your bank account details, and I'll transfer some money through, and I'll give you a share of it.'

Social [media] is a way of recruiting enough of those little characters to distribute the money and make sure the amounts are small enough that the bank's not going to get suspicious.

It seems tech innovators can unintentionally create fertile ground for money launderers.

Yeah, absolutely. In a lot of cases, technology unwittingly enables money laundering, and that's because tech and money laundering have strangely similar situations they want to create in the world.

If I'm a money launderer, I want somewhere there's lots of money sloshing around. I want loads of money so I can hide my criminal money in the noise. Second thing I want is an international [place to withdraw money]. I want to be able to put my criminal money in [a bank in] Los Angeles and withdraw it in London. And I want [the international place to have] no regulation. I do not want regulators and cops sniffing around.

And if you're going to set up a tech startup, what do you want? You want a marketplace where there's valuations all over the place, [like with] Uber and Airbnb. It's open market. You want areas that aren't regulated, because that's where you can set up my tech startup and can gain market share.

It's not that technologists want to enable money launders, it's just the two end up having a lot in common. And so, when [innovators] come up with new technology, it's at the cutting edge of finance, and money launderers look and think, 'Well, that's great, because the cutting edge of finance is where [there are no] cops because they struggle to keep up with that.'

In the case of Coin Ninja, a crypto company, employees had no idea that their boss was using his other crypto company, Helix, to help money launderers on the dark web. Do you think there are a lot of people who are accidentally working for money laundering outfits?

There will be a lot of people who are working for organizations that have a big problem with money laundering activity. It's not that [these companies] are set up solely for that activity. It's just that their bosses and the people who run and create these companies  would rather look at the profit margin than look at the possible ways their services are being abused. Now, at a lower level, there'll be people who work in HR and marketing and [who handle] accounts who've got nothing to do with any of that. I don't know how far I shift culpability down toward those people.

In the case of Coin Ninja, I don't think any of the people in that company had any suspicion. There was no suspicion because Helix, the service previously set up by Coin Ninja's boss, was doing the laundering. I think those people are probably as innocent as it goes and certainly had a crazy day [when their boss was arrested].

You've written about romance scams where a criminal uses a fake identity to get people to trust them, enter into a fake online relationship of some sort and then steal from them. The  FBI has reported over $650 million lost to  such scams, with some of the most notable coming out of Nigeria, right?

This is a systemic financial predation on the U.S. and communities in Europe. The idea that this is a few people somewhere in Nigeria ripping off a few old people somewhere [is wrong], this is a systemic organized crime campaign that is draining wealth.

There are some I've seen interviewed in Nigeria who would say the international community has stolen from Nigeria. Wealth has been taken out of African countries like Nigeria by Western malpractice. And so, there's this idea that this is almost payback. I don't personally agree with that. But I find it an interesting point. Nonetheless, what you've got is a situation where there's a vast organized crime empire that is draining the bank accounts of people, a few tens of thousands [of dollars] at a time, and it's adding up to billions [globally].

Is there a fraudster out there who you'd most like to interview?

[Just recently] I sent what I think is my sixth or seventh letter to Ghaleb Alaumary, who ended up laundering millions for North Koreans in tandem with an Instagram influencer 'Hushpuppi.'

[Alaumary is in prison serving over 11 years.]

[Also,] the North Korean hackers he was working for are incredibly bright, gifted individuals. I really want to speak to a North Korean hacker because I think it would be such a fascinating conversation for them to have, because they can see our side.

Has reporting on money laundering and other cybercrimes—like massive hack heists—made you a target online? How careful are you with your own online info?

I'll check out people's email addresses and stuff. I probably do it at a bit of a higher level. But fundamentally, the things that I do are having my data backed up somewhere safe and being suspicious of messages—those two things everybody should be doing for themselves.

Because I've covered so many victims of hacking and cybercrime and so on, in a way, I'm at a bit of an advantage in that I know the kind of tactics that will be used: Phishing emails and messages on Facebook or WhatsApp where somebody comes to you with something urgent or there's something tempting.

Just receiving those messages isn't enough to get you into trouble. You have to interact with them, so you have to click on the link or open the attachment or give them your details or your password. So, as soon as any message arrives in my inbox, I'm innately suspicious. I get people emailing me saying, 'Would you like to do a talk for us at this conference immediately?' I'm not going to open any attachments or links that sent me, and I'm going to check them out before I interact with them.