Pavel Durov and Telegram: In the Spotlight Again
October 21, 2024
No smart software used for the write up. The art, however, is a different story.
Several news sources reported that the entrepreneurial Pavel Durov, the found of Telegram, has found a way to grab headlines. Mr. Durov has been enjoying a respite in France, allegedly due to his contravention of what the French authorities views as a failure to cooperate with law enforcement. After his detainment, Mr. Durov signaled that he has cooperated and would continue to cooperate with investigators in certain matters.
A person under close scrutiny may find that the experience can be unnerving. The French are excellent intelligence operators. I wonder how Mr. Durov would hold up under the ministrations of Israeli and US investigators. Thanks, ChatGPT, you produced a usable cartoon with only one annoying suggestion unrelated to my prompt. Good enough.
Mr. Durov may have an opportunity to demonstrate his willingness to assist authorities in their investigation into documents published on the Telegram Messenger service. These documents, according to such sources as Business Insider and South China Morning Post, among others, report that the Telegram channel Middle East Spectator dumped information about Israel’s alleged plans to respond to Iran’s October 1, 2024, missile attack.
The South China Morning Post reported:
The channel for the Middle East Spectator, which describes itself as an “open-source news aggregator” independent of any government, said in a statement that it had “received, through an anonymous source on Telegram who refused to identify himself, two highly classified US intelligence documents, regarding preparations by the Zionist regime for an attack on the Islamic Republic of Iran”. The Middle East Spectator said in its posted statement that it could not verify the authenticity of the documents.
Let’s look outside this particular document issue. Telegram’s mostly moderation-free approach to the content posted, distributed, and pushed via the Telegram platform is like to come under more scrutiny. Some investigators in North America view Mr. Durov’s system as a less pressing issue than the content on other social media and messaging services.
This document matter may bring increased attention to Mr. Durov, his brother (allegedly with the intelligence of two PhDs), the 60 to 80 engineers maintaining the platform, and its burgeoning ancillary interests in crypto. Mr. Durov has some fancy dancing to do. One he is able to travel, he may find that additional actions will be considered to trim the wings of the Open Network Foundation, the newish TON Social service, and the “almost anything” goes approach to the content generated and disseminated by Telegram’s almost one billion users.
From a practical point of view, a failure to exercise judgment about what is allowed on Messenger may derail Telegram’s attempts to become more of a mover and shaker in the world of crypto currency. French actions toward Mr. Pavel should have alerted the wizardly innovator that governments can and will take action to protect their interests.
Now Mr. Durov is placing himself, his colleagues, and his platform under more scrutiny. Close scrutiny may reveal nothing out of the ordinary. On the other hand, when one pays close attention to a person or an organization, new and interesting facts may be identified. What happens then? Often something surprising.
Will Mr. Durov get that message?
Stephen E Arnold, October 21, 2024
Hey, France, Read Your Pavel-Grams: I Cooperate
October 18, 2024
Just a humanoid processing information related to online services and information access.
Did you know that Telegram has shared IPs since 2018. Do your homework!
Telegram is a favored message application, because it is supposed to protect user privacy, especially for crypto users. Not say, says Coin Telegraph in the article, “Telegram Has Been Disclosing User IPs Since 2018, Durov Says.” Before you start posting nasty comments about Telegram’s lies, the IPs the message is sharing belong to bad actors. CEO Pavel Durov shared on his Telegram channel that his company reports phone numbers and IP addresses to law enforcement.
The company has been disclosing criminal information to authorities since 2018, but only when proper legal procedure is followed. Telegram abides by formal legal requests when they are from relevant communication lines. Durov stressed that Telegram remains an anonymous centered app:
Durov said the news from last week showed that Telegram has been “streamlining and unifying its privacy policy across different countries.” He stressed that Telegram’s core principles haven’t changed, as the company has always sought to comply with relevant local laws ‘as long as they didn’t go against our values of freedom and privacy.’ He added: ‘Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.”’
French authorities indicted Durov in August 2024 on six charges related to illicit activity via Telegram. He posted the $5.5 million bail in September, then revealed to the public how his company complies with legal requests after calling the charges misguided.
Kudos for Telegram disclosing the information to be transparent.
Whitney Grace, October 18, 2024
Deepfake Crime Surges With Scams
October 16, 2024
Just a humanoid processing information related to online services and information access.
Everyone with a brain knew that deepfakes, AI generated images, videos, and audio, would be used for crime. According to the Global Newswire, “Deepfake Fraud Doubles Down: 49% of Businesses Now Hit By Audio and Video Scams, Regula’s Survey Reveals.” Regula is a global developer of ID verification and forensic devices. The company released the survey: “The Deepfake Trends 2024” and it revealed some disturbing trends.
Regula’s survey discovered that there’s a 20% increase in deepfake videos from 2022. Meanwhile, fraud decision-makers across the globe reported a 49% increase encounter deepfakes and there’s also a 12% rise in fake audio. What’s even more interesting is that bad actors are still using old methods for identity fraud scams:
“As Regula’s survey shows, 58% of businesses globally have experienced identity fraud in the form of fake or modified documents. This happens to be the top identity fraud method for Mexico (70%), the UAE (66%), the US (59%), and Germany (59%). This implies that not only do businesses have to adapt their verification methods to deal with new threats, but they also are forced to combat old threats that continue to pose a significant challenge.”
Deepfakes will only get more advanced and worse. Bad actors and technology are like the illnesses: they evolve every season with new ways to make people sick while still delivering the common cold.
Whitney Grace, October 16, 2024
Flappy Bird Flutters to Life Thanks to the Power of the New Idol, Crypto
October 15, 2024
Just a humanoid processing information related to online services and information access.
Flappy Bird is coming out of retirement after a decade away. Launched in 2013, the original game was wildly popular and lucrative. However, less than a year later, its creator pulled it from app stores for being unintentionally addictive. Subsequently, players/addicts were willing to pay hundreds or thousands of dollars for devices that still had the game installed. Now it has reemerged as a Telegram crypto game. Much better. Decrypt reports, “What Is ‘Flappy Bird’ on Telegram? Iconic Game Returns with Crypto Twist.” Writer Ryan S. Gladwin tells us the game is basically the same as before, with a few additions just for crypto bros:
“Developed by the Flappy Bird Foundation, the Telegram game mixes in elements from other crypto games on the app, including the likes of Hamster Kombat, by allowing players to passively earn in-game points by obtaining upgrades. These are earned through a variety of ways, including watching ads and inviting friends.”
Naturally, a custom Flappy Bird token will be introduced. And, as with most of this year’s “tap-to-earn” games, it will reside on Telegram’s decentralized network, simply named The Open Network (TON). We learn:
"Yes, there will be a FLAP token launched in relation with the Telegram version of Flappy Bird. This has been confirmed in tweets from the official game account on Twitter (aka X), and the game will also offer staking rewards for the future token. Previously, The Flappy Bird Foundation said that it has plans to integrate The Open Network (TON)—the network that most tap-to-earn games launch tokens on. Notcoin, the tap-to-earn game that started the Telegram craze with the largest crypto gaming token launch of the year, is the ‘strategic publishing partner’ for Flappy Bird’s return. This partnership is set to help introduce The Open Network (TON) ecosystem to Flappy Bird with the game starting a ‘free mining event’ at launch called ‘Flap-a-TON.’ A mining event is usually a period of time in which players can make gameplay progress to get a cut of a future token airdrop.”
What a cutting-edge way to maximize engagement. If he was so upset about his game’s addictive qualities, why did creator Dong Nguyen sell it to an outfit that meant to crypto-tize it? In fact, he did not. After the game languished for four years, the trademark was deemed abandoned. A firm called Mobile Media Partners Inc. snapped up the languishing trademark and later sold it to one Gametech Holdings LLC, from whom the Flappy Bird Foundation bought it earlier this year. That must have been quite a surprise to the conscientious developer. Not only were Nguyen’s wishes for his game completely disregarded, he is receiving no compensation from the game’s reemergence. Classy.
Cynthia Murrell, October 15, 2024
FOGINT: UN Says Telegram Is a Dicey Outfit
October 14, 2024
The only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.
One of my colleagues forwarded a dump truck of links to articles about a UN Report. Before commenting on the report, I want to provide a snapshot of the crappy Web search tools and the useless “search” function on the UN Web site.
First, the title of the October 2024 report is:
Transnational Organized Crime and the Convergence of Cyber-Enabled Fraud, Underground Banking and Technological Innovation in Southeast Asia: A Shifting Threat Landscape
I want to point out that providing a full title in an online article is helpful to some dinobabies like me.
Second, including an explicit link to a document is also appreciated by some people, most of whom are over 25 years in age, of above average intelligence, and interested in online crime. With that in mind, here is the explicit link to the document:
https://www.unodc.org/roseap/uploads/documents/Publications/2024/TOC_Convergence_Report_2024.pdf
Now let’s look briefly at what the 142 page report says:
Telegram is a dicey outfit.
Not bad: 142 pages compressed to five words. Let look at two specifics and then I encourage you to read the full report and draw your own conclusions about the quite clever outfit Telegram.
The first passage which caught my attention was this one which is a list of the specialized software and services firms paying attention to Telegram. Here is that list. It is important because most of these outfits make their presence known to enforcement and intelligence entities, not the TikTok-type crowd:
Bitrace
Chainalysis
Chainargos
Chainvestigate
ChongLuaDao (Viet Nam)
Coeus
Crystal Intelligence
CyberArmor
Flare Systems
Flashpoint
Group-IB
Hensoldt Analytics
Intel 471
Kela
Magnet Forensics
Resecurity
Sophos
SlowMist
Trend Micro
TRM Labs
Other firms played ball with the UN, but these companies may have suggested, “Don’t tell anyone we assisted.” That’s my view; yours may differ.
The second interesting passage in the document for me was:
Southeast Asia faces unprecedented challenges posed by transnational organized crime and illicit economies. The region is witnessing a major convergence of different crime types and criminal services fueled by rapid and shifting advancements in physical, technological, and digital infrastructure have have allowed organized crime networks to expand these operations.
Cyber crime is the hot ticket in southeast Asia. I would suggest that the Russian oligarchs are likely to get a run for their money if these well-groomed financial wizards try to muscle in on what is a delightful mix of time Triads, sleek MBAs, and testosterone fueled crypto kiddies with motos, weapons and programming expertise. The mix of languages, laws, rules, and special purpose trade zones add some zest to the run-of-the-mill brushing activities. I will not suggest that many individuals who visit or live in Southeast Asia have a betting gene, but the idea is one worthy of Stuart Kauffman and his colleagues at the Santa Fe Institute. Gambling emerges from chaos and good old greed.
A third passage which I circled addressed Telegram. By the way, “Telegram” appears more than 100 times in the document. Here’s the snippet:
Providing further indication of criminal activity, Kokang casinos and associated companies have developed a robust presence across so-called ‘grey and black business’ Telegram channels facilitating cross-border ‘blockchain’ gambling, underground banking, money laundering, and related recruitment in Myanmar, Cambodia, China, and several other countries in East and Southeast Asia.
The key point to me is that this is a workflow process with a system and method spanning countries. The obvious problem is, “Whom does law enforcement arrest?” Another issue, “Where is the Telegram server?” The answer to the first question is, “In France.” The second question is more tricky and an issue that the report does not address. This is a problematic omission. The answer to the “Where is the Telegram server?” is, “In lots of places.” Telegram is into dApps or distributed applications. The servers outside of Moscow and St Petersburg are virtual. The providers or enablers of Telegram probably don’t know Telegram is a customer and have zero clue what’s going on in virtual machines running Telegram’s beefy infrastructure.
The report is worth reading. If you are curious about Telegram’s plumbing, please, write benkent2020 at yahoo dot com. The FOGINT team has a lecture about the components of the Telegram architecture as well as some related information about the company’s most recent social plays.
Stephen E Arnold, October 14, 2024
Cyber Criminals Rejoice: Quick Fraud Development Kit Announced
October 11, 2024
This blog post did not require the use of smart software, just a dumb humanoid.I am not sure the well-organized and managed OpenAI intended to make cyber criminals excited about their future prospects. Several Twitter enthusiasts pointed out that OpenAI makes it possible to develop an app in 30 seconds. Prashant posted:
App development is gonna change forever after today. OpenAI can build an iPhone app in 30 seconds with a single prompt. [emphasis added]
The expert demonstrating this programming capability was Romain Huet. The announcement of the capability débuted at OpenAI’s Dev Day.
A clueless dinobaby is not sure what this group of youngsters is talking about. An app? Pictures of a slumber party? Thanks, MSFT Copilot, good enough.
What’s a single prompt mean? That’s not clear to me at the moment. Time is required to assemble the prompt, run it, check the outputs, and then fiddle with the prompt. Once the prompt is in hand, then it is easy to pop it into o1 and marvel at the 30 second output. Instead of coding, one prompts. Zip up that text file and sell it on Telegram. Make big bucks or little STARS and TONcoins. With some cartwheels, it is sort of money.
Is this quicker that other methods of cooking up an app; for example, some folks can do some snappy app development with Telegram’s BotFather service?
Let’s step back from the 30-second PR event.
Several observations are warranted.
First, programming certain types of software is becoming easier using smart software. That means that a bad actor may be able to craft a phishing play more quickly.
Second, specialized skills embedded in smart software open the door to scam automation. Scripts can generate other needed features of a scam. What once was a simple automated bogus email becomes an orchestrated series of actions.
Third, the increasing cross-model integration suggests that a bad actor will be able to add a video or audio delivering a personalized message. With some fiddling, a scam can use a phone call to a target and follow that up with an email. To cap off the scam, a machine-generated Zoom-type video call makes a case for the desired action.
The key point is that legitimate companies may want to have people they manage create a software application. However, is it possible that smart software vendors are injecting steroids into a market given little thought by most people? What is that market? I am thinking that bad actors are often among the earlier adopters of new, low cost, open source, powerful digital tools.
I like the gee whiz factor of the OpenAI announcement. But my enthusiasm is a fraction of that experienced by bad actors. Sometimes restraint and judgment may be more helpful than “wow, look at what we have created” show-and-tell presentations. Remember. I am a dinobaby and hopelessly out of step with modern notions of appropriateness. I like it that way.
Stephen E Arnold, October 11, 2024
What Can Cyber Criminals Learn from Automated Ad Systems?
October 10, 2024
The only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.
My personal opinion is that most online advertising is darned close to suspicious or outright legal behavior. “New,” “improved,” “Revolutionary” — Sure, I believe every online advertisement. But consider this: For hundreds of years those in the advertising business urged a bit of elasticity with reality. Sure, Duz does it. As a dinobaby, I assert that most people in advertising and marketing assume that reality and a product occupy different parts of a data space. Consequently most people — not just marketers, advertising executives, copywriters, and prompt engineers. I mean everyone.
An ad sales professional explains the benefits of Facebook, Google, and TikTok-type of sales. Instead of razor blades just sell ransomware as stolen credit cards. Thanks, MSFT Copilot. How are those security remediation projects with anti-malware vendors coming? Oh, sorry to hear that.
With a common mindset, I think it is helpful to consider the main points of “TikTok Joins the AI-Driven Advertising Pack to Compete with Meta for Ad Dollars.” The article makes clear that Google and Meta have automated the world of Madison Avenue. Not only is work mechanical, that work is informed by smart software. The implications for those who work the old fashioned way over long lunches and golf outings are that work methods themselves are changing.
The estimable TikTok is beavering away to replicate the smart ad systems of companies like the even more estimable Facebook and Google type companies. If TikTok is lucky as only an outfit linked with a powerful nation state can be, a bit of competition may find its way into the hardened black boxes of the digital replacement for Madison Avenue.
The write up says:
The pitch is all about simplicity and speed — no more weeks of guesswork and endless A/B testing, according to Adolfo Fernandez, TikTok’s director, global head of product strategy and operations, commerce. With TikTok’s AI already trained on what drives successful ad campaigns on the platform, advertisers can expect quick wins with less hassle, he added. The same goes for creative; Smart+ is linked to TikTok’s other AI tool, Symphony, designed to help marketers generate and refine ad concepts.
Okay, knowledge about who clicks what plus automation means less revenue for the existing automated ad system purveyors. The ideas are information about users, smart software, and automation to deliver “simplicity and speed.” Go fast, break things; namely, revenue streams flowing to Facebook and Google.
Why? Here’s a statement from the article answering the question:
TikTok’s worldwide ad revenue is expected to reach $22.32 billion by the end of the year, and increase 27.3% to $28.42 billion by the end of 2025, according to eMarketer’s March 2024 forecast. By comparison, Meta’s worldwide ad revenue is expected to total $154.16 billion by the end of this year, increasing 23.2% to $173.92 billion by the end of 2025, per eMarketer. “Automation is a key step for us as we enable advertisers to further invest in TikTok and achieve even greater return on investment,” David Kaufman, TikTok’s global head of monetization product and solutions, said during the TikTok.
I understand. Now let’s shift gears and ask, “What can bad actors learn from this seemingly routine report about jockeying among social media giants?”
Here are the lessons I think a person inclined to ignore laws and what’s left of the quaint notion of ethical behavior:
- These “smart” systems can be used to advertise bogus or non existent products to deliver ransomware, stealers, or other questionable software
- The mechanisms for automating phishing are simple enough for an art history or poli-sci major to use; therefore, a reasonably clever bad actor can whip up an automated phishing system without too much trouble. For those who need help, there are outfits like Telegram with its BotFather or helpful people advertising specialized skills on assorted Web forums and social media
- The reason to automate are simple: Better, faster, cheaper. Plus, with some useful data about a “market segment”, the malware can be tailored to hot buttons that are hard wired to a sucker’s nervous system.
- Users do click even when informed that some clicks mean a lost bank account or a stolen identity.
Is there a fix for articles which inform both those desperate to find a way to tell people in Toledo, Ohio, that you own a business selling aftermarket 22 inch wheels and alert bad actors to the wonders of automation and smart software? Nope. Isn’t online marketing a big win for everyone? And what if TikTok delivers a very subtle type of malware? Simple and efficient.
Stephen E Arnold, October 10, 2024
FOGINT: Internet Service Providers in the Hot Box
October 9, 2024
The only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.
For several years, I have used the term “ghost providers” to describe online service providers as enablers of online crime. The advent of virtual machines and virtual servers operated by customers who just pay a monthly fee and do everything themselves provides a great foggy ground cover. If an investigators speaks with one of these providers, the response includes variations of “We don’t know” and “No clue, bro.” The reason is that the service provider provides access to a system, includes no support, and leaves it up to the person paying the bill to be the cook, bottlewasher, and janitor. These outfits are in the service business with a range of offerings: Full service to DIY.
“Oh, we cannot see what is on the virtual machines working as virtual servers,” says the bright ISP operator. Thanks, MSFT Copilot. That’s pretty lousy fog if I say so myself.
Italy wants to take action to prevent enablers who provide ghost services with bare metal and zero service other than pings, plumbing, and power. “ISPs ‘Betrayed’ Over Pirate Site-Blocking Threats, The Reckoning Will Be Invisible” reports that Italy’s
advanced legal weaponry is incapable of dealing with distant pirate IPTV services. Instead, it mainly targets communications infrastructure, much of it operated by rightsholders’ supposed allies – ISPs – who were given no say in the matter.
Torrent Freak’s view of the law is somewhat reserved, even skeptical. The cited article continues:
if pirate sites share an IP address with entirely innocent sites, and the innocent sites are outnumbered, ISPs, VPNs and DNS services will be legally required to block them all. Since nobody ever passes bad law and good laws hurt no one, blocking innocent sites can be conducted guilt-free from the moral high ground.
Among those with a strong view of the law is Giovanni Zorzoni, president of the Italian Internet Provider Association. No big surprise, FOGINT surmises. The article quotes him as saying:
“Irresponsible initiative that, in the sole interest of the football lobby, tramples on operators, [AGCOM] and the Internet ecosystem,” he said. “Thanks to the new law, they will be able to block sites that are no longer exclusively, but also ‘mainly’ used to distribute illegal content, substantially widening the scope of [rightsholders’] discretion. It may therefore happen, much more frequently, that even legitimate addresses that are only accidentally used for the transmission of pirated content are blocked,” Zorzoni added.
Google offered some input which Torrent Freak presented; to wit:
Diego Ciulli, Head of Government Affairs and Public Policy at Google in Italy, expressed concern over the likely effect on the justice system in Italy should Google be required to comply. Under the label of “fighting piracy”, Ciulli said that digital platforms will be required to notify the judicial authorities of ALL copyright infringements – present, past and future – when they become aware of them. That could be a problem. “Do you know how many there are in the case of Google? At the moment, 9,756,931,770. In short, the Senate is asking us to flood the judicial authorities with almost 10 billion URLs – and provides for prison if we miss a single notification. If the law is not amended, the risk is to do the opposite of the spirit of the law: clog up the judicial authorities, and take resources away from the fight against piracy,” he warned.
Yep, imagine if ISPs had to block packets containing information directly linked to illegal activities. That is, it seems, to be a lot of work for the ISPs to do.
Several observations:
- Some service providers are known for their willingness to facilitate content which breaks laws
- The “virtualization” of “services” provides a 24×7 disco dance fog machine to hide certain activities from staff, other customers, and government authorities
- The money derived from the customers who exploit the willful obfuscation makes the service provider business tick.
Is the Italian law a remedy? No. Will other countries crank up regulation of ISPs? Yes. But after decades of a digital Wild West, fences will not be erected overnight. As a result, the black sheep will roam among wild ponies and make a range of online crimes possible and lucrative. That’s quite a marketing position for some firms.
Stephen E Arnold, October 9, 2024
FOGINT: A Doggie Telegram Play in the Mists of Crypto
October 8, 2024
The FOGINT team has noticed an uptick about the Simplex messenger. You can download the end to end encrypted application from this link. According to chatter on interesting discussion services, individuals espousing certain beliefs are abandoning Telegram because Mr. Freedom (Pavel Durov is allegedly cooperating with law enforcement and other government officials in certain investigation). The causal link between Simplex and Telegram’s new, flexible approach to allegedly illegal activities may be clear to some people. That’s fine.
Some people will not be aware that the sheep are ignoring a government worker wearing a rather poor sheep disguise. Thanks, MSFT Copilot. How are those Windows updates going? Oh, how about those security changes?
However, Telegram continues to push into territory far more significant than fooling around with the craziness of those who use Telegram to organize traffic jams and sell contraband. The big fish is now on the dock. The fish mongers are crowding around to find out the value of the snatch.
“The First Telegram ICO Is Here: Dogizen, Launches Today” reveals what may be a more significant move in the underground financial ecosystem. The FOGINT teams thinks that Telegram is doing its part to undermine the US dollar, not make weird animal games available to people who want free money. The article reported on October 4, 2024:
This is the first ICO to offer investors the chance to purchase the DOGIZ token directly from within Telegram itself and could open up a whole new slice of the crypto community. DOGIZ will go on sale at $0.00007, with a total of one hundred billion presale tokens available for purchase. Dogizen finds itself in the midst of Telegram gaming’s surge, which has recently gained attention with multiple successful launches, collectively amassing a market cap nearing $2 billion in just six months.
Telegram ran into a brick wall several years ago when the US Securities & Exchange Commission blocked the messaging company’s initial foray into crypto. Now the Telegram plan is coming into focus. There are STARs, TONcoins, and deals with outfits like Tether. This play with doggies is a transactional platform applied to providing for a fee the plumbing necessary to ramp crypto with essentially zero friction. The estimable Durov brothers are demonstrating that there is more to a messaging application than groups, channels, advertising, and faux compliance with government officials.
The Durovs are doggies who want to grow up to be wolves.
Stephen E Arnold, October 8, 2024
Russian Crypto Operation: An Endgame
October 3, 2024
![green-dino_thumb_thumb_thumb_thumb_t[2]](https://arnoldit.com/wordpress/wp-content/uploads/2024/09/green-dino_thumb_thumb_thumb_thumb_t2-2.gif "green-dino_thumb_thumb_thumb_thumb_t[2]")
This essay is the work of a dumb dinobaby. No smart software required.
The US Department of the Treasury took action to terminate “PM2BTC—a Russian virtual currency exchanger associated with Russian individual Sergey Sergeevich Ivanov (Ivanov)—as being of “primary money laundering concern” in connection with Russian illicit finance.” The DOT’s news release about the multi-national action is located at this link. Fogint has compiled a list of details about this action.
The write up says:
Today, the U.S. Department of the Treasury is undertaking actions as part of a coordinated international effort to disrupt Russian cybercrime services. Treasury’s Financial Crimes Enforcement Network (FinCEN) is issuing an order that identifies PM2BTC—a Russian virtual currency exchanger associated with Russian individual Sergey Sergeevich Ivanov (Ivanov)—as being of “primary money laundering concern” in connection with Russian illicit finance. Concurrently, the Office of Foreign Assets Control (OFAC) is sanctioning Ivanov and Cryptex—a virtual currency exchange registered in St. Vincent and the Grenadines and operating in Russia. The FinCEN and OFAC actions are being issued in conjunction with actions by other U.S. government agencies and international law enforcement partners to hold accountable Ivanov and the associated virtual currency services.
Here’s a selection of the items which may be of interest to cyber crime analysts and those who follow crypto activity.
- Two individuals were added to the sanctions list: Sergey Ivanov and Timur Shakhmametov. A reward or bounty has been offered for information leading to the arrest of these individuals. The payment could exceed US$9 million
- The PM2BTC and Cryptex entities has worked or been associated with other crypto entities; possibly Guarantex, UAPS, Cryptex, Hydra, FerumShop, Bitzlato, and an underground payment processing service known as Bitzlato
- Among the entities working on this operation (Endgame) were Europol, Germany, Great Britain, Latvia, Netherlands, and the US
- In 2014, the two persons of interest want to set up an automated (smart) service and may have been working with PerfectMoney and Paymer
- The activities of Messrs. Ivanov and Shakhmametov involved “carding” and other bank-related fraud
Russian regulations provide wiggle room for certain types of financial activity not permitted in the US and countries associated with this take down.
Several observations:
- The operation was large, possibly exceeding billions in illegal transactions
- The network of partners and affiliated firms illustrates the appeal of illegal crypto services
- One method of communication used by PM2BTC was Telegram Messenger.
- “The $9 Million US reward / bounty for those two Russian crypto exchange operators wanted by US DOJ is a game changer due to the enormous reward,” Sean Brizendine, blockchain researcher told the FOGINT team.
Additional information may become available as the case moves forward in the US and Europe. FOGINT will monitor public information which appears in Russia and other countries.
Stephen E Arnold, October 3, 2024
-
- Subscribe to Beyond Search
Feature archive
News archive
-
