News
ATT Redemption Recycled Through Mixer, Gambling Services
THE $370,000 ransom paid to a hacker involved in the Massive data theft According to researchers who track the funds, money from telecommunications giant AT&T is currently being laundered through a variety of cryptocurrency mixing platforms and gambling services.
TRM Labs, a blockchain analytics firm, tracked a ransom payment of 5.72 BTC, about $370,000, made on May 17. Last week, AT&T revealed that a hacker stole metadata from “nearly all” call logs and text messages sent by approximately 109 million AT&T customers over a six-month period in 2022.
The stolen data includes records identifying phone numbers that interacted with AT&T numbers, the number of interactions, call duration, and cellular cell identification numbers.
At least one of the hackers involved has been arrested, according to documents filed by AT&T with regulators. But reporters at WIRED AND Bloomberg spoke to another hacker who claimed to have been paid by AT&T, providing both outlets with a Bitcoin wallet address and a video of him wiping data.
TRM Labs used that address provided to reporters to track the funds. AT&T declined to comment on reports that the company paid the ransom.
Chris Janczewski, head of global investigations at TRM Labs, said that about $150,000 ended up in wallets at two different centralized exchanges, and that a small deposit was made to a gambling service.
“Less than $10,000 was deposited on a non-custodial exchange, an exchange platform where users maintain control over their wallets and funds,” Janczewski said. “The majority of the remaining funds were sent via swap services, platforms that facilitate the exchange of one cryptocurrency for another without requiring users to deposit funds on the platform.”
TRM Labs did not name the mixing services or gambling platforms used, but law enforcement is engaged in a near-constant game of whack-a-mole with these types of services, issuing dozens of fines over the past five years against popular cybercrime tools such as Cash Tornado, Sinbad and its predecessor Blender.io, Propeller, Chip Mixerand more recently Samourai Wallet AND Bitcoin Fog.
Gambling platforms have also become a target for ransomware gangs and hackers looking to hide the source of their funds.
“The use of gambling services, swap services, and privacy coins are indicative of money laundering activity. These are common obfuscation techniques allegedly used by the plaintiff to hide the source and destination of funds,” Janczewski said.
A United Nations report in January He said the expanding casino industry in Southeast Asia has become a major player facilitating large-scale money laundering by organised crime networks.
Jeremy Douglas, regional representative for Southeast Asia and the Pacific at the United Nations Office on Drugs and Crime, said in the UN report that the acceleration of globalized criminal networks centered on the Mekong has “required a revolution in the regional shadow banking architecture, resulting in the development of systems and infrastructure capable of moving and laundering huge volumes of fiat currencies and state-backed cryptocurrencies.”
According to the UN report, in most cases, hackers take their illicit funds and transfer them to an online gambling platform or an affiliate agent who arranges the transfer of online gambling points through a combination of identifiable or anonymous accounts.
“They are cashed out or placed in bets, often in collusion with affiliates,” the UN report said. “Once the money in the gambling account is paid out in a desired currency and jurisdiction, it can effectively gain legal status and integrate into the formal financial system and economy.”
Get more information with the
Recorded future
Cloud of intelligence.