Through their engaging discussion, Marco Ciappelli and Geoff White have illuminated the shadowy world of cybercrime and money laundering, inviting us to ponder the intertwined nature of technology and crime in our digital age.
Guest: Geoff White, Author, Investigative Journalist
On LinkedIn | https://www.linkedin.com/in/geoffwhitetech/
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
In this episode of On Location, Marco Ciappelli and Geoff White dive into a fascinating conversation about the intricate world of cybercrime, investigative journalism, and the dark realms of money laundering. The duo explored the symbiotic relationship between technology, organized crime, and the evolving landscape of digital currencies like Bitcoin and NFTs.
From billion-dollar cyber heists to global money laundering rings and crypto-gangsters – Geoff White has covered it all. As an author, speaker, investigative journalist and podcast creator, his work’s been featured by Penguin, the BBC, Audible, Sky News, The Sunday Times and many more.
His new book for Penguin, Rinsed, reveals how technology has revolutionized money laundering, from drug cartels washing their cash in Bitcoin to organized fraud gangs recruiting money mules on social media.
His first book, Crime Dot Com, covered cybercrime’s emergence as a primal threat to modern society and was published in August 2020 by Reaktion Books. One of the key chapters detailed North Korea’s unlikely emergence as a cyber superpower. It was adapted by the BBC World Service into the hit 10-part podcast series The Lazarus Heist, co-created and co-hosted by Geoff, which immediately ranked number one in the UK Apple chart and within the top 7 in the US.
Marco Ciappelli invited Geoff White to join him on Broadcast Alley at RSA Conference 2024 to unravel the complex web of interconnected crimes and technologies shaping our modern world. Geoff shared insights from his extensive research and experience, shedding light on the hidden layers of organized crime and technological advancements.
From Investigative Journalism to Podcasting
Geoff White discussed his journey from covering technology stories for Channel 4 News to delving deep into cybercrime, highlighting how stories of North Korean hacking and money laundering captured his attention. His work on "The Lazarus Heist" podcast and the subsequent book delves into the astonishing world of cybercrime, where trust between criminals and innovative tactics play a pivotal role.
Unraveling the Mysteries of Money Laundering
In their conversation, Geoff White elaborated on the processes of money laundering, emphasizing the three crucial steps - placement, layering, and integration. He explained how technology has revolutionized the ways in which criminals launder money, leveraging crypto assets like Bitcoin while evading traditional detection methods.
The Rise of Cybercrime and AI
Geoff White addressed the adversarial battle between cybercriminals and security professionals, pointing out the attacker's advantage in exploiting vulnerabilities rather than developing advanced weaponry. He discussed the role of artificial intelligence in spotting suspicious transactions and the cat-and-mouse game between criminals and law enforcement agencies.
A Thought-Provoking Discussion on Ethical Dilemmas
As the conversation turned philosophical, Marco Ciappelli and Geoff White pondered the ethical implications of cybercrime and money laundering in modern society. They touched upon the coexistence of good and evil forces, the necessity of crime prevention, and the ongoing battle between innovation and criminal tactics.
Audience Engagement and Impact
Geoff White highlighted the diverse target audience for his work, encompassing cybersecurity professionals, financial crime experts, and cryptocurrency enthusiasts. By crafting engaging narratives and insightful analyses, Geoff aims to make complex topics like money laundering accessible to a broad readership, inviting them to delve into the dark corners of financial crime.
This dialogue between Marco Ciappelli and Geoff White serves as a poignant reminder of the intricate connections between technology, crime, and societal structures. By bringing these complex topics to light through compelling storytelling and in-depth research, they invite audiences to explore the hidden layers of cybercrime and money laundering, prompting critical reflections on the ethical and practical implications of these phenomena.
Be sure to follow our Coverage Journey and subscribe to our podcasts!
____________________________
About the Book
Rinsed reveals how organized crooks have joined forces with the world’s most sophisticated cybercriminals. The result: a vast virtual money-laundering machine too intelligent for most authorities to crack. Through a series of jaw-dropping cases and interviews with insiders at all levels of the system, Geoff White shows how thieves are uniting to successfully get away with the most atrocious crimes on an unprecedented scale.
The book follows money from the outrageous luxury of Dubai hotels to sleepy backwaters of coastal Ireland, from the backstreets of Nigeria to the secretive zones of North Korea, to investigate this new cyber supercartel. Through first-hand accounts from the victims of their devastating crimes, White uncovers the extraordinary true story of hi-tech laundering – and exposes its terrible human cost.
'Rinsed is as twisty, colourful and terrifyingly eye-opening as the people White investigates. You’ll never look at wealth, technology and crime in the same way’
____________________________
Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J
Be sure to share and subscribe!
____________________________
Resources
Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks (Book): https://www.amazon.co.uk/dp/0241624835
Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Book: Rinsed | Unveiling the Intersection of Cybercrime and Money Laundering | An RSA Conference 2024 Conversation with Author and Investigative Journalist Geoff White | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Marco Ciappelli: Alright, everybody, welcome to this episode of On Location. With Sean and Marco, except Sean is not here. This is not Sean, pretty sure. This is Jeff White.
[00:00:14] Geoff White: This is not Sean, yeah.
[00:00:15] Marco Ciappelli: And, uh, we are gonna have a great conversation about, uh, the many things that you do. I don't know if I should refer to you as a podcaster, investigative journalist, speaker.
What do you prefer?
[00:00:28] Geoff White: I use them all, but I guess, I guess journalist is the shorthand for all of it, yeah, yeah,
[00:00:32] Marco Ciappelli: yeah. All right, all right. Uh, we had the opportunity to talk, uh, another time was for your first book. That's right, yeah, yeah. Crime. com. Uh huh. If I remember well. And, uh, that actually, you can explain to me if I got that right, it turned into a podcast on the BBC.
Am I correct? Exactly right. Yeah, yeah,
[00:00:50] Geoff White: yeah. Yes. So one of the chapters of Crime. com was about North Korea and how North Korea of all places became a computer hacking superpower. So Of all places. Of all places. Well, most people don't have the internet in North Korea. Um, so I looked at the Sony hack. I looked at the Bangladesh bank hack, um, and off the back of that, we turned that story, those stories about North Korea and all of the other accusations against North Korea into a BBC podcast called The Lazarus Heist, hence the t shirt.
Love it. Um, and then I wrote a book also called The Lazarus Heist, which is everything that was in the podcast plus a bit more besides. And the story hasn't stopped there. The story just keeps going and going.
[00:01:25] Marco Ciappelli: And that's why there is another book.
[00:01:26] Geoff White: The next book that I'm putting out is continues to tell the North Korean story.
I thought it couldn't get even more weird, even more bizarre. It gets weirder. It gets much, much weirder. I
[00:01:36] Marco Ciappelli: read some of the comment and some of the reviews and, uh, yeah, they say it's very intricate. Yes. But before we get to that, for those that don't know who you are, especially maybe here in the U. S., and, uh, a little background, how did you end up interested in this kind of, uh,
[00:01:55] Geoff White: Yeah, it's a good question.
I mean, I've been a journalist for quite a long time, 20 years or so. And, um, I worked for a program, a TV news program in the UK called Channel 4 News, which is a very august program. And, um, I covered technology for them. And at the time, we're talking about the era of the Apple, uh, iPod launch. We did the iPad launch.
And so tech was seen as being games and gadgets and not very serious. And I started coming to events, not RSA, but similar events and seeing The computer hacking was something that was costing people money, that governments and intelligence agencies and the military were using to exert power in the world.
And I thought, tech isn't an end of program funny story anymore. Tech is serious, very serious. And off the back of that we had the anonymous movement, we had the Edward Snowden leaks, we had, again, Sony Pictures Entertainment hack, and all of the subsequent cyber security stories. So suddenly, it felt like I'd made a shrewd move to start covering cyber security.
[00:02:51] Marco Ciappelli: Right, it became Something that it was really much connecting with society at every level, which is kind of like what interested me Cybersecurity my background is not cyber security. Yeah, it's more sociologist. So I'm like, hmm Why are we talking about tech to tech? Yeah in between tech people And not applying to society so you you decide to go pretty deep though into the crime of it.
[00:03:16] Geoff White: Yes. Yeah, uh for me, um, The organized crime aspect of it's been really interesting So what I generally look at is Organized crime and technology and where those two things come together. And increasingly that's most organized crime as a technological aspect to it. So in my new book I've talked about cartel drug dealing, prostitution, child sexual abuse, some quite serious, very serious subjects.
All of those crimes make money and they're all using technological means now to wash and to launder that money. It's all ending up in things like crypto and online banking and so on. So organized crime has moved very heavily into technology. The reason I like organized crime You know, you and I, we work for organizations.
And, and, you know, they're legitimate. At least I hope they're legitimate, above the board organizations. We don't know. Mostly. We don't talk about it. But, but the thing about that is, if something goes wrong, if they don't pay you, you can go to court, you can try and sue, you can call the police, you know. If you work for an organized criminal organization, well, if something goes wrong, you can't call the cops, say, oh, this drug gang didn't pay me off.
So, organized crime gangs have to have all of the features. You have to have payroll, and recruitment, and bosses, and so on. But none of it's got any underpinning of legitimacy. So they have to enforce contracts, they have to enforce agreements, in different ways. Now traditionally that was violence. If you don't do what I say, I will break your legs.
But these days, because so much organised crime is distributed, hacking is a global enterprise, you're not in the same country as the person you're working with. So you can't threaten them with violence, really, you've got to have some other way of getting the trust between criminals going. And that's what I find fascinating.
That's organized crime. It's how can I trust you, buddy, because you're a crook and so am I. How do we trust each other?
[00:05:00] Marco Ciappelli: Hmm. And in the media, I'm thinking like ransomware, easy, right? You can do it everywhere you want. So before we get into the book and the ransomware, we had a conversation not too long ago with someone.
They were actually talking about how cybercrime is actually, uh, use branding and marketing to promote themselves in the dark web, but also to be considered a reputable company where if you do as they say, they will do as they promise, and if they don't, nobody's going to pay them anymore, so. Tell me about this, kind of like, psychology behind it.
[00:05:48] Geoff White: So this has been really interesting. So, a lot of the cybercrime forums that I used to visit in my research, that I still visit in my research now, getting trust between users has been really important. There was one forum I went on where they had an escrow system, so if I tried to buy stolen data from someone, I could put the money into the escrow that was run by the website, And once I received the stolen data, then the website would release the money to the seller.
Now obviously the website takes a cut as the escrow. But the whole point of that was to get trust between users. I, for example, tried to buy some stolen credit card data. A very small amount, I should say. It wasn't, you know, it wasn't my money I was spending. It was the news organization's money. But just as a test, the person on the other side ripped me off.
Stole my Bitcoin and didn't give me the data. So I wrote to the former administrator. That's it. Obviously, I wasn't identifying myself as a journalist. And I said, oh, somebody ripped me off. They didn't supply. And so the forum administrator replied and said, I'm very sorry you've had this experience. We've blocked that person.
And, uh, please use our escrow service in the future. So you have always had, in these forums, trust networks building up. Star ratings are very important. So most dark web marketplaces will have star ratings for vendors. If you rip somebody off, you get a bad rating. Same as with eBay. Similar system to eBay.
What's been interesting is that, that trustworthiness thing has now had to move into victims. If you are the subject of a ransomware attack, if your data is encrypted, and you're being told, Pay up, and we will decrypt your data, how do I trust you? So these ransomware gangs have A, had to give people what they call proof of life, some of their data back to show that they can do that.
But also, they've had to, they're very aware, these ransomware gangs, of when you Google them, what comes up. Because they know, if you're hit by ransomware gang X You're going to go on Google and say, well, who are they? And if what comes up is a list of don't pay, they won't give you your data back. Well, you're not going to pay.
So they're Googling themselves. They're making sure their reputation is really good. If you pay, we will give you your data.
[00:07:45] Marco Ciappelli: Right. It's a reputation system, which again, not just being Italian, might make me think about the mafia being the state in within the state, where the state doesn't provide to you, we provide to you.
You can trust us.
[00:07:58] Geoff White: Yeah. Yeah.
[00:07:59] Marco Ciappelli: It's really, really, but now we're talking about. Uh, technology and how it's used. And in your last book, you talk about, it's called Rinsed. You talk about how recycling money and all the crazy way that it's doing with technology.
[00:08:16] Geoff White: Yes, yeah, yeah. So, um, the new book I've got coming out is about money laundering and how technology is influencing this business of money laundering.
And again, money laundering is a really interesting business. For a start, without money laundering, um, There was no organized crime. You can't commit the crime if you can't pull your money out.
[00:08:35] Marco Ciappelli: So this has always been, like, way before Oh yeah. With the human, we had crime, we had money laundering. Yeah.
[00:08:43] Geoff White: You've got to pull the Unless you can get the money out and get it in a usable form, there's no point committing the crime when it's crimes Right.
[00:08:49] Marco Ciappelli: What are you going to do with a bank that you robbed?
[00:08:51] Geoff White: Exactly. So the But for money launderers, again, they need to do a good job. They need to do a regular, reliable job and not rip people off.
Because if they do rip somebody off, your name is mud. Nobody's gonna work with you again. So again, for money launderers, reputation's really important. And I find it interesting that the criminals have these really intricate and well developed trust networks that they rely on, because they have to, because they can't go to the courts, they can't go to the police, they can't go to the government.
All they've got is trust. And so trust in that community is really, really pivotal.
[00:09:24] Marco Ciappelli: Give me some example of what you talk about in the book. I mean, talk about different Industries in within the industry like different kind of crime
[00:09:32] Geoff White: exactly that so in the book I've tried to I've tried to describe what money laundering is now.
There are three Basic steps in any money laundering job first step is what they call placement So imagine you sell some drugs on the street you get cash a million pounds of cash You've got to somehow get that into a bank or some kind of financial in Institute So that nobody steals it from you.
You've got a million pounds in cash. It's vulnerable Second stage is what they call layering, where you take the money you've put in, and you mix it around with other money. So that even if the cops can chase the money to the bank, they can't chase it through the bank into the other accounts. That's second aid.
Third stage is what they call integration, which is where you take the money, which is now divorced of any connection to the crime. It's clean money. And what you do is you try and buy things with it. You might invest it in some art, or a nice apartment, or a lovely car. You know, you get to enjoy your money.
So I've described each of those stages in the book, and then I've described how technology is changing each of those steps. And I've looked at things like cartel drug dealing, um, I've looked at things like prostitution gangs who use that sort of methodology, child sexual abuse gangs also using it, but I've also looked at fraudsters, and I've also returned to the North Korean example, and some of the astonishing hacks attributed to North Korea, including a raid on a video game called Axie Infinity in 2022.
During which they stole 625 million dollars.
[00:10:58] Marco Ciappelli: Million.
[00:10:59] Geoff White: The biggest theft of all time, I'm going to peg that out. And again, of course, they've stolen all this money, it was in the form of cryptocurrency. How are you going to extricate it? Well, you have to have launderers, and again, the launderers helped them out.
[00:11:12] Marco Ciappelli: So the role of Bitcoin and digital currency in this has made things easier.
[00:11:20] Geoff White: Yes and no. Okay. It's a mixed picture.
[00:11:23] Marco Ciappelli: So, good question, right?
[00:11:24] Geoff White: Yeah, yeah, very good question. So, crypto currency, and we should say, I'm going to use the phrase crypto assets, which is a bit of a jargony type term, but we're talking about Bitcoin, but we're also talking now about things like NFTs.
Yeah.
Um, in game currency, you know, Roblox and Robux and stuff like that. Um, the problem with all of that, the advantages are it's very quick to move around, you can move it internationally, it's instant transfers without having to use a bank. Great. The problem is those crypto assets, the Bitcoins, et cetera, move across blockchain technology.
So they, the ledger is public, right? So when I send you a Bitcoin, it's public. So on the one hand, that is a bad idea for criminals because you can see where the money moves and you can track it. However, if cryptocurrency was a really big problem for criminals, and if it was really bad to use, if it was all traceable, they wouldn't be using it.
And they are. They're using it in spades. So what's happening is, some cryptocurrency attacks are tracked and traceable and they recover the money. But a whole bunch of cryptocurrency attacks, they never get back the money. The two examples that are perfect are the hack on Colonial Pipeline in the US.
Huge oil and gas company. Now they paid, I think it was four million dollars in ransom. And the government, the US government got involved because it's critical national infrastructure. They managed to claw back quite a lot of that money. A few months later, another company called JBS Meat, a big meat supplier, they get hacked, they pay 11 million dollars ransom, it's never seen again.
So it's not the case that all Bitcoin and crypto is traceable and you get it all back, absolutely not. Those two cases show you the two extremes really, what can happen.
[00:13:04] Marco Ciappelli: So obviously they wouldn't play with it, as you said, if it was as traceable as the way, the way they say it.
[00:13:11] Geoff White: The worry by the way though for cyber criminals, I think, is at the moment A lot of it's anonymous and you can get away with it.
We have seen cases, notably Silk Road, the big darknet marketplace that got shut down. Money was stolen from Silk Road by cybercriminals, and in the last couple of years, I think it is, we've seen the police trace that money and prosecute those individuals. So it could be that today's cybercriminals, who think they're very safe using crypto, in 8 years, 10 years time, 15 years time, they get a knock at the door because the police have managed to work out what was going on.
[00:13:43] Marco Ciappelli: So this is what I'm thinking, like, we are at a cyber security event, one of the largest, if not the largest of the world, and we talk about innovation and how competition bring innovation, but also there is the never ending battle between good and evil, right? There's the bad guys that are going to use AI to do the bad things that they do, and they're very innovative.
And that innovation We'll fire the good guys, most of the people here, I'm assuming, to make the next step. And so, I'm wondering, so, the cybercrime that you look at, and the money laundering, or the first book where you look at other kind of cybercrime, do you see it as a, I'm being provocative here, is it a good evil, like a needed evil in society to kind of prevent it?
I don't know, I'm going philosophical here.
[00:14:45] Geoff White: It's interesting, there is an argument that a lot of technological developments happen during times of war, and whilst we don't like war, it does, you know, lots of inventions that we get come about as part of war. Look, no, I would, there has never been a society without crime, right?
As soon as people have possessions, somebody else wanted the possessions, you know. There will never be a society without crime. Um, A friend of mine, a contact of mine is a gardener, and he always says, if you're a good gardener, you know you'll never have a garden without any weeds in it. But you, so you can never get rid of all the weeds, but if you don't try, you end up with just overrun with weeds.
So that's the idea is, what's an acceptable level of cybercrime? Right, right, right, right. What I will say is interesting is that, um, you talk about cybercriminals using AI. There are, as we've heard at this conference, there are signs and evidence that that is happening. What I will say is this. The cybercriminals have what I would call the, what the attacker's dividend.
And the attacker's dividend is simply this, that if you have great defenses, do I need fantastic weapons to attack you? No, I just need to know where the holes in your defenses are.
[00:15:50] Marco Ciappelli: Right, right, yeah.
[00:15:51] Geoff White: So for example, again going back to money laundering, which is the subject of the new book, there are artificial intelligence tools that can spot suspicious transactions.
So if I'm trying to launder money, and I try and launder more than let's say 10, 000, The alarm triggers and my account gets blocked or whatever. Now as an attacker, do I need to develop an AI system that gets around that? No. All I need to do is make sure my transactions are 9, 999. As long as I know what your AI system is spotting, I can slip in under the radar.
You're playing the algorithm. Exactly. And that's, that's my worry is that, you know, the more technology, the more AI we put in, the more the attackers will think, well, yeah, I see what your AI is doing and I'll just go in around the side, which is what hackers do.
[00:16:35] Marco Ciappelli: It's an adversarial. Battle. Yeah. Yeah.
Alright, so we're running out of time here. We would like to know the question that I usually ask to any, any author of a book. Who did you have in mind when you wrote the book? Now they normally said this book is for everybody. Yeah. I understand that. I already know that. But when you were writing, like were you, were you thinking more practitioners everyday?
People, what?
[00:17:00] Geoff White: The person I have in mind, the person I always have in mind when I write the book, when I actually come to writing it and writing the sentences. And putting those, those words together and the words on the page is my mum. Okay. My mum should be able to read every one of my books and understand everything that's in there.
Nice. Now I will say this to my mum, she does read my books and she does try it. She doesn't necessarily remember it all, but if I say to her, did you understand? It says, yes, I understood it. However, that's the pat answer. The real answer is that every author who's writing a book needs to identify their core markets.
Every author wants their book to just. You know, fly off the shelves like J. K. Rowling or whatever. Truth is, you're going to have certain audiences that are interested. For this book, it's about money laundering. Obviously, one target market is cyber security, cyber security people. The kind of people at this conference.
Second type is financial crime people. So you're talking about banks, insurance companies and stuff. And the third group is crypto, cryptocurrency people. So, again, anybody who's into not just Bitcoin, but other things like NFTs and so on. So, for me, those were the three sort of Target markets, if you like, that I think might be interesting.
[00:18:06] Marco Ciappelli: And I would say that if you made it understandable, uh, it's for everybody that is interested in learning a little bit more about what this entire system is. Yeah.
[00:18:16] Geoff White: I mean, what I found interesting when I thought about doing a book about money laundering was it's quite similar to cybercrime and cyber security.
The general public, they know money laundering's there. They want to understand it. They've seen Ozark, for example, that great TV series. But it's complicated and it's dry and it's geeky. So I wanted to do, for Money Laundering, what I've done for cybercrime, which is to explain it in a way that's dramatic and powerful and has victims and villains, and give people a sort of soft, juicy way to get into this subject.
So I hope what I've done with Rince, the new book, does for Money Laundering what I've tried to do for cyber security as an industry.
[00:18:51] Marco Ciappelli: Well, that's great. Good luck with that. I'm going to listen to your podcast as well because I've been staring at your t shirt the whole time. Available. Advertising works.
[00:19:00] Geoff White: Wherever you get your podcasts.
[00:19:02] Marco Ciappelli: I love that. Awesome. Jeff, thank you so much for stopping by. Thank you. And hopefully we'll see each other in London not too long from now. Sounds good. Fantastic. Good to see you. Take care. Cheers. Thank you everybody. We're done here.