In her monthly Expert Take column, Selva Ozelli, an international tax attorney and CPA, covers the intersection between emerging technologies and sustainability, and provides the latest developments around taxes, AML/CFT regulations and legal issues affecting crypto and blockchain.
Lately, news headlines are focused on regulators’ concerns over the lack of investor protections in the cryptocurrency market, which has ballooned to more than $2 trillion, and the possible risks to financial stability.
National security agencies across the administration of United States President Joe Biden are grappling with high-profile cases of cryptocurrencies playing a role in ransomware attacks, intellectual property espionage, sanctions violations, bribery of government officials and tax evasion.
According to a recent report issued by the Financial Crimes Enforcement Network, ransomware-related suspicious activity reports filed during the first half of 2021, which are up 30% from the entirety of 2020, indicate that ransomware is an increasing threat to the U.S. financial sector, businesses and the public
The Biden administration is weighing an executive order for federal agencies to study and make recommendations on relevant areas of the crypto industry related to national security, economic innovation and financial regulation. The initiative would also aim to coordinate agencies’ work on digital currencies throughout the executive branch, with a first-ever White House crypto czar acting as a point person.
The International Consortium of Investigative Journalists’ “Pandora Papers”
The International Consortium of Investigative Journalists published its “Pandora Papers,” which leaked almost 12 million documents from law firms and other organizations around the world that unmask the previously unknown owners of 29,000 offshore companies hiding as much as $32 trillion in assets worldwide from taxation or regulatory oversight in tax havens.
The owners of these companies include celebrities, political leaders and criminal underworld figures from over 200 nations. The leak has already kick-started corruption and tax evasion probes into several government officials around the world.
Meanwhile, a report by the World Economic Forum explains how blockchain technology can help dismantle corruption in governments.
The U.S. Treasury Department’s OFAC
In a first of a kind case, the Office of Foreign Assets Control (OFAC) recently targeted Suex, an over-the-counter digital currency broker, for its alleged role in laundering the proceeds of ransomware attacks. The effort was a part of an effort across the government to counter ransomware and disrupt criminal networks and crypto exchanges that play a part in laundering ransoms. The goal is to improve cybersecurity in the private sector and to increase reporting to U.S. government agencies of incidents and ransomware payments. This includes both the Treasury Department and law enforcement under the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) framework, as digital currency is the principal means of facilitating ransomware payments and associated money laundering activities.
Following this case, OFAC released an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The updated advisory emphasizes that the U.S. government still strongly discourages paying cyber ransoms or extortion demands and that it recognizes that it’s important to improve cybersecurity practices to prevent or mitigate such attacks.
The OFAC also updated the advisory to emphasize that it is important to report to and cooperate with the appropriate government and law enforcement agencies in the event of a ransomware attack, in order to understand and counter ransomware attacks and malicious cyber actors and for attack victims to receive voluntary self-disclosure credit in case a sanctions nexus is later determined. For more information, see the government’s Stop Ransomware website.
Given the financial risks of ransomware and money laundering that digital assets pose globally, participants of the G7 meeting in June committed to working together to urgently address this escalating risk effectively and expeditiously by implementing and enforcing the Financial Action Task Force’s AML standards on digital assets and virtual asset service providers.
Intellectual property espionage and cryptocurrency
In other recent cases and reports, cryptocurrency was involved in intellectual property espionage. Ethereum developer Virgil Griffith recently pleaded guilty to conspiring to violate the International Emergency Economic Powers Act — which is used to prevent U.S. citizens from exporting technology and intellectual property to communist countries — when he gave a cryptocurrency and blockchain presentation at a North Korean conference in 2019. As part of the plea deal, Griffith could see up to 6 1/2 years in prison when he is sentenced in January 2022.
Jonathan Toebbe, a U.S. Navy nuclear engineer who held a top-secret security clearance and specialized in naval nuclear propulsion — and had access to military secrets — was charged in October with trying to pass information about the design of American nuclear-powered submarines to someone he thought was a representative of a foreign government in exchange for cryptocurrency in violation of the Atomic Energy Act, the Justice Department stated.
Cybereason, a provider of operation-centric cyberattack protection, published a new report titled “Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms” that unmasks a highly focused cyberespionage operation against global aerospace and telecommunications companies. The report, which follows the August publication of the firm’s “DeadRinger” report, discloses a newly identified Iranian actor, dubbed MalKamak, that was behind the attacks and has been operating since at least 2018. MalKamak has been using a previously unknown, highly sophisticated remote access Trojan known as “ShellClient” that evades antivirus and other security tools and abuses cloud service provider Dropbox for command and control.
According to research published by Slovak security vendor ESET, a cyberespionage group called FamousSparrow has targeted hotels, international governments, international organizations, engineering companies and law firms since at least 2019. The group used a known Microsoft Exchange vulnerability — which was also exploited by suspected Chinese hackers and scammers seeking to mine cryptocurrency — to attack its victims, which include the U.S. Republican Governors Association. While ESET didn’t connect FamousSparrow to a specific nation, it did find similarities between its techniques and those of SparklingGoblin, an offshoot of Winnti Group — which is linked to China — and DRBControl.
In July, the U.S. government blamed China for exploiting the Microsoft Exchange Server attacks, and — for the first time — it also accused the Chinese government of employing criminal hackers to conduct the attacks, releasing a report that warns of China’s ongoing targeting of the defense, semiconductor, medical and other industries in order to steal intellectual property.
Selva Ozelli, Esq., CPA, is an international tax attorney and certified public accountant who frequently writes about tax, legal and accounting issues for Tax Notes, Bloomberg BNA, other publications and the OECD.