Infosec Exec Urges US Lawmakers to Tighten Crypto Regs Over Pandemic-Driven Scams

TAKellermann
18 June 2020

Cryptocurrencies should be regulated more stringently, a VMWare security executive told U.S. lawmakers, citing a rise in cybercrime during the pandemic.

The focus of Tuesday’s hearing, hosted by a House Financial Services subcommittee, was criminal activity around financial services during the COVID-19 lockdowns, when bad actors online are targeting people who are unemployed or working from home. But crypto made an appearance, with lawmakers questioning witnesses about its potential uses in fraud or organized crime.

Tom Kellermann, head of cybersecurity strategy at publicly traded software company VMWare, told lawmakers that virtual currencies need stronger oversight. There has been an increase in the number of security breaches and thefts at digital currency exchanges, which cybercriminals used to launder stolen money, he said.

“In addition to organized crime, extremist organizations are also known to use alternative payment systems for operational purposes and to raise funds. Many of these payment systems and cryptocurrencies offer true or relative anonymity. This raises the necessity of increased regulation of digital money,” Kellermann said during his opening remarks. 

He urged the House members to pressure their Senate colleagues to pass a bill that would revise requirements related to anti-money laundering and counterterrorism financing laws. He also suggested charging the Financial Stability Oversight Council, a monitoring body of the Treasury Department, with the responsibility of creating a framework for regulating cryptocurrencies and developing guidelines for strong protections against money laundering as well as cyber threats to those marketplaces.

Blast from the past?

In his testimony, Kellermann claimed social media platforms are rife with advice on “regarding jihadists’ potential use of Dark Wallet, a bitcoin wallet that provides anonymity.”

The use of capital letters in his written statement suggests he was referring specifically to Dark Wallet, one of the earliest anonymizing bitcoin wallets. That project appears to have been inactive for some time; the last code update was made in 2016, according to its GitHub page.

Later, Kellermann and Rep. Anthony Gonzalez (R-Ohio) used the phrase in a seemingly generic sense, to refer to anonymizing services.

See also: US Lawmaker Proposes Legislative Groundwork for National Blockchain Strategy

“You also talk about Dark Wallet as a platform where jihadists can avoid your customer regulations and launder money,” Gonzalez said to Kellermann. “My question is, do we technologically, do we have the ability to shut down something like a dark wallet? Is that technologically possible?”

“I wouldn’t be an advocate of let’s say, shutting it down,” Kellermann replied. 

Instead, he said he would challenge the developers of the platforms to be able to freeze assets associated with anything that has been proven to be part of a criminal or terrorist conspiracy, when called upon. 

“I think the FBI, Secret Service and the intelligence communities do have the capacity to do more interesting things. But then again, I’m just a watcher on the wall, sir, I don’t have that much expertise vis-à-vis dark wallets,” Kellermann said. 

Sherman weighs in

Rep. Brad Sherman (D-Calif.), who once said Libra could be worse than 9/11, expressed concerns about cryptocurrency-based fraud. 

Many scams identified by the North American Securities Administrators Association (NASAA) during the pandemic potentially involved cryptocurrency investments, he said. In his view, the Securities and Exchange Commission (SEC) has resisted identifying cryptocurrencies as securities. 

“I believe that the lack of SEC registration requirements makes cryptocurrencies attractive to those who have investment scams,” Sherman said.

He went on to ask Amanda Senn, NASAA representative and chief deputy director of the Alabama Securities Commission, what Congress can do to correct a system where investors aren’t protected. 

“We have a regulatory framework for investments in cryptocurrency,” Senn responded, referencing a state-level campaign focused on educating investors about initial coin offerings (ICO) and online scams. 

“I do believe that particularly the state can be more proactive in preventing types of fraud that are prevalent,” Senn said. 

Forfeiture fund

Kellermann said fintech companies must be given clear incentives to guard against intrusion and learn anti-money-laundering protocols outlined by the Bank Secrecy Act. 

He suggested that funds seized in cybercrime, including those involving cryptocurrencies, should be redirected through a forfeiture fund to strengthen cybersecurity. 

“Given that 50% of all crimes now have a cyber component, it’s high time that we follow the money to create an international forfeiture fund,” Kellermann said.

Gonzalez asked how such a fund could become a reality. 

“We need to [incentivize] developing countries to play ball with us,” Kellermann responded. 

See also: This Is What a Productive Congressional Blockchain Hearing Looks Like

Giving governments a percentage of the forfeited assets in an investigation can motivate nations to take a stronger position on cybercrime, he said.

An international fund would be the best option considering most cyberattacks against the U.S. originate elsewhere, he added, suggesting that the Bank of International Settlements, the central bank of central banks, might be well suited to this task.