)
When a banned product is in high demand, there is opportunity for a black market to thrive. Considering the extent of Western governmental and private sector sanctions against Russia in response to the invasion of Ukraine, we would anticipate Russians would seek to move money and acquire goods through alternative avenues. And keeping in mind that Russians are already among the primary users of the world’s largest underground market–the deep and dark web–we would expect this cybercriminal underground to serve as a key channel for this activity.
We were not disappointed.
Cybersixgill research has found that Russian actors are using the dark web to circumvent sanctions, enabling them to transfer funds and purchase goods from beyond Russia’s borders. Thus, while Russians can no longer enjoy a meal at McDonald’s or a coffee at Starbucks, savvy users of the underground can still get their hands on technology products produced by Apple, AMD, Intel, Microsoft, or Nvidia, even though they suspended sales in Russia and Belarus. And despite the fact that Visa, Mastercard, and American Express prohibit Russian cardholders from purchasing items outside of Russia, actors on underground forums can procure cryptocurrency or virtual and prepaid credit cards in order to make purchases abroad.
Cryptocurrency
For many, it was common sense to believe that Russians would use cryptocurrency to avoid sanctions. After all, crypto was designed to be out of the reach of governments, so despite Russia’s exclusion from the international banking system, it was not possible to prevent them from using altcoins.
However, many experts have pushed back on this thinking. Todd Conklin, a counselor to the deputy Treasury secretary, explained that crypto is “not necessarily going to be that concerning… Any attempt to move that much money through exchanges would contribute to “a bit more of a spike in the crypto market, in my view, than has been observed lately.”
Another expert reasoned that Russians would be blocked out of crypto infrastructure since the major exchanges are based in the US and other Western countries and are therefore required to comply with sanctions.
While this may be true on a large scale–that the Russian government cannot use cryptocurrency to exchange hundreds of millions of dollars without significant obfuscation–we have found considerable evidence that individual Russians have discovered avenues to acquire and use cryptocurrency. This includes disguising their locations and using shady exchanges or individual dealers to convert currency.
In one underground thread, an actor notes that one can create a Binance account and use peer-to-peer networking services to deposit dollars and exchange them for Litecoin (despite the fact that Binance prohibits Russian nationals or individuals based in Russia from depositing to any account).
The actor continues that once in possession of Litecoin, an individual can order to an intermediary address from which to forward to Russia. The actor happily notes that their Newegg order of AMD processors and Nvidia graphics cards, which are prohibited from being sold to Russians, is “already in flight.”
A Russian-language forum post explains how to use cryptocurrency in order to purchase AMD processors and Nvidia graphics cards on Newegg.
The dark web presents alternatives to the large, US-based exchanges. For example, on an underground forum thread called “Crypto and Sanctions,” Russian actors mentioned a site that tracks exchanges that enable Russians to convert between crypto and rubles. At the time of this writing, the site listed 24 such exchanges.
In a Russian-language forum post called “Crypto and Sanctions,” an actor asks how to use rubles to purchase cryptocurrency amidst the restrictions imposed on Russians.
We also discovered some more advanced schemes. In one of them, an actor claims to be able to be exchanging rubles for USD in Russia and then transfer them via SWIFT. Then, the actor exchanges the dollars for cryptocurrency (for a 1-2% fee, typical for the big crypto exchanges) and then sells the crypto for rubles in Russia for a 10-11% commission. As a result, the actor boasts 8-9% netting in 3 to 7 days.
This actor claims to have already transferred hundreds of thousands of dollars and, in their post, seeks investments of $200,000 to $1 million, noting that it is in everybody’s interest to cash out rubles for dollars before the West entirely cuts Russia out of SWIFT and the ruble plunges even further, diminishing Russians’ purchasing power abroad. Indeed, the actor behind this scheme adds, “I desperately need my money in another country where I move to live with my family.”
In a Russian-language forum post, an actor explains a scheme in which they use rubles in Russia to purchase dollars, then transfer them abroad via SWIFT, then convert them to cryptocurrency, which they sell for rubles in Russia. Altogether, the actor claims to net 8-9%.
In response to this post, an actor stated that “many people work according to such schemes now,” indicating that there is a flourishing market for those seeking to convert rubles to crypto.
One actor responds that many others are conducting this type of scheme now, implying the high demand within Russia to convert rubles into crypto.
Once Russians purchase cryptocurrency, directly or through an intermediary, they can use it to buy items that their rubles can not.
Prepaid And Virtual Credit Cards
Prepaid payment cards possess a specific balance, and virtual credit cards are electronic-only, often temporary, and one may use them for online purchases.
An actor noted that bitcoin and altcoins are an excellent way to get around sanctions, but they are not accepted everywhere. Thus, the actor proposes using bitcoin to purchase prepaid Visa and Mastercard cards. Using these anonymous prepaid cards, an individual in Russia can effectively use credit cards. The actor is looking for a good source of these cards.
A Russian-language forum post explains that while cryptocurrency is a “good way to get around sanctions,” their use is limited, and therefore advises to purchase prepaid credit cards with cryptocurrency.
Another actor, in response, warned to be wary of scammers and money launderers.
An actor warns that many posts alleging to sell prepaid cards are scams or money laundering schemes.
We found many Russian sellers of virtual credit cards. One shop, which charges a fee of $10 per card plus 10% of the balance, explained that personal data is not required to register for the card. Instead, users “remain completely anonymous” and “can specify any data in the ‘card owner field” during checkout.
This service received glowing reviews. One reviewer wrote that “the prices are reasonable” and that they recommend this service to “everyone looking for cards to circumvent sanctions.”
A Russian-language forum post offers virtual credit cards for sale. An actor recommends these cards for “everyone who is looking… to circumvent sanctions.”
There is a correlation between the introduction of credit card bans and a major spike in Russian discourse on underground forums about virtual credit cards. From 1/1 to 3/11, there were an average of 202 weekly mentions of VCCs. From 3/12 (just days after the major issuers declared their bans) through the end of April, there were nearly twice as many–392 weekly mentions.
Russian-language discourse about virtual credit cards on underground forums spiked when sanctions were introduced but reverted significantly as the summer progressed.
In the six weeks following bans on credit cards, there was an acute interest in virtual cards, though this discourse reverted significantly as the summer progressed. From a perusal of forum posts, it also looks like Russians were able to obtain and use them successfully.
European Credit Cards
Another way to circumvent the ban on Russian cards is to simply procure a non-Russian one.
We discovered an underground market selling sanctioned technology items, such as smartphones, graphics cards, cameras, and drones. The market unabashedly explained, “we buy equipment from Europe… using cards of European holders. There are no problems with the use of technology, no one is looking for it.”
A Russian-language forum post selling banned equipment, including phones, tablets, processors, and drones. The actor notes that they purchase items in Europe using European credit cards.
Thus, through possession of a European payment card or through a reseller that has one, Russians can purchase sanctioned items.
Smuggling From Abroad
Finally, we discovered indications that Russian actors smuggle banned items from abroad. In one post, an actor wrote that they are purchasing video cards, Garmin devices, and drones for delivery to Germany. The actor presumably knows how to move these devices from there to Russia.
In a Russian-language forum, an actor posts that they are looking to purchase video cards, [G]armin GPS devices, and drones. They note that they can receive the items in Germany.
In another post, an actor wrote that they are urgently looking for an Intel Core i9 processor. Additionally, the actor notes that they will accept delivery to Kazakhstan, which is a noted hub for routing banned items to Russia.
In a Russian-language forum post, an actor writes that they would like to purchase an Intel Core i9 processor, which they can accept in Kazakhstan.
Conclusion
While any country can be expected to find ways to circumvent a regime of sanctions, Russia is extremely well-equipped to do so. The vast network of the Russian cybercriminal underground provides an established infrastructure of forums to communicate and collaborate, and actors that are adept in fraud, money laundering, and cryptocurrency. The ease with which cybercriminals transitioned into blockade runners shows that they view sanctions as just another opportunity to make money.
Thus, it is no surprise that we can find actors brazenly transacting knowledge and services to circumvent sanctions. While there is no way to determine the scale in which this is taking place, the very open nature of these discussions indicates that these techniques are well-known. Anyone with the technological means to access underground forums should be able to find ways to exchange rubles into cryptocurrency or virtual credit cards and to purchase items that are banned from import. No matter how resolute the Western will has been, Russians have found a way.
)
)
)
)