State-Sponsored Carding: How Nations Use Cyber Fraud as a Geopolitical Tool

[Professor]

Introduction: A New Era of State-Based Cybercrime​

Traditionally, card fraud is associated with organized crime. However, in the last decade, this phenomenon has acquired a geopolitical dimension. States, particularly those under international sanctions or engaged in hybrid conflicts, are increasingly using financial cyberfraud as a tool of foreign policy and national security. This article examines how nation-states have transformed card fraud from a criminal enterprise into a tool of public policy, the mechanisms for its implementation, and the implications for the global financial system.

Historical evolution: from criminal gangs to state programs​

The first signs of state involvement in financial cyberfraud emerged in the early 2010s. Initially, states limited themselves to passively sponsoring cybercriminal groups, allowing them to operate on their territory in exchange for a percentage of profits or access to their technology. However, over time, this model evolved into the direct integration of cybercriminal operations into state structures.

A key turning point was the tightening of international sanctions against a number of countries, which limited their access to the global financial system. To circumvent these restrictions, states began developing their own cyber capabilities focused on financial crime. The most notable examples were the North Korean group Lazarus, the Iranian TA453 and Charming Kitten, and Russian groups such as Evil Corp and TA505.

Mechanisms of state-sponsored carding​

1. Direct government operations​

Some countries' intelligence agencies and military cyber units have created specialized departments focused exclusively on financial cyber operations. These units operate under official cover, often masquerading as research institutes or IT companies.

One example is Bureau 121 of North Korea's Publicity and Propaganda Service, which is responsible for cyber operations, including financial crimes. According to the FBI, this group is responsible for the theft of hundreds of millions of dollars through attacks on banks and cryptocurrency exchanges.

2. Outsourcing to cybercriminal groups​

States enter into informal agreements with cybercriminal groups, granting them immunity from prosecution in exchange for carrying out targeted operations and transferring funds or technology.

For example, according to a report by Mandiant, Iranian authorities provide cybercriminal groups with "hacking licenses" in exchange for 20% of the stolen funds and access to exploits developed.

3. Creating a legal cover​

States create complex networks of shell companies, often linked to cryptocurrency exchanges or payment systems, which are used to launder stolen funds and reintegrate them into the legitimate economy.

Technical aspects and methodologies​

Financial attacks on banking systems​

Modern state-sponsored carding operations rarely limit themselves to petty thefts of card data. Instead, they target the banking infrastructure itself:

• Attacks on processing centers: Direct access to payment processing systems allows for the redirection of large sums of money.
• SWIFT attacks: Exploiting vulnerabilities in the international bank transfer system for unauthorized transactions.
• ATM Jackpotting: Remotely take control of ATMs to withdraw cash simultaneously in different countries.

Social engineering as a state instrument​

State-led groups have developed sophisticated social engineering techniques, often combining them with traditional intelligence techniques:

• High-definition phishing (spear-phishing): Targeted attacks on employees of financial institutions using information obtained through intelligence channels.
• Long-term impersonation: Creating false digital identities to establish trust with victims in the months leading up to an attack.

Cryptocurrencies as a tool and a goal​

Cryptocurrencies play a dual role in state carding:

• Laundering tool: Stolen funds are converted into cryptocurrencies to make tracking more difficult.
• Target of attacks: Direct hacks of cryptocurrency exchanges and wallets are becoming increasingly common.

Geopolitical goals and consequences​

1. Financing sanctions regimes​

For countries under severe economic sanctions (North Korea, Iran, and, to some extent, Russia), cybercrime has become a significant source of foreign currency. The UN estimates that North Korean hackers steal up to $1 billion annually to fund their nuclear and missile programs.

2. Asymmetric economic impact​

State-sponsored carding allows for targeted damage to the economies of adversary countries without direct military conflict. Attacks on financial infrastructure undermine trust in the banking system and can cause localized economic upheaval.

3. Financing hybrid operations​

Funds obtained through cyber fraud are often used to finance other hybrid operations:

• Cyberattacks on critical infrastructure
• Disinformation campaigns
• Supporting proxy groups in conflict zones

4. Technological espionage​

Financial attacks are often combined with the theft of trade secrets and technology, allowing states to close the technological gap.

Legal and ethical dilemmas​

State-sponsored carding poses complex legal challenges:

1. Jurisdictional issues: Criminals operate from the territory of sovereign states, making it difficult to bring them to justice.
2. Attribution: Proving state involvement in cybercrime requires intelligence that is rarely presentable in court.
3. Proportionality of Response: Determining an adequate response to state cyber fraud remains a matter of international debate.

Counteraction and international initiatives​

Multilateral efforts​

• The Financial Action Task Force (FATF) has expanded its recommendations to include the risks associated with state-sponsored cyber fraud.
• Cooperation between financial institutions: Major banks have established joint threat intelligence centers.
• Diplomatic pressure: Western countries are increasingly using sanctions against individual hackers and organizations linked to state-sponsored carding.

Technological countermeasures​

• Artificial Intelligence for Anomaly Detection: Machine learning systems analyze transactions in real time.
• Blockchain analytics: Specialized companies track the movement of funds through cryptocurrency networks.
• Enhanced Authentication: Implementation of multi-factor authentication and biometric systems.

Future trends and forecasts​

1. Attack automation: Nation-state groups will increasingly rely on artificial intelligence to scale attacks.
2. Convergence with other cyber threats: Financial motives will be combined with political objectives in unified operations.
3. Expanding targets: Attacks will expand to new financial technologies, including central bank digital currencies (CBDCs).
4. Rise of "Black Swans": The likelihood of a large-scale attack that could temporarily paralyze a significant portion of the global financial system is increasing.

Conclusion: Unstable Equilibrium​

State-sponsored carding represents a dangerous evolution of cybercrime, blurring the line between criminal activity and public policy. This practice creates short-term advantages for individual states, but in the long term threatens the stability of the entire international financial system, which underpins the modern global economy.

Countering this threat requires an unprecedented level of international cooperation, combining diplomatic, legal, technological, and intelligence efforts. Without a coordinated response, the world risks facing a new form of financial warfare, where anonymity and deniability become standard tools of state policy, and the lines between war and crime are completely blurred.

A sustainable solution to this problem lies not only in technology but also in creating a more equitable international system that reduces the incentives for states to resort to such methods. As long as such incentives exist, state-sponsored carding will remain an attractive tool for those in conflict with the international order.