Estimates suggest that the costs of cybercrime globally could rise to $10.5 trillion annually by 2025. Data from the research company Cybersecurity Ventures also indicate that crypto crime has been declining in recent years, yet criminal groups continue to use cryptocurrencies to fund illegal activities, amounting to $20 billion annually.

For Lilita Lili Infante, these statistics are far from just numbers on a screen. As a special agent of the U.S. Drug Enforcement Administration (DEA), Infante led the first official cyber investigation task force focused on the use of cryptocurrencies in violation of U.S. anti-money laundering and controlled substances laws.

“I became obsessed with it,” she publicly stated, as she researched and learned how crypto is used for money laundering.

Infante is now the CEO of CAT Labs, a company developing tools to combat tech-enabled crime. The primary tool her company uses is “Recovery CAT,” which helps agencies locate, identify, and recover illegally obtained crypto assets. About 10 years ago, she also founded a federal unit focused on fighting dark web crime and cryptocurrency-related offenses.

“I realized it would be much more effective to build some automations and technical tools to help the government truly tackle these exponentially growing threats,” she stated.

Ahead of the digital forensics and cybersecurity conference, where Lili Infante will be a special guest, scheduled for November 12-13 in Belgrade, the former DEA agent spoke to NIN about cybercrime, its consequences, and the challenges faced by the public sector…

You were the lead agent in the case that led to the downfall of Hydra Market, the largest dark web platform with around 17 million users trading in illegal narcotics, stolen data, forged documents, and more. What is the most reliable method for combating the dark web that countries should adopt?

When investigating illegal dark web markets or any tech-enabled crime, it’s important to follow the latest methods criminals use to evade law enforcement, as these methods constantly evolve. Monitoring forums where criminals exchange tips on evading police is one way. Additionally, collaboration with other agencies and sharing information on the latest trends can be highly beneficial.

In my investigations of dark web markets, I divided the research into three segments: vendors, administrators, and money laundering organizations (MLOs). Instead of using the traditional approach of targeting low-level criminals first to reach the top organizers, we use a “broad approach,” targeting vendors, administrators, and MLOs simultaneously.

In 2023, the Serbian energy company EPS faced a ransomware attack that led to the leak of 34 GB of personal data on the internet. Which sectors are most vulnerable to such attacks, and what weaknesses do hackers typically exploit?

Sectors such as infrastructure, logistics, transport, healthcare, retail, education, the non-profit sector, and retail are highly vulnerable to ransomware attacks. Hackers usually deploy the virus through attachments in phishing emails or by downloading from malicious websites.

Can cryptocurrency scams affect the daily lives of ordinary people, and how can they protect themselves?

Anyone can become a victim of a crypto scam or hacking attack. There are many ways you can be deceived, and no single method guarantees protection. Best practices include using secure wallets such as hardware wallets, responsibly managing keys, using multi-signature and MPC wallets, employing strong passwords and two-factor authentication (2FA) without SMS, avoiding links or attachments from unknown sources, double-checking URLs for phishing attempts, not sharing private keys or security credentials, verifying the legitimacy of projects before investing, using VPNs, avoiding public Wi-Fi for transactions, and being cautious about interacting with dApps that have not been audited. Also, educating family members, especially older generations, about scams such as “pig-butchering” and romance scams can help them stay safe.

You said 10 years ago that cryptocurrencies would be the easiest way for criminal organizations to launder money. Is that still the case today?

Yes, I believe it’s still true that cryptocurrencies are one of the easiest ways to launder money, especially for transnational criminal organizations that need to move funds across borders quickly while avoiding law enforcement.

What is the solution—stricter regulation?

I don’t think there is a single answer. Clear regulation, as well as training for our law enforcement, defense, and intelligence agencies, and the development of technological tools to assist in investigations, are key aspects in the fight against tech-enabled crime.

Blockchain technology is often associated with criminal activities. Does this mean blockchain technology is inherently bad?

No. I believe blockchain is an important revolutionary tool for decentralization, acting as a counterbalance to tyranny and excessive centralization of power and resources. However, more effort and resources need to be invested in researching and developing tools that will combat the misuse of blockchain technology by criminals, terrorists, and adversaries.

The largest communication system in Serbia records thousands of attempted hacking attacks daily, and it is considered that it is no longer a question of whether you’ll be a victim of an attack, but when and how much damage will be done.

I am not fully familiar with Serbia’s communication system and its vulnerabilities, but hackers in general are becoming increasingly sophisticated and are using new technologies to expand their attacks, making them much more impactful.

Banks and other financial institutions invest heavily in cybersecurity, yet we’ve seen cases like the recent cyberattack on China’s ICBC bank. Is this the future brought by the new technological revolution?

Absolutely. Criminals are often the first to adopt new technologies because they don’t play by the rules. If we fail to develop counter-technologies at the same pace with which bad actors adopt new technologies enabling them to expand their attacks and increase their global reach, we will be in big trouble.

Recently, in Serbia, two state-owned companies, the Republic Geodetic Authority and EPS, were targeted by hacking attacks. Private companies, especially banks, have not faced such major issues in our country, at least not yet. What does this tell us?

Hackers target entities that cannot afford prolonged downtime or those that have sensitive data that cannot be exposed. This is one of the main reasons why sectors like healthcare, schools, banks, critical infrastructure, and manufacturing companies are major targets. Additionally, state institutions often lag behind with modern cybersecurity tools, making them easier targets everywhere.

Do hackers in the West target more state institutions or private companies?

In the U.S., private companies are still the most common victims of cyberattacks, as more industries are privatized compared to many other countries.

What is the solution, and how important is a quick response?

Having an incident response plan and executing it as quickly as possible is one of the best ways to minimize damage from cyberattacks. On average, it takes around 200 days to detect a breach and an additional 70 days to contain it. A well-developed incident response plan, combined with automatic logging and alerting in security systems, can help companies detect and respond to breaches more quickly. Using AI in security systems can also speed up breach detection time.