On June 7, 2021, the US Department of Justice announced a breakthrough: Less than one month after the oil and gas pipeline company Colonial Pipeline had paid its ransomware attackers roughly $4.4 million in bitcoin in exchange for a decryption key that would help the company get its systems back up and running, the government had in turn found where many of those bitcoins had gone, clawing back a remarkable $2.3 million from the cybercriminals.
In cybercrime, this isn't supposed to happen—or at least it wasn't, until recently.
Cryptocurrency is vital to modern cybercrime. Every recent story you hear about a major ransomware attack involves the implicit demand from attackers to their victims for a payment made in cryptocurrency—and, almost always, the preferred cryptocurrency is bitcoin. In 2019, the ransomware negotiation and recovery company Coveware revealed that a full 98 percent of ransomware payments were made using bitcoin.
Why is that? Well, partly because, for years, bitcoin received an inflated reputation for being truly "anonymous," as payments to specific "bitcoin addresses" could not, seemingly, be attached to specific persons behind those addresses. But cryptocurrency has matured. Major cryptocurrency exchanges do not want their platforms to be used to exchange stolen funds into local currencies for criminals, so they, in turn, work with law enforcement agencies that have, independently, gained a great deal of experience in understanding cybercrime. Improving the rate and quality of investigations has also been the advancement of technology that actually tracks cryptocurrency payments online.
All of these development don't necessarily mean that cybercriminals' identities can be easily revealed. But as Brian Carter, senior cybercrimes specialist for Chainalysis, explains on today's episode, it has become easier for investigators to know who is receiving payments, where they're moving it to, and even how their criminal organizations are set up.
"We will plot a graph, like a link graph, that shows [a victim's] payment to the address provided by ransomware criminals, and then that payment will split among the members of the crew, and then those payments will end up going eventually to a place where it'll be cashed out for something that they can use on their local economy."
Tune in to today's Lock and Code podcast, with host David Ruiz, to learn about the world of cryptocurrency forensics, what investigators are looking for in reams of data, how they find it, and why it’s so hard.
You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.
Show notes and credits:
Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)
Fighting censorship online, or, encryption’s latest surprise use-case, with Mallory Knodel
What is AI ”good” at (and what the heck is it, actually), with Josh Saxe
A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how
Fighting tech’s gender gap with TracketPacer
Why does technology no longer excite?
Security advisories are falling short. Here’s why, with Dustin Childs
Threat hunting: How MDR secures your business
How student surveillance fails everyone
A gym heist in London goes cyber
Teen talk: What it’s like to grow up online, and the role of parents
Calling in the ransomware negotiator, with Kurtis Minder
The MSP playbook on deciphering tech promises and shaping security culture
Playing Doom on a John Deere tractor with Sick Codes
Donut breach: Lessons from pen-tester Mike Miller
Have we lost the fight for data privacy?
Roe v. Wade: How the cops can use your data
When good-faith hacking gets people arrested, with Harley Geiger
Securing the software supply chain, with Kim Lewandowski
Tor’s (security) role in the future of the Internet, with Alec Muffett
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
Black Wolf Feed (Chapo Premium Feed Bootleg)
Bannon`s War Room