Law enforcement has long acted in accordance with the old adage of "following the money" when trying to track down those who commit crimes. Finding out who has paid for what usually provides a pretty strong picture of a crime and its relevant actors, even if no one had specifically witnessed the actions taking place.
Yet in cyberspace, following the money can be significantly more difficult, particularly on 'Dark Web' sites, where any number of illegal or immoral transactions are taking place, such as the sale of drugs, prostitution and human trafficking, illegal pornography, and other unsavory activities. The Dark Web, which is a huge set of web pages that are not indexed by traditional services such as Google and require a specific browser to access, have long played host to online marketplaces offering sex, drugs, and other illegal material. These marketplaces route communications and transactions via multiple computers and layers of encryption to protect the identities of vendors and purchasers, and often use cryptocurrency to further obfuscate the identities of the transacting parties.
Indeed, bitcoin, Monera, Shadow Money, and other cryptocurrencies use encryption techniques to regulate the generation of units of currency and verify the transfer of funds, all while operating independently of a central bank. All transactions are captured on a shared, visible, and distributed ledger known as a blockchain, but the cryptographic keys and digital wallets used to hold funds are not linked to real-world identities, and provided that precautions are taken, offer a high degree of anonymity compared with traditional Western digital payment methods.
For the casual observer and law enforcement professionals, it is this anonymity that has cast a pall over bitcoin and other cryptocurrencies. "There is some stigma associated with cryptocurrencies, because it was associated with things like Silk Road," says David Decary-Hetu, an adjunct professor of criminology at the University of Montreal, and a bitcoin enthusiast. Indeed, Silk Road (and its descendants, Silk Road II and Silk Road III) capitalized on the use of bitcoins, which further helped to obscure the identities of those purchasing drugs and other illegal paraphernalia on the platform.
"There is no way to tie your identity to your online bitcoin wallet address, if you do it properly," Decary-Hetu says, noting cryptocurrency users that try to convert those funds to traditional money may lose that anonymity. "That's where sloppy people are going to get arrested. If they use Coinbase or another major exchange to convert bitcoin to U.S. dollars, the user must send in a scan of your passport or identification papers. If you just sell something on a cryptomarket, and then try to convert your bitcoin to local currency, then the FBI will be able to identify you very easily."
Dark Web Stigma
Many people automatically associate bitcoin with the Dark Web, due to the publicity surrounding the Silk Road investigation, but there are legitimate reasons for using cryptocurrencies, according to Decary-Hetu. In particular, bitcoin is viewed as a more efficient currency to use when conducting cross-border transactions, since there are no currency fluctuations or exchange rates with which to deal. Further, in some parts of the world, cryptocurrencies may be more efficient to use or more stable than government-backed currencies. Moreover, some individuals simply may want the anonymity to purchase items that may not be illegal, but perhaps embarrassing.
"There are many helpful and legal reasons for having bitcoin," Decary-Hetu says, noting that large established companies such as Dell Computer, Expedia, Microsoft, and PayPal, each accept bitcoin, and are clearly not dealing in illegal goods.
"Cryptocurrencies are not illegal per se," Decary-Hetu says. "Are they helping money laundering? Probably at some level, but it might be too harsh to say that they're only for illegal purchases."
Still, all hope of tracking down and identifying bad actors that use cryptocurrencies is not lost, though most of the information retrieved by law enforcement appears to be the result of careless users, rather than a technical breach of the technology used to anonymize the currency transactions. For example, 10 people were arrested in the Netherlands in January 2016 as part of an international raid on online illegal drug markets, after they were caught converting bitcoins into euros in bank accounts using commercial bitcoin services, and then withdrawing millions in cash from ATM machines. Interpol and the U.S. Federal Bureau of Investigation were able to follow the trail of bitcoin addresses allegedly linking that money to online illegal drug sales, which were all recorded in the bitcoin blockchain.
Not Ideal for B2B Crimes
The emphasis on cryptocurrencies may be misplaced, particularly with respect to identifying and tracking large criminal transactions, according to security experts. While small-time criminals and thrill-seekers often use bitcoin and other cryptocurrencies to transact on the dark web, experts say large money transactions have migrated to currencies that do not need to be exchanged (which open up the account holder to being identified) to be used in the real world.
"People focus on cryptocurrency, and focus on bitcoin," says Scott Dueweke, president and founder of Zebryx Consulting, which focuses on anonymous transactions, digital forensics, and the Dark Web. However, he says the bulk of illicit money transactions are flowing through Russian-based electronic currency systems, such as WebMoney and Perfect Money.
"It's very important to distinguish and [challenge] the notion that this is all about bitcoin, and that's the primary driver of criminal activity," Dueweke says. "It's an important driver of the criminal underworld and buying illegal goods, and it's well suited to the individual who is a casual purchaser."
Dueweke notes big-time criminals usually choose to use types of Russian-backed currencies that are largely out of the reach of U.S. and other Western anti-money laundering and banking laws, rather than cryptocurrencies, which have their own issues (while one's identity is obscured, there is a full record of all transactions on the blockchain, which could ultimately be used to trace back transactions if any one actor slips up and discloses his or her identity).
"If you're really trying to make these purchases as part of the criminal marketplace, doing it through a system you know is immune to Western law enforcement, immune to the type of controls set up for the banking system, and is run, most likely, in some sort of collaboration with the [Russian] oligarchs and law enforcement to look the other way, that is a much better solution," Dueweke explains.
Dueweke says the bulk of illicit money transactions flow through Russian-based electronic currency systems.
Dueweke likens the choice in payment type to where each criminal lies on the food chain.
"If you've got the casual drug user, or small-time drug dealer trying to buy relatively small amounts to sell locally, yeah, he's going to end up using bitcoin, and he may or may not use it effectively to avoid being traced," Dueweke says. "But the guy on the back end, who is part of some drug cartel, if they have some sort of network for buying and selling at the B2B scale, that seems to be going on pre-dominately using other digital payment types, or traditional movement mechanisms, such as trade-based money laundering, bulk cash, or stored value cards."
Still, it is not just the purchase of illegal goods using cryptocurrency that has law enforcement and industry leaders worried. The availability of largely anonymous currency is also seen as helping to facilitate cybercrime and cyberattacks. The use of cryptocurrency as a payment type can also be exploited by those individuals and groups that conduct cyberattacks, as the sponsor of the attack can use cryptocurrency to pay those who carry out the attack, obscuring the money trail.
"There's been a predominance of bitcoin use for ransomware campaigns," says Ed Cabrera, chief security officer at Trend Micro. "[Criminals] want to make it as easy as possible to pay the ransom."
In a ransomware attack, a company may be targeted with a denial-of-service attack or other breach, and then be required to make a payment in order to allow the company or user to regain access to their network or files. The use of cryptocurrencies as a payment mechanism, which obscures the recipient of the ransom payment, also may accelerate the use of so-called "zero-day" attacks, which exploit previously unknown technical vulnerabilities, thereby leaving security professionals with little or no time to prepare a patch or fix, leaving them no choice but to pay a ransom.
These types of attacks appear to be on the upswing. Trend Micro's tracker on the number of ransomware attacks indicate 72 attacks were reported in the first half of 2016, up 172% from the previous year. In all of 2015, just 29 ransomware attacks were reported by Trend Micro.
Whether stopping illegal purchases on the Dark Web or trying to make it more difficult for bad actors to initiate and monetize Zero-Day attacks, experts believe the first step is to focus on better understanding the various types of cryptocurrencies used, their strengths and weaknesses, and where they are being exchanged into more liquid currencies.
"The first thing needs to be focusing on the cryptocurrencies," Cabrera says. "Without changing any laws, I'd try to focus on these exchange houses. There are some that are criminally focused, and you can tell because they charge a high-end amount in administrative fees. They're charging a higher fee; they're pretty much providing protection."
Thorough investigations and more stringent international money laundering laws may be a good first step in stopping some small-time purchasers and sellers on the Dark Web, but are unlikely to have an impact on those operating from geographic safe havens.
"There's really nothing you can do about it, from a law enforcement perspective," Dueweke says. "Typically, they're set up in an area of the world where they're economically and politically repressed, and they have relationships with local law enforcement for protection."
Indeed, many of the bad actors simply thumb their noses at stringent international regulations and laws. Says Dueweke: "If you're an exchanger in Pakistan, you're laughing at the regulations."
Still Don't Get Bitcoin? Here's an Explanation Even a Five-Year-Old Will Understand, CoinDesk, January 9, 2014, http://www.coindesk.com/bitcoin-explained-five-year-old/
What Was Silk Road and How Did It Work?, PC Magazine, October 3, 2013, http://www.pcmag.com/article2/0,2817,2425184,00.asp
The Deep Web - Onion Routing, Tor, Dark Net Markets, Crypto Currencies Explained, https://www.youtube.com/watch?v=5d1MGPQnWoU
©2017 ACM 0001-0782/17/03
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from [email protected] or fax (212) 869-0481.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2017 ACM, Inc.