Law enforcement is catching up with criminals who use bitcoin to escape detection for their crimes. The imprisonment of Ross Ulbricht in February 2015 marks the most visible proof that criminals cannot hide their online activities. Czech national Thomas Jiikovsky was suspected of laundering $40 million in stolen bitcoins and in March police seized his assets.
Trendon Shavers pleaded guilty to operating a $150 million Ponzi scheme in September, marking the first bitcoin securities fraud case. That same month, police arrested Mark Karpeles for fraud and embezzlement of $390 million from the Mt. Gox cryptocurrency exchange.
Science Magazine recently reported how forensic researchers are teaming with cryptocurrency developers to use bitcoin technology to catch criminals who thought they were protected by a cryptographic wall. The evolving field of cryptographic forensics points to some shortcomings in bitcoin’s assumed privacy, a development that law enforcement welcomes.
While bitcoin is anonymous, its associated data creates a forensic trail that can be traced.
The academic researchers who helped develop the software systems and encryption for bitcoin are now working with law enforcement to catch criminals. They work in a new field that combines forensics, economics and computer science, according to Sarah Meiklejohn, University College London computer scientist who recently co-chaired an annual workshop in Barbados on financial cryptography.
Meiklejohn recalled that law enforcement initially was alarmed when bitcoin emerged. Authorities viewed the technology as aiding criminals and making it harder for law enforcement to do its job. But the increasing number of arrests and convictions is changing their outlook. Law enforcement is seeing cryptocurrency as a tool for prosecuting crimes.
Brett Nigh, FBI assistant general counsel, said last September that investigators can follow the money.
Patrick McDaniel, a computer scientist at Pennsylvania State University, said bitcoin is the frontier of economics.
The cryptocurrency is safe from theft as long as bitcoin users don’t reveal their private bitcoin numbers which generate their digital signatures. But when they spend their bitcoin, the forensic trail starts.
Bitcoin’s anonymity appealed to criminals. By 2014, millions of dollars in bitcoins were spent on illegal drugs on Silk Road, which served as a platform for buyers and sellers. The platform had escrow accounts, a vendor reputation system and a buyer feedback forum. Sellers sent merchandise through the postal system. The buyer sent the seller a mailing address in an encrypted message. The site provided tips like how to vacuum-package drugs.
Authorities collected data from Silk Road, including text and images that described products and bitcoin transactions on the blockchain. They were able to connect the evidence to the Internet Protocol (IP) addresses of the computers the buyers and sellers used.
But the bitcoin network blurs the correspondence between the IP addresses and the transactions. Investigators needed more information to identify people conducting illegal sales with bitcoin. Eventually, they got it.
The anonymity worked so well for the criminals that they became careless. When Ross Ulbricht was hiring help, he used the same pseudonym he used previously to post notices on drug discussion forums. Once the FBI tracked his IP address to an Internet café in San Francisco, Calif., investigators caught him in the act of logging in as a Silk Road administrator.
Other criminals believed that as long as they were careful, their identity was protected by the cryptographic wall. But now even that is changing.
Philip and Diana Koshy, a husband-and-wife team of researchers, were the first to crack the cryptographic wall.
Working as graduate students in McDaniels’ lab at Penn State in 2014, they built a version of the software the buyers and sellers were using to participate in the bitcoin network. The software was designed to be inefficient, downloading a copy of every packet of data sent by every computer in the bitcoin network.
The Koshys were able to isolate some of the bitcoin addresses. Once they did this, they were able to isolate other addresses. They were eventually able to map IP addresses of more than 1,000 bitcoin addresses. They published their findings in a cryptography conference’s proceedings. As a result, both the U.S. Department of Homeland Security and The New York Times took notice and contacted the couple.
The Koshys’ technique has not appeared in the official record of the criminal case, but the Koshys claim to have observed fake nodes on the bitcoin network connected with IP addresses in government data centers in Virginia, which suggest the investigators are using the data packets for surveillance purposes.
While criminals have found more advanced ways to use bitcoin, researchers have followed them. Meiklejohn, who works with law enforcement but did reveal details, was among the first researchers to explore bitcoin “mixing” services. This refers to protecting the anonymity of transactions by exchanging many people’s bitcoin stashes with one another. A forensic trail traces the money’s movement, but it goes cold since it is not possible to know which bitcoins belong to whom at the other end.
Meiklejohn said in principle, this is a solution to bitcoin’s anonymity issue.
But even mixing has its drawbacks that forensic researchers can exploit. Shortly after Silk Road closed, a person with administrative access to another black market gained 90,000 bitcoins from user escrow accounts. The thief, Thomas Jiikovsky, attempted to use a mixing service to launder the money, but he was not able to hide the tracks. Meiklejohn said it’s hard to push large amounts of bitcoin through mixing services covertly. “It’s extremely noticeable no matter how you do it,” she said.
From a detective’s point of view, the big benefit to bitcoin is that the blockchain records everything. Meiklejohn noted that when you catch someone using Silk Road, you have discovered not just one crime, but the person’s whole criminal history.
On Jan. 20, police arrested 10 men in the Netherlands in an international raid on illegal online drug markets. They were caught converting bitcoins into Euros in bank accounts using bitcoin services, then withdrawing millions in cash from ATMs.
The bitcoin addresses allegedly link the money to online illegal drug sales that law enforcement tracks.
If the shortcomings in bitcoin’s privacy drive users away, it will lose its value.
But the demand for privacy will not disappear, and new cryptocurrencies are evolving.
Featured image from Shutterstock.