While it may be a bit harsh to label it the currency of crime, Bitcoin and its dozens of cryptocash cousins certainly have an underworld appeal. Profit-motivated cybercriminals are drawn to its decentralised nature and the anonymity that it affords. Cryptocurrency also simplifies cashing out for the bad guys, and the potential for extortion through ransomware and attacks on unsecured exchanges grows exponentially as digital cash inches toward the mainstream. It has become a multi-billion-dollar enterprise.
The range of threats associated with the abuse of cryptocurrency extends from the relatively petty—malware dropping mining software on compromised machines—to the sublime—nation-states accused of stripping exchanges clean for the purposes of funding state-sponsored espionage. It’s a harsh and somewhat unregulated environment that has grown faster than those trying to secure its surroundings have anticipated.
The early days of cryptocurrency, and especially those focused on maintaining the privacy of users and transactions, are often described as an academic exercise. Although the widespread adoption of cryptocurrency among Dark Web marketplaces such as the now-defunct Hansa, for example, may seem as if determined by some sort of initial market study, it wasn’t. Once criminals recognised that cryptocurrency could enable them to obfuscate their transactions, they decided to use it.
Of Miners and Monero
If you’re looking for low-hanging fruit, it’s largely concentrated among the various families of miners, in particular silent miners, found on the Deep & Dark Web (DDW). Many of them mine Monero, which is marketed as cryptographically secure currency; its advanced obfuscation algorithms hide the origin and destination of transactions, as well as amounts. It is approaching Bitcoin as the currency of choice for criminals purchasing illicit goods and services on the DDW, including malware, stolen personal information, drugs and weapons. Bitcoin, despite its mainstream appeal and skyrocketing valuation, operates under a much more transparent blockchain and doesn’t cloak transactions, allowing researchers and law enforcement the ability to better analyse criminal activity.
Indeed, this is why more people are abandoning Bitcoin in favour of Monero. Multiple markets now accept Monero, and many vendors will only transact with it, not Bitcoin. The challenge with using Monero is that it requires a cryptocurrency savviness. Purchasing Monero and moving it out of an exchange is generally more complex than doing so with Bitcoin.
A number of DDW forums sell cryptocurrency miners and attackers are distributing them in a number of and devious ways, including as a payload in popular exploit kits, malvertising campaigns, and via email-based attacks, to name a few. Last May, attackers used the freshly released NSA exploit EternalBlue and the DoublePulsar rootkit to distribute the Adylkuzz miner, adding an additional layer of sophistication and urgency to these types of incidents.
The end result is an infected computer grinding to a halt as the malware eats up CPU cycles to create virtual money, all to benefit malicious users, including criminal enterprises. The legitimate business with the infected machines on its network could be in line for expensive power and utility costs, as well as hardware-replacement expenses due to wear-and-tear under the weight of cryptocurrency mining.
Dirty Money, Clean Laundry
Cryptocurrency isn’t just a means of generating revenue, it’s also a realm where dirty money is laundered. A number of criminals are discussing DDW-based as well as legitimate services that convert cryptocurrency into payment card funds. Actors have recently been observed discussing how to best transfer funds from their crypto wallets to another actor or service providing payment cards, physical cards, or virtual bank accounts.
In the meantime, law enforcement resigns itself to gradual gains against criminals who have already figured out how to use cryptocurrency to beat the system on many levels. The problem figures to intensify as currencies such as Monero inch closer to the mainstream.
While blockchain analysis can help law enforcement and private enterprises gain tangible insight into the activities and identities of criminals who use bitcoin, the landscape is changing. As blockchain technology and criminal behaviour continue to evolve and advance, this type of analysis may become more difficult for law enforcement and researchers in the future.
