Featured Article

Sleuths on the cyber trail

Andy Greenberg, the award-winning WIRED reporter, talks about his latest book on bitcoin tracing and how law enforcement still has the upper hand in its fight against cyberfraudsters and other criminals on the dark web.

Andy Greenberg first became fascinated with the dark web and the tools that give people anonymity online when he landed a job as the security reporter at Forbes in the mid-2000s. It seemed at the time that law enforcement and even intelligence agencies couldn’t lift the virtual veil that hid all the wrongdoing taking place in this relatively new digital world.

His first book, “This Machine Kills Secrets,” dug deep into the so-called cypherpunk movement of the 1990s and how it empowered whistleblowers like Julian Assange, the founder of Wikileaks.

Cypherpunks wanted to thwart surveillance and take power away from governments and corporations and give it to individuals. They not only saw encryption tools as a way to communicate secretly, but they also dreamed of a day when they could have secret money that would allow them to make untraceable transactions.

That day came with the introduction in 2009 of bitcoin, the now famous virtual currency designed as a peer-to-peer payment system whose transactions are recorded on a digital distributive ledger called blockchain. Here was an untraceable payment system — cypherpunks’ “holy grail,” as Greenberg describes it — helping to popularize bitcoin’s use on darknet websites and sullying its reputation as a money-laundering tool.

Greenberg’s latest book, “Tracers in the Dark,” is about how a group of law enforcement officials, academics and technologists busted that myth to show that bitcoin movements can be traced across the internet.

The award-winning WIRED reporter talks to Fraud Magazine about how these sleuths helped bring about some of the biggest busts in the cyberworld, what fraud examiners can do to learn the tools of the trade and how new crypto assets may give criminals the upper hand. (The interview has been edited for length and clarity.)

Why wasn’t it obvious from the start that you could trace bitcoin? After all, isn’t it meant to be on a blockchain — a sort of public digital ledger available for all to see?

With the benefit of hindsight, yes, perhaps it should have been obvious. Bitcoin is powered by the blockchain, which lists every single bitcoin transaction. The whole idea of the blockchain was that it basically filled the role of the authority in the bitcoin economy, and you didn’t need a government or a bank to track or guarantee the money in any sense. But the blockchain only shows those transactions between bitcoin addresses. There isn’t any actual identifying informaton there. Bitcoin addresses are these long meaningless strings of 34 characters that have nothing to do with the owner’s identity. If the blockchain wasn’t completely anonymous, it looked like it was, at least, pseudonymous. Each transaction hides behind the pseudonym of the sender and recipient, and it didn’t initially seem like there was a way to crack that.

When did this perception of the anonymity of bitcoin start to change?

I would say it really changed in 2013 after security researcher Sarah Meiklejohn published her paper “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names,” which challenged the idea that bitcoin transactions are completely anonymous. She and other researchers started to come up with tricks to cluster those addresses and show that dozens or thousands of them belonged to a single person or organization or service or black market. This also allowed them to follow the money from one hop to the next and still show it all belonged to the same person and track that money until it hit a particular exchange where it was traded for traditional currency — and where you could often send a subpoena to get someone’s identifying information. The ability to find those tells in the blockchain only started to become clear in 2013. But even then, as those techniques were developed, it seemed to many people like me that if you were just a little bit clever you could stay a step ahead and obfuscate your transactions. You could do a few tricks to prevent your bitcoins from being traced.

When did law enforcement gain the upper hand in this cat-and-mouse game?

It was only in 2020 that I belatedly started to realize that the cats in this cat-and-mouse game have an enormous advantage and that it is extremely difficult, if not impossible, to use cryptocurrency privately, or anonymously. And the way that I saw that was when I began to see just how often a blockchain analysis company, co-founded in 2014 by Michael Gronager and Jonathan Levin, Chainalysis was being credited in the Justice Department’s public annoucements in one takedown, or bust, after another. And that’s when I started making contact with Chainalysis and the people there and hearing the stories about how they had traced all this money and also the law enforcement agents, and prosecutors they had been working with.

What was Chainalysis doing that was so useful to law enforcement?

Chainalysis had created this automated software, known as Reactor, that law enforcement would use as its central tool to trace cryptocurrency. But they also worked closely with agents to crack specific mysteries when those detectives hit a dead end. This is one of the most sensitive and secretive parts of Chainalysis’s role in the story. But I do know that the IRS agent who is essentially the main character of the book — Tigran Gambaryan — and Jonathan Levin at Chainalysis worked together in 2017, for instance, to look for the IP address of the server for the darknet market AlphaBay. To find a computer on the internet, generally you need to know the IP address, which allows you to locate it, seize it or arrest its owner. But on the dark web every IP address is masked by Tor, anonymity software that generally makes it impossible to find an IP address. But Jonathan and Tigran together had an idea to find the IP address of the AlphaBay server through its use of cryptocurrency. They would later say they used this secret thing that they had created to find the IP address, let’s just call it “advanced analysis,” the term the prosecutors in the case used for it. But they would say no more than that. I would ask how that was possible, but they wouldn’t tell me. There are no IP addresses on the blockchain. That is part of the reason why the blockchain once looked like a privacy tool. If there are IP addresses on the blockchain it would be clear that that this is identifying information.

But I did have my own suspicions about the answer: I did know in the early days of Chainalysis that its founders had this minor privacy scandal, where they set up their own nodes in the bitcoin network. Anyone can run a bitcoin node, the computers in the network that basically listen for transactions when they are broadcast from their wallet and then copy those transactions out.

How do these nodes work?

Bitcoin nodes are basically servers that listen for transactions that are broadcast from users, and they pass them on to each other. When enough of them have heard the transaction, then all of them can confirm that transaction and record on the blockchain that this transaction has officially occurred. When you make a bitcoin transaction, you wait for a certain number of confirmations before you know it has gone through, and it’s the nodes that are confirming it. Anyone can run a bitcoin node. But what Chainalysis realized, it seems, is that you can run surveillance or eavesdropper nodes that listen and record the IP addresses of users. They initially did this in 2015 as a demonstration. They wanted to show they could discover people’s IP addresses and create a map of where bitcoin users were around the world. It was relatively innocent at the time, but it made people really angry and there was a bit of a scandal within the bitcoin community. People were wondering what Chainalysis was and why they were spying with these malicious nodes in the network. So, Chainalysis’s co-founders apologized and said they would take down the nodes. But years later, when I learned they’d somehow got the IP address of the AlphaBay server, of course my mind immediately went to this story of when they ran their own bitcoin nodes and found IP addresses that way. I thought maybe they were able to do this with dark-web servers too. I talked to one security researcher about this, and he said, “Oh yeah, absolutely 100% that is what they are doing.”

Were you torn between publishing the information and keeping it quiet to help law enforcement prevent what were very serious crimes?

I was put in this ethical quandary. They had asked me not to reveal the technique, saying they were still using it to go after the really bad stuff on the dark web. I knew that included child sexual abuse networks. Do I keep the surveillance technique secret, knowing it would upset a lot of privacy advocates, potentially rightfully so? Or do I expose what I know and burn this tool and potentially help to protect these really bad actors on the dark web? There were nights when I woke up at 3 a.m., weighing this ethical dilemma. So, I was relieved when I discovered, just at the end of the reporting process for this book, that a Chainalysis presentation for the Italian police had been leaked on the dark website DarkLeaks, exposing this technique. It revealed Chainalysis had this tool called Rumker, which appeared to be exactly what was used to locate the AlphaBay server. The leak confirmed that they did have this secret technique, and yes it did use secret Chainalysis bitcoin nodes in the bitcoin network.

What does that mean for Chainalysis now? Can they no longer use this technique?

It is pretty clear to me that some dark-web administrators, the smart ones, are very aware of this now. I would have to imagine that technique is mostly burned. Any dark-web administrator who knows what they are doing will know about it and be able to evade it. But that’s just one secret weapon in Chainalysis’s toolkit, and I would guess they have other secret tracing techniques, probably forms of blockchain analysis, but also other tricks for fingerprinting people’s use of cryptocurrency or these other leakages of information that they have learned how to exploit. This is their business, and it is a very competitive industry now. In this cat-and-mouse game there is now a cutthroat and well-funded industry of cats all competing.

What skills do professionals in the anti-fraud field need to carry out these kinds of investigations? I thought it interesting that you mentioned a couple of people in your book who weren’t at all knowledgeable about this technology, but they built a niche of expertise in this area?

Jen Sanchez, a veteran Drug Enforcement Administration agent, is a great example. Jen once didn’t even know what a bitcoin was practically. I didn’t mean to make fun of her in the book, but I point out that in one instance she was on a conference call, and she asked, “Why don’t we just subpoena these bitcoins?” She didn’t realize that with bitcoin there is generally no central payment processor for a dark-web site that you can go after. That is the whole idea. And now Jen, who was once coming to all this cold, works for a cryptocurrency exchange and lives in that world.

More generally, as I was saying, there is this industry of companies that builds tools to do this. It is not like every law enforcement agency in the world, or fraud examiner, necessarily needs to reinvent the wheel and come up with these tricks like Sarah Meiklejohn and the founders of Chainalysis did. These tools are a commodity which, for the most part, you can buy. It probably means that if cryptocurrency tracing isn’t part of the arsenal of everybody following digital crime online, it very soon will be because it’s now available off the shelf.

Does this mean that fraud examiners can use them with a touch of a button, much like we use computers today? How easy is it to learn these skills?

I don’t want to say it isn’t difficult. I have never used Reactor. Chainalysis has never let me have it. [Laughs] When I try to do cryptocurrency tracing, it’s not easy. And I don’t think that even Reactor is a totally plug-and-play sort of thing. You would need to be trained in how to use it. But I think the training is available. It is not a secret weapon anymore. There may be some cutting-edge cryptocurrency tricks that may be secret, but so much of it now is readily available.

How much of this comes down to old-fashioned investigative work and catching fraudsters through their blunders?

I don’t agree with the assessment that the criminals I describe in the book are caught because they made dumb mistakes. It is just not that easy. Yes, people make mistakes, but Alexandre Cazes, the founder of dark-web market AlphaBay, is a good example. He accidently leaked his email address in the early days of AlphaBay. That’s where investigators first heard his name by following that email address and forum posts linked to it. But they didn’t fully believe their own lead at that point. They didn’t have enough to indict him, and they weren’t sure whether they were being set up by their source, or whether someone was simply trying to frame this guy. It seemed almost too easy. It was only once they figured out how to trace AlphaBay’s cryptocurrency profits to all these exchanges that they were then able to issue subpoenas to get Alexandre Cazes’ name, confirm these leads and catch him, dead to rights. Yes, cryptocurrency tracing is very often not the beginning and end of the investigation, but it is sometimes the most definitive forensic tool that they had in these cases, even when they had some other loose threads to pull on.

Another example is Welcome to Video, which was the dark web’s biggest child sexual abuse video network by some measures. The administrator of that site made the mistake of not properly protecting the thumbnail images on the website with Tor anonymity software. With a right click on those images, Tigran Gambaryan was able to view sources on that webpage and find the IP addresses where those images were hosted. He saw they were in South Korea, which is the first time that they had an early lead in finding the administrator of the site. But if it hadn’t been for the ability to trace the cryptocurrency, they would have just taken down the website and got the administrator, but they would not have been able to follow the money to hundreds of the site’s users around the world, arrest 337 uploaders, downloaders and abusers of children, and rescue 23 kids. That all came from cryptocurrency tracing. It’s not like a simple slip-up revealed that. And I think it captures that sometimes these cases can include a lucky break, i.e., the thumbnail IP addresses. But following the money is not a lucky break. It was a systematic secret weapon they had of incredible power, and it made an enormous impact on these criminal networks.

What has been the response in U.S. courts to using crypto tracing and what sort of precedents have been set? Can you talk about the Fourth Amendment defense that one of the fraudsters used?

The Fourth Amendment argument was really interesting because it was actually a U.S. Department of Homeland Investigations agent who was using Welcome to Video as a customer of the site. He pleaded guilty, but he also argued that the case should be thrown out because of his Fourth Amendment protections against an unconstitutional search. The Fourth Amendment, of course, prohibits any search where a person has reasonable expectation of privacy unless law enforcement first obtains a warrant. So the judges in the appeal asked themselves what makes this a search that requires a warrant. The question was: Did the defendant have a reasonable expectation of privacy for his bitcoin transactions? And the judge came back with the answer: No. Look at the blockchain. It is all right there. How can you have a reasonable expectation of privacy for something that is out there in public? It is a wonderful illustration of how far this idea of cryptocurrency’s privacy had shifted, and the surprise it represented for these users. The defendant in the case did expect it to be private, but I guess the judge thought that was not “reasonable.” I wanted to highlight that because it is setting down in legal terms the exact trap these people fell for.

What did you learn about the psychology of these particular types of fraudsters?

I think they are different from traditional criminals. They are people who live double lives. They are unassuming nerds in their day-to-day lives, but on the dark web, this secret digital world, they are living lives as kingpins and crime lords and, in some cases, the masterminds of vast networks of child abuse and terrible things like that. They are all very different from each other. When I interviewed the Dread Pirate Roberts, the creator of the Silk Road — the first dark-web drug market — what interested me about him was that he was this idealogue who believed what he was doing was running a kind of experiment in victimless crime and taking violence out of the drug trade and ushering in this libertarian revolution on the internet. Ross Ulbricht, the young man who turned out to be Dread Pirate Roberts, did really believe that stuff, and spent very little of the money he had made. He did, it’s important to note, try to have a couple of people killed who he believed threatened the Silk Road. Even that, I would argue came from a place of ideals. He thought he had built something really special, and it was worth trying to have people killed to protect it. For better or worse, you could argue it is a case of corrupted ideals or noble cause syndrome, where you think what you are doing is so ethical and so worthwhile that you are willing to do terrible things in the name of that cause.

By the time Alexandre Cazes was running AlphaBay, the dark web had gotten a lot darker. Alexandre Cazes had come from the world of credit card fraudsters, and he had been stealing from people his entire career as a hacker. And his conceit with AlphaBay was to combine the spheres of the dark web devoted to cybercrime and to drugs, and that was what made him so successful in part. There were no rules about victimless crime on AlphaBay. In fact, the only people you were not allowed to target were people based in the former Soviet Union. It turns out that may have been a bit of a ruse to make it look like AlphaBay was hosted in Russia. But Alexandre Cazes was a more traditional criminal, who did enjoy his wealth and he did have $40,000 roof-top dinners at luxury restaurants, and wanted to live that crime lord life, but the source of his money was all secret. He presented to the public as an early bitcoin investor and only in secret did he live this life of abject immoral crime.

You can see in some ways the evolution of the dark web from something more idealistic to this darker world — it kind of naturally eroded toward something with fewer ideals. You can see this with not only the kingpins of the dark-web sites but also with some of the law enforcement agents who were investigating the Silk Road and how they began to live these double lives. The seductive power and illusion that you could be someone else online completely disconnected from your daily life, splintered their personalities and drove them to do ridiculously corrupt things.

In your book you talk about the collapse of Mt. Gox, which at one point handled the vast majority of bitcoin transactions worldwide. Are there any parallels with what has happened with FTX?

Yes, there are absolutely some parallels there. It does seem that Sam Bankman-Fried has done irresponsible, potentially even criminal, things in terms of his overleveraging, his misappropriation of people’s funds and using customer money in his own investment platform in ways that led to this horrific collapse. When Mt. Gox similarly collapsed and went bankrupt and sent the whole cryptocurrency economy into a tailspin in 2014, it seemed very similar. Many people believed that Mark Karpelès, the CEO of Mt. Gox, had stolen the money or had done something irresponsible with it and it was all his fault. And it was only proven through cryptocurrency tracing that the Mt. Gox bitcoins were instead stolen by a hacker group. There are some parallels with FTX because just after its bankruptcy some hundreds of millions of dollars of crypto were also taken out of FTX’s accounts in a way that was totally unauthorized and illegal. Nobody knows but it seems it was either insiders embezzling the money or external hackers who were taking advantage of this chaotic situation. The same cryptocurrency tracers, who are the subjects of my book, are watching this money move around the blockchain. That is the crazy thing about cryptocurrency theft; you can watch the getaway car as it takes every turn and tries to find somewhere to launder the money. As a result, it’s going to be very difficult for whoever took this FTX money to steal it without being identified or be able to spend it. And I think as a result we’ll soon know if it was an insider who did this or cybercriminal thieves from the outside.

[See sidebar: “FTX and crypto tracing”.]

Your book mostly covered bitcoin tracing, but are newer types of cryptocurrencies and tokens making it more difficult to track money laundering and other criminal activity?

If you look at Monero, a newer, more privacy-focused cryptocoin, it does tangle up people’s transactions and combine and obfuscate them and hide how much the value of the transaction is, which all makes it harder to follow the money than it would be with bitcoin. And some people would say it is impossible to trace Monero. For instance, Ilya Lichtenstein and Heather Morgan, the couple who were arrested in 2022 for allegedly money laundering a record $4.5 billion of stolen cryptocurrency,  put money into Monero. Yet you can see in the IRS chart released in court records, following the money after its exchange for Monero, that the IRS may have nonetheless continued to trace it.

Chainalysis never said they worked on that case, but I’m almost certain they did. There is no question that Chainalysis is trying to develop techniques to trace newer privacy coins like Monero, and I believe they have succeeded to some degree because you could see in that leaked Italian presentation — the same one that identified Rumker as a secret weapon, with the eavesdropping nodes — there was another page of that presentation that says they can trace Monero in the majority of cases. It is important to note they are probably tracing it in a probabilistic rather than a definitive way. That might still be enough for law enforcement to get a lead, to start a subpoena, and to get warrants. The bar for that is lower than people think. The probability a sum of Monero is criminally tainted might be enough. So I have no doubt it remains the case that some people believe their cryptocurrency is untraceable when it’s not, and Monero may be an example of that.

You also mention Zcash as another privacy coin that may provide a full-proof protection against tracing.

Zcash is a different story because it uses different technology, new-fangled cryptographic tricks called zero-knowledge proofs to essentially entirely encrypt its blockchain. Through these zero-knowledge proofs you can use that blockchain to verify a transaction but without learning anything about who spent the money, how much it was and where it went. I hestitate to say this because I made the same mistake with bitcoin, believing it could be anonymous and untraceable. But I think that Zcash may this time really be that cypherpunk holy grail. And that must just lead to a very interesting future of a kind we’ve never seen before.

Paul Kilby is editor-in-chief of Fraud Magazine. Contact him at pkilby@ACFE.com.