The fiendish new trick cyber-criminals are using to evade capture
“Follow the money” – for generations it’s been the mantra of investigators looking for criminals.
In the cyber-realm, this battle between criminals and the authorities has been raging for years.
Despite the anonymous nature of cryptocurrencies, dozens of cyber-criminals have been caught in the last two years thanks to new techniques able to track their funds around the cryptocurrency blockchain – a public list of all transactions between wallets.
But could the tide be turning?
A new service has launched on the darknet offering criminals a way to check how “clean” their digital coins are.
“We’re seeing criminals start to fight back against blockchain analytics and this service is a first,” explained Dr Tom Robinson, chief scientist and founder at analysis provider Elliptic, who discovered the website.
“It’s called Antianalysis and criminals are now able to check their own Bitcoin wallets and see whether any association with criminal activity could be flagged by authorities,” Dr Robinson said.
Elliptic says the discovery shows how sophisticated cyber-crime networks are becoming, and how worried criminals are about getting caught.
“It’s a very valuable technique. If your funds are tainted, you can then do more laundering and try to remove that association with criminal activity until you have clean coins,” he said.
Dr Robinson says it is a concerning new trend that could make their work and that of law enforcement harder. But luckily his researchers who tested it say the service isn’t working very well at the moment.
“It actually wasn’t very good at identifying links to criminal sites. However, it will inevitably improve over time. So I think this is going to be a significant capability for criminals and money launderers in the future.”
Governments around the world including in China, the UAE and UK are trying to grapple with the growing problem of money laundering through cryptocurrencies.
There have been some high-profile arrests thanks to cryptocurrency tracking – such as US teenager Graham Ivan Clark, who is currently in prison for masterminding one of the biggest-ever social media hacks.
Clark found a way to take over the Twitter accounts of dozens of celebrities, including Kim Kardashian, Elon Musk, Bill Gates and Joe Biden.
Clark and his hacker team then tweeted an advert for a cryptocurrency scam, receiving hundreds of transfers from the public hoping to cash in from the fake giveaway.
In just a couple of hours Clark made more than $100,000 (£72,000) and began the process of moving the funds around to hide his tracks.
It didn’t work. In the charge sheet against him, the US Department of Justice said that officers had successfully “analysed the blockchain and de-anonymised Bitcoin transactions allowing for the identification” of the hackers.
Clark, now 18, pleaded guilty and is serving three years in a Florida prison.
Privacy coin growth
Another trend that is concerning authorities is the increased use of so-called privacy coins. These are cryptocurrencies like Monero that offer more anonymity than mainstream coins like Bitcoin.
In some extortion cases, hackers are now asking victims to pay using these coins in exchange for a discount.
Again, this is a trend that is yet to fully take off and Kim Grauer, director of research at cryptocurrency analysis firm Chainalysis, says this method has drawbacks for criminals.
“Privacy coins haven’t been adopted to the extent that one may expect. The primary reason is they aren’t as liquid as Bitcoin and other cryptocurrencies.
“Cryptocurrency is only useful if you can buy and sell goods and services or cash out into mainstream money, and that is much more difficult with privacy coins.”