Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime Bitcoin Government

Inside the Bitcoin Bust of the Web's Biggest Child Abuse Site (wired.com) 73

Chainalysis is a software for tracing cryptocurrency, "to turn the digital underworld's preferred means of exchange into its Achilles' heel," writes Wired.

This week they describe what happened when that company's co-founder discovered that for two yeras, hundreds of users of a child pornography-trading site — and its administrators — "had done almost nothing to obscure their cryptocurrency trails..." and "seemed to be wholly unprepared for the modern state of financial forensics on the blockchain." Over the previous few years, [Internal Revenue Service criminal investigator Chris] Janczewski, his partner Tigran Gambaryan, and a small group of investigators at a growing roster of three-letter American agencies had used this newfound technique, tracing a cryptocurrency that once seemed untraceable, to crack one criminal case after another on an unprecedented, epic scale. But those methods had never led them to a case quite like this one, in which the fate of so many people, victims and perpetrators alike, seemed to hang on the findings of this novel form of forensics.... Janczewski thought again of the investigative method that had brought them there like a digital divining rod, revealing a hidden layer of illicit connections underlying the visible world....

When Bitcoin first appeared in 2008, one fundamental promise of the cryptocurrency was that it revealed only which coins reside at which Bitcoin addresses — long, unique strings of letters and numbers — without any identifying information about those coins' owners. This layer of obfuscation created the impression among many early adherents that Bitcoin might be the fully anonymous internet cash long awaited by libertarian cypherpunks and crypto-anarchists: a new financial netherworld where digital briefcases full of unmarked bills could change hands across the globe in an instant. Satoshi Nakamoto, the mysterious inventor of Bitcoin, had gone so far as to write that "participants can be anonymous" in an early email describing the cryptocurrency. And thousands of users of dark-web black markets like Silk Road had embraced Bitcoin as their central payment mechanism.

But the counterintuitive truth about Bitcoin, the one upon which Chainalysis had built its business, was this: Every Bitcoin payment is captured in its blockchain, a permanent, unchangeable, and entirely public record of every transaction in the Bitcoin network. The blockchain ensures that coins can't be forged or spent more than once. But it does so by making everyone in the Bitcoin economy a witness to every transaction. Every criminal payment is, in some sense, a smoking gun in broad daylight. Within a few years of Bitcoin's arrival, academic security researchers — and then companies like Chainalysis — began to tear gaping holes in the masks separating Bitcoin users' addresses and their real-world identities.

The article describes some investigative techniques — like pressuring exchanges for identities, tying a transaction to a known identity, or even performing an undercover transaction themselves. "Thanks to tricks like these, Bitcoin had turned out to be practically the opposite of untraceable: a kind of honeypot for crypto criminals that had, for years, dutifully and unerasably recorded evidence of their dirty deals.

"By 2017, agencies like the FBI, the Drug Enforcement Agency, and the IRS's Criminal Investigation division had traced Bitcoin transactions to carry out one investigative coup after another, very often with the help of Chainalysis.

"The cases had started small and then gained a furious momentum...."

Thanks to long-time Slashdot reader Z00L00K for sharing the article.
This discussion has been archived. No new comments can be posted.

Inside the Bitcoin Bust of the Web's Biggest Child Abuse Site

Comments Filter:
  • by DontBeAMoran ( 4843879 ) on Sunday April 10, 2022 @04:41PM (#62434698)

    Most crypto-currencies have a public ledger, i.e. the blockchain itself. That's not the weak part of the system, that's how it was designed.

    The weak point is those idiots leaving trails between the blockchain and real-world bank accounts, just like dumb regular non-cyber* criminals.

    * come on guys, let's bring back legacy buzzwords!

    • Yup. It really pisses me off when stupidly easy methods of tracking or hiding people -- methods which could be explained to the layman in one paragraph or less -- are built up and NOT explained in long articles. Articles that try to make these things look like wizardry.

      Just tell the reader how a VPN works. Tell them that Bitcoin typically stores the bank accounts or at least email addresses of most users who have touched the coin. Tell them that it's not wise to install every app you come across and that f
      • by Anonymous Coward

        The Bitcoin blockchain does not store bank accounts nor email addresses.

        • But it does store ip address, so if they can tie you to that ip address, then they can say that it is your ledger and your illegal transactions. So you need to do your illegal activity on a different network (among other things, like don't use your home computer,etc).
    • The weak point is those idiots leaving trails between the blockchain and real-world bank accounts

      Almost as if the whole thing is worthless unless you can spend it on real world stuff, at which point, you need to convert it to printed money...

  • The article describes some investigative techniques — like pressuring exchanges for identities, tying a transaction to a known identity, or even performing an undercover transaction themselves.

    So, how is any of the above specific to cryptocurrency? The same thing applies to cash, or blood diamonds, or dirty gold, or whatever else nefarious people use to avoid bank transactions.

    • by Anonymous Coward

      Not sure what you are saying. It is exactly the opposite to cash, diamonds etc, the transactions are recorded and part of the public ledger.

      • I was talking about investigative techniques.
        "pressuring exchanges for identities" = "pressuring Social Media providers for IPs"
        "tying a transaction to a known identity" = "watermarking cash"
        "performing an undercover transaction" - this is a technique as old as the world.

        So what exactly is specific to cryptocurrencies?

        • The difference in this case is that the blockchain is a public list of every transaction. If any other kind of currency was used, investigators would have to piece all that information together from different sources. With bitcoin, it's all right in front of them.
          I guess it's not really a new investigative technique, it's more that they don't have to use any investigative techniques to get a lot of information.
    • by endoboy ( 560088 )

      I don't remember signing a receipt the last time I took delivery of a suitcase of [illegal things]

      • But the Blockchain records your ip. Then all they need to do is to tie you to that ip somehow, and they have just proved that that illegal transaction was made by you. RIAA is the same way, they will tie a torrent site owner to an email address, then tie the email address to a person and thus "prove" that the person owns the torrent site.
    • because if I give you cash in a back alley for blood diamonds you are pretty unlikely to permanently record the transaction in a publicly visible log for anyone to see for all time.
      • Have you ignored the quoted text on purpose or accidentally? I was talking about investigative techniques. They are not specific to cryptocurrencies.

        • They most definitely ARE specific to crypto currency. The nature of crypto currency leaves a permanent trail for investigators to follow that doesn't need to rely on questioning suspects or gathering witness reports and evidence. It is all their in 1's and 0's as a permanent record. The only additional piece they need is to find an intersect where the criminal used a wallet to purchase something physical or linked a name.
  • Some people just don't understand that cryptocurrencies and money laundering are not the same thing.
  • clueless author (Score:5, Insightful)

    by bloodhawk ( 813939 ) on Sunday April 10, 2022 @05:35PM (#62434784)

    When Bitcoin first appeared in 2008, one fundamental promise of the cryptocurrency was that it revealed only which coins reside at which Bitcoin addresses — long, unique strings of letters and numbers — without any identifying information about those coins' owners

    completely clueless author, bitcoin never promised any such thing, in fact it promised the opposite, complete and totally transparent wallets and transactions where every transaction for all time can be traced to each and every wallet which of course means if you ever link your name or address through a purchase you are identifiable.

    • by PPH ( 736903 )

      and every wallet which of course means if you ever link your name or address through a purchase you are identifiable.

      The smart criminals will not use exchanges, will use dead drops for physical deliveries and will generate a new wallet for each transaction. Stupid criminals won't do these things. And they will make videos of themselves committing the crime.

      • by gweihir ( 88907 )

        Ah, yes. Those that film themselves committing a crime and then post that video on social media. Some people seem to strive to be the dumbedst morons possible.

      • by Mal-2 ( 675116 )

        And then there's a whole other class that thinks what they're doing is not only legal, but morally obligatory, so they film their "light treason".

    • by gweihir ( 88907 )

      Completely clueless author, completely clueless users. BC is 99% hype, 1% substance and most people already struggle to understand simple things.

    • I think you may have reading comprehension difficulties since you repeated exactly what the author did. Bitcoin (by your own admission) tracks only the movement of money between wallets. Those wallets are not intrinsically linked to *any* personally identifiable information.

      You said it yourself, it's up to you to dox the wallet by linking yourself to a purchase. The article compared it to cash. This is very much like using cash, it's up to you to then requesting a personally addressed invoice from your prov

    • by Anonymous Coward

      Nah, definitely christianity.com

  • A system based on a permanent, immutable transaction record maybe, just maybe isnt the smartest system for criminals to use. No possibility that could bite you in the ass years later, amirite? Whowouldathunk that criminals might not be the brightest bulbs in the room.
  • by az-saguaro ( 1231754 ) on Sunday April 10, 2022 @06:01PM (#62434820)

    Early Slashdot posts in response to this article include some comments like:

    > "Most crypto-currencies have a public ledger, i.e. the blockchain itself. That's not the weak part of the system, that's how it was designed. The weak point is those idiots leaving trails between the blockchain and real-world bank accounts, just like dumb regular non-cyber criminals." ... and ...

    > "So, how is any of the above specific to cryptocurrency? The same thing applies to cash, or blood diamonds, or dirty gold, or whatever else nefarious people use to avoid bank transactions."

    But, the original article is an interesting read:
    https://www.wired.com/story/tr... [wired.com]

    Key points are several, including that a massive child pornography site could be brought down not by usual criminal investigation, but by financial "follow the money" investigation. This case was solved by the IRS, not the FBI. "Follow the money" was possible because of weaknesses in the block chain ledger, the metadata if you will, that was not part of the blockchain design but benefits forensic investigation.

    There was some of "idiots leaving trails", such as:
    > " every thumbnail image on the [porno] site seemed to display, within the site’s HTML, the IP address of the server where it was physically hosted ... Welcome to Video’s administrator seemed to have made a rookie mistake. The site itself was hosted on Tor, but the thumbnail images it assembled on its home-page appeared to be pulled from the same computer without routing the connection through Tor, perhaps in a misguided attempt to make the page load faster."

    But, the article explains various ways that blockchain transactions could be correlated in time, address clusters, cash out exchanges, and a variety of event tracking information that could be correlated using forensic tools that the average user would not have.

    The follow-the-money-approach had its limitations, as in:
    > "Those 337 arrests still represented only a small fraction of Welcome to Video’s total registered users ... the server data ... had found thousands of accounts on the site. But the vast majority of them had never paid any bitcoins into the site’s wallets. With no money to follow, the investigators’ trail usually went cold."
    But, the law was still able to find the site's operator and its most egregious content creators.

    This situation also has ramifications for other parts of the legal system and for cryptocurrency, as in:
    > "He’d pleaded guilty to possession of child sexual abuse materials, but he also appealed his conviction ... because IRS agents had identified him by tracking his Bitcoin payments—without a warrant—which he claimed violated his Fourth Amendment right to privacy and represented an unconstitutional “search". A panel of appellate judges rejected it, in a nine-page opinion setting down a precedent that spelled out in glaring terms exactly how far from private they determined Bitcoin’s transactions to be.
    > "Every Bitcoin user has access to the public Bitcoin blockchain and can see every Bitcoin address and its respective transfers. Due to this publicity, it is possible to determine the identities of Bitcoin address owners by analyzing the blockchain,” the ruling read. “There is no intrusion into a constitutionally protected area because there is no constitutional privacy interest in the information on the blockchain.”
    > "A search only requires a warrant, the American judicial system has long held, if that search enters into a domain where the defendant has a “reasonable expectation of privacy.” The judges’ ruling argued that no such expectation should have existed here: The defendant wasn’t caught in the Welcome to Video dragnet becaus

    • THANKS!

    • Yeah, bitcoin is actually a public-ledger bank account, not "digital cash" as some appear to mistakenly believe. I agree with the sentiment that in some sense these are interesting side effects of courts just stating the obvious - that no search warrant is needed for a public ledger so it can easily be used as evidence with built-in authentication.

      There are many ways in which bitcoin falls short, but one is that anybody with a brain would soon realize that there are a lot of down sides to a public ledger

  • No clickbait, relevant details, good structure. Well worth 15 minutes of your time to read.
    • Yep, I spent fifteen minutes learning about the screwups that led to these lowlifes being caught. One of the best articles I've read through Slashdot.

      But, from TFA it sounds like some scumbags could have built up credit on the site by uploading their own videos, then downloaded other videos without ever owning a bitcoin. I hope that the child protection people will be able to find their victims from the videos, arrest the abusers the old fashioned way (with heavy use of a night stick), then lock them away

    • by ET3D ( 1169851 )

      Agreed, and thanks for posting this. I might not have gone and read it if not for your comment. It was truly interesting, regardless of the Bitcoin connection. Of course, that was interesting as well.

  • by gweihir ( 88907 ) on Sunday April 10, 2022 @07:12PM (#62434942)

    What is counter-intuitive about a complete public record of all transactions ever being public and complete and showing all transactions ever? I mean you just need to read a somewhat accurate description of BC to immediately see that yes, it can be anonymous, but one transaction can already be enough to identify the owner of a wallet.

    People are fucking stupid and ignore facts that stare them in the face.

    • by cusco ( 717999 )

      People are fucking stupid and ignore facts that stare them in the face.

      This is rarely more blatant than at election time, in any country.

  • Sounds like "Satoshi Nakamoto" is someone at the FBI
  • Now that we've established that bitcoin transactions can be traced, please take care of ransomware too.

    • Not going to happen in the current political situation. I doubt anyone in the western world will get co-operation from the Russian authorities to shut them down any time soon.

  • then bitcoin really is a great idea, right?

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...