Recent Posts

Recent Blog Posts

The PhishLabs Blog

Understanding Bitcoin - the virtual currency of choice for cybercriminals and terrorists

Posted by Andre Correa on Dec 18, '15

bitcoin-accepted-here.pngBitcoin is a decentralized, P2P network-based virtual currency that has only grown in popularity and controversy since its creation in 2008.  It is believed that more than 100,000 legitimate businesses accept Bitcoins and 95 percent of all cryptocurrency transactions utilize BTC.

The unregulated nature of Bitcoin, along with its decentralization, anonymity and privacy features attracted more than regular users.  Criminals quickly learned how to use Bitcoin to fund their illicit activities.

The commercialization of goods and services in underground markets is among the most well-known criminal activities that use Bitcoins.  Some of them, like the infamous and now deactivated Silk Road market, received extensive media attention because of the diversity of illicit offers and the amount of money involved.  Another increasingly popular activity is extortion, groups like DD4BC and Armada Collective demand Bitcoins to not DDoS targets that range from financial institutions to gaming companies and security researchers.  Similarly, specialized malware called ransomware infects computers, encrypts important files and demands victims pay a ransom in Bitcoin for the decryption key.

Privacy and decentralization are key features of Bitcoin. There is no central authority controlling the virtual currency. Instead, it implements a public and distributed “storage” called the block chain.  Every transaction must be registered in the block chain containing, among other data, a timestamp, total amount of Bitcoins involved, addresses of the payer(s) and the payee(s).  Anonymity and privacy are achieve by not identifying participants directly.  Instead, wallet addresses are used, allowing to publicly disclose transactions without compromising its components.  The usage of the public block chain solves crucial virtual currency issues like “double spending” and “consensus” among network nodes.

With the growth of Bitcoin acceptance, various services are available to exchange the cryptocurrency for fiat currencies and vice versa.  A criminal could easily cash out earnings, but the BTC exchange transactions would be easily traced to the criminal and his illegal activities.  The block chain maintains the history of every Bitcoin from its creation by a “miner” and all transactions it participates in. Transactions involved in cybercrime, such as ransoms paid to avoid DDoS attacks or receive encryption keys, can be easily tracked from the time the ransom is paid by the victim to its exchange for fiat currency by the cybercriminal. 

According to a report from the FBI published in 2012, the chances of identifying actors increase when they convert Bitcoins to fiat currency, government-backed legal tender like the US Dollar and the Euro.  That is because exchange services frequently require valid identification or bank information, complying with anti-money laundry regulations imposed in most countries.  Law enforcement agencies can utilize this information to aid criminal investigations.

The alternative found by criminals to avoid the tracking of their activities via the block chain is once again a mechanism originally developed to provide privacy and anonymity to legitimate Bitcoin users: “mixers.”  These are services that accept Bitcoins and return the same amount, minus a service fee, in Bitcoins that are unassociated with the original ones.  Companies offering mixing services – also known as tumbling, blending or fogging - must have a big pool of Bitcoins that can be mixed among as many users as possible.  Legitimate users may mix their Bitcoins simply to avoid that anyone, including friends, family, employers and law enforcement agents track their activities by reviewing the block chain. 

While the vast majority of transactions are in Bitcoin, some see conversions to and from other virtual currencies such as Litecoin, LEOcoin, and Dogecoin as a way to further obscure the money trail by splitting up the transaction history over disparate block chains.  Many of these other currency systems function similar to Bitcoin and mixing services are available.  The customers of those services are willing to forfeit exchange fees in addition to the average two percent fees charged by mixer services.

Although “mixers” serve a valid purpose, the service they provide is equivalent of sending money to bank accounts in countries that implement bank secrecy laws like the Cayman Islands and Bahamas.  Most mixers operate under a privacy policy that specifies that transaction records are eliminated after a short period of time, usually hours.  If a “mixer” fails to delete the trial of where coins came from and to which address(es) they were sent, the entire process can be jeopardized. That is why criminals usually send Bitcoins through multiple “mixers,” achieving more reliable results, leaving behind the transactions history of coins received for illegal purposes.  Only then, coins can be considered “laundered” and safe to be cashed out or used to purchase goods and services.  It is important to note that there is no such thing as a “dirty” coin in the sense usually applied to regular currency.  Mixers exchange coins with “dirty” activities in their history for others that have an unrelated history, “dirty” or not.

Apart from legitimate users and criminals, Bitcoin also attracted the attention of supporters of extremist groups like ISIL.  Fundraising activities are known to be conducted online to collect donations in the USA, UK, South Africa and other countries.  Bitcoin addresses are posted in forums, urging contributors to send coins purchased via dark web services to avoid tracing back to contributors.  There are no indications of how Bitcoins are exchanged for fiat currency later and if mixers are involved or not.  The coins could certainly be used to purchase goods and services in underground markets, like fake documents, weapons and ammo.  The merchant would launder these Bitcoins using “mixers”, as previously described.

Bitcoin and other cryptocurrencies, most likely will continue to be used by criminals to move funds to be withdrawn somewhere else or donated to illicit groups.  Meanwhile, governments, legislators and security services around the world work to create regulations and technological tools to detect and track money laundering activities that use cryptocurrencies and fiat currencies alike.

Topics: DDoS, Fraud, Crimeware, Ransomware, Bitcoin

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all