[ad_1]
Hear Andy’s considerate commentary on cybercrime, legislation enforcement, anonymity, privateness, and whether or not we actually want a “warfare in opposition to cryptography” – codes and ciphers that the federal government can simply crack if it thinks there’s an emergency – to cement our collective on-line safety.[MUSICAL MODEM]
PAUL DUCKLIN. Howdy, all people.
Welcome to this very, very particular episode of the Bare Safety podcast, the place we have now probably the most superb visitor: Mr. Andy Greenberg, from New York Metropolis.
Andy is the creator of a e-book I can very tremendously suggest, with the fascinating title Tracers within the Darkish: The International Hunt for the Crime Lords of Cryptocurrency.
So, Andy, let’s begin off…
..what made you write this e-book within the first place?
It appears fascinatingly difficult!
ANDY.GREENBERG. Sure, nicely, thanks, Paul.
I assume [LAUGHS]… I’m unsure if that’s a praise?
DUCK. Oh, it’s, it’s!
ANDY. Thanks.
So, I’ve lined this world of hackers, and cybersecurity, and encryption for about 15 years now.
And round, let’s see – I assume 2010 – I began engaged on a e-book, a unique e-book, that was concerning the cypherpunk motion within the Nineties…
…and the ways in which it gave rise to the fashionable web, but in addition to issues like WikiLeaks, and other forms of encryption, anonymity instruments, and finally what we now name the darkish internet, I suppose.
And I’ve all the time been fascinated with the methods, on this beat, that anonymity can play this fascinating, dramatic function – and permit individuals to turn into another person, or to disclose to you in secret to who they honestly are.
And as I dug into this cypherpunk world, round 2010 and 2011, I came across this factor that appeared to be a brand new phenomenon in that world of on-line anonymity – which was Bitcoin.
I wrote, I feel, the primary print journal piece about Bitcoin for Forbes journal in 2011.
I interviewed one of many first Bitcoin builders, Gavin Andresen, for that piece.
And Gavin and plenty of others on the time had been describing Bitcoin as a kind-of nameless digital money for the web.
You could possibly really use this new invention, Bitcoin, to place unmarked payments in a briefcase, principally, and ship it throughout the web to anybody on the earth.
And, being the sort of reporter I’m, I’m within the subversive and typically felony, typically politically motivated… I don’t know, the underhanded and darkish corners of the web.
I simply noticed how this might allow a brand new world of… sure, individuals in search of monetary privateness, but in addition cash laundering, and drug dealing on-line, and all of this that will come to go within the subsequent few years.
However what I didn’t foresee is that, ten years later or so, it could be by then obvious that Bitcoin is definitely the *reverse* of nameless.
I imply, that’s the large shock, and the large reveal.
For me, it was a sort of slow-motion epiphany to understand that cryptocurrency was really *extraordinarily* traceable.
It was the alternative of this “nameless money for the web” that many individuals as soon as thought it was.
And the end result, I feel, was that it served as a sort of lure for many individuals in search of monetary privateness… and criminals, over that decade.
And as I realised the extent of this… I totally realised it in 2020 or so.
I started, on the identical time, to see that this one firm, Chainalysis, a blockchain-analysis Bitcoin cryptocurrency tracing agency, was being venked in a single US Division of Justice announcement after one other in all of those main busts.
And so I began speaking to Chainalysis, after which to their clients and legislation enforcement, and slowly realised that there had been this one small group of detectives that had figured this out a lot sooner than me.
They’d began really tracing Bitcoins years earlier, and had used this extremely highly effective investigative method to go on this spree of 1 huge cybercriminal bust after one other…
…utilizing cryptocurrency as this shock lure that had been laid for thus many individuals on the darkish internet, and within the cybercriminal world as a complete.
DUCK. Now, I suppose we shouldn’t actually be shocked at that, ought to we, as you clarify within the e-book?
As a result of the entire concept, not less than of the Bitcoin blockchain, is that it’s, by design, solely and totally public and irrevocable.
That’s the way it can work as a ledger that’s equal to one thing that will usually be held privately and individually by your financial institution.
It doesn’t even have your title on it, but it surely has a magic identifier that, as soon as tied to you, can’t actually be reduce unfastened…
…if there’s different proof to say, “Sure, long-hexadecimal-string-of-stuff is Andy Greenberg, and right here’s why.”
Now strive denying it!
So, I feel you’re proper.
This concept that it’s *potential* to commerce anonymously with Bitcoin – I feel was taken by very many individuals to imply that it’s basically nameless and ever-untraceable.
However the world shouldn’t be like that, is it?
ANDY. I typically look again on my 2011 self, and in that piece for Forbes, I *did* write that Bitcoin was doubtlessly untraceable.
And I form of scold myself, “How may you be such an fool?”
The entire concept of Bitcoin is that there’s a blockchain that information each transaction.
However then I remind myself that even Satoshi Nakamoto, the mysterious creator of Bitcoin (whoever he, she or they’re), of their first e-mail to a cryptography mailing record introducing the thought of Bitcoin…
…listed amongst its options that members will be nameless.
That was a characteristic of Bitcoin as Satoshi described it.
So I feel there’s all the time been this concept that Bitcoin, if it’s not nameless, not less than is pseudonymous, that you would be able to conceal behind the pseudonym of your Bitcoin handle, and that in the event you can’t determine any person’s handle, you possibly can’t determine their transactions.
I assume all of us ought to have recognized… I ought to have recognized, and perhaps even Satoshi ought to have recognized, that, given this huge corpus of knowledge, there could be patterns in it that enable individuals to establish clusters of addresses that every one belong to 1 particular person or service.
Or to comply with the cash from one handle to a different to seek out fascinating giveaways on this huge assortment of knowledge.
The most important giveaway of all is if you money in or money out at a cryptocurrency alternate that has Know-Your-Buyer [KYC] necessities, as nearly all of them do now.
They’ve your id, so if any person can simply subpoena that alternate, then they’ve your precise driver’s licence in hand.
And any phantasm of anonymity simply fully backfires.
So that’s the story, I feel, of how Bitcoin’s anonymity turned out to be the alternative.
DUCK. Andy, do you assume, maybe, although, that there’s nothing mistaken with Satoshi Nakamoto saying, “You *can* be nameless if you use Bitcoin?”
I feel what’s mistaken is that plenty of individuals assume that as a result of know-how *can* allow you to do one thing that’s fascinating to your privateness, subsequently, *nonetheless you utilize it*, it all the time will.
And the unique concept of Bitcoin didn’t embrace exchanges, did it?
And so there wouldn’t be any exchanges that will take a duplicate of your driving licence if Bitcoin had been utilized in its authentic form of cypherpunk method, so far as I can see…
ANDY. Nicely, I definitely don’t blame Satoshi for not predicting your complete cryptocurrency financial system, together with the ways in which exchanges would interface with the normal finance world.
It’s all extremely advanced economics; Bitcoin was sensible sufficient as it’s.
However I do assume that it’s extra than simply, “You *can* be nameless with Bitcoin in the event you’re cautious, however most individuals aren’t cautious.”
It seems, I feel, that the likelihood, regardless of how good you might be, of utilizing Bitcoin anonymously is vanishingly small.
Additionally, there may be the property of blockchain *that it’s perpetually*.
So, in the event you use the sort of smartest concepts of the day to attempt to keep away from any of those patterns that reveal your transactions on the blockchain, however then somebody years later figures out a brand new trick to establish transactions…
…you then’re nonetheless screwed.
They will return in time, and use their new concepts to foil your cutting-edge anonymity methods from years earlier.
DUCK. Completely.
With a financial institution fraud you possibly can think about you *may* get fortunate, couldn’t you?
That simply if you’re about to be investigated, years later, you discover the financial institution’s had a knowledge safety catastrophe, they usually’ve misplaced all their backups and, oh, they will’t get better the information…
With the blockchain, that ain’t by no means going to occur! [LAUGHS]
As a result of all people’s bought a duplicate, and that’s a requirement for the system to work because it does.
So, as soon as locked in, all the time locked in: it could actually by no means be misplaced.
ANDY. That’s the factor!
To be nameless with cryptocurrency, you actually need to be excellent – excellent forever.
And to catch somebody who’s attempting to be nameless with cryptocurrency slipping up, you simply need to be good, and chronic, and work on it for years, which is what, first, Chainalysis…
…really, first was educational researchers like Sarah Meiklejohn on the College of California at San Diego, who, as I doc the e-book, got here up with quite a lot of these methods.
However then Chainalysis, this startup that’s now nearly a nine-billion-dollar unicorn, promoting polished cryptocurrency tracing instruments to legislation enforcement businesses.
And now, all of those legislation enforcement businesses which have skilled Bitcoin tracers – their savvy, their know-how in doing this, is simply rising by leaps and bounds.
And I feel it’s nearly only a higher rule to say, “No, you can’t be nameless with cryptocurrency,” that it’s totally clear.
That’s a safer strategy to function, nearly.
To be truthful, Satoshi Nakamoto stated members *can* be nameless… but it surely seems that the one participant who has *remained* nameless is Satoshi Nakamoto.
And that’s, partly, as a result of only a few individuals have that other-worldly restraint that Satoshi needed to amass 1,000,000 Bitcoins after which by no means spend them or transfer them.
For those who try this… sure, I feel you possibly can maybe be nameless.
However in the event you ever wish to use your cryptocurrency, or to place it in a liquid type the place you possibly can spend it, then I feel you’re toast.
DUCK. Sure, as a result of there are some superb issues which have occurred, one in every of which you allude to as a result of it was within the works simply on the finish of the e-book…
…[LAUGHS] what I name the Crocodile Woman and her husband: Heather Morgan and Ilya Liechtenstein.
Self-styled “Crocodile of Wall Road” arrested with husband over Bitcoin megaheist
They’re alleged to have in some way obtained a complete load of cryptocoins from a cryptocurrency financial institution theft in opposition to Bitfinex.
Of their instances, they obtained stolen cryptocurrencies in huge portions, in order that they may fairly actually have been billionaires *if they may have cashed it out*.
However when bust, they nonetheless had the overwhelming majority of that stuff sitting round.
So evidently, in quite a lot of cryptocurrency crimes, your eyes could be a lot larger than your abdomen.
It’s possible you’ll dwell the excessive life a bit bit… the Crocodile Woman and her husband, it does appear they had been residing fairly a flash way of life.
However after they had been bust, what was the quantity?
It was greater than $3 billions’ value of Bitcoins that they’d, however couldn’t money out.
ANDY. The Division of Justice stated that they seized $3.6 billion from them.
That was the largest seizure not simply of cryptocurrency in historical past, however of cash within the historical past of the Division of Justice.
In truth, as I doc within the e-book… really, one in every of these occurred after the e-book, however the IRS felony investigators, who’re the principle topics of this e-book, have now pulled off the primary, second, and third-biggest seizures of cash in American felony justice historical past, by following cryptocurrency and seizing Bitcoins.
Your level is completely proper, which is that cryptocurrency is simple to steal, it seems… that’s, I feel, one in every of its large drawbacks for the companies, like exchanges, which have to carry typically billions of {dollars} in a sort of digital protected.
However then in the event you do steal it, in the event you pull off one in every of these huge heists – and two of the three of the instances that we’re discussing are literally individuals who stole cash from the Silk Street darkish internet drug market…
DUCK. Sure [LAUGHS]… if you steal from a criminal, it’s nonetheless against the law, eh?
ANDY. [LAUGHS] Sure, sadly – for these crooks, anyway.
DUCK. One of the crucial intriguing bits for me within the e-book was any person that you simply establish as “Particular person X”, solely as a result of that’s the way in which they had been recognized by the court docket.
This particular person had stolen 70,000 Bitcoins, and was busted, and principally gave them again… sort-of in return for getting let off.
They didn’t get prosecuted, they didn’t go to jail, they didn’t – I think about – even get a felony file.
They usually had been by no means named.
ANDY. That’s proper.
DUCK. In order that looks like an nearly unreadable thriller, doesn’t it?
If we glance ahead a number of years, now that Bitcoin’s… what, within the final 12 months, it’s gone all the way down to a few third of its worth; Ether is all the way down to a few third; Monero is about half.
Do you assume that that gambit of claiming, “I’ll give the cash again, let me off” would have labored if the costs had been reversed, and what they had been handing again was now value a fraction of what it was when it was stolen?
Or do you assume that Particular person X was fortunate as a result of what they needed to hand again was really value far more than after they stole it?
ANDY. I feel it’s the latter.
Particular person X stole that cash whereas the Silk Street was nonetheless on-line…
DUCK. Wow!
So that will have been when BTC was, what, lots of [of dollars] then?
ANDY. Sure, in all probability, or 1000’s at most – Silk street went offline in 2013, when Bitcoin had simply damaged by means of $1000, if I bear in mind.
This particular person (I don’t wish to say “man” – who is aware of who Particular person X is?) sat on these 70,000 Bitcoins for seven years, finally…
…in all probability, precisely as you stated, simply terrified to maneuver them or money them out for concern of being caught.
DUCK. Sure, are you able to think about?
“Hey, I’m a millionaire!”
“Hey, I’m a *billionaire*!”
“Oh, golly, however the place am I going to get my hire cash?”
[LAUGHS] Shouldn’t snigger….
ANDY. As you say – just like the hand caught within the cookie jar!
The hand simply will get larger and larger till it’s all-consuming, and you can not transfer it, you possibly can’t get it out.
In truth, even with out attempting to get it out, IRS felony investigators discovered it by means of different means, together with the seizure of the BTC-e alternate, which was a kind-of money-laundering, felony Bitcoin alternate.
DUCK. That was a rogue alternate that principally did as little as is humanly potential alongside the Know Your Buyer entrance?
“Ask no questions, inform no lies,” that sort of factor?
Is that proper?
ANDY. Sure, precisely.
That was one other shock for a lot of customers who believed that, “Perhaps I can use BTC-e a bit bit and never get caught, as a result of that doesn’t have Know Your Buyer, that doesn’t co-operate with legislation enforcement.”
However, nonetheless, when that alternate was busted and its servers seized, that offered extra clues to the IRS.
That helped, in truth, to determine who Particular person X was… I don’t know who they’re, however the authorities does.
And to knock on his or her door and say, “Hey, hand over a billion {dollars} otherwise you’re going to jail,” and that’s precisely what occurred.
Now, poor James Zhong is a really related case.
Silk Street medication market hacker pleads responsible, faces 20 years inside
He appears to have taken 50,000 Bitcoins from the Silk Street, in all probability across the identical time, after which held onto them for even longer.
After which, a 12 months after Particular person X, Zhong bought a knock on his door…
Equally, they’d traced the cash, regardless that he had simply left it sitting on a USB drive in a popcorn tin underneath the floorboards of his closet.
In his case, he didn’t handle to make a deal in some way, and he’s being criminally charged.
DUCK. *And* he has given the cash again, clearly?
[WRY LAUGH] Aaaargh!
ANDY. He was a Bitcoin billionaire, and now could be dealing with felony expenses… and by no means bought to even spend his loot.
The Bitfinex case, I don’t know… I’ve much less sympathy for them as a result of they honestly had been attempting to launder an enormous theft from a authentic enterprise.
They usually did, I feel, launder a few of it.
They tried a number of completely different intelligent methods.
They put the cash by means of…. I imply, that is all alleged, I ought to say; they’re nonetheless harmless till confirmed responsible, this couple in New York.
However they tried to place the cash by means of the AlphaBay darkish internet market as a sort of laundering method, considering that will be a black field that legislation enforcement wouldn’t be capable of see by means of.
However then AlphaBay was busted and seized.
That’s maybe the largest story I inform within the e-book, probably the most thrilling cloak-and-dagger story: how they tracked down the kingpin of AlphaBay in Bangkok and arrested him.
DUCK. Sure… spoiler alert, that’s the place the helicopter gunships are available!
ANDY. lLAUGHS] Sure!
Sure, and far more!
I imply, that story is without doubt one of the craziest that I’ll in all probability inform in my profession…
However then, additionally, this New York money-laundering couple tried to place a few of the cash by means of Monero, a cryptocurrency that’s marketed as a privateness coin, a doubtlessly actually untraceable cryptocurrency.
And but, within the IRS paperwork the place they describe how they caught this couple in New York, they present how they continued to comply with the cash, even after it’s exchanged for Monero.
In order that was an indication to me that maybe even Monero – this newer, “untraceable” cryptocurrency – is a bit traceable too, to a point.
And maybe this lure persists… that even cash which are designed to outstrip Bitcoin when it comes to their anonymity aren’t all they’re cracked as much as be.
Though I ought to say that Monero individuals hate it after I even say this out loud, and I don’t understand how that labored…
…all I can say is that it appears very potential that Monero tracing was utilized in that case.
DUCK. Nicely, there might be some operational safety blunders that the Crocodile Woman and her husband made as nicely, that sort of tied all of it collectively.
So, Andy, I’d wish to ask you, if I could…
Considering of cryptocurrency tokens like Monero, which as you say, is supposed to be extra privateness targeted than Bitcoin as a result of it inherently, in the event you like, joins transactions collectively.
After which there’s additionally Zcash, designed by cryptography specialists particularly utilizing know-how recognized within the jargon as zero-knowledge proofs, which is not less than speculated to work in order that neither aspect can inform who the opposite is, but it’s nonetheless unimaginable to double-spend…
With all eyes on these far more privacy-focused tokens, the place do you assume the long run goes?
Not only for legislation enforcement, however the place do you assume it’d drag our legislators?
There’s definitely been a fascination for many years, amongst typically very influential parliamentarians, to say, “You realize what, this encryption factor, it’s really a very, actually dangerous concept!”
“We’d like backdoors; we’d like to have the ability to break it; any person has to ‘consider the kids’; et cetera, et cetera.”
ANDY. Nicely, it’s fascinating to speak about crypto backdoors and the authorized debate over encryption that even legislation enforcement can’t crack.
I feel that, in some methods, the story of this e-book reveals that that’s usually not obligatory.
I imply, the criminals on this e-book had been utilizing conventional encryption – they had been utilizing Tor and the darkish internet, and none of that was cracked to bust them.
As an alternative, investigators adopted the cash and *that* turned out to be the backdoor.
It’s an fascinating parable, and a very good instance of how, fairly often, there’s a side-channel in felony operations, this “different leak” of data that, with out cracking the principle communications, affords a method in…
…and doesn’t necessitate any sort of backdoor in Tor, or the darkish internet, or Sign, or laborious disk encryption, or no matter.
In truth, talking of ‘considering of the kids’, one of many final main tales that I dig deeply into within the e-book is the bust of the Welcome To Video marketplace for youngster sexual abuse movies that accepted cryptocurrency.
And consequently, the IRS investigators on the centre of the e-book had been capable of monitor down and arrest 337 individuals around the globe who used that market.
It was the largest bust of what we name youngster sexual abuse supplies, by some measures, in historical past…
…all based mostly on cryptocurrency tracing.
DUCK. They usually didn’t must do something that you’d actually contemplate privacy-violating, did they?
They fairly actually adopted the cash, in a path of proof that was public by design.
And in conjunction, admittedly, with warrants and subpoenas from locations the place the cash popped out, and the place web connections had been made, they had been capable of establish the individuals concerned…
…and largely to keep away from trampling on tens of millions of people that had completely no reference to the case in any way.
ANDY. Sure!
I feel that it’s an instance of a strategy to do… it’s, in some methods, mass surveillance – however mass surveillance in a method that nonetheless doesn’t require weakening anyone’s safety.
I assume that cryptocurrency customers, and individuals who consider within the energy of cryptocurrency for enabling activists, and dissidents, and journalists, and cash transmissions to nations like Ukraine, that want injections of cash for survival…
They might argue that, nonetheless, we have to repair cryptocurrency to make it as untraceable as we as soon as thought it could be.
And that’s the place we get into the brand new, I’d say *a* new, crypto-war over cryptocurrency.
We’re simply beginning to see the start of that with instruments like Monero and Zcash, as you stated.
I do assume that there’ll in all probability nonetheless be surprises concerning the ways in which Monero will be traced.
I’ve seen a leaked Chainalysis doc the place they informed Italian legislation enforcement… it’s a presentation in Italian to the Italian police from Chainalysis, the place they are saying that they will hint Monero, within the majority of instances, to discover a usable lead.
I don’t understand how they try this, but it surely does appear to be it’s probabilistic greater than definitive.
Now I don’t assume lots of people perceive – that’s usually sufficient for legislation enforcement to get a subpoena, to begin subpoenaing cryptocurrency exchanges, simply based mostly on a probabilistic guess.
They will simply verify each risk, if there are a number of sufficient of them.
DUCK. Andy, I’m aware of time, so I’d like to complete up now by simply asking you one last query, and that’s…
In ten years’ time, do you see your self being able the place you’ll be capable of write a e-book like this one, however the place the “unravelling” components are much more fascinating, difficult, thrilling, and superb?
ANDY. I attempted, with this e-book, *not* to make too many predictions.
And, in truth, the e-book begins with this “mea culpa” that ten years in the past I believed precisely the mistaken factor about Bitcoin.
So no one ought to hearken to any ten-year prediction that I’ve!
[LAUGHTER]
However the easiest prediction to make, that *has* to be true, is that this cat-and-mouse sport will nonetheless be happening in ten years.
Individuals will nonetheless be utilizing cryptocurrency considering that they’ve outsmarted the tracers…
…and the tracers will nonetheless be developing with new methods to show them mistaken.
The tales, as you say, will, I feel, be far more convoluted as a result of they’ll be coping with these cryptocurrencies like Monero, that construct in huge mix-networks, and Zcash, which have zero-knowledge proofs.
Nevertheless it does appear that there’ll all the time be a way – and perhaps not even cryptocurrency, however in another aspect channel… as I used to be saying, there will likely be a brand new one which unravels the entire thing.
However there’s no query that this cat-and-mouse sport will go on.
DUCK. And I’m certain there’ll be one other Tigran Gambaryan someday sooner or later so that you can interview?
ANDY. Nicely, I do assume the sport of anonymity…
…it does favour the Tigran Gambaryans of the world.
They, as I stated, simply need to be persistent and good.
However the mice on this cat-and-mouse sport need to be excellent.
And nobody is ideal.
DUCK. Completely.
ANDY. So, if I do need to make a prediction…
…then I’d simply place my guess on the cats, on the Tigran Gambaryans of the world.
DUCK. [LAUGHS] Andy, thanks a lot.
Earlier than we go, why don’t you inform our listeners the place they will get your e-book?
ANDY. Sure, thanks, Paul!
The e-book known as “Tracers within the Darkish: The International Hunt for the Crime Lords of Cryptocurrency.”
[ISBN 978-0-385-54809-0]
And it’s out there in any respect the traditional locations books are bought.
However in the event you go to https://andygreenberg.web/, then you possibly can simply discover hyperlinks to a bunch of locations.
DUCK. Andy, thanks a lot to your time.
It was as fascinating speaking to you and listening to you because it was studying your e-book.
I like to recommend it to anyone who needs a galloping learn that’s however detailed and insightful about how legislation enforcement works…
…and, importantly, why felony convictions for cybercrimes usually solely occur years after the crime occurred.
The satan actually is within the particulars.
ANDY. Thanks, Paul.
It’s been a super-fun dialog.
I’m simply glad you loved the e-book!
DUCK. Wonderful!
Due to all people who listened.
And, as all the time: Till subsequent time, keep safe!
[MUSICAL MODEM]
[ad_2]