Find the User, Find the Cash—How Law Enforcement Is Using Digital Intelligence Technology To Track Down Crypto Criminals
While the value of cryptocurrencies has fluctuated wildly in the last year, cryptocurrency systems remain a magnet for criminal activity. The fast transaction speeds, pseudo-anonymity, and ease of use that appeal to legitimate investors are also attracting those who wish to exploit the inexperienced. There are four growing crimes within the cryptocurrency system that are particularly troublesome for law enforcement.
1. Cryptocurrency Used To Launder Money
Cryptocurrency is becoming another way to scrub funds. Countries like Mexico are struggling to keep up with cartels who launder drug and human trafficking proceeds using cryptocurrency. When a criminal makes money through illegal means, they need a way to covert (wash) the illicit money into legitimate (clean) money without drawing attention to themselves. This process of obfuscating, transferring, and purchasing to make something illicit appear legitimate is called “money laundering.” Since many cryptocurrencies are hard to track without the proper tools and many police agencies know little about how the system works, the cryptocurrency ecosystem may appear to provide a safer way to launder money than through traditional banking channels. However, the public nature of most blockchains also makes it easier for investigators to “follow the money” than traditional channels.
2. Cryptocurrency Used To Sell Illegal Items
Other non-drug-related organized crime groups are also turning to cryptocurrency for a safer, easier way to move money and sell illegal goods. National Geographic investigations revealed that poaching increased last year but seizures decreased. Increased poaching with decreased seizures indicates an illicit trade boom is coming.
These organizations will likely move to the dark web because “encrypted communication platforms” and “online vendor platforms,” make it simple to sell illegal goods, according to the Financial Action Task Force’s Money Laundering and the illegal Wildlife Trade report. Non-drug organizations set up complete dark web marketplaces and only accept cryptocurrency as payment.
3. Cryptocurrency To Highjack Computer Systems
Ransomware is quickly become a worldwide threat and will have a “significant impact on society, public administration, governance, and the economy as a whole,” according to Europol’s 2021 Serious and Organized Crime Report. As the recent attack on the Colonial pipeline proves, ransomware attacks are increasing exponentially in volume and sophistication making it difficult for law enforcement to keep up with current trends and countless victims.
Ransomware is a specific type of malware (malicious software) downloaded onto a computer to block its users from accessing their own data. The hackers encrypt the victims’ data but keep it on the victim’s computer. If the victim does not pay the ransom—almost always requested in Bitcoins— the hackers will simply not give them back access to their data and the victim will lose the data. If the victim still does not pay, the ransomware can spread throughout the network, maliciously encrypting other files or complete systems.
4. Cryptojacking – Using a Victim’s Computer To Process Cryptocurrency Transactions
The number of new cryptocurrencies on the market and the strong public push for legitimacy created a new crime where criminals install malware to mine cryptocurrency or complete cryptocurrency transactions without the victim’s permission This is called cryptojacking.
Cryptojacking has been around for almost a decade but the practice really took off during the Bitcoin rush of 2017. The rising cost of mining bitcoins has led crypto pirates to move away from Bitcoin to other, more profitable forms of mining altcoins—frequently Monero (XMR).
Cryptojacking uses clusters of physical computers, networks, virtual machines, and cloud-based technology systems to process these transactions. Once enough systems are compromised, the malware will be initiated without the users’ consent or knowledge.
How Law Enforcement Is Fighting Back
Law enforcement is generally reactive to fighting crimes, which usually results in a full-out sprint to catch up with criminals. Crypto crimes, in particular, pose vexing new challenges for local and state law enforcement. Until now, many agencies have tended to brush crypto crimes under the rug in hopes that the fad of cryptocurrency would disappear. Instead, interest in cryptocurrency has skyrocketed and it’s no longer turning up in financial crimes alone.
Crypto is being used in all types of crimes from financial fraud to drug, wildlife, and human trafficking cases, making it an integral part of Digital Intelligence investigations. This is why law enforcement must transform its tools, training, and Digital Intelligence strategy to address crimes involving crypto or seek outside expertise that they can outsource these investigations to. (Digital Intelligence is the data collected and preserved from digital sources and data types [smartphones, computers, and the Cloud] and the process by which agencies collect, review, analyze, manage, and obtain insights from this data to run their investigations more efficiently.)
In reactive crime-fighting cases, victims of crypto crimes call the police to report the crime. If the victim is lucky, the officer will have at least the basic knowledge to gather key evidence like IP address, cryptocurrency address, names, and types of data stolen or encrypted.
In proactive crime-fighting cases, the police track the criminals. When the criminal exploits an unknowing victim, the police can notify the victim of the crime whether the victim knows they were exploited or not. Police may be tracking certain cryptocurrency wallets or cryptocurrency addresses, which can lead to a suspect behind the transactions. New advances in digital technology are also allowing investigators to visualize transactions to follow virtual money trails and reveal evidence about individuals who commit crimes.
The key to solving crypto crimes is tracking the address to the wallet then the wallet to the user. If police find the user, they can find the cash. Unfortunately, it is not that easy to find the user.
First, the police will have to track the cryptocurrency address to a wallet. Recording the cryptocurrency address provided by the victim is critical in solving these cases. Once the victim sends the money, then officers must act quickly. Most sophisticated criminals will often set up dynamic cryptocurrency addresses to obfuscate cryptocurrency tracing methods, meaning different one-time use addresses are given per victim. Once the victim transfers the funds to this address, the hacker will transfer the funds to another address, sometimes consolidating the funds with multiple victims.
The police may then have to track the victim’s funds through an obfuscated network of peel chains, further consolidations, and multiple splits until they ultimately reach target tumblers, money exchangers, digital wallets, or crypto ATM’s. By partnering with CipherTrace, the leader in blockchain analysis, Cellebrite Crypto Tracer is able to visualize these complicated networks for investigators and ensure they are able to identify any possible fiat-offramps.
The goal of any police agency will be to find the exit point of the currency—where the currency moves to a place where the police can issue a subpoena or court order. If law enforcement is lucky, they can identify a subject based on pictures obtained by video surveillance, IP addresses, or Know Your Customer (KYC) information.
By analyzing and probing the KYC processes of over 800 virtual asset service providers (VASPs) in over 80 countries, cryptocurrency intelligence firm CipherTrace found that 56% of VASPs globally have demonstrably weak KYC practices.
Depending on the type of crime in which crypto is playing a role, the agency in charge may lack the human resources, tools, or expertise to conduct a proper investigation. In these cases, Cellebrite’s Advanced Services (CAS) team can provide a wide variety of crypto advisory services from simply scanning devices for crypto artifacts to taking charge of the entire investigation to provide all of the digital evidence needed to resolve cases quickly. And with 10 lab locations around the world, the experts at CAS are never far away.
Once a victim provides law enforcement with an address or if they find an address by themselves, the outside entity can track the address, and the money, through the cryptocurrency network eventually finding the end user. This information can then be handed off to the police who can use police-sensitive databases to find the suspect behind the crime, write search warrants for homes and electronic devices, and issue seizure warrants to confiscate unlawfully obtained funds.
New crypto tools that empower investigative teams to reveal solid evidence on individuals who use Bitcoin and other cryptocurrencies for money laundering, terrorism, drug, and human trafficking, weapon sales, and other crimes are also being more widely deployed.
The bottom line is that crypto is here to stay and law enforcement agencies must take the necessary steps today to be ready for the rise in crypto crimes that is sure to become more widespread as the popularity of using cryptocurrencies grows.
About the Author: Leeor Ben-Peretz leads Cellebrite’s strategy & corporate business development functions. He brings over 20 years of experience in the forensic, telecom, and software security markets, having served in key business development and product management-related positions at industry-leading companies such as Aladdin Knowledge Systems (NASDAQ: ALDN), Pelephone Communications, Comverse (NASDAQ: CMVT), and InfoGin.
During his 11-year tenure with Cellebrite, Leeor has been instrumental in driving the evolution of the company’s offering from a single product to a rich portfolio of innovative products, solutions, and services. Leeor holds an Executive MBA degree from the Hebrew University of Jerusalem and a BA degree in Business and Economics from the Academic College of Tel-Aviv.