As cryptocurrencies like Bitcoin and Ethereum become more popular and even integrated into our lives, the bad guys are also on the lookout on how to exploit these innovations for their benefit.
Coming from a primer last week that discussed the basics of cryptocurrency, its history, how it works, and the different cryptocurrencies available and their characteristics, MS-ISAC’s Stacey Wright and Eugene Kipniss are back to further unpack concepts and cases related to cryptocurrency.
Eugene is the Senior Program Specialist for the MS-ISAC while Stacey is the Senior Intel Program Manager for the Center of Internet Security of MS-ISAC. Together, they will go for an in-depth look into the dark side of cryptocurrency.
Some of the points that they expounded on this webinar include:
- A short refresher from the first part of the webinar that provides an overview of cryptocurrency.
- The first few cases of criminality in cryptocurrency in the mid-2000s as witnessed with Liberty Reserve, Second Life, and World of Warcraft being used for money laundering and other underground activities.
- A glimpse of the top fifteen cryptocurrency players today and how much each is valued at.
- A snapshot of the Bitcoin transaction model explaining how people utilize the system through wallets and transactions, and how the blockchain operates.
- What exchanges are and how they facilitate the circulation and trade of cryptocurrencies.
- Maker and Taker fees which are paid to the miners to make transactions possible.
- The Know Your Customer / Know Your Transaction (KYC/KYT) rule that is used in the financial industry to verify identities as well as prevent money laundering and other malicious activities.
- A sample of the types of personal information that might be required by an exchange for their KYC/KYT rule.
Case studies featuring how cybercriminals were able to siphon money from individuals through:
- A Sextortion scheme that sent malicious threats to individuals which can only be averted through payment via Bitcoin.
- The Coincheck case that bulk transferred coins from one wallet to another.
- What tumblers and anonymizers are and how they enable cybercriminals to circulate and use ill-gotten coins without being traced.
- Two anonymized cryptocurrencies – Dash and Monera, that makes it difficult to determine the sender/owner of coins and allows recirculation of tainted coins.
The four categories of cryptocrimes namely:
- Physical crimes in the real world such as robbery or kidnapping is done to obtain cryptocurrency related information.
- Tools that facilitate crime as ransomware or money laundering that pools revenues through cryptocurrency for the cybercriminals.
- Theft of currency or wallet where coin investors/owners are targeted so their cryptocurrency funds are transferred to the cybercriminals.
- Theft of resources where cybercriminals utilize your personal computing power to do the mining for them through compromised websites or malware.
The various cryptocurrency players and their dynamics in the arena including:
- North Korea's Lazarus Group, a Nation-State player that's behind multiple cryptocurrency heists, scams, and malware.
- Venezuela as a Nation-State player that looks at leveraging cryptocurrencies for economic improvement.
- Insiders who are people stealing power, resources, and equipment to enrich themselves through cryptocurrency mining
- And the positive players like tech geeks, investors, financial firms and citizens who want to harness the potential of cryptocurrency.
- A snapshot of Bitcoin’s dark market share.
- The laws and policies being put in place to regulate cryptocurrency.
- Expected developments on how cryptocurrency will be exploited by cybercriminals.
Stacey and Eugene took questions from the audience and explained topics like:
- Tracing whom an account belongs to
- Cryptocurrency being used by narcotics organizations
- The continued use of Second Life and World of Warcraft
- Resources on cryptocurrencies and crimes related to it
- The use of anonymizer in the sextortion case
- Best practices for agencies who want to take on the investigation on crypto-related crimes