crypto currency - Tagged - Security Boulevard

Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’

Richi Jennings — Wed, 06 Nov 2024 17:29:24 +0000

That’s a lot of pain: $125,000 ransom seems small—but why do the scrotes want it paid in baguettes?

The post Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’ appeared first on Security Boulevard.

Pig Butchering at Heart of Bank Failure — CEO Gets 24 Years in Jail

Richi Jennings — Fri, 23 Aug 2024 16:54:40 +0000

Oink, oink, FAIL—you’re in jail: Kansas bank chief exec Shan Hanes stole money from investors, a church and others to buy cryptocurrency to feed a scam.

The post Pig Butchering at Heart of Bank Failure — CEO Gets 24 Years in Jail appeared first on Security Boulevard.

Book Review: The Crypto Launderers: Crime and CryptoCurrencies

Gary Warner — Sat, 20 Jan 2024 14:52:00 +0000

The Crypto Launderers: Crime and Cryptocurrencies from the Dark Web to DeFi and Beyond - by David Carlisle

I wish I had a way to review this book without having first read last year’s “Tracers in the Dark.” While Tracers talked about the people involved in investigating various crypto-based crimes and those early researchers who made the tracing process possible, Carlisle tells many of the same stories, but in a less engaging way. The facts are there, and when they talk about the same cases, they align nicely. But Andy Greenberg’s Tracers makes those cases stories about people, while Carlisle portrays facts without character development which I would not have realized was necessary or useful in a book on Money Laundering had I not read Tracers first.

As to the facts? I learned a ton, especially by feeding my ADD nature by chasing interesting footnotes — more than 350 references are provided! Thank you!!!
In the early part of the book he covers all of the mandatory cases: Silk Road, Mt. Gox, etc.

Where this book is great, and it is far superior to Tracers as an educational resource in this regard, is how money-laundering works in Crypto. Mixers and Coinswaps are explained well, with several of the related cases such as Helix and Bitcoin Fog, being explained. The importance of regulation and how regulators have followed behind crypto developments is a major theme of the book. From regulating exchanges, to Bitcoin ATMs, to privacy wallets such as Wasabi Wallet, and the debate on whether privacy wallets can or should be regulated.
The attempts of FinCEN to introduce further regulations and the (in my opinion) Astroturfed outcry against them is especially interesting.

An example of what I believed to be a very rational and necessary AML policy would be the FinCEN Draft Rule-Making Proposal, introduced 18dev2020 for “requirements for certain transactions involving convertible virtual currencies or digital assets” tried to require transactions greater than $3k to require proof of the identity of the recipient if sent to a private wallet, and would have required a currency transaction report on any movement above $10k. The outlash was severe and the rule-making placed on hold.

A nice coverage of the history of crypto sanctions by OFAC is also portrayed, from Suex, Chatex, Garantex, Bitzlato, and IRGC-related ransomware. And a history of the evolution of ransomware, which would not be possible without those unidentified and unaccounted for large currency transactions that cryptocurrency has enabled (and that FinCEN has been TRYING to prevent!)

One example of sanctioning crypto was the OFAC sanctions against Lazarus Group Ethereum addresses, sanctioned along with one of their chosen Mixers, Blender.io. (Sanctioned addresses are listed here.) I appreciated some of the additional details Carlisle provided on Lazarus Group crypto hacker money launderers Tian Yinyin and Li Jaidong (snowjohn and khaleesi) who moved at least $100M, including purchasing at least $1.4 M in Apple iTunes gift cards! (Though again, no “characters”, just names.)

The latter part of the book does a nice job explaining the way Ethereum opened up a number of possibilities with Smart Contracts. Carlisle does a great job explaining Ethereum and ERC-20 tokens and how DAOs, DEXs, and DApps are built using the Smart Contracts of Ethereum with more on the DeFi system including how Bridges work. He also explains NFTs and how they also were supercharged by ERC-721 (and abused by thieves, fraudsters, insiders, and money launderers.) This was the best introduction to that whole ecosystem that I’ve read. Great job!

The Bitfinex hack, which opens the book, focused on 94,643.29 BTC from 2016 sitting under a microscope, untouched for six years, until it moved in Feb 2022 leading to the arrest of Dutch and Razzlekhan with $3.5 Billion seized, felt like it was set up as the climax of the book as we returned to the story from the opening chapter. The intermediary chapters helped us understand the now-revealed mechanisms, but again, it was facts without characters, which is fine - I just got ruined by the engagement of Tracers.

The final chapter seems like something the Elliptic marketing department forced on him. (The other major crypto industry players all do the same thing, so not picking on Elliptic. It was the first crypto tracing tool I ever used!) The obligatory industry toeing the line of “oh, but less than 1% of crypto transactions are illicit!” was a frustrating end to an otherwise decent book. No one will ever convince me that the vast majority of crypto transactions involve no “transaction” at all, but are wash trading at an inconceivable scale designed to manipulate the value of cryptocurrencies to encourage investment and enrich the HODLers and corporations whose livelihood crypto is.

Fantastic content - even possibly as an accompanying text for a crypto crime course at a university (yes, my wheels are turning!) especially with the rich depth of referenced articles, policies, and cases. But for a fun crypto crime STORY I would still go with “Tracers In the Dark.”

The post Book Review: The Crypto Launderers: Crime and CryptoCurrencies appeared first on Security Boulevard.

The new DOJ Law Enforcement Crypto Reports (TL;DR)

Gary Warner — Tue, 20 Sep 2022 06:36:00 +0000

TL;DR? Good news! I read them for you!

On 15SEP2022, the Department of Justice released their report "The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets" (66 pages). The first of the nine reports ordered by President Biden's Executive Order 14067 "Ensuring Responsible Development of Digital Assets" was also released by the DOJ back on 06JUN2022, "How To Strengthen International Law Enforcement Cooperation for Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets" (58 pages).

Since then, we have seen the Department of Treasury release three reports:

"Action Plan to Address Illicit Financing Risks of Digital Assets" (20 pages),
"Crypto-Assets: Implications for Consumers, Investors, and Businesses" (58 pages),
"The Future of Money and Payments" (56 pages)

Treasury also provided to the White House in July a "Framework for International Engagement on Digital Assets" which is described in their press release, but not provided to the public.

Earlier this month, the Department of Commerce released their report:
"Responsible Advancement of US Competitiveness in Digital Assets" (19 pages).

The Office of Science & Technology Policy also released three reports:

"Technical Evaluation for a US Central Bank Digital Currency System" (58 pages)
"Climate and Energy Implications of Crypto-Assets in the United States" (46 pages)
"Technical Design Choices for a US Central Bank Digital Currency System" (33 pages).

In this blog post, we'll focus on the two DOJ reports, which we will address in the reverse order of their release, as it seems that it is required to define the role of law enforcement in digital assets before discussing the international cooperation one would seek in this area.

The Role of Law Enforcement in Digital Assets

Despite the Executive Order, it is important to note that the Department of Justice did not need the urging of the White House to establish procedures for addressing Cryptocurrency. The department created the Attorney General's Cyber-Digital Task Force in 2018, which produced their original report, published in October 2020, titled the CryptoCurrency Enforcement Framework (83 pages). That original report characterized the illicit uses of cryptocurrency into three broad categories of criminality:

financial transactions associated with the commission of crimes, such as buying and selling drugs or weapons, leasing servers used in the commission of cybercrime, soliciting funds to support terrorist activity, or ransom, blackmail and extortion.
money laundering and the shielding of legitimate activity from tax, reporting, sanctions, or other legal requirements, including operating unlicensed, unregistered, or non-compliant exchanges.
crimes, such as theft, directly implicating the cryptocurrency marketplace itself, such as stealing cryptocurrency from exchanges or defrauding unwitting investors.

The original report listed many case studies involving indictments, seizures, and arrests in the scenarios above, including SamSam ransomware, Welcome to Video and DarkScandals child sexual abuse services, terrorist funding both through direct donation and via sales of fake medical equipment (PPE during COVID), the Bitcoin Maven case (Theresa Tetley), BTC-e, Operation DisrupTOR (Wall Street Market), DeepDotWeb, DreamMarket, the Lazarus group hacks, HeroCoin ATMs, the Helix mixer, and others.

The new report points out something that I've recently been mentioning as well. Bitcoin and other block-chain-based crypto currencies are neither the first digital currency, nor the first one that has facilitated a great deal of criminal trade. The report mentions E-Gold (1996) and Liberty Reserve (2006) as "pre-crypto" examples of digital currencies, but could have as easily mentioned Webmoney (1998) or PerfectMoney (2007). Many of the points of the new report echo of those of the prior, although the cases have been updated, such as Bitfinex, Helix, and Hydra Market, estimated at one point to perform 80% of all darknet market-place transactions, and Garantex, the Estonia-based Exchange that laundered more than $100 million of the funds associated with darknet markets. The Colonial Pipeline ransomware and the use by indicted GRU agents of bitcoin, the theft of $600 Million by Lazarus Group hackers in March 2022 are all used to update the original report.

Two significant additions are the section on the Growth of Decentralized Finance (DeFi) and Non-Fungible Tokens (NFTs). In this area, the discussion of "Decentralized Autonomous Organizations" as opposed to a traditional corporate structure, and the insider trading, money laundering, and tax evasion aspects of NFT trading are discussed. (Examples of Nathaniel Chastain of OpenSea and Ishan Wahi of Coinbase are provided as insider examples.)

Section II of the report discusses DOJ efforts such as the National Crypto Enforcement Team (NCET) and its predecessors such as the Money Laundering and Asset Recovery Section's Digital Currency Initiative, and the Internation Virtual Currency Initiative. A few interesting statistics from the FBI, including that as of July 2022, the FBI had worked 1,100 separate investigations across 100 investigative program categories that involved a digital assets nexus. Since their first digital assets seizure in 2014, the FBI has seized $427 million in virtual assets (as valued at time of seizure.) In February 2022, the FBI created the Virtual Assets Unit. The Department of Justice has also created a Digital Asset Coordinators Network which is composed of designated prosecutors in U.S. Attorney's Offices across the country who work closely with CCIPS, MLARS, and NCET. The program is based on the successful CHIP Network (Computer Hacking and Intellectual Property) and the National Security Cyber Specialist (NSCS) Network which each designate prosecutors in every field office to be specially trained and equipped to handle the relevant case types for their office.

Cryptocurrency fraud investigations are listed as well, including the Baller Ape Club NFT rug pull case, the EmpiresX crypto Ponzi case, the Circle Society crypto commodities case, and the Titanium Blockchain Infrastructure Services Initial Coin Offering case. The Bitqyck case and the $2.4 Billion BitConnect Ponzi scheme case serve as an example of an IRS Cyber tax evasion cases, with the latter also being charged civilly by the SEC.

The DEA's Cyber Support Section is described as performing cryptocurrency analysis related to the use of cryptocurrency to facilite drug trafficking, while the US Marshals Service is the group manages and liquidates seized crypto funds. HSI has been a key player in many crypto cases, with at least 500 currently active investigations, especially via their Financial Crimes Unit, Cyber Crimes Center, and Asset Forfeiture Unit. The US Secret Service is also involved, with 302 cases involving digital assets and at least 535 seizures of digital assets valued at more than $113 Million at time of seizure. The US Secret Service is also a top trainer of state and local law enforcement via the National Computer Forensics Institute (NCFI) headquartered here in Hoover, Alabama! They also operate a Digital Assets Awareness Hub to educate the public on crypto risks.

Regulatory Agencies also play their part, with FinCEN working to enforce Bank Secrecy Act (BSA) guidelines and regulations related to Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) requirements. Treasury manages the OFAC office, which includes sanctioning mixer and state-sponsored crypto hackers. The SEC regulates crypto scams that are structured as "investment contracts, such as BlockFi Lending LLC or the DeFi Money Market. The Commodity Futures Trading Commission (CFTC) regulates the trade of commodities in interstate commerce. They have brought 50+ enforcement actions against organizations such as Coinbase, Payward Ventures (Kraken), Blockratize (Polymarket). BitMEX is one cryptocurrency derivatives exchange targeted for CFTC enforcement, after $209 Million in darknet market transactions were cashed out via BitMEX, who paid a $100 Million fine, with three co-founders pleading guilty to criminal charges and paying a $10 million fine.

One last organization of note is IVAN, the Illicit Virtual Asset Notification platform, being built by FinCEN and the FBI's National Cyber Investigative Joint Task Force. The goal of IVAN is to be a public-private information exchange to allow industry to collaborate on timely detection and disruption of the use of virtual assets in furtherance of illicit activity.

Requests for Legislation

The Justice report does make several requests for additional legislation, in five categories:

extend the prohibition against disclosing subpoenas (currently in effect for financial institutions) to VASPs (Virtual Asset Service Providers), strengthen the laws against operating an unlicensed money transmitting business, and extend the statutes of limitations from 5 to 10 years for certain crimes.
support for initiatives that would aid investigators in gathering evidence
strengthening sentencing guidelines for certain BSA violations
extend BSA record keeping rules to VASPs
ensuring that law enforcement has resources to conduct and staff sophisticated digital asset-related investigations.

The details for this legislative proposals are in section IV of the report, LEGISLATIVE AND REGULATORY ACTIONS THAT COULD ENHANCE EFFORTS TO DISRUPT, INVESTIGATE,

AND PROSECUTE CRIMINAL ACTIVITY RELATED TO DIGITAL ASSETS on pages 41-49 of the PDF.

International Considerations

One of the main observations of the report on International Law Enforcement Cooperation is the standard complaint that the Mutual Legal Assistance treaties are too slow, and that faster methods of international law enforcement cooperation, such as the "24-7 Network" often do not have a standard way of sharing requests regarding Virtual Asset Service Providers. (VASPs).

Next, while the western-friendly nations of the world have largely standardized cybercrime laws under the Budapest Convention on Cybercrime, the way in which the nations of the world define, regulate, and enforce actions against VASPs are varied and inconsistent. Under the concept of Dual Criminality, where one nation may only ask another to enforce laws which are similar in both countries, much of crypto-crime enforcement lacks such standards.

While the Cybercrime laws may not have caught up, the International body that deals with Anti-Money Laundering, FATF or the Financial Action Task Force, are clear thought leaders on the Virtual Assets guidelines. (We wrote about FATF in 2019, please see: Money Laundering and Counter-Terrorist Financing: What is FATF? ) Unfortunately, as of July 2021, only 35 participating nations had implemented the FATF suggestions regarding virtual assets and VASPs into their national laws.

My favorite part of the "Strengthening International Law Enforcement" report is Annex B: "Examples of Successful Cross-Border Collaboration on Digital Asset Investigations."

Liberty Reserve
BTC-e

Helix

Silk Road

Operation Bayonet (AlphaBay and Hansa)

Dream Market

Wall Street Market

DeepDotWeb

Welcome To Video

Operation DisrupTOR

Hydra Market

Twitter hack

Sodinokibi/REvil Ransomware

NetWalker Ransomware

BitConnect

For each example above, details are shared about which international law enforcement agencies partnered with which US agencies in order to reach the successful resolution. Inspiring reading!

The post The new DOJ Law Enforcement Crypto Reports (TL;DR) appeared first on Security Boulevard.

Drupal, Phishing and A New Cryptomining Botnet

Nadav Avital — Wed, 18 Jul 2018 16:00:14 +0000

It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to identify emerging threats and build new defenses. Our […]

The post Drupal, Phishing and A New Cryptomining Botnet appeared first on Security Boulevard.

Chinese arrest 20 in major Crypto Currency Mining scam

Gary Warner, UAB — Tue, 10 Jul 2018 16:15:00 +0000

According to Chinese-language publication Legal Daily police in two districts of China have arrested 20 people for their roles in a major crypto currency mining operation that earned the criminals more than 15 million yuan (currently about $2M USD).

The hackers installed mining software developed by Dalian Yuping Network Technology Company ( 大连昇平网络科技有限 ) that was designed to steal three types of coins. Digibyte Coins (DGB, currently valued at USD$0.03 each), Siacoin (SC, currently valued at $0.01 each) and DeCred coins (DCR coins, currently valued at $59.59 each).

It is believed that these currencies were chosen for the dual reason that they are easier to mine, due to less competition, and that they are less likely to be the target of sophisticated blockchain analysis tools.

The Game Cheat Hacker

The investigation began when Tencent detected the presence of a hidden Trojan horse with silent mining capabilities built into a cheat for a popular first person shooter video game. The plug-in provided a variety of cheats for the game, including "automatic aiming", "bullet acceleration", "bullet tracking" and "item display." Tencent referred the case to the Wei'an Municipal Public Security Bureau, who handled the case extremely well. As they learned more about the trojans, they identified first the social media groups and forums where the trojan was being spread, and traced the identity of the person uploading the trojaned game cheat to a criminal named Yang Mobao. Mobao participated as a forum moderator on a site called the "Tianxia Internet Bar Forum" and members who received the cheat from him there widely shared it in other forums and social media sites, including many file shares on Baidu.Mobao was popularizing the cheat program by encouraging others to make suggestions for new functionality. The users who were using the tool did not suspect that they were actually mining crypto-currency while using the cheat. More than 30,000 victims were using his cheat software and secretly mining crypto-currency for him.Yang Mobao had a strong relationship with gamers from his business of selling gaming video cards to Internet cafes. He installed at least 5,774 cards in at least 2,465 Internet cafes across the country, preloading the firmware on the cards to perform mining. It turns out that these cards ALSO were trojaned! As a major customer of Dalian Yuping, Moubao was offered a split of the mining proceeds from the cards he installed, earning him more than 268,000 yuan.Yang is described as a self-taught computer programmer who had previously worked management Internet cafes. After experiencing some profit from the scheme above, he modified the malware embedded in some of the video cards and installed his own miner, mining the HSR coin and transferring the proceeds to a wallet he controlled.

The Video Card Maker

After Yang Mobao confessed to his crimes, the cybercrime task force sent 50 agents to Dalian, in Liaoning Province. The Task Force learned that Dalian Yuping Network Technology had been approached by advertisers, who paid them embed advertising software on their video cards, which were then installed in 3.89 million computers, mostly high-end gaming systems installed in video cafes. The company's owner, He Mou, and the company's Financial Controller, his wife Chen Mou, had instructed the company's head of R&D, Zhang Ning, to investigate mining software and to experiment with various mining trojans. In addition to the illegal advertising software embedded in those 3.89 million video cards, their crypto currency mining software was embedded into 1 million additional video cards which were sold and deployed in Internet cafes across the country.Each time one of those machines successfully mined a coin, the coin was transferred to a wallet owned by He Mou. Chen Mou could then cash them out at any time in the future. 16 suspects at the company were interrogated and 12 criminally detained for the crime of illegally controlling computer information systems. Zhao was sentenced to four years himself.(I learned of this story from CoinDesk's Wolfie Zhao, and followed up on it from the Legal Daily story he links to as well as a report in Xinhuanet, by Reporter Xy Peng and correspondent Liu Guizeng Wang Yen.) （记者徐鹏通讯员刘贵增王艳）

The post Chinese arrest 20 in major Crypto Currency Mining scam appeared first on Security Boulevard.

Read: Our Top Picks for 2018’s Biggest Cybersecurity Stories… So Far

Gerhard Jacobs — Mon, 02 Jul 2018 16:55:54 +0000

Our threat research team’s been burning the candle at both ends this year, what with the sheer number of nasties out there at any given time. But with so many to choose from, how did we populate a list with just seven cybersecurity threats, and why? For one, it’ll take the rest of the year […]

The post Read: Our Top Picks for 2018’s Biggest Cybersecurity Stories… So Far appeared first on Security Boulevard.