Bitcoin And Encryption

June 12, 2021

Bitcoin And Encryption: A Race Between Criminals And The F.B.I.

Law enforcement has an advantage when it gets ahold of digital devices. Despite claims from Apple, Google and even the Justice Department that smartphones are largely impenetrable, thousands of law enforcement agencies have tools that can infiltrate the latest phones to extract data.

“Police today are facing a situation of an explosion of data,” said Yossi Carmill, the chief executive of Cellebrite, an Israeli company that has sold data extraction tools to more than 5,000 law enforcement agencies, including hundreds of small police departments across the United States. “The solutions are there. There is no real challenge to accessing the data.”

The police also have an easier time getting to data stored in the cloud. Technology companies like Apple, Google and Microsoft regularly turn over customers’ data, such as photographs, emails, contacts and text messages, to the authorities with a warrant.

From January 2013 through June 2020, Apple said, it turned over the contents of tens of thousands of iCloud accounts to U.S. law enforcement in 13,371 cases.

And on Friday, Apple said that in 2018, it had unknowingly turned over to the Justice Department the phone records of congressional staff members, their families and at least two members of Congress, including Representative Adam B. Schiff of California, now the chairman of the House Intelligence Committee. The subpoena was part of an investigation by the Trump administration into leaks of classified information.

Challenge of Encryption

Yet intercepting communications has remained a troublesome problem for the police. While criminals used to talk over channels that were relatively simple to tap — like phones, emails and basic text messages — most now use encrypted messengers, which are not.

Two of the world’s most popular messaging services, Apple’s iMessage and Facebook’s WhatsApp, use so-called end-to-end encryption, meaning only the sender and receiver can see the messages. Not even the companies have access to their contents, allowing Apple and Facebook to argue that they cannot turn them over to law enforcement.

The FBI likely exploited sloppy password storage to seize Colonial Pipeline bitcoin ransom

The FBI’s breach of a bitcoin wallet held by the cybercriminals who attacked Colonial Pipeline is all about sloppy storage, and not a reflection of a security vulnerability in the digital currency, crypto experts told CNBC.

On Monday, the Justice Department reported a successful mission to retrieve $2.3 million in bitcoin paid by Colonial Pipeline to ransomware hackers in April. Court documents indicated that investigators traced bitcoin transaction records to a digital wallet, which they subsequently seized under court order. Officials were then able to access that wallet with something called a “private key,” or password.

It remains unclear how exactly the FBI retrieved the key.

“I don’t want to give up our tradecraft in case we want to use this again for future endeavours,” Elvis Chan, an assistant special agent with the FBI’s San Francisco office, said in a news call Monday.

How the FBI likely seized bitcoin

Until the FBI is more transparent with its methods, it’s not possible to know exactly how federal investigators managed to retrieve the private key in question. But there are a few possible scenarios.

DarkSide, the cybercriminal gang that targeted Colonial, reportedly used a payment server to collect the funds. A centralized platform like this is relatively easy for the FBI to track.

“Following the money remains one of the most basic, yet powerful, tools we have,” said Deputy Attorney General Lisa O. Monaco in a statement on Monday.

“Because these transnational, organized criminal groups are facilitating these payments in cryptocurrency, and because of the transparency and traceability that cryptocurrency provides, you can actually more effectively follow the money and potentially mitigate and arrest illicit activity within this ecosystem, than you can with traditional finance and fiat currencies and payments,” explained Jesse Spiro, Global Head of Policy for Chainalysis, a company that provides blockchain forensic and investigative services to private sector companies, including crypto exchanges.

When a ransomware-related payment is made, Chainalysis can produce and generate what Spiro characterizes as “unprecedented intelligence and information concerning the supply chain.”

Chainalysis was not able to speak to any specifics on the Colonial investigation.

Once the FBI had that wallet in hand, it’s extremely unlikely they broke something called the “Elliptic Curve Digital Signature Algorithm,” which is how the digital currency ensures that bitcoin can only be spent by the rightful owner.

“That is so far-fetched, as to be impossible,” said Nick Carter, founding partner at Castle Island Ventures.

What’s much more likely, according to Carter, is that they were able to access a server where the hackers stored private key information. That points not to any fundamental flaw in bitcoin’s security, but rather a case of bad IT hygiene for a criminal organization.

Just take the 2014 hack of Mt. Gox, once the leading bitcoin exchange. It was the first high-profile hack in cryptocurrency history. The exchange filed for bankruptcy and lost 750,000 of its users’ bitcoins, plus 100,000 of its own.

“Bitcoin itself functioned perfectly, but what functioned imperfectly was their system of storing your private keys,” explained Carter.

This is why some cybercriminals take their coins offline to cold storage, to insulate nefariously earned tokens from the government and law enforcement.

“If you want to store your coins truly outside of the reach of the state, you can just hold those private keys directly. That’s the equivalent of burying a bar of gold in your backyard,” said Carter.

Setting a good precedent

One former chairman of the U.S. Commodity Futures Trading Commission thinks the FBI breaking into the crypto wallet of a cybercriminal sets a good precedent for acceptance of cryptocurrency.

“It proves that the bitcoin blockchain is not a hostile ground for law enforcement,” said Chris Giancarlo. “It proves that it is not a perfect tool for criminal activity.”

Mati Greenspan, portfolio manager and Quantum Economics founder, agrees that the breach bodes well for bitcoin.

″Many market participants, myself included, were expecting President Joe Biden to use crypto as a scapegoat for the hack and to come out with crushing reforms,” said Greenspan. “Instead, they were clued into what we already knew: That it is easier for authorities to catch criminals who use crypto than anything else.”

Carter also appeared unfazed. “We’ve seen these kinds of seizures before, and I’m sure we’ll continue to.”

Despite the common stereotype, there is no data to indicate that criminals disproportionately use cryptocurrencies like bitcoin. Chainalysis estimates that less than 1% of cryptos are used for illicit purposes.