Investigate crimes involving cryptocurrencies and other blockchain technologies
Bitcoin has traditionally been the payment system of choice for a criminal trading on the Dark Web, and now many other blockchain cryptocurrencies are entering the mainstream as traders are accepting them from low-end investors putting their money into the market. Worse still, the blockchain can even be used to hide information and covert messaging, unknown to most investigators.
Investigating Cryptocurrencies is the first book to help corporate, law enforcement, and other investigators understand the technical concepts and the techniques for investigating crimes utilizing the blockchain and related digital currencies such as Bitcoin and Ethereum.
Understand blockchain and transaction technologies
Set up and run cryptocurrency accounts
Build information about specific addresses
Access raw data on blockchain ledgers
Identify users of cryptocurrencies
Extracting cryptocurrency data from live and imaged computers
Following the money
With nearly $150 billion in cryptocurrency circulating and $3 billion changing hands daily, crimes committed with or paid for with digital cash are a serious business. Luckily, Investigating Cryptocurrencies Forensics shows you how to detect it and, more importantly, stop it in its tracks.
NICK FURNEAUX is a cybersecurity and forensics consultant specializing in cybercrime prevention and investigation for law enforcement and corporations throughout the United States, Europe, and Asia. He regularly speaks at industry conferences, including the F3 (First Forensic Forum), NPCC/ACPO Hi-Tech Crime conference, European Network Forensics and Security conference, many others.
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
Those 69 characters should be much more famous than they are. In the very first Bitcoin block, the enigmatic Satoshi Nakamoto, the inventor of Bitcoin, encoded that message in hexadecimal (see Figure Intro-1).
Figure Intro-1: Message in the Genesis block.
Either by design or coincidence (which seems unlikely), Satoshi both launched the first blockchain-based cryptocurrency and made the semi-covert statement as to the reasons for the development of his or her system (we do not definitively know the sex of Satoshi or even if Satoshi is an individual or a group). It seems that in Satoshi's view, the banks were failing, and his or her system could free people from the control of central banks and exchanges. On a cryptography mailing list, Satoshi wrote the following:
"You will not find a solution to political problems in cryptography.
Yes, but we can win a major battle in the arms race and gain a new territory of freedom for several years.
Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own."
Although Satoshi wrote little about the Bitcoin system, the few comments on forums show that there was at least a small part of his or her motivation that wanted to enable people to step outside the traditional banking and currency systems.
Since those early days, Bitcoin has grown massively both in value and reach. Although at the time of writing, one could not assert that Bitcoin was a mainstream currency, it is certainly in the mainstream consciousness, regularly making headlines on conventional news channels and spawning thousands of column inches of editorial.
Aside from Bitcoin, hundreds of cryptocurrencies are now based on the blockchain concept. Some are very similar; others are trying to do things in very different ways. For example, although Ethereum is a cryptocurrency in its own right, it is based around a complex, programmable contract system. A transaction can include many contractual obligations and could be used for everything from buying a house to getting married. In fact, several couples have already embedded their marriage on the Bitcoin and Ethereum blockchains, including parts of their vows and links to an image of their marriage certificate. Blockchain technology is here to stay, and an investigation involving it is going to land on your desk soon, if it hasn't already.
Cryptocurrencies: Coming to a Lab near You
I've been working specifically in computer forensics and digital investigations for about 14 years. In that time, the equipment coming to the lab and the programs we have had to investigate have changed drastically. About 13 years ago, a computer investigation would focus almost solely on Internet activity in a web browser, perhaps some newsgroups or ICQ and, of course, good old e-mail. Fast-forward to 2018, and the equipment that lands on the check-in desk at the lab has changed beyond recognition. Most smartphones, such as the humble iPhone, have significantly more power and storage than the computers of the early 2000s, and instead of simply looking at visited websites, we now have encrypted chat, messaging programs that come in hundreds of flavors, and social media environments that are investigation centers in their own right, such as Facebook, Snapchat, and many others.
Throughout this time, criminals have continued to carry out nefarious deeds and have found ways to pay for illegal goods and acquire ill-gotten payments from the defrauded and unsuspecting. The problem for the 2005 criminal was the lack of options for sending or receiving monies in an anonymous, untraceable way. For example, criminals could easily carry out a "ransomware" attack where malware encrypts the victim's computer until money is paid and then they are "hopefully" provided with a decryption key. But to have the money sent to the criminal presented significant difficulties. You could publish a bank account number, but that's very hard to set up without ID, and when the money is transferred, the police can easily trace it and move in for the arrest. Because of these problems, criminals and criminal gangs took to setting up post-office (PO) boxes where money could be sent, but again, it was not difficult for the authorities to keep watch until someone turned up to collect the cash. Some went the route of using what amounted to cash mules, who would retain some percentage of the risk involved, adding a layer of misdirection to the payments and cutting into profits. The Internet, though, offered possibilities in the form of Western Union and PayPal, but those are also connected to real-world bank accounts, making it straightforward for the police to trace. I'm somewhat simplifying the methods used, but you get the idea: there was no easy way to pay or get paid without leaving a trail that is easily followed.
Then in January 2009, Satoshi launched the Bitcoin currency, based on a concept called the blockchain. This currency did not need any connections to the real-world banking system or require anyone to sign up to any central system-you could acquire a few bitcoin and pay for goods with seeming total anonymity. Add to this new ability the burgeoning underground marketplace the media loves to call the "dark web"-mostly because it has the word "dark" in it, which makes it sound mysterious, with a hint of evil. Of course, the dark web is anything but dark, with many legitimate services available to assist those in more restricted territories of the world to communicate and be informed online. It would be fair to say, though, that it certainly represents the rough side of town! Because of this association, Bitcoin became the bad guy of finance, and when a computer came into the lab with Bitcoin software on it, the owner was automatically viewed with significant suspicion.
I often see this attitude amongst investigators when it comes to anything that obfuscates computer communication or hides data. When investigating a computer with a VPN client on it, if storage encryption is turned on, a Tor client is installed, or even if a browser cache has been recently purged, the assumption is that the owner "must have something to hide." I regularly argue that many reasons exist why someone would have all or any of these software tools on their computer-they may have something to hide, but it's not actually illegal or they just value their right to privacy. Sadly, I'm usually wrong, and the computer owner generally does have something bad to hide-but it's nice to think the best of people, isn't it?
In recent years, Bitcoin has moved out of the figurative shadows of the dark web and into the light of mainstream commerce. It seems most owners of bitcoins are just holding them for investment as the bitcoin-to-dollar price fluctuates wildly, but generally in an upward direction. If you go to
http://bit.ly/2td8ref, you can see the bitcoin-to-dollar exchange rate from its inception in 2009 to now.
Although Bitcoin, Ethereum, and others could stand alone as a trading currency if enough traders accepted them, the reality is that even today, in 2018, what you can buy with a cryptocurrency is limited. Users wanted to be able to buy cryptocurrency with dollars and euros for use online and then sell coin that they had received for currency that they could use in Walmart, for example. To fill this void, currency exchanges began to pop up that would take your real-world money in exchange for commensurate Bitcoin. The process is the same as converting between any currencies. Head to an online site that offers conversion, pay your money by credit card or wire transfer, for example, and you will be credited with the Bitcoin or whatever currency you have asked for. As I discuss in this book, most sites have their own "wallet" system that stores your Bitcoin for you so you can then pay for goods using your coin directly from the website. This means that the company can both take your money and have access to your bitcoins.
The volatility of Bitcoin compared to its dollar value in 2017 and 2018, aligned with the growing fees involved to make a Bitcoin purchase, have led some economists to question Bitcoin's use as a currency, rather terming Bitcoin a crypto-asset. Time will tell if Bitcoin or another cryptocurrency manages to become widely available on the high street.
The problems have been significant. Anyone who knows anything about setting up a website that includes a bit of code to accept credit cards could set up a cryptocurrency exchange in very little time. A developer could construct a professional-looking interface, host it on servers in Belize, register it on the primary search engines, and wait for customers. Those customers give money to the website host who in turn transfers bitcoins into his or her wallet on the servers, waits until the wallet contains lots of money and bitcoins, and then quietly closes the door and tiptoes away. This happened early in the life of Bitcoin with the fraudulent Bitcoin Savings and Trust in 2012, and Global Bond Ltd in 2013.
Alternatively, the person who sets up this type of online payment might be completely legitimate but get hacked and lose all their...