National Security

Russia probe indictments spotlight risk of bitcoin, digital currency

The use of so-called cryptocurrencies in global finance are likely to come under increased scrutiny after the Justice Department announced indictments Friday against 12 Russian military intelligence officers whose alleged conspiracy used bitcoin to set up and maintain hacking activities designed to undermine U.S. elections in 2016.

Deputy Attorney General Rod Rosenstein on Friday announced the indictments, the first brought by Special Counsel Robert Mueller III in his collusion probe that target Russian government officials for election-hacking activities.

The 29-page indictment detailed how the Russian intelligence agents laundered the equivalent of $95,000 “through a web of transactions structured to capitalize on the perceived anonymity of crypto currencies such as bitcoin.”

“It is a backbone of the criminal universe, and the shift happened in less than five years. Right now, nothing happens without bitcoin. It is the default currency of pretty much every cyber criminal in the world and by definition intelligence operatives as well,” said Andrei Barysevich, who leads a research team at Recorded Future, a Somerville, Mass., cybersecurity firm.

The reasons for the popularity of digital currencies abound.

“It provides security, safety and anonymity, plus it’s a unified currency that you can use anywhere in the world,” Barysevich said. “Fraudsters in Nigeria could send them to Russian hackers who could pay money mules in the USA or in Europe.”

The charging documents are rich in detail about how bitcoin was used to further the alleged criminal conspiracy. Examples include use of an online crypto currency service to pay for registration of the domain through a service that makes the registrant of the domain anonymous.

And this online crypto currency service was used to purchase a virtual private network account and to lease a virtual private server in Malaysia that was used to successfully spear-phish the email of Clinton campaign chairman John Podesta. Spear-phishing is when a person sends an email to another that includes a link or an attachment that if clicked, infects the victim’s computer with malware in order to steal personal data or plant and launch hostile applications.

Currencies like the dollar or euro are backed by reserves and a central bank, their value is set by market forces based on the health of the home country’s economy. Crypto currencies have no such centralized control, their actual value subject to manipulation and they are distributed through a ledger system_ often called a blockchain_ which serves as a public database of transactions.

The problem for law enforcement, as the indictments show, is determining who is the actual person or entity behind a bitcoin or other digital currency transaction.

The Russian officers, said the indictment, mostly used bitcoin to purchase computer servers, register Internet domains and make payments to activities related to the hacking of Clinton campaign volunteers, Podesta, the Democratic National Committee and the Democratic Congressional Campaign Committee.

They purchased the computer infrastructure, prosecutors said, by using hundreds of different email accounts, and fictitious names and addresses. And they allegedly paid a Romanian company in bitcoin to register domains through a payment processing company in the United States.

They used dedicated emails to facilitate bitcoin payments, the indictment alleged, using one of these accounts to renew the registration of an Internet domain tied to malware installed on the Democratic National Committee’s network.

“The use of bitcoin allowed the conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds,” federal prosecutors alleged.

Over the past year, U.S. law enforcement and financial regulators have stepped up their warnings about crypto currencies, sometimes called digital currencies. They’ve been concerned about everything from laundering illicit narco proceeds and human trafficking to investment fraud.

“I think what today shows us is another example of the challenge of virtual currency in the movement of funds. Law enforcement is still trying to get their arms around all of this,” said John J. Byrne, vice chairman of AML Rightsource, a company that provides specialized staffing to the banking and financial sectors to protect against money laundering. “This is just another example of why we need to get better at different methods of tracking and the anonymity that causes some of these problems.”

The charging documents Friday also alleged that Russia’s military spy agency known by its acronym GRU was involved in the creation of some of the bitcoin used. That underscores an increasingly blurry line between criminal organizations and state-sponsored hacking.

“It’s what Russia has done for years,” said a former high-level FBI cyber agent with expertise on Russia who demanded anonymity because of ongoing private investigations.

Ironically, bitcoin’s success has also been part of its undoing as transaction costs and delays associate are becoming burdensome and opening the door to competition.

“At the moment, a lot of bad guys decided to switch to more reliable, less busy currencies, cheaper, quicker, with smaller commission fees. One of them is Litecoin, (and others are) Bitcoin Cash, Bitcoin Gold, Zcash and Monero,” said Barysevich of Recorded Future.

Kevin G. Hall: 202-383-6038, @KevinGHall
Tim Johnson, 202-383-6028, @timjohnson4