On the Trail of Criminals with Blockchain

Blockchain Intelligence
On the Trail of Criminals with Blockchain

suppliers on the subject

With blockchain, transactions with cryptocurrencies can be traced. This way, investigations against criminal hacker gangs can be supported, but it also gives ransomware victims the chance to recover the money that was extorted from them.

Analyzing raw blockchain data can help ransomware victims recover at least some of their ransom money, but it can also uncover other criminal activity such as financial fraud or even cases of removal. For example, blockchain intelligence firms are able to track Bitcoin and other cryptocurrency transactions to help authorities or ransomware victims identify attackers and possibly obtain the ransom. However, such surveys often require weeks of work, specialized technical knowledge and often a bit of creativity. The chances of success are not negligible.

Anatomy of a Blockchain Discovery

The first point of reference for investigators is the cryptocurrency address given by the hackers, to which the payment was made. As a rule, the money does not stay there for long. It is moved to different addresses, split into different wallets, and converted from Bitcoin to other cryptocurrencies.

Hackers use these methods to cover their tracks or to pay the partners involved. Some of these criminal groups even use professional money launderers. Whatever happens after a ransom is paid, all transactions are transferred to a blockchain. It shows transaction hashes, bitcoin and other cryptocurrency addresses, but there is no way to see how these addresses are connected.

While anyone can access a blockchain’s public ledger and see this raw data, deriving concrete insights from it is problematic. But there are ways to get important information. For example, by having investigator group addresses to identify the entity controlling them, such as individuals, cryptocurrency exchanges, or ransomware groups.

For example, individual wallets can hold five or six addresses, while some services that run on a specific blockchain allow millions of addresses to be aggregated. Knowing the exact entity behind a series of addresses can be crucial in a manhunt.

Linked to off-chain data

Blockchain intelligence companies typically collect information from a variety of sources and often use off-chain data to combine it with existing data and draw additional conclusions. To do this, they consult, among other things, dark web forums, social media posts and court documents.

For example, Facebook users request bitcoin funds in conjunction with an address. This address may be associated with a cybercriminal network, terrorist organization or other illegal organizations, as the case may be. This information is collected by blockchain intelligence companies and stored for future reference. This is how huge “blacklists” of cryptocurrency addresses are created.

In order to lose track of money, hackers usually move their bitcoins from address to address over a long period of time. But at some point, they have to exchange their cryptocurrency for a hard currency. Law enforcement authorities can use the collected data to find out who owns the wallet address or who was connected to this address.

Ransom repayment

The chances of ransomware victims getting back the ransom money depend on the following parameters:

• Time between payment and preliminary follow-up.

• Cryptocurrency movement speed.

Often, when law enforcement is involved, the chances of success tend to be higher. However, each case is different and the chances of recovering at least part of the ransom can vary considerably. Not only are ransomware hackers constantly honing their skills, but their numbers have also multiplied in recent years. Therefore, tracing bitcoin transactions remains a complex undertaking that needs to be done by experts.

Warning signs of a money laundering scheme

Through their work, blockchain intelligence firms can help create a foundation of trust for cryptocurrencies. The same goes for sensible regulations to contain cybercrime. Here are some red flags cryptocurrency service providers should use for monitoring/verification:

As of 10/30/2020

It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in accordance with applicable data protection regulations. You will find detailed information in our data protection declaration.

Consent to the use of data for advertising purposes

I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all affiliated companies within the meaning of §§ 15 et seq. AktG (hereinafter: Vogel Communications Group) my address e-mail for sending editorial newsletters. Lists of the respective associated companies can be viewed here.

The content of the newsletter extends to the products and services of all the companies named above, including, for example, trade magazines and trade books, events and trade fairs as well as event products and services, offers and print and digital media services. such as other (editorial) newsletters, competitions, prospecting campaigns, market research in the field online and offline, thematic web portals and e-learning offers. If my personal telephone number has also been collected, it may be used to submit offers for the aforementioned products and services of the aforementioned companies and for market research.

If I call up protected content on portals of the Vogel Communications Group, including its affiliates within the meaning of §§ 15 et seq. AktG, I must register with additional data to access this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes set out here.

right to retract

I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of the revocation. In order to declare my revocation, I can optionally use the contact form available at https://support.vogel.de. If I no longer wish to receive the individual newsletters to which I am subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.

• Incoming funds from a platform with relaxed regulations.

• A single crypto wallet linked to multiple bank accounts and credit cards (indicating a group of people using the same wallet to move funds).

• Very frequent inbound transfers from multiple crypto wallets to a single account.

• Linked crypto wallets that barely match client profiles.

• Transactions just below the reporting threshold.

• Continuous high-value transactions in a short period of time.

Ultimately, spreading cryptocurrencies to different addresses is no different than money laundering a few decades ago, when funds were deposited into a traditional bank account, then withdrawn, transferred to another bank account and finally sent abroad.

New techniques and tools are constantly being developed for blockchain analysis to help law enforcement. This is already an important but currently underused opportunity to investigate criminal activity.

(ID: 48596417)