Cybersecurity Book Club: “Tracers in the Dark” by Andy Greenberg (Part 1)
This is a two-part series about the book, Tracers in the Dark: The Global Hunt for Crime Lords of Cryptocurrency, by Andy Greenberg. This book analyzes how law enforcement investigators found a way to trace cryptocurrency payments and take down some of the biggest criminal enterprises on the dark web.
Introduction
Source: GoodReads
Cryptocurrency changed the game for online criminal markets. Not only were these darknet marketplaces protected via Tor browser encryption, but now site administrators could use cryptocurrency to facilitate anonymized transactions. Through their use of Bitcoin, a form of cryptocurrency with decentralized public ledgers, online black market operators dealt drugs, laundered money, and engaged in human trafficking – all without being traced. For years, law enforcement investigators could not effectively identify (let alone prosecute) illegal operations on the darknet. It seemed that the tried-and-true method of “follow the money” was no longer possible. That is, until a few people began to identify key vulnerabilities in Bitcoin transactions.
In his newest book, Tracers in the Dark, author Andy Greenberg demonstrates how several minds came together to disprove the theory that Bitcoin transactions are untraceable. By finding a way to trace these cryptocurrency payments back to a single source, law enforcement investigators regained the ability to hunt down digital crime lords. Greenberg shows how law enforcement agencies around the world leveraged blockchain analysis to execute mass takedowns of some of the biggest darknet sites in history.
How to Decrypt Bitcoin via Online Shopping
Image from Meiklejohn’s research study, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names
A primary reason why Bitcoin was believed to be untraceable was due to the lack of identifying information associated with transactions. Greenberg explains how Bitcoin uses alphanumeric addresses to hide the true identities of all senders and receivers. However, all Bitcoin transactions are publicly recorded on the blockchain. Although it does not list any personally identifiable information (PII), blockchain data might still reveal valuable information to someone who knew the right places to look.
Sarah Meiklejohn, a Phd researcher at the University of California at San Diego, certainly discovered the right place to look. Beginning in 2012, she began to investigate methods of Bitcoin traceability. Meiklejohn began by creating a spreadsheet which listed thousands of Bitcoin addresses from the blockchain. Then, she began purchasing many items from online vendors via Bitcoin – cupcakes, baseball hats, mugs, and other random items (see image on right). With each transaction she made, she would manually identify them on the public ledger.
Image from Meiklejohn’s research study, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names
Meiklejohn soon discovered how to identify clusters of Bitcoin transactions and link them back to a single user. Many Bitcoin wallets required users to empty wallets entirely – if the cost of a particular transaction was less than the total number of coins in a wallet, the remaining coins would be moved to a wallet at a different address (a.k.a. a “change” address). Therefore, Meiklejohn could see that if coins from a spender’s wallet were moved into a new, unused wallet, then that second wallet must be a change address. Thus, the spender’s original wallet address and this change address must belong to the same user. As a result, Meiklejohn organized clusters of activity on the blockchain that all linked back to a single user.
Hunting Darknet Criminals via Meiklejohn’s Methodology
To show how this methodology could aid in law enforcement investigations, Meiklejohn identified a single Bitcoin address that had saved 613,326 bitcoins (according to Greenberg, this represented 5% of all coins in 2012 and was worth $7.5 million at the time). Using her methods of identifying change addresses and activity clusters, Meiklejohn traced the money all the way to a few legitimate exchanges, where the wallet owner likely exchanged Bitcoin for traditional currency. At that point, Meiklejohn stopped her investigation since these exchanges would not give her any customer information. However, the case is much different for law enforcement agencies. Someone in law enforcement could subpoena these exchanges to disclose identifying information about the individual account owner.
Meiklejohn had made the impossible possible: she discovered a way that law enforcement agencies could trace Bitcoin transactions to individual owners. Soon after her team published their findings , law enforcement investigators began to think about Bitcoin in a different way. The blockchain was no longer perceived as a web of encrypted transactions, it was a detailed record of traceable payments made by criminals who believed they had achieved online financial anonymity. Therefore, with the right technology, financial forensics, and manpower, law enforcement agencies could use blockchain analysis to execute mass takedowns of criminal darknet sites.
Next Week: The Fall of AlphaBay
In the first part of our series, we have introduced Greenberg’s book and explained how Meiklejohn and her team found a way to trace Bitcoin payments.
Next week, we will explore how law enforcement agents used this methodology, OSINT, and an anonymous tip to take down one of the largest darknet marketplaces in history. Stay tuned!
Interested in reading more books by Andy Greenberg? Check out our previous review of his book, Sandworm: A New Era of Cyberwar and the Global Hunt for the Kremlin's Most Dangerous Hackers.
Approved for Public Release; Distribution Unlimited. Public Release Case Number 22-02304-7.©2023 The MITRE Corporation. ALL RIGHTS RESERVED