Cybersecurity Book Club: “Tracers in the Dark” by Andy Greenberg (Part 2)
This is a two-part series about the book, Tracers in the Dark: The Global Hunt for Crime Lords of Cryptocurrency, by Andy Greenberg. This book analyzes how law enforcement investigators found a way to decrypt cryptocurrency payments and take down some of the biggest criminal enterprises on the dark web.
Continuing from Last Week…
Last week, Phishing for Answers published Part 1 of our series about “Tracers in the Dark.” We introduced Andy Greenberg’s new book and explained how Meiklejohn and her team found a way to decrypt Bitcoin payments. Now it’s time to explore how law enforcement agents used this methodology, OSINT, and an anonymous tip to take down one of the largest darknet marketplaces in history.
AlphaBay Takedown: Misconfigured Servers, OSINT, & Anonymous Tips
Infographic published by the FBI about AlphaBay at the height of its activity (Source: FBI)
Between 2014 and 2015, business was booming for Alexander Cazes. Better known by his username Alpha02, Cazes was the administrator of AlphaBay, an online criminal marketplace which took over the dark web drug trade after the dissolution of Silk Road. AlphaBay enabled more than 200,000 customers to buy and sell drugs in mass quantities via “anonymized” cryptocurrency. Due to AlphaBay’s large-scale Bitcoin transactions and Cazes’ careful adherence to online privacy, investigators initially struggled to prosecute any site users other than lower-level drug dealers.
A notice published by the FBI following AlphaBay’s takedown (Source: FBI)
However, in 2016, US law enforcement received an anonymous tip that would forever change their luck. Apparently, Cazes had made an extremely rudimentary mistake in the early development of the AlphaBay site. At the time, new users who registered on the site’s forum would receive a welcome email. However, due to a misconfiguration in site’s Tor-protected server, these email messages showed the server’s IP address and the sender’s email address: Pimp_alex_91@hotmail.com. With this revelation and some simple open-source intelligence (OSINT), it was not long before investigators were able to link this email address to Cazes. Two FBI agents also discovered Cazes’ Bitcoin wallet transactions after tracking black-market wallet addresses that had held the biggest amounts of Bitcoin over long periods of time. In 2017, Cazes was arrested at his home in Thailand.
Why this Book Matters
There is a law in cryptography known as Schneier’s law, which states that “any person can invent a security system so clever that they can’t think of how to break it.” But all it takes is someone with a different approach or mindset to be able to crack any “unbreakable system.” This was certainly true for decrypting Bitcoin transactions. Greenberg’s book shows us how a few researchers, law enforcement personnel, and financial analysts picked apart the anonymized world of cryptocurrency and left vulnerable some of the internet’s most dangerous crime lords. People like Alexander Cazes of the digital underworld are no longer immune from discovery by law enforcement, making cryptocurrency a less favorable tool when it comes to maintaining privacy on the internet.
But this book also introduces another important side of the privacy debate: the human side. As Greenberg points out, digital currency investigations are not only used to track the guilty, but also the innocent. For some authoritarian governments, tracing cryptocurrency activity can be used to surveil and control people. Human rights advocates around the world point out that anonymized and encrypted money flows are essential in getting resources to citizens in countries such as North Korea. They argue that the blockchain analysis technologies can be used to oppress groups of people or silence them.
Whether cryptocurrency tracing is used for good or bad, another urgent issue has arisen – the use of other digital currencies that offer even more protection than Bitcoin. As Bitcoin tracing has become more commonplace in law enforcement investigations, cyber criminals are increasingly relying on another cryptocurrency called Monero. Although Monero has been in use since 2014, Monero has become particularly popular amongst ransomware groups in the last several years since it is more difficult to trace than Bitcoin. This is because Monero leverages layers of cryptography to hide transaction amounts. Monero integrates every payment with other transactions by default, making it very difficult to identify clusters of similar activity. As Greenberg concludes, “The cat-and-mouse game continues.”
Interested in reading more books by Andy Greenberg? Check out our previous review of his book, Sandworm: A New Era of Cyberwar and the Global Hunt for the Kremlin's Most Dangerous Hackers.
Approved for Public Release; Distribution Unlimited. Public Release Case Number 22-02304-7.©2023 The MITRE Corporation. ALL RIGHTS RESERVED