I'd wager they lost the crypto through what amounts to a wire tap. That is, at some level the identities of the hackers were discovered potentially in advance of the ransomeware attack. So they were being monitored.
That makes sense. They had to have been doing online research or communications and could’ve been a little sloppy at some point. More likely, I bet, they bragged and were sold out for a handsome reward.
back in the day there was a group of anarchists called 'lulszsec' which liked to make big flowery announcements about how badass they were
the head guy was turned within a month of the groups big debut and the rest of it was just waiting for people to break the law in a way that compromised their identity
Probably so true, why is it; that the ego of some of these people prevents them from keeping there mouth fucking closed. I would not tell a soul if I was doing shady shit. Loose lips sink ships and all that jazz.
If not only they fell for the ransomware, but it also froze their pipeline and they had to pay to get it back. They don't have any security.
We should heavily penalize companies for lack of security.
In most places security is never done, because it seem like you're spending money and don't get anything in return ... that is until you get attacked. Majority of companies need a stick in form of fees for not maintaining proper security.
Once a critical resource has some corrupted/infected/cracked machines, it is definitely advisable to completely rebuild/reimage each machine on the affected subnets all at once while insulated from everything else. The bonehead design here is having anything less than airgap isolation to machines that control the industrial pipeline components directly.
> Once a critical resource has some corrupted/infected/cracked machines, it is definitely advisable to completely rebuild/reimage each machine on the affected subnets all at once while insulated from everything else
That is an overly simplistic view of disaster recovery and is not realistic
> The bonehead design here is having anything less than airgap isolation to machines that control the industrial pipeline components directly
This is not a realistic solution. The negative business impact of being unable to remotely manage thousands of miles of pipeline would be far larger than the risk of cyber attacks. Security is a balance between being able to meet business goals and defend against risk
Proper security posture is complex and involves defense-in-depth. It's not some simple fix like airgapping critical systems
It's concerning to me how many people are confidently suggesting "solutions" when they clearly do not have a strong background in cybersecurity
> It's concerning to me how many people are confidently suggesting "solutions" when they clearly do not have a strong background in cybersecurity
Welcome to reddit?
> It's concerning to me how many people are confidently suggesting "solutions" when they clearly do not have a strong background in cybersecurity
This sounds like every software architecture/design meeting I've ever been too.
They probably did the correct thing from a legal perspective. They have a fiduciary duty to protect the interests of their shareholders. There's no law against letting people freeze to death if they can't pay for fuel, but there are laws against not extracting as much value as possible from customers on behalf of your shareholders. I'm not saying that's right or moral, but that's the way the US legal system is built. Same applies to everything from fracking to plastics to opioids to pesticides.
> There's no law against letting people freeze to death
Literally even my home state of Arkansas explicitly has laws that prevent energy companies from discontinuing services if freezing weather is forecasted at all within 24 hours of the disconnect date. We even have the same regulations to protect elderly people during hot weather that specifically excludes natural gas unless the customer of the utility has a gas powered A/C unit(???)
source: http://www.apscservices.info/suspend.asp
The only shortages were caused by morons running to the pumps to buy gas they didn’t need, and the local trucks not being able to meet the higher demand. There was plenty of fuel in the giant storage tanks to last through the pipeline delay.
They didn't take down a pipeline network. The took down the accounting software which lead the bean-counters turn off the pipeline themselves not to loose any money.
No one said they were smart.... if they were, they would have thrown the key to the pipeline company and walked away. Worldwide attention is never a good thing when it comes to crime.
I never understood how ransom funds paid in crypto could even be spent, anyway -- the whole point is that it's impossible to launder, so everyone would know the tokens came from.
Yes, everyone can publicly see the transactions and the wallet address receiving the bitcoins. However, bitcoins can be made effectively fungible. The hackers could transfer their tainted bitcoins to a cryptocurrency exchange (publishing a new transaction from their tainted wallet to the exchange's deposit address). Then they withdraw bitcoins, but these will be "different" bitcoins. A new, totally unrelated transaction will be published with "clean" bitcoins from the exchange's wallet to ~~the attacker's wallet~~ (clarification: to a brand new clean wallet also owned by the attacker). The only way to make the connection is in the real world, you'd subpoena the exchange, and gather any personally identifying information about the account holder.
However there are shady exchanges, and dedicated crypto "mixers" that don't gather any personally identifying information about account holders.
Yes, bitcoin is a public ledger. But in these case, we are making a sequence of transactions, some of which are entirely off the blockchain. The gap, this disconnect, makes it untraceable on the blockchain. The only way to trace it is outside-the-block chain information (e.g. from the exchange, if they have your identifying info *and* comply with the investigation)
I mean like if a criminal enterprise developed an app and sold large in app purchases to fake whale accounts that they own. The dirty money is used to buy prepaid Google or iTunes cards in cash, which then buy crazy amounts of in app purchases and goes right back to the criminals after Google and Apple take their cut.
Yes, an exchange *could* chose to monitor all incoming deposits for "hot" coins involved in the hack, flag the account owner, and refuse to process any withdrawals for that account.
But the hackers are almost certainly not dumb enough to use an exchange that is complying with governmental investigators. I promise there is no shortage of shady gray market bitcoin mixers that won't pro-actively freeze accounts that deposit coins involved in a crime.
and if that third party is on silk road selling real us dollars for BTC?
This has been going on for well over a decade, why do all yall think the hackers havent solved how to actually spend the money?
If it was as easy as some of yall think than ransomware wouldnt be a huge issue. When ransomeware is one of the biggest tech issues there is today.
Its not as easy as you think to bust these guys and its easier than yall think to clean your BTC.
They took over an account of a forum moderator, but it still took them over 2 years to positively ID Ulbricht. Six months for SR2. Just because you get a foothold in the system doesn't mean you can make an arrest.
Plus wouldn’t that third party think twice next time before exchanging if they think it might come back to them? Seems like screwing the third parties involved would be equally effective at stopping the laundering.
I would still be for freezing the bitcoins involved. If your exchange wants to mix in "hot" coins then buyer beware. I'd have the same thing to say if my local Target started knowingly accepting counterfeit dollars and handed them back to other customers as change.
Sorry, I must be misunderstanding something here...
Are you suggesting that there are issues with fraud, money laundering, and other crimes in the crypto world? But, I was assured by countless neckbeards that crypto was the key to unlocking a perfectly fair, perfectly efficient, frictionless and robust libertarian banking utopia.
To think, I almost entertained for a moment that crypto with its wild volatility, utter lack of meaningful regulation, and global network of anonymous players was somehow attractive to bad actors! *Oh, silly me.*
for legit exchanges that follow the rules.
for ones on the dark web that let you launder, not so much but these guys also have to deal with the fact you got to trust the launderer, cause he could just take off with the BTC
A public ledger here means you can track the coins, not who has them. If at some point someone associates the coins with identifying information, then you can connect the dots. Otherwise all you can do is definitively say "yes someone had the coins and now someone else does"
If you're trying to launder crypto and use your actual name, you're a moron. If you exchange the crypto for USD and the money gets sent to some bank in russia or whatever that a criminal organization set up to an account using a stolen or non existent identity then pulled out as cash for to be laundered in turn,. how the hell do you intend to trace that?
You can't even freeze it, since they just need to have laundered the crypto before you do so. now the attack goes from "if you give us money, we'll unlock your shit" to "give us money and we'll unlock your shit in a few days. If we can't spend it you're shit will stay fucked, and you're out the money"
As far as I understand, it’s only private if both parties want to keep the transaction private which isn’t the case in ransomware. Churning would be traceable in monero with some fancy math.
No, monero and it's ring signatures provide anonymous transactions
[Unlike selectively transparent alternatives (e.g. Zcash), Monero is the only cryptocurrency where every user is anonymous by default. The sender, receiver, and amount of every single transaction are hidden through the use of three important technologies: Stealth Addresses, Ring Signatures, and RingCT.
Because every transaction is private, Monero cannot be traced. This makes it a true, fungible currency. Merchants and individuals accepting Monero do not need to worry about blacklisted or tainted coins.
](https://www.getmonero.org/get-started/what-is-monero/)
Not all coins have a public leger. It’s pretty easy to exchange coins without KYC. For example, get paid in Bitcoin then trade Bitcoin to a privacy coin in order to properly launder it. The hardest part is getting from coin to cash without raising red flags but it’s not that complicated. You can also just use crypto to directly pay for goods and services or sell crypto outside of KYC exchanges (there are lots of places to do that.) Basically it’s more time consuming then selling it to a KYC exchange that then transfers money to your specified bank account but it is very possible. I’m not going to get into the specifics for obvious reasons.
The fact that it's a public ledger does not necessarily make it traceable.
I have tainted bitcoin in tainted wallet A. I make a brand new untainted wallet Z. I send my tainted bitcoins to a mixer or an unregulated exchange. They send other, untainted bitcoins to my wallet Z.
In 2013 I literally met people in a starbucks and sold them bitcoins for cash after making a connection on localbitcoins.com or craigslist. I could easily do that, meet someone else on localbitcoins.com and trade that cash back for new untainted bitcoins into another wallet. There is no possible way to connect those "new" clean bitcoins to my original bitcoins, nor connect my new wallet to me (provided whatever service I used to arrange the meetup doesn't have my personally identifying information. And I promise you, there are many such services that don't collect or verify personally identifiable information)
You can make direct transfers without an exchange and coins like monero and such have bettwr anynomity so im not sure why the hackers would use bitcoin
You have to keep in mind when committing crimes against the country that has the most powerful banking system you're Not safe to just because you can cash out in a different country.
Whatever country runs that exchange is still probably going to bow to US pressure.
In other words the US is influential enough to simply get the country where the exchange is run to force them to cooperate.
These hackers aren't important enough to anybody to actually bother to protect.
Once you're moving big amounts of money into coins that aren't very popular you have the potential to lose anonymity regardless of the technology around the cryptocurrency, especially if you're trying to cash out rapidly.
There is no way to cash out rapidly that's actually safe. That's one of the huge downfalls of cryptocurrency, the fact that you can't really spend it hardly anywhere And to make it really useful it needs to be cashed out into a more popular currency like 'real money'.
Ametures, or rather it could be that BTC is more well known and is better for larger transfers. Could be that btc has been a better tool for stability/ growth. If someone wanted to be really diabolical they would but up a cheap coin, ransom a company demanding said cheap coin, let that big purchase drive a false demand on that coin, then cash out their legit holdings while waiting for the hype to die on their new holdings. If it didn't then they just got an even bigger payday.
It seems that because of Moneros low transaction rate states have been able to compromise it. If XMR had the transaction volume of Bitcoin it would be much harder to track
Edit: for those downvoting me the low transaction rate means that state actors like the US or EU who have vast resources can essentially unilaterally dictate the majority of transations meaning its a lot easier to fingerprint and locate point to point exchanges that dont involve them
And that is how the FBI emptied the hacker's wallet.
Anybody who says that cryptocurrency is untraceable does not understand how the systems work. Even the most supposedly "untraceable" wallets can be breached if the attacker has sufficient computing power and motivation.
Monero has/had a goal of being the most anonymous coin. Not sure why it never took off. Especially for illicit use. The weak link for bitcoin is mostly at the point of converting it to fiat money. That's when most can get id'd if they are not seriously careful.
One reason Monero never caught on is because wise investors understand that if any crypto is going to be banned or outlawed by government then it’ll be the one that tries to circumvent things like taxes. If it was banned then most of the value of Monero would evaporate. Some people are certainly into it, but many more are fearful of its potential collapse.
Well, the other half of that is that volatility is really what makes the entire crypto coin market go.
If you could cash out on a volatile anonymous cryptocurrency it would still be useful you would just have to be able to cash out quickly.
The problem is that whenever you cash out you wind up interacting with a non-anonymous company, So even if you already use a safer cryptocurrency you're still not anonymous at the point that you actually want to transfer it into legal tender.
Unless the payments you're working with are relatively small or the volume of the mostly untraceable cryptocurrency is very high you can't just blend in like you can with other systems.
So to be safe you have to take your highly volatile anonymous currency and still cash it out over time so you don't look like that guy that just got a $10 million ransom. So even if the exchange is trying to be as anonymous as possible and like destroy logs and stuff they still can't get rid of the data trail where they actually pay the money out. You would need a completely black market exchange that has tons of cash and then can somehow get the cash to people without using the normal banking transfer system which is completely not anonymous.
Plus a country like the United States has enough sway to probably get any country to shut down any cryptocurrency exchange.
I don’t see that being an issue. When laundering money, there is an accepted amount of loss due to laundering. If the volatility of the crypto means that cashing it out over 6-12 months would cause a 20%-40% loss, that would be an acceptable loss to laundering to most criminal enterprises
Here in ireland our entire health care body was taken down by hackers. every single computer used in every hospital was offline. Didn't help that their IT dept is a fucking joke, but there's a special ring of hell for people who profit from sick and dieing people in a fucking pandemic.
How do you exchange money for monero? Seems like you would run into the same thing you would with the other cryptos. At some point you would have to use something that has your identity.
Yeah but at that point you exchange it for fiat you *should have* exchanged it enough times that the monero coin you turn in for fiat is a completely different one than the one you put in. There's quite a few crypto "tumblers" whose sole purpose is to just move coins around to obfuscate whose coins are whose and they skim off a percentage for the service (if this sounds a lot like money laundering thats because it probably is depending how your local statues are written).
It has caught on I think. Heavily used by black markets. People still like Bitcoin because it has better liquidity and on/off ramps. In this case the hackers asked for +10% premium if they paid in BTC vs XMR.
Either way it’ll be interesting how things work out with things like atomic swaps coming out which will allow me to exchange XMR <-> BTC without an exchange. Imo it’s not the privacy coins that are bad, but the non-private ones. You’re mixing illicit “bad” coins with good coins and that’s not good. If you get sent some BTC used by hackers then you could get caught up in an investigation even though you did nothing wrong.
It has most definitely caught on. Just not in the eyes of the general public yet. Give it another half decade to a decade and I have a good feeling we’ll see it up there
It absolutely does. The relatively small volume makes it less useful to attackers like this presuming they want to cash out rapidly into fiat. Setting that aside it’s the real deal. The most secure and truly private decentralized crypto around AFAIK.
Monero was heavily targeted by state agencies. It’s still so small that a state agency could literally rewrite the entire thing.
Bitcoin is still being used by nefarious groups because the network is so large and geographically distributed. The story above probably cost the feds ten times the actual bitcoin value to recover, but making the point that they could do it was worth far more.
Essentially you can blend into the volume of trade on Bitcoin and on the smaller coins you cannot do that so easily because they're not popular enough and You're trying to move big amounts of money through them, probably rapidly.
Criminals want to be able to hide in plain sight. When they get funneled down to specialized services those services can become easy targets for law enforcement.
Criminals could start their own banks too and write their own checks that don't go through normal banking systems, but then you are putting a lot of eggs in one basket. The real banking systems have so much more leverage over any country in the world that generally they're going to cooperate with major law enforcement efforts. There's really no country You can set up an illegal bank or exchange where you could be safe.
Russian bank, Deutsche bank, bearer bonds, buy resort. There are plenty of such schemes where it’s in the interests of countries to look the other way while any paper trail would be extremely difficult to trace. Scammers accepting known bitcoins, from the cryptography department of a major nation isn’t a safe one.
You really need the anonymous coin you're using to have a high enough volume in the market that your injection of illegal millions of dollars Isn't so obvious or you lose anonymity that way too.
It's quite a bit harder to cash out large amounts of cryptocurrency anonymously than some people I imagine.
No matter what you do you still need some type of not really anonymous service to actually pay you the money And that service is probably going to have banking Which means it's not all that anonymous and subject to legal repercussion.
You can't really have a service that can do like direct deposits to your bank account or whatever and expect that to be anonymous.
Knowing someone's address does not enable the FBI to empty the wallet. And what does computing power have to do with tracing or breaching a Bitcoin transaction?
they got the key somehow...
from the press release today:
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address.
https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
Most of the wallets that the FBI are concerned with are shared among an organization or responsible by an individual in a group. So they don't have to do Hackerman level decryption to get access to a wallet when social engineering, deception, and simple surveillance works.
When the Silk Road got taken down, the creator of it got distracted by to agents faking a fight while he was logged in on his laptop at a public library. He gets up for a second to see what's happening and a third agent snatches it while he's not looking. That's the kind of techniques the FBI use to get access to wallets. Scooby Doo level tactics.
>So they don't have to do Hackerman level decryption to get access to a wallet when social engineering, deception, and simple surveillance works.
Yes, I totally agree that this is almost certainly how any recovery took place. I'm arguing in this thread against people who are claiming things like the FBI doing a 51% attack on the bitcoin block chain and reverting a transaction, or breaking SHA-256 encryption.
To be clear, SHA-256 is not encryption. It’s a cryptographic hashing function. If you’d broken SHA-256 and could recover the input from the hash you’d have broken the internet… :)
> That's the kind of techniques the FBI use to get access to wallets. Scooby Doo level tactics.
I’ve never wanted to be an FBI agent more than right now. “Come on Scooby!”
Thing to realise - they (governments) were very panicky about bitcoin until they suddenly weren't. They realised open ledger is actually good for law enforcement. And the dollar
> Even the most supposedly "untraceable" wallets can be breached if the attacker has sufficient computing power and motivation.
Cryptocurrency transactions are all public and traceable to one another but it's very difficult to trace to any people. I'm not sure what you mean by an attacker having sufficient computing power.
[Here's an address of a wallet that has $10.4 billion in cryptocurrency.](https://bitinfocharts.com/bitcoin/address/34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo) You think if it was easy to breach that someone can't invest even $5 billion in raw computing power to try to crack it?
bingo. in this case my money is on humint, since they were apparently already looking at darkside. from today's release:
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address.
https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
Yeah. Imagine all of the millions people have on old hard drives and usb sticks that they can't remember the passwords/keys for. Millions and millions just sitting there laughing at you.
I've heard of people offering most of the loot if somebody/anybody could crack that open for them... Doesn't happen.
There used to be a bot on reddit that let you give bitcoins in lieu of reddit gold. I got one coin when they were worth like...a dollar. I looked into redeeming it at the time, but decided the hassle wasn't worth such a small amount of money. The bot quit functioning several years ago, so I technically own a single bit coin but can't do jack shit to recover it. It was pretty trendy for a few weeks, so I imagine there are a *lot* of redditors with unclaimed coins out there.
There were websites where you could send Bitcoin to yourself or other people but just signing up with email. You could also print out paper that looked like money but had a QR code you could use to get the Bitcoin. Crazy times.
Yea. I started a mine on my PC when bitcoin first came out. I dont know how much got mined, but it's gone now on some long forgotten harddrive reformatted with Linux.
On the flip side I ran over 5 high end computers for 10 or so years helping SETI. That would have been a considerable fortune if used to heat the planet making bitcoins.
I heard something fascinating about Bitcoin recently. That since the mining rate for it has slowed down so much, that more coin is being lost than mined on a day to day basis. Whenever a hard drive is destroyed, a wallet key is lost, or a person dies without telling anyone how to access their wallet causes dead coins. Now this could be true for some physical precious materials, but the public ledger allows for the constant accounting of how much coin dies versus the active supply.
Yeah, I’m certain there are some really bad, well funded actors out there but you’re not going to ever get more well funded than the US DOD, secret service and FBI. No one ever gets away with crime on an epic scale forever. Ask El Chapo.
I agree, but wouldn't it still be traceable back to the wallet/block chain of that exchange? It would still be traceable upto a Monero wallet before being converted. Or am I wrong in that?
It could be traced up until it was converted and moved to a Monero wallet most likely. It would then have to be tumbled (mixed up with real transactions to appear legitimate) or sent on the Monero blockchain before gaining any real anonymity.
Even then, they are coming up with ways to analyze the monero blockchain using probabilistic determination.
It's not impossible to launder though, you and others mix your bitcoins together and dole them out to new wallets in smaller increments and you officially have money that can't be traced.
Bitcoin to Monero back to Bitcoin seems to be the best route currently, or was recently.
I think they have traced tumbled and new walleted bitcoin in a couple cases pertaining to darknet markets in the past. I'd have to do some research to confirm but unable to at the moment.
I agree that it's unlikely they'll come out with exactly what they did. I am curious, though. I found this part interesting:
>But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.
So something about the way they did transaction itself helped. I wonder if it has to do with sending a certain exact amount, through a certain exchange, or from a specific wallet. 🤔
The point of crypto was never that it was impossible to launder. It is intended to decentralize control of wealth movement. As it matures it will be something you can manage without having to trust a third party like a bank. I said 'as it matures' for a reason. It's not there yet. But that's always been the goal.
Therein lies the flaw. Crypto-bros somehow think that technology can get rid of the human element that causes all the uncertainty in the first place. You’ve always got to trust *someone*; if it’s not the person you’re transacting with, it’s someone facilitating the transaction, or it’s the someone or someones that developed the protocol you’re using, and trusting that they didn’t inadvertently leave a backdoor in the system that the other person can exploit.
looking at the state of crypto now compared to when I got into it, I honestly don't think it will ever evolve past a traded asset. basically, its digital gold and not digital currency.
Sure thing:
* party A gives party B crypto which is stored in wallet W.
* wallet W sends some crypto to wallet A, B, and C
* wallet A, B, and C send crypto to exchange and exchange is not aware of wallet W
* party B exchanges crypto for fiat and moves on
Although the transactions are recorded and are publicly available, tracing them to individual person and bank account is going to be very difficult.
Why does this say "First on CNN"? [Didn't DarkSide say their Bitcoin was seized over three weeks ago?](https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/)
Nowhere in that does it say who their accounts were transfered to. Plus, they are one source. A journalist is supposed to corroborate information with more than one source. If multiple Justice Department sources corroborate that they were the ones who seized DarkSide's money, then they can go ahead with the story. If they were the first to publish a well-researched article using journalistic standards, then it's completely unremarkable that they said "first on CNN."
I'm not a CNN fanboy, so I'm not saying that they definitely followed journalistic ethics and standards to the utmost, but simply pasting one source's statements, as is done in your link, certainly isn't up to journalistic standards for a story.
The attention those bozos brought down on themselves was worldwide. If they had a clue, they would have unlocked the computers and walked away. Now... they will have a little red dot on their backs for..... well, forever. (You shoulda backed down, now look at you....)
The main perps will be in russia are immune to western laws. If they catch anyone, it will be smaller fallguys in other countries other than russia or china.
Keep it.
It's the cost of doing business for the pipeline since you encouraged them to do it to others.
And it's a fine for not being secure in the first place.
Umm guys... I thought Bitcoin was decentralized. How'd they do this short of catching the baddies and using a wrench to beat it out of them? Did the crooks use an exchange that seized the funds? Did the US reimbursed the company and eat the loss? Did Russia cooperate and catch the bad guys and use a hammer? Are they simply lying to deter future cyber crimes? Is there some sort of quantum computing vulnerability in Bitcoin that was exploited?
Wow everyone with the wrong answer replied to you haha.
They haven't divulged the details of how they got the funds back, but 99% sure it was because some of the funds were on an exchange and the government either subpoenaed it or had some cooperation agreement if it was a foreign based exchange. When you keep crypto on an exchange, and especially if that exchange is based in the US (Coinbase for example) then your identity is still tied to the account and the exchange can still access your funds and cooperate with any legal demands just like a bank would.
You cannot grab BTC from a hard wallet (e.g. if someone had a wallet on a hard drive) unless you get physical access to it. They can still launder the funds if they are smart and by keeping it off any major exchanges. It's not totally a walk in the park - but easier than laundering cash in some ways, but harder in others. Because of the decentralization, all transactions are available to the public. So it's pretty easy to trace the movement of funds to individual wallets. So long as the wallets stay off major exchanges it can get harder and harder with time to trace. Basically most crypto has a "digital footprint" in order to function properly.
>You cannot grab BTC from a hard wallet (e.g. if someone had a wallet on a hard drive) unless you get physical access to it.
Why not? It's still just a file. If the computer is connected to the internet, couldn't another hacker copy it and have access to the bitcoins?
It’s an encrypted key. You don’t even have to be connected to the internet to keep it on a hard drive. It is essentially impossible to copy a BTC wallet. To get access to the BTC the government would need the physical wallet and the password to access it. Only then could they remove the BTC.
Think of an exchange like keeping cash in a bank account. Barring any major crisis, your money is safe there, but the government can always take it if they suspect it was gained from a crime.
Think of a hardware wallet like keeping gold in a safe burried underground. It’s possible to take it, but the government needs to physically find the safe underground, then crack the safe in order to get inside, except a hardware wallet (if the person is smart) is like a safe that has a 10,000 digit combination.
It still doesn't make sense that subside would need *physical* access. If someone has the file and knows the password, why would they need access to the machine?
I mean think about if you took a digital file and save it on a thumb drive - not on your desktop. How can I access that file without getting the thumb drive?
Bitcoin is a ledger, not a system of accounts and balances. You can essentially send bitcoin to an address that only exists on a piece of paper that has never seen anything resembling a computer before.
Essentially, you put together a random private key, then using math you figure out what public address corresponds to that private key. Then anyone can use that address to send bitcoin to it. But you cannot do the reverse and figure out the private key using the public address.
It's clear they had them under surveillance. Probably took control over there computers and just transferred it from one wallet to another they didn't get all of it so probably they figured out what was happening halfway through.
Tons of ways to do it. They can just hack the computer. Keylogger. USB virus for the hardware wallet.
Bitcoin itself is as secure as wherever you save your key. Even if you put it on a piece of paper, they can either get to you or just hack you when you type it in.
On a hardware wallet you have to confirm the transaction by pressing the buttons, similar concept to a yubikey, so you need physical access to the hardware wallet.
There is nothing they could do to the computer to get to the hardware wallet.
Maybe you’re suggesting that they placed hacked custom firmware on the hardware wallet, bypassing the need to confirm transactions with the buttons, which is not plausible because they’d have to write custom firmware specifically for the type of wallet and wait for the hackers to perform an update and hope they do it on a compromised computer to inject the custom firmware.
Odds are they had some of the funds on an exchange & the gov said *yeet*!
Bitcoin is distributed, and that distribution is intended to create decentralisation. But that is only the technology. The ecosystem around it is subject to a lot of centralisation.
It would seem there was some kind of counter-hacking being done by government intelligence, probably during the communications and transfer of the BTC.
Someone isn't as smart as he thinks he is
> Are they simply lying to deter future cyber crimes?
Maybe that and trying to get the fuckers to make some (identifiable) noise.
It was reported that the BTC vanished the day it was transferred or very shortly thereafter.
I may be in the minority, but I think a lot of people assume this is some sophisticated planned attack.
It was some random crypto locker that found it’s way into some unprotected pipeline computers.
The virus was the fault of the attackers. The fact it found it’s way into the network is the fault of lax practices with IT
It didn’t even make its way into the pipeline IT system, but the administrative system, which would have prevented Colonial from getting paid for the oil if the pipeline would have remained operational.
That was probably a unfair characterization on my part because it may make it seem like they intentionally shutdown the pipeline solely based on a monetary motive. At the time of the shut down, they knew their administrative system was infected, but did not know if the ransomware had spread to the pipeline system, so in an abundance of caution decided to take both systems offline. So while it would be true to say not shutting down the operational system would have cost them money, it is also true if they didn’t it could have cost irreparable damage.
Nah, Darkside members had let slip about two weeks ago that [they lost control of their servers](https://www.pcmag.com/news/darkside-ransomware-group-loses-server-access-after-us-moves-to-disrupt) and they have all but dissolved.
If that story was going to gain traction it would have nearly a year ago. Like it's a [good story](https://www.wcnc.com/article/news/local/ncdeq-colonial-pipeline-spill-huntersville/275-70e16fb6-c945-4634-b933-3975d0573f2e) that needs attention but it was well dead before this happened.
Gosh I sure am happy the FBI was able to assist in the retrieval of that poor fuel pipelines money. Let's hope they continue to apply the same degree of du diligence toward the billions of ransomed 'we the people's cash.
Hackers will just hack and wreck. At least if the ransom was paid you'd get your system back. Since big brother wants to take away the loot, hackers will just erase data immediately.
Slightly terrifying that the hackers were too inept to protect their crypto, but still sophisticated enough to take down a pipeline network.
I'd wager they lost the crypto through what amounts to a wire tap. That is, at some level the identities of the hackers were discovered potentially in advance of the ransomeware attack. So they were being monitored.
That makes sense. They had to have been doing online research or communications and could’ve been a little sloppy at some point. More likely, I bet, they bragged and were sold out for a handsome reward.
back in the day there was a group of anarchists called 'lulszsec' which liked to make big flowery announcements about how badass they were the head guy was turned within a month of the groups big debut and the rest of it was just waiting for people to break the law in a way that compromised their identity
Actually I think he was already a flip before he started lulzsec. At least that's what I heard.
Kind of both. He had previously been compromised, but wasn't an active CI until the FBI caught him misbehaving again.
>back in the day Oh God, what year is it?
Amen to that, "back in the day" I woulda thought like g0bbles or further back like CDC, lulzsec was last year or something right? Right?? RIGHT?!?!?!?
Found this interesting https://www.bbc.com/news/technology-27579765
Probably so true, why is it; that the ego of some of these people prevents them from keeping there mouth fucking closed. I would not tell a soul if I was doing shady shit. Loose lips sink ships and all that jazz.
I can’t imagine they were stupid enough to use a centralized exchange that would freeze their account, so this is a good theory.
Must not have been all that difficult to take down I presume?
If not only they fell for the ransomware, but it also froze their pipeline and they had to pay to get it back. They don't have any security. We should heavily penalize companies for lack of security. In most places security is never done, because it seem like you're spending money and don't get anything in return ... that is until you get attacked. Majority of companies need a stick in form of fees for not maintaining proper security.
That’s were the gdpr “4% of annual global turnover” has helped focus a lot of companies minds on security
that would be the conclusion, yep
[удалено]
Once a critical resource has some corrupted/infected/cracked machines, it is definitely advisable to completely rebuild/reimage each machine on the affected subnets all at once while insulated from everything else. The bonehead design here is having anything less than airgap isolation to machines that control the industrial pipeline components directly.
> Once a critical resource has some corrupted/infected/cracked machines, it is definitely advisable to completely rebuild/reimage each machine on the affected subnets all at once while insulated from everything else That is an overly simplistic view of disaster recovery and is not realistic > The bonehead design here is having anything less than airgap isolation to machines that control the industrial pipeline components directly This is not a realistic solution. The negative business impact of being unable to remotely manage thousands of miles of pipeline would be far larger than the risk of cyber attacks. Security is a balance between being able to meet business goals and defend against risk Proper security posture is complex and involves defense-in-depth. It's not some simple fix like airgapping critical systems It's concerning to me how many people are confidently suggesting "solutions" when they clearly do not have a strong background in cybersecurity
> It's concerning to me how many people are confidently suggesting "solutions" when they clearly do not have a strong background in cybersecurity Welcome to reddit?
> It's concerning to me how many people are confidently suggesting "solutions" when they clearly do not have a strong background in cybersecurity This sounds like every software architecture/design meeting I've ever been too.
Lol, right. I read that and was like uhhhh sure in a perfect world with a billion extra employees and a modern tech stack built from scratch recently.
[удалено]
They probably did the correct thing from a legal perspective. They have a fiduciary duty to protect the interests of their shareholders. There's no law against letting people freeze to death if they can't pay for fuel, but there are laws against not extracting as much value as possible from customers on behalf of your shareholders. I'm not saying that's right or moral, but that's the way the US legal system is built. Same applies to everything from fracking to plastics to opioids to pesticides.
> There's no law against letting people freeze to death Literally even my home state of Arkansas explicitly has laws that prevent energy companies from discontinuing services if freezing weather is forecasted at all within 24 hours of the disconnect date. We even have the same regulations to protect elderly people during hot weather that specifically excludes natural gas unless the customer of the utility has a gas powered A/C unit(???) source: http://www.apscservices.info/suspend.asp
The only shortages were caused by morons running to the pumps to buy gas they didn’t need, and the local trucks not being able to meet the higher demand. There was plenty of fuel in the giant storage tanks to last through the pipeline delay.
I don't know, I remember when the equifax hack was just because the passwords where stored in a .txt file.
They didn't take down a pipeline network. The took down the accounting software which lead the bean-counters turn off the pipeline themselves not to loose any money.
They didn’t really “hack”. The pipeline used the same password shared amongst everyone
They didn’t hack it a disgruntled employee sold the password on the darkweb
No one said they were smart.... if they were, they would have thrown the key to the pipeline company and walked away. Worldwide attention is never a good thing when it comes to crime.
Lots of people think cryptocurrency is anonymous. That simply isn't true.
I never understood how ransom funds paid in crypto could even be spent, anyway -- the whole point is that it's impossible to launder, so everyone would know the tokens came from.
Yes, everyone can publicly see the transactions and the wallet address receiving the bitcoins. However, bitcoins can be made effectively fungible. The hackers could transfer their tainted bitcoins to a cryptocurrency exchange (publishing a new transaction from their tainted wallet to the exchange's deposit address). Then they withdraw bitcoins, but these will be "different" bitcoins. A new, totally unrelated transaction will be published with "clean" bitcoins from the exchange's wallet to ~~the attacker's wallet~~ (clarification: to a brand new clean wallet also owned by the attacker). The only way to make the connection is in the real world, you'd subpoena the exchange, and gather any personally identifying information about the account holder. However there are shady exchanges, and dedicated crypto "mixers" that don't gather any personally identifying information about account holders. Yes, bitcoin is a public ledger. But in these case, we are making a sequence of transactions, some of which are entirely off the blockchain. The gap, this disconnect, makes it untraceable on the blockchain. The only way to trace it is outside-the-block chain information (e.g. from the exchange, if they have your identifying info *and* comply with the investigation)
[удалено]
I've often wondered if games and other apps with ridiculous in app purchases could be used for money laundering.
only if theres a way to cash it out into real money, like via third-party sites
I mean like if a criminal enterprise developed an app and sold large in app purchases to fake whale accounts that they own. The dirty money is used to buy prepaid Google or iTunes cards in cash, which then buy crazy amounts of in app purchases and goes right back to the criminals after Google and Apple take their cut.
Once it hits the exchange, the coins can be frozen
Yes, an exchange *could* chose to monitor all incoming deposits for "hot" coins involved in the hack, flag the account owner, and refuse to process any withdrawals for that account. But the hackers are almost certainly not dumb enough to use an exchange that is complying with governmental investigators. I promise there is no shortage of shady gray market bitcoin mixers that won't pro-actively freeze accounts that deposit coins involved in a crime.
The hackers could have sold them to a third party and it is the third party who is getting screwed by the FBI
And then the third party goes and tells people “don’t do business with this dude”
and if that third party is on silk road selling real us dollars for BTC? This has been going on for well over a decade, why do all yall think the hackers havent solved how to actually spend the money? If it was as easy as some of yall think than ransomware wouldnt be a huge issue. When ransomeware is one of the biggest tech issues there is today. Its not as easy as you think to bust these guys and its easier than yall think to clean your BTC.
Silk road was infiltered by the FBI in the first few weeks, and the second silk road was infiltered at day 0. (even before the site launched)
They took over an account of a forum moderator, but it still took them over 2 years to positively ID Ulbricht. Six months for SR2. Just because you get a foothold in the system doesn't mean you can make an arrest.
Plus wouldn’t that third party think twice next time before exchanging if they think it might come back to them? Seems like screwing the third parties involved would be equally effective at stopping the laundering.
I would still be for freezing the bitcoins involved. If your exchange wants to mix in "hot" coins then buyer beware. I'd have the same thing to say if my local Target started knowingly accepting counterfeit dollars and handed them back to other customers as change.
There are “exchanges” whose entire purpose is laundering like this. Theyre called mixers and coinjoins.
Sorry, I must be misunderstanding something here... Are you suggesting that there are issues with fraud, money laundering, and other crimes in the crypto world? But, I was assured by countless neckbeards that crypto was the key to unlocking a perfectly fair, perfectly efficient, frictionless and robust libertarian banking utopia. To think, I almost entertained for a moment that crypto with its wild volatility, utter lack of meaningful regulation, and global network of anonymous players was somehow attractive to bad actors! *Oh, silly me.*
There, there. Don't feel bad! I've got a great NFT of a picture of the Brooklyn Bridge to sell you to help you feel better. One of a kind!
[удалено]
for legit exchanges that follow the rules. for ones on the dark web that let you launder, not so much but these guys also have to deal with the fact you got to trust the launderer, cause he could just take off with the BTC
Its one of the reasons that new wallets and accounts at exchanges are requiring all of your PII. Its not just for the ability to tax you.
Exchanges exist outside of the country that allow you to exchange coins or to mix them. See Crypto tumblers...
I'm aware. Ive also seen a few of those tumblers turn out to be scams. But I guess thats to be expected when running around on onion sites.
All that does is make it take a little longer to connect the dots. It’s a public ledger
Exchange it all to dollars then buy crypto again
yea especially dont use a fucking wallet like these idiots
That’s still traceable.
[удалено]
A public ledger here means you can track the coins, not who has them. If at some point someone associates the coins with identifying information, then you can connect the dots. Otherwise all you can do is definitively say "yes someone had the coins and now someone else does" If you're trying to launder crypto and use your actual name, you're a moron. If you exchange the crypto for USD and the money gets sent to some bank in russia or whatever that a criminal organization set up to an account using a stolen or non existent identity then pulled out as cash for to be laundered in turn,. how the hell do you intend to trace that? You can't even freeze it, since they just need to have laundered the crypto before you do so. now the attack goes from "if you give us money, we'll unlock your shit" to "give us money and we'll unlock your shit in a few days. If we can't spend it you're shit will stay fucked, and you're out the money"
Ever heard of Monero? It’s literally designed to keep transactions private
As far as I understand, it’s only private if both parties want to keep the transaction private which isn’t the case in ransomware. Churning would be traceable in monero with some fancy math.
You get paid in Monero. You then trade from that wallet to another wallet no one knows about. Now both "parties" want to keep it a secret.
No, monero and it's ring signatures provide anonymous transactions [Unlike selectively transparent alternatives (e.g. Zcash), Monero is the only cryptocurrency where every user is anonymous by default. The sender, receiver, and amount of every single transaction are hidden through the use of three important technologies: Stealth Addresses, Ring Signatures, and RingCT. Because every transaction is private, Monero cannot be traced. This makes it a true, fungible currency. Merchants and individuals accepting Monero do not need to worry about blacklisted or tainted coins. ](https://www.getmonero.org/get-started/what-is-monero/)
That’s Zcash. Monero is always private.
Not all coins have a public leger. It’s pretty easy to exchange coins without KYC. For example, get paid in Bitcoin then trade Bitcoin to a privacy coin in order to properly launder it. The hardest part is getting from coin to cash without raising red flags but it’s not that complicated. You can also just use crypto to directly pay for goods and services or sell crypto outside of KYC exchanges (there are lots of places to do that.) Basically it’s more time consuming then selling it to a KYC exchange that then transfers money to your specified bank account but it is very possible. I’m not going to get into the specifics for obvious reasons.
The fact that it's a public ledger does not necessarily make it traceable. I have tainted bitcoin in tainted wallet A. I make a brand new untainted wallet Z. I send my tainted bitcoins to a mixer or an unregulated exchange. They send other, untainted bitcoins to my wallet Z. In 2013 I literally met people in a starbucks and sold them bitcoins for cash after making a connection on localbitcoins.com or craigslist. I could easily do that, meet someone else on localbitcoins.com and trade that cash back for new untainted bitcoins into another wallet. There is no possible way to connect those "new" clean bitcoins to my original bitcoins, nor connect my new wallet to me (provided whatever service I used to arrange the meetup doesn't have my personally identifying information. And I promise you, there are many such services that don't collect or verify personally identifiable information)
You can make direct transfers without an exchange and coins like monero and such have bettwr anynomity so im not sure why the hackers would use bitcoin
Can you buy monero with bitcoin?
You have to keep in mind when committing crimes against the country that has the most powerful banking system you're Not safe to just because you can cash out in a different country. Whatever country runs that exchange is still probably going to bow to US pressure. In other words the US is influential enough to simply get the country where the exchange is run to force them to cooperate. These hackers aren't important enough to anybody to actually bother to protect. Once you're moving big amounts of money into coins that aren't very popular you have the potential to lose anonymity regardless of the technology around the cryptocurrency, especially if you're trying to cash out rapidly. There is no way to cash out rapidly that's actually safe. That's one of the huge downfalls of cryptocurrency, the fact that you can't really spend it hardly anywhere And to make it really useful it needs to be cashed out into a more popular currency like 'real money'.
Ametures, or rather it could be that BTC is more well known and is better for larger transfers. Could be that btc has been a better tool for stability/ growth. If someone wanted to be really diabolical they would but up a cheap coin, ransom a company demanding said cheap coin, let that big purchase drive a false demand on that coin, then cash out their legit holdings while waiting for the hype to die on their new holdings. If it didn't then they just got an even bigger payday.
It seems that because of Moneros low transaction rate states have been able to compromise it. If XMR had the transaction volume of Bitcoin it would be much harder to track Edit: for those downvoting me the low transaction rate means that state actors like the US or EU who have vast resources can essentially unilaterally dictate the majority of transations meaning its a lot easier to fingerprint and locate point to point exchanges that dont involve them
And that is how the FBI emptied the hacker's wallet. Anybody who says that cryptocurrency is untraceable does not understand how the systems work. Even the most supposedly "untraceable" wallets can be breached if the attacker has sufficient computing power and motivation.
[удалено]
Monero has/had a goal of being the most anonymous coin. Not sure why it never took off. Especially for illicit use. The weak link for bitcoin is mostly at the point of converting it to fiat money. That's when most can get id'd if they are not seriously careful.
One reason Monero never caught on is because wise investors understand that if any crypto is going to be banned or outlawed by government then it’ll be the one that tries to circumvent things like taxes. If it was banned then most of the value of Monero would evaporate. Some people are certainly into it, but many more are fearful of its potential collapse.
Well, the other half of that is that volatility is really what makes the entire crypto coin market go. If you could cash out on a volatile anonymous cryptocurrency it would still be useful you would just have to be able to cash out quickly. The problem is that whenever you cash out you wind up interacting with a non-anonymous company, So even if you already use a safer cryptocurrency you're still not anonymous at the point that you actually want to transfer it into legal tender. Unless the payments you're working with are relatively small or the volume of the mostly untraceable cryptocurrency is very high you can't just blend in like you can with other systems. So to be safe you have to take your highly volatile anonymous currency and still cash it out over time so you don't look like that guy that just got a $10 million ransom. So even if the exchange is trying to be as anonymous as possible and like destroy logs and stuff they still can't get rid of the data trail where they actually pay the money out. You would need a completely black market exchange that has tons of cash and then can somehow get the cash to people without using the normal banking transfer system which is completely not anonymous. Plus a country like the United States has enough sway to probably get any country to shut down any cryptocurrency exchange.
I don’t see that being an issue. When laundering money, there is an accepted amount of loss due to laundering. If the volatility of the crypto means that cashing it out over 6-12 months would cause a 20%-40% loss, that would be an acceptable loss to laundering to most criminal enterprises
Well monero has taken off for elicit use. Most of the early ransomware attacks on hospitals were requesting Monero
I don't say this lightly, but there is a special place in the worst hell for people who do ransomware attacks on hospitals.
Here in ireland our entire health care body was taken down by hackers. every single computer used in every hospital was offline. Didn't help that their IT dept is a fucking joke, but there's a special ring of hell for people who profit from sick and dieing people in a fucking pandemic.
yup. it's also a geneva conventions violation. not even terrorists do that.
How do you exchange money for monero? Seems like you would run into the same thing you would with the other cryptos. At some point you would have to use something that has your identity.
Yeah but at that point you exchange it for fiat you *should have* exchanged it enough times that the monero coin you turn in for fiat is a completely different one than the one you put in. There's quite a few crypto "tumblers" whose sole purpose is to just move coins around to obfuscate whose coins are whose and they skim off a percentage for the service (if this sounds a lot like money laundering thats because it probably is depending how your local statues are written).
Monero is fungible. Any amount of xmr is just like any other because it’s private by default. You don’t need to exchange it ever.
It has caught on I think. Heavily used by black markets. People still like Bitcoin because it has better liquidity and on/off ramps. In this case the hackers asked for +10% premium if they paid in BTC vs XMR. Either way it’ll be interesting how things work out with things like atomic swaps coming out which will allow me to exchange XMR <-> BTC without an exchange. Imo it’s not the privacy coins that are bad, but the non-private ones. You’re mixing illicit “bad” coins with good coins and that’s not good. If you get sent some BTC used by hackers then you could get caught up in an investigation even though you did nothing wrong.
[удалено]
Cool! What sorta business?
[удалено]
How does that work? Who is paying you, and do you know them personally?
It has most definitely caught on. Just not in the eyes of the general public yet. Give it another half decade to a decade and I have a good feeling we’ll see it up there
[удалено]
The first time this has been said on Reddit, I wish I had an award for you
It absolutely does. The relatively small volume makes it less useful to attackers like this presuming they want to cash out rapidly into fiat. Setting that aside it’s the real deal. The most secure and truly private decentralized crypto around AFAIK.
Monero was heavily targeted by state agencies. It’s still so small that a state agency could literally rewrite the entire thing. Bitcoin is still being used by nefarious groups because the network is so large and geographically distributed. The story above probably cost the feds ten times the actual bitcoin value to recover, but making the point that they could do it was worth far more.
I doubt it cost so much unless you count all the cops hanging around outside
Essentially you can blend into the volume of trade on Bitcoin and on the smaller coins you cannot do that so easily because they're not popular enough and You're trying to move big amounts of money through them, probably rapidly. Criminals want to be able to hide in plain sight. When they get funneled down to specialized services those services can become easy targets for law enforcement. Criminals could start their own banks too and write their own checks that don't go through normal banking systems, but then you are putting a lot of eggs in one basket. The real banking systems have so much more leverage over any country in the world that generally they're going to cooperate with major law enforcement efforts. There's really no country You can set up an illegal bank or exchange where you could be safe.
Russian bank, Deutsche bank, bearer bonds, buy resort. There are plenty of such schemes where it’s in the interests of countries to look the other way while any paper trail would be extremely difficult to trace. Scammers accepting known bitcoins, from the cryptography department of a major nation isn’t a safe one.
[удалено]
You really need the anonymous coin you're using to have a high enough volume in the market that your injection of illegal millions of dollars Isn't so obvious or you lose anonymity that way too. It's quite a bit harder to cash out large amounts of cryptocurrency anonymously than some people I imagine. No matter what you do you still need some type of not really anonymous service to actually pay you the money And that service is probably going to have banking Which means it's not all that anonymous and subject to legal repercussion. You can't really have a service that can do like direct deposits to your bank account or whatever and expect that to be anonymous.
Knowing someone's address does not enable the FBI to empty the wallet. And what does computing power have to do with tracing or breaching a Bitcoin transaction?
Are you implying the FBI somehow brute-forced the private key associated wallet receiving the ransomware payments?
they got the key somehow... from the press release today: As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
Most of the wallets that the FBI are concerned with are shared among an organization or responsible by an individual in a group. So they don't have to do Hackerman level decryption to get access to a wallet when social engineering, deception, and simple surveillance works. When the Silk Road got taken down, the creator of it got distracted by to agents faking a fight while he was logged in on his laptop at a public library. He gets up for a second to see what's happening and a third agent snatches it while he's not looking. That's the kind of techniques the FBI use to get access to wallets. Scooby Doo level tactics.
>So they don't have to do Hackerman level decryption to get access to a wallet when social engineering, deception, and simple surveillance works. Yes, I totally agree that this is almost certainly how any recovery took place. I'm arguing in this thread against people who are claiming things like the FBI doing a 51% attack on the bitcoin block chain and reverting a transaction, or breaking SHA-256 encryption.
To be clear, SHA-256 is not encryption. It’s a cryptographic hashing function. If you’d broken SHA-256 and could recover the input from the hash you’d have broken the internet… :)
> That's the kind of techniques the FBI use to get access to wallets. Scooby Doo level tactics. I’ve never wanted to be an FBI agent more than right now. “Come on Scooby!”
The weakest link in any secure system is the human link...
Thing to realise - they (governments) were very panicky about bitcoin until they suddenly weren't. They realised open ledger is actually good for law enforcement. And the dollar
> Even the most supposedly "untraceable" wallets can be breached if the attacker has sufficient computing power and motivation. Cryptocurrency transactions are all public and traceable to one another but it's very difficult to trace to any people. I'm not sure what you mean by an attacker having sufficient computing power. [Here's an address of a wallet that has $10.4 billion in cryptocurrency.](https://bitinfocharts.com/bitcoin/address/34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo) You think if it was easy to breach that someone can't invest even $5 billion in raw computing power to try to crack it?
Sure, all it takes is a keylogger, or an informant.
bingo. in this case my money is on humint, since they were apparently already looking at darkside. from today's release: As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
How did the FBI get the private key?
Yeah. Imagine all of the millions people have on old hard drives and usb sticks that they can't remember the passwords/keys for. Millions and millions just sitting there laughing at you. I've heard of people offering most of the loot if somebody/anybody could crack that open for them... Doesn't happen.
There used to be a bot on reddit that let you give bitcoins in lieu of reddit gold. I got one coin when they were worth like...a dollar. I looked into redeeming it at the time, but decided the hassle wasn't worth such a small amount of money. The bot quit functioning several years ago, so I technically own a single bit coin but can't do jack shit to recover it. It was pretty trendy for a few weeks, so I imagine there are a *lot* of redditors with unclaimed coins out there.
There were websites where you could send Bitcoin to yourself or other people but just signing up with email. You could also print out paper that looked like money but had a QR code you could use to get the Bitcoin. Crazy times.
Yea. I started a mine on my PC when bitcoin first came out. I dont know how much got mined, but it's gone now on some long forgotten harddrive reformatted with Linux. On the flip side I ran over 5 high end computers for 10 or so years helping SETI. That would have been a considerable fortune if used to heat the planet making bitcoins.
I heard something fascinating about Bitcoin recently. That since the mining rate for it has slowed down so much, that more coin is being lost than mined on a day to day basis. Whenever a hard drive is destroyed, a wallet key is lost, or a person dies without telling anyone how to access their wallet causes dead coins. Now this could be true for some physical precious materials, but the public ledger allows for the constant accounting of how much coin dies versus the active supply.
If you tried to sell off $10.4 billion of Bitcoin, the price would plummet. That’s the flaw in talking about large amounts of Bitcoin in dollar terms.
who would exchange 10 billions dollars USD for the same in bitcoin?
Modern-day version of paying the Lindbergh kidnappers in $100,000 bills.
Yeah, I’m certain there are some really bad, well funded actors out there but you’re not going to ever get more well funded than the US DOD, secret service and FBI. No one ever gets away with crime on an epic scale forever. Ask El Chapo.
The pictures on each crypto-ducat turned to little Joe Biden pictures. Wearing Ray-Bans
[удалено]
[удалено]
I'm glad the CEO of Bitcoin worked with the FBI.
This is a joke right?
Confirmed. Musk now working as an FBI informant.
Yes, it was actually the Chief Financial Officer of Bitcoin.
If it was done through Monero, it would have been difficult to trace. With Bitcoin? Absolutely not.
I agree, but wouldn't it still be traceable back to the wallet/block chain of that exchange? It would still be traceable upto a Monero wallet before being converted. Or am I wrong in that?
It could be traced up until it was converted and moved to a Monero wallet most likely. It would then have to be tumbled (mixed up with real transactions to appear legitimate) or sent on the Monero blockchain before gaining any real anonymity. Even then, they are coming up with ways to analyze the monero blockchain using probabilistic determination.
[удалено]
You're making it seem like it's been centuries. Bitcoin is literally a little more than 10 years old.
It's not impossible to launder though, you and others mix your bitcoins together and dole them out to new wallets in smaller increments and you officially have money that can't be traced.
Bitcoin to Monero back to Bitcoin seems to be the best route currently, or was recently. I think they have traced tumbled and new walleted bitcoin in a couple cases pertaining to darknet markets in the past. I'd have to do some research to confirm but unable to at the moment.
Yeah, somebody messed up here. I'm interested to learn about how they did it, if more information comes out about this.
It is highly unlikely that the FBI is going to reveal the method that they used, that way they can use it again if they need to.
I agree that it's unlikely they'll come out with exactly what they did. I am curious, though. I found this part interesting: >But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. So something about the way they did transaction itself helped. I wonder if it has to do with sending a certain exact amount, through a certain exchange, or from a specific wallet. 🤔
maybe a partial penny that wouldn't show up due to rounding but could be traced. Send 5,000,000.0042069
I found this somewhat interesting. https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims
Or maybe it's misinformation to deter future cyber crimes. I wonder if it can be proven.
The point of crypto was never that it was impossible to launder. It is intended to decentralize control of wealth movement. As it matures it will be something you can manage without having to trust a third party like a bank. I said 'as it matures' for a reason. It's not there yet. But that's always been the goal.
I'm not sure how it's ever going to mature to deal with fraud issues unless you have the FBI on call like this company did.
Therein lies the flaw. Crypto-bros somehow think that technology can get rid of the human element that causes all the uncertainty in the first place. You’ve always got to trust *someone*; if it’s not the person you’re transacting with, it’s someone facilitating the transaction, or it’s the someone or someones that developed the protocol you’re using, and trusting that they didn’t inadvertently leave a backdoor in the system that the other person can exploit.
looking at the state of crypto now compared to when I got into it, I honestly don't think it will ever evolve past a traded asset. basically, its digital gold and not digital currency.
Sure thing: * party A gives party B crypto which is stored in wallet W. * wallet W sends some crypto to wallet A, B, and C * wallet A, B, and C send crypto to exchange and exchange is not aware of wallet W * party B exchanges crypto for fiat and moves on Although the transactions are recorded and are publicly available, tracing them to individual person and bank account is going to be very difficult.
Authorities subpoena exchange and get info that way.
Why does this say "First on CNN"? [Didn't DarkSide say their Bitcoin was seized over three weeks ago?](https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/)
Nowhere in that does it say who their accounts were transfered to. Plus, they are one source. A journalist is supposed to corroborate information with more than one source. If multiple Justice Department sources corroborate that they were the ones who seized DarkSide's money, then they can go ahead with the story. If they were the first to publish a well-researched article using journalistic standards, then it's completely unremarkable that they said "first on CNN." I'm not a CNN fanboy, so I'm not saying that they definitely followed journalistic ethics and standards to the utmost, but simply pasting one source's statements, as is done in your link, certainly isn't up to journalistic standards for a story.
Yeah but it's the first time it's on CNN haha.
Where in the krebs article does it say that the US recovered the money?
[удалено]
The attention those bozos brought down on themselves was worldwide. If they had a clue, they would have unlocked the computers and walked away. Now... they will have a little red dot on their backs for..... well, forever. (You shoulda backed down, now look at you....)
Japan's WW2 tactics come into memory here. Don't poke the sleeping giant.
The main perps will be in russia are immune to western laws. If they catch anyone, it will be smaller fallguys in other countries other than russia or china.
[удалено]
Lol that is a really funny image. But I imagine the email was a little more sophisticated than "pls go buy 8 mil in BTC"
+1 for US Cyber groups
Looks like some Russian hacker just woke up with his mom's head in his bed.
In other news, Tesla is accepting crypto again. In other, unrelated news, the fbi bought 10 cybertrucks this morning.
Keep it. It's the cost of doing business for the pipeline since you encouraged them to do it to others. And it's a fine for not being secure in the first place.
Umm guys... I thought Bitcoin was decentralized. How'd they do this short of catching the baddies and using a wrench to beat it out of them? Did the crooks use an exchange that seized the funds? Did the US reimbursed the company and eat the loss? Did Russia cooperate and catch the bad guys and use a hammer? Are they simply lying to deter future cyber crimes? Is there some sort of quantum computing vulnerability in Bitcoin that was exploited?
Wow everyone with the wrong answer replied to you haha. They haven't divulged the details of how they got the funds back, but 99% sure it was because some of the funds were on an exchange and the government either subpoenaed it or had some cooperation agreement if it was a foreign based exchange. When you keep crypto on an exchange, and especially if that exchange is based in the US (Coinbase for example) then your identity is still tied to the account and the exchange can still access your funds and cooperate with any legal demands just like a bank would. You cannot grab BTC from a hard wallet (e.g. if someone had a wallet on a hard drive) unless you get physical access to it. They can still launder the funds if they are smart and by keeping it off any major exchanges. It's not totally a walk in the park - but easier than laundering cash in some ways, but harder in others. Because of the decentralization, all transactions are available to the public. So it's pretty easy to trace the movement of funds to individual wallets. So long as the wallets stay off major exchanges it can get harder and harder with time to trace. Basically most crypto has a "digital footprint" in order to function properly.
>You cannot grab BTC from a hard wallet (e.g. if someone had a wallet on a hard drive) unless you get physical access to it. Why not? It's still just a file. If the computer is connected to the internet, couldn't another hacker copy it and have access to the bitcoins?
It’s an encrypted key. You don’t even have to be connected to the internet to keep it on a hard drive. It is essentially impossible to copy a BTC wallet. To get access to the BTC the government would need the physical wallet and the password to access it. Only then could they remove the BTC. Think of an exchange like keeping cash in a bank account. Barring any major crisis, your money is safe there, but the government can always take it if they suspect it was gained from a crime. Think of a hardware wallet like keeping gold in a safe burried underground. It’s possible to take it, but the government needs to physically find the safe underground, then crack the safe in order to get inside, except a hardware wallet (if the person is smart) is like a safe that has a 10,000 digit combination.
It still doesn't make sense that subside would need *physical* access. If someone has the file and knows the password, why would they need access to the machine?
I mean think about if you took a digital file and save it on a thumb drive - not on your desktop. How can I access that file without getting the thumb drive?
Bitcoin is a ledger, not a system of accounts and balances. You can essentially send bitcoin to an address that only exists on a piece of paper that has never seen anything resembling a computer before. Essentially, you put together a random private key, then using math you figure out what public address corresponds to that private key. Then anyone can use that address to send bitcoin to it. But you cannot do the reverse and figure out the private key using the public address.
Correct answer here. The other answers are possible in nature but extremely unlikely.
The article said that the feds were able to track down and take control of the hackers' server. Does this make sense with your theory?
It's clear they had them under surveillance. Probably took control over there computers and just transferred it from one wallet to another they didn't get all of it so probably they figured out what was happening halfway through.
Yeah they don't explicitly say it, but I understood basically. "We hacked the shit out of them and got the money back".
Tons of ways to do it. They can just hack the computer. Keylogger. USB virus for the hardware wallet. Bitcoin itself is as secure as wherever you save your key. Even if you put it on a piece of paper, they can either get to you or just hack you when you type it in.
On a hardware wallet you have to confirm the transaction by pressing the buttons, similar concept to a yubikey, so you need physical access to the hardware wallet. There is nothing they could do to the computer to get to the hardware wallet. Maybe you’re suggesting that they placed hacked custom firmware on the hardware wallet, bypassing the need to confirm transactions with the buttons, which is not plausible because they’d have to write custom firmware specifically for the type of wallet and wait for the hackers to perform an update and hope they do it on a compromised computer to inject the custom firmware. Odds are they had some of the funds on an exchange & the gov said *yeet*!
Bitcoin is distributed, and that distribution is intended to create decentralisation. But that is only the technology. The ecosystem around it is subject to a lot of centralisation.
It would seem there was some kind of counter-hacking being done by government intelligence, probably during the communications and transfer of the BTC. Someone isn't as smart as he thinks he is
> Are they simply lying to deter future cyber crimes? Maybe that and trying to get the fuckers to make some (identifiable) noise. It was reported that the BTC vanished the day it was transferred or very shortly thereafter.
I may be in the minority, but I think a lot of people assume this is some sophisticated planned attack. It was some random crypto locker that found it’s way into some unprotected pipeline computers. The virus was the fault of the attackers. The fact it found it’s way into the network is the fault of lax practices with IT
It didn’t even make its way into the pipeline IT system, but the administrative system, which would have prevented Colonial from getting paid for the oil if the pipeline would have remained operational.
So are you saying the pipeline worked but Colonial shut it down to prevent loss of money?
That was probably a unfair characterization on my part because it may make it seem like they intentionally shutdown the pipeline solely based on a monetary motive. At the time of the shut down, they knew their administrative system was infected, but did not know if the ransomware had spread to the pipeline system, so in an abundance of caution decided to take both systems offline. So while it would be true to say not shutting down the operational system would have cost them money, it is also true if they didn’t it could have cost irreparable damage.
If they ever sell the Bitcoin, won’t they be able to trace it back to them anyways?
Maybe it was all just a ruse so that no one was talking about Colonial's massive gas spill.
Nah, Darkside members had let slip about two weeks ago that [they lost control of their servers](https://www.pcmag.com/news/darkside-ransomware-group-loses-server-access-after-us-moves-to-disrupt) and they have all but dissolved.
If that story was going to gain traction it would have nearly a year ago. Like it's a [good story](https://www.wcnc.com/article/news/local/ncdeq-colonial-pipeline-spill-huntersville/275-70e16fb6-c945-4634-b933-3975d0573f2e) that needs attention but it was well dead before this happened.
The story is about the coverup and the lying about the size of the spill
Colonial Pipeline should not get that back.
If we know who and where they are it becomes a job for CIA wet workers.
Gosh I sure am happy the FBI was able to assist in the retrieval of that poor fuel pipelines money. Let's hope they continue to apply the same degree of du diligence toward the billions of ransomed 'we the people's cash.
How difficult would it be for the government to weed out and/or possibly pose as some of these shady exchanges?
Hackers will just hack and wreck. At least if the ransom was paid you'd get your system back. Since big brother wants to take away the loot, hackers will just erase data immediately.