The Dangers of Perceived Anonymity: Russian Hackers’ Bitcoin Trail

The recent DOJ indictment reveals clandestine financial infrastructure behind the election interference.
The recent DOJ indictment reveals clandestine financial infrastructure behind the election interference.

The cryptocurrencies’ potential to facilitate money laundering and financing illicit activities has long informed Bitcoin-insecure politicians’ hawkish postures on crypto regulation. With the release by the Department of Justice (DoJ) of an indictment of twelve Russian intelligence officers last Friday, which includes a count of an alleged conspiracy to launder money ‘through cryptocurrencies such as Bitcoin,’ statesmen of this bent have procured a powerful supplement to their rhetorical toolkit – a formally recorded instance of a Bitcoin-backed interference into a vital sector of domestic affairs.

The only consideration that makes the news look somewhat less haunting for the future of cryptocurrency policies in the US is the power of partisanship in the current highly polarized political climate. While Democratic lawmakers now have all the latitude to exploit the Bitcoin menace in pushing the collusion agenda against the Trump administration, Republicans wishing to blast cryptocurrencies as a national security threat will have to be careful with the evidence produced by the investigation that the president and his allies have repeatedly challenged.

Context

The controversy around possible Russian interference in the 2016 presidential election became a constant in the US public discourse even before the campaign itself has concluded. The hacking of Democratic National Committee’s and Hillary Clinton campaign’s servers, as well as widely publicized leaks of sensitive information ostensibly designed to jeopardize the former First Lady’s bid that followed, stand at the very center of a convoluted web of events, actors, and waves of media frenzy over particular episodes of this ever-sprawling saga. The recent indictment presents a timeline of the hackings in granular detail.

The indictment is a product of a Special Counsel investigation – a probe started in May 2017 under a former Director of FBI Robert Mueller. The scope of its interest includes everything related to the alleged Russian interference in the 2016 election, including the Trump campaign’s possible cooperation and coordination with Russians. The probe resulted in a number of high-profile indictments of Trump’s former aids, avoiding so far allegations of the president’s personal involvement.  Unsurprisingly, many in the Trump camp refer to the investigation as a ‘witch hunt’ and a nefarious scheme of the ‘deep state.’

Substance

The indictment names twelve defendants (all are officers with GRU, a Russian military intelligence agency) and brings eleven federal crime counts against them. Those include a conspiracy to commit an offense against the United States for the purpose of interfering with the 2016 presidential election by the means of releasing hacked documents (Count One); aggravated identity theft against eight victims whose personal details were used as a part of the hacking scheme (Counts Two through Nine); a conspiracy to launder money (Count Ten); a conspiracy to commit an offense against the United States by hacking a number of state organizations and US companies.

The main body of the document details step-by-step the spearphishing attacks on DNC and Clinton campaign computers, theft of officials’ identities and subsequent stealing of electronic documents, followed by their strategic release through the website DCLeaks.com, which the defendants registered for this purpose. They also attempted to pose as a group of ‘American hacktivists,’ and later created a fictitious persona of Guccifer 2.0, a Romanian hacker, to further conceal their connections to the Russian government. Finally, the GRU officers hacked into the computers of several state election boards and software companies to get hold of voter data.

Yet to the greatest interest to crypto community is Count Ten, which specifies the financial infrastructure behind the whole operation. According to the investigators, Russian officials used a variety of sources and currencies, including US dollars, in order to support the scheme, but their primary instrument was Bitcoin due to its ‘perceived anonymity.’ The main use of digital money was to pay for servers that stored stolen documents and for domains used to publicize them. The hackers also bothered to diversify the sources from which they drew the money, from peer-to-peer deals to decentralized exchanges to running their own mining operation. As the indictment’s authors observed, ‘The use of Bitcoin allowed the Conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds.’

All the sophisticated efforts to double back proved insufficient, as the conspirators still left back some imprints. For one, they used the same computers to negotiate BTC transactions and to send spearphishing emails. The DOJ investigators were also able to track the Bitcoin that the GRU mining rig produced all the way to the Romanian company that registered the dcleaks.com domain.

Reaction

No bombshell statements by high-ranking officials outside of DOJ itself descended on the cryptocurrency realm over the weekend. However, it is too early to conclude that the threat of moral panic over Bitcoin can be dismissed. Given the contentious and explosive nature of the investigation’s subject matter, it would be reasonable to expect that someone might still be bracing themselves to score political points in an easy attack on what appears to have facilitated a grave threat to national security.

Meanwhile, one of the most heavily interviewed experts in the wake of the indictment news was Jonathan Levin, co-founder and COO of Chainalysis. His firm has built its reputation on exactly what the DOJ officers have done to come up with Count Ten – analyzing the blockchain to trace movement of money and link the nodes and wallets to their owners’ identities.

Levin declined to reveal whether Chainalysis have been involved in the investigation; the official statement only cites the FBI’s cyber teams in Pittsburgh, Philadelphia and San Francisco, as well as the National Security Division as the entities that have contributed to the effort. But since it’s not uncommon for governments to enlist private firms like Chainalysis in blockchain-related probes, it’s not difficult to imagine one or even several private contractors working alongside federal agents on this case.

In crypto subreddits, users habitually call for the media to leave Bitcoin alone and instead ‘mention the Colombian drug lords getting paid billions in USD for selling drugs.’ The notion of cash being a far more pervasive vehicle for money laundering seems to be the most common trope.

Emin Gün Sirer, a Cornell computer scientist, noted that the coverage of the indictment ‘is meant to point out the danger that cryptocurrencies pose.’ But on the flipside, “That danger, and empowerment, is what makes them so exciting.”