'Dark' coins rising

Last week, U.S. Marshals sold off another 50,000 Bitcoins that used to belong to Silk Road founder Ross Ulbricht -- a.k.a. "Dream Pirate Roberts." Ulbricht was found guilty on all accounts last month, and faces up to life in prison.

The Silk Road was an online marketplace notorious for using Bitcoin to facilitate the trading of drugs, stolen credit card numbers, fake IDs, counterfeit money, hacking tools and other illegal goods.

But, as the criminals learned to their disadvantage, Bitcoin's security only goes so far -- and they're now starting to look at other, more anonymous payment systems.

"Bitcoin and the other cryptocurrencies create a ledger, a mechanism for recording every transaction that happens across this distributed network," said Carol Van Cleef, partner at the Albany-based lawfirm Manatt, Phelps & Phillips, LLP, co-chair of the firm's global payments group, and an expert in virtual currencies.

Every transaction is recorded and can be tracked. All law enforcement has to do is find a loose end, tug on it, and the entire chain comes unraveled.

In taking down Silk Road, for example, those loose ends were the physical locations that illegal goods were delivered to, and face-to-face meetings between participants. Law enforcement agents posed as customers, as drug buyers and sellers, and, in one instance, even staged torture and murder.

"There's a recognition that every transaction that hits the blockchain could ultimately be traced," said Van Cleef.

The process was helped along because authorities were able to grab Silk Road servers and Ulbricht's personal computer -- they waited until he had logged in before coming in and arresting him, so they were able to get easy access to his data.

[ Alleged operator of Silk Road 2.0 arrested, faces narcotics charges ]

It turns out, even criminal masterminds make plenty of mistakes.

Criminals using Bitcoin to collect ransoms -- such as the folks behind the latest cryptoransomware -- will also get caught, said Van Cleef.

"I think it's one of those situations where it's just a matter of time," she said. "If investigators stay with it long enough, they will discover the identity or the location of the people behind it."

However, she admitted that the process does take time, and the perpetrators might be gone by then.

And, in fact, when CrytoLocker was shut down last summer, its mastermind, Evgeniy Bogachev, had already retired and was able to evade capture. He is still on the FBI's Cyber's Most Wanted list. But his successor Sasha Panin, developer of the SpyEye malware tool kit, was arrested last spring.

To plug the digital security holes, cryptocurrency developers have been working on two main fronts. On the one hand, they've been trying to add layers of security to Bitcoin itself. The second, they've been developing alternative cryptocurrencies that are structured in such a way that transactions are more completely anonymous.

Adding security to Bitcoin

Silk Road itself attempted to confuse the trail by passing transactions through dummy intermediate accounts.

Bitcoin users can also set up a new address for each transaction. One tool for that is Dark Wallet, a project which held a successful crowfunding campaign on IndieGoGo in late 2013.

There are also places to create a Bitcoin wallet without any link to a physical user.

Another approach mixes Bitcoins from many different people together into one digital wallet, and then redistributes them or passes them on to the destination account.

Another approach is stealth payments, a technique that uses public and private key pairs to hide the identity of a transaction's participants, in a way similar to the way that online communications are encrypted.

More recently, some Bitcoin users have been combining both approaches -- combining the rings of multiple addresses with stealth payments to make Bitcoin payments completely anonymous.

CryptoNote, Darkcoin and Cloakcoin

Other developers have moved away from Bitcoin and started from scratch.

CryptoNote, for example, is an alternative approach to creating cryptocurrencies. Here, each transaction is signed with keys from multiple users. There's still a ledger, but no way to tell which of the users was the actual sender of the money.

To protect the identity of the recipient, there are multiple unique one-time addresses derived from the recipient's public key.

Several new cryptocurrencies have been developed based on the CryptoNote idea, including reference implementation CryptoNoteCoin, Bytecoin, DarkNote, DarkNetCoin, and Fantomcoin.

The software is open source, and the the CryptoNode site offers an "easy forking guide" to help people create their own version of the cryptocurrency.

Darkcoin attempts to solve the identity problem with a decentralized network of "Masternodes" servers that anonymize transactions by combining several transactions into one in the transaction record.

It's particularly popular with online gambling casinos.

Cloakcoin, launched last year, also promises anonymous sending and receiving of the currency.

"DarkCoins is like using cash which is basically untraceable," said Adam Kujawa, head of malware intelligence at Malwarebytes Corp. "And Cloakcoin is like paying for something by dropping a dollar into a pile of other money before having the recipient take out what they are meant to get."

Anonymity also a weakness

To a technologist, it might seem that the answer always lies with a better algorithm.

To a hacker, it might seem that secrecy and anonymity is synonymous with security.

Privacy advocates, money launderers, gamblers and criminals may be searching for bullet-proof anonymity, but if they do ever find it, that anonymity could be their own downfall.

After all, if the authorities don't know who you are, you don't know who they are, either.

[ Dark Wallet--threat or no threat? ]

Traditional criminal enterprises rely on networks of trust and personal relationships. Existing customers must vouch for new ones.

Criminals work their way up in a gang, or find new partners in prison, to be sure that they're working with people they can trust.

With fully anonymous online marketplaces, the person ordering the drugs could be a cop. The person offering to provide a list of stolen credit card numbers could be providing malware that broadcasts your location to the authorities.

If a seller has a history of successful transactions, or positive reviews -- there is no way to be sure that the counterparties of those transactions, and those reviewers, aren't also cops.

Another weakness of the cryptocurrencies, especially of the Bitcoin alternatives, is their low trading volumes, which makes them susceptible to manipulation.

"You can think of a fraction of the daily volume as a goal post for an attacker," said Tod Beardsley, engineering manager at security firm Rapid7 LLC. "Very roughly, if I can control about half of the value of a given coin, I can cause huge problems for everyone else when it comes to the short-term price and viability of the coin."

According to CoinMarketCap, Darkcoin had the fifth largest market capitalization on March 7, of more than $17 million, but a 24-hour trading volume of just $72,621 -- compared to $25 million for Bitcoin.

It doesn't take much of a bankroll to be able to manipulate Darkcoin -- $35,000 or so would be enough.

"I can engineer wild price swings, at will," said Beardsley. "After the booms and busts of dozens of altcoins from 2013 to 2014, the folks behind Darkcoin have a fairly large trust hurdle to surmount, and they're not making things easier on themselves by using terms like 'launder' that invite negative government interest. Bitcoin already has a money laundering image to shake off, but Darkcoin seems to be embracing it."

Still, Darkcoin is actually doing pretty well compared to some of the alternatives, and interest in it has been going up steadily since the start of the year, possibly because of the Silk Road trial.

CloakCoin's market capitalization has fallen dramatically since its first burst of interest last summer.

"Cloakcoin is laughably low," said Beardsley.

On March 7, its 24-hour trading volume was just $58. Not $58,000 -- just $58. And its market capitalization was $46,000.

So maybe not a threat to law enforcement authorities just yet.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitylegalsilk roadmalwarecybercrime

More about FBIMalwarebytesRapid7Roberts

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts