‘Unforgiving Technology’: Ins And Outs Of Crypto-Crime

The July 30 episode of “Task Force 7 Radio” found host George Rettas mapping out cryptocurrency concerns with Eric Huber, Vice President of International and Strategic Initiatives at the National White Collar Crime Center (NW3C).

Huber kicked off the show by discussing his history in law enforcement, cyber security consulting and cyber work in the financial sector, including JP Morgan Chase (high-tech investigations, electronic crimes). In his current capacity, Huber helps educate law enforcement about pressing cyber security concerns – and the topics range from drones to blockchain technology. Huber speaks at various conferences about these cyber-concerns, including virtual currency, which is what became the main theme of the July 30 show.

History Of Crypto

Huber called cryptocurrency a “broad category” that really dates back to about 1983 and later that decade with DigiCash. Then, the dotcom era arrived and E-gold along with it. Huber also pointed to the Liberty Reserve in around 2006, where you could take U.S. dollars or euros and turn them into Liberty Reserve dollars or euros.

“It was fine, but very centralized,” Huber said on the air. “The bad guys used them and the U.S. government shut it down.”

Then, in 2008 there came the “first bit of blockchain technology.” And today, there is a variegated landscape of different currencies.

Blockchain 101

The “TF7 Radio” guest said that at a high level, the concept of blockchain is fairly simple.

“It’s a ledger. I give you money, you give me money and it shows how that money is being transacted between different people,” Huber said. “Blockchain is a distributed ledger.”

“(Again), from a high level, it’s taking the ideas that folks had used before, and doing it in a decentralized manner so it’s more robust…and not under one centralized authority.”

See Related: California's New Data Privacy Law Rivals EU's GDPR

Preferred Virtual Currency

What coins do cyber-criminals really want? Commenting on this, Huber said, “The short answer is Bitcoin. The long answer is Monero, the privacy coin.”

Huber said blockchain is still in its infrastructure phase, so it’s pretty much the “Wild West.” He said venture capital is pouring in, and Bitcoin has a huge “first-mover advantage.”

He continued, saying that getting bitcoin is very easy, and criminals on the Dark Web like to use it because it requires the least amount of friction, at least at this point.

Conversely, Monero is called a “privacy coin,” meaning that its ledger is now private. So, a police officer attempting to see where money has moved won’t be able to do so, because of that private nature.

“The problem is, because we’re in the infrastructure phase – focusing on hardware, software and exchange technology – it’s really hard for the average victim to go from fiat money to monero,” Huber added.

Regardless of the virtual currency, though, there is much greater risk involved. Huber said: “If you have $10,000 in bitcoin and someone gets your private key, and moves that virtual currency out, you’re cooked. You’re not going to get that money back.”

The program guest called cryptocurrency a “cool but unforgiving technology.”

Internet 2.0

Huber called the Internet 1.0 a system of web browsers, firing up a laptop and the browser and visiting webpages rendered in HTML. In that system, you’d interact with email, which is stored somewhere in a centralized database. In the middle, there is some sort of middleware or API.

The Internet 2.0, however, involves blockchain, which allows you to bring decentralization to the back end, instead of a centralized database. So, instead of the database, blockchain is nestled in between that browser experience, with smart contracts logged onto the ledger.

He also pointed to “all sorts of energy being put into this to figure out how you do it.” Still, the guest added, there are certain assets that make sense for a database, while others might fit on the blockchain.

Next, Huber also indicated that the Internet 1.0 was cut down to size after a sort of bubble-burst. He predicted a similar 1.0-type crash coming – which may be healthy and allow for more streamlining and effectiveness.

See Related: Cyber Security Executive Talks Startup Success, Busy Market

Stable Coins

Continuing with the crypto-coins, Huber said that the issue with first-generation versions was that they were not good value holders. So, the currency would need stability.

“To solve the problem,” Huber said, “you have to create cryptocurrencies with crypto-assets, pegging value to something on the outside – so the U.S. dollar, the euro, gold. It’s similar to what the gold standard was; the value of the currency is attached to a dollar or euro. So, if you put money in there, it’s like a stable account.”

The cyber expert predicted that there may be more of this when it comes to the evolution of cryptocurrency to day-to-day payments.

The Exchange

The guest said, “You cut out intermediaries if you’re on one blockchain ecosystem. If you want to send bitcoin back and forth, you can do that, you don’t need an exchange. It’s decentralized, you have a wallet, and hook it up to the blockchain to do transactions on the ledger.

“If you want to exchange fiat currency into particular digital currency, you have to use exchanges,” Huber said. “They’re very much necessary for taking fiat currency and buying bitcoin. Or, if you have bitcoin, to turn it into U.S. dollars.”

He said purchases using standard payment rails must go into fiat currency.

Criminal Activity

Some of the trends Huber has noticed on this front include: physical cryptocurrency crime (holding someone at gunpoint to cough up cryptocurrency), theft of mining technology, and direct attacks on digital exchanges.

He also believes there is a “trend away from ransomware” and toward large crypto-jacking. So, instead of black hats paying money for electricity to mine (CPU cycles for difficult math problems), they send malware out, take control of machines, have victims pay for the electricity and they use the CPU cycles to mine for cryptocurrency.

One other sore spot: fraudulent initial coin offerings (ICO). What’s more, while there has been an uptick in the creativity around crypto-crime, some old-guard tactics persist (including money laundering), which utilize these channels.

Here, Huber went on to discuss “51% attacks,” in which threat actors manipulate the blockchain by: gaining CPU power, taking the copy of a block to the side, disconnecting from the network, mining, adding blocks, creating a duplicate chain, retaining so much hashing power that you add an additional block to the ledger and winning out over the smaller chain (when reconnected to the network), thus gaining control.

Four Areas Of Crypto-Crime

Next, the “Task Force 7 Radio” guest explained four segments to crypto-crime-fighting. First, he said, is the digital forensics page – wallets, private keys, mobile devices. Next, there’s open source investigation on the Dark Web to figure out where transactions are going. Then there’s advanced crypto forensics tools, which add additional value with research on wallets and exchanges. The fourth piece, Huber said, includes traditional law enforcement tactics (financial crime investigations, etc.).

Looking ahead, the featured guest said, “We’ll probably see more street-level involvement… Drug criminals moved to IRS scams. How much of that will go into crypto? Bad guys are looking at things that involve less friction.”

Altogether, there’s no question that cryptocurrency/blockchain technology is the wave of the future, and clearly these concepts are being communicated at various law enforcement levels.

The "Task Force 7 Radio" recap is a weekly feature on the Cyber Security Hub.

To listen to this and past episodes of "Task Force 7 Radio," click here.

Connect with Huber on LinkedIn, here.

Be Sure To Check Out: Cyber Expert Discusses Risk Assessment, Proper Skillset