FBI's Recovery Of Colonial Pipeline Bitcoin Ransom Highlights How The 'Ban Crypto To Stop Ransomware' Cries Were Wrong Again

from the that's-not-how-it-works dept

Last month we highlighted what seemed like a fairly silly Wall Street Journal op-ed arguing that banning cryptocurrency was the best way to stop ransomware, in response (mainly) to the well publicized ransomware attack on Colonial Pipeline, which resulted in the company shutting down the flow of oil while it sorted things out. As we pointed out, not only was the idea of banning cryptocurrency unworkable, it was unlikely to do much to stop ransomware. Unfortunately, it appears that a number of other cryptocurrency haters jumped on this moment to push the idea even further, claiming that “society has a Bitcoin problem.”

Of course, part of the key narrative in all of these pieces is that cryptocurrency and Bitcoin in particular, somehow make it easier for criminals to “get away” with these kinds of ransom demands, highlighting that it is somewhat easier to move around large values of Bitcoin than cash. However, as we noted in our original piece, the idea that cryptocurrency allows criminals to “get away” seemed extremely overblown, as we’ve seen plenty of cases where criminals using cryptocurrency were caught. And, as if to put an exclamation point on all of this, soon after the huge moral panic, the FBI announced that it had recovered over half of the money Colonial Pipeline had paid.

And, as the FBI special agent’s affidavit showed, this was done in part by tracking how the money flowed across the public ledger. The NY Times ran an article noting that the FBI’s recovery of the money here “upends the idea that Bitcoin is untraceable.” A bunch of long time Bitcoin/cryptocurrency followers scoffed at the NY Times article, because they’ve long known that Bitcoin’s public ledger has always made it so that transactions are traceable. But it’s actually important for people not deeply in the Bitcoin space to understand this as well. And the problem with so many of the “ransomware is really a cryptocurrency problem” articles, was that they implied otherwise — that cryptocurrency was somehow totally and completely untraceable.

As the NY Times article explains, what’s important here is that it demonstrates that for all the hand wringing about cryptocurrencies and ransomware, the reality is that law enforcement is evolving with the times, and using the same kind of law enforcement detective work it’s supposed to use to solve crimes.

Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry.

That?s because the same properties that make cryptocurrencies attractive to cybercriminals ? the ability to transfer money instantaneously without a bank?s permission ? can be leveraged by law enforcement to track and seize criminals? funds at the speed of the internet.

That’s an important point and one that often gets lost in the FUD surrounding new technologies (such as encryption) that might make law enforcement’s job slightly more complex in the short run. But, at the same time, law enforcement needs to learn to adapt, not by undermining these technologies, but understanding how they work, and understanding how to do the actual legwork to trace those abusing the technology for criminal purposes.

So rather than jumping to the conclusion that we need to ban this or that technology because it makes it slightly more challenging for law enforcement, this is actually an example showing how if law enforcement does their job properly, the technology is not the problem.

Filed Under: , , , , , ,
Companies: colonial pipeline

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI's Recovery Of Colonial Pipeline Bitcoin Ransom Highlights How The 'Ban Crypto To Stop Ransomware' Cries Were Wrong Again”

Subscribe: RSS Leave a comment
36 Comments
Anonymous Coward says:

The title of this article is not accurate.

Crypto is very interesting but has a lot of lot of challenges…and some fundamental problems. Crypto makes payment for ransomware MUCH easier to manage securely at scale with near impunity. At this point, it’s impossible to “crack” the private keys (quantum could change this, but not yet). The only way these money was re-claimed was transferring to some exchange/washer/crypto-bank that was under US control/cooperation. If the thieves were smart, they could have help this safe and off-ramped somewhere in China. They only got caught because they were very sloppy. Don’t expect future criminals to fall for some of the same pitfalls.

Crypto provides some value, but it’s largely a net negative. The permanent public record is very nice (for BitCoin not ~Monero), but it’s much harder to repatriate funds than with standard banks, including HSBC. All big banks have significant KYC/AML (Know your customer, Anti-money Laundering) which they need to run for large transactions. Effectively none of that exists in Crypto. Yes bad stuff happens in traditional banking, but crypto allows criminals to operate in public with impunity.

Also, PoW crypto should be outlawed for climate reasons (PoS or DPoS) should be the only way forward.

Anonymous Coward says:

The title of this article is not accurate.

Crypto is very interesting but has a lot of lot of challenges…and some fundamental problems. Crypto makes payment for ransomware MUCH easier to manage securely at scale with near impunity. At this point, it’s impossible to “crack” the private keys (quantum could change this, but not yet). The only way these money was re-claimed was transferring to some exchange/washer/crypto-bank that was under US control/cooperation. If the thieves were smart, they could have help this safe and off-ramped somewhere in China. They only got caught because they were very sloppy. Don’t expect future criminals to fall for some of the same pitfalls.

Crypto provides some value, but it’s largely a net negative. The permanent public record is very nice (for BitCoin not ~Monero), but it’s much harder to repatriate funds than with standard banks, including HSBC. All big banks have significant KYC/AML (Know your customer, Anti-money Laundering) which they need to run for large transactions. Effectively none of that exists in Crypto. Yes bad stuff happens in traditional banking, but crypto allows criminals to operate in public with impunity.

Also, PoW crypto should be outlawed for climate reasons (PoS or DPoS) should be the only way forward.

Scary Devil Monastery (profile) says:

Re: Re:

"Yes bad stuff happens in traditional banking, but crypto allows criminals to operate in public with impunity."

Well, yeah, but so does a crowbar, or not wearing a sandwich board at all times proclaiming your identity. It really doesn’t matter that crypto also enables criminals privacy. Crypto is essentially just communication.

"Also, PoW crypto should be outlawed for climate reasons…"

That argument is dead from the start unless you’re willing to accept the "side effect" of mandating government surveillance of all private communication. It’s literal "Ministry of Truth" stuff we’re talking about here.

"Crypto provides some value, but it’s largely a net negative."

THAT is just sheer and utter bullshit. There are probably a few billion people around the world who are VERY happy they can buy stuff online and call their doctor/lawyer/client in the knowledge that not everyone inclined to snoop can overhear them. Without encryption the internet truly would be nothing but cat memes and clickbait.

Scary Devil Monastery (profile) says:

Re: Re: Re: Re:

" I was only referring to crypto currency, and I’ll stand by my points in that respect."

All of my arguments also unavoidably refer to crypto currency. The reality is that "crypto currency" is nothing more than an exchange of encrypted data through a network. It’s in most aspects identical to a skype/teams/zoom chat, a client-bank transaction, or a bittorrent exchange.

So your argument remains one aimed at encrypted communication as a whole because no black magic exists to selectively ban undesired communication.

It’s about as viable as trying to say that from now on no one may use a certain set of words with the naíve hope that this will be possible while people are still allowed to speak in private.

Scary Devil Monastery (profile) says:

Re: Re: Re:2 Re:

[Addendum]

This problem is also compounded in that normal currency is also digital and in reality as ephemeral as the various flavors of bitcoin. The difference between two sets of numbers in digital ledgers thus becomes an almost religious argument as it’s an entirely faith-based discussion around which set of numbers is more "real".

PaulT (profile) says:

Re: Re: Re:3 Re:

Yes, the main difference between crypto and "normal" currency in the digital age is that crypto uses a collaborative blockchain instead of a central bank to move the numbers. That has many advantages (and some disadvantages), but pretending that the only reason it exists is to avoid culpability for criminals, through this lack of central control, is a losing argument not based in reality.

It’s also worth noting that despite claims of complete anonymity, criminals can still be apprehended and the funds blocked. They’ve been somewhat coy over exactly how it happened, but a majority of the funds paid to the Colonial pipeline hackers has been seized by the FBI, and consensus seems to be that they’re only likely to have been able to do that if they have access to property of at least some of the people involved. Crypto might well be a new and potentially difficult speedbump to law enforcement, but it’s not a magic bullet that allows people to get away with things undetected. In the meantime, it’s gaining perfectly legal and positive use cases across the globe that traditional banking makes difficult or impossible.

Scary Devil Monastery (profile) says:

Re: Re: Re:4 Re:

"Yes, the main difference between crypto and "normal" currency in the digital age is that crypto uses a collaborative blockchain instead of a central bank to move the numbers."

And this of course is what makes bitcoin possible in the first place; It’s hard to argue the disadvantages of monopoly money when the real money is also more or less monopoly money.

This battle was lost when official currency made the leap to digital. Cryptocurrencies are, thus, here to stay for as long as sufficient numbers of people are willing to circulate them.

Lostinlodos (profile) says:

Re: Re: Re:5 Re:

“ the real money is also more or less monopoly money.”
This has been the case for a long time.
Things the early 80s nearly all financial systems lost their hard trade backing.

Actually understanding linking of a reserve backing to a currency today via open market platforms can be seen in digital translations. Digital gold, silver etc.
I think we’re past the point of pulling a standard back in though. Obviously linking a “dollar” to an ounce, or more realistically a new $2000 bill to a gold ounce, would spin the money on a wild ride!
We see it can be done though as people use bitcoin worldwide. And the US dollar. Neither of which have any real value.

PaulT (profile) says:

Re: Re:

"So how does the guy get his $200 million in lost bitcoin back?"

Same way he’d recover his cash if he lost it – he needs to locate it and prove ownership. If he lost the key that proves he owns it, well…

"Bitcoin definitely enables crime even more than cash as it doesn’t require physical storage"

Define "more crime". If you mean that it makes types of crime that would be difficult or impossible with cash possible, then maybe, but then so do bank transfers, stock market manipulation and securities fraud, and I don’t recall people calling for stock, securities and transfers to be banned as a result.

If you mean that more crime overall is made possible, I somehow doubt that in the long term, it will be a long time before people are paying their local drug dealers or hookers in bitcoin.

Scary Devil Monastery (profile) says:

Re: Re:

"Bitcoin definitely enables crime even more than cash as it doesn’t require physical storage."

That’s not a factor of Bitcoin, it’s a factor of digitally held currency in general. The very second the ATM card was invented fiscal crimes skyrocketed – while of course physical heists dropped. On the one hand, more identity theft and money laundering. On the other hand less bank robberies and armored car heists. It’s a tradeoff.

Anonymous Coward says:

Bitcoin makes it a lot easier to get paid for ransomware attacks why do ransomware gangs mostly live in Russia
Where they are out of reach of the USA criminal justice system
The rise in the value of bitcoin seems to have coincided
with the vast increase in the no of ransomware attacks
with increased payouts required
You might say there’s almost a cold war going on with attacks on hospitals and infrastructure company’s
At this point ransomware hacks are catching up with
terrorism in terms of economic costs
I’d imagine hackers will be more careful in terms of which
Bitcoin exchanges they use
In terms of damage to the environment bitcoin is causing
large energy generation costs simply to make a digital cpin

ECA (profile) says:

Re: Re:

But AC.
Whats your opinion on Services giving direct access to things, THAT should NOT have access tot he internet.
Everyone thinks MicroStuff is the best of everything. And dont understand that SECURITY is their OWN responsibility, no matter the system they build.
How much protection do you run? How often do YOU update and monitor your system? How do you read your email(TXT, HTML, HTML 5)? Think hard Please. HOW often do you have to do a Full reset of your computer?
Compare all your comments to REAL life money and other things. CASH is CASH, and there is little to track it, and it dont matter what nation you take it to. You can have a Drop bank, they auto ships to another, then another, and have small amounts Picked up at each. By the end you have hit 20-30 bank transfers, and $1000 picked up at each location. Then those people get into a car and LEAVE to another country. FEW other nations are HUGE, and running across a border is 200 miles away.

ECA (profile) says:

Hmmm.

Lets ask,
Who dont like Bitcoin and perpetual Money?
Who gets to control it?

Banks LOVE us, as they get to charge us money JUST to hold our money.
They also get to USE that money, and make even more interest WITH IT, beyond a service fee.
Gov. hates it because its underground money, that ISNT taxed, Every time its used. Which is funny as our money is supposed to be taxed 1 time.
Rich people either love or hate it, as you can use it as a GREAT investment. If you had started at the beginning, they were giving away about 50 coins just to sign up. What would that be worth now?
But the hard part would be selling it off to make Real cash, as you couldnt sell at full face value, take a 10-20% loss on it, but still make 100x what you paid years ago.
But then comes the tax man.

Lostinlodos (profile) says:

Two problems; few solution

The pipeline brought ransomware to the international front page. Good.
The focus was totally corrupt!
The major issue here is why/how does a major energy source get hacked in the first place!!?
Was the system improperly secured or did some dunce give away the key to the front door.
Why was there no system wide cold storage backup?
Why was payment necessary at all?

Cryptocurrency has nothing to do with the attack(s) other than being the payment method. Ransomware predates crypto attacks. Used to use wire transfers to shell companies or asset transfers.

Seriously, how do we get companies toe use competent security and maintain backups?

PaulT (profile) says:

Re: Two problems; few solution

"The major issue here is why/how does a major energy source get hacked in the first place!!?"

As far as I’m aware, it didn’t. The billing / customer service side got hacked and a decision was made to shut down the energy source until they could get control of the billing. Related, but not the same thing as directly hacking the actual energy source.

"Why was there no system wide cold storage backup?"

My understanding of the event is that they paid upfront to get it resolved as quickly as possible, then when the fix didn’t come through quickly enough they did restore their own backups anyway. So, payment of the ransom, along with the pipeline shutdown, were unnecessary, but there was a management decisions that made it happen.

PaulT (profile) says:

Re: Re: Re: Two problems; few solution

"Oh, so it’s bllling’s fault."

Yes, because the pipeline management system wasn’t affected. If they were to found a way to deal with the billing retroactively – or applied the backups they apparently had lying around anyway – supply would have been unaffected. A management decision made it so that supply had to be stopped until they got their billing sorted out.

For someone bleating about personal responsibility elsewhere, you seem strangely determined to deflect it here.

"Maybe they’ll remember that when people complain about mis-billing. Probably not."

They had 2 choices – keep supply going while they restored other systems, or shut it down and have to deal with complaints about both billing and supply. They chose the latter for whatever reason.

Lostinlodos (profile) says:

Re: Don't ban it

Climate change is the natural process of the earth fluctuating between snowball and water ball climate. Sometimes global events can tilt the natural process such as a comet impact, or a super volcano eruption.
But it is scientifically proven fact.

Man-made it human-caused global warming is the now theory (graduated from hypothesis status) that human activity is accelerating the natural process.
Evidence over the past half-decade from Alaska and Siberia have given us substantial clues to the possible effects of human activity on the climate.

No longer just fear mongering conjecture with minimal evidence.
We see carbon and high metal deposits in years with no large volcanic activity.
This points to saturation that has no natural source.

Not proven: but it’s hard to ignore actual evidence.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...