New investigative tools may help average law enforcement agencies more effectively track criminal activity made profitable through cryptocurrency. This includes ransomware schemes and other popular hacks.
Digital intelligence vendor Cellebrite recently launched its new crypto tracer solution, a tool to help state and local police more effectively investigate cybercrime.
The company says its product will give law enforcement agencies the ability to better track illicit cryptocurrency transactions, the kind that are ubiquitous amongst ransomware hackers and other cybercriminals.
The tool is powered by crypto intelligence vendor CipherTrace Inspector and is designed to give investigators visibility into the "lifespan of cryptocurrency transactions," essentially mapping where the money went and how it changed hands through curation of large amounts of data points from both open and private sources.
"The solution empowers teams to lawfully obtain evidence and trace criminals who use bitcoin and other cryptocurrencies for illicit activities, including money laundering, terrorism, drug and human trafficking, weapon sales and ransomware schemes," the company explained in a statement.
A source with some 20 years experience as a federal law enforcement official focused on digital investigations said that criminal activity involving cryptocurrency has escalated immensely during a very short period of time.
"Crypto has been around since about 2009 but it didn't really come into play as a major part of financial crimes until around 2011," the agent said. "Since that time, it has almost become a currency fiat to the criminal element. We see it in money laundering schemes, mortgage fraud, human trafficking and ransomware."
Seeing as ransomware attacks against public agencies reached new heights last year, the dark side of cryptocurrency is well known to government leaders.
Successful prosecution of ransomware hackers remains a rare occurrence. Computer Crime units within state police agencies will typically collaborate with the FBI and other federal authorities to investigate how ransomware attacks occurred, though even in the most high-profile incidents from recent years — say, Baltimore, for example — no arrests have typically been made.
While blockchain is open source, it is also pseudonymous, meaning the identities of its participants are hidden. Even when attribution is possible, and it usually isn't, locating a cybercriminal can also be extremely difficult and involve jurisdictional challenges given that a hacker may be located in another country.
Still, Cellebrite's solution seems to have made some promising advances in this area, too. In certain cases, the tool is able to identify the geographic address of a crypto-criminal's Virtual Asset Service Provider (VASP), the forum through which cryptocurrency can be translated into actual cash.
“The most valuable information that we can get on the hacker is the transaction ID and name of VASP where the hacker is trying to convert their ill-gotten cryptocurrency into fiat. Sometimes we get their IP address,” said John Jefferies, chief financial analyst at CipherTrace.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.