FBI on Bitcoin: Cybercrime, Opportunity and Digital Choice

Friday, May 11, 2012

Pierluigi Paganini


(Translated from the original Italian)

Law enforcement, FBI first and foremost, are worried about the diffusion of the Bitcoin network that could be used by groups of criminals for several activities.

The main problem is related to the payment system is that is completely anonymous, making it impossible to trace the transactions and related users.

"Bitcoin is a decentralized electronic cash system that uses peer-to-peer networking, digital signatures and cryptographic proof so as to enable users to conduct irreversible transactions without relying on trust. Nodes broadcast transactions to the network, which records them in a public history, called the blockchain, after validating them with a proof-of-work system."

Starting on January 2009, the use of Bitcoin made it possible to make transactions using a digital currency that hasn't the backing of and doesn't represent any government-issued currency.

The editorial staff of Wired has obtained an unclassified document, titled “Bitcoin Virtual Currency: Unique Features Present Distinct Challenges for Deterring Illicit Activity,”   prepared by the FBI related to Bitcon system.

The report highlights the difficulty in obtaining information on suspicious transaction records and the impossibility to track the users that made them.

Through a peer to peer communication and the usage of cryptography, the Bitcoin system implements an on line currency that allows anonymous transactions.  The only part of the process that theoretically requires the identification of a subject is the step in the conversion between Bitcoins and a real currency. I said theoretically because there exists many third-party Bitcoin services that don't require customers to submit valid identification or banking information for the conversion.

Despite the fact that the Bitcoin system could be regarded with suspicion by those who are accustomed to the ordinary processes of payment, it is used as a legitimate form of payment by numerous online retailers selling all kinds of products such as clothing, software, and music.

Naturally every payments system is an object of interest for criminals that desire to make profits implementing fraud schemes.

The Bitcoin payment model, due to the anonymity of the transaction, is widely utilized in illegal environments for the sale of illegal product and services. Underground sites like Silk Road allow users to pay using the virtual currency.

How does the system work?

Each user installs client software on their computer to generate Bitcoins and manage a Bitcoin account, and a unique 36-character string of numbers and letters is used in the transactions. The currency is stored on the user’s computer in a virtual “wallet.”

The transfer of Bitcoins is also simple, it is only necessary to address the destination account by providing its account number to the client software. To guarantee the non-repudiation of the operations, the sender digitally signs the transaction and sends the information through the peer-to-peer Bitcoin network, which validates the transaction and releases the coins to the receiver.

Each Bitcoin is similar to a certificate that is associated in a non-repudiable way to the individual that has exchanged it using the digital signing process. Transferring Bitcoin to another individual, the signature encryption related to the coin is passed to the new user and is stored in its wallet.

The core of the entire architecture are programs called miners that take into account the number of Bitcoin transactions and provide a validation for the currency. Miners are similar to the Federal bank in that they analyze the circulation of the money to prevent phenomena of inflation or deflation.

(click image to enlarge)

The Bitcoin economy according the FBI report is amazing, considering a value of about $4 and $5 per Bitcoin and a total amount of more than 8.8 million Bitcoins in circulation, we are faced with an economy worth between $35 million and $44 million, which is really desirable for the cybercrime.

(click image to enlarge)

The FBI is concerned with regards to the usage of Bitcoin for illegal activities, and in the report stated:

“If Bitcoin stabilizes and grows in popularity, it will become an increasingly useful tool for various illegal activities beyond the cyber realm,” the FBI writes in the report. “For instance, child pornography and Internet gambling are illegal activities already taking place on the Internet which require simple payment transfers. Bitcoin might logically attract money launderers, human traffickers, terrorists, and other criminals who avoid traditional financial systems by using the Internet to conduct global monetary transfers.”

Despite analyzing Bitcoin transaction records that are publicly available, it is possible to retrieve sensitive information related to the source and destination of the payments and to the bank account information or shipping addresses, and the FBI enumerated several ways to protect user anonymity:

  • Create and use a new Bitcoin address for each incoming payment.
  • Route all Bitcoin traffic through an anonymizer.
  • Combine the balance of old Bitcoin addresses into a new address to make new payments.
  • Use a specialized money-laundering service.
  • Use a third-party eWallet service to consolidate addresses. Some third-party services offer the option of creating an eWallet that allows users to consolidate many Bitcoin address and store and easily access their Bitcoins from any device. Individuals can create Bitcoin clients to seamlessly increase anonymity (such as allowing users to choose which Bitcoin addresses to make payments from), making it easier for non-technically savvy users to “anonymize” their Bitcoin transactions.

No one is safe

Of course, the statement "No one is safe" is also valid for cyber criminals, as their great enemies are also groups of hackers who are specializing in the theft of this digital currency. In the past, hackers have already implemented malware such as Infostealer.Coinbit, which is able to steal Bitcoins from the e-wallet installed on the infected machine.

Another major problem that affects the Bitcoin payment model is the counterfeiting of Bitcoins, or better saying the possibility to auto produce Bitcoins in an illegal way. This opportunity is of great interest. According an official source at the  FBI, hackers and criminals have already tried to compromise clusters of machines at an unidentified Midwestern university in an attempt to manufacture Bitcoins.


Bitcoin and other payment systems peer2peer networks have introduced a revolutionary concept of decentralization of currency. The concept is at odds with the monopolistic power of governments that are the only issuers of currency, and such a system puts into question the legitimacy of monetary policies in a global and digital economy.

(click image to enlarge)

The complete control of the monetary system allows governments to define the price of money by controlling the market.  

The real danger of digital money, above the vulnerabilities in its processes, is the inability of governments to exert control over financial flows, this could lead to a distortion of the main mechanisms of control and taxation, bringing total chaos in a market already in disarray and promoting the development of illegal activities through the coverage of cash flows.

The real problem is:

"Is any individual able to exercise full control of its currency?"

Need I remind you of the answer...?

Cross-posted from Security Affairs

Possibly Related Articles:
Economy Vulnerabilities P2P FBI Cyber Crime Financial Law Enforcement Anonymity Bitcoin Digital Wallet
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked