Police and Thieves… and Bitcoin (2/2)

The first part of this article is available here.

II - The "police"... and Bitcoin

The relationship between police officers, gendarmes, customs officers ("gendarmes") and Bitcoin is not well known. Yet they exist. An analysis of press releases shows that law enforcement agencies often have a more open attitude towards Bitcoin than the general public might think.

How did this crypto-currency, which operates internationally and still has a bad reputation for some, gradually gain favor with law enforcement officers whose jurisdiction is territorially limited?

This attitude was not formed overnight. It is the result of the path taken by law enforcement agencies to understand and use bitcoins, in collaboration with companies in the sector and police forces around the world.

Law enforcement training in cryptocurrencies

From the beginning, law enforcement has had a pragmatic attitude about bitcoin. In order to understand how this crypto-currency works, they quickly trained themselves in its use, so as to be better able to spot it, use it, seize it if necessary, and arrest the traffickers.

In this respect, the Silk Road case was a real learning and experimentation ground.

At the international level, Europol (the European law enforcement agency) is one of the police organizations that took an early interest in training police officers in not just bitcoin but cryptocurrencies in general. Its European Cybercrime Centre ("EC3") has been organizing annual conferences on virtual currencies for the past five years.

Its 5th conference, held on June 19-21, 2018, in The Hague, was the largest European law enforcement meeting bringing together over 300 participants from 40 countries.

The conference included a focus on cryptocurrency traceability and approaches to "unmix" operations. Twelve successful cases of detection of traffickers through the traceability of virtual currencies were presented. They covered areas as diverse as phishing, DDoS extortion, shutting down darknet platforms and illicit mining organizations.

In April 2018, the 192-nation International Criminal Police Organization or Interpol ("ICPO") held its first Darknet and Cryptocurrency Task Force. Altcoins, such as mixers and tumblers, have been identified as serious threats by Interpol. The next working group will meet in Germany in October 2018.

These major police organizations are also working with each other to exchange best practices. On January 15-16, 2018, Europol, Interpol, and the Swiss Institute in Basel jointly organized a workshop for financial investigators on the detection, investigation, seizure, and confiscation of cryptocurrencies. More than 60 financial investigators from money laundering, cybercrime and financial intelligence units from 32 different countries participated in the event, as well as asset recovery experts and private sector representatives.

Close cooperation between law enforcement and bitcoin companies

In order to train themselves, law enforcement agencies in France and abroad have relied on the skills of specialists in the world of cryptocurrencies. This is how a close cooperation between these two worlds was born.

The exchange of best practices between international law enforcement agencies and Bitcoin companies is essential. This exchange has been possible because these companies, as we have seen before, were the first victims of cybercriminals. Over time, they have learned to negotiate with cyberpirates, offer rewards for recovering stolen cryptocurrencies and develop best practices to generally protect themselves against cybercrime.

It should also be recalled that the majority of the major exchange platforms have adopted a self-regulatory system whereby they already voluntarily submit to a number of financial sector rules regarding anti-money laundering and anti-terrorism provisions.

At the 5th Virtual Currency Conference, the following bitcoin companies were present: Bitcoin.de, Bitfinex, BitPanda, Bitstamp, BitPay, Blockchain.info, CEX, Coinfloor, Coinhouse (formerly known as House of Bitcoin), Cryptopia, Cubits, Kraken, LocalBitcoins, OKCoin, StectroCoin and Xapo.

These companies were described by Europol as key experts in the cryptocurrency world, working hand in hand with law enforcement.

Using bitcoins and their tools to identify, arrest and bring "thieves" to justice

In France, French customs have purchased bitcoins to arrest traffickers. During the Senate hearings on "Virtual Currencies" in 2014, the director of the National Directorate of Customs Intelligence and Investigations (DNRED), indicated that in December 2013, the " 'Cyberdouane' unit, placed within the National Directorate of Customs Intelligence and Investigations (DNRED), proceeded - with the assistance of Paymium - to the arrest of a drug trafficker on the Internet, who was being paid in bitcoins. In concrete terms, the DNRED bought bitcoins and then proceeded to purchase a small quantity of narcotics; this means of payment then allowed us to trace the merchandise in order to intervene in the premises of this trafficker...".

In 2016, in the United States, members of the criminal organization BAYROB GROUP were tried and convicted for using zombie computers to mine various cryptocurrencies, such as bitcoin, monero, darkcoin, yacoin and other altcoins.

That same year, at the 3rd Europol conference on virtual currencies, Erik Barnett, a representative of the U.S. Department of Homeland Security and co-chair of the conference, said, "While bitcoin and comparable products were considered major threats to security and justice a few years ago, transaction traceability is now being used as a tool to investigate crimes and prosecute perpetrators."

This traceability of bitcoin and the fact that a transaction cannot be erased are valuable advantages for law enforcement that are not the case with the criminal use of legal tender currencies, such as the dollar or the euro.

Police have taken advantage of the development of increasingly accurate tools to analyze the bitcoin blockchain (blockchain.info, chainanalysis, goochain, scorechain, OXT, ....) and spot suspicious transactions. The identity of the "thieves" is not as secure as the traffickers would like.

Research on public blockchains has led to some surprising discoveries for law enforcement: alongside traffickers and criminals of all kinds, there is a Drug Enforcement Administration (DEA) agent and a US Secret Service agent arrested by the Federal Bureau of Investigation (FBI) for embezzling bitcoins from the Silk Road site.

Another interesting finding from the analysis of the bitcoin blockchain was that some operations are not as profitable as one might think for cyber hackers. For example, the Wannacry ransomware would have collected, based on the three publicly available ransomware addresses, just under 55 bitcoins in total to date.

The explanation seems to be given to us in a report by the Attorney General of the U.S. Cyber Digital Task Force (whose mission includes fighting cybercrime), dated July 2, 2018. According to this report, the WannaCry attack would not have been very profitable for cybercriminals because the financial aspect was only secondary and that this attack would have been launched for political reasons by North Korea.

International law enforcement coming together to stop "thieves"

The transnational nature of the use of cryptocurrencies by criminals has caused national police forces, limited by their respective jurisdictions, to band together to act.

Police around the world have teamed up on several occasions to arrest cybercriminals. Like the traffickers, the gendarmes have adapted to deal with the new altcoins phenomenon.

In July 2017, two international law enforcement operations involving the FBI, DEA, Dutch police and Europol shut down two darknet platforms.

The first platform shut down was AlphaBay (1st site in the sector) which had more than 200,000 users and 40,000 sellers. Transactions were paid in bitcoins but also in other cybercurrencies. Hansa, the third platform in the sector, which was closed by law enforcement shortly after the first one, accepted bitcoins as well as moneros and ethers for its part.

In June 2018, the Spanish and Austrian police dismantled, with the help of Europol, a network of drug traffickers. On this occasion, the equivalent in value of more than 4.5 million euros was seized in bitcoins, IOTA and lumens.

In July 2018, Europol announced that it had assisted the Spanish Guardia Civil and the National Police of Colombia in dismantling two criminal organizations involved in large-scale money laundering. One of these organizations was also involved in collecting large sums of money from other criminal groups linked to illicit activities. This Colombian organization used currency exchange platforms to convert large amounts of money into bitcoins and altcoins, and then transferred them to other virtual wallets controlled by them.

Through the demands of law enforcement we can see future international conventions taking shape. The Financial Crime and Cryptocurrency Working Group organized by Interpol, Europol and the Basel Institute concluded in January 2018 that it is appropriate to:

Share information about money laundering and cryptocurrencies through networks such as Europol, Interpol, "the Egmont Group" and FIU.net,
Regulate exchange platforms and virtual currency wallet providers by subjecting them to the same rules as the financial sector regarding anti-money laundering and anti-terrorism provisions,
Agree on a clear definition of the concepts of crypto-currencies, virtual currency exchange platforms, wallet providers and mixers, in order to include them in the European regulation,
Take measures against "mixers/tumblers", whose purpose is to anonymize transactions and which complicate the task of law enforcement to detect and trace suspicious operations.

Through these proposals, we can quite imagine the main points of international agreements that may intervene in the future to fight against the misuse of cryptocurrencies by criminals.

We could also more simply amend the Budapest Convention on Cybercrime to include the issue of the misuse of crypto-assets. This convention of the Council of Europe of November 23, 2001 already includes, in addition to France, about sixty countries around the world such as the United States, Canada, Australia or Japan.

This convention already recognizes the need for cooperation between States and private industry in the fight against cybercrime and the need to protect legitimate interests related to the development of information technologies.

In this eventuality, let's hope that companies in the industry will be consulted and the text will clearly distinguish the legitimate use of cryptocurrencies from their use by cybercriminals.