Cryptocurrencies, Anonymity, and Cashing Out

yeah all right hey everybody a little bit about myself I work for my technologies I focus mostly on our entire primary search security incident response both for customers who are under attack and for internal incidents I do security trainings assist training as well as a bunch of security awareness workshops also I get to play like the general chaos monkey within the company me and a couple other guys make it a point to break cover routine systems and then help them you know looking at ways to redeploy manage or to go ahead and make them more resilient all righty so in looking at crypto currencies especially crypto currencies like Bitcoin that has been used you know for

criminal activities or at least along with criminal activities it's kind of a black box for a lot of people how criminals will give those tweeted bitcoins into Fiat or cash that can actually these views one of the first things that some of the online guys for doing this will tell you to do is to throw your bitcoins to a Bitcoin tumbler and essentially what a Bitcoin tumbler does is it takes the big points that you give in bitcoins lots of other people have given it and then bitcoins that the tumbler hasn't reserved and sets up a whole bunch of different wallets and transactions and swaps their coins all around and a really really big shell

date I'll show you an example of it layers and then spits out at some point where your bitcoins that have been mixed with a bunch of other people's to obfuscate the trailer now there are a couple of underground Markus these are specifically to tour markets thus The Onion Router of markets that have built in mixing services alpha beta hollow market I would not trust either of those but there are some better note and better trusted tumbling services he licks by rams is arguably the most famous Bitcoin blog is probably the seconds of Stannis and there are some others like bit mixer Bitcoin blender and facial nationals interesting and that the company that runs it st.

also provides an anonymous email service if you've seen emails from somebody that's etched again calm then it's probably an email trying to extort bitcoin from you saying that they're gonna ddos you or your website if if you don't pay money and then half the time they don't so first units itself when you go in to use it here's what it looks like it gives you your unique ID for the transaction and then you can add a random delay and then have it send you the output and multiple transactions neither of those are on my email which is hilarious because when you don't turn either of those long as very funny trace your Bitcoin transaction tumbler and

then it shows the stars aren't actually there normally it shows another people address Exeter's there's a new kid on the block now this one has been around for very long so we don't know if it's like legit or not work they're gonna try and do an exit scam where they get a bunch of people's bitcoins in that disappear but they do have some hinges interesting services that they offer so this is called bit clip Bitcoin mixer and some of the cool stuff that they do is they randomly set service fees why is that important well when you go in and you throw like say 200 bitcoins into a tumbler and then somebody else sees that there's 200

bitcoins - the standard service fee in the Bitcoin tumbler that come out it makes it that much easier trace it so when they're randomly setting the service piece it makes a lot more obviated in terms of who was putting in it was heating out certain connections they also offer PGP cooperation for both their website and their transactions to build trust so if you don't believe you're using a copycat a phishing site also they have a first one time offering life support which I thought was interesting and then they also offer a separate secure payment service where you can use them to pay for whatever is shady stuff you want to pay for online so this is what the main mixing page

looks like you know you put in your the Bitcoin wallet that's gonna be used for payment how long do you want to do delay let's go that they don't just have you know like the link button they actually let you set it and then of course the amount and then I gives you the the address and then you'll get after you do that your confirmation with the PGP key you can see here this is where I was verifying the key against the ones they gave me and then here's where you can actually use their portal to pay other people with tumbled bitcoins and they say anonymously and we'll talk about a little bit later why that's a complete

file portion so somebody else writes like I said they have been around very long so there's no track record there is a single owner so there aren't a lot of other people too that have unequal States in this venture to keep each other in check it's just the one developer behind the site and it requires you to enable JavaScript which is especially if you're using tor because there's lots of pool will not go for you but cool things that you can do to either have a drive by malicious down system or to find out where you are where you've been things like that and we've been talking I keep using this word out to skate hockey skate while

they keep using the word anonymous obfuscation it does not people not matter I'll talk about why especially for things that use the blockchain so there are some tools and everybody can get out there fourteen-year-old middle school boys here this tool is called the tank analyzer and if you're talking about hey let me take here what you're talking about is the percent of funds that were received by an address that can be traced back to another address or Bitcoin ball and so that helps you over a series of transactions how interrelated different wallets are this this helps a lot forensic investigation of checkpoints that ended between a budget in our wallets that's blocking in both they're having some DNS issues

right now but it is the really cool tool blocks here's another one and they offer a sort of visualization tool along with theirs and what you're seeing here is where the feds were selling off the captured Bitcoin from the Dread Pirate Roberts and the Silk Road one and you can see where they sold a bunch of it to Tim Draper and I team it and then when they do the rest of toward your claws there's another legal tool called reactor punch analysis in this one if you ever use multi yo it's a lot more that sort of interface where it allows you to look at the relationship structures between different wallets transactions and third-party Bitcoin

members so you can you know sort of look at you know heat mapping of relationships as well as transaction patterns but if you're going to be doing transaction pattern analysis I think the best people out there right now is Numa site and this piece you have tree there you can actually see the different transactions and where they start to merge into different wallets and where they overlap and this is a very most of transactions before when I was talking about a tumbling service and they sell a bunch of different all of your big points around this is page 103 of the single tumbling transactions session so it's complicated but it is still 100% traceable some of the

research that's being done on this sort of stuff chin Chow and Iowa State he has a really cool paper called graph based forensic investigation with Bitcoin transactions the guys who are behind the iodine which is a really cool visualization software suite they do what we call extracting intelligence from the Bitcoin hubber that's really worth checking out the next two papers are probably my favorite right now the guy who made numerous site the 3d1 Danno I have a preliminary field guide for Bitcoin transaction patterns this is really really useful when you start doing forensics I and blockchain analysis because it gives you a feel for what the most common types of Bitcoin transactions are what they look like

what's usually involved in them and it's a really good primer for getting started with forensics for their clients and Sarah people John I'm a total fanboy for her she has some really really cool stuff and with encryption analysis and things like that but she also does a paper called a fistful of big boys characterizing payments among men with no names and what that's doing is it's actually doing statistical analysis to find different people who are trying to remain anonymous through Bitcoin transactions and correlating their different transactions over time and it's just some beautiful stuff alright so how does a criminal if you're you know realizing that all the stuff is going on occupation it doesn't make you

anonymous and there's all these ways to trace what you're doing you're kind of left an impact what do I actually do now that I can't hide Who I am online or what I'm doing with my finances well there are some people working with us one of the probably most talked about in the gues cryptocurrency and anonymity circles in terms of privacy is the new stealth transactions implementation and what this is is it's a unique implementation of diffie-hellman anybody is that you know stuff that is but I'll explain how it works in terms of colors so we'll say that these different colors are secrets right private keys rather so Ben and Matt Matt has a private key blue then

has a private key already agreed to exchange the color yellow between them now as they're exchanging this anybody sitting on the line you know our friendly three-letter agent or other straight talker can look and see what that is going across their transaction so now they and anyone else listening will know that shared color gloves so now everybody knows the shared color is yellow so what madam dinner may do now is they're going to mix their own private colors blue and red respectively with the shared color reading a new unique color mixture so that it's going to end up creating more matching it end up creating green now since they're sharing this over the line any third

party listeners now I'm going to also note that it's they're going to know what the original sheer color is as well as the two combinations afterwards and you know these are explained this with colors but in the actual implementation this is going to be math so now what they're going to do is Matt and Ben are going to mix their private keys with a color mixture from the other and it will be the same color every time so what it's going to look like I'll let you look at that for a minute and what its going to actually look like this max file color combinations are going to be blue right Vance file color combinations are

going to be red yellow and blue now because of how the third party observer sits on the line they're going to be stuck with yellow blue yellow red yellow or yellow green orange which means they're never going to see the final combination so the final color combination is going to be a shared secret only between that bet so it makes it something that only they can do without prying eyes being able to see what's going on there and this implementation will be used for crypto currency transactions now is anybody actually using it well dark wallet is using it right now in an output sort of stage now the government is doing is they're offering this stealth

transaction implementation they're also offering multi signature Walker and Wallace if you want to have multiple people using the same wallet but also have to have multiple multiple signing of it so one person can't just take everything out and run with it escrow if you want a third party to be you know escrowing for a transaction between two other parties and then they also add another thing called poison mixing what's going to NAC well with that point what happens in a typical series of Bitcoin transactions is you have one transaction that's between Bob and ten and you can see what goes in and what comes out to each person a psychic transaction between Alice and Carol

again you can see what goes in and what comes out three person what one joint does it takes multiple transactions and switches those together so when they enter the ledger or the blockchain they enter in as a single transaction so now you know that Bob Alice Ted and Carol are involved but you don't know who is actually talking to who was actually training with whom which again adds more appreciation and makes it more difficult to tell who's been doing business with whom now there are some problems with the point I'm mixing most of the services of supporting are centralized so once that gets popped you just manage middle it they're also highly susceptible to statistical analysis in

fact there's even a tool that does that for you now boy joints you know U is a really fun thing to play around with what it does is it finds the common ownership of the multiple transaction input-output groups or or enjoyed transactions by the PNP and going and outgoing amounts and doing some statistical analysis although now dark bullet I also itself has the problems it's an extreme outlook it's not stable or safe for use with real money and use it at your own risk unless you're doing some really shady businessman police you start polite because we'll probably get caught one of the other options that you have for getting your actual bitcoins out are these things that are called

Bitcoin direct parts and what they are is you're not actually turning my bitcoins into money in the bank and then the bank give you cash what these are is these are financial institutions that you have your bitcoins with and then you can draw directly from that Bitcoin reserve now there are some issues of these parts you have to physically take out cash so you have to go to ATMs or base where there are cameras and other people also almost every single one of these parties are backed by a new small Eastern European financial institution superbunny not to mention they all seem to have many short lifespans they just like come and go like mayflies some of your other

options handle goods you can buy stolen or misplaced online with your big points and then you can turn around and sell them you know various services this back page where I say wall puffs if you're really ballsy and when I get extra credibility the person that you're supposed to sell these to have them meet you in the police parking lot and the note will say some other options you have from under your big boys is precious metals gift cards or sort of prepaid Visa or MasterCard cards the precious metals actually are sold on a lot of the darknet markets the top left one that's handsome market and they're selling sterling silver and then you know these right to our alpha Bay I'm

just what are arguably the largest market right now and they're selling stackers silver and I like the bottom one especially real verified not fake yeah you guys see the problem is that all of these listings are right next to other things like these which are totally fake so your mileage may vary but within the past year or so legitimate precious mineral resellers have started accepting Bitcoin directly so you can use them as longer mechanisms until of course you know they Mississippi dyed red well you gave them a shipping information so good on you a mockingjay bullion are arguably the two largest legitimate precious metal sellers they sell a lot of coins and scrap silver and gold and stuff it down

that markets you can get lots and lots of stolen gift cards and you know twenty five to twenty percent off could go do to turn off for the Walmart gift card so the thing that was really interesting about this is by far the most common gift card for sale were Whole Foods Market carts some really expensive grocery tastes the prepaid parts that you can get 10% Wow so they're they're taken ten percent service fee and there they're saying they're the lowest price on the service fees that's great and so what they'll do is they'll give you like that a green money pack or Penelope a card with whatever bitcoins you give them and then they'll ship it

to you at the address that you're giving to it or at all if you don't want to do any of those and you not necessarily want precious metals you can also turn your bitcoins into other materials I can see how this is still up right now you can buy bricks on the darknet and unfortunately they only ship to the EU I'm sorry so there are some issues of course with receiving tangible goods you're potentially exposing your home or business address if you do want to set up a key box that requires ID it requires that you go under cameras there are employees and other customers that work there if you're going to try and beast the ear and use an abandoned drop

think you're like a Russian KGB or something you don't know that this drop which is typically an abandoned building or house or business or something that's on vacation and you're going to use their address you don't know that mail forwarding is not set up you don't know actually River and delivery guy shows up in the place was obviously abandoned I mean easy I think something sketchy still and with all of these you run the risk of control deliveries what is control delivery it's when law enforcement agent dresses up like a delivery guy comes and has your sign for it right after you sign in the package slaps your hot shot so yeah how do you get around this

triangulation frog so this is this became really large on eBay but has also been used through other online retailing outlets and how it works is you have an unsuspecting customer who sees an operating or what looks like a legitimate like computer or backpack or you know Gucci bag or something like that online and now the seller who is the person with the bitcoins that they want to get rid of and turn into cash doesn't actually have any of those item items that they have up for sale and stuff what they do is they take the money from the unsuspecting customer from their order and then they use that money either with a stolen credit card

or with the money that they give them or the the big points and they'll go to a legitimate online website that takes big coins and then they'll ship that stuff to the customer so the customer gets what they ordered right the proximate seller has never touched any of this equipment that they're using or wanting to give money the library and when the cops go and start investigating all of this who do they go to the unsuspecting customer you didn't know they were buying something that was being paid for it during light so it costed say look you buy it from them and they say here's my cape cod we see yeah and that PayPal account doesn't exist anymore yeah all

right so that the longer through online casinos is another option but one of this much more interesting to me is using uber or lyft and so this is pump goes writing this is where you use your bitcoins to buy for watches stolen or hacked right your accounts you can buy them on four markets for like one or two dollars a pop you can also buy them and forums and perform the really interesting especially the Asian was because there are things called by ghost dispatchers that will go ahead and inject GPS and the SPR something like that it's per targeted pickups in here where you the fraudulent driver aren't picking out these from these stolen accounts and they call them goes to

nurses station so you've got your own phone and you've got it's hacking the twenty multiple instances of the driver software for uber lyft and you're just running through these stolen accounts that you bought that were writer accounts and you are scooting the GPS essentially so there is a mobile version of custom GPS software that is supposedly out there online mostly the Asian in the world that what it does the tricks of a driver app so you don't actually have to move it only is at home and it makes it think that like you're driving to the person thinking about and taking the more you're supposed to go and you're making the list data up on the fly if anybody

has actually access to the software please please PLEASE pop to me so I really want to see it I also want to reverse it and see who else is talking to because like that is backdoored all right big boy casinos so these are these are cute and then they say oh yes it's totally international and yes Americans can use us even though it's illegal and so you'll tell you what currencies they use what the positive is to get for your cryptocurrency the games they have and you can see that especially Fortune Jack like they take every cryptocurrency ever yeah some of those all of those are still active yep dummy board they don't take no - no fortunately but if you look

down here so how this works is you take your bitcoins you turn it into online chips you use some logrus gambling blackjack baccarat traps are probably going to be with the least house advantage and then you go ahead and you cash out and you get bitcoins that have gone through their system where so the issues to look for here local laws equal more crimes so not only are you laundering funds and committing wire fraud but now you're illegal gambling scams this is where the casino gives lots of people that pay into them and then the casino owner disappears with all the third bitcoins before they get to cash out another problem is it is a small casino and it

has a low volume of bitcoins that it's really really easy to trace input and output for the Bitcoin transactions also a lot of them require wagering limits for withdrawal like you have to spend a lot of money with them in order to take out so much another clever one that I was talking to somebody else about last night that I thought was kind of funny was ATM runners and the way this works is you've got your dirty bitcoins and then you are giving them to an individual or an online service that already has an account with a Bitcoin exchange like circle 1 racers a boat and that's connected to a bank account so what they'll do is they'll take your

bitcoins and then put the in whatever I guess USD your fiat you wander through coinbase or Zappo into their Bay and then they'll have 18 runners that are placed all around the country that will go to the HDMI after it's deposited and pull them all pull on the hash output from your bitcoins and then what they'll do is they'll mail them like the actual caption only happen through the USPS to the address that you're giving to these hills

another funny think that I saw that we're doing to try and hide or get clean bitcoins is using a freelance websites that accepts bit 20 and payout per Bitcoin so ex v freelancer point ality and crypto bride what you would do is you set up two accounts as someone who is providing a freelance service and someone who needs one and then you act as the person on either side of the transaction and just follow the bitcoins through this website you can also do something like that with a webshop is set up square Etsy strike shop by a branch tree they all take Bitcoin out and then provide a service like I don't know online Reiki healing through the

internet or something and then your of course the person who is giving the service as well as the person who was wanting this service and so the money is just going to be stress was some of the worst guides I saw in terms of like having those sold whatsoever we're guys out starting your own charity so so the guys were like when you set up your charity website you have to put ssl lock icons everywhere it makes my mood chip there we got some starting your own church hilarious it's running your own pack your political action committees you which offers you especially under citizens united a lot of coverage in that area so these are some of the systems that take

bitcoin champ I as PayPal has a separate goodwill and charity sort of network there's Network are good and give well and what was really bad about these guys is almost all of them were like really excited about setting up the charity as a way to launder your money because not only can you move your own money through it but the chances of other people online feeling sorry for you and giving their own money that was pretty terrible I know that I hadn't seen all of the ways to cryptocurrencies and other digital currencies online and trying to tumble them or obfuscate them or all the ways to try and stop that and I definitely want to hear from other people and

things that they've seen or thought of and in this arena this is something that's very close to my heart and very passionate about and I like to hear from everybody on it that's my email address you can find yet there's a dot-com after that but that's it for me does anybody have any questions or comments yeah beginning of your slide back there you're talking about the pH diffie-hellman yes you're using secret ease was yourself the measuring of these now they would be generally lives Alex's own yes so they distrust charter just yeah yeah well I mean at least for that given transaction they do I mean they can generate new keys for you to transactions which if they weren't

they'd be done I mean personally the new shady stuff I hope they keep using the same Keys this variation of pH the reason is because we're doing a logarithm ease all those bands just like he showed they don't yell about the NSA go yellow now the NSA there has to be a god well no you're under arrest do these websites advise the kids search on his actual employment state under the FBI threshold no I mean they really should write like like you wear this $10,000 thing but no no they don't care yeah all right they've got it got enough people using their services that they don't need to really look out for so move investigates is

cybercrime or financial fraud both its and it really depends on what's where what the input is if the input is like stolen credit cards and of course the financial institutions would be more involved if the input is like hijacked rewards points accounts there's not the body response tattoos aren't going to be involved in that that's going to be like the internal or contracted to the owners of those rewards accounts doing the research on that

[Applause]