Rise of cryptocurrency attacks: Inside dark web investigations

Defense against the dark crypto arts  

More cybersecurity safeguards have been added to cryptocurrencies with so much at stake. And more experts from IT and law enforcement have gotten involved. 

One notable example is Lili Infante, CEO and founder of crypto forensics and cybersecurity company CAT Labs. She previously operated as a special agent for the U.S. Department of Justice for a decade, specializing in cryptocurrency as part of dark web investigations. As well as running a DoJ crypto task force, she partnered with intelligence and law enforcement organizations worldwide. Her initial background was in economics. That led her into the field of Bitcoin and, from there, into cybercrime.

“The explosion of cryptocurrency into the mainstream made it very easy to monetize hack scams and fraud,” said Infante on a recent Cyber Work Podcast. “A degree in economics gave me a good base of knowledge into the world economic system works, as well as quantitative and qualitative skills.”

Dark web investigations

Dark web cases are unique. They have features that are quite different from traditional cases: anonymous criminals, virtual rather than physical heists, the use of technology to breach systems and cover one’s tracks, difficulty in nailing down the location of perpetrators and their servers and the fact that co-conspirators may not even know each other.

In a dark web market, Infante relates how people openly discuss selling drugs and committing crimes against children. She describes it as being like an Amazon.com for drugs and illicit goods and services. There are even reviews and ratings of vendors and participants.

Learn Blockchain Security

Build your blockchain security skills with five courses covering blockchain structure, blockchain attacks, smart contract security and more.

Start Learning

“These are giant enterprises that can be worth billions of dollars,” said Infante. “All of this brings an extra layer of complexity to forensics and criminal investigation.”

In a traditional drug case, for example, you catch a low-level drug dealer, arrest them and get them to flip against their source of supply. You work along the chain until you get to the big fish in a cartel. In the case of the dark web, none of them know each other. The step-by-step process of flipping someone against someone else isn’t possible. Law enforcement efforts, therefore, must target the big guy right away.

The good news is that law enforcement no longer must laboriously plant an operative inside a criminal organization to get results. They can do undercover work and use the dark web's anonymity to find the correct targets. But time and patience are essential parts of the job description. 

“I’ve had dark web cases running for four years, during which time you have to identify the administrators of the market, those selling illicit goods and services and those dealing with the crypto and finance components,” said Infante. “The vendor case is very different from an administrator or money launderer case.”

Dark web market takedowns  

If law enforcement takes a market down, the perpetrators can rapidly reestablish another. That’s why it is vital to identify and prosecute the administrators. Most of these people are young and technically gifted computer scientists. Many don’t have anything to do with buying or selling on the dark web. They’re just doing the infrastructure and raking in the rewards. They can make millions of dollars from commission funds or commission fees from each transaction on the market. 

“We usually attack all of the vectors of the investigation all at once,” said Infante. “We always go after at least one vendor on the market and try to identify and prosecute them. We need to prove that the crime is occurring in the United States in whatever jurisdiction you're prosecuting the case out of.”

She added that if you just after the administrator, you usually can’t get enough evidence of the venue for criminal activities to prosecute successfully.

Learn Blockchain Security

Build your blockchain security skills with five courses covering blockchain structure, blockchain attacks, smart contract security and more.

Start Learning

Cryptocurrency attack approach 

Infante reveals that many traditional vulnerabilities are also exploited in the crypto world. Web 2.0 attack vectors against content delivery networks are used against crypto protocols and companies. Social engineering is a huge factor, as is improper key management in stealing crypto.

Blockchain crypto-specific avenues of encroachment include price oracle attacks, governance attacks and zero-day exploits. In addition, crypto is being used by malicious state actors to fund their operations. Crypto makes it easy to transfer value across borders and has an immutable quality that makes it attractive. Once the transfer happens, there is little you can do about it.

CAT Labs, she added, builds digital asset recovery and cybersecurity tools that help to fight crypto-enabled crimes. These tools allow the government to address these crimes. They remove some of the technical bottlenecks they face when dealing with these crimes.

“I know what the bottlenecks are with these cases, so building tools to address those areas was the best path forward for me,” said Infante. “We’re looking into the next frontier of cryptography, one area of which is fully homomorphic encryption.”

For more, watch the full Cyber Work Podcast, The current state of crypto crime.