Paying for your crimes with Bitcoin
Davey Winder examines the online equivalent of cash-in-hand payments
It’s become increasingly clear over only two years that Bitcoin is now the currency of choice for the discerning cybercriminal. “Bit-what”, do I hear you ask?
I wouldn’t be surprised if Bitcoin has flown in below your radar, because many dismiss it as play money, a variation on World of Warcraft’s Gold theme. However, there’s far more to Bitcoin than gamers’ virtual gold – it’s a complete digital crypto-currency with no real-world regulation to interfere with its value, and no proprietary ties to hold back its spread.
Bitcoins, usually abbreviated to “BTC”, are binary tokens stored in digital wallets, and the important point about them is that they’re totally decentralised, with no equivalent of the Bank of England to determine what they’re worth at any given time.
It's a complete digital crypto-currency with no real-world regulation to interfere with its value, and no proprietary ties to hold back its spread
There can be nothing similar to “quantitative easing”, printing money, in the virtual Bitcoin economy, because there can never be more than 21 million BTCs in circulation. In fact, there are no banks at all, not even virtual ones, since BTCs are bought, sold and exchanged directly between people via a peer-to-peer network.
They’re far more like real-world gold than Warcraft Gold, because they’re finite in quantity, and you have to mine them in the first place. Yes, that’s right – you donate your computing resources to the Bitcoin network via a mining client and are rewarded with cryptographically signed BTC blocks in return, assuming that you donate sufficient CPU power.
This may sound pretty libertarian and cool, a blow struck against the demon bankers – and perhaps it is, until you introduce an inevitable note of caution concerning cybercrime.
Paying for crime
The bad guys quickly realised that they can “mine” BTCs using botnets of malware-infected PCs, and have started creating and distributing malware for that sole purpose.
They’ve also understood that its lack of an audit trail makes Bitcoin the ideal currency for nefarious transactions. Dodgy geezers have traded in hard cash for years, and the bad guys who deal online now use this online equivalent of untraceable cash-in-hand payments.
However, there’s currently a debate going on within the cybercrime research community as to how anonymous Bitcoin really is.
Its anonymity is what attracts money launderers and illicit traders in the first place, and if this turns out to be not quite so anonymous, then the whole edifice is built on unstable ground from the criminals’ viewpoint. The main argument is that there can be no real anonymity when using an open-source project such as this, because it employs a public database of transaction data.
This database, or master registry, of confirmed transactions, is known as the “block chain” and is maintained collectively by all the computers that use the Bitcoin network.
Now I’m not a lawyer, but it would seem to me that obtaining a warrant to analyse this transactional data ought to be dead easy, given the open nature of the block chain.
Financial data investigation tools are pretty advanced these days, and both software pattern matching and expert forensic accounting could be applied to extract the kind of evidence required to identify perpetrators and take them to court.
This argument certainly has some force, but I’m not sure that it fully grasps the nettle of BTC anonymity, which involves something called a “Bitcoin mixer”.