Anatomy of crypto -assisted cybercrime

oligopolis dominate everything around us. Our emphasis below.

By compiling a large number of public, proprietary and hand-gathered data, including Dark-Web talks in Russian, we carry out the first detailed anatomy of crypto-assisted cybercrime and emphasize relevant economic problems. Our analyzes A few organized ransomware gang dominate the space and have developed into sophisticated, company-like operations with physical offices, franchising and partner programs. Your techniques have also become more aggressive over time and contain several levels of blackmail and reputation management.

This is from the summary of an interesting new article by Lin William Cong, Campbell Harvey, Daniel Rabetti and Zong-Yu Wu. It is a fairly comprehensive view of the criminal ecosystem that was built on the cryptocurrency boom and is enough for hacking, money laundering, fraud, ransomware, sex cortification and illegal trade.

Obviously the data on these crimes are quite dark, but when it comes to organized ransomware, Chainalysis assumes that the largest gangs - mainly Conti, Darkide and Phoenix Cryptolocker - blackmailed at least $ 180 million from the victims in 2021.

Some of them, such as Conti and Darkside, work as a "ransomware-as-a-service", which means that they rent their know-how to subsidiaries. The paper notes that these gangs "even set up physical offices to operate their ransomware shops, just like normal high-tech companies", and contained this section of a negotiation between a victim and a ransomware gang.

- victim: "We thought we would have almost 6 days. Our leadership is currently checking the situation and determining the best solution."

-attacker: "Until we are waiting for your answer to the situation. We have stopped the DDOS attack on your domain, you can switch on your website. Also your blog where hidden. Nobody will see information about it until we have not agreed. We have already set up other instruments that have already been processed today."

- victim: "Okay, thank you. We want to work with you. We only need some time in this difficult situation." - Victim: "Can you please tell us what we receive after receipt of payment?"

- Attack: "You receive: 1) Complete decryption of your systems and files 2) Complete file tree 3) We delete files that we have taken away 4) Check your network“

- Victim: "This situation is very difficult for us and we fear that we will be attacked again or pay and you still publish our data. What assurance or evidence of deleting files can you give us?"

- Attack: "We have a call and word, we also worry about our call. After a successful completion, you will receive: 1) Complete file rooms of your files 2) After your confirmation, we will delete all information and send you as evidence video, we are not interested in passing your own data on to third parties. So we never work."

Because if you cannot trust the word of a shady crypto-capable ransomware company that your company has paralyzed and the management is re -angented, what is really the point?

The paper was not written by anti-crypto steerers, whereby the authors emphasize that they believe that cryptocurrencies and decentralized finances "may promote financial inclusion, reduce transaction costs, increase security and provide new capital for startups". (We find that Cam Harvey is the author of a book about Defi).

You also argue that attempts to simply ban the entire room do not work and would probably be harmful.

A unit solution, such as restricting or prohibiting the use of cryptocurrencies by individuals or organizations, is problematic for three main reasons. First, this is not a national problem. Blockchains exist in several countries and strict regulations in a certain country or a certain jurisdiction have little or no effects outside of this country. As we saw in other global initiatives (e.g. CO2 tax proposals), it is almost impossible to achieve global agreement. Second, cryptocurrency, although it is an important problem, plays a small role in the overall picture of illegal payments. Physical cash is really anonymous, and this can indeed be responsible for the fact that 80.2 % of the value of the US currency is $ 100. It is rare that consumers use $ 100, and it is also rare that retailers are willing to accept them. Third, and this is most important, all advantages of the new technology are eliminated if the use of cryptocurrencies in a country is fully set. In addition, it gives the country a potential competitive disadvantage. For example, a ban on crypto is effectively excluding from participating in web3 innovations.

Maybe. But although it is true that blockchain transparency could enable a tedious but effective analysis of crypto-assisted cybercrime, it is difficult not to believe when reading this report that the means of transparency is theoretical, but the costs are real.

At the beginning of this year, Conti was not reversed for sophisticated blockchain analysis and experienced law enforcement, but because it supported the Russian invasion in Ukraine. This meant that an angry insider - supposedly a Ukrainian hacker - had the entire tool kit and the internal chats of the group seeped through. Oops.