Let’s say, you are a hacker with a plan. You have it all figured out. You feel invincible and untouchable. Why? Because you believe you’re invisible and untraceable.
You’re betting on Bitcoin as your ransomware ticket to the “cyber gangsta’s paradise.” But, there’s a catch.
Two things that define not just Bitcoin, but all cryptocurrencies, volatility and transparency are working against your cybercrime masterplan. Here are some real-life examples.
You know that the sh*t has hit the fan when Reuters has to use the cheesy phrase “in history.” A leak of personal data from the Shanghai National Police (SHGA) database has exposed one billion Chinese citizens in the worst way imaginable. We are talking about the billions of names, addresses, birthplaces, national ID numbers, mobile numbers, including all crime/medical details (?!).
The timing couldn’t be worse because, “last year, China passed new laws governing how personal information and data generated within its borders should be handled.”
Then a hacker with a lazy nick “ChinaDan” and a nice avatar (sue me, but I’m a helpless cyber-aesthete) posted this:
Hey, you can even get a “small” sample of 750K people. ChinaDan is a businessman.
Reuters was unable to verify the authenticity of the post.
You know what they say, where there's smoke, there's fire. Weibo (the Chinese version of Twitter) didn’t have time to waste on the news verifications, and before you knew it, the hashtag “data leak” was banned.
There’s one thing that is authentic and proved beyond any doubt, though.
The Hacker, AKA “ChinaDan,” Sucks At Math!
Is this a joke? First, you steal more than 23TB of personal data, and then, you ask 10 (ten) BTC for it. Is this the most expensive typo in the history of hacking? How much is that? Around $200K, give it or take. We are in a recession, alright.
I wasn’t the first one on Twitter to connect-the-dots between this “outrageous” ransom(ware) crypto-amount and Dr. Evil’s inflation problems. So, all credits for my story’s meme to this Twitter user:
This guy, ChinaDan or whatever, obviously hasn’t seen “Armageddon.” Learn how to negotiate from the best, buddy:
https://www.youtube.com/watch?v=V0vy33Br_3s
Is There No Honor Among Cyber Thieves?
This was a rhetorical question.
Somebody hated school, and later, learned how to code.
“Netherland-based Maastricht University (UM) is set to recover nearly €500,000 ($512,150) worth of Bitcoin (BTC) after the police authorities managed to solve the infamous ransomware attack in December 2019.”
The invaluable research data was at stake. In this particular case, the timing was volatile. In 2019, the hackers asked and got €200,000 in Bitcoins, during the crypto winter, if I’m not mistaken. Then, the university got back with the help of the authorities two times more, and some “change,” in 2021 thanks to the bull run.
The executive board of the university has decided to utilize the recovered funds to help students in financial need.
Crime doesn’t pay, does it? And, while we’re at it, let’s destigmatize Bitcoin’s “association” with shady transactions, once and for all.
“While critics often portray crypto as an opaque and anonymous system preferred by criminals, research data indicate that less than 1% of current crypto in circulation is associated with illicit activities.”
Here’s a chart worth a thousand Bitcoins (not to be mistaken for the NFTs):
Even the Colonial Pipeline Will Be Fine
The Justice Department's seizure of ransom paid by Colonial Pipeline to hackers shows that cryptocurrency may not be that untraceable after all
I already wrote about the Colonial Pipeline hack. I didn’t know that almost 85% of the ransom was recovered in the meantime.
Who wouldn’t agree that this number, “highlights how successful U.S. law enforcement has been in developing the capacity to execute this sort of complex operation using blockchain analysis in real-time,” said David Carlisle, director of policy and regulatory affairs with London-based Elliptic, a provider of risk management systems for the cryptocurrency industry. “It also points to the underlying traceability of crypto, which can be used as a powerful tool and asset against criminals. Law enforcement are becoming very adept in their use of blockchain analytics capabilities to disrupt illicit activity, and this is one of the best examples of that we’ve seen to date.”
Now, there are some “technicalities,” which don’t undermine the success but raise some “interesting” questions. For example, how did the FBI get in possession of the private key(s) to unlock the bitcoin wallets linked with the ransom? Also, the timing was worth paying attention to. Not only did the FBI know how to access these crypto funds, but also when. Meaning, when the price was the best one you could get on the crypto market.
The Last Station for Ransomware Nation Isn’t Bitcoin
The cybercriminals got the message. Even if they start with and use Bitcoin to achieve their ransomware initial plans, they know that the good old cash is the final stop. Money doesn’t grow on trees, but it can be buried in the ground. Yeah, no joke.
The modern cyber-pirates have to go back to the treasure island times, and rely on a good memory. “Narcos” season two offers more practical pieces of advice on “farming” dirty money compared to “Breaking Bad.”
“Despite his best efforts, however, even Escobar couldn’t spend all that money, and much of it was stored in warehouses and fields. According to his brother, about 10%, or $2.1 billion, was written off annually—eaten by rats or destroyed by the elements. In some cases, it was simply lost.”
I’m convinced that crypto-ransomware payment demands in Bitcoin or any other cryptocurrency are already or will pretty soon become a thing of the cybercriminal past.
What do you think? Let me know in the comments. All of my stories’ comments are in the “Townhall Mode,” so shoot. Wait! Wrong word. Type. Peace!