Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Ransomware hackers launder bitcoin through just a handful of locations, researchers find

Wednesday, January 27, 2021

Categories: ASCF News Cyber Security Economic Security

Comments: 0

It’s starting to look like the ransomware industry is developing its own version of the 1%, where a small number of players enjoy most of the wealth. 

Cybercrime investigators have suggested the spiraling trend of increasingly large ransomware cash demands and attack frequency is not the work of a large number of criminals, but instead the result of a specialized black market economy in which hackers will different skill-sets collaborate on a breach, then split the proceeds. A relatively small number of attack groups actually seem to make up most of that black market economy, offering their malicious software on a rental basis and then taking a sizable chunk of the profits and relying on money laundering to cover their tracks. 

Researchers now are tracking more of this activity via the blockchain, an accessible ledger through which public bitcoin transactions are recorded. When ransomware victims pay attackers to unlock their systems to decrypt their data, they typically use bitcoin, only for the transaction to be recorded on the blockchain. A new analysis of bitcoin deposit addresses tied to attack groups offers clues about hackers’ financial relationships, and the way they move their stolen funds.

Chainalysis, a software company that monitors public cryptocurrency movements and provides tools to law enforcement agencies, tracked $348.6 million in bitcoin that traveled through known ransomware wallets, according to findings provided exclusively to CyberScoop. The trends Chainalysis identified could reap gains for investigators, the company said.

Upon extorting victims, ransomware attackers move the vast majority of their funds, some 82%, to cryptocurrency exchanges and mixers — services that blend cryptocurrency from various sources to hide its place of origin. Attackers invest other funds into specific bitcoin deposit addresses, which function like public bank accounts for virtual currency. 

A closer inspection of this ecosystem suggests that just 199 deposit addresses received 80% of all funds sent by ransomware groups in 2020. Of the total 199, 25 accounts collected 46% of the funds. While the identity of the account-holders remains unclear, initial evidence suggests a small number of ransomware operators are doling out regular payments to frequent collaborators, or using the same deposit addresses to launder their funds. 

“We’re seeing the off-ramps of where this illicit money is going,” said Kim Grauer, head of research at Chainalysis. “We can see an address belongs to an affiliate if an account is consistently receiving, say, 60% of a payment.” 

The Chainalysis findings come as the private sector and international law enforcement agencies are scrambling to keep pace with ransomware gangs. The number of attacks against schools, hospitals and manufacturing firms has increased by a reported 311% over the past year, with demands now regularly exceeding $10 million from large corporate targets

Suspected hackers have mostly avoided apprehension, either because of their location outside U.S. jurisdiction or because the number of attacks have overwhelmed American investigators. If most big-time hackers are cashing their funds out of a small number of known bitcoin wallets, though, it could provide investigators with an opportunity to disincentivize the extortion efforts, Grauer said. 

“If there’s no way to cash out, then [victims] have the potential to recoup their funds,” she said.  

Researchers at the security firm TrendMicro and the threat intelligence company Intel471, which gathers data on suspected cybercriminals, previously have said a single ransomware attack may involve one group that specializes in malware development, and another in defeating anti-virus software and other niche professionals.  

A malware developer, for instance, may leverage their reputation in the cybercriminal underground to contact an illicit data broker with access to hacker networks in a specific company. The partnership might then expand to include specialists capable of exploiting that network access to infect the organization, then a negotiation service that handles direct conversations with a breached company or its lawyers. Each entity takes a cut, driving up the efficiency of the hack and size of the demand. 

U.S. investigators, for instance, say they caught accused ransomware operator Maksim Yakubets bragging to an associate that he works with “two teams who worked with his malware and botnets and that each team has their own spammers,” according to an indictment. 

The FBI’s Internet Crime Complaint Center received 2,047 ransomware complaints from U.S. victims in 2019, the most recent bureau figures available, resulting in adjusted losses of roughly $8.9 million. With an apparent shortage of data, the FBI has turned to the insurance industry and security firms to gather more information about hacking groups, their tendencies, demands and perhaps glean insights that might lead to their apprehension.

Photo and Link: https://www.cyberscoop.com/ransomware-hack-bitcoin-money-laundering-chainalysis/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.