An anatomy of crypto-enabled cyber crime

Oligopolies rule everything around us. Our emphasis below.

Assembling a diverse set of public, proprietary, and hand-collected data including dark web conversations in Russian, we conduct the first detailed anatomy of crypto-enabled cybercrimes and highlight relevant economic issues. Our analyses reveal that a few organized ransomware gangs dominate the space and have evolved into sophisticated firm-like operations with physical offices, franchising, and affiliation programs. Their techniques also have become more aggressive over time, entailing multiple layers of extortion and reputation management.

That is from the synopsis of an interesting new paper by Lin William Cong, Campbell Harvey, Daniel Rabetti and Zong-Yu Wu. It is a fairly comprehensive look at the criminal ecosystem built on top of the cryptocurrency boom, ranging from hacking, money laundering, scams, ransomware, sextortion and illegal commerce.

Obviously, the data on these crimes are pretty murky, but when it comes to organised ransomware, Chainalysis reckons that the biggest gangs — primarily Conti, DarkSide, and Phoenix Cryptolocker — extorted at least $180mn from victims in 2021.

Some of these, like Conti and DarkSide, operate as “ransomware-as-a-service”, which means they lease out their expertise to affiliates. The paper notes that these gangs have “even set up physical offices to conduct their ransomware business, just like regular high-tech companies”, and included this snippet of a negotiation between a victim and a ransomware gang.

— victim: “We thought we have almost 6 days left. Our leadership is currently reviewing the situation and determining the best resolution.”

— attacker: “Until we waiting for your reply on situation. We stopped DDoS attack to your domain, you can switch on your website. As well your blog, where hidden. Nobody will see information about that, until we will not get in deal. We stopped already other instruments which already where processed today.”

— victim: “Okay, thank you. We want to cooperate with you. We just need some time during this difficult situation.”–victim: “Can you please tell us what we will receive once payment is made?”

— attacker: “You will get: 1) full decrypt of your systems and files 2) full file tree 3) we will delete files which we taken from you 4) audit of your network”

— victim: “This situation is very difficult for us and we are worried we may get attacked again or pay and you will still post our data. What assurances or proof of file deletion can you give us?”

— attacker: “We have reputation and word, we worry about our reputation as well. After successful deal you will get: 1) full file trees of your files 2) after you will confirm we will delete all information and send you as proof video, we are not interested in to give to someone other your own data. We never work like that.”

Because if you can’t trust the word of a shadowy crypto-enabled ransomware company that has paralysed your company and is extorting senior management, then what is the point, really?

The paper is not written by anti-crypto zealots, with the authors stressing that they think cryptocurrencies and decentralised finance “potentially promote financial inclusion, reduce transactions costs, increase security and provide new capital for startups”. (We note that Cam Harvey is the author of a book on DeFi).

They also argue that attempts to simply outlaw the whole space won’t work and would likely be harmful.

A one-size-fits-all solution, such as restricting or banning cryptocurrency usage by individuals or organizations is problematic for three major reasons. First, this is not a national problem. Blockchains exist across multiple countries and harsh regulations in a particular country or jurisdiction have little or no effect outside that country. As we have seen from other global initiatives (e.g., carbon tax proposals), it is nearly impossible to get global agreement. Second, while an important problem, cryptocurrency plays a small role in the big picture of illegal payments. Physical cash is truly anonymous and, indeed, this may account for the fact that 80.2% of the value of U.S. currency is in $100 notes. It is rare the consumers use $100 bills and it is equally rare that retailers are willing to accept them. Third, and most importantly, expunging all cryptocurrency use in a country eliminates all of the benefits of the new technology. Even further, it puts the country at a potential competitive disadvantage. For example, a ban on crypto effectively eliminates both citizens and companies from participating in web3 innovation.

Perhaps. But while it is true that blockchain transparency might enable arduous but effective analysis of crypto-enabled cyber crime, reading this report it’s hard not to think that the transparency remedy is theoretical, but the costs are real.

For example, Conti was not undone earlier this year because of sophisticated blockchain analysis and law enforcement savvy, but because it backed Russia’s invasion of Ukraine. That led to an angry insider — supposedly a Ukrainian hacker — to leak the group’s entire toolkit and internal chats. Whoops.