how to investigate cryptocurrency crimes

The Irishman, Conor Freeman, 21, was identified by the United States Department of Homeland Security last week (18) and confessed to having “participated in attacks, theft of cryptocurrencies, dishonest computer operation to make a profit and consciously get involved possession of proceeds of crime ”.

Freeman was sentenced to three years in prison on charges of participating in a group of cybercriminals who made SIM Swap attacks to steal various people’s cryptocurrencies in 2018. According to The Irish Times, the group stole 42.75682712 bitcoins, the equivalent of more than $ 2 million.

In addition to Freeman, the group had members who were internal professionals in telecommunications companies, who sent the chips to cybercriminals. The victims were found online, on social media. With the chip in hand, they benefited from the privileges of the phone number to “recover the password” from the victims and access their accounts, especially the cryptocurrency wallets.

Since its creation in 2008, cryptocurrencies have become an efficient means for criminals to operate their illegal businesses, without the government or the police knowing about it, since cryptocurrencies carry this idea of ​​traceability and anonymity.

According to the study “The rise in the popularity of cryptocurrencies and associated criminal activity”Published by the International Criminal Justice Review in 2019, the crime blockchain encompasses since tax evasion, money laundering, pyramid schemes, theft and theft of cryptocurrencies and even kidnappings.

“As the demand for cryptocurrencies increases, it offers opportunities for criminals to hide behind alleged privacy and anonymity. The identification of these cryptocurrency-related crimes presents challenges to law enforcement due to the cross-border nature of transactions, the use of evasion technology to mask the identity of users and inconsistent regulations ”, write researchers Sesha Kethineni and Ying Cao, from the University of Prairie View in the United States.

In the glue of the bandits

While cryptocurrencies carry this idea of ​​traceability, they are actually quite traceable. According to Daniel Coquieri, COO at BitcoinTrade, specifically bitcoins are fully traceable because the blockchain is public. “It is possible to track all portfolios and transactions and identify where the transfers are going,” he says.

“There are platforms that do what we call a blacklist or whitelist, which are portfolios that are already identified in some way as portfolios that transact stolen bitcoins or that have been targeted in certain portfolios. Thus, these portfolios are blocked and the world’s leading bitcoin exchange agencies do not allow you to receive money from stolen wallets”, Explains the executive.

Human failures and lack of attention are starting points for starting an investigation in the case of theft of cryptocurrencies. “Because they believe in impunity, cybercriminals fail to take the necessary precautions to maintain anonymity”, Says Sergio Hussein, Civil Police Officer specializing in cyber crimes in the state of São Paulo.

The policeman explains that, like the Irish, many Brazilian cybercriminals bet on SIM Swap to gain access to the victims’ phone numbers. With a copy of the chip in hand, it is possible to request “password recovery” with SMS authentication and thus break into accounts that use two-factor authentication (the second factor being an SMS message). “In many cases that I participated in, criminals used SIM Swap to circumvent the second factor of authentication,” he says.

BitcoinTrade COO Daniel Conquieri comments that brokers are able to analyze transaction data and identify where they came from. “A user can open a private wallet and start to move in secret. However, when he is going to operate in a large international broker, these portfolios will relate and the broker will identify that the deposit came from another portfolio, from the same owner…. In fact, the market has been evolving on this issue of traceability ”.

Another security tool of brokers to prevent theft of cryptocurrencies is the possibility to analyze, in an automated way, the behavior of a user in his account. For example, if a customer who usually logs in from São Paulo and after 15 minutes appears with a login in Rio de Janeiro, the broker identifies it as fraud and blocks withdrawals.

But if in case the security tools of the brokers are not enough to identify the criminal (due to the anonymity offered by cryptocurrencies), the police investigate the other means used in the crime (the unencrypted steps) and with that, get closer to the suspects.

Cryptocurrency theft is a complex attack and until a criminal reaches a victim’s wallet, it is necessary to carry out other attacks beforehand, such as phishing, SIM Swap, physical phone theft, malware distribution and others. It is in these situations where criminals are more likely to slip and leave an identifiable trail.

Both in research and in personal protection, it is the same thing: “having a residence, with cameras, electric fence and alarm, but keeping the key under the rug makes all security tools useless”Explains Hussein.

What to do in cases of theft of cryptocurrencies

Hussein explains that it is common for cases where victims send their password information to other contacts in text messaging apps, or keep the credentials noted in the smartphone’s notes app. “Have you ever stopped to think, if a criminal subtracted your unlocked cell phone, what data could he get?”, He asks.

“One of the operations I participated in investigated groups that stole an average of 200 cell phones per day, most of these were already stolen unlocked, as the victim was surprised when he was using GPS or some other application. Of the 200 cell phones, in 40% of these, criminals managed to find passwords simply by searching the word “password” on the smartphone.

Hussein recommends avoiding sending sensitive data in conversations, let alone writing passwords in the notes app. To avoid being a victim of SIM Swap, it is recommended that you contact your telephone operator to establish a password for the cell phone chip, so that it asks for a password if you change handsets or have your SIM card cloned.

Coquieri recommends that any suspicious activity in a cryptocurrency wallet must be urgently reported to the responsible broker, and if it is necessary to register a police report in police stations specialized in digital crimes.

“The victim must inform the company of what happened and request that he / she keep the access and transaction history, to later collect the largest amount of information by reporting to a specialized police station… The investigative process is confidential, but the police are effectively fighting this type of crime, placing criminals to respond to their actions before justice, including the seizure of all assets arising from the seized crimes ”, concludes Hussein.

Sources: The Irish Times; ICJR.