Why criminals cant hide behind Bitcoin

first_imgBitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as 3 years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.” Exactly that scenario is playing out now. On 20 January of this year, 10 men were arrested in the Netherlands as part of an international raid on online illegal drug markets. The men were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol. The challenge is that the Bitcoin network is designed to blur the correspondence between transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow between their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke first. © Lucas Jackson/Reuters The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners honest. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates 25 new Bitcoins for the miner. This is how Bitcoins are minted. Matthee is part of a team launching a new anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The goal is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent abuse, “we are going to try our best to filter out known keywords for drugs or worse.” Sign up for our daily newsletter Get more great content like this delivered right to you! Country Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in return for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours. Click to view the privacy policy. Required fields are indicated by an asterisk (*) But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the newly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief tried to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to push large amounts of Bitcoin through mixing services secretly. It’s extremely noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question. Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may finally go mainstream. Some banks already rely on a cryptocurrency called Ripple for settling large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California. By 2013, millions of dollars’ worth of Bitcoins were being swapped for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs. Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a 2008 academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.” Investigators quietly collected every shred of data from Silk Road—from the images and text describing drug products to the Bitcoin transactions that appear in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing piece of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers. If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the demand for financial privacy won’t disappear, and new systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa. This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin carefully, your identity was protected behind the cryptographic wall. But now even that confidence is eroded. If the data flowing through the network were perfectly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be impossible to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from perfect. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the owner of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a whole backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed. Read more of our special package that examines the hurdles and advances in the field of forensicsAcademic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a new field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.” Country * Afghanistan Aland Islands Albania Algeria Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Cote d’Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People’s Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People’s Democratic Republic Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Martinique Mauritania Mauritius Mayotte Mexico Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Qatar Reunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Vietnam Virgin Islands, British Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe When Bitcoin first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it harder for them to do their job.” But as the arrests and convictions have rolled in, “there’s a steady shift toward seeing cryptocurrency as a tool for prosecuting crimes.” Even in the strange new world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can follow the money.” Email Strictly speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents nearly 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on 1 July 2014. The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful tool for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can suddenly make your entire financial history public information. Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next move may go to the criminals.Correction, 11 March, 4:27 a.m.: A previous version of this story attributed this quote to Bitcoin developer and investor Martti Malmi, but Malmi tells Science that it was manufactured by a cyberbully. As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $5.6 billion. That money is very safe from theft, as long as users never reveal their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail begins. As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfortable discussing the details”—was one of the first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by swapping many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is impossible to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says. The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox. The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their whole criminal history,” she says. “It’s like discovering their books.” Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in New York City in January 2014. Shrem was later sentenced to 2 years in prison for laundering money on Silk Road. C. Smith/Science Among the first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We wanted to see everything,” Philip Koshy says. Those Bitcoins have been split up and changed hands numerous times since then, and all of these transactions are public knowledge. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger shared across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain. Ultimately, they were able to map IP addresses to more than 1000 Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The New York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their technique has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake nodes on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)last_img read more

Read More

A report about Plan Ss potential effects on journals marks a busy

first_img Email Country * Afghanistan Aland Islands Albania Algeria Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Cote d’Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People’s Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People’s Democratic Republic Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Martinique Mauritania Mauritius Mayotte Mexico Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Qatar Reunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Vietnam Virgin Islands, British Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe It’s been a busy week for the open-access movement, the effort to make all scientific journal articles immediately free to read. Making that change would require a major shift in most journals’ business models, from one that charges subscribers to read articles to one in which authors pay to publish. Among the developments: The report on Plan S, released 1 March, examines several ways in which the proposal could affect and challenge journals. It comes from Clarivate, the analytics firm that tracks journals in its Web of Science database and assigns them journal impact factors. Clarivate examined 3700 journals that in 2017 published at least six articles acknowledging a Plan S funder; of these, 3200 are not in the Directory of Open Access Journals, a comprehensive listing, and so cannot be compliant with Plan S.The Clarivate report describes how Plan S may have a significant effect on authors even in countries whose funders don’t sign on: It identified 40,000 articles published in 2017 that involved collaborations between researchers in a European country and those in the rest of the world. At several U.S. universities—including the Massachusetts Institute of Technology in Cambridge and the California Institute of Technology in Pasadena—more than 15% of papers listed Plan S funding. Papers produced with any Plan S funding would be required to publish in a Plan S–compliant journal. ISTOCK.COM/PURPLEANVIL Many journals aren’t prepared to meet the requirements of Plan S, the proposal largely by European funders to require grantees to publish articles that are immediately open access, a report from a science publishing analytics company says. Springer Nature, one of the largest publishers of scientific journals, and the networking website ResearchGate began an experiment making some articles open access through authors’ profiles on the website. By Jeffrey BrainardMar. 6, 2019 , 4:45 PM Sign up for our daily newsletter Get more great content like this delivered right to you! Country A report about Plan S’s potential effects on journals marks a busy week for the open-access movement Plan S may significantly affect authors even in countries whose funders don’t sign on, a report says. Click to view the privacy policy. Required fields are indicated by an asterisk (*) The publisher Springer Nature in London began a pilot project allowing the networking website ResearchGate to post some full-text, freely accessible articles from select Nature-branded journals, including the flagship. The 3-month pilot will upload at least 6000 articles, published after November 2017 in 23 subscription-only journals, to the ResearchGate profiles of the scientists who authored the articles. Berlin-based ResearchGate, which counts 15 million scientists and researchers worldwide as members, has been sued by other publishers for copyright infringement for allowing its users to upload paywalled journal articles to their profiles.In a 1 March news release, Springer Nature said the pilot will gather feedback from scientists and institutions to allow it to develop new models for providing access to articles; in another statement, ResearchGate said it hopes the experiment will increase collaborations among scientists. “This pilot project represents the first significant experiment with the syndication of publisher content to a content supercontinent,” writes Lisa Janicke Hinchliffe, a librarian at the University of Illinois in Champaign, on The Scholarly Kitchen blog.Michael Eisen, named on 5 March as the new editor-in-chief of eLife, helped pioneer multidisciplinary, purely open-access journals through his work starting PLOS Biology in 2003 and other PLOS journals. A professor of integrative biology at UC Berkeley, he stepped down from PLOS’s board in 2018 but has remained a vocal advocate for open access.In a news conference, Eisen said eLife and other journals should experiment to find ways to remain or become financially viable while expanding access to their content. Open-access journals may need new funding models beyond charging authors article-processing fees, he said, in part because selective journals, such as Science and Nature, would likely have to charge prohibitively high author fees to cover the costs of reviewing the many articles they reject.Eisen said it was too soon to comment on how and when eLife might no longer require subsidies. Since it was founded in 2011, the journal has been subsidized by the Wellcome Trust of London and other funders because revenues haven’t covered expenses, even after the journal began to charge an author fee of $2500 in 2017.A rift over open access opened between one of the world’s largest research universities and its largest scientific publisher. After monthslong talks broke down, the UC system announced 28 February it will stop paying to subscribe to journals published by Elsevier, headquartered in Amsterdam. The university says Elsevier would not agree to a package deal that would make all articles published by UC authors immediately free for readers worldwide while providing a break on subscription fees. eLife, a leading, purely open-access journal, named Michael Eisen, one of the founders of the  PLOS journals, as its new editor-in-chief. One of the largest U.S. research institutions, the University of California (UC) system, said it will stop subscribing to journals published by the largest scientific publisher, Elsevier, because of a disagreement over open access.last_img read more

Read More