Category Archives: Crime

BTC-e Operator Pleads Guilty To Money Laundering Conspiracy



A Russian national pleaded guilty today to conspiracy to commit money laundering related to his role in operating cryptocurrency exchange BTC-e from 2011 to 2017, the U.S. Department of Justice reported. 

According to court documents, Alexander Vinnick, 44, was one of the operators of BTC-e, which was one of the world’s largest virtual currency exchanges. From its inception in or around 2011 until it was shut down by law enforcement in or around July 2017 contemporaneous with Vinnik’s arrest, BTC-e processed over $9 billion-worth of transaction and served over one million users worldwide, including numerous customers in the United States.

“Today’s result shows how the Justice Department, working with international partner, reaches across the globe to combat cryptocrime,” said Deputy Attorney General Lisa Monaco. “This guilty plea reflects the Department’s ongoing commitment to use all tools to fight money laundering, police crypto markets, and recover restitution for victims.”

Despite doing substantial business in the United States, BTC-e was not registered as a money services business with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), as federal law requires.

BTC-e had no anti-money laundering (AML) and/or know-your-customer” (KYC) processes and policies in place, as federal law also requires. BTC-e collected virtually no customer data at all, which made the exchange attractive to those who desired to conceal criminal proceeds from law enforcement.

Coindesk reported Alexander Vinnik, one of the operators behind the BTC-e crypto exchange, pleaded guilty to a charge of conspiring to commit money laundering on Friday, the U.S. Department of Justice announced.

Vinnik was an operator of BTC-e between 2011 and 2017, the DOJ said, and the exchange processed more than 1 million users transacting over $9 billion in crypto during that time.

BTC-e was linked to the hack of now-defunct crypto exchange Mt. Gox after it was used to launder some 300,000 (BTC) from Mt. Gox. BTC-e was shut down in July 2017, at the same time Vinnik was first arrested.

Bitcoin Insider reported Alexander Vinnik, a Russian national who operated the crypto exchange BTC-e, pled guilty to charges of money laundering conspiracy in the US on May 3, according to a Bloomberg report.

BTC-e was one of the world’s largest crypto exchanges between 2011 and 2017. According to the prosecutors, it processed transactions worth $9 billion and had a customer base of over 1 million worldwide.

Prosecutor claim the BTC-e did not have a vetting system and allowed criminals to convert illicit cash into cryptocurrencies like Bitcoin anonymously. The prosecutors stated that the exchange was found to have handled Bitcoin traced to a Russian military intelligence hacking unit that was responsible for releasing Democrats’ emails during the 2016 U.S. elections in an attempt to sway votes.

In my opinion, those who engage in cryptocurrency scams such as the one Vinnick was involved in should have known that the Department of Justice was looking into what was happening at BTC-e.


DOJ Seized $3.6 Billion in Stolen Cryptocurrency



The U.S. Department of Justice (DOJ) has arrested two individuals for an alleged conspiracy to launder cryptocurrency that was stolen during the 2016 hack of Bitfinex, a virtual currency exchange. According to the DOJ, the cryptocurrency that was seized is presently valued at $4.5 billion. Law enforcement has seized over $3.6 billion in cryptocurrency linked to the Bitfinex hack.

“Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals,” said Deputy Attorney General Lisa O. Monaco. “In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions. Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”

The Wall Street Journal reported that the two people were both arrested without incident Tuesday morning in Manhattan. They have promoted themselves on social media as entrepreneurs with deep knowledge of tech and a love of travel.

According to The Wall Street Journal, at the couple’s appearance in Manhattan court, U.S. Magistrate Judge Debra Freeman set bond at $5 million for Mr. Lichtenstein and $3 million for Ms. Morgan, requiring that their parent’s homes be posted as security. The judge also ordered that they not have devices with internet access and prohibited them from conducting cryptocurrency transactions.

The two are facing charges related to conspiracy to commit money laundering and conspiracy to defraud the U.S. They were not charged with the hack of Bitfinex.

IBM explains that the blockchain has an immutable record of transactions. No participant can change or tamper with a transaction after it’s been recorded to the shared ledger. Transactions are recorded only once, eliminating the duplication of efforts that’s typical of traditional business records.

In short, the couple who allegedly attempted to launder a large amount of cryptocurrency left a trail of transactions that the Department of Justice used to discover the scheme. I’ve seen people on social media suggest that the blockchain is private and untraceable. However, the DOJ was very able to find the information they needed.


Hacker Gets 27 Months in Prison for DDoS Attacks



A few years ago, a hacker decided to be a jerk right around Christmas time. He launched DDoS attacks against several gaming companies. The purpose seemed to be to prevent children (and adults) who received new video games and/or consoles as gifts from being able to use them. This mean-spirited hacker has now been sentenced to 27 months in prison.

Information about this case was posted on the U.S. Department of Justice website (more specifically, on the part for the U.S. Attorneys Southern District of California). The information was posted on July 2, 2019.

Austin Thompson of Utah was sentenced in federal court today to 27 months in prison for carrying out a series of so-called denial-of-service computer hacking attacks against multiple victims between 2013 and 2014. The defendant was also ordered to pay $95,000 in restitution to one of the victims – Daybreak Games, formerly Sony Online Entertainment.

Austin Thompson is free on bond, and must surrender to authorities on August 23, 2019.

ZDNet reported that Austin Thompson is 23 years old, and used the name @DerpTrolling on Twitter. He used that Twitter account to announce attacks and also to take requests for services that other Twitter users wanted him to take down.

According to ZDNet, Austin Thompson launched DDoS attacks against Sony’s PlayStation Network, Valve’s Steam, Microsoft’s Xbox, EA, Riot Games, Nintendo, Quake Live, DOTA2, and League of Legends Servers, among others.

Hopefully, this will be a warning to other “trolls” who think it would be funny to launch DDoS attacks “for the lulz”. There is now legal precedent that launching a DDoS attack can result in a huge fine and prison time.


Encryption with Pencil and Paper



1984Given that George Orwell was English, one might think the British would be all too aware of the dangers of a police state. Despite being one of the most surveilled countries in the world with one security camera for every eleven people, politicians in the UK have put forward plans to record the online activities of people in the UK and force companies like Google and Apple to break the encryption on gadgets and apps. It’s clear from both Snowden’s revelations and other sources that the UK’s security services have been routinely collecting large quantities of phone data with little legislative oversight.

As expected, the powers-that-be trot out the usual scaremongering tactics from terrorists to paedophiles, and while politicians aren’t known for their intelligence, the current proposals around encryption seem particularly stupid and at odds with experts in the fields of security and mathematics.

Encryption isn’t always that easy to understand, so this video shows a very simple but secure method for encrypting and decrypting messages using nothing more than paper and pencil. The process is a bit laborious but it illustrates how easy it is to be secure even without a computer and that any attempt to put a back door into digital encryption will only compromise the integrity of the internet for everyone.

The BBC’s “In Our Time” radio programme tackles “P v NP” this week and part of the discourse involves prime numbers and their role in encryption. It’s available as a podcast so it’s recommended listening too.

Be seeing you!


All Your .com Are Belong To US



In the latest cyber moves by the Dept of Homeland Security against a Canadian on-line gambling outfit, it’s been confirmed that if it’s a .com domain, it falls under US jurisdiction, regardless of where the servers are, where the company is incorporated or who the domain registrar is.

Strangely for the “Land of the Free”, Americans aren’t allowed to gamble on-line but this didn’t stop Bodog, a Canadian-based on-line gambling site with the domain bodog.com, from aggressively marketing its services to US citizens. As a result, Bodog’s four owners have been indicted (pdf) on various internet gambling charges.

Almost everything to do with this organisation was out of harm’s way in Canada – the company, the owners, the servers, the domain registrar – so the DHS took the step of forcing Verisign into doing the dirty work. Verisign manages the .com infrastructure and they removed (pdf) some of the key linking records to the bodog.com domain, thus putting the domain off the net.

In this instance, it can be hard to feel any particular sympathy with Bodog as it appears that they did what they did knowing that it was illegal. Regardless, though the point is now made that a .com can be taken off the internet pretty much because the US doesn’t like it. Selling holidays to Cuba – you’re gone. Trading with Iran – you’re off-line. Evolution is a fact – you’re history.

If you or your organisation has a .com, you’re now under US jurisdiction, and if you think this is bad, imagine what it would have been like if SOPA had been enacted.


Vivick Anti-Theft Backpack Debuts at CES



Vivick LogoThe theft of mobile electronic devices has become increasingly attractive as the value of gadgets rises and the economy falls. A particularly easy way to steal is to simply open likely-looking backpacks and rucksacks while they’re being worn and remove the gadgetry without the owner noticing. Sometimes the pack can be unzipped quietly, other times it’s cut open with a knife or scissors. A skilled thief can do this while someone is walking along but more commonly it happens on trains and buses.

To defend against this thievery, Canadian firm Vivick will debut their new line of anti-theft backpacks at CES in January, comprising three bags constructed from an anti-slash military-grade gauge nylon with a combination lock built into the zipper tab. Each model is designed to look good while being sturdy and durable, and the carry straps are also strengthened.

Rifling through my satchel this morning, I found a laptop, a tablet, an MP3 player and a somewhat old smartphone (Palm Treo Pro). Even with this last item, the total value of the technology exceeds £1000 (or $1500), so this isn’t a purely theoretical risk.

Vivick is known for its professional electronic designs, having worked for Apple, Sony, Samsung and Dell to create accessories for their own product lines. Vivick has also worked with Aston Martin and Ferrari on interior automotive accessories. Based on these credentials, I’ll be very interested to see what they come up with at CES.


Search Data and Browsing History Used As Evidence



Google Logo
The murder trial of Jo Yeates is front page news throughout the UK – a neighbour Vincent Tabak is accused of killing her. At the moment, the prosecution is presenting its case and a couple of interesting things have emerged as evidence.

In particular, the prosecution has alleged that the defendant:

  • looked at Wikipedia for the definitions of murder and manslaughter.
  • searched for the maximum penalty for manslaughter, i.e. how many years in jail.
  • looked up definitions for sexual assault and sexual conduct.
  • searched maps showing the area where the body was later found.
  • searched on CCTV cameras in street where both the defendent and victim lived.
  • use Google StreetView to view the same area.
  • researched criminal forensics, fingerprinting and DNA evidence.
  • read news stories on the investigation into the disappearance  of the victim.

Of course, it will be up to the jury to decide whether these are good indicators of guilt, but regardless it’s clear that if someone is accused of a crime then there’s a pretty thorough examination of one’s computers and on-line behaviour. Obviously this case is about a very serious crime but it’s almost a gift to the prosecution when put together like this: can you think of any good reason to access this material at the time of the disappearance? However, this is circumstantial evidence and needs to be weighed as such.

On a related note, Google has announced that if you are signed-in to Google when you search, you will automatically use https://www.google.com/, the secure version of Google Search. While this will prevent casual snooping on your search, Google will be keeping hold of your search information so that it can better serve you adverts. And how long does Google keep the search information? Indefinitely or until you remove it. So while on the face of it encrypted search is a good thing, it comes at the price of Google knowing yet more about you.

I suspect that in the current murder trial, all the computer forensics team had to do was look back through the defendant’s browser history. Easy if there’s only one computer, but more difficult if the person has a home computer, work laptop, smartphone and so on. If you’re tied into Google everywhere, all they’ll have to do is subpoena information from Google and get your search data in one tidy little bundle. Nice.