Top Stories

How Russian Spies Hid Behind Bitcoin in Hacking Campaign

How Russian Spies Hid Behind Bitcoin in Hacking Campaign

Image
A Justice Department indictment revealed how Russian operatives used Bitcoin to facilitate a 2016 hacking campaign. Bitcoin is mined by hundreds of computers, as shown here.CreditMaxim Zmeyev/Getty Images

SAN FRANCISCO — In early 2016, Russian intelligence officers obtained a new pool of the virtual currency Bitcoin. They quickly put the digital money to work.

The Russian spies used some of the Bitcoins to pay for the registration of a website, dcleaks.com, where they would later post emails that had been stolen from Hillary Clinton’s presidential campaign. When the operatives needed a computer server to host the dcleaks site, they paid for that with Bitcoins as well.

The transactions were detailed in an indictment on Friday from the Justice Department, in which prosecutors accused 12 Russian operatives of interfering in the 2016 presidential campaign through a sophisticated hacking scheme.

The indictment provided one of the clearest illustrations to date of the inner workings of the Russian operation that carried out the hacking of the Democratic Party and other targets. It also showed how cryptocurrencies — and the anonymity they provide — have become both a tool and a challenge for intelligence agencies in the battles between nation states.

“This is the first clear example in court documents of cryptocurrency being used to purchase capabilities that could be leveraged in attacks on national security,” said Jonathan Levin, a co-founder of Chainalysis, a firm that helps governments track cryptocurrency payments.

Financial transactions have been one of the trickiest parts of intelligence operations because electronic payment networks and checks are generally off limits to undercover spies. That has led to famous scenes of covert exchanges of suitcases full of cash.

The Bitcoin network allows anyone to move millions of dollars across the world without any in-person meetings, and without the approval of any financial institutions. First released in 2009 by its mysterious creator, Satoshi Nakamoto, Bitcoin was designed to operate without any central authority that could block transactions or verify the identities of the people involved.

All Bitcoin transactions and wallets are recorded on a database known as the blockchain, by a network of computers that anyone can join. The unusual structure has long made Bitcoin a primary means of payment for drugs on online black markets, and more recently as a method for making ransom payments.

When Bitcoin’s price spiked last year, many big financial institutions took an interest in the virtual currency as a new kind of investment and have looked to move it away from its unsavory associations. But Friday’s allegations are likely to make that effort more difficult.

While the Russians accused of attacking Ms. Clinton’s campaign also used traditional currencies, the indictment said they had “principally used Bitcoin when purchasing servers, registering domains and otherwise making payments in furtherance of hacking activity.”

Bitcoin, the indictment added, “allowed the conspirators to avoid direct relations with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds.”

The Russians took several steps to obscure their Bitcoin transactions, according to the indictment. They bought some Bitcoins on so-called peer-to-peer exchanges, where buyers and sellers can interact directly without exchanges collecting details on either side.

The Russians also created Bitcoins themselves through the process known as mining, the indictment said. With mining, computers compete to unlock new Bitcoins by solving difficult computational problems. This requires expensive equipment and lots of electricity, but that was apparently not a hindrance to the Russians.

The operatives used the Bitcoins to pay for much of the computer infrastructure that was employed in the hacking attacks, the indictment said. That included payments for a server in Malaysia that hosted dcleaks.com, and money sent to a Romanian company that registered the domain name.

In March 2016, the indictment said, the Russians also used Bitcoin to buy a so-called virtual private network account that allowed them to obscure their internet protocol address and their location when they went online. They used that VPN account to operate a Twitter account known as Guccifer_2, which became infamous after releasing some of the emails stolen from the Democratic National Committee and of the chairman of the Clinton campaign, John D. Podesta.

The Russians also used Bitcoin to pay for the servers from which they launched malware campaigns and “spearphishing” attacks against the Democratic National Committee, according to the indictment. In those attacks, it said, the Russian operatives gained control of the email accounts of American officials.

American investigators were able to use the blockchain to go back and identify some of the transactions that Russian agents made. But it was not enough to stop them from making the transactions at the time.

“The fact that cryptocurrencies are global and real time means that you might only find out about these things after the fact,” Mr. Levin said. “We need to think about the responsibilities that we all have in a world where payments move seamlessly across borders in the blink of an eye.”

Follow Nathaniel Popper and Matthew Rosenberg on Twitter: @nathanielpopper and @AllMattNYT.

Nathaniel Popper reported from San Francisco, and Matthew Rosenberg from Washington.

A version of this article appears in print on , on Page A13 of the New York edition with the headline: Cryptocurrency Was Cloak For Agents to Hide Behind. Order Reprints | Today’s Paper | Subscribe

Let’s block ads! (Why?)

NYT > Technology

Leave a Reply

Your email address will not be published. Required fields are marked *