SLOPPY PASSWORD STORAGE ENABLED FBI TO SEIZE $2.3M BITCOIN RANSOM
The FBI’s breach of a bitcoin wallet held by the cybercriminals who attacked Colonial Pipeline is all about sloppy storage, and not a reflection of a security vulnerability in the cryptocurrency, crypto experts told MacKenzie Sigalos of CNBC.
On Monday, the Justice Department reported a successful mission to retrieve $2.3 million in bitcoin paid by Colonial Pipeline to ransomware hackers in April.
Court documents indicated that investigators traced bitcoin transaction records to a digital wallet, which they subsequently seized under court order. Officials were then able to access that wallet with something called a “private key,” or password. It remains unclear how exactly the FBI retrieved the key.
“I don’t want to give up our tradecraft in case we want to use this again for future endeavors,” Elvis Chan, an assistant special agent with the FBI’s San Francisco office, said in a news call Monday. Until the FBI is more transparent with its methods, it’s not possible to know exactly how federal investigators managed to retrieve the private key in question. But there are a few possible scenarios.
DarkSide, the cybercriminal gang that targeted Colonial, reportedly used a payment server to collect the funds. A centralized platform like this is relatively easy for the FBI to track.
“Following the money remains one of the most basic, yet powerful, tools we have,” said Deputy Attorney General Lisa O. Monaco in a statement on Monday.
“Because these transnational, organized criminal groups are facilitating these payments in cryptocurrency, and because of the transparency and traceability that cryptocurrency provides, you can actually more effectively follow the money and potentially mitigate and arrest illicit activity within this ecosystem, than you can with traditional finance and fiat currencies and payments,” explained Jesse Spiro, Global Head of Policy for Chainalysis, a company that provides blockchain forensic and investigative services to private sector companies, including crypto exchanges.
When a ransomware-related payment is made, Chainalysis is actually able to produce and generate what Spiro characterizes as “unprecedented intelligence and information in relation to the supply chain.”