The emergence of cryptocurrency has provided cybercriminals with a discreet way to transfer significant amounts of money without attracting attention. For individuals seeking to evade law enforcement, cryptocurrency serves as an ideal method of moving funds: it is quick, discreet, and offers a degree of anonymity.
Gail-Joon Ahn, a prominent figure in computer science and engineering at Arizona State University’s School of Computing and Augmented Intelligence, has dedicated his career to enhancing computer security measures. With his extensive background in cybersecurity, he is now addressing one of the field’s most urgent issues: thwarting the financial activities of cybercriminals utilizing cryptocurrency.
Cryptocurrency is a form of digital currency that functions independently of traditional financial institutions like banks or governments. It relies on blockchain technology, which is a decentralized digital ledger that records transactions across a network of computers. When a user sends cryptocurrency, the transaction is validated by network participants and permanently recorded on the blockchain. This system permits value transfers that often do not require personal details, thereby facilitating anonymous transactions.
Ahn notes, “Many legitimate users are drawn to cryptocurrency for its irreversible, secure, and efficient nature. Sadly, these same features are also appealing to those intent on committing financial crimes.” Over the past ten years, Ahn has led a team at the Center for Cybersecurity and Trusted Foundations (CTF), which he established in 2015, to investigate the complexities of cybercrime funded by cryptocurrency.
Tracing Financial Transactions
The 2014 CryptoLocker attack initially piqued Ahn’s interest in this realm. CryptoLocker was a notorious ransomware variant that spread through malicious email attachments. Upon opening the attachment, the malware would encrypt the user’s files using sophisticated cryptographic methods. Victims faced a ransom demand, typically requiring payment in bitcoin within 72 hours, or they would lose access to their files permanently. The encryption utilized was nearly impossible to break without the private key possessed by the attackers.
Ahn proposed that cybersecurity experts could track and identify payments made to the criminals behind the malware. By analyzing blockchain data, including timestamps and payment trends, researchers discovered 795 ransom payments accumulating to 1,128.40 bitcoin, valued at around $310,472 at the time. Their findings indicated that bitcoin transactions were not entirely anonymous, as thorough examination of blockchain data could unveil unexpected connections and insights.
The team continued to explore the idea that blockchain data could facilitate investigative efforts. They uncovered that the CryptoLocker perpetrators did not simply collect ransoms; they also transferred the funds to obscure their trail. The researchers traced the cryptocurrency flow from victim payments to various central wallets where the funds were consolidated.
One particularly fascinating aspect of their initial research was the potential connection to the Sheep Marketplace scam, which resulted in the theft of approximately 96,000 bitcoin, worth over $100 million at the time. While no direct evidence linked the two crimes, the interconnected financial movements identified by ASU researchers hinted at possible collaboration between the actors involved. “The connections we discovered among various bitcoin-related cybercrimes suggest the existence of a network where malicious entities exchange resources or strategies,” Ahn explains.
Innovative Solutions for Cyber Defense
While identifying threats is crucial, Ahn’s primary focus is on preventing cybercrime altogether. As their research progressed, the team shifted their attention toward developing protective measures for cryptocurrency transactions. In 2023, Ahn and his colleagues secured a patent for their innovative project, “Systems and Methods for Blockchain-Based Automatic Key Generation.”
This project introduced a novel method for creating secure digital keys utilizing data already present on the blockchain. Instead of depending on a central server, Ahn’s approach selects a random piece of data visible to everyone on the network but unpredictable to any single individual. This data serves as a seed for generating a unique security key. Since the seed is derived from shared blockchain records, users can create matching keys without transmitting confidential information over the internet. The seeds are frequently updated, ensuring ongoing security and minimizing potential vulnerabilities.
Looking ahead, Ahn and his team are pursuing partnerships with local and state law enforcement agencies. They are also investigating ways to further utilize their patented technology to monitor and identify malicious activities within blockchain transactions. Such proactive capabilities would play a significant role in fostering safer and more resilient cyber communities.
Nadya Bliss, executive director of the ASU Global Security Initiative, where CTF’s research is centered, emphasizes the need to both analyze threats and develop effective countermeasures. “Cyber defense is perpetually trying to catch up, with malicious actors often holding the upper hand. Researchers like Gail are striving to shift that dynamic,” Bliss states. “This type of research—creating innovative tools with practical applications—is precisely what we need.”
Ahn aspires that the methodologies developed by his research team will assist in future investigations. As cybercrime evolves, so too must the tools we employ to understand and combat it. “It resembles a cat-and-mouse dynamic,” Ahn remarks. “However, it is crucial for us to pursue and capture the mouse.”
