Blockchain: a poisoned chalice for the police?
Mon 19 Mar 2018 | Fred Ellis
The widespread use of the internet that developed in the late 1990s and early 2000s gave criminals many new ways of earning money. Now, cryptocurrencies and the relative anonymity that they provide are giving police a whole new set of worries.
Fred Ellis, financial intelligence analyst with the City of London Police, is on the frontline of these changes. Through his work, he has seen the pros and cons of blockchain technology, as well as the trends in modern financial crime in the UK.
Ahead of his session at Cloud Security Expo, he spoke to The Stack about blockchain, Bitcoin, ICOs and more.
Weighing up ICOs
Criminals have been particularly interested in manipulating those that are looking for a ‘quick win’
Blockchain’s potential is incredibly exciting, says Ellis. It could bring with it a whole new era of commerce, and much more. It’s because of this potential and its many possible uses that people have been so attracted to it, particularly in its early stages.
A lot of what has happened in terms of blockchain developments and applications has only been possible, argues Ellis, thanks to ICOs. However, since the UK market for these is unregulated, and there are large sums of money being invested, there is always the potential for criminal exploitation.
Many people were attracted to cryptocurrencies and in particular Bitcoin because of the huge price surge in 2017. Criminals have been particularly interested in manipulating those that are looking for a ‘quick win’, and as such, have started offering products that either have no hope of competing in the market or simply don’t exist at all.
The important thing to remind investors and members of the public, Ellis says, is that cryptocurrencies are incredibly volatile, are unregulated and are not covered by any official compensation scheme. For those looking to invest, he recommends they do some serious research before parting with any money, and reminds them that the risk ultimately lies with them.
Cryptocurrencies and cybercrime
In Ellis’ line of work, cryptocurrencies are commonly referred to as the cyber criminal’s payment method of choice. When used in crime, they tend to become most noticeable to victims when digital wallet addresses appear in popup windows on computers that become infected with malware, such as the WannaCry malware which affected the NHS and numerous other businesses in the UK last year.
Part of the step-change that has come about as a result of cryptocurrencies is the distance that’s created between criminals and their victims. Online crime allows fraudsters to physically distance and disguise themselves from victims, but there was always a difficulty turning criminal activities into cash without being traced.
Cryptocurrencies tend to be used in more overtly criminal activities, such as payment from victims or for purchasing illicit products on dark marketplaces
Now, with the introduction of a payment system that allows near-anonymity and the avoidance of regulation, this is no longer the case. As a result, a lot of online crimes are being enabled through cryptocurrencies, says Ellis.
The association that many people hold between cryptocurrencies and cybercrime, he notes, actually provides a curious problem for criminals. Thanks to the poor reputation of Bitcoin and similar coins, they are difficult to use as a money laundering tool.
As a result, cryptocurrencies tend to be used in more overtly criminal activities, such as payment from victims or for purchasing illicit products on dark marketplaces, rather than masquerading as ‘clean’ payments.
How cryptocurrencies are affecting online fraud
Citing data from ActionFraud, Ellis notes an increase in the reporting of fraud which involved a cryptocurrency in the last few years. This is most likely due to the massive price rise, which makes them a more attractive prospect for criminals. It also means that victims who have had their cryptocurrency wealth taken from them are far more likely to report it, due to the increased value of their loss.
Though there has been a delay in adoption of widespread adoption of cryptocurrencies by most businesses and financial organisations, there is one place where it has fully caught on – the dark web.
The reasons for this are obvious, with Ellis noting that there are no registration details required to open a Bitcoin wallet, for example, so identifying who holds that wallet and controls the funds it contains can prove difficult – mirroring the anonymity of the dark web.
There is a pseudo-transparency to cryptocurrencies, as coins using a public or open blockchain can have its transactions analysed and traced showing where funds come from and go to. However, that tracing then ends at the public wallet ID, which as previously noted, requires no identification.
Law enforcement agencies are doing their utmost to track and trace illegal activities that people assume are anonymous. Through a variety of techniques, it is possible to do so, but a further challenge awaits: matching those criminal acts to the person committing them.
It’s a cat and mouse game, which is being made increasingly difficult for the police to win as cryptocurrencies and blockchain technologies develop at a dizzying rate, with little or no regulation.