Blockchain forensics firm CipherTrace has developed a mobile tool for flagging bitcoin and ethereum tokens with a criminal past.
Announced today, CipherTrace Scout grants street-level investigators more freedom to identify, track and document illicit crypto transactions from the field, company representatives and law enforcement experts said.
The software builds on a suite of investigatory tools investigators already use. An app-based interface “traces” addresses through the blockchain to identify what coins may have been used by the crypto underworld, in dark market purchases or in ransomware extortion attacks.
Users input an address and CipherTrace Scout generates an instant report. It flags potentially criminal addresses “with a high degree of certainty,” according to Julio Barragan, a financial crime and compliance analyst at CipherTrace.
“You can imagine some beat cop in a high risk area, literally finding something that appears to be tainted,” Barragan said. “He can share a case with an analyst at headquarters and that analyst could do the tracing very quickly to determine where the source of the funds were.”
Casey Bohn, a high-tech crime specialist and educator for the National White Collar Crime Center who trains agents to use CipherTrace, said that the new technology will be of immediate use in the field.
“I think a scenario like this [CipherTrace Scout], where I can put an address in and see: ‘hey, this [address] has been involved in some sort of nefarious activity,’ I think that can be huge,” Bohn, who teaches law enforcement officials how to use tracking services, said. “You can almost rule in and rule out things at that point.”
Federal agencies, police investigators and auditors already use cryptocurrency tracking software for finding crooks.
The Internal Revenue Service contracted crypto transaction tracer Chainalysis from 2015 through at least 2017. Then, America’s tax service called the software “necessary to identify and obtain evidence on individuals using bitcoin” for criminal dealings.
Federal Bureau of Investigation (FBI) agents cross-reference ransomware attacks against an internal database called the Internet Crime Complaint Center, which maintains a list of every such instance. They also use a blockchain-based tool to process victim addresses.
Federal agents want to move their tracing ever deeper. In a pre-solicitation document at the end of last year, the Department of Homeland Security mulled the feasibility of tracing privacy tokens, which confound easy research with complex security.
Technologies such as CipherTrace and Chainalysis now pervade law enforcement agencies across the country, according to Bohn, the tech crimes expert. He says that Chainalysis is something of a federal standard.
But CipherTrace Scout builds on what Bohn called a law enforcement favorite: visualization.
“We can visualize the transactions [using the software]. I can see ‘from A to B” and then I can start pivoting from there in a visual manner, which is often times easier for someone to understand.”
“I like the visualization, the students like the visualization,” he noted.
CipherTrace Scout’s rollout comes alongside a spike in street-level cryptocurrency use.
Bohn said law enforcement partners reported a surge in low-level uses cases: prostitution, drug sales, child pornography trades.
“We have found that your drug dealer on the street has gotten savvy. They’ve gotten a little more savvy and they have started to develop these trades online, using other cryptocurrencies.”
Barragan, the CipherTrace analyst, credits the proliferation of Bitcoin ATMs and other crypto-capable kiosks.
“There are approximately 900 Coinstar machines embedded in Safeways across the U.S. that spit out crypto,” he said. “It’s becoming very very easy anyone to acquire crypto, and it’s starting to be used for street crimes.
The Scout flags nefarious addresses. But it also ignores every-day users, a feature Bohn calls critical.
“While there is criminal activity that occurs with these technologies, there’s a lot of normal, regular people who are taking part in this technology as well.”
Hacker image via Shutterstock