If the United States is going to stop Russia from hacking its next election, law enforcement and the intelligence community will need to get much smarter on how to catch adversaries who use cryptocurrencies.
According to the recent indictment filed by Special Counsel Robert Mueller, Russian intelligence officers used Bitcoin to rent servers and buy domain names and virtual private networks in order to execute “large-scale cyber operations” to influence the 2016 U.S. presidential election. Although cryptocurrencies are not innately illicit and, like all technologies, can be used for good or bad, the wider adoption of cryptocurrencies and blockchain technology is likely to lead to greater use by criminals, terrorists and spies. The U.S. is unprepared for this eventuality.
Russian efforts to hack the Democratic National Committee (DNC) shed light on Russian cyber-intelligence methods and how “crypto” enabled much of their activity, even if it ultimately left a trail for U.S. investigators.
The hackers laundered about $95,000 in their operation, largely through cryptocurrencies to hide their identities and obfuscate their true connections to Russia. For instance, they used Bitcoin to a buy website domain names and virtual private networks (VPNs), as well as rent computer servers; all of which allowed them to build an online apparatus to steal and publish documents from DNC hardware.
We used software from cryptocurrency analysis firm Elliptic to research the hackers’ activity on the Bitcoin blockchain. We confirmed that an email address mentioned in the indictment was one of the main points of contact for the hackers’ cryptocurrency transaction requests. Whichever Russian agent controlled that email account served as a sort of crypto fund treasurer, responding to the team’s requests to pay for cyber infrastructure.
The indictment says the hackers mined bitcoin, but also used various cryptocurrency exchanges to buy the digital currency. Our blockchain analysis indicates they used a wide range of exchanges, from at least one reputable American exchange to a European exchange widely known for facilitating money laundering. We found that a couple dozen of the “treasurer’s” transactions went to a major Bitcoin payment processor located in the U.S. that serviced merchants of cyber tools like VPNs.
The indictment makes clear that Russia’s military intelligence (the GRU) saw cryptocurrency as a convenient tool in its traditional use of “maskirovka” — or deception. By avoiding direct relationships with traditional financial institutions, the GRU was able to delay the unraveling of their plot.
The indictment lays out an operation that fits neatly into Russia’s concept of hybrid warfare. By leveraging all elements of its power, including cyber and information operations, the Kremlin can achieve its political goals — in this case to sow division and threaten our democracy. As Director of National Intelligence Dan Coats warned recently, the lights are “blinking red” when it comes to Russian cyberattacks.
The Russian government views supremacy in blockchain technology as a national security priority. A Russian intelligence officer recently remarked that “the internet belongs to the Americans, but blockchain belongs to us.”
When doing a post mortem on the DNC hack operation, policymakers must make sure not to fall into the trap of deriving lessons relevant only to the 2016 crypto environment. Future hackers may be less likely to use Bitcoin, which leaves a clear footprint for investigators, and more inclined to operate with an untraceable cryptocurrency like Monero. And while the assailants purchased cryptocurrencies on a variety of crypto exchange websites, blockchain developers are building experimental decentralized trading platforms that allow users to buy tokens pseudonymously, without having to provide identification as required by most exchange websites. The U.S. needs to not only learn from the hack, but stay abreast of innovation within the fast-moving crypto space.
U.S. regulators and law enforcement should ramp up efforts to engage cryptocurrency exchanges, especially smaller exchanges which may be offering more “private” cryptocurrencies or facilitating decentralized trading. Since illicit actors will be seeking better ways to evade blockchain traceability, startups in the crypto space must be made aware of the need to adhere to anti-money laundering requirements.
The U.S. should also develop a national digital currency and blockchain technology strategic plan. Such a strategy should outline the need for America’s private sector to compete globally in blockchain technology and propose initiatives to keep the U.S. two-lengths ahead of adversaries seeking to leverage the technology to undermine U.S. security.
The U.S. also should conduct an intelligence assessment of key adversaries’ engagement of blockchain technology in operations against the United States. The National Defense Authorization Act calls for the U.S. to establish a commission to develop an overarching “cyber doctrine.” Such a commission should consider innovations in cryptocurrencies and blockchain technology in its important work. It should also research ways to leverage artificial intelligence capabilities to analyze illicit activity on blockchains.
All agencies dealing with national security or economic security should engage leaders within the crypto/blockchain space. This is an immediate need while few agencies have blockchain experts on staff. A longer-term objective would be to recruit and retain employees who can build blockchain platforms and analyze cryptocurrency transactions. This will take time as the first generation of American workers who will be widely familiar with crypto may currently still be in high school.
Cryptocurrencies may very well enhance counterintelligence work. They offer the potential to track and measure an adversary’s operation, once that adversary is linked to a transaction on the blockchain. This may be a net positive for U.S., if those handling our nation’s security can get better at crypto than our enemies.
Yaya J. Fanusie is a former CIA analyst and is director of analysis at the Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance.
Boris Zilberman is deputy director of congressional relations at the Foundation for Defense of Democracies, where he is also a Russia analyst.