The anonymity and speed of cryptocurrency make it an appealing choice for cybercriminals looking to move large sums of money without detection. For those aiming to evade law enforcement, cryptocurrency serves as an ideal escape vehicle: quick, discreet, and untraceable.
Gail-Joon Ahn, a professor specializing in computer science and engineering at Arizona State University’s School of Computing and Augmented Intelligence, has dedicated his career to advancing cybersecurity measures. He is now applying his extensive knowledge to tackle one of the most urgent issues in the field: halting the illicit activities enabled by cryptocurrencies.
Cryptocurrency is a form of digital currency that operates independently of traditional banking systems or governmental oversight. It utilizes blockchain technology, which is a decentralized digital ledger that documents every transaction across a network of computers. When a user transfers cryptocurrency, the transaction is verified by individuals within the network and subsequently recorded on the blockchain, creating a permanent record. The system allows for transactions without the need for personal identifiers such as names or addresses, facilitating straightforward and often anonymous value transfers. “Legitimate users appreciate cryptocurrency for its irreversible nature, security, and efficiency,” Ahn notes. “Regrettably, these same qualities attract those intent on committing financial fraud.”
For the last ten years, Ahn’s team at the Center for Cybersecurity and Trusted Foundations (CTF), which he founded in 2015 and is currently led by Associate Professor Adam Doupé, has been closely examining the intersection of cryptocurrency and cybercrime.
Tracing Financial Trails
The 2014 CryptoLocker incident initially piqued Ahn’s interest in the cybersecurity landscape. CryptoLocker was a well-known form of ransomware that typically spread through harmful email attachments. Once a user activated the attachment, the malware would encrypt their files using advanced cryptographic techniques, rendering them inaccessible. Victims faced a ransom demand: pay a specified amount in bitcoin within a limited timeframe, usually 72 hours, or lose their files permanently. The malware was particularly perilous as its encryption was nearly impossible to break without a private key held by the attackers.
Ahn hypothesized that cybersecurity experts could track the payments made to the perpetrators by scrutinizing blockchain data. Through their analysis, the researchers discovered 795 ransom payments totaling 1,128.40 bitcoin, equivalent to around $310,472 at that time. Their findings indicated that bitcoin transactions were not entirely anonymous and that in-depth analysis of blockchain data could uncover unexpected relationships and insights.
Determined to demonstrate that blockchain data could aid in digital investigations, Ahn’s team continued their efforts. They found that the CryptoLocker criminals did not merely collect ransoms; they also maneuvered the funds to obscure their trail. The researchers traced the movement of cryptocurrency from victim payments to various central wallets where the funds were consolidated.
An intriguing aspect of their initial research revealed a potential connection to the Sheep Marketplace scam, which resulted in the theft of around 96,000 bitcoin, valued at over $100 million at the time. While no direct evidence linked the two crimes, the interconnected financial movements identified by the ASU researchers hinted at possible collaboration among criminal factions. “The connections between various bitcoin-related cybercrimes suggest the existence of a network where illicit actors share resources and techniques,” Ahn explains.
Innovative Security Solutions
While tracking down cybercriminals is important, Ahn’s primary objective is to prevent cybercrime altogether. As their research progressed, the team shifted focus towards developing new methods for securing cryptocurrency transactions. In 2023, Ahn and his colleagues were awarded a patent for their innovative project, “Systems and Methods for Blockchain-Based Automatic Key Generation.”
The team devised a new approach to generate secure digital keys using data already present in the blockchain. Instead of depending on a central server, Ahn’s system selects a random piece of publicly visible data that is unpredictable. This data acts as a seed to create unique security keys. Since the seed is derived from shared blockchain records, users can create matching keys without transmitting sensitive information over the internet. The seeds frequently change, enhancing security and eliminating delays or vulnerabilities associated with single points of failure.
Ahn and his team are now looking into partnerships with local and state law enforcement agencies. They are also exploring how their patented technology can be further utilized to monitor, detect, and address any malicious activities occurring within blockchain transactions. Such proactive monitoring capabilities could significantly enhance the security and resilience of digital communities.
Nadya Bliss, the executive director of the ASU Global Security Initiative, where CTF’s research is focused, emphasizes the importance of both understanding threats and developing tools to counter them. “In the realm of cybersecurity, defense often lags behind attackers. Researchers like Gail are working to shift that dynamic,” Bliss states. “This type of research—creating innovative tools that have practical applications—is precisely what is needed.” Ahn is optimistic that the methodologies developed by his team can aid in future investigations. As cybercrime continues to transform and expand, so too must our strategies for understanding and combating it. “It’s somewhat of a cat-and-mouse scenario,” Ahn remarks. “But tracking down the mouse is crucial.”
