Why Go Through the Trouble to Tumble?
February 17, 2016
Today you can purchase a pizza in Berlin and pay for it from a digital wallet located on a computer in Prague. Times have changed, and so has our view on currency. Blockchain technology, born out of Bitcoin, is intended to influence the way governments assure the integrity of everything, from real estate to taxes. And, though there are many legitimate uses of digital currencies, there are many ways that it has been adopted and abused by criminals.
Getting paid in the underground is a priority for cybercriminals. Having mastered traditional payment systems, cyber criminals have adjusted and adapted to online digital currencies. Bitcoin seemed to answer the prayers of many digital currency users. It was relatively quick, easy to procure, easy to establish transactions and easy to cash out. However, Bitcoin did not address a matter that was near and dear to the hearts of its users – security. It made no real provision for anonymity or privacy and, as a result, its users were no more secure than they had been on other alternate digital currency platforms.
In order to address this issue a technique was developed that very closely mirrored money laundering in the physical world. That technique was called “tumbling.” Tumbling, also referred to as Bitcoin mixing or Bitcoin laundering, is the process of using a third party service to break the connection between a Bitcoin address sending coins and the address(es) they are sent to. Tumbling, it was discovered, could be as easy as confusing the trail of transactions between two wallets, making investigation and attribution almost impossible. Those steps resemble the following:
- Create a wallet through a Bitcoin brokerage or exchange site;
- Purchase Bitcoins and send them off to be tumbled in the wallet created in step 1;
- Create a second wallet using the Tor network;
- Send Bitcoins from the wallet created in step 1 to the wallet created in step 3.
However, for some people, the layering of transactions was not enough and they sought out alternative solutions. Many solutions began springing up and some, such as Bit Launderer, Helix by Grams and Bitmixer.io, have become popular among users due to their discretion, security and privacy. The first screenshot below is an example of a surface web site called Bit Launderer. The sites owners have made a point of stating that Bitcoin is not anonymous, that it can be traced and that their solution cleans Bitcoins thoroughly to leave them anonymous. The second screenshot is of Helix by Grams. Its owners state that they are the “…definitive DarkWeb Bitcoin cleaners…” and that they provide brand new Bitcoins that have never been to the dark net before. Some deal!
Regardless of the methodology chosen for laundering Bitcoins, the reality is that a failure to do so will weaken the security posture of criminals. Being able to increase one’s anonymity and privacy is of paramount importance to cyber criminals.
Being cognizant of the activity and techniques of adversaries within the cyber criminal underground is important for several reasons, not the least of which is doing business along side them in common environments such as digital currency brokerages and exchanges.
To learn more, subscribe to our threat intelligence emails here.