RPT-Bitcoin's murkier rivals line up to displace it as cybercriminals' favourite – Nasdaq


(Repeats story unchanged)
    * Bitcoin's size accounts for popularity among
    * Those who do not take extra steps can be traced
    * Next-generation cryptocurrencies more secure, still small

    By Jemima KellyLONDON, May 18 (Reuters) - Bitcoin is well-entrenched as the
preferred payment for cybercriminals like the WannaCry hackers
who have hit more than 300,000 computers over the past week, but
cryptocurrencies offering more anonymity are threatening to
displace it.
    A key reason for bitcoin's dominance in the nefarious online
underworld, say technologists and cybercrime experts, is its
size - the total value of all bitcoins in circulation is more
than twice that of the nearest of hundreds of rivals.
    That makes it easy for victims to access enough to pay the
ransoms demanded, and for hackers to cash out of it via online
exchanges to spend money in the real world.
    Bitcoin was set up in 2008 by someone - or some group -
calling themselves Satoshi Nakamoto, and was the first digital
currency to successfully use cryptography to keep transactions
secure and hidden, making traditional financial regulation
difficult if not impossible.
    Money is sent from one anonymous online "wallet" to another
with no need for a third party to validate or clear the
    In the WannaCry attack, the addresses of three anonymous
bitcoin wallets were given to victims, with a demand for ransom
payments from $300 worth of bitcoin, with a promise the affected
machines would be decrypted in return, a promise that no
evidence has shown will be kept. [nL4N1IH1B5]
    But since the way that Bitcoin functions is via the
blockchain - a giant, virtually tamper-proof, shared ledger of
all bitcoin transactions ever made - payments can be traced, if
users do not have the sophistication to take further steps to
cloak themselves using digital anonymity tools.
    "In the initial days of bitcoin, people...didn't realise
they were recording for posterity on the blockchain every
financial transaction that ever took place," said Emin Gun
Sirer, a computer science professor at Cornell University.
    Bitcoin addresses are anonymous, but users can be traced
through IP addresses or by analysing money flows.
    If criminals using bitcoin want to stay truly anonymous, Gun
Sirer said, they have to go through a number of additional,
complex steps to make sure they do not get caught.
    It is not yet clear what level of sophistication the
WannaCry hackers have when it comes to laundering their
cryptocurrency, as none of the money has yet been moved out of
the three bitcoin wallets linked to the ransomware, which have
had over $80,000 worth of bitcoin paid into them so far. [http://tmsnrt.rs/2rqaLyz
    But some have suggested that the fact that the WannaCry
hackers demanded bitcoin shows how amateur they are.
    "If it was me, I would want people to use bitcoin all day,
because you can trace it," said Luke Wilson, vice president for
law enforcement at Elliptic, a London-based security firm that
tracks illicit bitcoin transactions and that counts the U.S.
Federal Bureau for Investigations (FBI) among its clients.
    Wilson, who used to work at the FBI, where he set up a
taskforce to investigate the use of virtual currencies, did not
disclose all the ways that Elliptic and law enforcement agencies
find criminals using bitcoin. But sometimes, he said, the
offenders make as obvious a mistake as withdrawing money from a
bitcoin wallet directly into their bank accounts.

    More sophisticated criminals use obfuscation methods that
make it very hard to be tracked down. One of the most basic ones
is a technique known as "chain-hopping", whereby money is moved
from one cryptocurrency into another, across digital currency
exchanges - the less-regulated the better - to create a money
trail that is almost impossible to track.
    Newer and more complex money-laundering methods have also
emerged in recent years, which make it very difficult for law
enforcement and bitcoin security firms such as Elliptic or
New-York-based Chainalysis to track down cybercriminals.
    "It's a cat-and-mouse game - as police and companies like
Elliptic catch up to criminals' techniques, they invent new
techniques," said Jerry Brito, executive director of the
Washington, D.C.-based Coin Center, a not-for-profit advocacy
group focusing on public policy issues around cryptocurrency.
    These techniques are not foolproof, however - chain-hopping,
for example, relies on unregulated exchanges that do not carry
out know-your-customer (KYC) checks, and security firms say they
will develop ways to trace such methods.

    Easier, perhaps, would be for cybercriminals to use
next-generation cryptocurrencies that have built-in anonymity
from the start, such as Monero, Dash and Z-Cash.
    And indeed, experts said late on Tuesday that a computer
virus that exploits the same vulnerability as the WannaCry
attack had latched on to more than 200,000 computers and begun
using them to manufacture - or "mine" - Monero
    But with a total value of around $425 million - a little
over 1 percent of that of bitcoin - converting that currency
into spendable cash might not be so easy, and it is also much
harder for victims to access, alternative payments experts said.
    That is why the Monero attack did not demand a ransom, but
rather used the infected computers' computing power to create
new currency.
    "This used to happen in bitcoin before it became big - there
were loads of botnets that went into computers that used to mine
bitcoin, but you now can't basically mine bitcoin on normal
computers because you need specialist hardware," said
Chainalysis CEO Jonathan Levin.
    Levin said such bitcoin-based attacks were carried out
several years ago, when mining it was still largely a hobby for
tech geeks using their home computers.
    As the bitcoin price has risen and as transaction numbers
have grown, the computers have become so specialized that only
they can only perform the function of bitcoin mining.
    "If Monero does become adopted and is as big and liquid (as
bitcoin), that means the crime (will) move from using computers
to mine to getting to extortion," Levin said.

WannaCry ransom payments so far    http://tmsnrt.rs/2rqaLyz
 (Reporting by Jemima Kelly; Editing by Eric Auchard and
Philippa Fletcher)
 (([email protected]; +44)(0)(20 7542 7508;
Reuters Messaging: [email protected]))


Source link