23 November 2022

From The intercept: BITCOIN Deja Vu | Sam Biddle March 20 2018, 8:22 a.m.

Hmmm there was a time warp there

theintercept.com

The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal


 

Sam Biddle
14 - 18 minutes

Internet paranoiacs drawn to bitcoin have long indulged fantasies of American spies subverting the booming, controversial digital currency. Increasingly popular among get-rich-quick speculators, bitcoin started out as a high-minded project to make financial transactions public and mathematically verifiable — while also offering discretion. Governments, with a vested interest in controlling how money moves, would, some of bitcoin’s fierce advocates believed, naturally try and thwart the coming techno-libertarian financial order.

It turns out the conspiracy theorists were onto something. Classified documents provided by whistleblower Edward Snowden show that the National Security Agency indeed worked urgently to target bitcoin users around the world — and wielded at least one mysterious source of information to “help track down senders and receivers of Bitcoins,” according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.

Although the agency was interested in surveilling some competing cryptocurrencies, “Bitcoin is #1 priority,” a March 15, 2013 internal NSA report stated.

The documents indicate that “tracking down” bitcoin users went well beyond closely examining bitcoin’s public transaction ledger, known as the Blockchain, where users are typically referred to through anonymous identifiers; the tracking may also have involved gathering intimate details of these users’ computers. The NSA collected some bitcoin users’ password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users’ internet addresses, network ports, and timestamps to identify “BITCOIN Targets.”

The agency appears to have wanted even more data. . .

It also suggested powerful search capabilities against bitcoin targets, hinting that the NSA may have been using its XKeyScore searching system, where the bitcoin information and wide range of other NSA data was cataloged, to enhance its information on bitcoin users. An NSA reference document indicated that the data source provided “user data such as billing information and Internet Protocol addresses.” With this sort of information in hand, putting a name to a given bitcoin user would be easy.

The NSA’s budding bitcoin spy operation looks to have been enabled by its unparalleled ability to siphon traffic from the physical cable connections that form the internet and ferry its traffic around the planet. As of 2013, the NSA’s bitcoin tracking was achieved through program code-named OAKSTAR, a collection of covert corporate partnerships enabling the agency to monitor communications, including by harvesting internet data as it traveled along fiber optic cables that undergird the internet.

Specifically, the NSA targeted bitcoin through MONKEYROCKET, a sub-program of OAKSTAR, which tapped network equipment to gather data from the Middle East, Europe, South America, and Asia, according to classified descriptions. As of spring 2013, MONKEYROCKET was “the sole source of SIGDEV for the BITCOIN Targets,” the March 29, 2013 NSA report stated, using the term for signals intelligence development, “SIGDEV,” to indicate the agency had no other way to surveil bitcoin users. The data obtained through MONKEYROCKET is described in the documents as “full take” surveillance, meaning the entirety of data passing through a network was examined and at least some entire data sessions were stored for later analysis.

At the same time, MONKEYROCKET is also described in the documents as a “non-Western Internet anonymization service” with a “significant user base” in Iran and China, with the program brought online in summer 2012. It is unclear what exactly this product was, but it would appear that it was promoted on the internet under false pretenses: The NSA notes that part of its “long-term strategy” for MONKEYROCKET was to “attract targets engaged in terrorism, [including] Al Qaida” toward using this “browsing product,” which “the NSA can then exploit.” The scope of the targeting would then expand beyond terrorists. Whatever this piece of software was, it functioned a privacy bait and switch, tricking bitcoin users into using a tool they thought would provide anonymity online but was actually funneling data directly to the NSA.

The hypothesis that the NSA would “launch an entire operation overseas under false pretenses” just to track targets is “pernicious,” said Matthew Green, assistant professor at the Johns Hopkins University Information Security Institute. Such a practice could spread distrust of privacy software in general, particularly in areas like Iran where such tools are desperately needed by dissidents. This “feeds a narrative that the U.S. is untrustworthy,” said Green. “That worries me.”

. . .

The NSA’s interest in cryptocurrency is “bad news for privacy, because it means that in addition to the really hard problem of making the actual transactions private … you also have to make sure all the network connections [are secure],” Green added. Green said he is “pretty skeptical” that using Tor, the popular anonymizing browser, could thwart the NSA in the long term. In other words, even if you trust bitcoin’s underlying tech (or that of another coin), you’ll still need to be able to trust your connection to the internet — and if you’re being targeted by the NSA, that’s going to be a problem.

NSA documents note that although MONKEYROCKET works by tapping an unspecified “foreign” fiber cable site, and that data is then forwarded to the agency’s European Technical Center in Wiesbaden, Germany, meetings with the corporate partner that made MONKEYROCKET possible sometimes took place in Virginia. Northern Virginia has for decades been a boomtown for both the expansive national security state and American internet behemoths — telecoms, internet companies, and spy agencies call the area’s suburbs and office parks home.

Liberty_Reserve_seizure-1519149164

Liberty Reserve website name seizure notice.

Screenshot: Liberty Reserve

Bitcoin may have been the NSA’s top cryptocurrency target, but it wasn’t the only one. The March 15, 2013 NSA report detailed progress on MONKEYROCKET’s bitcoin surveillance and noted that American spies were also working to crack Liberty Reserve, a far seedier predecessor. Unlike bitcoin, for which facilitating drug deals and money laundering was incidental to bigger goals, Liberty Reserve was more or less designed with criminality in mind. Despite being headquartered in Costa Rica, the site was charged with running a $6 billion “laundering scheme” and triple-teamed by the U.S. Department of Justice, Homeland Security, and the IRS, resulting in a 20-year conviction for its Ukrainian founder

 . . . READ MORE

No comments:

The Complete Bart Simpson Timeline