Bitcoin has swept North America’s markets as a premier investment opportunity for the past year, however they may now be known as a tool for Russian spy operations. Ironic, considering Putin’s past opposition to the service’s availability in the Russia.
This week’s indictment of seven Russian government agents may bring some information tot light about the nature of Russia’s cyber-infiltration, and may implicate bitcoin as a faction of Russia’s cyber warfare medium.
The indictment brings notice to the emergence of Russia’s military agency called the Main Intelligence Directorate of the Generate Staff (GRU), whose operations have been of concern between the years 2014-19. The report implicates seven members of the GRU for sophisticated criminal cyber intrusion and the victimization of US citizens, corporate entities, and international organizations and their employees.
A large portion of those targeted were US international anti-doping agencies, sporting federations, anti-doping officials, and over 250 athletes from over 30 countries. It is believed these doping agencies were hacked by GRU’s operations in retaliation for their efforts to expose the 2014 Russian doping scandal, which had led to a ban on Russian participation in the 2016 Olympics in Rio de Janeiro).
The GRU also were detailed in their targeting of athletes’ medical records and posted them on social media accounts online. At least according to US officials, the GRU intelligence organization was able to utilize Bitcoin to fund its initiatives.
In essence, Russian conspirators required money to purchase hacking infrastructure and to reduce any trace back to the motherland, they required a complex web of transactions to shield their identity. They typically made multiple operational accounts and names, with a specific fondness for cryptocurrencies such as bitcoin, to further mask themselves and the sources of their hefty capital.
According to the report, the conspirators used 38 common IP addresses (through bitcoin) in order to wreak havoc at the World Anti-Doping Association (WADA) and the United States Anti-Doping Association (USADA).
Although Russia’s conspirators used a variety of other currencies, including $USD, to conduct transactions, but they preferred bitcoin when required to purchase servers, register domains, or otherwise make payments to further their cyber interference activities. Many of these payments were processed by US-located companies before eventually processing services to hosting companies and domestic registrars.
To avoid creating a centralized trail of suspicious purchases, GRU and the Russians obtained infrastructure through the use of hundreds of fake email accounts, and often a new account per purchase. All the names and addresses used were fake, as an attempt to obscure the links between their identities online and their links to the Russian Federation.
The indictment claims: “On occasion, the conspirators funded the purchase of computer infrastructure for their hacking activity in part by ‘mining bitcoin’”. The bitcoin credit from GRU’s mining activity was used for example, to pay a US company to register the domain name wada-arna.org through another domestic payment processing company in order to fund Russian cyber malware.
The GRU’s targets far extend beyond the WADA and USADA. Organizations such as FIFA and IAAF (International Association of Athletics Federation) were also targeted by Russian hackers. The same GRU hackers have also orchestrated attacks against a Pennsylvania energy company, Spiez Swiss Chemical Laboratory”.
Although Russia’s involvement in the scandal had already been known to the general public, its connection with bitcoin was a surprising development in the indictment.