“Russian operatives used cryptocurrency at almost every stage in their online efforts to interfere in the 2016 U.S. presidential election, according to Special Counsel Robert Mueller’s final report on his investigation.” So says CNN, adding that “Systems used in the hacking of the Democratic Party were paid for using Bitcoin, as were online hosting services that supported websites which published hacked materials and were used in the targeting of disinformation at American voters.”
The Russian operatives (a.k.a. the Fancy Bear team) withdrew funds from both the CEX.io and BTC-e.com cryptocurrency exchanges to fund domain purchases, server rentals, and VPN services, reports Draconi, Slashdot reader #38,078. He’s correlated the Mueller report with the Bitcoin blockchain addresses referenced (indirectly) in two indictments brought by America’s Department of Justice — one for interference in the 2016 U.S. Presidential Election, and one for the public leak of Olympic drug-testing results — and shared the results of his investigation with CNN.
Russian agents, including those from the GRU, Russia’s military intelligence agency, had sought to, as the Mueller indictment of GRU agents last July outlined, “capitalize on the perceived anonymity of cryptocurrencies.” But while Bitcoin allowed Russians to “avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds,” according to the same indictment, it wasn’t enough to evade Mueller’s investigation.
Tim Cotten, a blockchain developer and security researcher who has done extensive work in tracking Russian Bitcoin accounts unearthed by Mueller’s team, noted in an interview with CNN Business that trading Bitcoins on exchanges usually requires users to set up Bitcoin wallets that are tied to an email address. Federal investigators were able to access at least some of the email accounts used in the operation, which, Cotten says, would have made tracing Bitcoin transactions a lot easier. Investigators’ access to the “the other side of the blockchain equation,” as he described it, was important because, “Rather than having to search the blockchain for clues, they already had all of the receipts demonstrating which accounts were under the GRU’s control.”
The Russians used stolen and false identities in setting up some of these accounts, according to Mueller’s team, but had used some of the same accounts to purchase servers and website domains involved in the hacking of the Democratic Party and the publishing of the hacked materials, Mueller’s indictment outlines. That, Cotten said, would have made it easier for investigators to tie the case together.
“The purchase trails are fully exposed in the Bitcoin blockchain as funds are used, consolidated, and deposited into secondary online wallets such as SpectroCoin.com and Xapo.com,” Cotten writes on his site. “Anyone can follow along and trace the payment chains to see exactly how the Russians were spending their money, when, and on what.”