Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful contraption for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can all of a sudden make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it firmer for them to do their job.” But as the arrests and convictions have flipped in, “there’s a constant shift toward observing cryptocurrency as a implement for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched arms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in comeback for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being interchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the photos and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing chunk of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We desired to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from flawless. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the holder of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their mechanism has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by exchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to shove large amounts of Bitcoin through mixing services secretly. It’s enormously noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that screenplay is playing out now. On twenty January of this year, ten guys were arrested in the Netherlands as part of an international raid on online illegal drug markets. The dudes were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The aim is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may ultimately go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next budge may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful implement for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can all of a sudden make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it stiffer for them to do their job.” But as the arrests and convictions have flipped in, “there’s a constant shift toward eyeing cryptocurrency as a device for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched arms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in comeback for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail starts.

By 2013, millions of dollars’ worth of Bitcoins were being exchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the photos and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing chunk of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We dreamed to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from ideal. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the holder of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their technology has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not convenient discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by interchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s enormously noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that script is playing out now. On twenty January of this year, ten dudes were arrested in the Netherlands as part of an international raid on online illegal drug markets. The fellows were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The objective is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may ultimately go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next budge may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful contraption for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can abruptly make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it tighter for them to do their job.” But as the arrests and convictions have flipped in, “there’s a constant shift toward eyeing cryptocurrency as a device for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched mitts numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in come back for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being interchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the photos and text describing drug products to the Bitcoin transactions that emerge in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing lump of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We desired to see everything,” Philip Koshy says.

If the data flowing through the network were ideally coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from flawless. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the holder of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their technology has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by exchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s enormously noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that screenplay is playing out now. On twenty January of this year, ten studs were arrested in the Netherlands as part of an international raid on online illegal drug markets. The fellows were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The objective is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may ultimately go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next stir may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful implement for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can abruptly make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it firmer for them to do their job.” But as the arrests and convictions have spinned in, “there’s a constant shift toward eyeing cryptocurrency as a instrument for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched arms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in come back for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being exchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the pictures and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing lump of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We wished to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from ideal. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the proprietor of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their mechanism has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not convenient discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by interchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to shove large amounts of Bitcoin through mixing services secretly. It’s enormously noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that screenplay is playing out now. On twenty January of this year, ten boys were arrested in the Netherlands as part of an international raid on online illegal drug markets. The dudes were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The aim is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may ultimately go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next stir may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful implement for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can all of a sudden make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it stiffer for them to do their job.” But as the arrests and convictions have flipped in, “there’s a sustained shift toward eyeing cryptocurrency as a instrument for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched arms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in come back for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being exchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the pics and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing lump of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We wished to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from flawless. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the proprietor of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their technology has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by interchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s utterly noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that script is playing out now. On twenty January of this year, ten dudes were arrested in the Netherlands as part of an international raid on online illegal drug markets. The guys were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The objective is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may eventually go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next budge may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful device for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can abruptly make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it firmer for them to do their job.” But as the arrests and convictions have flipped in, “there’s a constant shift toward observing cryptocurrency as a implement for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Stringently speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched palms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in come back for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being interchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the pics and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing lump of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We wished to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from flawless. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the possessor of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their mechanism has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not convenient discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by exchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s enormously noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that screenplay is playing out now. On twenty January of this year, ten guys were arrested in the Netherlands as part of an international raid on online illegal drug markets. The guys were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The purpose is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may ultimately go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next budge may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful instrument for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can abruptly make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it stiffer for them to do their job.” But as the arrests and convictions have flipped in, “there’s a constant shift toward watching cryptocurrency as a implement for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched forearms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in come back for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being exchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the photos and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing chunk of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We desired to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from ideal. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the possessor of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their technology has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by interchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s utterly noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that script is playing out now. On twenty January of this year, ten studs were arrested in the Netherlands as part of an international raid on online illegal drug markets. The boys were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The objective is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may eventually go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next stir may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful implement for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can all of a sudden make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it tighter for them to do their job.” But as the arrests and convictions have spinned in, “there’s a sustained shift toward watching cryptocurrency as a instrument for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched arms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in comeback for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being exchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the pictures and text describing drug products to the Bitcoin transactions that emerge in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing chunk of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We desired to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from ideal. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the possessor of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their mechanism has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by interchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s utterly noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that screenplay is playing out now. On twenty January of this year, ten dudes were arrested in the Netherlands as part of an international raid on online illegal drug markets. The guys were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The purpose is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may eventually go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next budge may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful device for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can abruptly make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it firmer for them to do their job.” But as the arrests and convictions have flipped in, “there’s a sustained shift toward witnessing cryptocurrency as a device for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Stringently speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched mitts numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in comeback for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail commences.

By 2013, millions of dollars’ worth of Bitcoins were being interchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the pictures and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing chunk of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We wished to see everything,” Philip Koshy says.

If the data flowing through the network were flawlessly coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from ideal. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the possessor of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their mechanism has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by interchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s utterly noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that script is playing out now. On twenty January of this year, ten guys were arrested in the Netherlands as part of an international raid on online illegal drug markets. The boys were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The purpose is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may eventually go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next budge may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful instrument for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can abruptly make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it firmer for them to do their job.” But as the arrests and convictions have spinned in, “there’s a sustained shift toward witnessing cryptocurrency as a device for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Stringently speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched mitts numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in come back for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail starts.

By 2013, millions of dollars’ worth of Bitcoins were being interchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the pictures and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing lump of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We dreamed to see everything,” Philip Koshy says.

If the data flowing through the network were ideally coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from ideal. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the possessor of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their technology has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by exchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to thrust large amounts of Bitcoin through mixing services secretly. It’s utterly noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that screenplay is playing out now. On twenty January of this year, ten boys were arrested in the Netherlands as part of an international raid on online illegal drug markets. The boys were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The aim is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may eventually go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next stir may go to the criminals.

Why criminals can t hide behind Bitcoin, Science, AAAS

Why criminals can’t hide behind Bitcoin

Bitcoin, the Internet currency beloved by computer scientists, libertarians, and criminals, is no longer invulnerable. As recently as three years ago, it seemed that anyone could buy or sell anything with Bitcoin and never be tracked, let alone busted if they broke the law. “It’s totally anonymous,” was how one commenter put it in Bitcoin’s forums in June 2013. “The FBI does not have a prayer of a chance of finding out who is who.”

The Federal Bureau of Investigation (FBI) and other law enforcement begged to differ. Ross Ulbricht, the 31-year-old American who created Silk Road, a Bitcoin market facilitating the sale of $1 billion in illegal drugs, was sentenced to life in prison in February 2015. In March, the assets of 28-year-old Czech national Tomáš Jiříkovský were seized; he’s suspected of laundering $40 million in stolen Bitcoins. Two more fell in September 2015: 33-year-old American Trendon Shavers pleaded guilty to running a $150 million Ponzi scheme—the very first Bitcoin securities fraud case—and 30-year-old Frenchman Mark Karpelès was arrested and charged with fraud and embezzlement of $390 million from the now shuttered Bitcoin currency exchange Mt. Gox.

The majority of Bitcoin users are law-abiding people motivated by privacy concerns or just curiosity. But Bitcoin’s anonymity is also a powerful instrument for financing crime: The virtual money can keep shady transactions secret. The paradox of cryptocurrency is that its associated data create a forensic trail that can abruptly make your entire financial history public information.

Academic researchers helped create the encryption and software systems that make Bitcoin possible; many are now helping law enforcement nab criminals. These experts operate in a fresh field at the crossroads of computer science, economics, and forensics, says Sarah Meiklejohn, a computer scientist at University College London who co-chaired an annual workshop on financial cryptography in Barbados last month. “There aren’t that many of us,” she notes. “We all know each other.”

When Bitcoin very first emerged, law enforcement officers were “panicking,” Meiklejohn says. “They thought these technologies were dangerous and made it firmer for them to do their job.” But as the arrests and convictions have spinned in, “there’s a sustained shift toward observing cryptocurrency as a implement for prosecuting crimes.” Even in the strange fresh world of Bitcoin, FBI Assistant General Counsel Brett Nigh said in September 2015, “investigators can go after the money.”

C. Smith/ Science

Unlike money issued by governments, Bitcoin has no Federal Reserve, no gold backing, no banks, no physical notes. Created in a two thousand eight academic paper by a still unknown person using the name Satoshi Nakamoto, Bitcoin “is an intellectual artifact,” says Patrick McDaniel, a computer scientist at Pennsylvania State University (Penn State), University Park. “It’s the frontier of economics.”

Rigorously speaking, Bitcoins are nothing more than amounts associated with addresses, unique strings of letters and numbers. For example, “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55” represents almost 30,000 Bitcoins seized during the Silk Road bust—worth about $20 million at the time—that were auctioned off by the U.S. government on one July 2014.

Those Bitcoins have been split up and switched forearms numerous times since then, and all of these transactions are public skill. The past and present ownership of every Bitcoin—in fact every 10-millionth of a Bitcoin—is dutifully recorded in the “blockchain,” an ever-growing public ledger collective across the Internet. What remains hidden are the true identities of the Bitcoin owners: Instead of submitting their names, users create a code that serves as their digital signature in the blockchain.

The job of keeping the system running and preventing cheating is left to a volunteer workforce known as Bitcoin miners. They crunch the numbers needed to verify every transaction. Added to this is an evergrowing math task known as “proof of work,” which keeps the miners fair. The calculations are so intense that miners use specialized computers that run hot enough to keep homes or even office buildings warm through the winter. The incentive for all this effort is built into Bitcoin itself. The act of verifying a 10-minute block of transactions generates twenty five fresh Bitcoins for the miner. This is how Bitcoins are minted.

Just like any currency, Bitcoin’s real-world value emerges as people trade it for goods, services, and other currencies. If you’re not a miner, you can only get Bitcoins from someone who already has them. Companies have sprung up that sell Bitcoins—at a profitable rate—and provide ATM machines where you can convert them into cash. And of course, you can sell something in come back for Bitcoins. As soon as both parties have digitally signed the transaction and it is recorded in the blockchain, the Bitcoins are yours.

As Science went to press, Bitcoin’s market capitalization, a measure of the amount of money invested in it, stood at $Five.6 billion. That money is very safe from theft, as long as users never expose their private keys, the long—and ideally, randomly generated—numbers used to generate a digital signature. But as soon as a Bitcoin is spent, the forensic trail embarks.

By 2013, millions of dollars’ worth of Bitcoins were being exchanged for illegal drugs and stolen identity data on Silk Road. Like a black market version of Amazon, it provided a sophisticated platform for buyers and sellers, including Bitcoin escrow accounts, a buyer feedback forum, and even a vendor reputation system. The merchandise was sent mostly through the normal postal system—the buyer sent the seller the mailing address as an encrypted message—and the site even provided helpful tips, such as how to vacuum-pack drugs.

Investigators calmly collected every shred of data from Silk Road—from the pictures and text describing drug products to the Bitcoin transactions that show up in the blockchain when the deals close. Ultimately, investigators needed to tie this string of evidence to one crucial, missing lump of data: the Internet Protocol (IP) addresses of the computers used by buyers or sellers.

The challenge is that the Bitcoin network is designed to blur the correspondence inbetween transactions and IP addresses. All Bitcoin users are connected in a peer-to-peer network over the Internet. Data flow inbetween their computers like gossip in a crowd, spreading quickly and redundantly until everyone has the information—with no one but the originator knowing who spoke very first.

This system worked so well that it was carelessness, not any privacy flaws in Bitcoin, that led to the breakthrough in the investigation of Silk Road. When Ulbricht, the ringleader, was hiring help to expand his operation, he used the same pseudonym he had adopted years before to post announcements on illegal drug discussion forums; that and other moments of sloppiness made him a suspect. Once FBI tracked his IP address to a San Francisco, in California, Internet cafe, they caught him in the act of logging into Silk Road as an administrator.

Other criminals could take solace in the fact that it was a slip-up; as long as you used Bitcoin cautiously, your identity was protected behind the cryptographic wall. But now even that confidence is eroded.

Among the very first researchers to find a crack in the wall were the husband-and-wife team of Philip and Diana Koshy. In 2014, as graduate students in McDaniel’s lab at Penn State, they built their own version of the software that buyers and sellers use to take part in the Bitcoin network. It was especially designed to be inefficient, downloading a copy of every single packet of data transmitted by every computer in the Bitcoin network. “We dreamed to see everything,” Philip Koshy says.

If the data flowing through the network were ideally coordinated, with everyone’s computer sending and receiving data as frequently as the rest, then it might be unlikely to link Bitcoin addresses with IP addresses. But there is no top-down coordination of the Bitcoin network, and its flow is far from flawless. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the holder of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a entire backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed.

Ultimately, they were able to map IP addresses to more than one thousand Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. It is unusual for an academic paper to cause both The Fresh York Times and the U.S. Department of Homeland Security to come calling. “It was crazy,” Philip Koshy says. Their mechanism has not yet appeared in the official record of a criminal case, but the Koshys say they have observed so-called fake knots on the Bitcoin network associated with IP addresses in government data centers in Virginia, suggesting that investigators there are hoovering up the data packets for surveillance purposes too. (The pair has since left academia for tech industry jobs.)

As criminals have evolved more sophisticated methods to use Bitcoin, researchers have followed apace. Meiklejohn—who says she regularly works with law enforcement but is “not comfy discussing the details”—was one of the very first researchers to explore Bitcoin “mixing” services. The basic idea is to protect the anonymity of transactions by interchanging many people’s Bitcoin stashes with each other, as in a shell game. The forensic trail shows the money going in but then goes cold because it is unlikely to know which Bitcoins belong to whom on the other end. “So in principle, this is a solution to Bitcoin’s anonymity problem,” Meiklejohn says.

Bitcoin Foundation Vice Chairman Charlie Shrem (right) leaves the Manhattan federal courthouse in Fresh York City in January 2014. Shrem was later sentenced to two years in prison for laundering money on Silk Road.

But even mixing has weaknesses that forensic investigators can exploit. Soon after Silk Road shut down, someone with administrative access to one of the freshly emerging black markets walked away with 90,000 Bitcoins from user escrow accounts. The thief attempted to use a mixing service to launder the money, but wasn’t patient enough to hide the tracks, Meiklejohn says. “It’s difficult to shove large amounts of Bitcoin through mixing services secretly. It’s utterly noticeable no matter how you do it.” Thomas Jiikovský, the man under investigation by Czech police, is suspected to be the thief in question.

The beauty of Bitcoin, from a detective’s point of view, is that the blockchain records all. “If you catch a dealer with drugs and cash on the street, you’ve caught them committing one crime,” Meiklejohn says. “But if you catch people using something like Silk Road, you’ve uncovered their entire criminal history,” she says. “It’s like discovering their books.”

Exactly that screenplay is playing out now. On twenty January of this year, ten fellows were arrested in the Netherlands as part of an international raid on online illegal drug markets. The dudes were caught converting their Bitcoins into Euros in bank accounts using commercial Bitcoin services, and then withdrawing millions in cash from ATM machines. The trail of Bitcoin addresses allegedly links all that money to online illegal drug sales tracked by FBI and Interpol.

If Bitcoin’s privacy shortcomings drive users away, the currency will quickly lose its value. But the request for financial privacy won’t vanish, and fresh systems are already emerging. “I don’t feel people have the right to know, unless disclosed, how much cash is in my wallet, just like I don’t feel anyone should know what conversations I’m having with anyone else,” says Ryno Matthee, a software developer based in Somerset, South Africa.

Matthee is part of a team launching a fresh anonymous online market called Shadow this year, which will use its own cryptocurrency, ShadowCash. The objective is not to facilitate illegal transactions, Matthee says. It will be up to the users, who administer the system, to police it, he says, but to help prevent manhandle, “we are going to attempt our best to filter out known keywords for drugs or worse.”

Shadow is far from the only Bitcoin competitor. Scores of alternative cryptocurrencies now exist. And some experts predict that one may eventually go mainstream. Some banks already rely on a cryptocurrency called Ripple for lodging large global money transfers. And the U.S. government “has been engaging with the cryptocurrency community and learning from them,” says Bill Gleim, head of machine learning at Coinalytics, a company based in Menlo Park, California.

Gleim believes the federal government will issue its own cryptocurrency, “maybe as soon as late 2016.” If so, it is likely to require users to verify their real-world identities. That could defeat the purpose of cryptocurrency in the eyes of privacy advocates and criminals. Or maybe not: In this technological game of cat and mouse, the next stir may go to the criminals.

Related video:

Leave a Reply

Your email address will not be published. Required fields are marked *

*