News

Twelve Russian intelligence officers primarily used bitcoins to purchase computer servers, domain names and other IT infrastructure used to influence the 2016 U.S. presidential elections, federal prosecutors claimed Friday.

Using cryptocurrency helped the suspects shield their identities and source of funds from U.S. financial institutions, Special Counsel Robert Mueller, who has been investigating alleged collusion between Russian agents and associates of President Donald Trump’s 2016 campaign, claimed in a 29-page indictment.

Most of the more than $95,000 allegedly plowed into the conspiracy transited at some point via third-party payment processors for hosting companies, domain registrars and other Internet vendors in the United States and elsewhere, according to the indictment.

The conspirators allegedly turned to peer-to-peer exchanges to acquire most of the bitcoins that financed their operations and equipment, and tried to further obscure their financial trail by converting those bitcoins into prepaid cards and other digital coins.

They sometimes also used their own computing power to “mine” new bitcoins, some of which, according to prosecutors, paid for servers and domains used in spear-phishing operations to acquire login credentials from Democratic Party staff.

Other mined bitcoins terminated at a bitcoin address allegedly controlled by a fake persona, “Daniel Farrell,” and used to pay to renew a domain name, linuxkrnl.net, that helped install malicious software on Democratic National Committee servers.

The group allegedly operated behind false names, addresses and email accounts to coordinate bitcoin payments to vendors for equipment and services used in the hacks.

Nine months before the election, one account, “gfadell1147,” received a request to transfer “exactly 0.026043 bitcoin” to a 34-character bitcoin address.

“Shortly thereafter, a transaction matching those exact instructions was added to the blockchain,” federal prosecutors claimed Friday.

The indictment does not clarify whether any of the payment processors and exchanges had registered as money services businesses, flagged any suspicious transactions tied to the scheme or otherwise complied with anti-money laundering rules.

Criminals likely exploit the uneven adoption of anti-money laundering standards by cryptocurrency exchanges in different countries, Scott Dueweke, president of the Identity and Payments Association, told ACAMS moneylaundering.com last month.

“Let’s say you use a reputable exchange and then go and convert that virtual currency into some other in another exchange outside the United States or Europe, the trail may be lost,” Dueweke, also director of Dark Tower, a cyber-defense firm in North Carolina, said.

The U.S. Treasury Department’s Financial Crimes Enforcement Network and Internal Revenue Service have examined some 30 percent of the estimated 100 cryptocurrency firms that registered with the bureau in the past four years.

“FinCEN and other regulators have made clear they’re on the alert for regulated entities that aren’t taking their due diligence and reporting responsibilities seriously,” former senior Justice Department official David Bitkower told moneylaundering.com in an email. “This indictment is not going to lower the heat any.”

The payoff

After compromising Democratic servers, the accused allegedly pilfered and leaked thousands of records and other private communications through “DCLeaks.com,” “Guccifer 2.0” and other fictional online personas.

“The defendants falsely claimed that DCLeaks was started by a group of American hackers and that Guccifer 2.0 was a lone Romanian hacker,” Deputy Attorney General Rod Rosenstein said Friday at a press conference in Washington, D.C.

Prosecutors claimed that hundreds of email addresses tied to the operation were used only once, then abandoned.

Some criminals rely on the inaccurate assumption that cryptocurrencies guarantee them complete anonymity, Stefan Cassella, former deputy chief of the Justice Department’s asset forfeiture and money laundering section, said.

“While it is harder to determine identity of the person behind a bitcoin transaction, it is not impossible,” Cassella, now chief executive of Asset Forfeiture Law in Maryland, said. “They are all recorded in the blockchain, and if you have a link from a particular bitcoin address to a particular person or computer you can identify them.”

Other analysts questioned whether investigators and compliance officers can consistently depend on the blockchain to target individuals behind suspicious transactions.

“The fact you have a public ledger is helpful in terms of being able to track bitcoins, but if you are unable to pierce through the identity of the people behind the transactions that’s of limited value,” Dan Stipano, former deputy chief counsel for the Office of the Comptroller of the Currency, said.