Friday, May 30, 2014

Bitcoin's Threat to the United States National Security and Financial Interests


Bitcoin's Threat to the United States National Security and Financial Interests



Prepared By:
Glenn Ford
5/8/2014




Executive Summary

Bitcoin is a peer-to-peer decentralized virtual currency network made publicly available in 2009. Bitcoin runs as a client application or online as a digital wallet from which Bitcoins can be sent to any other Bitcoin account fast, cheap, securely, pseudonymously, with no charge back fees, and no regulations or central authority. Bitcoin transfers are secured by a triple entry bookkeeper system that allows for a distributed public ledger that is cryptographically sealed and impossible to falsify as long as the consensus network of Bitcoin users is larger than the network of an attacker. New add-ons Zerocoin and Dark Wallet for Bitcoin are being introduced into the market to make Bitcoin fully anonymous and impossible to trace. Bitcoin has quickly become the virtual currency of choice for legitimate and illegal transactions.
Bitcoin transactions are processed in 10 minute blocks and added to the continuing records block-chain by Bitcoin miners who essentially are the book keepers. Bitcoin miners are awarded newly created Bitcoins, creating a competition to be awarded the block in a special transaction called a coinbase. Bitcoin mining will continue to produce new coins until 21 million Bitcoins are in circulation in approximately 2140 A.D., at which point Bitcoin transactions will be paid for by other Bitcoin users. Bitcoin miners have set up networks just to mine Bitcoins, with the largest in North America able to compute 1,000 trillion calculations per second. New chips, called application-specific integrated circuits, designed for Bitcoin mining can produce the equivalent of 70,000 Intel chips.
Bitcoin’s value propositions have led to global adoption by many legitimate businesses from the smallest food trucks in Washington D.C. to multi-million dollar online ecommerce services such as Overstock.com. These same value propositions also pose a threat to the national security of the United States. Having complete anonymous and untraceable transactions allows terrorist financiers to send money to anyone anywhere in the world with the click of a button. The Terrorist Finance Tracking Program can no longer assist other U.S. agencies in discovering new terror cells or mapping current terrorist networks by watching the flow of money. The Dark Web’s black market is selling drugs, guns, malware, botnet services, and hundreds of other goods and services with no way to be traced by law enforcement or governments. Foreign governments can fund proxy cyberattacks using Bitcoin, further exasperating the process of attribution.
As Bitcoin becomes more pervasive it will certainly have an impact on the United States economy and financial interests. Bitcoin replaces the need for credit cards, money exchanges, ATM machines, wire-transfers and many other related financial services. As more users adopt Bitcoin traditional services will be used less and impact financial institutions bottom line. Financial sanctions, a powerful leverage in shaping policy, are of little worth if Bitcoin can circumvent the government's ability to track funds to detect evasion.
Cybercriminals has taken note of Bitcoins explosive growth and value. Cybercriminals were quick to adopt Bitcoin to launder money. The FBI shutdown Liberty Reserve, an online currency exchange system, accused of laundering $6 billion with Bitcoin exchanges. Cybercriminals targeted Bitcoin exchanges, with the most notable being the collapse of the once world’s largest, Mt Gox, when thieves were able to steal $500 million by exploiting a publicly announced bug in Bitcoin. Individuals are targeted for their Bitcoin wallets, Bitcoin Ponzi schemes are being performed and massive botnets are being used to mine for Bitcoins.
All of this leads to the need for the United States to find a way to regulate Bitcoin. Innovative ideas on how to regulate Bitcoin are needed to mitigate the threat to the United States national security, economic and financial interests, and to assist law enforcement in combating cybercrime.

Bitcoin Overview

Bitcoin, created by Satoshi Nakamoto, launched in January 2009 with the release of the first open source Bitcoin Client. Bitcoin operates as a consensus network with the payment system using only digital money and is the first decentralized peer-to-peer payment system that is powered by its users. There is no central trusted authority or middlemen involved. Bitcoin uses a triple entry bookkeeper system to solve the double-spending problem, which happens when users spend the same money twice. Triple entry bookkeeping is accomplished with payment instructions from User A to User B using a public key and User C, who is the issuer, packages the payment request in a receipt which becomes the transaction. The transaction is signed by multiple parties including one or more independent parties and this becomes strong transaction evidence (“Is Bitcoin a triple entry system”, 2011). This allows a transfer between wallet addresses in the same distributed public ledger that creates an interlocking system of continuing accounting records. The entries are also cryptographically sealed and thus falsifying or destroying the entries is nearly impossible (Tyra, 2014). The caveat to the security is that the CPU power of the network of honest nodes is majority over an attacking network and Bitcoin can only work correctly with a complete consensus among all users (Nakamoto, 2012).
Users of Bitcoin must either download a client or use an online wallet. With either approach the Bitcoins a user owns are stored in a digital wallet and Bitcoins can be sent to anyone who has a Bitcoin address (See Appendix A, Figure 1: An example Bitcoin digital wallet from an online provider), which provides both pseudonymity and transaction assurance. A Bitcoin can be divided into one hundred million smaller parts called satoshis and a transaction can be any Bitcoin whole or fraction of down to the 8th digit. If a user loses their Bitcoin wallet they lose their money forever and the Bitcoins are dormant in the block-chain with all the other Bitcoins where they stay forever since there is no private key to retrieve them (“FAQ Bitcoin”, n.d.).
Bitcoin as it stands now is not completely anonymous, but does provide pseudonymity. The public ledger, stored in a block-chain, is quite open and all transactions are public. However, with an add-on it is possible to have full anonymity. Researchers from Johns Hopkins University released the add-on called Zerocoin which is akin to an in-house laundry service by leaving your Bitcoins floating for someone else to grab, so long as you can grab the same amount of Bitcoin in the future. It does require near full adoption, due to the consensus network rule of Bitcoin, for Zerocoin to be effective and the computing power increases due to the extended cryptographic algorithms required (Miers et al., 2013). Adoption of Zerocoin could bring greater scrutiny by law enforcement such as has happened to Liberty Reserve, an online currency exchange system, accused of laundering $6 billion (Santora, Rashbaum, & Perlroth, 2013). Forbes reported on a new Bitcoin plug-in called Dark Wallet that can provide 100% anonymity to Bitcoin transactions. This is done using a feature called “trustless mixing” which combines multiple Bitcoin transactions and simultaneously sends them to new Bitcoin addresses owned by the same users. This technique erases any ownership or identifying traces of the coins and also avoids having to trust a 3rd party mixing service (Greenberg, 2013).

Bitcoin Mining

    Bitcoin mining is performed by processing transactions that occur in the Bitcoin ecosystem. The records of the current transactions, known as blocks, are added to the public ledger, known as the block-chain every ten minutes. Bitcoin mining is nothing more than a form of competitive bookkeeping. Miners build and maintain the enormous block-chain that keeps record of every Bitcoin transaction in history. To avoid fraud miners, Bitcoin’s transactions are sealed behind layers and layers of computational work, too much for anyone wanting to commit fraud to possibly compute in the 10 minute block-chain window. According to the Bitcoin protocol, in 2014 the reward is 25 newly created Bitcoins for every block added through a special transaction called a coinbase that transfers the newly awarded Bitcoins to the Bitcoin address of the miner’s choice. In 2017 this is halved to 12.5 and every four years halved again until there is an arbitrary limit of 21 million Bitcoins reached, but that won’t happen until the year 2140. At that time transaction processing will only be done with transaction fees, which will be paid to the miners. (“Bitcoin mining”, 2013).
    Mining Bitcoins has become a big business, with the largest known Bitcoin mining operation in North America located in Washington State at an undisclosed location with 1 petahash of computing power. This equates to 1,000 trillion calculations per second. The setup uses 1.4 megawatts of energy and is using two warehouses filled with thousands of GPUs. The current income of this operation is $8 million worth of Bitcoin per month (Love, 2014). From a cybersecurity viewpoint Richard Bejtlich, Chief Security Strategist at FireEye, Inc., made an interesting comment on twitter when he responded to news about this Botnet mining network saying, “Best not to advertise that sort of Bitcoin operation. Great way to become the latest target for those who have the means & motive to hack.” (Bejtlich, 2014).
These types of operations are leading to an arms race in hardware. A Bitcoin chipmaker, called HashFast Technologies, has made a single chip that is equal to what would be required by 70,000 Intel chips for Bitcoin mining. HashFast’s new chip is using application-specific integrated circuits, or ASICs technology (Vance, 2013). Additionally small to medium Bitcoin mining networks are using a concept known as mining pools, which allows multiple miners to pool their collective resources together and split the awarded Bitcoin’s based upon resources used using the satoshis Bitcoin subunits.

United States National Security Risks

The use of Bitcoin has become pervasive in the financial ecosystem. It is being used from the smallest food trucks in Washington D.C. (Naseem, 2013) to United States political funding at the state and federal level (Liberto, 2014). NASDAQ reported a growing list of major companies such as Overstock.com, Virgin Galactic, Etsy, and OkCupid already supporting Bitcoin. Ebay, Paypal and others are in the final stages of deciding whether to provide support for Bitcoin (Kar, 2014). Why is this happening? It is because of the value proposition of Bitcoin to an organization's customers, from ordering a hot dog on a street corner, to large contributions to your favorite politician. Bitcoin provides convenience to the average consumer because it’s a digital currency, requires no bank, and the transactions are secure. For some, having pseudonymity is also an important added value proposition because people don’t want private or public sectors monitoring their spending habits like would happen with a credit card. The dark side of Bitcoins value propositions is what could be a threat to the U.S. national security and three of the most worrying are:
  1. Bitcoin transactions being completely anonymous and untraceable with plug-ins such as Zerocoin and Dark Wallet. 
  2. The Bitcoin assets of a person or organization cannot be frozen or in any other fashion seized because the only way to access their funds is with the account holder’s private key to unlock their Bitcoin wallet and the decentralized peer-to-peer nature of Bitcoin.
  3. There is no way to control Bitcoin through any financial institution or authority because it is a decentralized peer-to-peer network that relies on no trusted central authority or middlemen. (Hilse, 2013)

The escalation in threat for cyberterrorism and cybercriminals increases because of Bitcoin’s global acceptance and untraceable currency by individuals or organizations that engage in these activities.

Terrorists Empowered by Untraceable Funding

Shortly after the September 11, 2001 terrorist attacks the United States Department of the Treasury developed the Terrorist Finance Tracking Program (TFTP). TFTP is designed to identify, track and pursue terrorists and their associated funding networks. The U.S. Treasury Department has the capability to assist in broad U.S. Government agency initiatives to uncover terrorist cells and mapping terrorists networks both in the U.S. and abroad by tracking terrorist money flows. With the growth of digital currencies and untraceable transactions, the TFTP will no longer be able to provide these capabilities when virtual currencies such as Bitcoin are used. Given that Bitcoin is the digital currency on the “Dark Web”, the part of the internet that is not searchable by standard Search Engines and the center of the underground marketplaces, there is a clear and present danger to the TFTP to perform its job. Bitcoin allows funding operations around the globe to be done anonymously and with no regulation.
The Aspen Institute’s 2013 National Security Forum had David Cohen, the Treasury Under Secretary for Terrorism and Financial Intelligence, and John Carlin, Assistant Attorney General for National Security as panelists moderated by Michelle Cottle from The Daily Beast. In that panel session both Mr. Cohen and Mr. Carlin sounded alarms about digital currencies because of its ability to provide cover for terrorists and criminals. Both panelists cast a “sinister shadow” over Bitcoin (Cottle, 2013).
Mr. Cohen released a press release titled “Addressing the Illicit Finance Risks of Virtual Currency” that had some very telling statements on virtual currency. He discussed that less attention has been given to national security risks posed by virtual currencies. He pointed out how there has been a lot of success in attacking conventional money streams and as such terrorists have had to turn to less conventional methods to transfer funds, including hawaladars, exchange houses, and cash couriers (“Remarks From Under Secretary of Terrorism”, 2014). This makes Bitcoin an appealing option for terror financiers. Funds can be sent across borders securely, cheap, and anonymously. All of these value propositions fit the needs of terror financiers.
A new counterterrorism program is being conducted by the Combating Terrorism Technical Support Office (CTTSO), a division of the Department of Defense that identifies and develops counterterrorism abilities and investigates irregular warfare and evolving threats. A memo detailing some of the CTTSO projects states, “The introduction of virtual currency will likely shape threat finance by increasing the opaqueness, transactional velocity, and overall efficiencies of terrorist attacks” (Cohen, 2014), further portraying a pattern of increased awareness of Bitcoin’s threat to the United States national security.

Black Markets Uncontrollable

Silk Road was a black market that gained a lot of notoriety, which ended up being its downfall as the FBI focused their efforts on shutting them down on October 2, 2013. According to the September 2013 sealed complaint, "From February 6, 2011 to July 23, 2013 there were approximately 1,229,465 transactions completed on the site. The total revenue generated from these sales was 9,519,664 Bitcoins, and the total commissions collected by Silk Road from the sales amounted to 614,305 Bitcoins. These figures are equivalent to roughly $1.2 billion in revenue and $79.8 million in commissions, at current Bitcoin exchange rates...”, and involved 146,946 buyers and 3,877 vendors (“Sealed Complaint 13 MAG 2328”, 2013). Silk Road was able to operate for years before being shut down and this represents one black market organization. To put this in contrast, the United States underground market generates $1.1 trillion in revenue or roughly 10% of GDP. Russia and Italy have 30% of their economy from black markets, while Sweden, Denmark, and Norway 20% of GDP (Grammy, 2011). This isn’t all necessarily internet-base black markets and certainly not all Bitcoin, but allows perspective on how large scale the underground market is. The explosive growth of the Dark Web and untraceable transactions using digital currency, such as Bitcoin, is a growing concern (Bradley, 2014). Bitcoin’s growth will only continue as more criminal organizations begin to realize the value propositions provided.
Others have expressed the same concern, such as the head of Europol’s European Cybercrime Centre (EC3), which has warned that Bitcoin and the dark web will make it harder to bring cyber criminals to justice in the future (Donnelly, 2014). Then there were the remarks by Marcus Tomas, former assistant director of the FBI’s technology division, who said developing technology to fight the Deep Web “is not adequately funded—it’s nowhere near adequately funded”. There was funding, but there have been cuts ever since sequestration and it is difficult to do a cost-benefit analysis to justify further funding (Newton-Small, 2013). The ability to use Bitcoin anonymously combined with the Dark Web gives the black market a technological edge and creates a great challenge for local, national, and international law enforcement. Even more troubling is that the Dark Web and Bitcoin provide untraceable transactions for foreign governments to fund “for hire” proxy cyberattacks, further reducing the ability to define attribution to state-sponsored cyberconflict.

United States Economic and Financial Threats

It is evident that Bitcoin is becoming an accepted norm in payment transactions. If this trend continues there will be a reduction in profits from common services such as wire-transfers, credit card fees, credit-card cash withdrawals, and ATM fees. What happens as Bitcoin becomes accepted in more and more legitimate business transactions? There could be significant losses in the banking industry, potentially impacting the value of the U.S. dollar and the authority of the U.S. Federal Reserve (“What Is the Impact of Bitcoin on the U.S. Dollar?” 2013).
Many investors turn to gold or silver as an alternative form of investment. Bitcoin provides yet another investment area but free from fees, taxation and regulation. Having Bitcoin be both a payment and investment currency further erodes the banking industry profits.
There will be a loss of currency exchange profits. Everything from purchasing products in other countries, to the traders of currency, and currency exchange for tourism will be impacted if Bitcoin becomes commonly accepted. A family living in England who visits the United States could pay for their airline tickets, hotel, taxi, food and other entertainment in Bitcoin further reducing the need for centralized banking or an exchange system because Bitcoin is a global currency and has no national borders. The United States did $200 billion in international tourism in 2012 (“International Tourism, Receipts”, n.d.). Bitcoin would certainly become a threat to U.S. financial interests if it became the currency of choice for foreign visitors.
The United States employs financial sanctions to change behavior of individuals, organizations and nations. By applying financial pressure the United States can influence the entity’s decision-making calculus (“Remarks From Under Secretary of Terrorism”, 2014). However, financial sanctions only work if detection of evasion is possible and the use of Bitcoin to give the target a method to do transactions globally and anonymously would weaken the sanctions effects.
The Law Library of Congress had a survey from forty foreign jurisdictions and the European Union and found that only China and Brazil have any regulation on Bitcoin (“Regulation of Bitcoin in Selected Jurisdictions”, 2014). There is concern that Bitcoin, with no regulation, could have a possible impact on national currencies and implications of its use for taxation. David Andolfatto, St Louis Federal Reserve Bank VP and its director of research said that while Bitcoin can’t replace the dollar, it is a threat to central banks (Neal, 2014). There will need to be continued discussions among national leaders on how to deal with these problems and the realization that Bitcoin and other virtual currencies present many challenges and innovative new strategies will need to be created to regulate Bitcoin.

Cybercrime and Bitcoin

    Bitcoin’s value has resulted in an increase in criminal organizations attacks on Bitcoin services and exchanges, money laundering, bot mining, and as the de facto transaction currency used in the Dark Web. All of these activities pose a challenge to local, national and international law enforcement. The cybercriminal activity involving Bitcoin is happening on many fronts. A few of the major exploit vectors involving Bitcoin and cybercrime are discussed in this section.

Money Laundering

    James Clapper, the Director of National Intelligence, discussed in his January 29, 2014 statement on the Worldwide Threat Assessment of the U.S. Intelligence Community, that Bitcoin is fast becoming a medium for criminal financial transactions through online payment companies. He highlighted Liberty Reserve’s operation to money launder $6 billion dollars (Clapper, 2014). Bitcoin already is popular for money laundering and poses a challenge to law enforcement because transactions are pseudonymous and very difficult to track. Add into this equation mixing services and laundering money becomes even more difficult to prevent. The release of Dark Wallet will make money laundering even easier and impossible to trace. Dark Wallet’s ability to use a trustless mixing process to erase all ownership and identifying traces openly invites money laundering activities.

Attacks on Exchanges

    Mt Gox was the world’s largest Bitcoin exchange before going into bankruptcy because of attackers exploiting vulnerability in Bitcoin transactions. This openly publicized bug was known as “transaction malleability”, which allows attackers to make a Bitcoin wallet appear as if it had not sent any Bitcoins and then users would be duped into sending the funds again. Mt Gox, Bitstamp, and BTC-e were all attacked with a massive botnet DDoS campaign which flooded the exchanges with malformed transactions designed to create confusion across their systems. All three exchanges suspended operations and Mt Gox confirmed that $500 million worth of currency had been stolen. Even with Mt Gox suspending operation cybercriminals pushed on with attacks focused on Mt Gox users by circulating emails that Mt Gox was back in business. The email would instruct users to a website where the Trojan.Klovbot malware would be installed (O'Brien, 2014). Cybercriminals are relentless in their pursuit to find ways to steal money. Online currency exchanges provide a central location to look for and exploit vulnerabilities as shown in the Mt Gox case. Even after Mt Gox shut down, the cybercriminals found a way to have Bitcoin users install malware that would continue stealing Bitcoins. Zero-day exploits in the exchange system can bring down an exchange and even threaten the future existence of Bitcoin. If Bitcoin users lose trust that their money is safe, they will quickly move their money to more conventional currency such as the U.S. dollar, silver or gold. Since the Mt Gox announcement of bankruptcy on April 24, 2014 investors began to have doubts on Bitcoin’s legitimacy (Levin, 2014).

Notable Bitcoin Cybercrimes

The first known individual to suffer a major loss of Bitcoins occurred in June 2011 when 25,000 Bitcoins were stolen from his Bitcoin wallet after his Windows computer had become compromised (Allinvain, 2011). At the time, the value was approximately $500,000 and now would be worth over $10 million. Individual users are targets of cybercrime and any who have a Bitcoin wallet on a compromised device are at risk of losing all of their money. Contacting law enforcement has little benefit due to the nature of Bitcoin transaction anonymity and individuals may not be aware of these risks. Having your money in more conventional currency, such as a bank, provides a far greater level of security for a person's money.
    Bitcoin Savings and Trust was a Bitcoin-based Ponzi scheme that fronted as a virtual hedge fund promising investors high rates of interest. Using the classic pyramid scheme initial investors made a lot of money and many soon joined. In August 2012, only 10 months after operations began, the owner shut down but not before skimming 150,000 Bitcoins from the 700,000 Bitcoins that went into the system. A year later the SEC filed a lawsuit against the owner, Trendon Shavers, for running the Ponzi (Jeffries, 2012). This shows yet another method where criminals will find a way to steal money from unsuspecting users. Bitcoin is still in a “gold rush” frame of mind by many users and their desire to make large amounts of money in a short period of time makes them prime targets.
    Input.io was an online Bitcoin wallet service that was hacked twice in October 2013, with the company losing 4,100 Bitcoins. The owner of Input.io did not cooperate with law enforcement, but did end up reimbursing all users from his own personal savings (Hern, 2013). At current market value that is almost $2 million dollars. Online Bitcoin wallet services, like exchanges, are another prime example of a centralized Bitcoin target for cybercriminals. By having many users Bitcoin wallets in one location, cybercriminals only have to break one system to steal money from many users. Users are trading security for convenience of having their Bitcoin wallet online.

Botnet Bitcoin Mining

Until the middle of 2011 Bitcoin mining was done by people using their own computer resources. In June, 2011 JavaScript code was introduced that would use visiting users computer resources to Bitcoin mine, both with and without their knowledge (Samani, n.d.). Since then there has been an explosion of machines infected by malware to create large botnets to mine Bitcoins. From May 2012 to February 2013 and also 3 weeks in April 2013 infected machines on the ZeroAccess botnet were used to mine for new Bitcoins. There is no known reason why the ZeroAccess owners stopped, but some speculation was the price of Bitcoins or that too much attention was being given to their botnet (See Appendix B, Figure 2: Mining timeline using ZeroAccess botnet). This hasn’t stopped other cybercriminal groups from running botnets to continue on, such as the Russian FeodalCash botnet that began mining for Bitcoins in May 2013 (“Security Threat Report 2014”, n.d.).
A recent report by CNET has found a new Bitcoin mining malware in Google Play. Researchers uncovered this new malware, called BadLepricon, which disguises itself as wallpaper apps, each having hundreds of installations each. The BadLepricon malware is more advanced than previous known Google Play malware found because of the various tactics employed to hide from discovery. It is not using the phone to mine unless it has more than 50% battery, the screen is turned off and internet connectivity. Additionally, to increase the half-life of BadLepricon it uses a Stratum proxy which gives the bot herder the ability to change mining pools and Bitcoin wallets to avoid discovery (Musil, 2014). Cybercriminals are exploiting mobile devices, desktop computers and servers to create botnets with enough combined CPU to mine a large number of Bitcoins for easy money and using anti-detection techniques built into the botnet malware. The only current defense to this is to continue educating the public to keep their device security software up-to-date to mitigate malware infections.

Conclusion

    Bitcoin is a peer-to-peer decentralized virtual currency network formed in 2009. Users can download a Bitcoin client and use digital wallets to send money to any other Bitcoin user pseudonymously and securely anywhere in the world with no central bank or regulation. Bitcoin transactions are fast, cheap, have no chargebacks, and provide as much privacy as a user wishes. Additionally, users can’t have their money taken away by central governments or their purchase history traced as they can with traditional payments system, such as credit cards.
Bitcoin miners’ process transactions in 10 minute blocks and are added to the block-chain using a triple entry bookkeeper system, thus assuring a highly secure transaction. Bitcoin transactions are free because of the mining operations, who are awarded new Bitcoins in exchange for the processing power provided. By about 2140 A.D. 21 million Bitcoins will be in circulation, at which point no more will ever be produced and Bitcoin mining will then be paid by other Bitcoin owners to process transactions.
    Bitcoin has quickly evolved to provide add-ons such as Zerocoin and Dark Wallet to give its users full anonymity. Bitcoin is the currency of choice for the Dark Web and these add-ons will make it very difficult, if not impossible, to trace the sellers or buyers.
    Bitcoin value propositions pose a threat the United States national security, with the three most worrisome being: (1) Anonymous transactions, (2) Bitcoins cannot be seized, and (3) No control of Bitcoin by any financial institution or authority. Cyberterrorist are empowered by the anonymity borderless ability of Bitcoin transactions. The Terrorist Finance Tracking Program, formed after the 9/11 attacks, has lost significant tactical advantage with its inability to trace money flows, which will inhibit the ability to assist in uncovering new terrorist cells and mapping terrorist networks in the U.S and abroad. Black markets will be uncontrollable with anonymous Bitcoin transactions and is a growing concern for government officials in the US. Europol’s European Cybercrime Centre has expressed these same concerns.
    Bitcoin is a threat to the United States financial and economic stability. Bitcoin has no taxation, regulation, and is free to use to buy or sell anywhere in the world securely and anonymously. Many people are looking at Bitcoin as an investment opportunity instead of more traditional investments. Bitcoin harms the United States ability to use financial sanctions as a method to modify behavior of nations. Bitcoin cannot be traced and is fully anonymous with Dark Wallet and financial sanctions only work if detection of evasion is possible.
    Cybercriminals are attacking Bitcoin users and services, with the most notorious being $500 million stolen from Mt Gox, who ended up filing for bankruptcy because of the Bitcoin theft. Users computers infected with malware can have their Bitcoins stolen. Cybercriminals are looking for any and all Bitcoin targets of opportunity. Cybercriminals are building massive botnets to mine for Bitcoin bringing them an untold amount of wealth.
    Bitcoin provides users with many luxuries, but the threats to the United States and governments around the world are worrisome. The United States will need new innovative strategies for regulation of Bitcoin and other virtual currencies to reduce the threat to the United States national security and financial interests.

References


Allinvain. (2011, January 13). I just got hacked - any help is welcome! (25,000 BTC stolen). Retrieved March 2, 2014, from https://bitcointalk.org/index.php?topic=16457.0
Bejtlich, R. (2014, March 10). Best not to advertise that sort of @Bitcoin operation. Twitter. Retrieved March 25, 2014, from https://twitter.com/taosecurity/status/443107789771399168
Bitcoin mining. (2013, October 1). WhatIs. Retrieved April 23, 2014, from http://whatis.techtarget.com/definition/Bitcoin-mining
BitKidz (2013). Block-chain wallet how to find your Bitcoin address. Retrieve April 23, 2014, from http://bitkidz.com/wp-content/uploads/2013/09/Block-chain-wallet-how-to-find-your-Bitcoin-address.png
Bradley, T. (2014, March 10). McAfee shines a light on the dangers of the Dark Web | PCWorld. PCWorld. Retrieved April 30, 2014, from http://www.pcworld.com/article/2105784/mcafee-shines-a-light-on-the-dangers-of-the-dark-web.html
Clapper, J. (2014, January 29). Worldwide Threat Assessment of the US Intelligence Community. Wall Street Journal. Retrieved May 2, 2014, from http://online.wsj.com/public/resources/documents/DNIthreats2014.pdf
Cohen, B. (2014, April 24). U.S. Navy Preparing Bitcoin Battalion. Bitcoin Magazine. Retrieved May 7, 2014, from http://bitcoinmagazine.com/12517/u-s-navy-preparing-bitcoin-battalion/
Cottle, M. (2013, July 25). The Government’s Perilous Bitcoin Chase. The Daily Beast . Retrieved April 30, 2014, from http://www.thedailybeast.com/articles/2013/07/25/the-government-s-perilous-bitcoin-chase.html
Donnelly, C. (2014, April 29). Europol highlights Bitcoin & dark net cyber security challenges. IT PRO. Retrieved April 30, 2014, from http://www.itpro.co.uk/security/22138/europol-highlights-bitcoin-dark-net-cyber-security-challenges
FAQ Bitcoin. (n.d.). Bitcoin - Open source P2P money. Retrieved April 23, 2014, from https://Bitcoin.org/en/faq
Grammy, A. (2011, November 28). The Underground Economy. CSU Bakersfield. Retrieved April 30, 2014, from http://www.csub.edu/kej/documents/economic_rsch/2011-11-28.pdf
Greenberg, A. (2013, October 31). Dark Wallet Aims To Be The Anarchist's Bitcoin App Of Choice. Forbes. Retrieved April 26, 2014, from http://www.forbes.com/sites/andygreenberg/2013/10/31/darkwallet-aims-to-be-the-anarchists-bitcoin-app-of-choice/
Greenemeir, L. (2011, January 11). Seeking Address: Why Cyber Attacks Are So Difficult to Trace Back to Hackers. Scientific American Global RSS. Retrieved April 30, 2014, from http://www.scientificamerican.com/article/tracking-cyber-hackers/
Hern, A. (2013, November 8). Bitcoin site Inputs.io loses £1m after hackers strike twice. theguardian.com. Retrieved May 2, 2014, from http://www.theguardian.com/technology/2013/nov/08/hackers-steal-1m-from-bitcoin-tradefortress-site
Hilise, L. (2013, May 21). Threat-Assessment: Bitcoin: Danger to the United States? National Security and her Economic & Commercial Interests
International Tourism, Receipts (current US$). (n.d.). Data. Retrieved May 3, 2014, from http://data.worldbank.org/indicator/ST.INT.RCPT.CD
Is Bitcoin a triple entry system?. (2011, June 11). Financial Cryptography. Retrieved April 23, 2014, from http://financialcryptography.com/mt/archives/001325.html
Jeffries, A. (2012, August 27). Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt. The Verge. Retrieved May 2, 2014, from http://www.theverge.com/2012/8/27/3271637/bitcoin-savings-trust-pyramid-scheme-shuts-down
Kar, I. (2014, February 4). What Companies Accept Bitcoin?. NASDAQ.com. Retrieved April 26, 2014, from http://www.nasdaq.com/article/what-companies-accept-bitcoin-cm323438
Levin, B. (2014, April 24). Mt. Gox crumbles into liquidation, throws Bitcoin legitimacy into question. VentureBeat. Retrieved May 2, 2014, from http://venturebeat.com/2014/04/24/mt-gox-once-king-of-bitcoins-crumbles-into-liquidation
Liberto, J. (2014, April 22). You could soon use Bitcoin to support political campaigns. CNNMoney. Retrieved April 26, 2014, from http://money.cnn.com/2014/04/22/technology/bitcoin-political-contributions/index.html
Love, D. (2014, March 10). What It's Like Inside The World's Largest Bitcoin Mining Operation. Business Insider. Retrieved March 25, 2014, from http://www.businessinsider.com/worlds-largest-bitcoin-mining-operation-2014-3
Miers, I., Garman, C., Green, M., & Rubin, A. D. (2013, May). Zerocoin: Anonymous distributed e-cash from Bitcoin. In Security and Privacy (SP), 2013 IEEE Symposium on (pp. 397-411). IEEE.
Musil, S. (2014, April 24). Bitcoin-mining malware reportedly found on Google Play - CNET. CNET. Retrieved April 25, 2014, from http://www.cnet.com/news/bitcoin-mining-malware-reportedly-discovered-at-google-play/
Nakamoto, S. (2012). Bitcoin: A peer-to-peer electronic cash system, 2009. Retrieved March 27, 2014, from http://www.Bitcoin.org/Bitcoin.pdf
Naseem, S. (2013, December 18). Is Bitcoin the Food Truck Currency of the Future?. Washingtonian. Retrieved March 28, 2014, from http://www.washingtonian.com/blogs/bestbites/food-trucks/is-bitcoin-the-new-food-truck-currency-of-the-future.php
Neal, D. (2014, April 9). US attorney general says criminals use crypto currencies. - The Inquirer. Retrieved April 16, 2014, from http://www.theinquirer.net/inquirer/news/2338945/us-attorney-general-says-criminals-use-crypto-currencies
Newton-Small, J. (2013, October 31). Why The Deep Web Has Washington Worried | TIME.com. Swampland Why The Deep Web Has Washington Worried Comments. Retrieved April 30, 2014, from http://swampland.time.com/2013/10/31/the-deep-web-has-washington-worried/
O'Brien, D. (2014, March 7). Blood in the Water: Bitcoin Woes Cause Attackers to Converge. Symantec Security Response. Retrieved May 2, 2014, from http://www.symantec.com/connect/blogs/blood-water-bitcoin-woes-cause-attackers-converge
Regulation of Bitcoin in Selected Jurisdictions. (2014, January 1). Library of Congress. Retrieved April 9, 2014, from http://www.loc.gov/law/help/bitcoin-survey/index.php
Remarks From Under Secretary of Terrorism and Financial Intelligence David S. Cohen on "Addressing the Illicit Finance Risks of Virtual Currency". (2014, March 18).U.S. Department of the Treasury. Retrieved April 30, 2014, from http://www.treasury.gov/press-center/press-releases/Pages/jl236.aspx
Santora, M., Rashbaum, W., & Perlroth, N. (2013, May 28). Online Currency Exchange Accused of Laundering $6 Billion. The New York Times. Retrieved April 8, 2014, from http://www.nytimes.com/2013/05/29/nyregion/liberty-reserve-operators-accused-of-money-laundering.html
Samani, R. (n.d.). Digital Laundry: An analysis of online currencies, and their use in cybercrime. McAfee. Retrieved April 2, 2014, from http://www.mcafee.com/uk/resources/white-papers/wp-digital-laundry.pdf
Sealed Complaint 13 MAG 2328: United States of America v. Ross William Ulbricht. (2013, September 27). Retrieved April 30, 2014, from https://www.cs.columbia.edu/~smb/UlbrichtCriminalComplaint.pdf
Security Threat Report 2014. (n.d.). Sophos. Retrieved April 25, 2014, from http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf
Tyra, J. (2014, February 10). Triple Entry Bookkeeping With Bitcoin. Bitcoin Magazine. Retrieved April 23, 2014, from http://Bitcoinmagazine.com/9969/triple-entry-bookkeeping-Bitcoin/
Vance, A. (2013, November 14). Bitcoin Mining Chips, a High-Tech Arms Race. Bloomberg Business Week. Retrieved March 14, 2014, from http://www.businessweek.com/articles/2013-11-14/2014-outlook-bitcoin-mining-chips-a-high-tech-arms-race
What Is the Impact of Bitcoin on the U.S. Dollar?. (2013, December 20). Money Morning Only the News You Can Profit From. Retrieved April 30, 2014, from http://moneymorning.com/2013/12/20/impact-bitcoin-u-s-dollar/
Wyke, J. (2013, October 1). BACK CHANNELS AND BITCOINS: ZEROACCESS’ SECRET C&C COMMUNICATIONS. Sophos. Retrieved April 25, 2014, from http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Wyke-VB2013.pdf






Appendix A



http://bitkidz.com/wp-content/uploads/2013/09/Blockchain-wallet-how-to-find-your-Bitcoin-address.png
Figure 1: An example Bitcoin digital wallet from an online provider (BitKidz, 2013).

Appendix B



Figure 2: Mining timeline using ZeroAccess botnet (Wyke, 2013)

No comments:

Post a Comment