On July 13, 2018, an 11-count federal indictment was filed against twelve Russian military intelligence officers allegedly infiltrating Hillary Clinton’s presidential campaign in 2016. The accused used cryptocurrencies to finance their operations and avoid the strict financial scrutiny that accompanies fiat operations.
Russian Intelligence Held Responsible
Digital Trends reported the misuse of cryptocurrencies by Russian intelligence officials to publicize stolen election documents and release sensitive data of the Democratic National Community (DNC), ensuring their true identities remained hidden.
According to the indictment, the group registered a “dcleaks.com” domain a month before starting their operations and utilized a virtual server to host information, utilizing cryptocurrencies to purchase the services. Additionally, the group made use of a URL-shortening account to “spear phish” the chairman and “campaign-related individuals” of Clinton’s political run.
DCLeaks was paid for with Bitcoin. The 11 Russian intelligence agents indicted today bought Bitcoin — and mined it themselves — to pay for the infrastructure they needed to hack into the DNC and release the documents. pic.twitter.com/VyJKx8RvA4
— Nathaniel Popper (@nathanielpopper) July 13, 2018
Several stolen emails were available for purchase on the dcleak.com website, primarily obtained from the spear-phishing efforts. Interestingly, the site claimed to be operated by “American hacktivists” working towards the campaign’s opposition and received over one million page views before its shutdown in March 2017.
More to the point, the bitcoin mined by the Russian Assailants was used to “to pay a Romanian company to register the domain dcleaks.com through a payment processing company located in the United States,” according to the Grand Jury of Washington D.C.’s indictment. The actual server was hosted by in Malaysia.
Blockchain Analysis Helping Authorities Catch Crime
While cryptocurrencies are touted for their anonymity, the blockchain’s immutability is increasingly being used by security organizations to determine an address’ behavior to narrow down on potential criminals. In case an address is linked to an individual, no amount of anonymity filters can help abate criminal intentions. Despite this, Jonathan Levin of Chainanalysis, a firm that investigates illicit activities along different blockchains, told The New York Times that:
“This is the first clear example in court documents of cryptocurrency being used to purchase capabilities that could be leveraged in attacks on national security.”
Using the mentioned methods, the U.S. Department of Justice (DoJ), was successful in identifying the accused to the Main Intelligence Directorate of the General Staff, a part of the Russian military.
The group is now charged with hacking into the computer networks belonging to the Clinton administration, the Democratic Congressional Campaign Committee, and the Democratic National Committee using the names DCLeaks, Guccifer 2.0, and “another entity.”
Guccifer 2.0 was the Twitter account used to release some of the sensitive emails from the Clinton campaign. The VPN used to generate the Twitter account was reportedly bought with bitcoin by the same Russian individuals in question.
The DoJ listed all individuals as officials in Unit 26165 and Unit 74455 of the Russian government’s Main Intelligence Directorate.
While Unit 26165 attacked employees and volunteers of the Clinton campaign by using spear-phishing methods to steal usernames and passwords, unit 74455 worked in tandem to deliver and sell stolen emails to interested parties. The latter additionally hacked websites and computers of state secretaries and administrators of various other elections.
The DoJ noted:
“To avoid detection, defendants used false identities while using a network of computers located around the world, including the United States, paid for with cryptocurrency through mining Bitcoin and other means intended to obscure the origin of the funds. This funding structure supported their efforts to buy key accounts, servers, and domains.”
Cases like these justify the stranglehold on the cryptocurrency industry, which has been widely frowned upon as a darknet financier and a medium for funding terrorists. While the U.S. remains cautious on cryptocurrencies and regulates it to some extent, major economies have largely shunned the asset class.