
A Blockchain Analysis of the July 13th Mueller Indictment - FatalLogic
https://blog.cotten.io/bitcoin-money-laundering-and-muellers-12-e2fa91097e12
======
jcranmer
I have to imagine that the first person at the FBI (or whichever agency is
responsible for tracking money laundering) to come across bitcoin fell out of
their chair laughing when they came across it. It's a protocol that has a
public, dated, irrefutable log of every transaction made... and its users
think it untraceable (or at least, they thought it untraceable back when it
first came out).

~~~
colordrops
it's about as untraceable as cash. If you pick some up anonymously, then use a
different address for each transaction, all while obfuscating your connection
using Tor or the like, your transactions should be difficult to trace.

~~~
jcranmer
What makes cash difficult to trace is the difficulty of establishing that
transactions took place in the first place, let alone other potentially
pertinent details.

The fact that Bitcoin has a public record of all transactions makes it far
easier than cash to deanonymize addresses. Suppose you bought $2.56 worth of
Bitcoin via credit card from a friendly Bitcoin seller that doesn't keep any
record of this transaction. The government can go to VISA and ask "okay, who
gave $2.56 to this vendor within this time frame." Now the government knows
your credit card, and can then ask VISA to find all of the other transactions
you did, and then look for bitcoin movement of the appropriate size to those
transactions involving single-use addresses. All of those addresses are now
tied together.

See, the untraceability is entirely dependent on how good your operational
security is, and how well you know the capabilities of government financial
tracking. And, when you consider that governments have been trying to tackle
this problem for difficult-to-trace cash flow, bitcoin is at best no harder
and at worst much easier.

~~~
colordrops
Visa would not be considered an anonymous source.

And cash has ID numbers, of which official entities and corporations also
track.

Both cash and bitcoin require good opsec.

------
chvid
This is great,

I wish there was more technical discussion of the hack and the indicment. Due
to the political nature of the case nearly everything written is extremely
partisan. However there is actually quite a bit of "source material" out
there: The indicment, the crowdstrike analysis, the published hacked data, the
bitcoin blockchain. Which could use some cold headed technical analysis.

Due to the nature of the case the FBI seems to have thrown more resources
after the investigation than they normally would do. One thing I notice is
section 41 in the indicment.

As I am understanding this, the perpetrator, strugling to formulate the
contents of the wordpress site he would publish the day after, was typing in
phrases into Google (presumely) under that later would occur on the Guccifer
2.0-site.

Showing two things. That searches are logged extensively and are accessable to
American authorities. And that the said GRU perpetrators didn't really care to
cover their tracks that much.

------
throwaway5752
Details on count 10 are pretty damning. They managed to correlate their
various sources of information pretty well. There's not much to say, they
managed to tie a wallet address to a person/ip address and were able to trace
a surprising amount of attempted money laundering that way.

~~~
igivanov
Well, maybe something is damning, but if you believe that these "operatives"
signed their e-mails with their full names including patronymics and ranks
like "GRU captain" I have a cheap sunny beach in Greenland for sale. Or if you
believe that the US spies had somehow full access to this info and are not
afraid to compromise their sources by these revelations. Or, finally, if you
believe that the US security agencies including Mueller himself

[https://en.wikipedia.org/wiki/Robert_Mueller#Director_of_the...](https://en.wikipedia.org/wiki/Robert_Mueller#Director_of_the_FBI)

are to be trusted on anything at all.

~~~
throwaway5752
What is your explanation of those ledger entries? Was Mueller setting up
Russia before he was named Special Counsel?

Also, I read the indictment
([https://d3i6fh83elv35t.cloudfront.net/static/2018/07/Mueller...](https://d3i6fh83elv35t.cloudfront.net/static/2018/07/Muellerindictment.pdf))
but I missed the part about, _" these "operatives" signed their e-mails with
their full names including patronymics and ranks like "GRU captain""_. Please
point me to it?

I assumed they used stolen identities, like it seems to state in count 10's
paragraph 59 and 60, and uses multiple accounts across multiple exchanges to
obscure the money trail (paragraph 63).

edit: It's common knowledge who Robert Mueller is. He's been a public figure
for decades, and nobody ever made any effort conceal his background. Why are
you providing me a wikipedia link?

~~~
uxp
I don't think there has been any public release of information confirming the
evidence revealed in the indictment. Indictments are supposed to be somewhat
hyperbolic in appearance (not literally, but figuratively). They aren't
supposed to lie, but at the same time they will omit key facts explaining how
or why they know or suspect person X did action Y. Those facts will be
revealed to the defense or during trial. Unfortunately, these indictments will
never result in a trial or pre-trial discovery on part of the defense, so the
public may never know the reasons.

That said, the Dutch were able to watch[0] Unit 26165 (a/k/a Cozy Bear, APT29)
on CCTV, so it doesn't seem entirely implausible that the NSA or some other
FVEY group was capable of retrieving emails from whatever webmail provider
Unit 26165 was using (appears to be yandex and mail.com in the indictment).

0: [https://www.volkskrant.nl/wetenschap/dutch-agencies-
provide-...](https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-
crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/)

~~~
matt4077
> information confirming the evidence

People will never be satisfied. If/When the full emails quoted in the
indictment are released, they will point out that e-mails are just UTF-8
characters in a file that anybody could have created. There simply is no
evidence, nor is it even possible for there to be any evidence, that people
could verify at home. Even if the official Russian "Certificate of Excellence
in Hacking Democracy", printed on Russia's own polonium-laced paper, affixed
with "Putin's Seal of Outrageous Heterosexuality" self-appointed sceptics will
complain that all they can access is a photo, and the FBI isn't letting them
stop by and inspect the original.

------
craigc
The only problem is there is no way to prove that that address actually
belongs to the GRU.

The transaction referenced in the indictment clearly happened, but Mueller and
his team could have easily searched through the Bitcoin blockchain to find any
transaction that paid for a VPN, hosting, or domain registration using Bitcoin
on or around the date of the hack.

The indictment makes it sound like the request for 0.026043 BTC came via
email. I think that is a bit strange. If you are Russian Military Intelligence
about to hack the government of the United States, why would you include
references and payment info related to your Bitcoin transactions in hundreds
of emails? Surely just keeping track of the Bitcoin addresses on the
blockchain would be enough since that is the entire point of the Blockchain.
Keeping a reference via email sounds like a good plot for an episode of
America’s Dumbest Criminals, not the Russian military.

It is certainly possible that this is exactly what happened, but I think the
American people deserve to see some evidence.

~~~
downandout
_The only problem is there is no way to prove that that address actually
belongs to the GRU._

They don't have to. This case isn't going to trial; it was basically a PR
stunt. It wouldn't survive a trial. The strategy is simple: Indict a bunch of
people that you cannot extradite, and you get a PR win with just some broad
strokes and have to prove nothing. You get to keep your unlimited budget to
continue the investigation, and the press keeps listening to you.

~~~
JumpCrisscross
Assets can be frozen. Their travel to countries who _do_ extradite will be
restricted. And evidence for levying sanctions has been produced by the
executive and judicial branches, providing the legislative branch cover. These
charges are far from pointless.

~~~
downandout
Your reply is off topic. What does any of that have to do with the point of my
comment? My point was that the indictment appears flimsy because prosecutors
knew that they would never actually have to prove these charges beyond a
reasonable doubt in a court of law. There is a reason that every single person
indicted here happens to be beyond the reach of the US government. If you know
that you will never have to try the case, you can make all the accusations you
think are reasonable (even if you know you cannot prove them) and then drop
the charges you can’t prove much later if one of these guys ever actually did
wind up in custody (which is extremely unlikely).

------
throwaway_98554
Great, now I know how to frame someone using Bitcoin.

1\. Select a victim 2\. Every time you are about to make a Bitcoin
transaction, send an email to the victim's address requesting the amount you
are about to send. (Bonus point if you can get directly into the spam folder.)
3\. Send bitcoins as you intended to do.

Now lay back and wait for your victim to be linked to your shady activities.

(I'm writing this as a critique of the technique used and conclusions reached
in the article. Hopefully the investigation has something more robust.)

~~~
duxup
Or just pick someone and watch the chain and send the appropriate emails.

I used to do that in a weird way with a lightly paranoid coworker (he wasn't
battling mental illness or anything, he was fine). He did have a lot of
concerns about e-privacy in the 90s (legit forward thinking stuff) and I would
send him emails through open mail relays like whitehouse.gov and such "Hey man
I dropped off all the magic white powder stuff in your blue Honda Accord.". It
was all in jest, he was fine last I heard.

~~~
tomglynch
Hahaha, I like how much you justify him being okay

~~~
duxup
Well I said paranoid... didn't want anyone to think he was in a clinical
sense.

------
plaguuuuuu
>In short, we can be confident that the bitcoin address used in the alleged
conspiracy was 1LQv8aKtQoiY5M5zkaG8RWL7LMwNzVaVqR.

I tried to verify this using blockchain explorer and couldn't find any
matching addresses, is there a better way to do this? I'm pretty out of the
loop at this point (last used it years ago)

~~~
sillysaurus3
[https://www.blockchain.com/en/btc/address/1LQv8aKtQoiY5M5zka...](https://www.blockchain.com/en/btc/address/1LQv8aKtQoiY5M5zkaG8RWL7LMwNzVaVqR)

~~~
plaguuuuuu
Thanks!

------
slim
That's not money laundering. There's no dirty money involved and it's not
about the money at all

------
patrickg_zill
A skeptic's counterpoint: [https://www.strategic-
culture.org/news/2018/07/19/establishm...](https://www.strategic-
culture.org/news/2018/07/19/establishment-strikes-back.html)

~~~
sehugg
The site you linked: _Strategic Culture Foundation, a Moscow think tank run by
Yuri Profokiev, a former head of Moscow’s Communist Party and member of the
Soviet Politburo._

~~~
nutjob2
And happens to be strongly pro-Trump. How curious.

~~~
BRAlNlAC
Really? this article[1] doesn't seem pro-Trump at all.

[1][https://www.strategic-
culture.org/news/2018/07/18/stripping-...](https://www.strategic-
culture.org/news/2018/07/18/stripping-away-local-governmental-powers-global-
rising-tide-fascism.html)

------
exabrial
Ultimately, by letting their servers unsecured, the DNC, RNC, and HRC, DTC are
fully guilty of nothing [sic][sarcasm]

Cough b.s. DNC needs to sober up and admit defeat ahead of the RNC hack
releases. Right now the hilarious Trump Derangement Disorder they're suffering
from will only continue to promote inequality.

~~~
duxup
Bad security maybe, but facing a state sponsored and determined attack and I'm
not sure given enough time that any security is enough.

We're already at a point where security researchers question if you can ever
declare any device "clean" simply due to the complexity of devices and
attacks.

