On July 14, 2018, the DoJ indicted 12 officers of the Russian intelligence agency, the Main Intelligence Directorate of the General Staff (GRU). These GRU agents allegedly executed large-scale hacking attacks aimed at interfering with the 2016 U.S. presidential elections. Specifically, the indictment first count, “Conspiracy to Commit an Offense Against the United States,” charges that GRU agents engaged in cyber operations that included the staged releases of hacked documents. The indictment’s tenth count, “Conspiracy to Launder Money,” details how the GRU agents used the cryptocurrency to fund the infrastructure they used in their hacking operations. The indictment states: The Defendants conspired to launder the equivalent of more than $95,000 through a Web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin. GRU agents also used U.S. dollars and other fiat currencies. However, the indictment points out, conspirators “principally used bitcoin when purchasing servers, registering domains, and otherwise making payments in furtherance of hacking activity.” For example, GRU agents were paid from funds originating from an unnamed online cryptocurrency service for the registration of the domain dcleaks.com and the leasing of a server registered with the operational email account email@example.com. Moreover, Russian intelligence agents used the account under the username “gfadel47,” to receive Bitcoin payments requests from different email accounts. GRU attempted to avoid detection of their operations, on the assumption that Bitcoin transactions were anonymous. The use of bitcoin allowed the Conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds. However, as the indictment explains, Bitcoin transactions are registered on the blockchain with their respective bitcoin addresses, which are alpha-numeric identifiers. These addresses allowed U.S. investigators to identify some of the conspirators’ digital transactions. GRU Agents Mined Bitcoins to Fund Cyber Attacks Russian agents used the same computers for hacking activities as well as for performing Bitcoin payment transactions. In effect, Russian agents funded their hacking operations using different mechanisms involving cryptocurrencies, including the mining of Bitcoin. The indictment states:
In addition to mining bitcoin, the Conspirators acquired bitcoin through a variety of means designed to obscure the origin of the funds. This included purchasing bitcoin through peer-to-peer exchanges, moving funds through other digital currencies, and using pre-paid cards. They also enlisted the assistance of one or more third-party exchangers who facilitated layered transactions through digital currency exchange platforms providing heightened anonymity.
According to the indictment, the conspirators used the Bitcoin generated from mining to pay a Romanian company to register the domain dcleaks.com through a payment processing company located in the United States.In addition to mining, GRU agents used several other means to obtain bitcoins:
This included purchasing bitcoin through peer-to-peer exchanges, moving funds through other digital currencies, and using pre-paid cards. They also enlisted the assistance of one or more third-party exchangers who facilitated layered transactions through digital currency exchange platforms providing heightened anonymity.
Russian Military Sets up Blockchain Research Center
Read more at: