Chainalysis exec touts blockchain analysis to Senate homeland security committee

Please fol­low and like us:
Pin Share

The col­lec­tion and pro­cess­ing of infor­ma­tion was a major theme at the Unit­ed States Sen­ate Com­mit­tee on Home­land Secu­ri­ty and Gov­ern­men­tal Affairs (HSGAC) hear­ing June 7 titled “Ris­ing Threats: Ran­somware Attacks and Ran­som Pay­ments Enabled by Cryp­tocur­ren­cy.” The com­mit­tee host­ed pan­el of pri­vate sec­tor experts who dis­cussed the prob­lem of ran­somware attacks and the chal­lenges of col­lect­ing and using the infor­ma­tion nec­es­sary to fight them. 

Com­mit­tee chair Gary Peters of Michi­gan, who intro­duced the Strength­en­ing Amer­i­can Cyber­se­cu­ri­ty Act in Feb­ru­ary, said the gov­ern­ment lacks suf­fi­cient data even to under­stand the scope of the threat posed by ran­somware attacks. Attack­ers almost exclu­sive­ly ask for pay­ment in cryp­tocur­ren­cy, he added.

Sev­er­al fig­ures were trot­ted out to quan­ti­fy the prob­lem. Chainal­y­sis head of cyber threat intel­li­gence Jack­ie Burns Koven said the com­pa­ny had iden­ti­fied a record $712 mil­lion paid to attack­ers in 2021, with 74% of the mon­ey going to threat actors in Rus­sia or with links to Rus­sia. The aver­age pay­ment was $121,000, and the medi­an pay­ment was $6,000. Attack­ers often use a Ran­somware-as-a-Ser­vice busi­ness model.

Relat­ed: Mak­ing cryp­to con­ven­tion­al by improv­ing cryp­to crime inves­ti­ga­tions worldwide

Ran­somware is a form of extor­tion, and it exist­ed before cryp­tocur­ren­cy, Insti­tute for Secu­ri­ty and Tech­nol­o­gy chief strat­e­gy offi­cer Megan Stifel and Cov­eware CEO Bill Siegel said. Know­ing what infor­ma­tion to col­lect when an attack occurs and how to orga­nize the infor­ma­tion is a major chal­lenge for law enforce­ment, Siegel added. 

Infor­ma­tion col­lec­tion often is “a con­vo­lut­ed mess at the worst pos­si­ble moment,” com­mit­tee mem­ber James Lank­ford of Okla­homa said. Mul­ti­ple agen­cies demand over­lap­ping but not iden­ti­cal data from vic­tims of attack in its after­math, then pros­e­cu­tion of the case could take years. Those fac­tors, along with con­cerns that the attack­ers will not release an encryp­tion key if law enforce­ment becomes involved, explains much of the hes­i­tan­cy of vic­tims to report attacks.

Stifel sug­gest­ed that des­ig­nat­ing a sin­gle agency to receive and triage data after an attack would improve infor­ma­tion col­lec­tion, espe­cial­ly if busi­ness­es estab­lished a rela­tion­ship with that agency pri­or to the attack. 

Koven said blockchain analy­sis can pro­vide “imme­di­ate insight into the net­work of wal­let address­es and ser­vices (e.g., exchanges, mix­ers, etc.) that facil­i­tate the illic­it actor,” in con­tract to the lengthy process­es of tra­di­tion­al finan­cial investigation. 

U.S. gov­ern­ment sanc­tions imposed on ran­somware actors and their facil­i­ta­tors are high­ly effec­tive, Koven con­tin­ued. She point­ed to sanc­tions against Rus­sia-based cryp­tocur­ren­cy exchange Garan­tex and trad­er Suex as exam­ples. Mon­ey flows “drop to almost zero” after sanc­tions, she said. In addi­tion, blockchain analy­sis can track the rebrand­ing of attack­ers, and Chainal­y­sis has devel­oped tech­nol­o­gy to track funds through cryp­tocur­ren­cy mixers. 

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *