NSA Has Been Tracking Bitcoin Users Since 2013, Recent Snowden Documents Reveal
During his 2015 trial, Silk Road creator Ross Ulbricht’s defense attorneys raised questions about the government’s case that, although they were ultimately disregarded by the jury, have continued to bother crypto users with an affinity for so-called “conspiracy theories”. They pointed out vagaries in the FBI’s account of its years-long pursuit of Ulbricht, and questioned whether the bureau had truly discovered Ulbricht’s involvement on its own, or whether it had help from other deep state elements, namely the National Security Agency.
Of course, the judge, who eventually sentenced Ulbricht to life in prison without the possibility of parole, refused to entertain their argument. But if they were correct, it would mean that the government’s whole case was built on evidence that was ultimately inadmissible.
As it turns out, Ulbricht’s lawyers were on to something.
In a blockbuster report published in The Intercept, reporter Sam Biddle cited several documents included in the massive cache of stolen NSA documents that showed that the agency has been tracking bitcoin users since 2013, and has potentially been funneling some of this information to other federal agencies. Or, as Biddle puts it, maybe the conspiracy theorists were right.
It turns out the conspiracy theorists were onto something. Classified documents provided by whistleblower Edward Snowden show that the National Security Agency indeed worked urgently to target Bitcoin users around the world – and wielded at least one mysterious source of information to “help track down senders and receivers of Bitcoins” according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.
Using its ability to siphon data directly from the fiber-optic cables, the NSA managed to develop a system for tracing transactions that went well beyond simple block chain analysis. The agency relied on a program called MONKEYROCKET, a sham Internet-anonymizing service that, according to the documents, was primarily deployed in Asia, Africa and South America with the intention of thwarting terrorists.
The documents indicate that “tracking down” Bitcoin users went well beyond closely examining Bitcoin’s public transaction ledger, known as the Blockchain, where users are typically referred to through anonymous identifiers; the tracking may also have involved gathering intimate details of these users’ computers.
The NSA collected some Bitcoin users’ password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users’ internet addresses, network ports, and timestamps to identify “BITCOIN Targets”.
The NSA’s budding Bitcoin spy operation looks to have been enabled by its unparalleled ability to siphon traffic from the physical cable connections that form the internet and ferry its traffic around the planet. As of 2013, the NSA’s Bitcoin tracking was achieved through program code-named OAKSTAR, a collection of covert corporate partnerships enabling the agency to monitor communications, including by harvesting internet data as it traveled along fiber optic cables that undergird the internet.
Specifically, the NSA targeted Bitcoin through MONKEYROCKET, a sub-program of OAKSTAR, which tapped network equipment to gather data from the Middle East, Europe, South America, and Asia, according to classified descriptions. As of spring 2013, MONKEYROCKET was “the sole source of SIGDEV for the BITCOIN Targets” the March 29, 2013 NSA report stated, using the term for signals intelligence development, “SIGDEV” to indicate the agency had no other way to surveil Bitcoin users. The data obtained through MONKEYROCKET is described in the documents as “full take” surveillance, meaning the entirety of data passing through a network was examined and at least some entire data sessions were stored for later analysis.
Naturally, once the NSA got involved, the notion of anonymity – whether with Bitcoin, or even some of the privacy-oriented coins like Zcash – was completely crushed.
Emin Gun Sirer, associate professor and co-director of the Initiative for Cryptocurrencies and Contracts at Cornell University, told The Intercept that financial privacy “is something that matters incredibly” to the Bitcoin community, and expects that “people who are privacy conscious will switch to privacy-oriented coins” after learning of the NSA’s work here. Despite Bitcoin’s reputation for privacy, Sirer added, “when the adversary model involves the NSA, the pseudonymity disappears. … You should really lower your expectations of privacy on this network.”
Green, who co-founded and currently advises a privacy-focused Bitcoin competitor named Zcash, echoed those sentiments, saying that the NSA’s techniques make privacy features in any digital currencies like Ethereum or Ripple “totally worthless” for those targeted.
While Bitcoin appeared to be the NSA’s top target, it wasn’t the agency’s only priority. The NSA also used its unparalleled surveillance powers to take down Liberty Reserve – a kind of proto-ICO that was involved in money laundering. Though the company was based in Costa Rica, the Department of Justice partnered with the IRS and Department of Homeland Security to arrest its founder and hand him a 20-year prison sentence.
The March 15, 2013 NSA report detailed progress on MONKEYROCKET’s Bitcoin surveillance and noted that American spies were also working to crack Liberty Reserve, a far seedier predecessor. Unlike Bitcoin, for which facilitating drug deals and money laundering was incidental to bigger goals, Liberty Reserve was more or less designed with criminality in mind. Despite being headquartered in Costa Rica, the site was charged with running a $6 billion “laundering scheme” and triple-teamed by the U.S. Department of Justice, Homeland Security, and the IRS, resulting in a 20-year conviction for its Ukrainian founder. As of March 2013, just two months before the Liberty Reserve takedown and indictment, the NSA considered the currency exchange its No. 2 target, second only to Bitcoin. The indictment and prosecution of Liberty Reserve and its staff made no mention of help from the NSA.
Of course, several of the agency’s defenders argued that the notion that the NSA would use these programs to spy on innocuous Bitcoin users is “pernicious”, according to one expert source.
The hypothesis that the NSA would “launch an entire operation overseas under false pretenses” just to track targets is “pernicious” said Matthew Green, assistant professor at the Johns Hopkins University Information Security Institute. Such a practice could spread distrust of privacy software in general, particularly in areas like Iran where such tools are desperately needed by dissidents. This “feeds a narrative that the U.S. is untrustworthy” said Green. “That worries me.”
But forget Bitcoin: the notion that the NSA has been illegally feeding intelligence to other federal intelligence and law enforcement agencies has been a watershed issue for civil libertarians, with implications far beyond cryptocurrency money laundering. The process, known as “parallel construction”, would, if definitive proof could ever be obtained by a defense attorney, render an entire case as inadmissible.
Civil libertarians and security researchers have long been concerned that otherwise inadmissible intelligence from the agency is used to build cases against Americans though a process known as “parallel construction”: building a criminal case using admissible evidence obtained by first consulting other evidence, which is kept secret, out of courtrooms and the public eye. An earlier investigation by The Intercept, drawing on court records and documents from Snowden, found evidence the NSA’s most controversial forms of surveillance, which involve warrantless bulk monitoring of emails and fiber optic cables, may have been used in court via parallel construction.
The timing of The Intercept’s report is also interesting. Last year (2017) was reported that a Russian national named Alexander Vinnick, the alleged mastermind of a $4 billion Bitcoin-based money laundering operation, had been arrested following an indictment that levied 21 counts of money laundering and other crimes that could land him in a US prison for up to 55 years.
And given the justice system’s treatment of other cryptocurrency-related criminals, the notion that Vinnick might spend multiple decades in prison is not beyond the realm of possibility. Of course, if the case against him is built on illegally obtained evidence, one would think his defense team would want to know.
June 14, 2018