Using the same IP for Bitcoin mining and transactions AND as an identifiable source of hacks DOES frequently allow to point the finger at the correct individuals (and their employers, obviously).
The U.S. Department of Justice (DoJ) has charged seven officers from Russia’s Main Intelligence Directorate (GRU) with cryptocurrency-funded global hacking and related disinformation operations. The indictment was filed by the grand jury at the Western District of Pennsylvania October 3.
The defendants, all of whom are alleged to work for the GRU — a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation — have been charged on multiple counts for alleged “computer hacking, wire fraud, identity theft, and money laundering,” according to a DoJ press release published October 4.
The group is said to belong to a hack team known as “Fancy Bear,” and the indictment contains charges dating back as early as 2014.
According to the indictment, in order to “facilitate the purchase of infrastructure used in their hacking activity […] [the defendants] conspired to launder money through a web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin.”
The document alleges that the use of Bitcoin (BTC) “allow[ed] the conspirators to avoid direct relationships with traditional financial institutions,” enabling them to further dissimulate their identities and sources of funds.
The defendants are further alleged to have created “hundreds of different email accounts” in order to “avoid creating a centralized paper trail of all their purchases.” Several of these accounts are said to have been dedicated to tracking Bitcoin transaction information and facilitating Bitcoin payments to vendors.
The indictment also charged the defendants with funding their activities through Bitcoin mining:
“The pool of bitcoin generated from the GRU’s mining activity was used, for example, to pay a United States-based company to register the [phishing] domain wada-arna.org through a payment processing company located in the United States. The conspirators used the same funding structure—and in some cases, the very same pool of funds—to purchase key accounts, servers, and domains used in their anti-doping related hacking activity.”
This latter reference to anti-doping related hacking activity refers to the DoJ’s charge that Fancy Bear conspired to steal data from 250 international athletes, as well as anti-doping agencies across the world. These attacks are alleged to have been in retaliation for the banning of Russian athletes from the 2018 Olympics, following suspicions of a state-sponsored doping program.
Although these specific charges are not part of the Robert Mueller investigation into alleged Russian interference in the 2016 U.S. elections, notably three of the seven officials named by the DoJ in this indictment have also been named in the Mueller investigation.
As previously reported, this July the DoJ charged twelve individuals from two units of the GRU with using crypto – allegedly either mined or obtained by “other means” – to fuel efforts to hack into computer networks associated with the Democratic Party, Hillary Clinton’s presidential campaign, and U.S. elections-related state boards and technology firms.