This talk will be presented by CSH visitor Gibran Gómez, IMDEA Software Institute on Friday, November 25 at 3pm in the Salon.
If you would like to attend, please email to firstname.lastname@example.org.
Title: Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration
Bitcoin, the first implementation of the blockchain technology, is frequently abused by cyber-criminals: scams, extortion, thefts, ransomware, etc. In this talk we will present a novel, fully automated transaction tracing technique, useful for searching for financial relations between malicious actors and (benign) services, which can lead to their attribution.
Together with his colleagues, Gómez evaluated back-and-forth exploration on 30 malware families. They build oracles for 4 families using Bitcoin for C&C and use them to demonstrate that back-and-forth exploration identifies 13 C&C signaling addresses missed by prior work, 8 of which are fundamentally missed by forward-only explorations. Their approach uncovers a wealth of services used by the malware including 44 exchanges, 11 gambling sites, 5 payment service providers, 4 underground markets, 4 mining pools, and 2 mixers.
In 4 families, the relations include new attribution points missed by forward-only explorations. It also identifies relationships between the malware families and other cybercrime campaigns, highlighting how some malware operators participate ina variety of cybercriminal activities.