Crypto
Terrorist Financing in the Age of Cryptocurrency: Ep. 112 – Chainalysis
Episode 112 of the Public Key podcast is here and this is our “Live from Links” series, where we showcase our podcasts recorded live at the Chainalysis Links Conference in NYC. A case that involved crypto, terrorist financing, weapons and everything in between. We speak with several key members of the Manhattan District Attorney’s Office, including the District Attorney, Alvin Bragg, the Assistant District Attorney, Edward Burns and the Chief of the Counterterrorism Unit, David Stuart, as well as Dan Heesemann, Intelligence Research Specialist at the NYPD .
You can listen or subscribe now on Spotify, Apple, or Audible. Keep reading for a full preview of episode 112.
Public Key Episode 112: How Cryptocurrency Helped Convict a NYC Based Terrorist
“In a way, if you were a juror on this case, you got educated on cryptocurrency, terrorist financing, and also the Syrian Civil War.” – Edward Burns
In this episode, Ian Andrews (CMO, Chainalysis) has a full house as he speaks to several key members of the Manhattan District Attorney’s Office, including the District Attorney, Alvin Bragg, the Assistant District Attorney, Edward Burns and the Chief of the Counterterrorism Unit, David Stuart. As well as Dan Heesemann, Intelligence Research Specialist at the NYPD.
The team discusses a fascinating case involving cryptocurrency and terrorism financing and shares how they were able to uncover an individual sending money to a terrorist group in Syria and planning violent attacks on American soil.
They walk through the challenges of presenting technical evidence in court and the surprising defense strategy used by the defendant.
This gripping episode sheds light on the intersection of crime, cryptocurrency, and counterterrorism efforts and the persistence and collaboration law enforcement and the District Attorney’s office have to utilize in order to bring these criminals to justice.
Quote of the episode
“In a way, if you were a juror on this case, you got educated on cryptocurrency, terrorist financing, and also the Syrian Civil War… So that was a lot for them to digest” – Edward Burns (Assistant District Attorney, Manhattan District Attorney’s Office)
Minute-by-minute episode breakdown
2 | Background of the public sector guests and their entrance into cryptocurrency
4 | The People vs. Victoria Jacobs: The cryptocurrency terrorist financing case
9 | Unveiling the terrorist financier’s intent and tactics
14 | The elusive Salman Belarusi: Operational security mastermind
18 | Simplifying cryptocurrency for jury understanding
20 | Terrorism, cryptocurrency and the Syrian Conflict
22 | Jury deliberates for hours and finds the defendant guilty on all counts
25 | Manhattan DA, Alvin Bragg explains provides an update on sentencing and closure in case
Related resources
Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key.
Speakers on today’s episode
- Ian Andrews * Host * (Chief Marketing Officer, Chainalysis)
- Alvin Bragg (District Attorney, Manhattan District Attorney’s Office)
- Edward Burns (Assistant District Attorney, Manhattan District Attorney’s Office)
- David Stuart (Chief of the Counterterrorism Unit, Manhattan District Attorney’s Office)
- Dan Heesemann (Intelligence Research Specialist, NYPD)
This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.
Transcript
Ian:
Hey everyone. Welcome back to another episode of Public Key Live from Links. This is your host, Ian Andrews. We’ve got a group for this one, folks. I’m joined by David Stewart, who’s chief of the Counterterrorism Unit, Manhattan DA’s office. Edward Burns, who’s assistant district attorney in the Manhattan DA’s office. And Dan Heesemann, who’s intelligence research specialist, NYPD. Gentlemen, welcome to the show.
David:
Thank you.
Ed:
Great to be here.
David:
Yeah, great to be here.
Ian:
Now maybe we can just run down the line here, starting with you, Ed. Quick background, 30 seconds to a minute. Why are you here at the Crypto Conference? What do you do? What’s your day job? How does this all fit together?
Ed:
So I’ve been at the Manhattan DA’s office since September of 2005. I’ve worked my way up through various bureaus. I did work in narcotics, white collar crime and joined the Rackets Bureau, which houses Dave’s unit in Counterterrorism back in 2022. And once I got there, I was assigned to help out Dave in this really interesting case they told me called the people versus Victoria Jacobs. And that’s how I got involved in the cryptocurrency world.
Ian:
Amazing.
Dan:
Sure. So I’m Dan Heesemann, I’m an Intel research specialist with the NYPD, and I’m a Queen’s kid, born and raised. And so came out of college, figured out what I wanted to do and I thought the NYPD seemed like a good place to go; career, family and civil service. And just figured out the be the best place to go. So that’s how I ended up here. I’ve been here for almost seven years now. It’s scary to think about. And even though I’m not a math person by heart, back in 2019, we decided we wanted to do more in financial crimes and they needed a couple of people. And I said, well, in fourth grade, a nun made me [inaudible 00:01:49] the blackboard because I couldn’t do long vision, but I’ll be your point person.
Ian:
For financial crimes. I can take that on, but it’s obviously gone reasonably well since then-
Dan:
I would say so-
Ian:
… because you’re still here.
David:
So my name is Dave Stewart. I’m a California kid who somehow ended up in New York and I’ve been at the Manhattan DA’s office now for about 17 years. I’m currently chief of the counterterrorism unit, but I’ve done a little bit of everything throughout the office over that time working in the trial division, doing sex crimes cases, human trafficking, organized crime like La Cosa Nostra mafia cases, and now I’ve been doing counterterrorism cases for the past five or six years, which have been really fascinating insights into the way people think about the world and what motivates them.
Ian:
Well, I definitely want to get into that. The three of you literally just came off stage before jumping in here to record with us presenting at the conference on the case that you just mentioned, Ed. So maybe who wants to take us through the high level of what this case was, The People versus Victoria Jacobs.
David:
I’ll start at a high level and then maybe Dan and Ed can kind of jump in and fill in the gaps or the details. So at the highest level, you have a woman who lived in New York City who became immersed within terrorist online ecosystems in Syria and other places, and essentially became obsessed with doing Jihad. And one of the ways that she could do that was to finance and launder money for these groups overseas.
And what we found is that she ultimately sent and laundered over $12,000 over a nine-month time period in 2008 and 2019, but she didn’t stop there. She then sent the group bomb making instructions so that they could make IEDs and kill people with them. And she also acquired illegal knives here in New York City and told people that she was planning a special mission to carry out behind enemy lines.
And I think code for her enemy lines was people right here in New York City. So a very scary, dangerous individual. And thanks to NYPD and the rest of the team, we were able to make arrests and charge her and ultimately convict her of terrorism crimes after a three-week jury trial just this last January.
Ian:
What was the tip or the lead that exposed this? How did it all start, that maybe we have somebody here who’s doing some really bad stuff.
David:
I’ll let Dan jump in for this one.
Dan:
So essentially part of the financial crimes portfolio is reading federal compliance data and making sense of that. And a lot of times it’s just a lot of, I want to say narrative. There’s this person did X, this person did Y, but in this case, we had someone that was in New York that I think this is notable for the crypto folks here, because she was using a nested service.
So the filer that filed this report was not the company she was using. She was using a service underneath that company, that was kind of like a contracted service. And so I think she was trying to be savvy by going outside of a US jurisdiction area to send this money. But in fact, the parent company that was provided the backbone was compliant with US laws or written through this report. And I said, “Well, this is not going to work out for us initially, because we’re here in New York and this company is based elsewhere.”
But then you read, they actually are compliant, we can make this work. So after doing the initial tracing the workup on the subject, we came over to Dave and I don’t think we had reactor at the time, because this is so early on to our adoption of cryptocurrency. And I had a piece of paper I said, “All right, so these are cryptocurrency transactions from someone on the Upper East Side that ended up in Syria. I know it’s farfetched, but you think we’d make this work?” And it worked from there. I think for the folks on the law enforcement side, pitching to the prosecutors is one of those things that you don’t do until that there’s a chance that this case could go to trial. And for us, that’s a fairly high bar.
David:
So the funny part about it is that prior to Dan walking into our office and pitching us this case, we had been doing a lot of terrorism financing work involving Syria. So we were very familiar with how Syrian terrorists were financing their operations there, especially how they use cryptocurrency. And we had done a lot of tracing and graphing using chain analysis at their very early stages of an entity that was an exchange in Syria called Bitcoin Transfer. And it turns out that the individual that Dan came walked into our office was an unknown wallet that we had known about within-
Ian:
Oh, you’re kidding.
David:
… that cluster and tracing graph. And it wasn’t until Dan had kind of unpeeled the layers of that onion and identified it that we were able to see where she fit within the grander scheme of things.
Ian:
Wow.
Dan:
[inaudible 00:07:04] he was going from the top down. We were going from the bottom up, and it kind of just went right in the middle.
David:
So it’s always better to go bottom.
Ian:
I’m curious about, because I’m very much not familiar with Syrian terrorist fundraising practices. What’s the scale of that? Are there a lot of people in the United States who are sending money to support those types of causes? Is this a widespread thing or a high dollar value thing?
Dan:
Not high dollar value map, no. But there are a lot of cases that we’ve seen come out in the past, what, three years probably. And the FBI obviously had the majority of them, but it’s there. It’s a real present danger that people think that they are here in the US and that they can’t travel there, but they can support them financially. And they know a lot of times exactly what they’re sending the money for.
David:
These groups mostly earn their money from local taxation, extortion rings in other ways. For us, the more interesting part of it’s who are the people here that are so infatuated with these groups radicalizing that they’re willing to risk send money to these groups? So those are people that we’re worried about from a kind of mobilization of violence scenario. Obviously want to prevent them from financing terrorism, even if it’s low dollar amounts, but obviously very concerned that this is the type of person that’s going to take that next step. We want to identify them.
Ed:
And I think you just touched upon what the dollar amount is. I would anticipate seeing major dollar amounts move through in this area, just like in any other, comparing other previous crimes that we’ve investigated, as you’ve money laundering and compliance and other regulatory bodies, they know that a certain threshold is going to alert everybody up. So it helps these groups to do smaller dollar amounts. And you see that in money laundering or even the basic people avoiding their currency transaction reports by doing multiple deposits under the $10,000 threshold.
So I think one thing that I’ve learned here is you’re not going to find one group in an organized way, maybe moving millions of dollars, but instead you could have dozens of people moving $10,000 amounts and then maybe not in an organized way, but the money is still getting there, but it’s just going to small amounts to sort of avoid detection and keep us off the trail.
Ian:
No, that’s fascinating. And so then take us back to the case. So you realized that… David, you’ve been mapping this organization from the top down. We’ve discovered a wallet belonging to an individual living here in Manhattan that’s been sending money to this organization. What happens next?
Dan:
Lots of warbles.
David:
No. Dan and I were at the initial stages working on this case. So I will say the first thing we did was started to write legal process to get the records from the exchange that identified her as the person who set up the account that sent the initial transaction. And then once we knew who she was, kind of get a better sense of who she is and what other accounts she might be using, which then led to a search warrant on her email account. And Dan or Ed could jump in and talk about some of the really interesting things that we found.
Ed:
I think Dan should be able to do it since I wasn’t even involved in this point. I didn’t even know that this was going on yet and then I can kind of jump in.
Dan:
No, absolutely. So I think to Dave’s point, legal process, so subpoenas and those are really useful. And I think one of the things that comes up in investigation of all sorts in law enforcement, but particularly in cryptocurrency and these complex things, is the idea of going down rabbit holes. And if you’re continuing to go down this rabbit hole, you’re not going to come up with anything. It’s going to be a dry hole. But in this case, we never I think, went too far down a rabbit hole without finding something that said, all right, we need additional process here.
We need to go further and actually subpoena that next email address or that phone number, because always something there. There was always another there. But essentially in the emails, what we found was that she was communicating with two individuals that when we traced their email addresses back in open source, so this is just simply Googling stuff.
We saw that they were prolific HTS and Malhama Tactical affiliated individuals. The one guy was a German citizen that was fighting there and he would basically… His byline on his telegram chat account was a German Mujahid documenting the everyday life of Mojahidin Shem. And that email was the exact same handle, so that was a really interesting piece.
And the other guy, Musab Sharqiya, and we just touched on this in the presentation, but he was a complete blank hole. We couldn’t find anything on his name. It wasn’t a real name. We were concerned that it was just someone that was completely unidentified, which would be maybe even worse, because that person could be here in the city as well, or in the US rather.
But then we popped in the name to Google and then pulled up a YouTube channel, a Instagram channel, and had all this information on this guy. And we started to realize that, she’s actually communicating with these individuals and she wants to send this money. She’s not being paid by someone here in the US. It was on her own volition. And that was one of those weird ones, because up until about, I’d say six months into the case, we thought that she was getting paid, or that was one of the possibilities that she wasn’t doing this on her own volition. So it was nice to get that intent and say, “Hey, look, we can start making further investigatory steps.”
David:
Well, for us, there was never any question that she was the one that conducted the transactions. One of the hardest parts about doing the terrorism financing case is proving that she intended that the money that she sent was going to support terrorism overseas. And that’s why we did those early search warrants to peel back the layers, to see what she was saying to the other individuals that she was sending money to, what was her online activity.
And that’s when we started finding her Twitter account where she was praising HTS. We found emails where she was talking about coordinating finances in order to do Jihad overseas. And at that point, there was no question as to what her intent was. And then that started a whole other series of events, investigative events that we did, which started finding even more evidence.
Ian:
It is really interesting because I think we’ve seen over the years a number of campaigns where groups were fundraising online, like social media ads, basically, but they would mask the true intent. In some cases, not very well masking. It’s like donate to help orphan children who have been caught in the war in Syria. But if you looked one step closer, it was very clearly going to Hezbollah or one of the other militant organizations, ISIS operating in the region. So it’s interesting that you were able to find this very direct intent where there wasn’t even a veil of, oh, I’m sending money to help something innocuous and not harmful. It’s like, oh no, I’m here to fund terrorist activity.
David:
In some ways we got lucky. She was pretty clever online. Obviously we have some great messages and we showed some of them during the presentation and throughout the trial, but that was just a fragment or a fraction of our overall communications with terrorists overseas. We only got bits and pieces. Just looking over her phone, she had three years worth of communications with these guys, and we only had bits and pieces that she either forgot to delete, or chose to save on her phones for whatever reason.
Ian:
Did she use a real identity with the crypto exchange when you subpoenaed there, or was it.
David:
Yes. She did.
Ian:
Interesting.
David:
But for her wallet though, she used a noncustodial wallet, and she did not use her real name. She didn’t have to use any name. There was zero KYC that was required for her to set up that wallet, and she knew that. So it was very much a circumstantial case in some ways, because we had a lot of evidence that pointed to her, some more direct than others. But it was just the overall amount and volume of evidence that identified her.
In fact, her defense at the trial, at least up to three quarters of the way through, was that it wasn’t her at all, that someone else had assumed her identity and conducted all of these transactions that someone else had been the one that communicated with these terrorists, which was so asinine because we literally found pictures of the terrorists on her phones. And pictures that she had spliced of herself in with the terrorists to show that they were in some sort of relationship.
Dan:
Sorry, Dave, not to interrupt, but I want to take from the CT side of things to give you a little background on Malhama Tactical, the individual Salman Belarusi, he’s talking about. He was a guy that during the Syrian Civil War, he was prolific for his operational security. You could not find a picture of him out there without his mask on. He always was masked up and to the point where he actually faked his own death at one point during the Syrian Civil War, and then re-emerged as another guy Abu Rofiq, or the other way around. It was Rofiq and then he became Abu Salman. So the fact that when we went on these phones and we found pictures of him just lounging around the barracks, having a Coca-Cola, we were like, oh, they really were close communicating partners.
Ian:
Was there a romantic relationship? It sounds like maybe-
David:
Somewhat romantic relationship.
Ian:
They didn’t meet in person, so there was no-
David:
This is a little bit hard to say exactly what their relationship was.
Ed:
I would say as somebody who came in late and was adjusting to all of this at first, it struck me a little odd, but I think in this day and age, there are people that they would call a relationship where they never meet. And it’s a true romantic relationship where they’re purely online knowing that they were never going to meet. Remember it was an impossibility. She was never going to get to Syria. That was an impossibility of it. So it allowed it to just continue in this way. And it was something that I was like, well, this doesn’t make sense. And then when you took it into that sort of context of no, people do have these online relationships, it made it seem a little bit more reasonable. One thing I just want to touch, I think Dave said, “Oh, we were lucky.”
And that’s true of any criminal investigation. Luck plays a part of it, but you can say that about anything in life. The question is, are you working hard enough and are you being vigilant enough that when your break comes along, are you there to take advantage of it and discover it? And that’s what these guys were doing. They could have turned around at any time and been like, this is crazy, or this is not that much money.
But they kept going because they’re like, this should be something there. And by doing so, you uncovered a very dangerous person operating in New York City for a very bad group. And I think that was a key part that I just want to say. It’s easy to sell ourselves short sometimes and be like, “Oh, luck had a lot to do with it.” Well, you still kept going and you still persevered and you still have the annals, so you kind of made your own luck in that way.
David:
Ed, I’m sorry. I’m just so glad you brought that up. And I just want to add two short points in.
Ed:
Absolutely.
David:
And this was evidence at the trial, so it’s no surprise to anybody. She claimed to be Belarusi’s fiancee. I don’t think that they… We don’t have any evidence they ever got engaged, but she obviously viewed herself…
Ian:
In her head.
David:
… in her own mind as having that kind of romantic relationship with him. And two, to Ed’s point, I’m so glad he brought it up. At the DA’s office in Manhattan, we are the only local DA’s office in the entire country that I know of that has a dedicated team for counterterrorism cases. We have four full-time analysts who are experts in all things’ terrorism, and we have dedicated investigators, and we work with NYPD’s team, which is even bigger than ours and have similar expertise. But it was so important for us as prosecutors to understand the landscape because otherwise, when a case like this walks in, if we hadn’t been prepared at the outset, we would’ve had no idea how to handle it.
Dan:
And to that point [inaudible 00:19:33], one quick point. We talk about low dollar amount of cases, and I think that at the state and local level, people that are looking at cryptocurrency enabled crimes. They should pursue these small dollar amount cases, because you never know where it’s going to lead. And at the federal level, they may say, “Well, we don’t have the resources to pursue $500,” but we do at the local level.
Ian:
I love this story and the point you’re making about having people with the expertise to investigate digital aspects of a crime, because I talk to a lot of people from around the country, and I think that’s their biggest challenge, is they have a big caseload. They have maybe one expert investigator who’s catching everything and they just can’t follow everything through. So it’s terrific that you’ve got a broader set of resources here, particularly on a topic with the urgency of counter-terrorist financing.
David:
And cryptocurrency, and I should do a shout-out to the lab. We have probably one of the most preeminent digital labs in the country, if not the world. So when we got those phones in from the search warrant, they were processed and ready to be extracted and analyzed within-
Dan:
48 hours.
David:
… 24 hours. So that speed at which we’re able to do these complex cases and get evidence from cell phones and other devices is unique and essential.
Ian:
Now, one thing I’m always curious about is you’ve now got a fairly good picture of the case. It’s clear that there’s money moving to a terrorist organization. Once you get these email search warrants, you’re able to establish there’s intent behind it. Do you immediately go and arrest the individual at that point? Or do you surveil them for longer to potentially uncover a wider network? How do you make a decision on that?
Ed:
Well, I think, and this is where I can assist in my perspective, it all depends on each case. Here, the best evidence that they recovered was from the cell phones. Any arrest before that would’ve been… I felt they made the right choice, they would’ve been premature and then there’s a whole bunch of things that would’ve happened. So it really depends on what you get in these cases and evaluating what strength you are. I think it’s always a good idea to make sure that you’re ready to go. Do not make an early arrest unless you absolutely need to. Make sure you have all your evidence. If you’re banking on getting evidence-
Ian:
Through the arrest.
Ed:
… through the arrest, that’s a difficult challenge. And that could also impede your investigation, not hurt your chances of success. The key part of why this was successful was a continuing partnership between NYPD and the Manhattan DA’s office, and how the investigation was going to be taken down when the arrest was going to occur. The coordination of the search warrant that Dan talked about during his presentation, having the Manhattan DA’s, that unit, the high-tech analysis unit present, so we got the phones and that she was not able to destroy that evidence, because we had anticipation that we weren’t going to be able to arrest her. So those steps were key to success and I think that always a case by case basis, but here, I think that was the right move. It was clearly the right move.
Ian:
I’m curious about, so once you make the arrest, obviously then you’re getting prepared for trial. And I think one of the challenging things about any case where there’s digital evidence, but in particular cryptocurrency, it’s very technical and you’ve got to present that to an audience that they’re not spending all day long thinking about crypto. And what’s the strategy, whether it’s a judge or a jury trial, that you’re able to lay out effectively communicating the facts when they’re very technical in nature.
Ed:
And this is where it was almost helpful that I wasn’t involved early on, because these guys were well in the weeds of cryptocurrency. And I had a loosely affiliated association. Money launderers use cryptocurrency and narcotics trafficking. I’d done a lot of money laundering cases. I was very familiar with that crime. And then I heard cryptocurrency, I’m like, whoa, okay. I don’t know. And I had an analyst come down and explain it to me. And I’m like, okay.
So I kind of just remembered hearing how I was able to take that information that she gave me and was able to sit there and be like, that’s what we need to do for a jury, because they can understand it. When it boils down to it, it’s going to be she’s sending money to a bad actor to do bad things. We just got to get the jury not to get lost in the weeds of all this data of what cryptocurrency is.
And that was when we used… We were talking to Beth Bisbee and other teams that other people at chain analysis too, were assisting us in understanding the transactions and different things. And we really just broke it down and be like, look, we really need to explain this to an uninformed jury pool that doesn’t have any familiarity with it. And in fact, it was funny when we were picking our jury, everybody that had a familiarity of cryptocurrency knew about this case and was actually taken off the jury, because they had previous knowledge of it. So it was just interesting, but it was sort of a small world and I think-
Ian:
So you got a preselected pool basically that had zero knowledge of crypto walking in almost.
Ed:
I think we had one jury that was like, “I know what this is, and I know that everyone’s going to ask me what is going on.” And we didn’t want to have competing expert, and it was a very good jury pool, but sort of like that point. But I think it’s just, that’s our job as prosecutors, which is what I [inaudible 00:25:16] my presentation. Dave’s mentioned that he handled sex crimes. He had to explain DNA evidence. I handled narcotics trafficking cases. I would have to explain where the drugs come from, how heroin is broken down into a heroin mill, other aspects of that. So just like cryptocurrency, terrorist finance is a very big term, but you can break it down to we have a defendant here sending money to bad actors overseas to do bad things. And as long as we kept that focus, the jury was right with us the whole time.
Ian:
That’s amazing. Now, I want to go back to something, David, that you mentioned earlier. You said that the defendant changed their defense strategy three quarters of the way through the trial. They went from saying they had nothing to do with it. Their identity had been stolen. What did they change to? What was the-
David:
Well, the defense ultimately in this summation, because they could not deny that it was her because the evidence was so strong that she was the one responsible for the communications and the transactions ultimately was that, which is really, I think, a very bad defense. But their defense was, “Well, the Syrian terrorist group wasn’t that bad,” and-
Ian:
Sorry, I have to laugh a little bit.
David:
Well, Syria is a complicated place.
Ian:
Share the name of that lawyer with me later, and I’m going to make sure to-
Ed:
Well, I’ll give them a break. They had a tough client and there wasn’t much to say. They had to say something.
David:
And Syria is a complicated place. The group was not only trying to establish their own violent Jihadist state within Syria, they were battling against the Syrian regime and also Russia. So there were some common enemies that the defense could point to, to say, “Hey, they’re fighting Russia. We’re fighting Russia, so maybe they’re not that bad.” But at the end of the day, the two wrongs don’t make a right. And this was a bad group, regardless of the fact that they were also fighting groups or countries like Russia and the Assad regime in Syria.
Ed:
In a way, if you were a juror on this case, you got educated on cryptocurrency, terrorist financing, and also the Syrian Civil War. And this group that you’ve never heard of as Hay’at Tahrir al-Sham and their military training operation of Malhama Tactical. So that was a lot for them to digest.
Ian:
Just pronouncing that would kill me right there.
Ed:
It took me very long to get those down. And I don’t know if… I still don’t know if I’m right. There’s no way to can call me out if I’m wrong.
Ian:
And then just to wrap the story, so the conviction was just handed down recently. You want to tell that story?
Ed:
I think, well, Dave gave a great summation that really was covered the whole entire breadth of her criminal activity from the start. And the jury was given the case, I think, very early on, and within three hours, Convicted that it was… I think Dave said it was three weeks. I feel like it was a four-week trial. I think it was jury selection took a week, and then we had three weeks of testimony.
Dan:
Four week trial.
Ed:
Four-week trial, and they deliberated for less than three hours. Convicted the defendant on all counts.
Ian:
Congratulations.
David:
Thank you very much.
Ian:
Big win for great effort here. Gentlemen, thank you for coming to Links. Thank you for sitting here with us on the podcast and sharing the success. Here’s to many more in the future.
Ed:
Thank you very much.
Ian:
Absolutely.
David:
Thank you for having me. It’s really a pleasure.
Ian:
All right.
Ed:
Thank you guys.
David:
I apologize.
Crypto
North Korean hackers linked to hack of 4,500 bitcoins from Japanese crypto exchange – SiliconANGLE
North Korean hackers linked to the infamous Lazarus hacking group have been identified as being behind the theft of more than 4,500 bitcoins from Japanese cryptocurrency exchange DMM Bitcoin earlier this year.
The Federal Bureau of Investigation, in conjunction with the Department of Defense Cyber Crime Center and National Police Agency of Japan, has revealed that hackers who go by the name of TraderTraitor, an arm of Lazarus, successfully stole the equivalent of $308 million from DMM in May and have detailed how the North Korean hackers did so.
The investigation into the hack found that in late March 2024, a North Korean cyber actor pretending to be a recruiter on LinkedIn contacted an employee at Ginco, a Japanese enterprise cryptocurrency wallet software company. The threat actor sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised.
With the access gained, the TraderTraitor hackers sat patiently, waiting until May to exploit their access. To steal the bitcoin, the actors exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system. With this access, it’s believed that the hackers then manipulated a legitimate transaction request from a DMM employee, resulting in the theft of 4,502.9 bitcoin.
The stolen bitcoin was subsequently transferred to TraderTraitor-controlled wallets, which ultimately lead back to the North Korean government.
“The FBI, National Police Agency of Japan and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” the FBI noted in a statement.
The involvement of both North Korea and an arm of Lazarus in the hack comes as no surprise, as the hack of DMM isn’t the first time Lazarus has targeted cryptocurrency exchanges.
In 2022, Lazarus was linked to the hack on the Ronin Network that led to the theft of $615 million in cryptocurrency, and more recently, in July, the group was linked to the theft of $234.9 million in cryptocurrency from India-based cryptocurrency exchange WazirX.
Image: SiliconANGLE/Ideogram
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU
Crypto
Japan, US blame North Koreans for $300 million crypto theft
Tokyo, Japan — A North Korean hacking group stole cryptocurrency worth over $300 million from the Japan-based exchange DMM Bitcoin, according to Japanese police and the United States’ FBI.
The TraderTraitor group — believed to be part of Lazarus Group, which is allegedly linked to the Pyongyang authorities — carried out the heist, Japan’s National Police Agency said Tuesday.
Lazarus Group gained notoriety a decade ago when it was accused of hacking into Sony Pictures as revenge for “The Interview,” a film that mocked North Korean leader Kim Jong Un.
READ: Philippines ranks 2nd in cryptocurrency ownership globally — study
The FBI detailed “the theft of cryptocurrency worth $308 million US dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors” in a separate statement dated Monday.
Article continues after this advertisement
It described a “targeted social engineering” operation where a hacker pretended to be a recruiter on LinkedIn to contact an employee of a different crypto wallet software company.
Article continues after this advertisement
They sent the employee what appeared to be a pre-employment test, which actually contained a malicious line of code.
That allowed the hacker to compromise their system and impersonate the employee, the FBI said.
“In late May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 Bitcoin, worth $308 million at the time,” it said.
“The FBI, National Police Agency of Japan, and other US government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” it said.
North Korea’s cyber-warfare program dates back to at least the mid-1990s.
It has since grown to a 6,000-strong cyber-warfare unit known as Bureau 121 that operates from several countries, according to a 2020 US military report.
Crypto
North Korean hacker group identified in theft of DMM Bitcoin assets
A North Korea-linked hacker group stole digital assets worth 48.2 billion yen ($307 million) from Tokyo-based cryptocurrency exchange DMM Bitcoin Co. in May, Japanese police said Tuesday.
The hacker group was identified by the police as TraderTraitor following an investigation conducted in collaboration with the U.S. Department of Defense and the Federal Bureau of Investigation.
DMM Bitcoin said earlier this month it will go out of business after suspending some of its services following the detection of the unauthorized leakage of funds on May 31.
Photo illustration shows a visual representation of the digital cryptocurrency Bitcoin. (Getty/Kyodo)
The police tracked the flow of stolen bitcoin to an account managed by the group, which is suspected to be linked to the Lazarus hacking group allegedly sponsored by the North Korean government.
The investigation found that an employee at a company that manages DMM Bitcoin’s cryptocurrency accounts was contacted via the LinkedIn social network by a person purporting to be a headhunter.
The perpetrator then breached the wallet management system by planting malware and falsified transaction amounts as well as the destinations of remittances, the police said.
In September, Japan’s Financial Services Agency ordered the exchange to improve operations, saying its risk management structure was inadequate.
No customers suffered financial damage as the exchange secured 55 billion yen from a group firm to cover the lost assets.
The police, the FBI, and other U.S. government and international partners will “continue to expose and combat North Korea’s use of illicit activities,” including cybercrime and cryptocurrency theft, to generate revenue for the regime, they said in a statement.
Related coverage:
Japanese publisher paid $3 million to hacker group after cyberattack
Japan’s DMM Bitcoin to end business after losing 48 bil. yen in leak
Shiba Inu of “doge” meme fame leaves enduring legacy, online and off
-
Business1 week ago
Freddie Freeman's World Series walk-off grand slam baseball sells at auction for $1.56 million
-
Technology1 week ago
Meta’s Instagram boss: who posted something matters more in the AI age
-
Technology4 days ago
Google’s counteroffer to the government trying to break it up is unbundling Android apps
-
News1 week ago
East’s wintry mix could make travel dicey. And yes, that was a tornado in Calif.
-
News5 days ago
Novo Nordisk shares tumble as weight-loss drug trial data disappoints
-
Politics5 days ago
Illegal immigrant sexually abused child in the U.S. after being removed from the country five times
-
Entertainment5 days ago
'It's a little holiday gift': Inside the Weeknd's free Santa Monica show for his biggest fans
-
Politics1 week ago
Trump taps Richard Grenell as presidential envoy for special missions, Edward S. Walsh as Ireland ambassador