The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal(theintercept.com)
theintercept.com
The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal
https://theintercept.com/2018/03/20/the-nsa-worked-to-track-down-bitcoin-users-snowden-documents-reveal/
62 comments
The authority of an agency to track criminal targets is well established by law and accepted by American citizens. That concept is not the issue.
Using wide scale warrant-less data collection with an unspecified secret sauce, however, is questionable in its legality. Is this what voters intend their government to be able to do?
Any time one agency wields immense undocumented powers of surveillance and another agency has a big question mark on a case, humans will be tempted to go the route of parallel construction. That under-table information sharing, to me, is a debate the American people need to be considering.
Using wide scale warrant-less data collection with an unspecified secret sauce, however, is questionable in its legality. Is this what voters intend their government to be able to do?
Any time one agency wields immense undocumented powers of surveillance and another agency has a big question mark on a case, humans will be tempted to go the route of parallel construction. That under-table information sharing, to me, is a debate the American people need to be considering.
We aren’t talking about domestic surveillance here. The supposed privacy tool was foreign-targeted. This is NSA’s legit mission.
Are you really so innocent as to believe that the NSA was _only_ targeting foreign Bitcoin holders, or that they made effort at least to avoid capturing info on Americans?
That's the law, no reason to think otherwise without evidence. I assume the story would be very different if there was any indication this was used on US citizens.
No. We've been through Prism. We know the NSA is doing this. You are not allowed to be this naive anymore.
Actually no. I read all 300+ documents leaked by Snowden independent of the news coverage in order to determine if the media narrative was true, as that would be absolutely enraging to me and I needed to decide if I would need to be calling and mailing my representatives/senators daily about this.
I was not able to find evidence in the leaks to substantiate any claims of improper use on everyday citizens. I like to operate on facts, so if there was a leaked document I somehow missed, you can provide a link and I would be happy to review it.
I was not able to find evidence in the leaks to substantiate any claims of improper use on everyday citizens. I like to operate on facts, so if there was a leaked document I somehow missed, you can provide a link and I would be happy to review it.
I concur. The purpose of Snowden’s leaks was to educate the masses that mass surveillance is a thing, and privacy should be taken seriously. He did not suggest the government was breaking the law, just that the law permitted surveillance on a scale that the average person probably wasn’t aware of.
As a result, we gained things like GDPR, which will revolutionize privacy worldwide because of its extra-jurisdictional effects. And think about how much more SSL is happening now. Http:// is mostly gone. We have letsencrypt. Google is encrypting all traffic between datacenters. Etc...
But no, Snowden did not reveal anything suggesting widespread illegal surveillance of Americans.
As a result, we gained things like GDPR, which will revolutionize privacy worldwide because of its extra-jurisdictional effects. And think about how much more SSL is happening now. Http:// is mostly gone. We have letsencrypt. Google is encrypting all traffic between datacenters. Etc...
But no, Snowden did not reveal anything suggesting widespread illegal surveillance of Americans.
Perhaps back in 2013 they were not so careful to avoid collection on Americans. But now they certainly are. Nobody wants to go to jail.
Why would they be afraid of going to jail? None of them have gone to jail so far. You only face consequences for reporting misbehavior, not for engaging in it.
> dark net, drug dealing
These are law enforcement things. The NSA should not be deployed against drug dealers.
> zero day exploit selling
This is squarely within the NSA's purview. Also North Korea [1].
More broadly, Bitcoin takes cash-like transactions and posts them in a unified computer-friendly database. Of course it will be mined for insights. Even collating U.S. dollar transactions involves querying multiple financial institutions, each who hold their data in various formats.
[1] https://www.bloomberg.com/news/articles/2017-12-14/north-kor...
These are law enforcement things. The NSA should not be deployed against drug dealers.
> zero day exploit selling
This is squarely within the NSA's purview. Also North Korea [1].
More broadly, Bitcoin takes cash-like transactions and posts them in a unified computer-friendly database. Of course it will be mined for insights. Even collating U.S. dollar transactions involves querying multiple financial institutions, each who hold their data in various formats.
[1] https://www.bloomberg.com/news/articles/2017-12-14/north-kor...
if the government is collecting data that another department can use you bet they are sharing it. https://en.wikipedia.org/wiki/Parallel_construction
>No duh, law enforcement and counterintelligence requires regulation of the financial systems in use
I mostly agree with you, but I find this statement odd. There's obviously some regulation that is helpful to law enforcement and counterintelligence (money laundering regulation comes to mind, which you can't even really get around by using BTC). But crime and intelligence operations have a long history of working around those regulations, and both law enforcements and counterintelligence seem to cope just fine.
I mostly agree with you, but I find this statement odd. There's obviously some regulation that is helpful to law enforcement and counterintelligence (money laundering regulation comes to mind, which you can't even really get around by using BTC). But crime and intelligence operations have a long history of working around those regulations, and both law enforcements and counterintelligence seem to cope just fine.
bitcoin is a horrible currency to do drug deals, the most infamous dark net site, Silk Road was doing $15 million annually at its peak, compare that to the 400 billion illegal drug industry that is mostly transacted with cash. Currently the primary use for bitcoin is speculation. Nation states will hire and pay with cash without the blockchain trail... There was a period of people speculating on a currency whose money supply is controlled by open source software and maintainers and it is still happening.
Why would you even bother making the comparison between the sum of all black market drug activity on the planet and a single niche website hidden behind tor?
I was trying to explain how small bitcoin is compared to the sum of all black market activity by using an example of one the most profitable bitcoin dark market to date
After learning about the war on drugs being a ploy to build up the gun and law enforcement markets.
I wondered if Bitcoin was created by the us to launder and fund projects while still maintaining control over the majority of it and possibly use to collapse other currencies and governments.
They already print cash so we know the anonymous currency isn't frowned upon and the only banned Venezuela crypto none of the other seeming shady coins.
I wondered if Bitcoin was created by the us to launder and fund projects while still maintaining control over the majority of it and possibly use to collapse other currencies and governments.
They already print cash so we know the anonymous currency isn't frowned upon and the only banned Venezuela crypto none of the other seeming shady coins.
[deleted]
>>>>hire and pay "plausibly deniable" contractors to attack NGO's
Woah, can you give some sources on Bitcoin being used to pay for attacking NGOs? Do you mean DDoS or do you have specific links on that?
Woah, can you give some sources on Bitcoin being used to pay for attacking NGOs? Do you mean DDoS or do you have specific links on that?
Thank Satoshi we have Monero et al. Although we might run into the same problem as regular drug dealers: only the idiots get caught, i.e only the ones using BTC/non-cryptonote get caught.
“Any unregulated financial system is a hive of villainy and scum as a truism.”
Wow, you do realize that fiat is the number 1 one way to fund the drug trade and terrorism right? It certainly isn’t crypto.
Not exactly a great way to sum up what will prove to be one of the most important innovations in human history.
Wow, you do realize that fiat is the number 1 one way to fund the drug trade and terrorism right? It certainly isn’t crypto.
Not exactly a great way to sum up what will prove to be one of the most important innovations in human history.
Wow, you do realize that fiat is the number 1 one way to fund the drug trade and terrorism right? It certainly isn’t crypto.
Number 1 by volume (duh) or number 1 by percentage of transactions for illegal goods and services?
Not exactly a great way to sum up what will prove to be one of the most important innovations in human history.
You hear that atomic energy, antibiotics and computers?
Number 1 by volume (duh) or number 1 by percentage of transactions for illegal goods and services?
Not exactly a great way to sum up what will prove to be one of the most important innovations in human history.
You hear that atomic energy, antibiotics and computers?
> Not exactly a great way to sum up what will prove to be one of the most important innovations in human history.
Dude, lay off of the Kool-Aid.
Dude, lay off of the Kool-Aid.
You don’t consider sound money to be an important innovation?
It is, but we were talking about blockchain currencies.
You don’t believe blockcbain currencies can be a form of sound money? What do you think can? (Not trying to argue, genuinely curious).
Fiat currencies seem to be doing a decent job of it, and they don't require the terawatts of power a crypto currency would need if it were adopted as a primary currency of a major country.
This is the most important and disturbing part in my view:
> At the same time, MONKEYROCKET is also described in the documents as a “non-Western Internet anonymization service” with a “significant user base” in Iran and China, with the program brought online in summer 2012. It is unclear what exactly this product was, but it would appear that it was promoted on the internet under false pretenses...
> The scope of the targeting would then expand beyond terrorists. Whatever this piece of software was, it functioned a privacy bait and switch, tricking Bitcoin users into using a tool they thought would provide anonymity online but was actually funneling data directly to the NSA.
One has to wonder what this tool was. Later in the article they speculate that it could be a VPN.
My advice if you want your traffic to be anonymous and private: use a VPN over Tor (not the other way around!). That way the VPN can't see who you are, and Tor exit nodes can't spy on your traffic either.
> At the same time, MONKEYROCKET is also described in the documents as a “non-Western Internet anonymization service” with a “significant user base” in Iran and China, with the program brought online in summer 2012. It is unclear what exactly this product was, but it would appear that it was promoted on the internet under false pretenses...
> The scope of the targeting would then expand beyond terrorists. Whatever this piece of software was, it functioned a privacy bait and switch, tricking Bitcoin users into using a tool they thought would provide anonymity online but was actually funneling data directly to the NSA.
One has to wonder what this tool was. Later in the article they speculate that it could be a VPN.
My advice if you want your traffic to be anonymous and private: use a VPN over Tor (not the other way around!). That way the VPN can't see who you are, and Tor exit nodes can't spy on your traffic either.
It may also have been a Bitcoin mixing service.
> That way the VPN can't see who you are
So how do you get around the part where you pay for the VPN service and provide login credentials to use it?
So how do you get around the part where you pay for the VPN service and provide login credentials to use it?
I remember there was a VPN (can't remember the name right now but I'm sure if you're interested you can find it easily) that accepted logins without e-mail, or any kind of ID, and accepted payments in cash in an envelope.
Mullvad does that.
Yes! That's the name. I knew if I'd see it I'd remember it :-)
With a privacy-based cryptocurrency like Monero or Zcash, or Bitcoin anonymously purchased using a privacy-based cryptocurrency.
Probably not the best idea if your VPN uses any sort of client software, seeing as it would be able to collect your "true" IP address if it were malicious.
You shouldn't use any vpn-provider-provided client software anyway, you should use openvpn.
That also requires client side software though.
Openvpn is unlikely to be malicious, and is opensource so you could theoretically audit it. And if you're _really_ paranoid, it's an open protocol, so you could write your own implementation. Although, then it's likely vulnerable -- there's a principle, I forget who from, which states that for any piece of software of sufficient complexity, if you wrote it yourself then you probably made a mistake and it's vulnerable; and if you didn't write it, then even if you read the entire source code very carefully, it's still possible, likely even, that they snuck in an exploit that you didn't notice.
Always and forever, surveillance is a precursor to and enabler of extortion.
The extortion we usually hear about is people forced to testify, often to lie, about others still under investigation, or to recruit other informants and exfiltrate secrets. We hear about it because it is useful for us to have heard about it. In the other instances there is no reason to tell us, so the only way to find out about them is to be extorted.
The extortion we usually hear about is people forced to testify, often to lie, about others still under investigation, or to recruit other informants and exfiltrate secrets. We hear about it because it is useful for us to have heard about it. In the other instances there is no reason to tell us, so the only way to find out about them is to be extorted.
Although bitcoin could be used for some bad things, but also there are some (501c) charities that accept bitcoin too,
- give directly
- redcross (used to at least)
- water project
- ..
(there are at least two others but I forget)
So hypothetically (assuming it would pass like sec / whatever regulations) at the right point in time you could make like a coinbase type thing that - buys $30 of bitcoin - automatically watches some exchange API until it appreciates to 'desired amount in US / GBP / Whatever currency you use' - makes the donation automatically at say 10x the value - gets 'the actual registered charity' to send you a non-deductible receipt for that amount, (non-deductible since you no longer 'have control of the coin once it's in the app', which would is essentially the price you pay for getting the increased amount of 'social-benefit', since it's 'going to hurt' to see the potential missed profit, even though the alternative would be to lose the $30 at the earlier time in just a 'tethered' amount)
There is a 'large benefit' to automating / appifying this process to people in that, putting such a system together in one place could lessen the dangers in a manual process of doing this like: lost receipts, hacked exchanges, constantly watching prices, actually dealing with crypto.
In any case, my point is that, given that there is probably 'some good potential to bitcoin (although it might require a team of some creative / dedicated thinking at the right time)' it seems that there might be some benefit from viewing it less as an entrapment / tracking device, and more as a tool for social benefit, and thus making a strong push in the warnings / regulations area to get people on the social benefit track of it's potential use rather than the negative aspects of it. To restate: you have the choice of either guiding bitcoin use towards being a law enforcement tool, or towards being a social benefit / solve world problems tool. I think the recent SEC exchange warnings thing is probably a step towards pushing it in the right direction... (potentially there are some deep sci-fi strategic reasons for viewing crypto-coins in a certain way in terms of desired world progress in a certain direction, which would be interesting to think about).
- give directly
- redcross (used to at least)
- water project
- ..
(there are at least two others but I forget)
So hypothetically (assuming it would pass like sec / whatever regulations) at the right point in time you could make like a coinbase type thing that - buys $30 of bitcoin - automatically watches some exchange API until it appreciates to 'desired amount in US / GBP / Whatever currency you use' - makes the donation automatically at say 10x the value - gets 'the actual registered charity' to send you a non-deductible receipt for that amount, (non-deductible since you no longer 'have control of the coin once it's in the app', which would is essentially the price you pay for getting the increased amount of 'social-benefit', since it's 'going to hurt' to see the potential missed profit, even though the alternative would be to lose the $30 at the earlier time in just a 'tethered' amount)
There is a 'large benefit' to automating / appifying this process to people in that, putting such a system together in one place could lessen the dangers in a manual process of doing this like: lost receipts, hacked exchanges, constantly watching prices, actually dealing with crypto.
In any case, my point is that, given that there is probably 'some good potential to bitcoin (although it might require a team of some creative / dedicated thinking at the right time)' it seems that there might be some benefit from viewing it less as an entrapment / tracking device, and more as a tool for social benefit, and thus making a strong push in the warnings / regulations area to get people on the social benefit track of it's potential use rather than the negative aspects of it. To restate: you have the choice of either guiding bitcoin use towards being a law enforcement tool, or towards being a social benefit / solve world problems tool. I think the recent SEC exchange warnings thing is probably a step towards pushing it in the right direction... (potentially there are some deep sci-fi strategic reasons for viewing crypto-coins in a certain way in terms of desired world progress in a certain direction, which would be interesting to think about).
By the way, I don't have the depth of experience or team to build something like this in a way that I would feel happy with, so feel free to please use this idea if you think it is good.
toss1(1)
There was a period when people erroneously thought that bitcoin was anonymous and secure.
If the NSA was not working to track down the premiere currency of the dark web and of the nation state actors they work counterintelligence against, this would be dereliction of their duty.
This is like suggesting the FBI tracks down "USD" users. No duh, law enforcement and counterintelligence requires regulation of the financial systems in use. Any unregulated financial system is a hive of villainy and scum as a truism.