MATT ASHBURN
Hey, everyone. Welcome to NeedleStack, the podcast for
professional online research. I’m your host, Matt Ashburn, and
I’m not afraid of the dark web.
JEFF PHILLIPS
And I’m Jeff Phillips, tech industry veteran, and curious to a
fault. Today we’re continuing our discussion around the dark
web, and today we’re actually going to dive deeper into the role
of cryptocurrency with our special guest Matt Price.
MATT ASHBURN
That’s right. Welcome Matt. He’s a former special agent with
the IRS Criminal Investigation, D. C. Cyber Crimes Unit. And he
currently serves as the regional head of investigation and
intelligence for the Americas at Binance.
And they’re a blockchain ecosystem and cryptocurrency
infrastructure provider, Matt Price, welcome to the show.
MATT PRICE
Hi, thanks for having me.
JEFF PHILLIPS
Super excited to have you join us as we go through these
sessions, talking about the dark web. I’m going to pick up on, I
noticed in your background, Matt, you spent around 15 years in
the public sector, in law enforcement and in intelligence,
including as the other, Matt, mentioned the IRS.
Can you tell us a little bit about your role with the IRS and your
experience with the dark web and cryptocurrency during that
time?
MATT PRICE
Certainly. As Matt mentioned, I was a special agent in the
Cyber Crimes Unit of the IRS. And we really were the specialists
in the US Government when it came to cryptocurrency
investigations.
And of course, the dark web is a large piece of that, dark net
markets, mixing services, dark net forms, and things like that.
And what we really focused on was the intersection of the dark
net ecosystem and financial crimes.
And in this case, cryptocurrency. And a lot of that was focused on tracking
cryptocurrency to identify those actors on the dark net that
were attempting to use the anonymity, the perceived
anonymity of the dark web to conduct their criminal activity.
JEFF PHILLIPS
Hey, Matt, you used in term there, if we could give a little
definition to people. You mentioned mixing services. Can you
take a second and just explain what that is?
MATT PRICE
Sure. At a high level, cryptocurrency, any cryptocurrency
Bitcoin, Ethereum is on a public ledger of blockchain, and there
are various techniques and tools out there that can trace those
transactions, because of this, there are criminals engaged in
activity they want to try to hide their tracks.
A mixer is a service that for a fee attempts to break the link in
the blockchain. If for example, a vendor on a dark net drug
market is earning Bitcoin or another cryptocurrency from
selling drugs, they don’t want to send that directly to an
exchange like Binance, for example, because we wouldn’t allow
that deposit, or law enforcement could find out who they are
relatively easily by requesting information from us.
What a mixer does, is attempt to break that transaction up by
mixing it with a bunch of other people’s deposits and breaking
up the link so that it makes it much more difficult to trace the
actual transaction.
To keep the A from reaching B.
JEFF PHILLIPS
Gotcha. Thank you for that, that’s helpful. All right, you were on
the law enforcement and now you’re on the other side, if you
will, you’re in the private sector in your role with Binance and
running that investigations team.
And so it’s a cryptocurrency exchange as Matt was talking
about. Can you tell me a little bit, what’s the dark web? How
does it play a role in your team’s investigations, in your
interactions, I guess, with law enforcement now from the
Binance perspective?
MATT PRICE
Sure. I mean, our main mission is obviously to protect both our
customer base and the larger… We view our mission as
protecting the larger cryptocurrency ecosystem. And the way
we do that is very similar to what I did on the government side,
it’s applying investigative techniques, blockchain analysis, and
working closely with our law enforcement partners.
Where the dark web comes into that is again, while there are
legitimate uses for the dark web, it does tend to attract some
criminal activity. Our presence on there is to identify potential
risk to the platform, be it leaked information or hacks.
And quite frankly, a lot of it is proactive intelligence gathering
to identify any potential risks to us, our customers, or larger
trends within cyber crime, whether it’s ransomware, hacks or
things of that nature.
MATT ASHBURN
You’ve touched on this a little bit just now, but how are the dark
web and cryptocurrency intertwined? How do they intersect, I
guess, especially when it comes to investigations and are there
certain misconceptions that people should be aware of?
MATT PRICE
Certainly. When the first dark net markets came online, the Silk
Road, later AlphaBay, Hansa, numerous southern markets.
They operated on the dark net and the currency involved was
cryptocurrency.
And initially the idea behind that was because cryptocurrency
was presumed to be anonymous, which is a bit of a
misconception. It is pseudo anonymous in that you cannot look
at a Bitcoin, or other cryptocurrency address on its surface and
determine who that person is.
And that’s where the investigation piece comes in. But what’s
unique with cryptocurrency is, every transaction is recorded on
a public ledger. Whereas in the past when I worked Narcotics
Investigations, we were dealing with cash transactions, and
unless you watched a guy carry a bag of cash, or do a hand- to-
hand deal, it’s very hard to track those transactions.
But on the dark website in these dark net markets, these
crimes are obviously financially motivated and there’s a need
to take that cryptocurrency. And even today, even though it’s
more widely accepted, there still is often a need to convert that
cryptocurrency into either Fiat currency or another means that
you can spend it.
In that environment, what cryptocurrency allowed investigators
to do is follow the money and identify the intersection between
the dark web and the real world personas behind that.
And the money is the key, the cryptocurrency is the key to
getting from that dark net actor to the light world and the
identified target behind it.
MATT ASHBURN
That’s a really important point, because as we’re talking the
other day, a lot of investigators, regardless of whether you’re
state, local, federal, or in the private sector, they may be really
good investigators at traditional crimes and in traditional
investigations, but they might be intimidated by the dark web.
But really what you’re saying is, it’s very similar in to a real
world investigation, except that you’re focusing more on the
money and who benefits from the financing side of this, right?
Because eventually the criminal that’s committing whatever act
they’re getting paid, right? That’s really the important point.
MATT PRICE
At a high level, it’s the same techniques that go on in any, and I
use narcotics as an example, just because everyone has heard
of AlphaBay market, right?
A place to buy drugs, but it’s viewing the entire crime, the
entire ecosystem around the crime. It’s not just the
transmission of drugs, it’s not just shipping products it’s also
the financial piece of it.
And what’s really useful and relevant, particularly with the dark
end investigation is, you can gather these deposit addresses
and withdrawal addresses through dark net research.
And doing that, combining it with cryptocurrency tracing
techniques, working closely with exchanges, for example, you
can identify leads to figure out who these people actually are,
and that it’s been quite successful in many cases.
JEFF PHILLIPS
Let me ask another question, I guess, you also talked about
using crypto to bring intelligence out of the dark. Can you talk a
little bit more about that?
What were you able to see on the forums and how you’re able
to connect those things?
MATT PRICE
Right. I mean, I can at a high level use a case as an example.
When I was with the IRS, I worked at the investigation of
Grant’s Helix, it was a search engine for narcotics as well as a
mixing service that served most of the major dark net markets,
AlphaBay, Hansa, and most others.
And when that investigation started, all we had was a moniker.
And so what we did is a lot of dark… To begin, obviously, any
investigation, you’re going to do a lot of research, a lot of
intelligence gathering.
In this case, we began taking a look at that service, trying to
look at the payment infrastructure, both withdrawals and
deposits. And what you’re trying to do is identify those
addresses as a starting point.
And using that intelligence, you’re building out the financial
picture of how the system works, how payments are deposited,
how withdrawals are taken out, and you’re trying to trace them
in both directions for a number of reasons.
One, to prove that the funds are involved in illicit activity and to
attempt to identify where the funds go. And two, to try to
identify again, how is the operative of that making money?
And in that case through lots of research on the dark net, lots
of blockchain analysis, we caught on to how the fees from the
service were generated. And that’s what eventually led us in
the direction of identifying the administrator behind it.
JEFF PHILLIPS
Those end up being all these different pivot points as an
investigator, while you started on the dark web and with crypto,
it’s taking a lot of directions as any OSINT analysis might go
from that point?
MATT PRICE
I would describe a dark net investigation in particular is an
OSINT investigation on steroids. You’re doing the same
techniques, you’re using an OSINT, obviously there’s a little bit
more trade craft involved given the dark net actors do take
precautions.
There’s a reason they’re on the dark net, right? They don’t want
to be found. But what you’re really looking for is those, I mean,
needles essentially, right? Needles in the stack to pull that
thread.
And in my experience, I found one of the most successful ways
to do that is focusing on the crypto angle. Because again, you
have this powerful tool, you have a public blockchain that
allows you to follow the flow of funds.
And by doing that, targeting the financial motivations of these
crimes, of these activities, it gives you that ability to pierce
through the veil of the dark net and figure out who actually is
behind these.
MATT ASHBURN
I guess, in your experience, what has been the most surprising
thing related to the dark web, cryptocurrency and all that?
I guess, were you surprised by the effectiveness of focusing on
the crypto?
MATT PRICE
I mean, I’m a former IRS agent and our whole thing is follow the
money, right? The agency still talks about taking out Al Capone
on tax evasion.
Personally, I don’t know that I was surprised by that, because I
think in every investigation I worked, whether it was cyber or
traditional crime, money is always the weakness.
It’s always the thing to focus on in my opinion. Obviously every
other piece of investigation is important, but the vast majority
of criminal activity is motivated by money.
And following the money, identifying where it goes, that’s
proven key time and time again, whether it’s a terrorism
investigation, whether it’s child pornography, whether it’s in the
IRS money laundering was one of our big focuses.
That’s always in my experience, one of the key facets to
successfully identify and prosecute these guys.
MATT ASHBURN
That’s really impressive, and it’s probably something that
people many times discount or maybe overlook. Are there any
other specific takeaways for the audience before we wrap up
here?
Anything else you’d like the audience to know, anything else
that you’d like to leave them with?
MATT PRICE
Certainly, I mean, again, I can’t stress enough when you’re
doing your research, everything is relevant. You’d be surprised
the random moniker that you picked up six weeks ago, that you
thought nothing of, that can be the key to the next case.
When you’re doing your research, when you’re looking through
these forums, when you’re trying to identify leads, consider the
financial piece, consider the identifiers, and even to some
degree the language used.
For example, in a forum post, a lot of these guys use the same
monikers and they talk unique ways. And it’s interesting that
you can build this persona out in your head based on what a
person puts in a dark net forum.
And then hopefully a year down the road, at least on the law
enforcement side, when you arrest this guy, you’re like, ” Oh, I
know everything about this guy based on what he posted.”
Again, I would just encourage gathering as much intelligence as
possible and don’t discount what initially could seem to be
somewhat irrelevant.
MATT ASHBURN
And I thought it was interesting you touched on even linguistics
that people use, right? Little details, like you said, really do help
to develop that full picture of a person, and some of those
characteristics can be very, very unique.
That’s an important point.
MATT PRICE
I’ve seen instances where you can tell someone’s not a native
English speaker based on some of their inflection in the way
things are written, and that can help you focus in an
investigation.
For example, you may have a preconceived notion that this
person is in X, Y, Z country, but looking at that and combining it
with the other factors that you’re seeing, it can really help you
get a profile of who your target is.
JEFF PHILLIPS
Matt, we have a pretty wide ranging audience in terms of
experience and skill set when it comes to either OSINT, the
dark web and cryptocurrency. Not to put you on the spot here,
but are there any resources that jump into your mind when it
comes to the dark web or crypto that either are tools that help
people or places to learn and get a little smarter on these
areas?
MATT PRICE
On the OSINT side, I had the benefit of being trained by
probably some of the best folks out there. But that said a lot of
those basics are publicly available.
There are various books out there and forums on how you can
do some of this research. And it’s constantly evolving, actors
are moving platforms.
Years ago it was on the same forums and they were relatively
easy to find, now actors are moving to more more direct
communication, because they know people know these things
and they’re looking at it.
JEFF PHILLIPS
Things like telegram.
MATT PRICE
And as far as cryptocurrency, I mean, the biggest thing you can
do is educate yourself. For example, Binance, we have Binance
Academy that explains everything from what is a Bitcoin all the
way up to high level concepts with it.
Again, that information’s all pretty publicly available. There are
open source blockchain analysis tools, Etherscan being one. I
mean, there are numerous for each different blockchain, as well
as commercial tools that are used on the law enforcement and
exchange side.
MATT ASHBURN
You mentioned that Matt, Binance Academy, it’s probably going
to go to give a plug for that. It’s a great resource for folks, they
can learn all about blockchain and cryptocurrency and
everything else. This is new stuff to you, I think that website
correct me if I’m wrong, Matt, is academy. binance. com. That’s B- I- N- A- N- C- E. com. Yeah, that’s great.
Well, Matt, thank you so much for being on today as our guest,
we learned a lot and we hope the folks in the audience did as
well.
Thanks to everyone for tuning into the show this week, if you
liked what you heard, you can always subscribe to our podcast
wherever you get your podcast and watch episodes on YouTube
and also view transcripts and other information on our website
at authentic8.com/ NeedleStack.
You can also follow us on Twitter@ NeedleStack_pod, we’ll be
back next week with more on the dark web, specifically,
focusing on how the dark web can be used to investigate
financial fraud.
You want to stay tuned for that. To register for that podcast,
visit Authentic8, that’s authentic with the number 8. com/
NeedleStack. We’ll see you then.
