MATT ASHBURN

Hey, everyone. Welcome to NeedleStack, the podcast for professional online research. I'm your host, Matt Ashburn, and I'm not afraid of the dark web.

JEFF PHILLIPS

And I'm Jeff Phillips, tech industry veteran, and curious to a fault. Today we're continuing our discussion around the dark web, and today we're actually going to dive deeper into the role of cryptocurrency with our special guest Matt Price.

MATT ASHBURN

That's right. Welcome Matt. He's a former special agent with the IRS Criminal Investigation, D. C. Cyber Crimes Unit. And he currently serves as the regional head of investigation and intelligence for the Americas at Binance.

And they're a blockchain ecosystem and cryptocurrency infrastructure provider, Matt Price, welcome to the show.

MATT PRICE

Hi, thanks for having me.

JEFF PHILLIPS

Super excited to have you join us as we go through these sessions, talking about the dark web. I'm going to pick up on, I noticed in your background, Matt, you spent around 15 years in the public sector, in law enforcement and in intelligence,including as the other, Matt, mentioned the IRS.

Can you tell us a little bit about your role with the IRS and your experience with the dark web and cryptocurrency during that time?

MATT PRICE

Certainly. As Matt mentioned, I was a special agent in the Cyber Crimes Unit of the IRS. And we really were the specialistsin the US Government when it came to cryptocurrency investigations.


And of course, the dark web is a large piece of that, dark net markets, mixing services, dark net forms, and things like that. And what we really focused on was the intersection of the dark net ecosystem and financial crimes.

And in this case, cryptocurrency. And a lot of that was focused on tracking cryptocurrency to identify those actors on the dark net that were attempting to use the anonymity, the perceived anonymity of the dark web to conduct their criminal activity.

JEFF PHILLIPS

Hey, Matt, you used in term there, if we could give a little definition to people. You mentioned mixing services. Can you take a second and just explain what that is?

MATT PRICE

Sure. At a high level, cryptocurrency, any cryptocurrency Bitcoin, Ethereum is on a public ledger of blockchain, and there are various techniques and tools out there that can trace those transactions, because of this, there are criminals engaged in activity they want to try to hide their tracks.

A mixer is a service that for a fee attempts to break the link in the blockchain. If for example, a vendor on a dark net drug market is earning Bitcoin or another cryptocurrency from selling drugs, they don't want to send that directly to an exchange like Binance, for example, because we wouldn't allow that deposit, or law enforcement could find out who they are relatively easily by requesting information from us.

What a mixer does, is attempt to break that transaction up by mixing it with a bunch of other people's deposits and breaking up the link so that it makes it much more difficult to trace the actual transaction.

To keep the A from reaching B.

JEFF PHILLIPS

Gotcha. Thank you for that, that's helpful. All right, you were on the law enforcement and now you're on the other side, if you will, you're in the private sector in your role with Binance and running that investigations team.

And so it's a cryptocurrency exchange as Matt was talking about. Can you tell me a little bit, what's the dark web? How does it play a role in your team's investigations, in your interactions, I guess, with law enforcement now from the Binance perspective?

MATT PRICE

Sure. I mean, our main mission is obviously to protect both our customer base and the larger... We view our mission as protecting the larger cryptocurrency ecosystem. And the way we do that is very similar to what I did on the government side, it's applying investigative techniques, blockchain analysis, and working closely with our law enforcement partners.

Where the dark web comes into that is again, while there are legitimate uses for the dark web, it does tend to attract some criminal activity. Our presence on there is to identify potential risk to the platform, be it leaked information or hacks.

And quite frankly, a lot of it is proactive intelligence gathering to identify any potential risks to us, our customers, or larger trends within cyber crime, whether it's ransomware, hacks or things of that nature.

MATT ASHBURN

You've touched on this a little bit just now, but how are the darkweb and cryptocurrency intertwined? How do they intersect, I guess, especially when it comes to investigations and are there certain misconceptions that people should be aware of?

MATT PRICE

Certainly. When the first dark net markets came online, the SilkRoad, later AlphaBay, Hansa, numerous southern markets. They operated on the dark net and the currency involved was cryptocurrency.

And initially the idea behind that was because cryptocurrency was presumed to be anonymous, which is a bit of a misconception. It is pseudo anonymous in that you cannot look at a Bitcoin, or other cryptocurrency address on its surface and determine who that person is.

And that's where the investigation piece comes in. But what's unique with cryptocurrency is, every transaction is recorded on a public ledger. Whereas in the past when I worked Narcotics Investigations, we were dealing with cash transactions, and unless you watched a guy carry a bag of cash, or do a hand- to-hand deal, it's very hard to track those transactions.

But on the dark website in these dark net markets, these crimes are obviously financially motivated and there's a need to take that cryptocurrency. And even today, even though it's more widely accepted, there still is often a need to convert that cryptocurrency into either Fiat currency or another means that you can spend it.

In that environment, what cryptocurrency allowed investigators to do is follow the money and identify the intersection between the dark web and the real world personas behind that. And the money is the key, the cryptocurrency is the key to getting from that dark net actor to the light world and the identified target behind it.

MATT ASHBURN

That's a really important point, because as we're talking the other day, a lot of investigators, regardless of whether you're state, local, federal, or in the private sector, they may be really good investigators at traditional crimes and in traditional investigations, but they might be intimidated by the dark web.

But really what you're saying is, it's very similar in to a real world investigation, except that you're focusing more on the money and who benefits from the financing side of this, right? Because eventually the criminal that's committing whatever act they're getting paid, right? That's really the important point.

MATT PRICE

At a high level, it's the same techniques that go on in any, and I use narcotics as an example, just because everyone has heard of AlphaBay market, right?

A place to buy drugs, but it's viewing the entire crime, the entire ecosystem around the crime. It's not just the transmission of drugs, it's not just shipping products it's also the financial piece of it.

And what's really useful and relevant, particularly with the dark end investigation is, you can gather these deposit addresses and withdrawal addresses through dark net research. And doing that, combining it with cryptocurrency tracing techniques, working closely with exchanges, for example, you can identify leads to figure out who these people actually are, and that it's been quite successful in many cases.

JEFF PHILLIPS

Let me ask another question, I guess, you also talked about using crypto to bring intelligence out of the dark. Can you talk a little bit more about that?

What were you able to see on the forums and how you're able to connect those things?

MATT PRICE

Right. I mean, I can at a high level use a case as an example. When I was with the IRS, I worked at the investigation of Grant's Helix, it was a search engine for narcotics as well as a mixing service that served most of the major dark net markets, AlphaBay, Hansa, and most others.

And when that investigation started, all we had was a moniker. And so what we did is a lot of dark... To begin, obviously, any investigation, you're going to do a lot of research, a lot of intelligence gathering.

In this case, we began taking a look at that service, trying to look at the payment infrastructure, both withdrawals and deposits. And what you're trying to do is identify those addresses as a starting point.

And using that intelligence, you're building out the financial picture of how the system works, how payments are deposited, how withdrawals are taken out, and you're trying to trace them in both directions for a number of reasons.

One, to prove that the funds are involved in illicit activity and to attempt to identify where the funds go. And two, to try to identify again, how is the operative of that making money? And in that case through lots of research on the dark net, lots of blockchain analysis, we caught on to how the fees from the service were generated. And that's what eventually led us in the direction of identifying the administrator behind it.

JEFF PHILLIPS

Those end up being all these different pivot points as an investigator, while you started on the dark web and with crypto, it's taking a lot of directions as any OSINT analysis might go from that point?

MATT PRICE

I would describe a dark net investigation in particular is an OSINT investigation on steroids. You're doing the same techniques, you're using an OSINT, obviously there's a little bit more trade craft involved given the dark net actors do take precautions.

There's a reason they're on the dark net, right? They don't wantto be found. But what you're really looking for is those, I mean, needles essentially, right? Needles in the stack to pull that thread.

And in my experience, I found one of the most successful ways to do that is focusing on the crypto angle. Because again, you have this powerful tool, you have a public blockchain that allows you to follow the flow of funds.

And by doing that, targeting the financial motivations of these crimes, of these activities, it gives you that ability to pierce through the veil of the dark net and figure out who actually is behind these.

MATT ASHBURN

I guess, in your experience, what has been the most surprising thing related to the dark web, cryptocurrency and all that? I guess, were you surprised by the effectiveness of focusing on the crypto?

MATT PRICE

I mean, I'm a former IRS agent and our whole thing is follow the money, right? The agency still talks about taking out Al Capone on tax evasion.

Personally, I don't know that I was surprised by that, because I think in every investigation I worked, whether it was cyber or traditional crime, money is always the weakness.

It's always the thing to focus on in my opinion. Obviously every other piece of investigation is important, but the vast majority of criminal activity is motivated by money.

And following the money, identifying where it goes, that's proven key time and time again, whether it's a terrorism investigation, whether it's child pornography, whether it's in the IRS money laundering was one of our big focuses.

That's always in my experience, one of the key facets to successfully identify and prosecute these guys.

MATT ASHBURN

That's really impressive, and it's probably something that people many times discount or maybe overlook. Are there any other specific takeaways for the audience before we wrap up here?

Anything else you'd like the audience to know, anything else that you'd like to leave them with?

MATT PRICE

Certainly, I mean, again, I can't stress enough when you're doing your research, everything is relevant. You'd be surprised the random moniker that you picked up six weeks ago, that you thought nothing of, that can be the key to the next case. When you're doing your research, when you're looking through these forums, when you're trying to identify leads, consider the financial piece, consider the identifiers, and even to some degree the language used.

For example, in a forum post, a lot of these guys use the same monikers and they talk unique ways. And it's interesting that you can build this persona out in your head based on what a person puts in a dark net forum.

And then hopefully a year down the road, at least on the law enforcement side, when you arrest this guy, you're like, " Oh, I know everything about this guy based on what he posted." Again, I would just encourage gathering as much intelligence as possible and don't discount what initially could seem to be somewhat irrelevant.

MATT ASHBURN

And I thought it was interesting you touched on even linguistics that people use, right? Little details, like you said, really do help to develop that full picture of a person, and some of those characteristics can be very, very unique. That's an important point.

MATT PRICE

I've seen instances where you can tell someone's not a native English speaker based on some of their inflection in the way things are written, and that can help you focus in an investigation.

For example, you may have a preconceived notion that this person is in X, Y, Z country, but looking at that and combining it with the other factors that you're seeing, it can really help you get a profile of who your target is.

JEFF PHILLIPS

Matt, we have a pretty wide ranging audience in terms of experience and skill set when it comes to either OSINT, the dark web and cryptocurrency. Not to put you on the spot here, but are there any resources that jump into your mind when it comes to the dark web or crypto that either are tools that help people or places to learn and get a little smarter on these areas?

MATT PRICE

On the OSINT side, I had the benefit of being trained by probably some of the best folks out there. But that said a lot of those basics are publicly available.

There are various books out there and forums on how you can do some of this research. And it's constantly evolving, actors are moving platforms.

Years ago it was on the same forums and they were relatively easy to find, now actors are moving to more more direct communication, because they know people know these things and they're looking at it.

JEFF PHILLIPS

Things like telegram.

MATT PRICE

And as far as cryptocurrency, I mean, the biggest thing you can do is educate yourself. For example, Binance, we have Binance Academy that explains everything from what is a Bitcoin all the way up to high level concepts with it.

Again, that information's all pretty publicly available. There are open source blockchain analysis tools, Etherscan being one. I mean, there are numerous for each different blockchain, as well as commercial tools that are used on the law enforcement and exchange side.

MATT ASHBURN

You mentioned that Matt, Binance Academy, it's probably going to go to give a plug for that. It's a great resource for folks, they can learn all about blockchain and cryptocurrency and everything else. This is new stuff to you, I think that website correct me if I'm wrong, Matt, is academy. binance. com. That's B- I- N- A- N- C- E. com. Yeah, that's great.

Well, Matt, thank you so much for being on today as our guest, we learned a lot and we hope the folks in the audience did as well.

Thanks to everyone for tuning into the show this week, if you liked what you heard, you can always subscribe to our podcast wherever you get your podcast and watch episodes on YouTube and also view transcripts and other information on our website at authentic8.com/ NeedleStack.

You can also follow us on Twitter@ NeedleStack_pod, we'll be back next week with more on the dark web, specifically,focusing on how the dark web can be used to investigate financial fraud.

You want to stay tuned for that. To register for that podcast, visit Authentic8, that's authentic with the number 8. com/ NeedleStack. We'll see you then.

There’s a (false) assumption that cryptocurrency is inherently anonymous, concealing the identity of those who use it. But in fact, crypto has been used in countless investigations to unmask criminals and bring them to justice. We sit down with Matt Price, former IRS-CI special agent and current head of investigations and intelligence at Binance, to bust the myths of crypto and the dark web, and learn how the best advice to any investigator holds true for crypto: follow the money.

Key topics:

  • Basics to understanding the role of cryptocurrency on the dark web
  • Why blockchain actually undercuts the promise of anonymity in crypto
  • Linking darknet personalities to real-world identities via crypto financial transactions
  • Resources to improving cryptocurrency research, including Binance Academy

About Matt Price

Matt Price is regional head of investigation and intelligence, Americas, at Binance, the world's leading blockchain ecosystem and cryptocurrency infrastructure provider. Matt works to ensure the crypto industry is a safer place for all users by working to remove bad actors from the crypto ecosystem. Matt supports the efforts of law enforcement agencies around the world to investigate and take down those who seek to exploit the crypto ecosystem for illicit purposes. 

Matt joined Binance after a 15-year career in law enforcement and intelligence, most recently serving as special agent with the IRS Criminal Investigation Washington DC Cyber Crimes Unit. Matt led high-impact, cutting-edge cyber and cryptocurrency investigations targeting the most egregious bad actors in the crypto ecosystem. Matt has extensive experience leading cyber investigations, including serving as the lead investigator of Grams/Helix, the first-ever investigation and prosecution of an illicit bitcoin tumbling service. Matt also led the investigation of Bitcoin Fog, the largest and longest operating money-laundering service on the darknet. Matt has a wealth of experience in cyber investigative techniques, blockchain analysis and digital forensics. 

Matt previously served with the Central Intelligence Agency, Directorate of Operations as a targeting officer where he worked to target, disrupt and dismantle criminal, terrorist and counterintelligence threats to national security. 

Subscribe
Enter your email address below to receive notifications from needlestack@authentic8.com
Close
Close