DarkSide Update: The FBI Hacks the Hackers?
DarkSide Update: The FBI Hacks the Hackers?
June 8, 2021
Dariia Porechna, Cryptography and Blockchain, Wolfram Language Development
In my May 25, 2021, blog post “Sleuthing DarkSide Crypto-Ransom Payments with the Wolfram Language,” I detailed how I used the Wolfram Language, public knowledge and some guesswork to track crypto-ransom payments made by Colonial Pipeline on May 8 and Brenntag on May 11 to the Russian hacker group DarkSide. These payments, which totaled millions of dollars, were subsequently distributed to different accounts, and on May 13, DarkSide announced it was disbanding.
But the story didn’t end when DarkSide announced its dissolution.
On June 7, the FBI seized 63.7 bitcoin (BTC), approximately $2.3 million USD, from one of the addresses to which DarkSide’s cluster, described in my earlier post, sent their ransom funds. Normally, this should have been inaccessible to anyone without a private key for that address. The FBI apparently managed, however, to obtain one.
Did the FBI run a brute-force attack on a billion-dollar supercomputer to find the private key? For the elliptic curve secp256k1, which Bitcoin is based on, the number of possible private keys for a particular public key is approximately:
In[]:=
Out[]=
340 billion billion billion billion …
Looking at that number, an exhaustive search does not appear plausible. But the FBI surely has its own ways around such obstacles.
As members of the general public, we can still work with what’s publically available on the blockchain. To trace exactly what was seized by the FBI, let me walk you along the timeline of this set of transactions I identified:
6a798026d44af27dbacd28ea21462808df8deca51794cec80c1b59e07ef924a2 |
915fb4f0a030937f2c1d2210996e8eb32b5a41b331965c7ec78961923775bd62 |
fc78327d4e46dac01dc313067b1ac7f274cdb3a07ea9f28f6f71473145f1b264 |
0677781a5079eae8e5cbd5e6d9dcc5c02da45351a3638b85c88e5e3ecdc105a7 |
9436dbf0435b15378f309c35754a110db880fa9bb66a062160a25533bb4a212a |
daf38c7b38eb0a587cf843f47000d5c294affb4f56017370ad48c5147f5e69d9 |
943f2d576ed8d9f388ba75eb82fe35cce29479b84121827ac368a5a94f44cf7a |
280c5f96397b9502b99703842712b78fda84f1a0faabf826f683448082f46369 |
Here’s how they are connected to one another and the addresses worth attention:
Contents cannot be rendered at this time; please try again later or download this notebook for full functionality »
On May 8, 2021, Colonial Pipeline sent a ransom payment of approximately 75 BTC, worth about $4.3 million at that time, to the address 15JFh88FcE4WL6qeMLgX5VEAFCbRXjc9fr:
In[]:=
Select[BlockchainTransactionData["6a798026d44af27dbacd28ea21462808df8deca51794cec80c1b59e07ef924a2","Outputs"],MemberQ[#["Addresses"],"15JFh88FcE4WL6qeMLgX5VEAFCbRXjc9fr"]&]
Out[]=
Amount,,Addresses{15JFh88FcE4WL6qeMLgX5VEAFCbRXjc9fr},SpentQTrue,DestinationTransaction915fb4f0a030937f2c1d2210996e8eb32b5a41b331965c7ec78961923775bd62
Then, 75.0005 BTC was sent in another transaction from the ransom payment address to two different addresses:
In[]:=
BlockchainTransactionData["915fb4f0a030937f2c1d2210996e8eb32b5a41b331965c7ec78961923775bd62","Outputs"]
Out[]=
Amount,,Addresses{bc1q7eqww9dmm9p48hx5yz5gcvmncu65w43wfytpsf},SpentQTrue,DestinationTransaction0677781a5079eae8e5cbd5e6d9dcc5c02da45351a3638b85c88e5e3ecdc105a7,Amount,,Addresses{1DToN8Q6y31TGAz75Df729Bnujk6Xg7q5X},SpentQTrue,DestinationTransactionfc78327d4e46dac01dc313067b1ac7f274cdb3a07ea9f28f6f71473145f1b264
Right away, 1DToN8Q6y31TGAz75Df729Bnujk6Xg7q5X transferred funds to the same address to which 0.00001693 BTC was sent a mere second before in the previous transaction (bc1q7eqww9dmm9p48hx5yz5gcvmncu65w43wfytpsf):
In[]:=
BlockchainTransactionData["fc78327d4e46dac01dc313067b1ac7f274cdb3a07ea9f28f6f71473145f1b264","Outputs"][[2]]
Out[]=
Amount,,Addresses{bc1q7eqww9dmm9p48hx5yz5gcvmncu65w43wfytpsf},SpentQTrue,DestinationTransaction0677781a5079eae8e5cbd5e6d9dcc5c02da45351a3638b85c88e5e3ecdc105a7
Half an hour later, this sum was split between two more addresses:
In[]:=
BlockchainTransactionData["0677781a5079eae8e5cbd5e6d9dcc5c02da45351a3638b85c88e5e3ecdc105a7","Outputs"]
Out[]=
Amount,,Addresses{bc1qxu83k5qkj8kcqdqqenwzn7khcw4llfykeqwg45},SpentQTrue,DestinationTransaction9436dbf0435b15378f309c35754a110db880fa9bb66a062160a25533bb4a212a,Amount,,Addresses{bc1qu57hnxf0c65fsdd5kewcsfeag6sljgfhz99zwt},SpentQTrue,DestinationTransactionb0e381d02d966acbcd9224817e3db50b2bc3566e0060db36a6a17ee163152dd7
I already identified these two receiving addresses in my original investigation as part of a cluster used by DarkSide for its funds. In addition, bc1qxu83k5qkj8kcqdqqenwzn7khcw4llfykeqwg45 also relayed parts of the Brenntag ransom payment on May 11.
On May 9, bc1qxu83k5qkj8kcqdqqenwzn7khcw4llfykeqwg45 moved 63.7 BTC, the amount subsequently seized by the FBI:
In[]:=
BlockchainTransactionData["9436dbf0435b15378f309c35754a110db880fa9bb66a062160a25533bb4a212a","Outputs"][[1]]
Out[]=
Amount,,Addresses{3EYkxQSUv2KcuRTnHQA8tNuG7S2pKcdNxB},SpentQTrue,DestinationTransactiondaf38c7b38eb0a587cf843f47000d5c294affb4f56017370ad48c5147f5e69d9
On May 28, three days after the publication of my original article, 3EYkxQSUv2KcuRTnHQA8tNuG7S2pKcdNxB transferred its funds in a joint transaction with 23 other addresses:
In[]:=
BlockchainTransactionData["daf38c7b38eb0a587cf843f47000d5c294affb4f56017370ad48c5147f5e69d9","Inputs"]//Length
Out[]=
24
In[]:=
BlockchainTransactionData["daf38c7b38eb0a587cf843f47000d5c294affb4f56017370ad48c5147f5e69d9","Outputs"]
Out[]=
Amount,,Addresses{bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq},SpentQFalse,DestinationTransactionMissing[NotAvailable]
… to bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq, where the funds remained until June 7, when a warrant was issued to seize them. According to court documents, the FBI had the private key to bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq, which they emptied on June 7:
This address holds the seized amount:
So how did the FBI get the private key to access the crypto-ransom funds? Needless to say, they’re playing it close to the vest. According to news reports, there are three likely options: someone part of the attack provided the information, it was found during a larger ongoing investigation or the FBI “leveraged” information it discovered to produce the key.
No matter what, recovering even part of Colonial Pipeline’s crypto-ransom payment is significant: it’s the most public example of hackers having the tables turned on them.