The secret documents transmitted by Edward Snowden on Tuesday to The Intercept news outlet show that the National Security Agency (NSA) has been tracking Bitcoin users using a baiting program.
Although the agency was interested in monitoring other cryptocurrencies, "Bitcoin is the number one priority," as is written in the document dated March 15, 2013. The tracking of users had been taking place simultaneously with the studying of the Bitcoin blockchain and, as can be seen from the NSA memorandum of March 29, 2013, could also have included the act of obtaining information about user computers, including passwords, Internet activity, and the unique identification number (MAC address) of the device.
In the same document, intelligence officials discuss tracking IP addresses, network ports, and timestamps for identifying "objects."
Powerful search tools were used for detection; perhaps, it was the XKeyScore search engine, which cataloged Bitcoin information and a host of other user data. The NSA reference document indicates that the data source owned not only the user's IP address but also their payment information, which made it easy to identify the individual.
As can be seen from the internal reports, in 2013, the NSA monitored Bitcoin-related "targets" with a program codenamed OAKSTAR, which is a set of hidden corporate partnerships that allowed the agency to monitor communications, including Internet data that transmitted over fiber-optic cables. An additional program was the MONKEYROCKET, which worked on the principle of "baiting and spoofing" as it was presented to the user as an "anonymization tool," but then it was introduced into the network equipment and passed data over to NSA. In this case, the information program verified the user, and the agency stored information in the file "user provider full.csv." By the spring of 2013, MONKEYROCKET was "the only source of SIGDEV [Signals Intelligence Development—DeCenter] for Bitcoin targets," as stated in the report of March 29.
At the same time, MONKEYROCKET, launched online in the summer of 2012, was originally aimed at combating terrorism and was described as a "non-Western anonymization service" with a "significant user base" in Iran and China. It is also noted that part of the "long-term strategy" of MONKEYROCKET was "to induce objects involved in terrorism, including Al Qaeda [the organization is banned in Russia—DeCenter]" to use this "browser product" that "the NSA can then use for its own purposes." Later, the list of facilities expanded and began to include users under the supervision of the departments on international crimes and narcotics, tracking cash flows, and the Iran issue. The memorandum of March 8, 2013, reports that the agency planned to "use MONKEYROCKET in a mission to counter organized crime and cyber objects that use electronic currency to move and launder funds."
Assistant Professor at the Johns Hopkins Information Security Institute Matthew Green called "disastrous" the possibility that the NSA "fraudulently launched an entire international operation" just to track the targets because such practices can lead to general distrust towards the software of confidentiality. This "feeds on the notion that the US is not trustworthy," Green said, noting that the "browser product" included in MONKEYROCKET is similar to the VPN. In this regard, it is important to trust the VPN provider, which encrypts and redirects Internet traffic and, in fact, can see user activity or intercept some of the traffic. Green, also co-founder and advisor of the Zcash cryptocurrency, believes that NSA methods make privacy technology in any non-anonymous cryptocurrency "absolutely useless" and that the NSA's interest in cryptocurrencies is "bad news for privacy, as it means that in addition to a really difficult problem of providing anonymous transactions, you also need to be sure that all network connections are safe," Green said. He also doubts that the anonymous Tor browser will be able to resist the NSA in the long term.
The Bitcoin white paper assumes the preservation of personal information as "Everyone can see that someone is sending a certain amount to someone else, but there is no information binding the transaction to a particular person." Obviously, such transactions have long been a desired subject of control for governments and special services. In a letter to the Congress dated November 2013, a member of the Ministry of Homeland Security wrote that "with the advent of cryptocurrencies that provide easy financial transactions for criminal organizations, the ministry realizes the need to take an aggressive stance against this developing trend."
Emin Gün Sirer, a professor at Cornell University, who leads the initiative group on the study of the IC3 cryptocurrency, said in a conversation with the Intercept that financial privacy is "extremely important" for the Bitcoin community, and he expects that after the news from the NSA, "people interested in confidentiality will move to private cryptocurrencies." He added that "when the opponent's model includes the NSA, the pseudonymity disappears" and "you must really reduce your expectations regarding privacy in this network," added Gün Sirer.
The NSA trace can also be found in the case of Ross Ulbricht, who is sentenced to two life sentences for the creation and management of Silk Road—a darknet site for trading illegal items. In court, Ulbricht's defense, in particular, argued that the FBI's story of how they found him does not converge and that the government could have infiltrated the servers of the Silk Road with the help of the NSA, perhaps illegally. The court dismissed these arguments. As the Snowden documents show, the NSA worked to expose Bitcoin users six months before Ulbricht's arrest. Patrick Toomey, a staff attorney in the American Civil Liberties Union's National Security Project, said that the NSA documents raise an important question for U.S. law enforcement agencies: "If the government uses NSA espionage in investigating crimes, this is a serious argument. People facing criminal prosecution have the right to know how the government received the evidence so that they can check whether the government's methods were legitimate. This is the basic principle of any legal procedure."
The NSA declined to comment on the newly appeared information. The non-profit organization Bitcoin Foundation could not comment at the time of the request by the Intercept.