Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world....
Transcript of Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world....
![Page 1: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/1.jpg)
Bitcoin IntelligenceFollow the money in the cryptocurrency world
![Page 2: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/2.jpg)
RANSOMWARE
3 MILLION ATTACKS
1 BILLION USD
+ 6000%
IN BITCOIN
![Page 3: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/3.jpg)
DARKNET MARKETSWEAPONS
DRUGS
ILLEGAL SERVICES
PEDOPORNOGRAPHY
REVENUES DOUBLED
![Page 4: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/4.jpg)
Ransomware
3 million attacks
1 billion $ paid
MONEY LAUNDERINGTAX EVASION
TRANSFER ABROAD
ILLEGAL FUNDS
BITCOIN TX ARE FAST AND EASY
![Page 5: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/5.jpg)
WTF ???
![Page 6: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/6.jpg)
Dicono gli esperti (1)
…chiedendo la restituzione [dei dati] dietro il pagamento di una somma in
“bit coin”.
...un riscatto esclusivamente in bitcoin, la valuta meno rintracciabile del
mondo.
...pagamenti in bitcoin: la moneta virtuale gestita da personaggi misteriosi.
![Page 7: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/7.jpg)
Dicono gli esperti (2)
...questa moneta può essere usata ovunque nel mondo ed a qualsiasi ora.
...siamo in grado di verificare quanti soldi sono stati raccolti da Wannacry
grazie ad un tecnico di Google.
![Page 8: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/8.jpg)
?
![Page 9: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/9.jpg)
Follow the money!
ma con qualche piccola differenza…
![Page 10: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/10.jpg)
Opportunità
La blockchain è un public ledger e chiunque può esaminare lo storico
completo delle transazioni effettuate in bitcoin.
La rete P2P su cui si regge Bitcoin è aperta e chiunque vi può
partecipare.
![Page 11: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/11.jpg)
Limitazioni (1)
Bitcoin utilizza degli pseudonimi (bitcoin address) per inviare e ricevere
denaro.
1EwNzYZPKupvYeZ4nYKGw36pH483Lgbx7L
Solo chi possiede la “chiave privata” relativa ad un certo indirizzo può spenderne il
contenuto.
![Page 12: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/12.jpg)
Limitazioni (2)
E’ possibile creare un nuovo indirizzo per ogni transazione.
Oltre 250 milioni di indirizzi ad oggi nella blockchain.
di cui 230 milioni usati una sola volta…
Non esiste una entità di controllo centrale.
![Page 13: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/13.jpg)
Limitazioni (3)
A complicare le cose ci si aggiungono i bitcoin mixer.
Servizi che possono mascherare gli indirizzi di origine e/o destinazione di una transazione.
![Page 14: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/14.jpg)
Sfruttiamo le opportunità!
e aggiriamo le limitazioni…
![Page 15: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/15.jpg)
Tecniche di analisi
Address clustering
![Page 16: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/16.jpg)
Address clustering
Permette di identificare il wallet di una data entitàcioè l’insieme di indirizzi controllati da essa.
Vengono utilizzati degli algoritmi euristici di clustering sui dati contenuti
nella blockchain.
![Page 17: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/17.jpg)
esempio di clustering
![Page 18: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/18.jpg)
Servizi e software gratuiti
www.walletexplorer.com
bit-cluster.com
etc.
![Page 19: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/19.jpg)
Tecniche di analisi
OpenSource Intelligence
![Page 20: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/20.jpg)
OSINT (1)
Ci sono numerose fonti per ottenere informazioni in rete sugli indirizzi
bitcoin.
![Page 22: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/22.jpg)
OSINT (2)
Un semplice crawler permette di creare un buon database di
informazioni.
E’ molto efficace anche sulla darknet.
![Page 23: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/23.jpg)
OSINT (3)
Parsing delle pagine tramite regular expression./(?<![a-km-zA-HJ-NP-Z0-9])[13][a-km-zA-HJ-NP-Z0-9]{26,33}(?![a-km-zA-HJ-NP-Z0-9])/
Possibili target:
Forum - (BitcoinTalk, BitcoinForum, etc.)
Keybase
Pastebin
Il resto di internet...
![Page 24: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/24.jpg)
Alcuni database on-line
www.walletexplorer.com
blockchain.info/tags
etc.
![Page 25: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/25.jpg)
Google search per indirizzi
Non sempre efficace.
Si ottiene molto “rumore".
![Page 26: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/26.jpg)
Categorizzazione manuale
Interazione manuale per identificare e categorizzare i maggiori servizi
attivi nel mondo bitcoin.
L’efficacia è ovviamente maggiore se si combina con l’address
clustering.
![Page 27: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/27.jpg)
Per un’analisi più approfondita
"A Fistful of Bitcoins: Characterizing Payments Among Men with No Names" (University of California, George Mason University).
![Page 28: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/28.jpg)
Tecniche di analisi
Pattern Analysis
![Page 29: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/29.jpg)
Pattern analysis
Algoritmi euristici e di machine learning applicati alla blockchain.
Permettono di identificare schemi di transazioni tipici di alcune attività
illecite.
![Page 30: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/30.jpg)
Ransomware payment scheme
![Page 31: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/31.jpg)
Bitcoin mixing & money laundering
![Page 32: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/32.jpg)
Tecniche di analisi
Geotracking
![Page 33: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/33.jpg)
Geotracking
Chiunque può partecipare alla rete P2P di Bitcoin.Utilizzando un numero di nodi arbitrario.
Monitorando come le informazioni si propagano sulla rete è possibile
cercare di individuare il punto di origine di una transazione.Indirizzo IP o servizio utilizzato.
![Page 34: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/34.jpg)
Le basi teoriche
"An Analysis of Anonymity in Bitcoin Using P2P Network Traffic" (P. Koshy, D. Koshy,
P. McDaniel).
"Deanonymisation of clients in Bitcoin P2P network" (A.Biryukov, D. Khovratovich, I.
Pustogarov).
"On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients" (A.
Gervais, G. Karame, D. Gruber, S. Capkun).
![Page 35: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/35.jpg)
Servizi e software gratuiti
blockchain.info implementa in maniera rudimentale una piccola parte di
queste tecniche.
![Page 36: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/36.jpg)
…in realtà questa transazione era stata fatta da Roma
Geotracking di blockchain.info
![Page 37: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/37.jpg)
Tecniche di analisi
Mixing & Demixing
![Page 38: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/38.jpg)
Per incrementare l'anonimato nascono i Bitcoin Mixer.
Rendono più complesso il tracciamento dei flussi sulla blockchain.
Molti di questi sono attivi sulla darknet.
Non esistono stime esaustive dell'utilizzo di questi servizi.
![Page 39: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/39.jpg)
Mixer centralizzati (1)
L'utente versa dei fondi su un indirizzo del mixer, specificando gli indirizzi di
restituzione e le tempistiche.
Il mixer aggrega e mischia i fondi ricevuti da più utenti (Anonymity Set).
Vengono restituiti i fondi "puliti" agli indirizzi specificati in precedenza (il mixer
trattiene una fee 1-3%).
![Page 40: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/40.jpg)
Mixer centralizzati (2)
BitcoinFog
BitLaundry
HelixMixer
etc.
![Page 41: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/41.jpg)
Schema transazioni BitLaundry
![Page 42: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/42.jpg)
Svantaggi dei Mixer centralizzati (1)
Se ci sono pochi fondi è possibile che all'utente torni indietro parte dei suoi stessi
fondi.
Tool di analisi:blokchain.info :: taint analysis
![Page 43: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/43.jpg)
Svantaggi dei Mixer centralizzati (2)
Si deve avere totale fiducia nel gestore del servizio:
Conosce sorgente e destinazione di tutti i fondi che transitano.
Ha l'effettivo controllo dei soldi (potrebbe non restituirli).
Molti dei mixer sono in realtà scam!
btcmixers.com contiene "recensioni" di mixer con affidabilità, taint riscontrato, etc.
![Page 44: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/44.jpg)
Per un’analisi più approfondita
"An Inquiry into Money Laundering Tools in the Bitcoin Ecosystem" (M. Moser, R.
Bohme, D. Breuker)
![Page 45: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/45.jpg)
Per far fronte a queste problematiche nascono i sistemi di Mixing
trustless & distributed.
Nessuna entità centrale.
Struttura peer-to-peer.
Robustezza garantita dalla “matematica”.
…ma non esenti da vulnerabilità.
![Page 46: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/46.jpg)
Per un’analisi più approfondita
http://www.coinjoinsudoku.com
http://www.neutrino.nu/single-post/2016/11/28/JoinMarket-a-distributed-and-
trustless-mixing-system
![Page 47: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/47.jpg)
Ambiti di utilizzo
Law Enforcement
![Page 48: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/48.jpg)
Alcuni esempi (1)
Individuare gli utenti che effettuano acquisti sui marketplace della
darknet.
Identificare il wallet di un marketplace (clustering + OSINT)
Identificare i wallet che inviano bitcoin al marketplace (clustering)
Ottenere informazioni sull’identità dei proprietari dei wallet identificati (OSINT)
![Page 49: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/49.jpg)
Alcuni esempi (2)
Individuare gli autori di un ransomware.
Identificare le transazioni che rispecchiano lo schema di pagamento (pattern analysis)
Localizzare l’origine geografica delle transazioni spendenti (geotracking)
![Page 50: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/50.jpg)
Ambiti di utilizzo
Normativo & Regolatorio
![Page 51: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/51.jpg)
Risk scoring per AML e KYC
Ha inviato o ricevuto soldi da fonti ritenute sospette?
Ha utilizzato sistemi di anonimizzazione del traffico o di bitcoin mixing?
Ha effettuato transazioni da nazioni ritenute sospette?
E' collegato a dei pattern/flussi che possono essere assimilabili ad attività illecite?
![Page 52: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/52.jpg)
Lo stato dell’arte
![Page 53: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/53.jpg)
Ci sono piattaforme commerciali che mettono insieme le tecniche qui
descritte (ed altre) per offrire servizi a 360°.
![Page 54: Follow the money in the cryptocurrency world · Follow the money in the cryptocurrency world. RANSOMWARE 3 MILLION ATTACKS 1 BILLION USD + 6000% IN BITCOIN. DARKNET MARKETS WEAPONS](https://reader033.fdocuments.in/reader033/viewer/2022051815/603ec81c35a1211416297a3d/html5/thumbnails/54.jpg)
Q & A