Fear The Legal Creep: US Blacklists BTC Address Used in Ransomware

Shortly after the attacks of September 11th, the United States passed legislation giving the federal government sweeping powers. The Patriot Act was designed to be a temporary measure to prevent terrorism in the new age that America found itself in. It passed the House of Representatives and the Senate easily and has been renewed every time its time limit has come up, without much debate by our legislators.

Since its initial passage, the tools codified in the Patriot Act have been used to justify actions not only against alleged terrorists, but also run-of-the-mill criminals, political activists and virtually every US citizen, even those never accused of a crime (likely including you, dear reader.) This is called legal creep. Where laws and tools intended to be used on certain individuals are eventually applied to more groups of people until it encompasses the entire population.

It isn’t limited to terrorism either. Rackeetering laws, specifically the RICO act, was designed to fight organized crime. In the 70s when the law went into affect, organized crime was infiltrating legitimate businesses. They were able to use the proceeds of those businesses to mount strong legal defenses and obscure their criminal acts.

It seemed like a reasonable law in the face of Mafia violence and drug trade that was growing in the 1960s. But today, the asset forfeiture tool that was a major part of the RICO act has been used against innocent civilians who never faced trial. It is used to seize vehicles and cash from “suspects” who are oftentimes not doing anything wrong other than carrying a stack of cash (which isn’t illegal). Victims of this police extortion can have the charges brought against them dropped, but they will still have to sue to get their property back. If they can’t afford that, their property is given to the authorities and used to fund the police.

To summarize: a tool intended to stop the likes of John Gotti, is now used to steal property from innocent civilians and fund the police department. That is the danger of legal creep.

Yesterday, the United States Treasury announced that it is blacklisting two bitcoin addresses associated with Iranian nationals. The two Iranians are accused of helping launder and convert bitcoins, some of which were allegedly obtained through the infamous SamSam Ransomware.

“[The United States] Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims. As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes,” explained Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker in a press release posted on the Treasury website “We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.”

The two accounts have been active since 2013 and have processed more than 7,000 transactions, interacted with over 40 exchanges and sent over 6,000 bitcoins according to the US Treasury.

I want to be clear. I think Ransomware operators are the scum of the earth. If you are unaware, Ransomware is a type of malware that locks critical files on a computer or network and demands money (typically bitcoin or another cryptocurrency). While much of their distribution is organic, they oftentimes target critical pieces of infrastructure. Hospitals with critical patient information, schools with private student information and corporations with customer data, invoices and other critical pieces of data that could cripple a company if lost.

The victim is usually instructed to send bitcoins before a timer runs out. After the timer runs out the price will go up or alternatively, the files will be locked forever. Oftentimes the sever that holds the cryptographic keys required to unlock the folders are hidden on legitimate websites, unbeknownst to the site’s owner. If the site’s owner discovers the key or just happens to take down the website or something else makes it so the Malware can’t call it, the victim might pay and never get their files back.

So the US Treasury is blacklisting these bitcoin addresses in the same way they blacklist bank accounts and individuals. Americans are prohibited from doing business with the individuals, and in this case, their bitcoin addresses.

My initial reaction was one of positivity. Nothing, not even scammy ICOs and child porn dark markets, give the industry a bad name like Ransomware. The reason for that is that it can affect anyone, where as the other issues have to be sought out. ICOs might steal your money, but you have to hand it to them first. Ransomware can affect people who never even heard of bitcoin until some cyber-criminal is demanding they send it to them.

That the authorities not only identified two of the perpetrators but took action seemed positive. But to understand why this is an issue, one has to look at what they hope to accomplish with this move.

They have made it illegal for exchanges, other services and individuals to send bitcoin to these addresses. Like the aforementioned moves against terrorist after September 11th, it is hard to argue against taking action against Ransomware benefactors.

But exactly how long will it take for this to be applied to other entities around the world? How long until they do the same thing to Wikileaks? To Palestine liberation groups? To environmental activists? To whistleblowers like Edward Snowden? To someone developing communication or cryptocurrency privacy software? How long until they blacklists all addresses suspected of being from Iran?

All of those entities have been accused, either formally or informally, of supporting terrorism.

And when you consider the current atmosphere of banning anyone who is the slightest bit controversial from social media, it is clear at least some of the population would support moves against those entities.

Bitcoin is anti-censorship by its nature. When Wikileaks lost access to traditional funding means after it published the collateral murder video, Bitcoin was floated as an alternative method. Bitcoin’s blockchain was far less secure at the time so Satoshi Nakamoto reportedly asked them not to start accepting Bitcoin because it wasn’t ready to take on a state actor.

We are much closer to being able to handle that now. Not only in pure hashpower, but also in popularity. In 2010, most of the public was unaware of bitcoin’s existence. Its hashing power was less than 0.1TH/s for the majority of the year. Today, it sits in the 40,000,000 to 50,000,000TH/s range. It is infinitely more secure against an attack than it was then. In 2010 the government could have destroyed bitcoin before most people even knew it existed. Today, it would take a ton of effort and expense from the government. Even if they could manage to do it, it would draw the attention of not only the cryptocurrency community, but also the public at large.

If we accept the idea of government enforced blacklisting, where does it end? We have the power to stand up to them today. Don’t let their manipulation of starting with an indefensible individual allow them to slowly add more addresses to the government enforced blacklists. Because, make no mistake, this is their first BTC address blacklisting, but it won’t be their last.

The most powerful feature of bitcoin is that it operates without permission, without a third-party. If we start adhering to the government’s requests, when does it end? Where does the legal creep stop?

Already, Bitcoin users have been trolling the Treasury, sending bitcoin to the “banned” addresses. I don’t suggest anyone do this. The owners of those addresses are still scum. And protesting by sending them money is still supporting horrible people who have stolen from innocent people.

But any exchange and service blacklisting these addresses should make it perfectly clear that they are doing so at their own discretion and not the government’s. That it is an act of self-policing because they are Ransomware spreaders. Not because they have been ordered to by the government. And that if other entities that aren’t directly related to cryptocurrency crimes are added to the government’s list, they won’t follow suit. Many exchanges already self-police and block addresses related to hacks. I have no problem with any exchange blocking these addresses, but I do have an issue with exchanges that block any address the United States government orders them to without question. That applies double to exchanges that exist outside of the US government’s jurisdiction and therefore have cover.

Make no mistake about it. The government chose these two addresses because their owners are indefensible pieces of human garbage. But that is how they always start these things and the next addresses to be blocked might not be as black and white as this one.

We should stand up to them now, rather than when the precedent has already been set.

Leave a Comment

Your email address will not be published.