Magistrate judge Zia Faruqui, and Jessi Brooks, assistant U.S. attorney in the national security section at the United States Attorney’s Office, have prosecuted several cryptocurrency-related cases, many of them amongst the most well-known. In this episode, they talk about:
- how they came to be involved in the prosecution of so many cases involving cryptocurrency
- the nature of civil forfeiture cases
- the Al-Qassam Brigades case, which led to the largest ever seizure of a terrorist organization’s cryptocurrency accounts, and the terrorist organization’s use of dynamic addresses in an attempt to elude detection by authorities.
- how Al Qaeda used Telegram to pursue cryptocurrency donations
- the case involving ISIS and counterfeit PPE for COVID
- the process of seizing funds from unhosted wallets
- the North Korean affiliated Lazarus Group, and how they were able to amass $2580 million worth of cryptocurrency
- the methods hackers will use to cash out stolen crypto funds to fiat
- how different government agencies in the U.S., as well as in other countries, are coordinated when tackling these cases
- the Welcome to Video case and how they went about prosecuting a person in a foreign country
- how they’ve seen the use of cryptocurrencies by criminals evolve over time
- and whether or not they think decentralized exchanges will make it easier for criminals and hackers to cash out
Thank you to our sponsor!
Crypto.com: https://www.crypto.comEpisode links:
Jessi Brooks: https://www.linkedin.com/in/jessica-brooks-8289ab32/
Zia’s Faruqui: https://www.linkedin.com/in/zia-faruqui-a73ba11a5/
Three terror-finance cybercrime cases: https://www.justice.gov/opa/pr/global-disruption-three-terror-finance-cyber-enabled-campaigns
The Al-Qassam Brigades case: https://www.justice.gov/opa/pr/global-disruption-three-terror-finance-cyber-enabled-campaigns
Scam PPE site: https://www.wired.com/story/isis-allegedly-ran-a-covid-19-ppe-scam-site/
Civil forfeiture complaint against North Korea-affiliated hackers, Lazarus Group:
https://www.justice.gov/usao-dc/pr/united-states-files-complaint-forfeit-280-cryptocurrency-accounts-tied-hacks-two https://www.justice.gov/usao-dc/press-release/file/1310411/download https://blog.chainalysis.com/reports/lazarus-group-north-korea-doj-complaint-august-2020Welcome to Video indictment: https://www.justice.gov/opa/pr/south-korean-national-and-hundreds-others-charged-worldwide-takedown-largest-darknet-child
Dark Scandals: https://www.forbes.com/sites/kellyphillipserb/2020/03/13/dark-deja-vu-irs-announces-charges-in-takedown-of-multi-million-dollar-child-exploitation-website-funded-by-bitcoin/#4a09b2ac28ae https://www.justice.gov/usao-dc/press-release/file/1257581/download
Jonathan Levin from Chainalysis on Unchained: https://unchainedpodcast.com/how-bitcoin-led-to-the-demise-of-the-largest-child-porn-site/
Transcript:
Laura Shin:
Hi everyone, welcome to Unchained, your no-hype resource for all things crypto. I’m your host, Laura Shin, a journalist with over two decades of experience. I started covering crypto five years ago, and as a senior editor at Forbes, was the first mainstream media reporter to cover cryptocurrency full-time. Subscribe to Unchained on YouTube where you can watch the videos of me and my guests. Go to youtube.com/c/unchainedpodcast and subscribe today.
Crypto.com Crypto.com – the crypto super app that lets you buy, earn and spend crypto – all in one place. Earn up to 8.5% per year on your BTC and more than 20 other coins. Download the Crypto.com app now to find out how much you could be earning.Laura Shin:
Today’s guests are Magistrate Judge Zia Faruqui and Jessi Brooks, assistant U.S. attorney in the National Security Section at the United States Attorney’s Office. Welcome, Zia and Jessi.
Zia Faruqui:
Hello.
Jessi Brooks:
Thank you. Thanks for having us.
Laura Shin:
You’ve prosecuted a number of federal criminal and civil forfeiture cases involving cryptocurrency including some of the most well-known ones such as the Welcome to Video case, which led to the takedown of one of the web’s largest child pornography sites, and a case involving the North Korea affiliated Lazarus group, plus another one involving Hamas and the Al Qassam Brigades, how did you two come to prosecute so many cases involving cryptocurrency?
Jessi Brooks:
I can go first, and then I’ll let Zia sort of explain because I think our roots are actually very different. I started and cut my teeth in the Superior Court Division at our office prosecuting mainly domestic violence and sex offense cases. During my time prosecuting sex offense cases, I learned an expertise in the revenge porn world, which is where individuals sort of use cyber techniques to put out explicit photos of people that either broke up with them or upset them in some way, and I got really interested in the cyber world, and then when I moved to the National Security Section, I was lucky enough to team up with Zia, who had already developed this amazing expertise in this field, and from there, it sort of took off. Zia and his team, that he had developed, and then I got to jump in and help develop, as well, had created this amazing world that’s leading the forefront of DOJ in these kinds of cases.
Zia Faruqui:
Sure. Yeah, thanks so much. So, as you said, I’m now a judge, so I’m no longer a prosecutor, so I can speak not in my role as a judge but talking about as a prosecutor starting in 2008 until September 11, 2020, I was prosecuting cases. Kind of what led me to the path of cryptocurrency was my focus was on money laundering and asset recovery for victims, and it seemed very clear early on there was like people started laundering money in second life where there was this initial sort of trend of like, you know, is virtual currency something that criminals would get into, and one of the most fun things about being a prosecutor is seeing the ingenuity of criminals, right, like they’re finding new and fascinating ways, and you always think like, oh man, if they’d only channel these powers for good, think of all the things they could do, but it is, it’s like a game of chess between prosecutor, investigators and people who are violating the law, and you’re always just trying to catch up and keep up with them, and so you know several years ago, about like five or six years ago, another couple prosecutors over from Main Justice, particularly one, Alden Pelker, and then Jessi and I then also worked with another colleague, Chris Brown, who has done a lot of big cryptocurrency cases including currently cases that are charged in the district court like mixing cases and things like that, we all just sat down, like we need to have like a more coordinated way of coming at this problem, and different agencies have different expertise. The IRS is at the forefront, and they’re super smart about getting and like working the blockchain, and HSI is really good with undercover, and FBI has this national security portfolio, and so we kind of formed our own informal Strikeforce, which we call it because we thought it sounded cool, and we wanted to make t-shirts that said Strikeforce, and so it was I think like anything in federal service, it’s like there’s a lot of elbow room to kind of grow and try out new things, and you just want to find people who are mission oriented and excited about trying those new things, and so we were able to kind of organically find a group of people who are interested in cryptocurrency, and kind of each had our own different strengths that we could play on each other on.
Laura Shin:
I like the Strikeforce thing, you know, it doesn’t sound exactly how like government would normally work, you imagine it would typically be very bureaucratic, but I like that idea that you just called it that because it sounded cool.
Zia Faruqui:
Thank you.
Laura Shin:
So, before we dive into the details on these cases, let’s actually just establish some facts for the listeners because I think, even before researching this, I didn’t really know some of the stuff, but most if not all of these cases are civil forfeiture cases, what is civil forfeiture and what happens in a case like that?
Zia Faruqui:
Sure, I can take that one. So, civil forfeiture is interesting because it’s so different than your normal criminal case, like in a criminal case, it might be the United States versus Zia Faruqui, right, like that’s against a person, but civil forfeiture is against a thing. It’s the United States versus 220 cryptocurrency accounts or the United States versus one Ford truck. It’s a way to go after things. It’s a less punitive way of enforcing the law, you don’t have to actually arrest a person and try to take their property, you can just go directly against the thing, and then people…you know, the burden of proof is still on the government, but that people then can come forward and say like, actually, this thing belongs to me, and there’s a process by which then the court then says like has the government met its burden of proof to show this was involved in the crime or proceeds of the crime, and if it is, then the person still has a defense to say like, look, I had no idea someone was using my card to commit this crime or I had no idea someone was using my bank account to do this, and then they get the property returned to them if they can prove that.
Jessi Brooks:
And if I could just add, there’s a whole spectrum of civil forfeiture. I mean, it can start as small as someone forfeiting your property after they seize it at a stop of some sort to the kinds of cases that we deal with, which is seizing a domain that might be proffering terrorist finance or child pornography, so there’s a whole range, and they can differ in many ways, but at the end of the day, it’s a civil forfeiture kind of action.
Laura Shin:
And so, and maybe this is sort of just part and parcel of what we were just discussing but if you know that a certain person is affiliated with one of these properties, then why wouldn’t you just make that person a defendant, is that just a different type of case or how does it work when you have that connection?
Jessi Brooks:
Sure. Well, I can start, and Zia if you want to go from there and add to it. There’s a lot of reasons for it. First of all, there’s a different level of proof for civil forfeiture and criminal charges, and most importantly probably goes to what Zia just said, which is that the civil action is against the property not a person, and the criminal action is going to be against a person, and with a criminal action, you have to prove a mens rea, which is an intent that goes with each statute, and there’s a lot of different steps that go with that, that lead to our high burden of proof that the government takes on proudly, but with civil forfeiture, it’s all about the property, like what is it about this property that was involved in wrongdoing in some way. So, there are a lot of considerations that sort of differentiate the two, and there are a lot of nuances that help prosecutors decide whether they want to go the civil route, the criminal route, or you can dual track it as well.
Zia Faruqui:
The one thing I would add is that there’s a lot of people who have commented about the Department of Justice actions, that they do what’s called name and shame indictments where there may be someone in North Korea or there may be someone in Syria that they can’t actually get their hands on the actual person, it’s like what have you accomplished by doing that, and so civil forfeiture is important because it’s an actual way to have concrete disruption in national security cases where in the kind of name and shame, you know, that person’s life is not necessarily impacted in the civil case, like you might know someone in North Korea has stolen these funds and things like that, but if they never leave North Korea, what is the point of criminally charging him necessarily, but the civil, you actually go and seize the funds, you’re actually able to get the money, and so there may be instances, many instances, where you take the less punitive route of civil forfeiture because what is the point of adding those additional resources to criminally charge someone that you would never get a chance to actually prosecute. You can’t criminally prosecute someone absentia, they have to actually be present in the United States, in the United States District Courtroom.
Laura Shin:
All right, so now let’s turn to some of these cases. There’s one pretty interesting one in which the government maybe, at least from your work, you were able to run a terrorist website for the first time, and that was involving a Hamas group called Al Qassam Brigades, why don’t you just start by describing who they are.
Jessi Brooks:
Sure. The Al Qassam Brigades is the military wing of Hamas, and they’re a designated terrorist organization by the US government, which lends itself to certain types of restrictions, which includes sanctions, and if you give any material support to them, the material support charges, so that designation is important, and in that case, it was sort of part of a larger campaign that Zia and I led against taking down and dismantling three separate cyber-oriented terrorist campaigns, two that directly involved cryptocurrency and one that had tertiary involvement.
Laura Shin:
And what were they doing with cryptocurrency?
Jessi Brooks:
Sure. So, each of three terror groups was acting distinctly, but to speak specifically to the Al Qassam Brigades, since that’s what you raised, in that case, and it all sort of started on Twitter, but the Al Qassam Brigades put out an announcement on their Twitter publicly asking for bitcoin donations from their supporters, and what it started out with was a static address for the supporters to send to, and then, from there, we and the DOJ, and our investigatory partners at IRS and HSI were able to watch as the Al Qassam Brigades developed and learned more about cryptocurrency, so eventually, they shifted their finance campaign from Twitter to their websites, which were alqassam.net, alqassam.ps, and qassam.ps, and on those websites, they started to say, hey supporters, send us your bitcoin by clicking on this, and again, on those websites, it was just a static address, but purportedly to avoid any government and law enforcement detection, they then changed their techniques and started doing dynamic addresses, so each individual who wanted to donate would click on the website and an address would be generated for that supporter to donate to, and so throughout that process, the terrorist group was able to raise a lot of money from supporters all over the world.
Through a lot of work from our amazing law enforcement, they were able to track both the addresses that the Al Qassam Brigades was generating on this website as well as all the addresses that were sending to it, and then, through our work there, including multiple different legal techniques, we were able to determine how the website itself was run, and from there, through judicial authorization, was able to run the website for 30 days, and how that exactly worked was that, as part of our seizure action, which is related to the civil forfeiture, we seized the domain, and sometimes, when you seize a domain, the domain name just is transferred to a splash page run by the government, so essentially a splash page that says this website was supportive of terrorists or supportive of child pornography, and so it’s now owned by the government, but in this case, what we did instead was redirect the website to a government run website that was an exact mirror image of the prior terrorist website, and through this, our law enforcement and the government was able to run the website for 30 days, and during that time, people continued to visit the website and donate money to the Al Qassam Brigades throughout this until after that 30 day period when we filed our civil forfeiture complaint, and the splash page was put up.
Laura Shin:
And just to go back to spell it out for the audience, so why was it that they switched from just one particular address to these dynamically generated addresses?
Jessi Brooks:
Yeah, it’s interesting.
Zia Faruqui:
Because of Jessi Brooks. Because of Jessi Brooks, that’s why because.
Jessi Brooks:
They knew I was coming.
Zia Faruqui:
Yeah. No, because she went and got their money, right, it’s the cat and mouse. Sorry, go ahead, Jessi.
Jessi Brooks:
Yeah, I mean, at the end of the day, like terrorists are trying to avoid law enforcement detection, too, and they’re learning while we’re learning, and they can tell that we’re investigating their cases, we’re freezing their assets, we’re starting to figure out what’s going on here, and so we began to work with virtual exchanges to freeze assets, and from there, they decided that they needed to change their techniques, and you know terrorists used to rely on financial institutions, they still do, but they’re developing and now are learning more about cryptocurrency.
We’re watching them develop more and more and learn more and more about cryptocurrency, which in this specific case, they moved from static to dynamic, which is much more difficult to track, but because we sort of already knew what was going on, we had a headstart on it.
Laura Shin:
And so, how were you able to find all the addresses that the generator was creating plus all the addresses that sent to the…well, I guess maybe that part isn’t as hard once you have the address, but I mean…?
Zia Faruqui:
Laura, a magician never reveals their secrets. They have to tune into the sequel podcast when we give the peek behind the curtain. Yeah, I mean, I think, as Jessi said, it’s the tremendous work of the IRS agents, Chris Janczewski, the HSI agent, Bill Capra, I mean, these guys were working a ton with the FBI partners to go through and really figure out what was going on, and they used sophisticated tools. I mean, you see on our press release, there was a reference as well, Chainalysis has done a couple presentations that they participated, Exogen was another contractor, so I think it was just…look, I mean, the agents spent a lot of time working, it’s not like there’s no one trick, it’s work, right, like they were working with using the legal tools, like Jessi was saying, search and seizure warrants to get email content or get financial records from subpoenas, leveraging relationships with overseas partners, and then undercover work, it’s a little bit of everything.
Jessi Brooks:
And I think something that was really special about this action and the follow up ones is that it was an inter-agency effort all run by people that actually really care and are interested in cryptocurrency and who sort of believe in what cryptocurrency is trying to do, so we were all just trying to figure out who are the bad actors using cryptocurrency and how can we attack them because the DOJ and these other agencies are just trying to understand these virtual assets and make sure that they’re not used for bad.
Laura Shin:
And earlier when I asked about Al Qassam Brigades, you said there were also other groups, so what happened with those, how were they using bitcoin or cryptocurrency?
Jessi Brooks:
Sure, so I can speak to that. So, there were two other campaigns that were rolled out as part of this large dismantling that Zia and I led along with our law enforcement, so the second one was al-Qaeda, and they were using Telegram, so what was another interesting thing other than cryptocurrency is that in all three of these actions, the terrorist groups were not only relying on cryptocurrency but also relying on social media and new techniques just sort of showing how they were becoming smarter when it comes to using cyber tools.
So, al-Qaeda through Telegram was raising money for really violent causes. I mean, not being shy about what they were asking for money for, you know, pictures of weapons, pictures of military gear, and seeking donations of different cryptocurrency to help support that, and what was sort of upsetting and disturbing about the whole thing was that a lot of the Telegram channels were hiding behind charity names, and so they made it sound like it was charity for individuals that were refugees or people that needed help in Syria, but when in fact, they were really just raising money through cryptocurrency for violent causes, and so through a lot of the same agents and the same sort of inter-agency effort that was similarly completed, all these Telegram channels were tracked including all the different addresses that received cryptocurrency on behalf of these violent causes, so those were seized and sought for forfeiture as well in a separate civil forfeiture complaint, so that’s the second one, and then the third one was an ISIS COVID related case, and so this was less centered around cryptocurrency, although there’s some cryptocurrency involved with it, but this case was similarly devastating in that it was ISIS taking advantage of the COVID outbreak all over the world but particularly targeting the United States creating a website and multiple Facebook accounts that linked you directly to this website that was selling fake PPE, and this website was created pretty soon after COVID started spreading pretty wildly in the United States, and there was very little shame in that they were selling to customers in the United States that had purported to serve hospitals, nursing homes, such things like that, and so through our action, same sort of inter-agency effort and just following the social media campaigns, we were able to seize that website as well as the Facebook accounts.
Laura Shin:
And actually, just to go back and ask, and this may be the case for all of them, but I especially noticed it with the Al Qassam Brigades, you were naming unhosted bitcoin addresses in your complaint meaning ones in which the Al Qassam Brigades were the people who had the control of the private keys, so how do you seize funds from an address like that in which the owner is really just the person who controls the private keys?
Zia Faruqui:
I think there’s a couple different ways we go after unhosted wallets, right, one is that we might be able to use legal tools, like through warrants or through cooperators or someone who could get us recovery seeds or who can get us private keys, you know, we may be able to collect that information ourselves and get that.
In other instances, it’s more treating it like the stolen art model, and so that we, basically, you know, you think about what happens when a famous piece of art is taken out of a museum is that by publicizing that that is something that is illicit, it collapses the resale value of that, so the person who then maybe stole the Mona Lisa that’s worth 100 million dollars, it’s now worth maybe 10 million dollars or 15 million dollars, something much less, but then, not only have you have collapsed the resale value, anyone that’s legitimate that then does business with that, they should be on notice, and so it’s like, well, you know, the museum that then goes and rebuys it or something like that, if they fail to do their due diligence knowing that there is this…in the art world, there’s a stolen art crime index, like people check that first before they purchase it, you know, they could be subject to potential money laundering or other criminal charges, and so the same thing here with cryptocurrency addresses, even for the unhosted wallets, for the ones where the government can’t go and recover it through legal tools, you’ve not only now reduced the value of it because now people know, and like that’s the beauty of the blockchain, right, it’s all public, you don’t have to have this highly sophisticated stolen art crime index, it’s out there for everyone to see, oh my gosh, yeah, this one address is allegedly part of a criminal terrorist scheme, I’m not going to…if someone on local bitcoin sets me up and says, okay, I want to send you and do a currency exchange and then I see what address it’s coming from, like you don’t need to be some big bank with a sophisticated AML program, this is something anyone can do from like the ease of their smartphone, but moreover, cryptocurrency exchanges absolutely are looking at those addresses, and that they’re looking, you know, Chainalysis, Elliptic, TRM, all these other big entities that are doing this sort of analytical work, they’re highlighting those addresses and pushing that out to exchanges so those exchanges know like this is functioning like an OFAC sanctions list.
Laura Shin:
And what happens if they do something like send the money to a mixer, you know, is that something where then the mixer would reject the funds or how does that work?
Zia Faruqui:
I think it depends on the mixer, right, like no different than a cryptocurrency exchange. I mean, you know, there are cryptocurrency exchanges that conduct no KYC, and in fact are avowed in that they want people to come and bring their illicit proceeds there, you know, the Department of Justice has charged a lot of those cases, as I said. We have one here in D.C. that Chris Brown and that team from IRS, Matt Price’s charge involving the Grams Helix case, and so you know one of the allegations in those charges relates to alleged money laundering or when funds come in and not questioning the source of it, so absolutely, I mean, I think in the sanctions context or in other ones, it’s the financial institutions that are the gatekeepers, and so DOJ has gone after them, right, you can’t necessarily get to the individuals because of the volume, but what you can go is to go to the gatekeepers and say, look, financial institutions, and that at the bottom, is what a mixer is, that’s what this recent decision from the D.C. District Court has said in that case, but as well as from all of our other cases, and Vincent has said as well, it’s like when you’re exchanging, you’re a financial institution, you have to do AML work, and if you don’t, you could get prosecuted.
Laura Shin:
And so, now just to go back to the al-Qaeda case, I wanted to ask a little bit more about that Telegram group where you said that they were disguised as charity groups, when people would go into the groups, would they realize kind of what the purpose was of the donations or was that also masked once you were in the group?
Jessi Brooks:
So, a lot of this is spelled out in the civil forfeiture complaint, which is public, but we can’t possibly try and get into the head of everyone that went and visited or even the ones that maybe donated, but at the end of the day, it was pretty clear from the postings when there’s…if it’s called, you know, a charity X, Y, Z, the posting would have a picture of a weapon, and so raise money for purchasing this or raise money for this cause, so we don’t purport to know what every single person was thinking, but at the end of the day, it was pretty clear from these Telegram channels what the purpose was.
Zia Faruqui:
I think dovetailing on that, just really quickly, you know, as a Muslim American, one of the things that there’s always this fear of, oh, if you’re donating to a charity, is this charity one that’s actually doing what it says it’s doing, and frankly, that’s true of everyone, right, like when you donate to any charity, but in particular there have been charged criminal cases of charities in the past that were financing terrorism, and donors are sometimes like, well, oh my god, I had no idea that’s doing it, so I think part of the work that the team did here was so important because there were these charities nominally that were doing that where people may not have known that, right, and I think, again, to the credit of Jessi and the team, there weren’t donors that were charged, right, it was just going after the institution that was collecting the money, but part of, again, like that stolen art model, now people are on notice, like if you Google that charity, do any basic sort of foundational research on it, you’re going to see like, oh my god, not only when I go in the Telegram channel and like look three or four layers down do I see pictures of machine guns, I’ll see that they were named in a government complaint, so I know that this is not like a safe space to donate funds to, and they were highlighting the anonymity and things like that, and so I think that it was apparent, but now it is very apparent of what they were doing.
Laura Shin:
Yeah, that’s something that fascinated me a little bit about when you took over the Al Qassam Brigades website, you know, Al Qassam Brigades could’ve very easily just told people, hey, we’re not in control of that website anymore, and I believe they tried to, so what happened then, why did people still go there and use the site?
Jessi Brooks:
Yeah, that’s so interesting, and I remember we sort of worked through that before it all happened, like what if this happens, is it really worth it, should we just put up a splash page, but at the end of the day, people want to believe what they want to believe on the internet, and we had a website that looked exactly like the old website, and if people wanted to think it was the same thing, great.
What actually happened was that the Al Qassam Brigades tweeted out using the methods of their original campaign financing that their website had been taken over, but at the end of the day, no one really knew if it was the Twitter account that was hacked or the website that had been hacked, and you know people continued to donate, and part of it was maybe some people believed that and some people stopped visiting the website, but we also wanted to sort of show that like the DOJ sort of knows what’s going on here, and when people go visit a terrorist website, we want them to be uncertain whether they’re visiting a terrorist website or the DOJ and maybe hesitate before the donate money because one thing that’s very important to us is that in these terrorist financing cases, when we seize money, we try and direct it towards this victim’s fund that’s for victims of terror, and that’s run by the DOJ, and there’s a few rules about how the money gets in there, but our hope is that at least a big chunk of the money that we forfeited here including from people that were donating to terrorists both when the DOJ ran the website and when it was actually a terrorist website is going to be redirected to victims that have suffered unimaginable crimes from terrorists.
Laura Shin:
And so, I know we already just touched on this very briefly about the facemaskcenter.com, and you know, as you mentioned, the role of cryptocurrency here was fairly tangential, but I still wanted to ask, so exactly how were they using cryptocurrency, and you know I just find it fascinating that they used this crisis with COVID to try to perpetrate this scam?
Zia Faruqui:
Again, that goes right to the ingenuity, they’re always coming up with new ways, and as Jessi said, the website sprung up just days after that COVID crisis started, and so the connection to cryptocurrency is that Zoobia Shahnaz was charged in New York about I think like a year-and-a-half ago and pled guilty, and so she was sending money to the person who’s identified in the forfeiture complaint, and so what she was doing was that she through ISIS was getting stolen PII, you know, people that are stealing their Personal Identifying Information, and credit cards in particular, using those credit cards to buy crypto to launder it, immediately turning around and selling that crypto at exchanges, and then that way having laundered it, so they can say like, oh, if someone asks them where did you get this money from, it’s like, oh, well, I sold a bunch of crypto, right, then law enforcement or banks or virtual currency exchanges aren’t looking one behind that to say, well, where did you buy that from. Oh, it’s from this stolen credit card, and then that money was going to ISIS, and so after Shahnaz gets arrested and pleads guilty about sending money over to the ISIS financier, this immediately springs up, right, it’s almost like a relay race, like they had this one path of using crypto to get stolen PII and buy crypto, and then launder to fiat currency and send to ISIS, that gets shut down, they start up this website, and you would anticipate again on the website they were taking money any which way it could come in, so one would anticipate I think that there are some allegations potentially that they would accept cryptocurrency for the fake PPE, but more importantly, it’s the same scheme, they just want someone to send them their credit card information, send them their PII, they think that they’re going to be buying 1,000 masks, but instead, all they’ve done is given all that identifying information to ISIS and that they would do the same thing, again, use that to buy more crypto laundered again into fiat, and so the goal is not to just make the 50 dollar or 50 thousand dollar sale of the PPE that’s never going to come, it’s to get that information and use that to buy a bunch of crypto, which they see clearly as a way to launder money quickly and efficiently, and then, you know, just get a good exchange even if it’ not like a great rate, but then they’ve laundered it they think effectively.
Laura Shin:
Okay, but I mean, you were saying that that’s their assumption that law enforcement won’t go beyond that one step of looking at where the bitcoin came from, right, but obviously that’s not the case because she was found out.
Zia Faruqui:
Right. Yeah, that’s why she pled…exactly. Exactly. Yeah, yeah, we caught her, but yes, that is the assumption often that…I mean, that’s what money laundering at bottom is, you’re just trying to put a bunch of logical steps in between the illegality at the beginning and where you are at the end and to try to like hide how the money got there, but if the determined law enforcement team of the HSI, IRS, and FBI team, they continue to peek behind what’s behind door one, two, three, four, five, they finally get there, and at the end of the day, they see like, okay, there’s an illicit source, but you know they’re trying to go scattershot and just put up one layer of concealment because that might be enough to get past a KYC check or AML check at a bank or a cryptocurrency exchange.
Laura Shin:
All right, so in a while, we’re going to talk about some cases involving North Korea, but first a quick word from the sponsors who make this show possible.
Crypto.com Crypto.com – the crypto super app that lets you buy, earn and spend crypto – all in one place. Earn up to 8.5% per year on your BTC. Download the Crypto.com app now to see the interest rates you could be earning on BTC and more than 20 other coins. Once on the app, you can apply for the Crypto.com metal card which pays you up to 8% cashback instantly on all purchases. Reserve yours now on the Crypto.com app.Laura Shin:
Back to my conversation with Zia and Jessi. So, you also prosecuted a case involving the North Korea affiliated group Lazarus, and that involved 250 million dollars-worth of cryptocurrency, how were they able to amass such a large haul?
Zia Faruqui:
Yeah. No, I mean, it’s fascinating to look in the complaint, and again, it really details out, so we can’t show it here, but I encourage people to go check it out, the press release has a copy of the very detailed charts that the IRS Special Agent Chris Janczewski drew up, but it shows…
Laura Shin:
Yeah, I was impressed by the charts.
Zia Faruqui:
Well, I can’t tell you how happy he is now that he heard you say that because nothing makes him happier than that. He recently told his wife that he was really excited someone had talked about how great his charts were, and she was extremely unimpressed, and he said that she just doesn’t understand him or get him, but you do, so it’s great, and we do, as well, but yes, you know, so that hack, it was a hack, right, and it was really interesting it happened after a previous hack that’s allegedly attributed North Korea is that they went to a cryptocurrency exchange and said, hey, you know, we have a bunch of whale clients, they have a ton of money they want to come invest it with your exchange, we’re just worried about these hackers out there, and so we have an attached questionnaire to this email that’s going to review your OPSEC and things like that and make sure that, yeah, yeah, that you are in fact secure and compliant, and so in many ways, they fail the test, right, one because they clicked on the attachment, and two because then when the attachment was there it had a bunch of malware, and so the complaint details how the language and the script language that’s used is consistent with how North Korean hackers have operated, and that there were other things within the complaint where like their VPNs were able to be penetrated by law enforcement and things like that where they were able to attribute it to North Korea, but it’s just, again, that sloppiness, it takes just one bad mistake by someone in the security team or in the client kind of relation team at a cryptocurrency exchange that they were able to do a complete takeover and get to not only the hot wallets but also get to some of the cold storage funds, which normally you would think shouldn’t be able to happen, but they just totally took over the system, and so from one exchange, right, one bank heist.
My favorite New Yorker cartoon that we use in all of our presentations, there’s a guy who goes in to rob a bank, and the guy who’s giving the money, goes, you know, you can do this all online now, right, and so instead of one bank robbery where there’s the risk of violence and there’s like security there, this is from the safety of the North Korean’s house or whatever they’re sitting in, they’re able to steal 280 million dollars in one fell swoop, and then you see in other hacks, and it’s described in the complaint, in the second related complaint, is that like they are out there just spearfishing all day everyday looking for people who are well known in the crypto world to either assume their identities or to go after those people to take over their identities, again with the goal of hacking exchanges or getting access to exchanges where they can get that kind of money.
Laura Shin:
Yeah, in general, their techniques just seemed so…like basic isn’t the word because it sounds unsophisticated on their part, but what I mean is it’s not something where you need to know coding or have any kind of fancy computer programming knowledge, it’s literally just trading on people’s gullibility. Yeah, and so earlier though you said something about how it was in align with other North Korean, I didn’t understand that, like what was it about previous North Korean hacking behavior that lined up?
Zia Faruqui:
So, we looked at the actual malware, we got a copy of that from the victim, and when examining that malware, the way that the scripts were written in it that allowed them to take over was consistent with other hacks that have been documented with North Korea. So, we used a couple of different things, like we used, as I said, the penetration of the VPN, and the language, and the scripts, and all these things, like they don’t say at the end of the day, it’s us North Korea, but like the language that was used and the scripts. Additionally, there was a couple of things where we looked at some of the other information that they were researching, and some of the things were researching things about the North Korean military, so it’s possible, right, it could be someone in Kansas who just happens to use the same script language and uses a VPN that traces back to a North Korean cell tower and also researches a lot of information about the North Korean government military, but more likely, right, like that’s reflective of the fact that it is in fact North Korean actors.
Laura Shin:
All right, and one other thing was that some of the money was these strange coins, like Proton Token, and Olive, and Bethereum. I’ve literally never even heard of these, so why would they do that?
Zia Faruqui:
Yeah, I mean, in the most recent complaint, you know, there was ALGO tokens, there was all sorts of different coins, and one of the things that Chris talked about in the complaint is the chain hopping that occurs, and that they’re trying to move from one chain to another. It’s I think no different than when someone steals money from a bank, they might try to exchange it into euros, and then from euros into yen, and then renminbi, and back to dollars because they think, again, they’re off us getting the trail, and to some extent, they are, right, like we can subpoena…well, DOJ can subpoena the US banks and things like that to get that information, but it’s much more challenging to get it from foreign banks or things like that, and so I think what Chris talks about in that most recent complaint is that part of what chain hopping has done is to try to break the public blockchain ledgers and try to divorce things out, so you can’t see where things are moving from one currency to another, and so they might use a really rare currency, and remember, they’re willing to take pennies on the dollar, like the reason that you, I, and Jessi won’t deal in these coins is because like they may not have the availability or like people may not be interested in them or you might get a lot less bang for your buck, but when you have 280 million dollars, like you’re happy to get 50% yield rate, that is a bank heist that is unprecedented, right, if you get 10%, it’s huge, and so not only does it obfuscate what you’re doing, you know, it may be an easier way to find some people who are willing to sell it, but what’s interesting is that Chris draws back in that complaint is that they always come back to bitcoin, right, like because no one has heard of these coins, and at the end of the day, they do need to get to fiat, so like they may go through all this chain hopping, and then they circle back to bitcoin, and that’s where Chris and the IRS team and Bill and the HSI team, and Kyle and the FBI team, they’re able to really leverage all of their expertise in the known bitcoin to then figure out like, wait a minute, we can…going back to that example, let’s go back three, four, more to see where did this coin I’ve never heard from, well, how did that coin get funded.
Laura Shin:
And so, talk about that a little bit more like why it is that they always come back to bitcoin, like you started to say it but just flesh it out for people because, I mean, you know, it’s also the blockchain that has often led prosecutors like you to the criminals, so why would they do that?
Zia Faruqui:
You know, this is the question Jessi and I talked when I was a prosecutor about like our practice in the fiat side of like terrorism financing and North Korean sanctions violations, all we would say is like because North Korea was allegedly buying this thing in US dollars, they’re subject to these punitive criminal penalties, we’ve seized all their money, and they always say like, you know, someone raises their hand like why don’t they just use like Chinese yen or euros, and the answer always is like, yeah, they should’ve, and if they did, we wouldn’t have had a case, and there’s always people like, oh my god, well, they’ll just stop using US dollar because if you keep prosecuting this, it will drive them to other currencies that people feel like that they can get away with whatever they want to, but you know that just never happened, and the same thing with bitcoin is that you can buy a Tesla with bitcoin, you can buy Subway with bitcoin, you can’t buy them with those other coins that no one has heard of, and so as they still chain hop to obfuscate, at the end of the day, they need to get this into fiat currency.
That is still the choke point where law enforcement will come in and where cryptocurrency exchanges really can be very robust in their KYC, and the same thing is true for law enforcement is that they are waiting and they see when they come back to bitcoin because they want to buy things or because they want to get a better return rate or because people are like too sketched out, they’re like, well, I never heard of this coin, and like you have no trading history on like one of these exchanges, and so like, no way, I’m not going to deal with this, it’s too suspicious, but if someone who has no trading history, has never done anything, but it’s on bitcoin, which is well known and trusted, and they’re like, well, I’m willing to do that because everything is public, and so like I feel safer, and so I think for all those reasons, they always come back to bitcoin.
Jessi Brooks:
And I think just to hop off that, something that Zia and I have talked about a lot is that criminals don’t want to lose their money either, right, and they want to rely on institutions or coins that are a little bit more stable, and so, at the end of the day, even though criminals might work in these other coins we may not have heard of, they want to get back to bitcoin so they can feel solid in whatever they have there.
Laura Shin:
And so, once they do have the bitcoin, you know, as we mentioned, law enforcement is often notifying exchanges of coins or addresses that are associated with criminal activity, but how are they attempting to cash out, like how easy is it for them to do so when they have these stolen funds?
Jessi Brooks:
There’s a lot of different ways and a lot of different techniques that they use. Something that the DOJ frequently looks at is unlicensed money service businesses, so those are people that are buying and selling funds, whether they be cryptocurrency or otherwise without correct licensing from the US Government, from FinCEN, and so how that works in the crypto world is that there are these people that sort of take advantage of what Zia was talking about is that criminals frequently just want to get pennies on the dollar, and so they do these transactions where each person that’s running this business is taking a little bit and a little bit more, and so they’re hopping through these exchanges or hopping through these coins with the help of these unlicensed money service businesses, and that’s one way that we’re able to track it is that there are some people or organizations or businesses that are run by a few people that are doing a lot of this business for criminals.
Zia Faruqui:
Yeah, I think one thing that’s also interesting like to your question of like how difficult is it, like it seems like it is, right, and the goal of work of like what Jessi’s doing is to make it more difficult, right, you’re never going to make it impossible, but you just want to make it more difficult, and I think that North Korea complaint, the one that you talked about, highlights that, so after the complaint drops on like a Tuesday, within 48 hours, there’s an amended complaint, and like so why did that happen, and if you look at the document, it goes into it.
What happened is that there were unhosted addresses that had sat for over 14 months with no activity, the complaint drops, and immediately, they start going franticly trying to cash those out in which caused then the government to go immediately within 48 hours and amend their complaint saying like, hey, here are all of these other addresses, here’s where they moved to, and that’s no different than like Jessi’s experience or mine from like street level drug crime, right, like when they hear the cops knocking on the door, everyone is flushing everything down the toilet, throwing things out the window, or just trying to get rid of it, right, everything has got to go, fire sale, and that’s exactly what they were doing in this case is the North Koreans see right after the complaint comes out, oh my god, this stuff is really hot, we’ve got to get rid of it, and they’re just trying to push as much out as quickly as they can before the exchanges or someone catches up or the government, and there, you know, it was within a matter of 48 hours, all those addresses are then identified, sent back to the one or two exchanges, I mean, it was largely two exchanges that are referenced there, and you know the government tells them like, hey, these are still those same people, you know, I think Chainalysis, at the same time did a report where they talked about some of the new addresses that were coming out and warning people like, hey, here’s where they’re moving to now.
That’s what’s incredible about like the blockchain, right, like if someone stole 150 million dollars from a traditional bank, right, and they took that money in there, there is nothing the public at large could do, but after a bunch of these hacks, you had people who are watching the blockchain, and they say like, hey, we’re watching this happen right now live, right, like it is happening right now, and they’re publicly broadcasting that information, so it is why cryptocurrency in many ways is a much worse vehicle for laundering money because it’s not just reliant on Jessi and her team, you can have people who are sitting at home and watching this stuff, and Jessi’s able to outsource. Instead of her just having her four agents, now she has thousands of agents. It’s all the people listening to this podcast who are like, yeah, this seems weird, I saw this weird thing on the blockchain, and then they tweet about it.
Laura Shin:
Yeah. Yeah, I have definitely seen online forums where people are watching stuff on the blockchain and then commenting on movements in real-time. One other thing that I found fascinating about this case was that the North Korean hackers were also using stolen identities to try to cash out, how were they trying to do that and where did they get those identities?
Zia Faruqui:
Yes, you know, again, to Jessi’s point, right, like she described how Al Qassam evolved from a kind of basic to getting more and more sophisticated, and the same thing with the North Koreans, right, on the first complaint there are pictures in it of people, you know, some exchanges want you to hold up KYC with a picture right next to your face and that the agents were able to show like if you looked at the t-shirt and like the body, it was the same body with just a different face superimposed, and they were able to identify who those were, and so that’s pretty basic, right, and that you see in the most recent forfeiture complaint that Jessi and we did with our partners over Alden and Jessica Peck at DOJ that they started stealing people’s PII, right, because that’s way more valuable, because that will pass some of the KYC filters that were picked up and was like, oh, this is an edited PDF, like it’s the same t-shirt, forget about it, that is genuine, and so where they get it from, I mean, the complaints just reference generally that the United Nations has referenced in their Panel of Expert reports is that North Korea is known to hack exchanges, there’s no reason to think when they’re hacking exchange, they’re just stealing the money, right, there’s also something of great value there just like with that ISIS campaign, the PII is just as valuable sometimes as much as the money, and so they’re going and stealing data in addition to stealing money, and you know those complaints highlight that they’re using those for nefarious things, and I think it also highlights to cryptocurrency exchanges that like you can’t just do the basic KYC and say like this is a real license, like you need to say like do some follow-up questions or talk to the person. You know, people do like Skype and Zoom chats now where they’re talking to the person, and it’s not just like a photo, a selfie like so they can see because that is much harder to fake and get past AML control, so I think the industry will have to continue to catch up as law enforcement notes like your previous AML threshold, your basement, that’s not enough now, it needs to get raised.
Laura Shin:
Yeah, and I just realized we’ve been saying PII, and I don’t remember if we told people what that stands for, it’s personally identifiable information. So, one other thing that I wanted to ask about was, and you’ve mentioned it multiple times during the episode, but you were coordinating a bunch of different government agencies and often working with teams actually in other countries, as well, so how do you make that happen, you know, how do you figure out what are all the different agencies that need to be involved or which other foreign partners you need, and how do you get in touch, and also how do you just make so many people across different government agencies as well as jurisdictions come together to prosecute these cases?
Jessi Brooks:
Well, I’ll just start with that, I mean, it’s all about finding the right people, and as a prosecutor, your job is not necessarily to know every single detail of cryptocurrency or to know all the technical side of virtual currency exchanges, but your job is to make sure that you are working with the right people and that you’re using different agencies for what they’re best at, and understanding that some people have strengths in some ways and other agencies have strengths in other ways, and at the end of the day, and how I look at it, and I know how Zia looks at it, is like we’re all on the same team, you know, we just want to ensure that terrorists don’t get money, we want to make sure that the cryptocurrency and virtual currency exchanges are not abused so that terrorists and other bad actors can get money, and so if you go into every meeting and every email with that mindset, everyone’s going to want to work with you, and everyone’s going to want to accomplish that goal because that’s why we’re civil servants and that’s why we’re going to work every day, and so at the end of the day, Zia and Chris put together an amazing team, a Strikeforce that I was lucky enough to be a part of, and you know I will brag about Zia and Chris all day and tell you how lucky I am to work with them, but from there, we’ve been able to find people at a bunch of different agencies including HSI, Bill Capra, Ryan Landers, and FBI Kyle Armstrong, and also just people at the DOJ that really have the same goal that we do and try to avoid bureaucracy as much as we can in order to accomplish this goal.
Zia Faruqui:
Yeah. No, one of the things that sad about leaving is that I really enjoyed getting to have the opportunity to meet with people, so you know we went to South Korea on the darknet child pornography case, and it’s just really exciting to meet people from totally different backgrounds, who are similarly motivated to like how can you try to make the world a better place, right, like it is cheesy, but it’s true, like public servants I think in those roles, it crosses all boundaries and backgrounds, and so like it may be something that you figure out late night over karaoke while talking to a prosecutor or a police officer in Korea, you know, we have partners from Germany and from the UK, and you know even here in the US, like in the most recent action, it highlighted that there was aa partnership with the United States Cyber Comm and the Department of Defense, and so I think what’s so different and unique about the job that Jessi has that I used to work on is that like you are the kind of center of that, like you’re just trying to find all the right players to put on the right pieces on the chessboard to advance the mission, and that it’s really fun to find those people because once you do, it is organic, you can’t just say like it’s one formula, but once it happens, you go back to those people, and they’re just always willing to make sacrifices in their personal life and their work life, they just want to get things across the finish line, and they’re so motivated that it inspires you to work harder, as well.
Laura Shin:
Yeah, and actually, we didn’t really discuss it very much, I just mentioned it briefly about the Welcome to Video, which was I think one of your first cases, if not the first involving cryptocurrency, but actually why don’t you just talk a little bit more about how you guys were able to prosecute that given that the person running that site was in a foreign country?
Zia Faruqui:
Sure. Yeah, and I mean, that’s a good example of one where we leveraged both criminal and civil tools because we wanted to criminally prosecute because we did think there was a person that we could get into the United States and do that, and so you know, again, that’s the team at IRS, and then the Homeland Security agents out in Colorado Springs were working together. You know, to Jessi’s point, it’s about relationships, you know, we had a great relationship with the Korean National Police from a lot of the North Korea work that we did, and so we told them like, hey, you know, the IRS team after they did this great work in taking down AlphaBay with some of their other law enforcement partners were kind of like what’s next, and so you know very flippantly I remember having a conversation between one of the kind of people in our office who worked on all these cases, Ari Redbord, and myself, we were like, you know, what about child pornography, and Ari has a ton of experience in this, and so the IRS team came back, Chris Janczewski, like two weeks later and was like, yeah, I haven’t left my house in two weeks, I found the largest darknet child pornography site, and we should take it down, and I remember I was just like, wait, what are you talking about, and he’s like you told me to find a child pornography site because you said that’s like the next big thing we should do, and I was like, yeah, I mean, I wasn’t serious, but okay, I guess that’s just…you know, be careful what you ask for, and so we quickly assembled a team. Again, like the same thing Jessi was talking about like you just got to get good people and find them, and so Lyndsay Suttenberg was an expert in our office on child sex offense crime, Yuli Li was an expert on cybercrime, you know, we had the investigators, Kim Reese, out in Colorado, and Tom Tanzi, and as well as Chris, and then we just got on a plane, and we went to Korea, and we said, you know, we have law enforcement partners there at HSI, who had built relationships with the Korean police, and they said like, here’s what this darknet investigation is, and they’d never really done a big darknet investigation, but like everyone else, they’re like, oh my god…I mean, I don’t want to get into details, it’s very disturbing, but this is mostly infant and toddlers who are being victimized, and so when people hear that, everyone, right, almost everyone is just like, how can I help, what do I need to do, tell me what I need to do, I want to do this, and so you know we had partners from the UK and Germany as well who came along, and particularly UK, that they were tracking on this, and so we went and kind of briefed them on the case, came back pretty shortly thereafter and did a takedown where there was a full like Korean police went, they did a search warrant, kicked down the door, found the alleged administrator of the site on the site logged on, which is always the key, you know, they had done a lot of things to try to protect his safety because there actually have been some customers that had committed suicide previously after they had been discovered, and so they were very careful of that, and you know the US law enforcement was watching via remote to see what was happening while they were in Korea, and then, you know, immediately getting a forensic copy of the server, you know, we did a search warrant, which you can do if the property is at a US Embassy, and so we’re in the space there, and then just reconstituting the server there while we’re there in Korea and starting to build up lead packages for the hundreds of customers who are on this site, and from that, like this is why this is important, is we found a new site, and then we prosecuted the administrator of that called Dark Scandals, which was a site that showed not only child pornography but also videos of adults being raped, all women being raped on it and being videotaped and getting paid in Ethereum and bitcoin, so again, because we found one customer’s site, we then saw like where else is he sending money to these people, typically, this is not a limited habit, and from that, we found this other site, and you know it led to spinoff investigations. There were 25 children that were rescued from actively being abused because the IRS agent followed the money, right, like because of the blockchain, he could follow the money, the HSI agents could go and exploit all of that data with their partners from Exogen, a private company that they worked with and Chainalysis, from that there are 25 kids today that are not being victimized, and like there’s no better feeling in the world than that like saying like, you know, what is a concrete thing that you can show that your work did. Well, here’s what HSI and IRS’ work did is that they saved these kids and there are 300 potential pedophiles who are not on the street because of them.
Laura Shin:
That’s great. That’s amazing work. I also did an interview about that with Jonathan Levin of Chainalysis right when the news came out, and I will link to that in the show notes. So, how are you seeing the use of cryptocurrencies by criminals evolve over time?
Zia Faruqui:
Yeah, I mean, I think, I’ll hand it off to Jessi. I mean, one thing is, again, not as a prosecutor speaking just to my formal role, we never really looked as much to policy and things like that, we were more like here’s the case in front of us, we’d talk about what we see there, but I think that we can give examples of what we saw, right, so like I’ll let Jessi talk about the terror finance campaigns, but I can talk very briefly on North Korea.
So, we saw that they started…I mean, again, I mean, you don’t want to say it’s basic because obviously the yield is so large, but it’s a bit basic. I mean, if I saw North Korea, I would tell them they’re basic, and you know that it is slowly getting to maybe it’s not that advanced yet, but every day, there’s steps forward because of Jessi and her team, and the work that they’re doing, and so you saw the evolution from no KYC to very badly edited KYC that was faked, to stolen PI, to who knows what’s next, and so I think that’s just one example of evolution. I’m sure Jessi from the terror campaigns maybe have some other examples.
Jessi Brooks:
Sure, and I mentioned this briefly before, but like the fact that the Al Qassam Brigades jumped from a static to a dynamic address generator, which is not easy technology to create on a website, particularly that big of a technological jump, shows that they learned something or they got some more information, and then you can just sort of watch.
You know, I can’t talk about really open cases, but you can see how criminals are starting to maybe just not direct deposit into the next address that they want to use but using mixers, using tumblers, but also just jumping through a bunch of intermediary addresses, and learning how to explain that process to the court is something that we are developing, as well, on our side because as the terrorists learn, DOJ learns, and virtual exchanges learn, we’re all sort of learning together, and we have to figure out ways to teach the court, as well, that these new technologies are developing and that they’re being used in improper ways.
Laura Shin:
And are you also finding that they’re turning more to privacy coins?
Zia Faruqui:
Yeah, I mean, there’s always the fear there, right.
Jessi Brooks:
Yeah.
Zia Faruqui:
You know, I think that’s hard to say, right. That’s in part why the privacy coins have their appeal, but I think kind of like we talked about earlier, even when they go to that, they still end up coming back to bitcoin because they need to cash out, like they’re not trying to just build up like a federal reserve, they need to spend money to buy things, right, and so to the extent that privacy coins become more widely used, and I think, sure, they’re going to continue to turn to that, but as long as bitcoin and Ethereum dominate and people are just using that, I think, you know, again, they still have to find someone, right, like to engage in transactions either to exchange with them or to buy the thing they want, and people are nervous. I mean, you know, there’s obviously like some of the software platforms, some of the big exchanges, they won’t bank privacy coins, and so I think that’s no different than some big traditional banks will say like, okay, like I’ll take in yen, renminbi, US dollar, and euro, but I’m not taking in like X, Y, and Z currency from another country because like I just think it’s not reliable, it’s not safe, like it’s outside of my risk appetite, and so there’s still a lot of that, I think.
Jessi Brooks:
And just to jump off that, I mean, at the end of the day, what we’re seeing criminals do is as cryptocurrency sort of expands and people know what it is more, they’re able to target more people as victims or as supporters, so maybe 10 years ago if Al Qassam Brigades said, hey supporters, send me bitcoin, there wouldn’t have been that many people who knew how to do that or really understood what bitcoin was. Now, they can say, hey supporters all over the world, send me bitcoin or if you think about the Twitter hack like, hey, let me just hack all these accounts and ask people to send us bitcoin, 10 years ago that wouldn’t have been possible, so they’re developing in that the rest of the world is catching up and understanding what cryptocurrency is and also that can be a bigger way to hack into people’s accounts and make sure that people are unbeknownst when they donate to these groups.
Laura Shin:
One thing I also wanted to ask about is this new trend with DeFi, which is obviously really taking off, and some people are saying that decentralized exchanges could serve as mixers and make it easier for criminals and hackers to cash out, what is your take on that and whether or not how do you think it is that the rise of DeFi could affect your ability to do this work?
Zia Faruqui:
I think, yeah, just going back to the kind of previous ones like, you know, we are limited in talking about like the cases we have seen and like what we’ve prosecuted, and so kind of predicting what will happen in the future, that’s more like the people at Treasury and Policy kind of folks, like I think they can really speak to that. Obviously, there’s a ton of stuff right now in DeFi, and it’s just so popular, so you know when anything like this happens, right, like eventually, criminals try to find a way to leverage that, and so I’m sure your next podcast episode with Jessi will be about a DeFi money laundering and whether or not they act as a mixing service, but I don’t think I have anything of value to add. I don’t know, Jessi, anything other than that?
Jessi Brooks:
Yeah, I just think that sort of what Zia’s saying like the regulations and the laws need to catch up to this, as well, like as new services and technologies are created, we need to figure out how they fit within the current regulations and whether or new ones need to be made, and that’s definitely a separate side of the government than us, but you know we’re here to sort of watch and enforce as needed.
Laura Shin:
And I also just wanted to ask, you know, there was a couple points in the discussion where one of you was saying that turning to cryptocurrency is a bad idea for a criminal because it makes it easier for people like you to do your jobs, but in general, you know, as we’re seeing the rise of crimes using cryptocurrency, obviously, there’s this whole trend with the ransomware, but you know then we’ve got these big state actors like North Korea turning to cryptocurrency, what in general would you say is the relationship between cryptocurrency and crime, you know, I feel like one other thing I wanted to mention is that early on in cryptocurrency, the narrative around it was that it was criminal money, and clearly now that’s not really the narrative I would say, you know, we have all these big institutions that are getting in on it, but I just wondered, you know, I really do think we’re obviously still seeing that criminals do enjoy it, so I wondered what your take was on that relationship?
Jessi Brooks:
I guess my sense is that there’s still a false sense of security there. Not everyone fully understands cryptocurrency or realizes that they can’t hide behind a coin, at the end of the day, and I think that that information has just not spread as widely as people in the world like we are understand it, and so although we definitely moved past this whole like criminals are the only ones using cryptocurrency, I think that’s definitely true. I think that a lot of people are turning to it in order to be able to hide behind their current coins, but at the end of the day, criminals are still using fiat currency, too, they’re just finding and shifting and moving and taking turns in order to be able to try different ways and see what sticks.
Zia Faruqui:
Yeah, I think one thing, you know, that’s fascinating for Jessi and I, there used to be this thing where you would get in this machine and go to another country, it was called like International Travel, I don’t know, it’s really hard to remember now, but we’ve given presentations on cryptocurrency, and it’s amazing particularly when you’re meeting people very sophisticated just don’t understand cryptocurrency when they see Jessi with her DOJ insignia, they’re like, why not…I mean, we literally had people say like why doesn’t the US government just turn off, like isn’t this all criminals, like people don’t understand that like, A, that’s not something that’s possible, and B, my answer to them is always like, you know, people have been committing crime with traditional fiat money for a long time, and no one says to ban that, so like there’s like this huge psychic disconnect that I just don’t get, I’m like, okay, great, like someone uses money to do something bad, no one’s talking about banning unhosted wallets in fiat, that’s called cash, right, like that’s what cash in between someone’s bed is, it’s an unhosted wallet, right, and criminals do that all the time. Jessi and I could tell you stories from when we had narcotics cases where you’d find 200 thousand dollars someone’s hidden in the floorboards of their floor. I had a case with that once where it happened, right, and so like no one’s like, well, we should ban cash, and so it’s a false narrative, and it’s a question I think, that I hope, like if not years, if not months, and days from now, people will just stop asking like how much of crypto is criminals, like that’s not the point, right, crypto is here, people just need to learn to accept that, and it sounds like, as you point out, big banks are starting to get that, too, right, it’s just not exchanges anymore, and that like the problem isn’t crypto, the problem is criminals, and so like criminals will commit crime with or without crypto, the question is how can we as a society say like, oh, is this something that should or shouldn’t be regulated. I think that goes to Jessi’s point. I was like DOJ is trying to find ways to follow up, you know, and I think they’re defense lawyers are doing a fabulous job at trying to say like, wait a minute, DOJ, you’re going too far, like this is not within that…you’re using a regulatory framework for like Western Union sending money, and that doesn’t apply necessarily to someone just exchanging from one currency to another, and so there is this big, open area right now for the law to get fleshed out, but that does not speak to the goodness or badness of cryptocurrency, it’s here to stay and people just need to learn to live with it.
Laura Shin:
I think especially my more libertarian minded listeners might really like your answer to that question, but in general, probably my whole audience will because it’s pretty levelheaded and it makes a lot of sense. All right, well, it’s been so great having you both on the show. Where can people learn more about each of you and your work?
Zia Faruqui:
Well, I think, Jessi and I, you can reach out to us on LinkedIn, I think that’s one thing we keep both. I guess, some of the profiles in general, but Jessi’s got a bunch of big cases, you can see I think DOJ press releases. I don’t know what else, Jessi?
Jessi Brooks:
Yeah, I think press releases are probably the main way or LinkedIn. I mean, at the end of the day, as government workers, we’re part of a big team, so every like success or prosecution or forfeiture that we have is the result of lots of people both named and unnamed, so you know there’s not any other way, I guess, to sort of track our activity other than that, but we want to thank you for having us here and also thank everyone that helped us accomplish this, and we hope to continue down this path.
Laura Shin:
Yeah, great. I mean, one other comment only because you guys did name a bunch of your other collaborators throughout the show, so hopefully, they will appreciate that.
All right, well, thanks, again, and it was so great having you.
Jessi Brooks:
Thank you so much.
Zia Faruqui:
Thank you.
Laura Shin:
Thanks so much for joining us today. To learn more about Zia, Jessi, and the DOJ Strikeforce, check out the show notes for this episode. Don’t forget you can now watch video recordings of the shows on the Unchained YouTube channel, go to youtube.com/c/unchained podcast and subscribe today. Unchained is produced by me, Laura Shin, with help from Anthony Yoon, Daniel Nuss, Bossi Baker, Shashank Venkat, and the team at CLK Transcription. Thanks for listening.