Monitor the transactions, collect evidence, get warrants, seize things, collect evidence, get arrest warrants, etc.
if someone is dumb enough to register with a real name, the amount of time needed to coordinate it can be reduced.
like with the 911S5 botnet, they got evidence over the years to build a case to arrest them.
if it's a large group of people, it may take time or a turncoat to slowly gain evidence on the other parties.
seizure of assets in those countries required the police and courts in those countries to have probable cause that yeah it was definitely related to the crime and necessitated seizure in a coordinated fashion. This is similar to the coordinated quiet takeover of a darkweb market, or the coordinated spooky takedown of another, to scare criminals onto the bugged one.
Or maybe they don't. Usually, governemnt agencies outsource to private companies to do the tracking. And big companies like chainalysis admit they can't do much about monero or wasabi. Usually, when people get caught it's because the criminal was being stupid rather than the government being smart.
Doing crime on a system with a perfect immutable record doesn’t seem like a smart play to me.
As noted above the firms like chainalysis will continue to uncover and attribute all of the nodes in the graph. If you are taking 100s of thousands or more through fraud the incentives are aligned to see your crimes prosecuted.
They aren't beyond the reach of the law, it's just logistically hard. Imagine getting the cops to bother investigating your stolen laptop or something. Now multiply that by an international multi-agency investigation spanning 10,000 miles.
The ability to make large anonymous digital transactions do make corruption and tax evasion easier to get away with. As for sanctions, I imagine they can mostly be enforced by looking at the flow of goods. The money transfers can't be traced, but the weapon shipments can be.
If this case was still active, the staff would probably be involved in monitoring the banking system for the serial numbers of the bills given to the hijacker, as well as going over any seizures that included hard currency (for example: drug busts and civil forfeitures across the country; not a small task).
Theoretically, the job could be done by a single python script with a direct line to some central currency database fed by all banks and local law enforcement but with government, everything is more complicated.
Just saying in the article that's what they're being legally charged for, and that already comes with hefty maximum sentences.
They are clearly associated with the hack, but that can be tacked on after further investigation and cross-examination. The money laundering is an easier opening target.
The problem is less related to typical petty crime, but more about state actors hoarding vulnerabilities imo. State actors have already been shown exploiting JavaScript-related vulnerabilities in Tor to deanonymize pedophiles, for example.
Each time I read about this I'm a bit underwhelmed by the number of arrests. Tens of thousands of users, presumably almost all of them criminals, and only 600 arrests? That's a very leaky sieve.
In general, it makes sense to assume that stuff which irrespective of competence would require large amounts of resources, access to intercepts or the ability to flagrantly breach local laws without anyone stepping in might have state involvement, especially if there's an obvious motive for the state to target that person/organization.
Not convinced that guessing private keys of anonymous randoms for a few million in assets of limited fungibility falls into that category. I'm not sure it's a question of competence in this case so much as why would a state be the ones tackling these accounts, when a lone criminal with relevant knowledge of cryptography would have the ability and a lot more motivation to do it?
Like a lot of conspiracy theory, there's a core of truth. All you have to do is ask the question "is this system going to be allowed to be used for crime on a huge scale", receive the obvious answer "no", and infer that there will be some control built into the system.
Where it leaps into conspiracy is the question of when and whom this will be used against. But it's fairly obvious that measures will be taken against drug sellers, sex workers, banned political parties and so on.
reply