The past weekend was dominated by news of the WannaCry cyber attack, which hit more than 200,000 individual machines with a now-familiar message: send bitcoins to a specified online address, or lose your most important information to irreversible encryption. Universities, government agencies, and particularly hospitals were hit in more than 150 countries, causing a mild panic and yet another backlash against the NSA. Now, it’s been revealed that the bitcoin “wallet” used to receive WannaCry’s ill-gotten digital gains has raised only a bit more than $69,000. All the money is still waiting to be withdrawn and, we’ll see below, there’s at least a chance it never will be.
A reminder: Updating Windows with the latest security patch can successfully inoculate any computer that has not already been infected. In part driven by the severity of the attack, the world’s most sensitive networks have adapted and new instances of the attack slowed over the weekend and into Monday.
As with everything on the blockchain, bitcoin wallets are transparent and openly visible, which is how it’s known precisely how much money the attackers have managed to collect. There are currently three actively watched wallets: Wallet 1, Wallet 2, Wallet 3. Below, the handy Twitter account Ransom Tracker by Google engineer Michele Spagnuolo collates this into a single, easy-to-follow total in U.S. dollars.
Just getting the bitcoin in the wallets, however, is only half the battle. It’s not the easiest thing in the world, to get money from a bitcoin wallet that is known to contain criminal cash. Exchanges like BitStamp and the now-defunct Mt. Gox require non-trivial amounts of personal information to do business, which usually makes them a non-option for money laundering in a case the criminal expects may eventually come under active investigation. Bitcoin ATMs have similar problems, along with low maximum withdrawal limits, and they’re generally close to surveillance cameras, as well.
Much better is a personal transfer of bitcoin between individuals. The idea here is that a buyer shows up with an amount in cash, cash they had no trouble acquiring because their money isn’t all tied up in bitcoin, and they hand this cash to the bitcoin seller. The criminal then transfers a greater overall amount of value to the buyer, in bitcoins, to cover the laundering fee. The buyer is taking a risk, however, since bitcoins can be tracked through transactions, and they are now taking some of the heat on themselves. This is fairly trivial if you’re laundering a few thousand dollars per month in Silk Road profits, much more difficult when there’s a global manhunt.
That’s why it’s generally not a good idea to call attention to yourself until after you’ve already transferred the crime-coins to a bunch of unsuspecting patsies. Basically, getting away with bitcoin murder involves getting as far from the crime as possible, as quickly as possible, keeping a low profile and avoiding national headlines.
Thus, many wonder just how the WannaCry hackers plan to actually collect on their scheme. ABC business commentator Patrick Gray noted on twitter that by attacking certain forms of infrastructure, particularly hospitals and telecommunications companies, they had attacked “critical infrastructure.” That’s the point at which the “SIGINT” world of agencies like the U.S. NSA and DIA, and Britain’s GCHQ, are allowed to get involved.
As the Dread Pirate Roberts learned of the alleged anonymity of the Tor Network, federal attention is the point at which technological security quite simply stops working.