Darknet Diaries - 131: Welcome to Video
Episode Date: December 27, 2022Andy Greenberg (https://twitter.com/a_greenberg) brings us a gut wrenching story of how criminal investigators used bitcoin tracing techniques to try to find out who was at the center of a ch...ild sexual abuse darkweb website.This story is part of Andy’s new book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency”. An affiliate link to the book on Amazon is here: https://amzn.to/3VkjSh7.SponsorsSupport for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Transcript
Discussion (0)
Did I ever tell you the story about how Bitcoin sort of changed my life?
Okay, it started in 2014.
My friends were getting into Bitcoin.
I saw them playing around with it and I wanted to learn about this.
So I decided to buy one Bitcoin.
The price then was $600.
I felt stupid spending that much money on it.
But what fascinated me was the trading aspect.
The Bitcoin market is open 24-7-365, unlike the stock market.
And I made a little PHP script that would trade Bitcoin after certain indicators were seen,
swapping it back and forth between US dollars and Bitcoin. I thought with Bitcoin fluctuating
wildly, maybe there was a way to spot some sort of indicator and jump in when it's going up and
jump out when it's going down.
But no, that did not work well. My bot would make some good trades, but with the fees and a few bad trades, it all went back to where I started. So I turned off the bot and left it alone, still holding
one Bitcoin. Well, fast forward to 2017, I was just starting this podcast. And I was feeling really burnt out at work and was ready to quit and just like work on the show or something.
But the show wasn't making any money.
And I looked and I still had my one Bitcoin from years ago.
But the price now was $18,000.
So I decided to sell that Bitcoin.
It wasn't easy though.
I had to spend weeks wrestling it out of an old wallet that I had that wasn't very good and get it over to an exchange. But I finally did sell it.
And that gave me the freedom to quit my job and spend the next few months focusing exclusively
on making Darknet Diaries. And just when that money was starting to run low is when I got my
first sponsor, barely making it through
the dip. So I do have a special fondness for Bitcoin. And now you know, if it wasn't for
Bitcoin, maybe the show wouldn't be here. But I'm also well aware that there's another side to
Bitcoin too, a dark side, which sometimes, when you follow the money, can lead you to the darkest places on the internet.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Darknet Diaries. This episode is sponsored by Delete Me. I know a bit too much about how scam callers work.
They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive.
It's endless.
And it's not a fair fight.
But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete Me.
Delete Me is a subscription service that finds and removes personal information from hundreds of data brokers' websites
and continuously works to keep it off. Data brokers hate them because Delete.me makes sure
your personal profile is no longer theirs to sell. I tried it and they immediately got busy scouring
the internet for my name and gave me reports on what they found. And then they got busy deleting
things. It was great to have someone on my team when it comes to my privacy.
Take control of your data and keep your private life private
by signing up for Delete Me.
Now at a special discount for Darknet Diaries listeners.
Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash darknetdiaries
and use promo code darknet at checkout.
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries
and enter code Darknet at checkout.
That's joindeleteme.com slash darknetdiaries and use code Darknet.
Support for this show comes from Black Hills Information Security.
This is a company that does penetration testing,
incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call.
I'm sure they can help.
But the founder of the company, John Strand, is a teacher.
And he's made it a mission to make Black Hills Information Security world-class in security training.
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
But get this, the whole thing is pay what you can.
Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field.
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers.
Head on over to BlackHillsInfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training, that's BlackHillsInfosec.com.
BlackHillsInfosec.com.
For this episode, we're talking once again with Andy Greenberg.
Do I sound okay?
This is Andy's third appearance on the show. But if you don't remember, he's the one who wrote the book Sandworm,
which talks about Russia doing a cyber attack on Ukraine using NotPetya and other things.
And he's also a senior writer at Wired.
And I cover cybersecurity and hacking and surveillance and all of this stuff.
And I have now written a new book, Tracers in the Dark,
The Global Hunt for the Crime Lords of Cryptocurrency. Wow, that sounds like a cool title, Tracers in the Dark, The Global Hunt for the Crime Lords of Cryptocurrency.
Wow, that sounds like a cool title, Tracers in the Dark.
I love it.
So how did you get involved in this book or this story?
What's going on in there?
Yeah, well, more than a decade ago, actually,
I was really interested in this group called the Cypherpunks
that wanted to use encryption and anonymity tools enabled by encryption
to take power away from governments and corporations
and give it to individuals.
And this is, you know, like the Cypherpunks
were these radical libertarians, most of them anyway.
And that movement gave rise to like everything
from like VPNs to Tor to WikiLeaks.
And I was kind of obsessed with this group
and writing a book about them back in 2010 and 2011.
In the spring of 2011, actually,
is when I came across this,
what seemed like this new cypherpunk phenomenon,
which was Bitcoin.
Little did we know what kind of revolution
Bitcoin would be in 2011.
Bitcoin is digital currency.
And before you start telling me that Bitcoin is a scam and has no value, the paper money you have in your wallet is just paper
and has no real value either. We all just try to convince each other that cash does have value,
but we know deep down it's just a piece of paper. It's a lie. But besides that, cash is getting phased out for digital
money. People use credit cards or even their phones to pay for everything now, which if you
think about it, now money is basically just an entry in a database somewhere. And that's fine
because it makes sense to use digital money in our digital world. Yeah, I know, Bitcoin has no real value.
But just like cash, people go along with the lie that it does.
And once enough people believe in it,
then Bitcoin becomes valuable.
Money is weird.
But the thing about Bitcoin is that it's an anonymous digital currency.
Or at least it used to be.
Just like there's no connection between the dollars in your wallet and your identity, there's no name on a Bitcoin wallet. Well,
that was true until governments started regulating exchanges. In order to buy or sell Bitcoin,
you now need to show identification to the Bitcoin exchange. And if you keep your Bitcoin
right there on the exchange, then yeah, there's a direct connection between your wallet and your name.
But that connection isn't visible to just anyone.
Only the exchange has your identification and knows which wallet is yours.
But exchanges in the U.S. have to abide by U.S. law.
And that allows law enforcement to issue subpoenas to exchanges to get details about who owns a particular wallet.
This kind of put a fence around the whole cryptocurrency ecosystem,
which enabled law enforcement to investigate cases much more effectively.
But on top of that, researchers were also figuring out ways to follow Bitcoin trails and put together a picture of what certain Bitcoin wallets were doing.
And by 2020, Andy began to realize how Bitcoin can be traced
and started looking at how law enforcement was using cryptocurrency tracing
in criminal investigations.
It became clear that not only was Bitcoin very traceable,
but that cryptocurrency tracing had actually been used
as this incredibly powerful law enforcement investigative technique
and that this small group of detectives
who then would become the subject of my book
had gone on this spree of cyber criminal busts
tracing cryptocurrency to take down
one massive criminal operation online after another.
So you're following the Bitcoin
and you're unraveling cybercrime.
I mean, this is true stories from the dark side of the internet.
How dark are we getting here?
Yeah, I mean, this gets really dark.
This is about as dark as any dark web story I've ever covered as a reporter.
Yeah, I really should underline this. This is the darkest episode
I've ever done. This is one of those stories that I knew I'd have to cover at some point, but
never really wanted to because it's just awful to put my head into this story and to think about it.
We're going to be talking about child abuse here. And some of what we say is going to be a real punch to the gut when you hear it. We're not going to graphically describe
any child abuse here, but I want you to be fair warned. This episode is rated R and listener
discretion is highly advised. Okay, so let's get into it. What is Welcome to Video? Welcome to Video was a dark web market, basically, for child sexual abuse videos.
I mean, we used to call this stuff child pornography, but I think now it's much better to call it child sexual abuse materials or child exploitation videos because it's really like sexual violence being done to kids. To access the videos on
Welcome to Video, you had two options. Either pay for access, and the only way to pay is using
Bitcoin, or upload some videos yourself. And that's child sexual abuse material, or CSAM.
Now, you hope that when a site like this launches, the police immediately swarm it and take it down,
right? Well, that didn't happen.
It launched and people started using the site
and it actually had hundreds of users in the early days.
But even with this many users,
the police and law enforcement had no idea
this site even existed, much less investigating it.
The first agency that I'm aware of
that was looking at Welcome to Video was the NCA, the National Crime Agency in the UK.
And they came upon it through, just to throw us right into the deep end of this darkness, with a really terrible case of this guy named Matthew Falder, who was this Cambridge academic who lived this also this very evil secret life.
I mean, if it's fair to say that anything is evil, I guess this would be.
He would like pretend to be a female artist and ask people for nudes online
and then would use those nudes to blackmail them into providing more nudes
and like abusing other people and self-harm.
Oh, I hear about this all the time.
About once a month, a listener of mine,
usually a guy, tells me the story
that they found a woman online,
started chatting up with her,
and it seemed to be going in a romantic direction.
And the woman asked for a nude photo of him.
So the guy sends one, and
immediately the person tries to extort the guy, saying they'll send this to all his friends unless
he pays, maybe something like $500, but it varies based on how much they think they can get out of
the guy. Two tips for any listeners who find themselves in this situation. First, don't send
nudes to people online like that. Second, if you get in this trouble, it's a legal matter.
Contact the police. You're being extorted.
It's not something a podcaster like me can help you with.
This guy, Matthew Falder, had done this to no fewer than 50 people.
At least three of them had attempted suicide.
Sorry to throw this right into the really most horrific parts of this story, but that's where this goes.
And the NCAA had actually identified Fowler and charged him. Welcome to Video, the site that they had never seen before, but immediately looked to them like a kind of massive repository of child sexual abuse materials.
But like with every dark web market, it was protected by the Tor anonymity software.
There was no obvious way to take it down.
Right. Welcome to Video was on the darknet using the Tor network. And here, things are anonymous by design,
both users and the websites, or so it seems.
Like on the regular internet, when you see a URL,
you can look up who owns that URL
or do a traceroute on the website's IP
and see where that server is hosted in the world,
or at least what ISP is providing them internet.
But on the Tor network, on the dark web, all that is
hidden. Like for instance, when you want to make a website on Tor, you first generate the private
key, which will then give you a public address. And that public address is your URL. If you have
the private key, you own the site. And if not, it's not yours. There's no way to look up who the
owner is or see where it's hosted. Everything is hidden.
And so the NCAA could see this horrific website, but they couldn't figure out any clear way to
locate its administrator or take it down. That's the whole idea, really, of the dark web.
I mean, sadly, there is so much... every child exploitation focused agent that I've ever talked to seems like they're overwhelmed with cases.
I mean, tragically.
So without a clear lead and with a lot of other work to do, this got pushed to the side until Jonathan Levin showed up.
This guy started a company called Chainalysis, which is a mashup of the words
blockchain and analysis. See, every Bitcoin transaction that happens is public for everyone
to see. And that's what the blockchain is. It's a public ledger which shows every single transaction
since the dawn of Bitcoin. And Chainalysis is sort of like archaeologists digging through the
blockchain, examining the data, and doing things
like making a profile of certain Bitcoin wallets and discovering ways to trace the money, but then
also learning that Bitcoin might not be so anonymous after all. I mean, consider this scenario.
Say you gave some Bitcoin to your buddy to borrow, and he promises to pay you back in one week.
But three weeks go by and he didn't pay you back. So you ask him about it and he says, oh, I don't have it.
Well, you could just look at the blockchain to see what's going on.
So you look to see where you sent this money to,
which is presumably his wallet, right?
And you see that not only did he borrow money from you,
but four other people sent him the same amount.
Maybe those are your friends or his friends that he borrowed from. Then you look to see how much Bitcoin is in his wallet right now, and there's none. So where
did it go? Well, the blockchain tells all. You might look and see that all the money went to
some well-known online casino's wallet. Oof. This is the kind of investigation you can do on the blockchain.
But it takes a certain skill and the right kind of eyes to be able to see how things move around and what's going on.
And this is what Chainalysis started doing.
Watching the blockchain, trying to figure out what was going on there. And they soon realized that law enforcement was also very interested in the activity of certain wallets.
So Chainalysis started working with law enforcement to find ways of getting information about certain Bitcoin wallets.
In fact, they made a tool to make it even easier called Reactor.
If you put a Bitcoin address into Reactor, it'll show you a map of all the wallets that that wallet has interacted with.
It'll then start to cluster those wallets into groups of common interests.
It'll detect certain laundering techniques.
It'll show where the Bitcoin started
and where it ended up.
Like for instance,
reactor software will show that a person
bought some Bitcoin at Coinbase,
then transferred it to another wallet,
and then they cashed out at Binance.
Which isn't quite rocket science
to figure this out on your own,
but chain analysis makes investigating
the blockchain a lot easier.
So law enforcement around the world was purchasing and using this tool to help them in criminal investigations.
Jonathan Levin was a co-founder of the company.
And around July of 2017, he was just visiting an agent at the NCA, just a kind of customer check-in.
And the agent told him about this new site
that had just come onto their radar.
They did have some of the cryptocurrency addresses
of Welcome to Video that they pulled
from Matthew Falder's computer, I believe.
So Jonathan Levin suggested that they just
put one of those addresses into Reactor,
this cryptocurrency tracing tool that Chainalysis sells.
So they gathered around a cubicle
and the agent gave Levin's Bitcoin address
from Fowler's computer,
which showed that he purchased access to Welcome to Video.
Levin put the address into Reactor
and an explosion of nodes and lines
were appearing all over the screen,
showing quite immediately the size of the operation.
The concept is simple. When Fowler became a paying member of Welcome to Video,
the wallet that he sent money to must be the owner of the site, right? And if that's the case,
then what other wallets also sent money to the owner of Welcome to Video? The graph in front of
them showed hundreds of wallets
sending money to this site.
Levin and this NCA agent
were both kind of shocked.
They could see the entire cluster
of all of Welcome to Video's addresses,
at least kind of like a sketch of them.
You know, this was just like
an initial kind of analysis
of that whole payment network.
They could see people buying Bitcoins
in cryptocurrency exchanges, including in the US,
paying them sometimes directly
into Welcome to Video's addresses
or sometimes through a few hops
on different addresses on the blockchain,
but you could still follow the money.
And then kind of just as importantly,
they could see flows of money
coming out of Welcome to Video
and going into just a few cryptocurrency exchanges, two in Korea and one in China.
It seemed that many users of the site took no steps at obfuscating or hiding their Bitcoin trail.
And perhaps not even the site owner, because the owner's wallet seemed to be sending Bitcoin to an exchange to cash out to. And while nobody's names are actually on any of these Bitcoin wallets,
all the users bought Bitcoin from an exchange
and they had to give their driver's license to the exchange
to get money into their wallets to begin with.
And all of that meant that if they could follow those trails on the blockchain
and get a law enforcement agency involved that would send subpoenas to them,
then they would probably be able to start
immediately getting identifying information on these people
because that is how this works.
It's very difficult to cash out your cryptocurrency
for traditional money or buy cryptocurrency
with that traditional money
without giving your identity to one of these exchanges.
This is a lot of work, though.
Creating hundreds of subpoenas, that's a lot of paperwork.
And once you have those people's names,
is that enough evidence to arrest someone
simply because their Bitcoin wallet
interacted with the owner of a CSAM site?
Whoever was going to take this case on
was going to be in for quite a ride.
While Jonathan Levin was in the UK
on that visit in London with the NCA,
these two IRS agents,
Tigran Kambarian and Chris Gencheski,
were in Bangkok.
They were kind of supposed to be part of the takedown of AlphaBay,
this massive crime market for mostly drugs,
but also hacking tools and stolen data.
That's another story that I tell in the book, how cryptocurrency tracing helped to confirm the identity of the administrator of Alphabet and take down this guy in Bangkok. Tigran and Chris,
these two IRS investigators, after the takedown of Alexander Kaz, the kingpin of AlphaBay,
they were kind of annoyed
that they had not been involved.
They hadn't been invited to the arrest.
They hadn't even been invited to the war room
in the Thai police headquarters
where people were watching the live stream of the arrest
from surveillance footage.
And so they're sitting in Savarnabhumi Airport,
the Bangkok airport. And so Tigran
just out of boredom
starts calling people
to try to figure out what their
next case is going to be.
And he calls Jonathan Levin at Chainalysis.
And Jonathan Levin
is like, yeah, it's funny that you should ask
because I just came across
a lead on a massive
child sexual abuse materials case
and if somebody
just pulls these threads and follows
the money, I think that you could
take this whole thing down.
And I think that you're just
the two agents to take this on.
Yeah, but that's the thing that kind of surprises me.
The IRS
investigating a criminal pedophile website.
How are they just the two agents to take this down?
Well, exactly.
So that's part of what's so weird about this case.
And that made it so interesting to hear about
from the agents who carried it out and the prosecutors.
Because Tigran and Chris and Zia, Zia Faruqi, the federal prosecutor who led the case in
Washington, D.C., none of them had ever done a child exploitation case before.
And they were financial investigators.
They had done money laundering cases.
Zia Faruqi had done national security cases where they
followed the money to find people selling weapons to North Korea and stuff like that.
And Tigran and Chris had followed the money. And Tigran actually was probably the best
cryptocurrency tracer in the IRS. But none of them had ever dealt with child abuse before.
And that was what was weird about this case
is that it was a financial investigation,
but a financial investigation to find
and dismantle a child abuse network,
which is really rare.
Because as I said,
most of these dark web child abuse markets
don't have any form of payment
and certainly don't use cryptocurrency.
But Zia Faruqi, I think to his credit,
the prosecutor who took on this case,
he was like, it doesn't matter.
We are going to follow the money.
We know how to do this.
We have a fantastic lead here
and we're going to trace Bitcoins
to take down this whole network.
So the two IRS criminal investigators took the case to take down Welcome to Video.
And you might think that they might be looking for tax evasion or some kind of financial crime to bust these people for.
But the IRS criminal investigators can really investigate just about any federal crime.
For instance, in 2021, 72% of their cases were tax-related,
but 11% were just narcotics-related.
IRS criminal investigations,
you know, they are a real law enforcement agency.
They carry guns, they make arrests,
they travel around the world,
like, extraditing people.
In fact, the IRS criminal investigation team
even has two cybercrime units.
So the case got opened on Welcome to Video.
But where do you start?
Well, like any case, you should get to know the situation
and learn exactly what's happening on the site.
Two agents opened up a Tor browser
and navigated to Welcome to Video's Darknet site.
You can't see anything unless you make a membership.
So they signed up with just a free account, though,
and they were greeted with a search box that was misspelled.
And they're
completely unprepared for this. Like I said,
I mean, they have never dealt with a child
sexual abuse materials case
before. They're not actually
allowed to download videos
because they're not undercover agents,
but they nonetheless are allowed,
not that they really wanted to, but
they just begin by looking at the thumbnails on the homepage.
And they can see just this endless scroll of thumbnails showing the rape and abuse of children.
And I should say that I think a lot of people think of these sites as being full of just like sexual videos of preteens or something.
Like, I don't know, not to say that that's okay, but that like the children on these sites are like 15 or 16.
But it becomes immediately apparent to these agents.
They can see actually like two of the most commonly searched terms are like one year old and two year old.
And they're horrified to see these thumbnails thumbnails, too, that the abuse of these children, I mean,
these are, in many cases, infants and toddlers.
I'm sorry to even say this out loud.
It's not fun to talk about that are being abused in these videos.
And they are, you know, like, they've just been thrown into the deep end of the CSAM cesspool, basically.
Gosh, where do you even begin here?
I mean, just imagine you're a federal agent and you just open the door to a room
and found hundreds of people committing crimes everywhere you look.
Rape, child abuse, and people buying and selling it.
Who do you arrest first?
The real crimes that are happening are like the hands-on abuse
and recording of abuse of children by people around the world.
And that is like just as serious a crime.
And in fact, there are like kids' lives at stake.
Not, you know, at the center of this network,
but all along the edges of it.
And that is a much, much more complicated
case to take on. They saw the Bitcoin wallets that all these users were sending money to.
This probably was the site owner or admin. So they issued a subpoena to the Bitcoin exchange
that the site owner was cashing out at. They also could see that it wasn't going to be enough to
like go to a computer at the center of this network and take down this market, like they were going to have to find the actual users of this site. And that is like, you know,
hundreds of times more complicated. So using the Chainalysis Reactor tool,
they were trying to get information on the users of the site. Their theory was,
is if they know the Bitcoin wallet for Welcome to Video, what wallets are sending money to this
wallet? And are those paying members of the site?
So they trace the money.
If wallet A was the site owner and wallet B sent money to it, where did wallet B get that money?
From a Bitcoin exchange.
So a few more subpoenas were issued to exchanges for what they thought could be users of the site. But not only that, I mean, Tigran, very early on,
started to just kind of scour the site for just other security mistakes
that might have been made in its coding and might reveal something.
And he just like, I mean, this is kind of incredible,
but he just, I think, like right-clicked the website and hit view source.
And amazingly, just began to see all these IP addresses for those
thumbnails on the homepage. Oh, that's a big mistake for the site owner. This website was on
Tor, the darknet. And when a website is on Tor, its IP addresses are hidden. You have absolutely
no idea where in the world that website is hosted. That's the point of Tor.
But when this agent examined the code on the website,
the thumbnail images weren't hidden.
They weren't on Tor.
They were just being served on the plain old internet.
And this could potentially lead them right to the front door
of where this site is hosted.
And he immediately did a trace route and saw that these images were sourced from a computer in South Korea and in a residential IP address.
So amazingly, all of these thumbnail images seem to be on a computer in somebody's home in Korea.
And he actually just started laughing because he could not believe what a dumb mistake this was.
Soon enough, the subpoena for the admin wallet came back.
The investigators were hoping that this would reveal
who owned Welcome to Video.
Well, the first thing that they could see,
and they could see this actually before they even got
the results of their subpoena,
was that there was no way to take your money out
of Welcome to Video.
Once you paid in, once you paid for a membership,
essentially,
you couldn't get a refund or something.
It wasn't like the Silk Road where people were selling stuff
on Welcome to Video other than the administrators of the site.
All the money that was coming out of the Welcome to Video network,
or it's the cluster on the blockchain, all the money that was coming out of the Welcome to Video network, or it's the cluster on the blockchain,
all the money coming out must belong to the administrators of the site.
They realized that right away.
And so they traced that money to these two exchanges in Korea
and one in China and started to get the subpoena results for those.
I think a little bit of it had gone to a US exchange too.
And they got that one first. And it showed the identifying information for this older Korean man near Seoul in South Korea.
But Chris Janczewski, he was the one who received the results of that subpoena first.
And he was immediately weirded out by this because this was an older guy.
And he had really dirty hands, like he was some sort of agricultural worker or something.
He didn't seem like somebody, the kind of basement-dwelling, hands-on-a-keyboard guy who would be running a dark web market.
And then as they got more of the information back, they began to see that there was this other guy who was much younger, had the same
last name as the older guy. His name was Sun Jong-woo.
Sun Jong-woo. They've got a name. And they look closer at this guy. He was 21 years old,
living in South Korea. And he had the same last name as that other guy, the guy with the dirty
fingernails. And they looked into it
and this was the son of that older guy.
Sung Jong-woo also lived in the same city
where the IP address resolved for the images on the site.
As the investigators looked at him more,
they connected enough dots for them to believe
Sung Jong-woo was the admin and owner
of the dark web site, Welcome to Video.
They found their guy.
You might think that that is case closed.
They've got their guy.
He's in South Korea.
He's in this town just a couple hours south of Seoul.
But then they started to get the results from all their other subpoenas.
These are the users of the site.
Like uploaders,
downloaders, hands-on abusers of children, like people creating these videos. And they start to
see that the users they're identifying, and these are hundreds of men. I mean, they're almost all
men, of course. They include like a vice principal of a high school in Georgia and an actual Homeland Security investigations agent.
And by this time, IRS had actually partnered with Homeland Security because they didn't have the manpower to do this massive investigation.
And so immediately, they're in this awkward situation where they see that one of their own, a federal agent, is one of the users of this site. But that also, the administrator of a high school and a federal agent,
these are people in positions of power and potentially with access to children.
And so they start to realize that their first priority cannot be to go after the server
or go after Sun Jong-woo in South Korea.
They have to try to find these especially sensitive cases,
the users of the site who might have access to kids, they have like an ethical responsibility
to go find them first and arrest them or charge them or whatever, stop them from potentially
abusing kids.
One of the subpoenas came back for a guy right in Washington, D.C., where the IRS investigators
were based.
It was really important to them to realize
that there was a user of Welcome to Video
in Washington, D.C.
In fact, this guy lived just down the block
from the prosecutor's office
where a lot of this work was happening.
One of the prosecutors had actually just moved
out of this building where this guy lived, amazingly.
It was really just like a few blocks away.
And that was important.
I mean, it was not just a weird coincidence,
but it was important because it meant
that if they could prove that this guy
used Welcome to Video,
that would allow them to charge the whole case
in their jurisdiction.
This is like one of the weirdnesses of law enforcement
that we don't think about a lot,
but they have to prove that
one of the criminal suspects in the case, at least,
is located in their jurisdiction to take on this case in Washington, D.C.
So they decided to make this guy their test case. He's suspected to be a user of Welcome to Video.
Now it's time to see if that's true and arrest him if it was. So they look up who this guy was.
He was a former congressional aide, and now he's a high-level executive
for an environmental group in D.C.
So they're worried that this guy might make a stink
and go to the press or try to blow the lid off
of their still-undercover covert investigation.
But they decide that they have to do it anyway,
that they have to go after this guy
as the first step in their case.
So in the midst of this,
they also see that they find this guy's social media profiles and they see that he's gone quiet just recently, just in the last week or two. And they figure out by pulling
his flight records that he's gone to the Philippines, which they suspect might, you know,
the Philippines sadly is like a place where a lot of child abuse and sex tourism happens.
But they also realized that that will allow them, when this guy flies back to the U.S., again, for better or worse, there is this carve-out in American civil liberties that I find pretty appalling normally, which is that customs and border protection can just pull you
aside at the airport and hold you as long as they want, practically. I mean, your rights just don't
apply somehow at the border in that way, which is kind of sickening. But in this case, sorry,
that was an aside, but in this case, it meant that they could detain this guy when he flew back from the Philippines.
So they figure out when he's coming back and what his route is.
He was flying back home through Detroit, and the IRS federal agents were able to get Border Patrol to pull him aside in Detroit and seize his devices.
They made him turn over his phone and computer.
Of course, he protested, but the Border Patrol told him
that he's being investigated for child sexual abuse material.
So they took his devices and let him fly home to D.C.
Border Patrol began looking through his devices.
CBP, not long after this, told the investigators in D.C.
that they had managed to access the storage of those devices.
Some of it was encrypted,
some of it was not. And they found child sexual abuse videos. They found actual like
surreptitiously recorded videos of adults having sex as well.
So they knew that this test case had actually come back positive. The next day, this is just
a bizarre twist in the case. Like one of the prosecutors involved in the Welcome to Video investigation got an email from the management of her old building.
She no longer lives there, but she was still on the mailing list.
And it said that tragically, someone had committed suicide in the building and had jumped from, I think, the 11th floor and
their body
was on
the sidewalk and therefore
the parking garage was closed.
This was
like...
I mean, it's a bizarre email
to get, but she immediately
realized that
this was their suspect.
And Chris Janczewski and Tigran Gumbarian drove over to the building right away and
talked to the management and figured out that, yes, this was their test case.
This was their guy, and he had just committed suicide.
Chris Janczewski and Tigran went to this guy's apartment,
as you do in a case like this,
to just look for evidence.
And they could see the patch of wetness
on the sidewalk 11 stories down,
looking out from the balcony.
They could see the half-eaten pizza on the table.
I mean, this is like you would think
kind of when it hit home.
But I think that the fact that the guy had killed himself
just drove home for all of them
the gravity of what they were doing.
That the
human impact of this case was going
to be enormous. That people's lives
truly were at stake. And not just
kids, but it is
just a life and death
scenario. This is more impactful
in a way than taking down a
dark web drug market or
a hacking conspiracy or something.
This is like a crime
where
in some cases the conviction
is worse than death. But
I think it speaks to the
trauma that they'd already experienced
in investigating this case, that they had no sympathy for this guy.
I mean, I think that the investigators, in part, were like,
we just need to focus on the victims here.
There are real victims that we need to actually help in this case.
But they also had come face-to-face by this point with hours of these videos.
Chris Janczewski was actually the one who eventually was assigned to watch these videos
to be able to write the affidavit for whatever charging documents they would come up with.
So in this sort of like clockwork orange way, he was just forced to watch hours and hours of child rape.
And after that, I think he had very little sympathy for the defendants.
And his immediate thought was like,
well, there's one less case where I have to do the paperwork.
I have hundreds more of these guys to go after.
So all the better.
Just like, let's move on.
This is getting heavy.
I think we'll take a short break here.
Be right back. security professionals scaling your GRC program, proving your commitment to security has never been more critical or more complex. And that's where Vanta comes in. Businesses use Vanta to
establish trust by automating compliance needs across over 35 frameworks like SOC 2 and ISO 27001,
centralized security workflows, complete questionnaires up to five times faster,
and proactively manage vendor risk. Vanta helps you start or scale your security program
by connecting you with auditors and experts
to conduct your audit and set up your security program quickly.
Plus, with automation and AI throughout the platform,
Vanta gives you time back
so you can focus on building your company.
Join over 9,000 global companies like Atlassian, Quora, and Factory
who use Vanta to manage risk and prove security in real time.
For a limited time, listeners get $1,000 off Vanta at vanta.com slash darknet.
That's spelled V-A-N-T-A, vanta.com slash darknet, for $1,000 off.
The criminal investigators at the IRS kept going with their investigation,
looking for more users of the site that were in the U.S.
And they had issued subpoenas to crypto exchanges
and were getting details back about potential users of the site.
The next guy on their list was this assistant principal
outside of Atlanta, Georgia.
And this was the case for,
at least as Chris described it to me,
Christian Chesky was the one who flew down to Georgia and with the Homeland Security agents in that area,
knocked on this guy's door,
executed a search warrant,
sort of swarmed his house with agents,
seized all of his computers.
But this was a guy who had a family
and they had to separate his kids,
put them in one room,
put his wife in another and question her.
And they questioned this man
who was an administrator at a school
in another room.
And for Chris, who was kind of like,
he was not the one exuding the warrant.
He was the IRS agent
who was leading the case, basically.
So he was kind of standing there in the eye of this storm of activity.
This was the moment that it hit home for him.
Even after that earlier suicide, what this meant for people's lives,
that they were essentially destroying this guy's life by doing this to him
and doing it in front of his family.
And he had this moment where he was like, I really hope that this cryptocurrency tracing thing works and that we are getting the right people here.
Because remember, the only evidence they had on these people was that they sent Bitcoin to the owner of the site. And it's really
wild to simply start raiding people's homes just because they sent money to another Bitcoin wallet.
Is that really enough evidence? What if someone else stole that guy's Bitcoin wallet and it was
someone else who sent that money? And what if the guy in South Korea just had some side business,
it was like selling some totally normal web page design or something like that.
And he was just using the same Bitcoin wallet for both sites.
I mean, it would be really bad for the investigators to put a whole family through this ordeal
if he isn't actually a pedophile.
But this risk was worth taking to the criminal investigators.
But that guy then was taken in for questioning,
admitted eventually to inappropriate touching of kids at his school,
and was eventually charged with sexual assault.
Not just possessing child sexual abuse materials,
but sexual assault.
They were right that this was a high-priority case.
They had followed his cryptocurrency payments
and it really had identified an abuser of kids.
At least that's what the agents and prosecutors told Andy about this guy.
I do know he lost his job over this
and was facing numerous felony accusations.
The important thing was that within hours,
this sort of like moment of doubt that Chris Janczewski had was
dispelled, that they knew that this guy, that, you know, this was another test case that had
come back positive. The blockchain had not lied. Like they had once again identified like a real
case of sexual exploitation of kids through cryptocurrency tracing alone.
So in the midst of this, at the same time, this investigative group, these IRS agents and prosecutors were also just continuing to scour everything happening on Welcome to
Video.
I mean, the site was still online and there was a chat function on the site, like a kind
of discussion in real time on Welcome to Video 2. And they began to see,
to notice that there were these messages that would appear periodically that seemed to be from
a kind of help desk administrator almost. Like, if you have a problem, email me here and I can help.
And so they started to ask themselves, is this another moderator or even administrator, another like, you know, creator of Welcome to Video that they needed to track down?
Like, is this Sun Jong-woo, the guy in Korea, or is it someone else even? contractor who worked with the agents, his name was Aaron Bice.
They tried to figure out, based on the email address, who this was.
They did some pretty incredible investigative work for this one.
The email was on a Tor-protected email service, so that was no help. But they were able to find a similar email address as a user of a popular Bitcoin exchange called BTCE.
Or at least BTCE used to be a popular Bitcoin exchange. It was taken down by U.S. authorities because of the
money laundering that was going on there, which meant the U.S. authorities had all the logs and
data from that Bitcoin exchange. And a very similar email address was registered to that exchange.
The user had logged into the exchange 10 times to access their Bitcoin there.
But this exchange didn't have user information
other than the IP address that the user logged in from.
So the investigators looked at the IP addresses that logged in to this account.
And every single IP they looked up came back to a VPN service.
This was a dead end for them.
But the last IP they looked up
came from a residential address
in the U.S., not a VPN.
This must have been a mistake
by the user.
So they did a trace rat on that IP address
and found that it was in Texas.
It was clearly not Sun Zhongwu.
It seemed kind of unlikely even that
somebody in Texas was working with Sun Zhongwu.
The investigators were able to gather more information about who this person was,
and they eventually were able to get a name and address of this person.
It turned out to be a border patrol agent, another federal agent,
who was based in this Texas town near the border.
A border patrol agent.
When a person in authority is committing crimes like this,
it feels more awful
because they have a type of power and trust
that they're abusing.
So now they've got this guy of interest
who is sending these weird messages on Welcome to Video
who seems to be a kind of moderator
or help desk person on the site.
But then they also check his account on Welcome to Video
and they see that he's uploaded
real child sexual abuse videos. And as they piece together the picture of who this
Border Patrol agent is, they also see a GoFundMe where he's raising money to adopt a daughter,
to adopt his actual, his partner's daughter as his own stepdaughter. And Chris Janczewski has sort of painstakingly watched
all the videos uploaded by this Border Patrol agent.
And he recognizes this red flannel shirt
that the girl is wearing in one of the abuse videos.
And he spots it also in one of the photos
on the GoFundMe page,
that this is exactly the same girl.
And this Border Patrol agent is essentially abusing his own stepdaughter. also in one of the photos on the GoFundMe page, that this is exactly the same girl.
And this Border Patrol agent is essentially abusing his own stepdaughter and uploading the recordings of it to thousands of men around the world.
To make that connection for the investigators must have felt like a punch in the gut.
But at the same time, what an opportunity to rescue this girl from this monster.
But in this particular case now, Chris knew that every moment that he was not taking down this Border Patrol agents, this girl might be abused again.
Yeah. So briefly kind of walk me through what they need to do to either, like, I don't know, go arrest him or whatever.
They need to call the local police.
They need to call another assistant.
I don't think the IRS is going to just show up by themselves, right?
I think in this case, IRS had partnered with Homeland Security
because Homeland Security Investigations has a lot more manpower
and is the one that very often does take on child exploitation cases,
not IRS, obviously. But in this case, because they were arresting somebody who was part of
Border Patrol, which is part of DHS, HSI actually had to bring in the FBI too, I believe, and local
law enforcement, if I remember correctly, who all kind of were there to make sure there was
no conflict of interest or anything. But Chris Jananceski flew down to Texas with one of the HSI agents on the case,
and they stopped his Border Patrol agent on his way home from work,
took him to a hotel and interrogated him while Chris went to his house and searched it
and found exactly the room where he had, in fact, filmed his own abuse of his stepdaughter.
He could recognize it from the videos.
To him, it felt like he'd kind of like fallen through the screen of his computer
into the scene of some horror movie that he had watched.
So, I mean, you've got to move fast to get a warrant, a search warrant to go to someone's house. Well, exactly. So like it was 10 days after the results of Chris's subpoena came back that he arrested this guy.
And he barely went home or saw his family during that time.
I mean, I think that it had become so real for him that he was haunted by this notion that every moment he was not working to get this guy separated from his victim was a moment that like a child could be raped again.
I mean,
not to,
I'm sorry to say these things out loud,
but it's,
that is the truth.
And so the entire team,
but especially Chris just truly raced to get this guy arrested and to have the,
and the girl was in fact separated from him, brought to a safe place.
They brought with them on this search somebody who was sort of experienced in speaking to child
victims. And that agent did interview the girl who then, yes, she opened up and eventually talked
about the abuse that she'd experienced.
Man, thinking about the victims here really is another punch in the gut for me.
This kid suffered so much trauma,
and it could take a lifetime for her to heal from all this.
And abusers sometimes go through great lengths to keep all this quiet,
like threatening the kid or gaslighting them and saying,
no, that didn't happen.
That was just a dream you had.
So they prove, yes, that this guy was a hands-on abuser of children, of his own stepdaughter.
Well, these are the allegations made by the agents and prosecutors in the case.
This guy has not been convicted of anything yet.
But they also, in interrogating him, found that he was not by any means an administrator
or moderator of the site.
He was actually just phishing people, essentially, on Welcome to Video,
pretending to be a moderator and then using that to steal their credentials
and log in to the site as them and get access to their
cache of child sexual abuse videos, just as a way to
save money, basically.
As petty as that sounds was he was just exploiting
these exploiters and um trying to get access to more videos without paying for them but you know
when they took him down it was just big disappointment because they thought maybe
that they had found another kingpin or you know this site at least. And he was none of the above.
He was just like one of the hundreds of men who were just using the site.
And as Chris was flying back to D.C., he had taken down this guy,
but he also knew that the guy's videos were still up on Welcome to Video
and were being watched by the whole crowd of thousands of other men using
this site. So they decided this site has been up long enough. It really needs to be shut down.
They've proven their case is very severe, and the longer it stays up, the more abuse will continue
to happen. So the IRS criminal investigators decided it was time to head to South Korea
and arrest the site admin, Sun Jong-gu. But they needed the actual Korean police,
the Korean National Police Agency, the KNPA, to actually carry out this arrest. They can't just
fly to Korea and start arresting people. They had to actually get him extradited from South Korea.
And that actually is pretty hard, it turns out. South Korea, I only sort of learned in my reporting on this case,
is not the easiest place to get international cooperation.
Luckily, like Zia Faruqi, the federal prosecutor in this case,
had actually carried out cases in South Korea and had contacts with the KMPA.
He had done a case where they tracked down people selling weapons to the North Korean government and had worked with South Koreans in that case.
So he had these contacts there, he and an HSI agent who were involved.
So they get the cooperation of the KNPA.
They set up surveillance of Son Jong-woo as he's like coming and going.
They follow his every move as he comes and goes from his apartment in this apartment complex a couple of hours south
of Seoul. So in February of 2018, Chris Janczewski and a couple of the prosecutors in the case fly
to Seoul and prepare for this takedown in cooperation with the KNPA. They make this plan
to arrest the guy on Monday morning at his home, like bust down the door and get him at home.
But then on the day before they're planning to make the arrest,
they figure out from their surveillance team
that Sun Jong-woo has driven up to Seoul,
that he's spending part of the weekend in the city.
And the KNPA make this last-minute plan
to basically stake out his,
to drive south to the town where he lives south of Seoul, stake out his to drive south to like the town where he lives south of
seoul stake out his home and be there ready to get him at his front door and that is in part because
they don't want him to have any chance to try to destroy evidence thanks in part to like tigrin
cambrian's right click and view source they know that the server is actually in sun jung woo's apartment uh amazingly um so
you know this is not like in a data center somewhere so they need to both uh seize the
server and arrest sun jung woo they make a plan to do this which in some ways you know it's uh like
a very tidy sort of simple plan now they only have to raid one location basically they sort of formulate
this last minute plan and christian chesky and the americans and the koreans drive down together
in this kind of caravan and stake him out in the parking lot of his building and it's long after
midnight on this like night where it's just pouring rain christian chesky by the way has
horrible cold he actually like brought a pillow with him for this stakeout
and was just miserably
waiting in the car
during all of this.
The Americans are not actually allowed
to make the arrest, so
it's the Koreans who
follow Sun Jong-woo into the apartment
when he finally arrives.
It's this agent, this
Korean agent who they called Smiley. I don't actually know his real name, but they called him Smiley because he finally arrives. It's this agent, this Korean agent who they called Smiley.
I don't actually know his real name,
but they called him Smiley because he never smiled
and he was this very intimidating figure
who kind of slides into
the elevator next to Sun Jong-woo,
rides
up the elevator with him.
When he steps out of the elevator and walks to his
apartment, they arrest him
just as he reaches his front door and then search his home. They asked Sun Jong-woo, can we let the Americans in to
participate in this search? The way that this mutual legal assistance treaty between the U.S.
and Korea works is that the victim has to give permission for any Americans to be involved in the search. And of course, Sun Jong-woo says no.
So Chris Janczewski has to just watch the search through somebody's phone on FaceTime
while he sits in this car in the parking lot in the rain.
And eventually, somebody points the phone, points the video,
this live stream of the search, at this crappy desktop tower machine that is sitting on the floor of Sun Jong-woo's bedroom.
It's just like an old desktop machine with one side open, and you can see that there are multiple hard drives in it. And essentially, Sun Zhengwu had just been adding hard drives to it
as each one filled up with terabytes of videos of child sexual abuse.
And this is the Welcome to Video server.
I mean, Chris couldn't even believe it.
He was just kind of shocked.
And it was actually almost anticlimactic for him.
They had got their guy.
They had found this server at the center of this incredibly malevolent global network.
And it was just this dumpy computer on the floor of this kid's bedroom.
So when they got to the server, did they immediately pull the plug?
Or did they put some forensic tools on it?
Or did they put a sign on the site that said this is now seized by the government?
So yeah, they grabbed the server.
They do put up a banner on Welcome to Video, but it's not a seizure banner.
They actually put up an undergoing maintenance, please be patient banner.
They even include some typos
because Sun Jong-woo's English was pretty bad
and there were a lot of typos on the actual Welcome to Video
site. So they're trying to
just buy themselves some time
and not tip off Welcome to Video
users that the site has been taken down.
And with
the server, kind of amazingly
now, they can, I mean, the kind of breakthrough of now having the server is that it's a kind of Rosetta Stone.
I mean, now you can see not only who was paying in, but what they were buying.
With the logs on the server and the database there, you can see which videos each user was downloading and watching and uploading too.
So now in combination with the cryptocurrency tracing,
they have the entire map of not just identities that they've got from that tracing,
but also the other end of these criminal transactions
and so they like you know now they have the mother load of evidence and they start to assemble
with the help of actually of chain analysis uh and of hsi and um the irs they they're all working
together they start to build these kind of dossiers on hundreds of the users of Welcome to Video around the world.
I mean, this is like the heart of the case.
In fact, it's like the slog of planning to find and arrest and search and raid and charge hundreds and hundreds of men around the world.
I mean, not just in the U.S., but like practically of men around the world. I mean, not just in the US,
but like practically every continent in the world.
There were thousands of users on the site
and hundreds of them were paying to view the videos.
And it really was the Bitcoin tracing techniques
that gave investigators all the information they needed
to take this whole operation down.
And it was a huge operation.
So when they seize the database,
they now can see the full scale of the size of Welcome to Video 2.
They can see, for instance, that by volume,
there are more child sexual abuse videos
than they've ever seen on a dark website before.
When they share all this stuff with the National Center for Missing and Exploited Children,
which is abbreviated NCMEC,
N-C-M-E-C,
NCMEC says that they have never actually seen,
they were the ones who track these sorts of videos,
and they've never seen almost half of them before,
which is remarkable.
And it shows that Welcome to Video wasn't just enormous,
but that it actually had like really incentivized people to create lots of new abuse videos to actually abuse children.
And these weren't just videos copied from other sites, but they were like many of them were uniquely made for Welcome to Video.
Now the agents had mountains more of evidence against the users of the site.
It was time to start arresting as many users as they could.
As these intelligence packets were assembled, essentially, and sent out to agents and police around the U.S. and around the world,
there was no coordinated one day of hundreds of takedowns.
It was too big of a case to even attempt that.
There was no kind of like the way that things happen in movies
where all these doors get knocked down at the same time.
Instead, it was like this kind of rolling, distributed process
of just taking down these guys one by one around the entire world.
Andy tried looking to see who these people were that were getting arrested.
And it was just too many people to keep track of or follow up on.
But there were a few people that he did hear about that got arrested that are worth mentioning.
This guy in Kansas, who it turns out had run an at-home daycare for infants and toddlers.
And when he was busted,
they found that he deleted all of his videos
from his computer.
But the prosecutors were able to find
that he still had remnants of the videos
in his computer storage and was charged.
There was another guy in New York
that when the police went to his house,
his dad stopped them at the door and was like,
you've got the wrong guy.
It can't be my son you're after.
But when the investigators showed the dad the evidence they had,
he was shocked and let them in.
And not only was the son a member of Welcome to Video,
but he was also found to have sexually assaulted the daughter of a family friend
and hacked into another girl's webcam and was recording her without her knowing,
at least according to prosecutors.
Another guy in Washington, D.C. tried to commit suicide webcam and was recording her without her knowing, at least according to prosecutors.
Another guy in Washington, D.C. tried to commit suicide when the HSI agents raided his house and he hid in his bathroom and slit his own throat. And only because
one of the agents had medical training were they able to save his life. They found 450,000 hours
of child sexual abuse videos on his computer, including some of the recordings
that were created by that Border Patrol agent in Texas.
450,000 hours.
That's like an addiction beyond my imagination.
I mean, these are sad individuals.
I mean, they have done terrible things.
But when you hear about who they are, you do kind of realize that this is a sickness, too.
There was one man who they found had suffered brain damage.
And he had been taking this medication that heightened his sexual appetites and reduced his impulse control.
And he had basically the cognitive abilities of a child himself.
These are truly tragic cases on both sides. But then in another case,
they found a guy in New Jersey
had been negotiating to actually buy a child
for his own exploitation.
I mean, there's no doubt that this,
despite the tragedy for the criminal defendants here too,
this is a case that saved kids.
And ultimately 23 children were rescued around the world as a result of this case. And it was around the world. I should say,
I've listed cases in the US, but ultimately, Welcome to Video users were arrested in
the Czech Republic, Spain, Brazil, Ireland, France, Canada, England, Peru.
One guy fled to Saudi Arabia and was arrested there.
And the agents in the case don't even know what happened to him.
But in Saudi Arabia, sexual offenders are sometimes punished under Sharia law,
which can include beheading.
But then in other cases,
these suspects fled internationally and got away with it.
There was one guy in the Seattle area who worked for Amazon, was a Chinese national,
and they searched his car and they found, in fact,
that he had a map of playgrounds in his car
along with a teddy bear,
despite having no children of his own.
And after this guy saw that his car had been searched,
he fled to China and they never found him again.
In total, 337 people were arrested around the world.
And 23 kids were rescued.
I mean, that's, I think it is probably in terms of,
I mean, in this whole book that I've written about cryptocurrency tracing cases,
this is the one that there is no doubt that it had the biggest impact on people's lives.
Song Jong-woo made a few hundred thousand dollars from all this,
which seems like such a small amount of money compared to how much suffering
was inflicted on victims because of the site. Clearly, some of the users on the site did
horrendous things or have been put in prison for a long time. And I know some of them got
decade-long prison sentences or more, but that's just the users. What did the admin,
Sung Jong-woo, get for his punishment? The really shocking thing is that Sung Jong-woo was out in less than two years.
And that is like, you know, I'm still kind of like amazed by this myself, but it seems like
South Korea's child sexual abuse laws are just really badly written and a judge denied extradition in this case.
I still don't quite understand this,
but I think it's like a cultural disconnect
where South Korea just historically
has not taken this kind of crime seriously.
But it is worth noting that when Sun Jong-woo
was given an 18-month prison sentence,
just 18 months for this horrific crime, I mean, for running this network of horrific crimes, there was a huge uproar in South Korea. a petition signed by 400,000 people to prevent the judge in the case from being considered for
a Supreme Court position. And there was legislation proposed to fix these laws and
create harsher sentences and change the extradition treaty. So I think that South Koreans,
many of them are as baffled and unhappy about this as Americans are.
Another story I read says that after he got out of prison,
Sung Jong-woo was facing extradition to the U.S.,
but his father sued him only because if you're facing a lawsuit in South Korea,
you can't be extradited.
So this kept him in South Korea and cleared him of the extradition,
which means he's still walking free, presumably in South Korea.
You know, that's the end of it.
Sun Jong-woo is out
and has completely disappeared
from the internets
and from public life
in any way that I can see.
I could not find him.
And when I began reading Andy's book
I was under the impression
that Bitcoin and cryptocurrencies
are private and anonymous
unless you make a mistake in your
OPSEC and expose yourself. But after reading the book, I'm realizing just how extremely careful
you have to be in order to remain private with your cryptocurrency. I mean, he talks in detail
in the book about it, but let's just break apart a couple ideas. Local Bitcoins. This is where you
can buy Bitcoins from just like another person directly and not through an exchange. Well,
that person you bought Bitcoin from probably used an exchange. And there's stories about how
law enforcement has subpoenaed exchanges to figure out who that person was that you bought Bitcoin
from, which has led back to the criminal. Or what about mixing services or tumblers? Well,
time and time again, these get taken down and seized by the feds. And that tumbler might
contain a whole perfectly preserved logbook
of everything that went in and out,
effectively decloaking all its users.
There's even rumor that certain governments
know how to defeat some of the security features on Monero wallets,
which is supposed to be private by design.
And since the blockchain is a permanent, unchangeable public ledger,
once a modern analysis technique is discovered,
then it can be used to analyze the entire history of the blockchain. And even if you realize your mistake, there's no way
to go back and fix it. Now, we still don't know who Satoshi Nakamoto is, the creator of Bitcoin,
and whoever they are, they have a billion dollars in their Bitcoin wallet that they've never touched.
But as soon as they cash it out, they'll have to provide identification
which will expose who they are.
And there are protocols such as Zcash
that encrypt the whole transaction,
not exposing the sender or receiver's wallet at all,
which seems promising.
But if you put all your eggs in that basket
and someday one of those researchers
finds a way to de-anonymize it,
now your hands are showing.
With the regulation of Bitcoin,
it's easier than ever,
for law enforcement at least,
to identify who owns what wallet.
They can even freeze wallets
or wallets interacting with a certain wallet
and seize wallets too.
So I think that like the trap
that cryptocurrency has represented,
in fact, for more than a decade now, it still persists.
People still believe, in many cases, that they have financial privacy or that they can get away with crimes when, in fact, this untraceable currency they're using is the opposite of that.
And sometimes leads agents and prosecutors right to their door.
A big thank you to Andy Greenberg for coming on the show and telling us this story.
This is only one part of his book,
and there's plenty more amazing stories in the book,
so you better go grab a copy of it and check it out.
If you like this podcast, you'll absolutely love that book.
It's called Tracers in the Dark.
Well, the full title is Tracers in the Dark,
The Global Hunt for the Crime Lords of Cryptocurrency.
And I have an affiliate link to purchase it through Amazon in the show notes.
So if you're going to buy it, please use the link.
I'm putting this show on pause for a while.
I have no episodes planned for January, February, or March.
I know my creative itch will be too strong to just be quiet the whole time,
but I just need to escape from the ever-present due dates of the show
and just take a little mental health break.
I've been doing this for five years now,
and the little breaks I've taken have just never been enough
to really feel like I'm relaxed.
The show is made by me, the Karate Skid, Jack Recyder.
I did the sound design for this one too.
This episode was assembled by Tristan Ledger
and mixing was done by Proximity Sound.
The theme music is by the hip monk, Breakmaster Cylinder.
I'll sign off with one last tip for you.
If you do go on tour and visit the Darknet,
you should always wear a bulletproof vest
just in case you get hit with a screenshot.
This is Darknet Diaries.