Unchained - How This DOJ Strike Force Hunts Down Cryptocurrency Criminals - Ep.195
Episode Date: October 20, 2020Magistrate judge Zia Faruqui, and Jessi Brooks, assistant U.S. attorney in the national security section at the United States Attorney’s Office, have prosecuted several cryptocurrency-related cases,... many of them amongst the most well-known. In this episode, they talk about: how they came to be involved in the prosecution of so many cases involving cryptocurrency the nature of civil forfeiture cases the Al-Qassam Brigades case, which led to the largest ever seizure of a terrorist organization’s cryptocurrency accounts, and the terrorist organization’s use of dynamic addresses in an attempt to elude detection by authorities. how Al Qaeda used Telegram to pursue cryptocurrency donations the case involving ISIS and counterfeit PPE for COVID the process of seizing funds from unhosted wallets the North Korean affiliated Lazarus Group, and how they were able to amass $2580 million worth of cryptocurrency the methods hackers will use to cash out stolen crypto funds to fiat how different government agencies in the U.S., as well as in other countries, are coordinated when tackling these cases the Welcome to Video case and how they went about prosecuting a person in a foreign country how they’ve seen the use of cryptocurrencies by criminals evolve over time and whether or not they think decentralized exchanges will make it easier for criminals and hackers to cash out Thank you to our sponsor! Crypto.com: https://www.crypto.com Episode links: Jessi Brooks: https://www.linkedin.com/in/jessica-brooks-8289ab32/ Zia’s Faruqui: https://www.linkedin.com/in/zia-faruqui-a73ba11a5/ Three terror-finance cybercrime cases: https://www.justice.gov/opa/pr/global-disruption-three-terror-finance-cyber-enabled-campaigns The Al-Qassam Brigades case: https://www.justice.gov/opa/pr/global-disruption-three-terror-finance-cyber-enabled-campaigns Scam PPE site: https://www.wired.com/story/isis-allegedly-ran-a-covid-19-ppe-scam-site/ Civil forfeiture complaint against North Korea-affiliated hackers, Lazarus Group: https://www.justice.gov/usao-dc/pr/united-states-files-complaint-forfeit-280-cryptocurrency-accounts-tied-hacks-two https://www.justice.gov/usao-dc/press-release/file/1310411/download https://blog.chainalysis.com/reports/lazarus-group-north-korea-doj-complaint-august-2020 Welcome to Video indictment: https://www.justice.gov/opa/pr/south-korean-national-and-hundreds-others-charged-worldwide-takedown-largest-darknet-child Dark Scandals: https://www.forbes.com/sites/kellyphillipserb/2020/03/13/dark-deja-vu-irs-announces-charges-in-takedown-of-multi-million-dollar-child-exploitation-website-funded-by-bitcoin/#4a09b2ac28ae https://www.justice.gov/usao-dc/press-release/file/1257581/download Jonathan Levin from Chainalysis on Unchained: https://unchainedpodcast.com/how-bitcoin-led-to-the-demise-of-the-largest-child-porn-site/ Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi, everyone. Welcome to Unchained, your no-hype resource for all things Crypto. I'm your host,
Laura Shin, a journalist with over two decades of experience. I started covering crypto five years ago,
and as a senior editor at Forbes was the first mainstream media reporter to cover cryptocurrency full-time.
Subscribe to Unchained on YouTube, where you can watch the videos of me and my guests. Go to YouTube.com
slash C-unchained podcast and subscribe today.
crypto.com, the crypto super app that lets you buy, earn and spend crypto, all in one place.
Earn up to 8.5% per year on your BTC and more than 20 other coins.
Download the crypto.com app now to find out how much you could be earning.
Today's guests are Magistrate Judge Zia Farooke and Jesse Brooks,
assistant U.S. Attorney in the National Security Section at the United States Attorney's Office.
Welcome, Zia and Jesse.
Hello.
Thank you. Thanks for having us.
You've prosecuted a number of federal criminal and civil forfeiture cases, including
involving cryptocurrency, including some of the most well-known ones, such as the Welcome to Video
case, which led to the takedown of one of the web's largest child pornography sites and a case
involving the North Korea-affiliated Lazarus Group, plus another one involving Hamas and the Al-Qasan
Brigades. How did you two come to prosecute so many cases involving cryptocurrency?
I can go first and then I'll let Zia sort of explain because I think our roots are actually very different.
I started and cut my teeth in the Superior Court Division at our office prosecuting mainly domestic
violence and sex offense cases. During my time prosecuting sex offense cases, I learned an
expertise in the revenge porn world, which is where individuals sort of use cyber techniques
to put out explicit photos of people that either broke up with them or upset them in some way.
And I got really interested in the cyber world.
And then when I moved to the national security section,
I was lucky enough to team up with Zia, who had already developed this amazing expertise in this field.
And from there, it sort of took off Zia and his team that he had developed.
And then I got to jump in and help develop as well, had created this amazing world
that's leading the forefront of DOJ in these kinds of cases.
Sure, yeah, thanks so much.
So as you said, I'm now a judge, so I'm no longer a prosecutor so I can speak not in my role as a judge,
but talking about as a prosecutor starting in 2008 until September 11, 2020 was prosecuting cases.
Kind of what led me to the path of cryptocurrency was my focus was on money laundering and asset recovery for victims.
And it seemed very clear, you know, early on there was, like,
like people who started laundering money in second life,
or there was this initial sort of trend of like, you know,
is virtual currency something that criminals would get into?
And one of the most fun things about being a prosecutor
is seeing the ingenuity of criminals,
like they're finding new and fascinating ways.
And you always think like, oh, man,
if they'd only channel these powers for good,
think of all the things they could do.
But it is, it's like a game of chess.
And, you know, between prosecutor investigators
and people who are violating the law,
that you're always just trying to catch up and keep up with them.
And so, you know, several years ago, about like five or six years ago,
another couple of prosecutors over from Maine Justice, particularly one Alden Pelker.
And then Jesse and I then also worked with another colleague, Chris Brown,
who was at the, done a lot of big cryptocurrency cases,
including currently cases that are charged in the district court, like mixing cases and things
like that.
We all just sat down.
like we need to have like a more coordinated way of coming at this problem and different agencies of different expertise.
IRS is at the forefront.
They're super smart about getting in like working the blockchain and HSI is really good with undercover and FBI is this national security portfolio.
And so we kind of formed our own informal strike force, which we called because we thought it sounded cool.
And we wanted to make T-shirts that said that strike force.
And so it was, I think like anything in federal service, it's like there's a lot of,
elbow room to kind of grow and try out new things. And you just want to find people who are
mission-oriented and, like, excited about trying those new things. And so we were able to kind
organically find a group of people who were interested in cryptocurrency and kind of each had
our own different strengths that we could play on each other on. I like the strike force thing.
It, you know, doesn't sound exactly how like government would normally work. You imagine it would
typically be very bureaucratic, but I like that idea that you just called it back because it sounded
cool. So let's dive, or before we dive into the details on these cases, let's actually just
establish some facts for the listeners, because I think even before, you know, researching this,
I didn't really know some of the stuff. But most, if not all of these cases, are civil forfeiture cases.
What is civil forfeiture and what happens in a case like that? Sure. I can take that one.
So civil forfeiture is interesting because it's, you know, it's so different than your normal criminal case.
Like in a criminal case, it might be the United States versus Zia Faruqi, right?
Like that's against a person.
But civil forfeiture is against the thing.
It's, you know, United States versus 220 cryptocurrency accounts or United States versus one Ford truck.
It's a way to go after things.
It's a less punitive way of enforcing the law.
You don't have to actually arrest a person and try to take their property.
You can just go directly against the thing.
And then people, you know, the burden of proof is still in the government, but that people then can come forward and say, like, hey, actually this thing belongs to me.
And there's a process by which then the court then says, like, has the government met its burden of proof to show this was involved in the crime or proceeds of the crime?
And if it is, then the person sold the defense to say, like, look, I had no idea if someone was using my car to commit this crime.
Or I had no idea someone was using my bank account to do this.
And then they get the property return to them if they can prove that.
And if I could just add, there's a whole spectrum of civil forfeiture. I mean, it can start as small as someone, you know, forfeiting your property and after they seize it, you know, at a stop of some sort to the kinds of cases that we deal with, which is seizing a domain that might be proffering terrorist finance or child pornography. So there's a whole range and, you know, they can differ in many ways. But at the end of the day, it's a civil forfeiture kind of action.
And so I, and maybe this is sort of just part and parcel of what we were just discussing.
But, you know, like if you know that a certain person is affiliated with one of these properties,
then why wouldn't you just make that person a defendant?
Is that just a different type of case?
Or how does it work when you have that connection?
Sure.
Well, I can start.
And Zia, if you want to, you know, go from there and add to it.
There's a lot of reasons for it.
first of all, there's a different level of proof for civil forfeiture and criminal charges.
And most importantly, probably goes to what Zia just said, which is that the civil action is
against the property, not a person. And the criminal action is going to be against a person.
And with a criminal action, you have to prove a mens rea, you have to prove, which is an intent
that goes with each statute. And there's a lot of different steps that go with that, that lead to
our high burden of proof that, you know, the government takes on.
proudly. But with civil forfeiture, it's all about the property. Like, what is about this property
that was involved in wrongdoing in some way? So there are a lot of considerations that sort of
differentiate the two, and there are a lot of nuances that help prosecutors decide whether they
want to go the civil route, the criminal route, or you can dual track it as well.
The one thing I add is that, you know, there's a lot of people who are, have commented about
Department of Justice Actions, that they, you know, they do what's called name and shame indictments,
where there may be someone in North Korea or there may be someone in Syria that they can't
actually get their hands on the actual person.
It's like, what have you accomplished by doing that?
And so civil forfeiture is important because it's an actual way to have concrete disruption
in national security cases where in the kind of name and shame, you know, that that person's
life is not necessarily impacted in the civil case.
Like you might know someone in North Korea has stolen these funds and things like that,
but they're not, if they never leave North Korea, what is the point of criminally charging them
necessarily. But the civil, you actually go and seize the funds. You're actually able to get the
money. And so there may be instances, many instances where you take the less punitive route of
civil forfeiture, because what is the point of adding those additional resources to criminally charge
someone that you would never get a chance to actually prosecute. You can't criminally prosecute someone
absentia. They have to actually be present in the United States, in the United States District
courtroom. All right. So now let's turn to some of these cases. There's one pretty,
interesting one in which the government maybe, at least, you know, from your work, you were able to run a terrorist website for the first time. And that was involving a Hamas group called Al-Kasang Brigades. Why don't you just start by describing who they are?
Sure. The Al-Kasan Brigades is the military wing of Hamas, and they're a designated terrorist organization by the U.S. government, which, um,
ends itself to certain types of restrictions, which include sanctions. And if you give any material
support to them, the material support charges. So that designation is important. And in that case,
it was sort of part of a larger campaign that Zia and I led against taking down and dismantling
three separate cyber-oriented terrorist campaigns. Two, that directly involved cryptocurrency,
and one, that tertiary involvement. And what were there?
doing with cryptocurrency? Sure. So each of the three terror groups was acting distinctly,
but to speak specifically to the Al-Kasan Brigades, since that's what you raised, in that case,
and it all sort of started on Twitter, but the Al-Kasan Brigades put out an announcement on their
Twitter publicly asking for Bitcoin donations from their supporters. And what it started out with
was a static address for the supporters to send to. And then,
From there, we and the DOJ and our investigatory partners at IRS and HSI were able to watch as the Al-Kasam Brigades developed and learned more about cryptocurrency.
So eventually they shifted their finance campaign from Twitter to their websites, which were Al-Kasom.net, all-Kasom.PS, and Kassam.PS.
And on those websites, they started to say, hey, supporters, send us your Bitcoin by clicking on this.
And again, on those websites, it was just a static address.
But purportedly to avoid any government and law enforcement detection, they then changed their
techniques and started doing dynamic addresses.
So each individual who wanted to donate would click on the website and an address would be
generated for that supporter to donate to.
And so throughout that process, the terrorist group was able to raise a lot of money from
supporters all over the world.
through a lot of work from our amazing law enforcement, they were able to track both the addresses that the Al-Kasan Brigades was generating on this website, as well as all the addresses that were sending to it.
And then through our work there, including multiple different legal techniques, we were able to determine how the website itself was run.
And from there, through judicial authorization, was able to run the website for 30 days.
And how that exactly worked was that as part of our seizure action, which is related to the civil
forfeiture, we seized the domain. And sometimes when you seize a domain, the domain name just
is transferred to a splash page run by the government. So essentially a splash page that says,
this website was supportive of terrorists or supportive of child pornography. And so it's now owned by
the government. But in this case, what we did instead,
was redirect the website to a government-run website
that was an exact mirror image of the prior terrorist website.
And through this, our law enforcement and the government
was able to run the website for 30 days.
And during that time, people continued to visit the website
and donate money to the Al-Kasom Brigades throughout this
until after that 30-day period when we filed our civil forfeiture complaint
and the splash page was put up.
And just to go back to spell it out for the audience, so why was it that they switched from
just one particular address to these dynamically generated addresses?
Because of Jesse Brooks. Because of Jesse Brooks. That's why she went and got their money, right?
It's the cat and mouse. Sorry, go ahead, Jesse.
Yeah, I mean, at the end of the day, like terrorists are trying to avoid law enforcement detection
too. And they're learning while we're learning. And
they can tell that we're investigating their cases, we're freezing their assets, we're starting to
figure out what's going on here. And so we began to work with virtual exchanges to freeze assets.
And from there, they decided that they need to change their techniques. And, you know,
terrorists used to rely on financial institutions. They still do, but they're developing and now
are learning more about cryptocurrency. We're watching them develop more and more and learn more and more
about cryptocurrency, which is in this specific case, they move from static to dynamic,
which is much more difficult to track, but because we sort of already knew what was going on,
we had a head start on it.
And so how were you able to find all the addresses that the generator was creating,
plus all the addresses that sent to those?
I mean, well, I guess maybe that part isn't as hard once you have the address.
Laura, a magician never reveals their secrets.
They have to tune into the sequel podcast when we,
We give the peek behind the curtain.
But I mean, I think it's, as Jesse said,
it's the tremendous work of the IRS agents,
Chris Janczewski, the HSI agent, Bill Capra.
I mean, these guys were working a ton with the FBI partners
to go through and really figure out, you know,
what was going on.
And they used, you know, sophisticated tools.
I mean, you saw on a press release,
there was a reference as well.
Chain Alice has done a couple presentations that they participated in Exigent,
was another contractor.
So I think it was, you know, just look,
I mean, the agents spend a lot of time working.
It's not like there's no one trick.
It just, it's work, right?
Like they were working with using the legal tools like Jesse was saying,
search and seizure warrants to get email content or get financial records from subpoenas,
leveraging relationships with overseas partners,
and then, you know, undercover work.
It's a little bit of everything.
And I think something that was really special about this action and the follow-up ones
is that it was an interagency effort,
all run by people that actually really care and are interested.
did in cryptocurrency and who sort of believe in what cryptocurrency is trying to do. So we were all just
trying to figure out who are the bad actors using cryptocurrency and how can we attack them? Because
the DOJ and these other agencies are just trying to understand these virtual assets and make sure
that they're not used for bad. And earlier, when I asked about Al-Qasang brigades, you said
there were also other groups. So what happened with those? How were they using Bitcoin or
cryptocurrency? Sure. So I can speak to that. So there were two other campaigns that were rolled out as part of
this large dismantling that Zia and I led along with our law enforcement. So the second one was Al Qaeda,
and they were using telegram. So what was another interesting thing other than cryptocurrency is that
in all three of these actions, the terrorist groups were not only relying on cryptocurrency, but also relying on
social media and new techniques, just sort of showing how they were becoming smarter when.
it comes to using cyber tools. So Al-Qaeda through Telegram was raising money for really violent
causes. I mean, not being shy about what they were asking for money for, you know, pictures of weapons,
pictures of military gear, and seeking donations of different cryptocurrency to help support that.
And what was sort of upsetting and disturbing about the whole thing was that a lot of the
telegram channels were hiding behind charity names. And so,
So they made it sound like it was charity for individuals that were refugees or people that needed help in Syria, but when in fact they were really just raising money through cryptocurrency for, you know, violent causes.
And so through a lot of the same agents and the same sort of interagency effort that was similarly completed, all these telegram channels were tracked, including all the different addresses that received cryptocurrency on behalf of these violent causes.
So those were seized and sought for forfeiture as well in a separate civil forfeiture complaint.
So that's the second one.
And then the third one was an ISIS-COVID-related case.
And so this was less centered around cryptocurrency, although there's some cryptocurrency
involved with it.
But this case was similarly devastating in that it was ISIS taking advantage of the COVID outbreak
all over the world, but particularly targeting the United States, creating a website
and multiple Facebook accounts that linked you directly to this website that was selling fake
PPE.
And this website was created pretty soon after COVID started spreading pretty wildly in the United
States.
And there was very little shame in that they were selling to customers in the United States
that had purported to serve hospitals, nursing homes, such things like that.
And so through our action, same sort of interagency effort and just following the
social media campaigns, we were able to seize that website as well as the Facebook accounts as well.
And actually, just to go back and ask, you know, and this may be the case for all of them,
but I especially noticed it with the Alka Sambrigades. You were naming unhosted Bitcoin addresses
in your complaint, meaning ones in which the Alka Samburgates were the people who had the
control of the private keys. So how do you seize funds from an address like that in which
the owner is, you know, really just the person who controls the private keys.
I think there's a couple different ways we go after unhosted wallets, right?
One is that we might be able to use legal tools, like through warrants or through cooperators
or someone who could get us recovery seeds, who can get us the private keys.
You know, we may be able to collect that information ourselves and get that.
In other instances, it's more treating it like the stolen art model.
And so that we basically, you know, you think about what happens when we,
a famous piece art is taken out of a museum,
is that by publicizing that that is something that is illicit,
it collapses the resale value of that.
And then it also allows you, you know,
so the person who then maybe stole the Mona Lisa is worth,
you know, $100 million, it's now worth maybe $10 million or $50 million,
something much less.
But then not only have you collapsed the resale value,
anyone that's legitimate that then does business with that,
they should be on notice and says like, well, you know,
the museum that then or the then goes and re-bys it or something,
like that, if they fail to do their due diligence, knowing that there is this, in the art world,
there's a stolen art crime index. Like, people check that first before they purchase it.
You know, they could be subject to, you know, potential money laundering or other criminal
charge. And so the same thing here with cryptocurrency addresses, even for the unhosted wallets,
for the ones where the government can't go and recover it through legal tools. You've not only now
reduce the value of it because that now people know on the, like, that's the beauty of the blockchain,
right? It's all public. You don't have.
to have this highly sophisticated stolen art crime index, it's out there for everyone to see,
oh my gosh, yeah, this one address is allegedly part of a criminal terrorist scheme.
I'm not going to, if someone on local Bitcoin sits me up and says like, hey, I want to send
you and do a currency exchange and then I see what address is coming from.
Like, you don't need to be some big bank with a sophisticated AML program.
This is something anyone can do from like the ease of their smartphone.
But moreover, cryptocurrency exchanges absolutely are looking at those addresses and that they're
looking at, you know, chain analysis, elliptic,
TRM, all these other big entities that are doing this sort of analytical work, they're highlighting
those addresses and pushing that out to exchanges so those exchanges know, like, this is functioned
like an OFAC sanctions list.
And what happens if they do something like send the money to a mixer or, you know, is that
something where then the mixer would reject the funds or how does that work?
I think it depends on the mixer, right?
Like no different than the cryptocurrency exchange.
I mean, some, you know, their cryptocurrency.
exchanges that conduct no KYC and in fact are avowed and that they want people to come and bring
their illicit proceeds there. You know, the Department of Justice has charged. A lot of those cases,
as I said, we have one here in D.C. that Chris Brown and the team from IRS met Price's
charge involving the Graham's Helix case. And so, you know, one of the allegations in those
charges relates to alleged money laundering or, you know, when funds come in, not questioning the
source of it. So absolutely, I mean, I think, you know, in the sanctions context or at other ones,
it's the financial institutions that are the gatekeepers. And so DOJ has gone after them, right? You can't
necessarily get to the individuals because of the volume. But what you can go is to go to the gatekeepers
and say, look, financial institutions and that at bottom is what a mixer is. That's what this recent
decision from the D.C. District Court has said in that case, but as well as from all our other cases,
and FinCEN has said as well, it's like, when you're exchanging your financial institution,
you have to do AML work, and if you don't, you could get prosecuted.
And so now, just to go back to the ISIS and, sorry, Al-Qaeda case,
I wanted to ask a little bit more about that telegram group where you said that they were disguised
as charity groups.
When people would go into the groups, would they realize kind of what the purpose was of the
donations or was that also masked once you were in the group?
So a lot of this is spelled out in the civil forfeiture complaint, which is
public, but we can't possibly try and get into the head of everyone that went and visited or even
the ones that maybe donated. But at the end of the day, it was pretty clear from the postings
when there's a pick, if it's called, you know, a charity XYZ, the posting would have a picture of a
weapon. And so raise money for purchasing this or raise money for this cause. So we don't purport
to know what every single person was thinking. But at the end of the day, it was pretty clear from
these telegram channels what the purpose was. I think dovetailing on that just really quickly,
you know, as a Muslim American, one of the things that there's always this fear of was like,
oh, if you're donating to a charity, is this charity one that's actually doing what it says to?
And frankly, that's true of everyone, right? Like when you donate to any charity, but in particular,
there have been charged criminal cases of charities in the past that were financing terrorism
and donors sometimes are like, well, oh my God, I had no idea that's doing it. So I think
part of the work that the team did here was so important because
there were these charities nominally that were doing that where people may not have known that, right?
And I think, again, to the credit of Jesse and the team, there weren't donors that were charged, right?
It was just going after the institution that was collecting the money, but part of, again, like that stolen art model, now people are on notice.
Like, if you Google that charity, do any basic sort of foundational research on it, you're going to see, like, oh, my God, not only when I go in the telegram channel and, like, look three or four layers down, do I see pictures of machine guns, I'll see that they were named in a government complaint.
So I know that this is not like a safe space to donate funds to.
You know, and they were highlighting the anonymity and things like that.
And so I think that it was, you know, apparent, but now it is very apparent than what they were doing.
Yeah, that's something that fascinated me a little bit about when you took over the Al-Kasan Brigades website.
You know, Al-Kasong brigades could have very easily just told people, hey, we're not in control of that website anymore.
And I believe they tried to.
So what happened then? Why did people still go there and use the site?
Yeah, that's so interesting. And I remember we sort of worked through that before it all happened.
Like, what if this happens? Is it really worth it? Should we just put up a splash page?
But at the end of the day, people want to believe what they want to believe on the internet.
And we had a website that looked exactly like the old website. And if people wanted to think it was the same thing, great.
What actually happened was that the Alcassan Brigades tweeted out using the methods of their original campaign financing that their website had been taken over.
But at the end of the day, no one really knew if it was the Twitter account that was hacked or the website that had been hacked.
And, you know, people continued to donate.
And part of it was, you know, maybe some people believe that and some people stopped visiting the website.
But we also wanted to sort of show that, like, the DOJ sort of knows what's going on here.
And when people go visit a terrorist website, we want them to be uncertain whether they're visiting
a terrorist website or the DOJ and maybe hesitate before they donate money.
Because one thing that's very important to us is that in these terrorist financing cases,
when we seize money, we try and direct it towards this victim's funds that's for victims of
terror.
And that's run by the DOJ.
And there's a few rules about how the money gets in there.
But our hope is that at least a big chunk of the money that we've forced.
forfeited here, including from people that were donating to terrorists, both when the DOJ ran the
website and when it was actually a terrorist website, is going to be redirected to victims that have
suffered, you know, unimaginable crimes from terrorists. And so I know we already just touched on
this very briefly about the face maskcenter.com. And, you know, as you mentioned, the role of
cryptocurrency here was fairly tangential. But I still wanted to ask, so exactly how were they using
cryptocurrency. And, you know, I just find it fascinating that they used this crisis with COVID
to try to perpetrate this scam. Again, that goes right to the ingenuity. They're always coming
up with new ways. And, you know, as Jesse said, the website sprung up just, you know, days after
the COVID crisis started. And so the connection to cryptocurrency is that Zubaya Shannaz was
charged in New York about, I think like a year and a half ago and pled guilty.
And so she was sending money to the person who is identified in the forfeiture complaint.
And so what she was doing was that she was getting through ISIS was getting stolen PII,
you know, people that are stealing their personal identifying information and in credit cards in particular,
using those credit cards to buy crypto, to launder it, immediately turning around and selling that crypto at exchanges.
And then that way having laundered it so they can say, oh, if someone asked them, like, where did you get this money from?
I was like, oh, well, I sold a bunch of crypto, right?
And then, you know, law enforcement or banks or virtual currency exchanges aren't looking one behind that to say, well, where did you buy that from?
Oh, it's from this stolen credit card.
And then that money was going to ISIS.
And so after Shanaz gets arrested and pleads guilty about sending money over to the ISIS financier, this immediately springs up, right?
It's like it's almost like a relay race.
They had this one path of using crypto to get stolen PII and buy crypto and then laundered to Fiat currency and sent to ISIS.
That gets shut down.
They start at this website and you would anticipate again on the website they were taking money any which way it could come in.
So one would anticipate.
I think that there were some allegations potentially that they would accept cryptocurrency for the fake PPE, but more importantly it's the same scheme.
They just want someone to send them their credit card information, send them their PII.
they think that they're going to be buying, you know, a thousand masks,
but instead all they've done is given all that identifying information to ISIS
and that they would do the same thing again, use that to buy more crypto laundered again into fiat.
And so the goal is not to just make the $50,000 or $50,000 sale of the PPE that's never going to come.
It's to get that information and use that to buy a bunch of crypto,
which they see clearly as a way to launder money quickly and efficiently,
and then, you know, just get a good exchange,
even if it's not like a great rate, but then they've laundered it, they think effectively.
Okay.
But I mean, you're saying that that's their assumption that law enforcement won't go beyond that one step of looking at where the Bitcoin came from, right?
But obviously, that's not the case because she just found out.
Exactly.
Exactly.
Yeah, yeah.
We caught her.
But yes, that is the assumption often that.
I mean, that's what, you know, money laundering at bottom is.
You're just trying to put a bunch of logical steps in between the,
illegality at the beginning and where you are at the end and to try to like hide how the money got
there. But if someone, you know, the determined law enforcement team of the HSI IRS and FBI team,
they continue to peek behind what's behind door one, two, three, four, five. They finally get there.
And, you know, at the end of the day, that's how they're able to, they see like, okay,
there's an illicit source. But, you know, they're trying to go scatter shot and just put up
one layer of concealment because that might be enough to get past a KYC check or AML check at a
bank or cryptocurrency exchange.
All right.
So in a moment, we're going to talk about some cases involving North Korea.
But first, a quick word from the sponsors who make this show possible.
The ScoreBet app here with trusted stats and real-time sports news.
Yeah, hey, who should I take in the Boston game?
Well, statistically speaking.
Nah, no more statistically speaking.
I want hot takes.
I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
Or?
The scoreback.
Trusted sports content, seamless sports betting. Download today.
19 plus Ontario only.
If you have questions or concerns about your gambling or the gambling of someone close to you,
please go to conicsonterio.ca.
Everyone needs help with something.
If investing is your something, we get it.
Cooperators' financial representatives are here to help.
With genuine advice that puts your needs first, we got you.
For all your holistic investment in life insurance advice needs,
talk to us today.
Cooperators, investing in your future together.
Mutual funds are offered through Cooperators Financial Investment Services Inc.
to Canadian residents except those in Quebec in the territories.
Segregated funds are administered by cooperators' life insurance company.
Life insurance is underwritten by cooperators' life insurance company.
Investing is all about the future.
So what do you think's going to happen?
Bitcoin is sort of inevitable at this point.
I think it would come down to precious metals.
I hope we don't go cashless.
I would say land is a safe investment.
Technology companies.
Solar energy.
Robotic pollinators might be a thing.
a wrestler to face a robot, that will have to happen.
So whatever you think is going to happen in the future, you can invest in it at WealthSimple.
Start now at WealthSimple.com.
Crypto.com, the crypto super app that lets you buy, earn, and spend crypto, all in one place.
Earn up to 8.5% per year on your BTC.
Download the Crypto.com app now to see the interest rates you could be earning on BTC and more than 20 other coins.
Once in the app, you can apply for the Crypto.com,
metal card, which pays you up to 8% cashback instantly on all purchases.
Reserve years now in the crypto.com app.
Back to my conversation with Zia and Jesse.
So you also prosecuted a case involving the North Korea affiliated group Lazarus,
and that involved $250 million worth of cryptocurrency.
How were they able to amass such a large haul?
Yeah.
No, I mean, it's fascinating to look in the complaint.
And again, it really does.
details out so we can't show it here, but I encourage people to go check out the press release
as a copy of the very detailed charts that the IRS Special Agent Chris Jancheski drew up.
But it shows...
Yeah, I was impressed by the charts.
Well, I can't tell you how happy is now that he heard you say that because nothing makes him
happier than that.
He recently told his wife that he was really excited that someone had talked about
greatest charts where and she was extremely unimpressed and she just doesn't understand him or get him.
But you do, so it's great.
And we do as well.
But yes, you know, so that hack, it was a hack, right?
And it was really interesting.
It happened after a previous hack that's allegedly attributed North Korea is that they
went to a cryptocurrency exchange and said, hey, you know, we have a bunch of whale clients.
They have a ton of money.
They want to come invest it with your exchange.
We're just worried about these hackers out there.
And so we have an attached questionnaire to this email that's going to review your OPSEC
and things like that and make sure that, yeah, yeah, that you are, in fact,
secure and compliant. And so in many ways, they failed the test, right? One, because they clicked on
the attachment and two, because then when the attachment was there, it had a bunch of malware.
And so the complaint details how the language and the script language that's used is consistent
with how North Korean hackers have operated and that there were other things within the
complaint where like their VPNs were able to be penetrated by law enforcement and things like
that, where they were able to attribute it to North Korea. But it's just, again, that sloppiness,
you know, it just takes one bad mistake by someone in the security team or the client kind of
relation team at a cryptocurrency exchange that they were able to do a complete takeover and get to
not only the hotwals, but also get to some of the cold storage funds, which normally you think
shouldn't be able to happen, but they just totally took over the system.
And so from one exchange, right, one bank heist, my favorite New Yorker cartoon that we use in all
representations as a guy goes into rob a bank and the guy's giving the money over goes,
you know, you can do this all online now, right? And so instead of one bank robbery where there's
the risk of violence and like, you know, the security there, this is from the safety of the
North Koreans, you know, house or whatever they're sitting in, they're able to steal $280 million
in one fell swoop. And then you see in other hacks, and it's describing the complaint,
and the second related complaint is that like they are out there just spearfishing all day,
every day looking for people who are well known in the crypto world, either to assume their
identities or to go after those people to take over their identities, again, with the goal of
hacking exchanges or getting access to exchanges where they can get that kind of money.
Yeah.
In general, you know, their techniques just seemed, you know, so basic isn't the word because it sounds
unsophisticated on their part.
But what I mean is it's not something where you need to know coding.
or have any kind of fancy computer programming knowledge.
It's literally just trading on people's gullibility or, yeah.
And so earlier, though, you said something about how it was in line with other North Korean.
I didn't understand that.
Like, what was it about previous North Korean hacking behavior that lined up?
So we looked at the actual malware.
We got a copy of that from the victim.
And when examining that malware, the way that the scripts were written in it,
that allowed them to take over was consistent with other hacks that have been documented with North Korea.
And so we used a couple different things.
Like we used, as I said, the penetration of the VPN and the language and the scripts and all these things we stack.
They don't say at the end of the day, it's us North Korea.
But like, you know, the language that was used and the scripts.
Additionally, there was a couple of things where we looked at some of the other information that they were researching
and some of the things were researching things about the North Korean military.
So it's possible, right?
It could be someone in Kansas who just happens to use the same script language and uses a VPN
that traces back to a North Korean cell tower and also researches a lot of information about
the North Korean military, but more likely, right, like that's reflective of the fact that
it is in fact North Korean actors. All right. And one other thing was that some of the money was
these strange coins like proton token and olive and bethereum. I've literally never even heard of
these. So why would they do that? Yeah, I mean, in the most recent complaint, you know,
there was Algo tokens. There was all sorts of different coins. And, you know, one of the things
that Chris talked about in the complaint is the chain hopping that occurs and that they're
trying to move from one chain to another. It's, I think, no different than when someone has,
steals money from a bank, they might try to exchange it into euros and then from euros into
yen and then Renimbi and back to dollars because they think, again, they're obfuscating the trail.
and to some extent they are, right?
Like we can subpoena, well, DOJ can subpoena the, you know, U.S. banks and things like that to get that information,
but it's much more challenging to get it from foreign banks or things like that.
And so I think what Chris talks about in that most recent complaint is that part of what chain hopping is done is to try to break the public, you know, blockchain ledgers and try to divorce things out so you can't see where things are moving from one currency to another.
And so they might use a really rare currency.
And remember, they're willing to take pennies on the dollar.
Like the reason that you, I and Jesse won't, you know, deal in these coins is because, like, they may not have the availability or, like, people may not be interested in them or you might get a lot less bang for your buck.
But when you have $280 million, like, you're happy to get a 50% yield rate.
That is a bank heist that is unprecedented, right?
If you get 10%, it's huge.
And so not only does it obfuscate what you're doing, you know, it may be an easier way to find some people who are willing to sell it.
But what's interesting is that Chris draws back in that complaint is that, you know,
They always come back to Bitcoin, right?
Like, because no one has heard of these coins, and at the end of the day, they do need to get to Fiat.
So, like, they may go through all this chain hopping, and then they circle back to Bitcoin.
And that's where Chris and the IRS team and Bill and the HSI team and Kyle and FBI team,
they're able to really leverage all of their expertise in the known Bitcoin to then figure out, like,
wait a minute, we can, you know, going back to that example of let's go back three, four, four more to see where did this coin have never heard from?
Well, how did that coin get funded?
And so talk about that a little bit more, like why it is that they always come back to Bitcoin.
Like you started to say it, but just flesh it out for people because, I mean, you know, it's also the blockchain that has often led prosecutors like you to the criminals.
So why would they do that?
You know, this is the question whenever anyone, Jesse and I talked when I was a prosecutor about like our practice in the fiat side of like, you know, terrorism financing and North Korean sanctions violations.
All we would say is like, because North Korea.
was allegedly buying this thing in U.S. dollars,
they're subject to these punitive criminal penalties.
We've seized all their money.
And they always say, like, someone raises their hand, like,
why didn't they just use, like, Chinese yen or euros?
And the answer always like, yeah, they should have.
And if they did, we wouldn't have had a case.
And there's always people like, oh, my God,
well, they'll just stop using the U.S. dollar
because if you keep prosecuting this,
it'll drive them to other currencies that people feel like
that they can get away whatever they want to.
But, you know, that just never happened.
And the same thing with Bitcoin is that, you know,
you can buy a Tesla with Bitcoin, you can buy Subway with Bitcoin.
You can't buy them with those other coins that no one has heard of.
And so as they still chain hop to obfuscate at the end of the day, they need to get this into fiat currency.
That is still the choke point where law enforcement will come in and where cryptocurrency exchanges really can be very robust in their KYC.
And the same thing is true for law enforcement is that they are waiting and they see when they come back to Bitcoin because they want to buy things or because they want to get a better return rate.
or because, you know, people are like too sketched out.
They're like, well, I've never heard of this coin.
And like, you have no trading history on like one of these exchanges.
And so like, no way, I'm not going to deal with this.
It's too suspicious.
But if someone who has no trading history has never done anything, but it's on Bitcoin,
which is well known and trusted, they're like, well, I'm willing to do that because everything's
public.
And so like I feel safer.
And so I think for all those reasons, they always come back to Bitcoin.
And I think just to hop off that, something that Zia and I have talked about a lot is
that criminals don't want to lose their money either, right? And they want to rely on institutions
or coins that are a little bit more stable. And so at the end of the day, even though criminals might
work in these other coins or they might not have heard of, they want to get back to Bitcoin so
they can feel solid in whatever they have there. And so once they do have the Bitcoin, you know,
as we mentioned, you often are kind of, law enforcement is often notifying exchanges of,
coins or addresses that are associated with criminal activity. But how are they attempting to cash out?
How easy is it for them to do so when they have these stolen funds? There's a lot of different ways
and a lot of different techniques that they use. Something that the DOJ frequently looks at is
unlicensed money service businesses. So those are people that are buying and selling funds,
whether they be cryptocurrency or otherwise without correct licensing from the U.S. government from FinCEN.
And so how that works in the crypto world is that there are these people that sort of take advantage of what Zio was talking about is that criminals frequently just want to get pennies on the dollar.
And so they do these transactions where each person that's running this business is taking a little bit and a little bit more.
And so they're hopping through these exchanges or hopping through these coins with the help of these unlicensed money service businesses.
And that's one way that we're able to track it is that there are some people that or organizations or businesses that are run by a few people that are doing a lot of this business for criminals.
I think one thing that's also interesting to your question of that's the, I think that's the how difficult is it.
Like it seems like it is right.
And the goal of work of like what Jesse is doing is to make it more difficult.
You're never going to make it impossible, but you just want to make it more difficult.
and I think that North Korea complaint, the one that you talked about, highlights that.
So after the complaint drops on like a Tuesday, within 48 hours, there's an amended complaint.
I'm like, so why did that happen?
And if you look at the document, it goes into it.
What happened is that there were unhosted addresses that had sat for over 14 months with no activity.
The complaint drops, and immediately they start going frantically trying to cash those out,
which caused then the government to go immediately within 48 hours and amend their complaint
and say like, hey, here are these, all these other dresses, here's where they moved to, move to.
And that's no different than, like, you know, Jesse's experience or mine from, like, you know, street-level drug crime, right?
Like, when they hear the cops knocking on the door, everyone's flushing everything down the toilet, throwing things out the window, or just trying to get rid of it, right?
Everything's got to go, fire sale.
And that's exactly what they were doing in this case, that the North Korean see right after the complaint comes out, oh, my God, this stuff is really hot.
We've got to get rid of it.
And they're just trying to push as much out as quickly as they can before the exchange or someone catches up or the government.
And there, you know, it was within a matter of 48 hours, all those addresses are then identified, sent back to the one or two exchanges.
I mean, there was largely two exchanges that are referenced there. And, you know, the government tells them, like, hey, these are still those same people.
You know, I think chain analysis at the same time did a report where they talked about some of the new addresses that were coming out and warning people like, hey, here's where they're moving to now.
I mean, that's what's incredible about like the blockchain, right?
Like if someone stole $150 million from a traditional bank, right, and they took that money.
in there, there's nothing the public writ large could do. But after a bunch of these hacks,
you had people who are watching the blockchain and they say like, hey, we're watching this
happen right now live, right? Like, it is happening right now and they're publicly broadcasting
that information. So it is why cryptocurrency in many ways is a much worse vehicle for laundering
money because it's not just reliant on Jesse and her team. You can have people who are sitting
at home and watching this stuff and giving, you know, Jesse's able to outsource instead of her
just having her four agents. Now she has thousands of agents. It's all the people.
listening to this podcast were like, yeah, this seems weird. I saw this is the
right thing on the blockchain and then they tweet about it. Yeah. Yeah, I have definitely
seen online forums where people are watching stuff on the blockchain and commenting on
movements in real time. One other thing that I found fascinating about this case was that the
North Korean hackers were also using stolen identities to try to cash out. How were they trying to do
that? And where did they get those identities? Yeah, that's, you know, again, to Jesse's point,
right, like she described how Al Qasam evolved from a kind of basic to getting more and more sophisticated.
And the same thing with the North Koreans, right?
On the first complaint that, you know, there are pictures in it of people, you know, some exchanges want you to hold up KYC with a picture right next to your face.
And that the agents were able to show like if you looked at the T-shirt and like the body, it was the same body with just a different face superimposed.
And they were able to identify who those were.
And so that's pretty basic, right?
and that you see in the most recent forfeiture complaint that Jesse and while it was at DOJ that we did with our partners over Alden and Jessica Peck at DOJ, that they started stealing people's PII, right?
Because that's way more valuable because that's an actual, you know, that will pass some of the KYC filters that were picked up on like, oh, this is an edited PDF, like it's the same T-shirt, forget about it.
That is genuine.
And so where they get it from, I mean, the complaints just referenced generally that, you know, the, you know, you know,
nations as referenced that, and their panel of expert reports is that North Korea is known
to hack exchanges, there's no reason to think when they're hacking exchange, they're just stealing
the money, right? There's also something of great value there. Just like with that ISIS campaign,
the PII is just as valuable sometimes as much of the money. And so they are going and stealing
data in addition to stealing money. And, you know, those complaints highlight that they're
using those for nefarious things. And I think it also highlights to cryptocurrency exchanges that,
like, you can't just do the basic KYC and say, like, this is a real license. Like, you need to
say, like, you know, do some follow-up questions or talk to the person. You know, people do like
Skype and Zoom chats now where they're talking to the person. And it's not just like a photo
selfie, like so they can see because that is much harder to fake and get past AML control. So I think,
you know, industry will have to continue to catch up as law enforcement notes. Like, you know,
your previous AML threshold, your basement, that's not enough now. It needs to get raised.
Yeah. And I just realized we've been saying PII. And I don't remember if we, it's
told people what that stands for. It stands for its personal identifying information.
So one other thing that I wanted to ask about was, and you've mentioned it multiple times during the
episode, but you're coordinating a bunch of different government agency and so often working with
teams actually in other countries as well. So how do you make that happen? You know, how do you
figure out what are all the different agencies that need to be involved or which other foreign
partners you need and how do you get in touch? And also, how do you,
just make so many people across different, you know, governmental agencies as well as jurisdictions
come together to prosecute these cases? I'll just start with that. I mean, it's all about finding
the right people. And as a prosecutor, your job is not necessarily to know every single detail of
cryptocurrency or to know all the technical side of virtual currency exchanges. But your job is to make
sure that you are working with the right people and that you're using different agencies.
for what they're best at and understanding that people have strengths in some ways and other
agencies have strengths in other ways. And at the end of the day and how I look at it and I know
how Zia looks at it is like, we're all in the same team. You know, we just want to ensure that
terrorists don't get money. We want to make sure that the cryptocurrency and virtual currency
exchanges are not abused so that terrorists and other bad actors can get money. And so if you go into
every meeting and every email with that mindset, everyone's going to want to work with you.
everyone's going to want to accomplish that goal because that's why we're civil servants.
And that's why we're going to work every day. And so at the end of the day, Zia and Chris put
together an amazing team, a strike force that I was lucky enough to be a part of. And I will brag about
Zia and Chris all day and tell you how lucky I am to work with them. But from there, we've been able
to find people at a bunch of different agencies, including HSI, Bill Kapper, Ryan Landers,
and FBI, Kyle Armstrong, and also just people at the DOJ that really have the same goal that we do
and try to avoid bureaucracy as much as we can in order to accomplish this goal.
Yeah.
One of the things that's sad about leaving is that, you know, I really enjoyed getting to
have the opportunity to meet with people.
So, you know, we went to South Korea on the Darknet child pornography case.
And it's just really exciting to meet people from totally different backgrounds who have similarly
motivated to like, how can you try to make the world a better place, right? Like, it is cheesy,
but it's true. Like, public servants, I think, in those roles, it crosses all boundaries and
backgrounds. And so, like, you know, it may be something that you figure out late night over
karaoke while talking to a prosecutor or a police officer in Korea. You know, we had partners
from Germany and from the UK. And, you know, even here in the U.S., like, you know, in the most
recent action, it highlighted that there was partnership with United States Cybercom and the
Department of Defense. And so I think, you know, what's so different and unique about the job
that Jesse has that I used to work on is that, like, you are the kind of center of that.
Like, you're just trying to be, find all the right players put on the right pieces on the chessboard
to advance the mission. And that it's really fun to find those people, because once you do,
it is organic. You can't just say like it's one formula. But once it happens, you go back to
those people and, you know, they're just always willing to make sacrifices in their personal life
and the work life, they just want to get things across the finish line.
And they're so motivated that it inspires you to work harder as well.
Yeah.
And actually, we didn't really discuss it very much.
I just mentioned it briefly about the Welcome to Video, which was, I think, one of your
first cases, if not the first involving cryptocurrency.
But actually, why don't you just talk a little bit more about how you guys were able
to prosecute that, given that, you know, the person running that site was in a foreign country?
Sure.
Yeah.
So, I mean, that's a good example.
one where we leverage both criminal and civil tools because we wanted to criminally prosecute
because we did think there was a person that we could get into the United States and do that.
And so, you know, again, that's the team at IRS and then the Homeland Security agents out in Colorado Springs
were working together.
You know, to Jesse's points, it was about relationships.
You know, we had a great relationship with the Korean National Police from a lot of the North Korea
work that we did.
And so we told them like, hey, you know, the IRS team after they did this great work in taking
down Alpha Bay with some of their other law enforcement partners.
They're kind of like, what's next?
And so, you know, very flippantly, I remember having a conversation between one of the kind of
people in our office who worked all these cases, Ari Redboard and myself, were like, you know,
what about child pornography?
And Arias has a ton of experience in this.
And so the IRS team came back, Chris Jancheski, like two weeks later.
And it's like, yeah, I haven't left my house in two weeks.
I found the largest dark night child pornography site.
And we should take it down.
And I remember I was just like, wait, what are you talking about?
He's like, you told me to find a child pornography site because he said that's like the next big thing we should do.
And I was like, yeah, I mean, I wasn't serious, but okay, I guess that's just, you know, be careful what you ask for.
And so, you know, we quickly assembled a team, again, like the same thing Jesse's talking about.
Like, you just got to get good people and find them.
And so Lindsay Suttonberg was an expert in office on child sex offense crime.
Yuli was an expert on cybercrime.
You know, we had the investigators, Kim Reese out in Colorado and Tom, Tansy, and as well as Chris.
and then we, you know, we just got on a plane and we went to Korea and we said, you know,
we had law enforcement partners there at HSI who had built relationships with the Korean police
and they said, like, here's what this dark net investigation is.
And they'd never really done a big dark net investigation.
But like everyone else, they're like, oh, my God, when they, you know, don't want to get the details.
It's very disturbing, but this is mostly infant and toddlers who are being victimized.
And so when people hear that, everyone, right, almost everyone's just like, how can I help?
What do I need to do?
tell me what I need to do, I want to do this.
And so, you know, we had partners from the UK in Germany as well who came along,
and particularly the UK, that they were tracking on this.
And so kind of briefed them on the case, came back a couple pretty shortly thereafter
and did a takedown where there was a full, like, you know, Korean police went.
They did a search warrant, kicked down the door,
found the alleged administrator of the site on the site logged on,
which is always the key.
You know, they've done a lot of things to try to protect the safety
because there actually been some customers that had committed suicide privacy
previously after they had been discovered,
and so they were very careful of that.
And, you know, the U.S. law enforcement was watching via, like, remote
to see what was happening while they're in Korea.
And then, you know, immediately getting a forensic copy of the server.
You know, we did a search warrant, which you can do if the property is at a U.S. embassy.
And so we're in the space there, and then just reconstituting the server there
while we're there in Korea and starting to build up lead packages for the hundreds of customers
who are on this site, you know, and from that, like, this is why this is important.
is we found a new site.
And then we did prosecute the administrator of that called Dark Scandals,
which was a site that showed not only child pornography,
but also videos of adults being raped,
all women being raped on it and being videotaped,
and getting paid in Ethereum and Bitcoin.
So again, because we found one customer of site,
we then saw, like, where else is he sending money to?
These people, typically this is not a limited habit.
And from that, we found this other site,
and it led to spin-off investigations.
There were 25 children that were rescued from actively being abused
because the IRS agent follow the money, right?
Like, because of the blockchain, he could follow the money.
The HSI agents could go and, you know, exploit all of that data with their partners from Exigen,
a private company that they worked with and Chenalysis.
From that, there are 25 kids today that are not being victimized.
And, like, you know, there's no better feeling in the world than that than saying, like,
you know, what is a concrete thing that you can show that your work did?
Well, here's what HSI and IRS's work did is that they saved these kids.
And there are 300 potential pedophiles who are not, not.
on the street because of them.
That's great. That's amazing work. I also did an interview about that with Jonathan Levin
of Chainalysis right when the news came out, and I will link to that in the show notes.
So how are you seeing the use of cryptocurrencies by criminals evolve over time?
Yeah, I mean, I think I'll hand off to Jesuit. I mean, one thing is, you know, as, again,
not a prosecutor speaking just in my former role, we never really looked as much to policy
and things like that. We're more like, here's a lot.
the case in front of us. We talk about what we see there, but I think that we can give examples of
what we saw, right? So like, I'll let Jesse talk about the terror finance campaigns, but I can
talk very briefly that North Korea is that we saw that they started, I mean, again, I mean,
you don't want to say it's basic because obviously the yield is so large, but it's a bit basic.
I mean, if I saw North Korea, I would tell them they're basic and that, you know, that it is
slowly getting to, maybe it's not an advanced yet, but every day there's, there's steps forward
because of Jesse and her team and the work that they're doing.
And so you saw the evolution from no KYC to, you know, very badly edited KYC that was fake to stolen PI to who knows what's next.
And so I think that's just one example of evolution.
I'm sure Jesse from the terror campaigns, maybe you have some other examples.
Sure.
And I mentioned this briefly before, but like the fact that the Al-Qasan Brigades jump from a static to a dynamic address generator,
which is not easy technology to create on a website, particularly that big of a technological jump,
shows that they learned something or they got some more information. And then you can just sort of watch,
you know, I can't talk about really open cases, but you can see how criminals are starting to maybe
just not direct deposit into the next address that they want to use, but using mixers, using tumblers,
but also just jumping through a bunch of intermediary addresses. And learning how to explain that
process to the court is something that we are developing as well on our side, because as the
Terrorists learn, DOJ learns, and virtual exchanges learn.
We're all sort of learning together.
And we have to figure out ways to teach the court as well that these new technologies are developing and that they're being used in proper ways.
And are you also finding that they're turning more to privacy coins?
I mean, there's always the fear there, right?
You know, I think that's hard to say, right?
That's in part why the privacy coins have their appeal.
But I think, you know, kind of like we talked about earlier, even when they go to that, they still end up coming back to Bitcoin because they need to.
to cash out.
Like they're not trying to just build up like a revenue.
I'm sorry,
they're not trying to build up like a federal reserve.
They need to spend money to buy things, right?
And so to the extent that privacy coins become more widely used,
then I think, sure,
they're going to continue to turn to continue to turn to that.
But as long as Bitcoin and Ethereum dominate and people are just using that,
I think, you know, again, there's that,
they still have to find someone, right?
Like to engage in transactions,
either to exchange with them or to buy the thing they want.
And people are nervous.
I mean, you know, there's obviously, like, some of the software platforms, some of the big exchanges don't take, they won't bank privacy coins.
And so I think that's no different than some, you know, big traditional banks will say like, okay, like I'll take in yen, renimbi, U.S. dollar, and euro, but I'm not taking in like X, Y and Z currency from another country because, like, I just think it's not reliable.
It's not safe.
Like, it's outside of my risk appetite.
And so there's still a lot of that, I think.
And just to jump off that, I mean, at the end of the day, what we're seeing criminals do is,
is as cryptocurrency sort of expands and people know what it is more,
they're able to target more people as victims or as supporters.
So maybe 10 years ago, if Al-Kasamburgades said,
hey, supporters send me Bitcoin,
there wouldn't have been that many people who knew how to do that
or really understood what Bitcoin was.
Now they can say, hey, supporters all over the world, send me Bitcoin.
Or if you think about the Twitter hack, like,
hey, let me just hack all these things and hack all these accounts
and ask people to send us Bitcoin.
10 years ago, that wouldn't have been possible.
So they're developing in that the rest of the world is catching up and understanding what cryptocurrency is.
And also, that can be a bigger way to hack into people's accounts and make sure that people are unbeknownst when they donate to these groups.
One thing I also wanted to ask about is this new trend with defy, which is obviously really taking off.
And some people are saying that decentralized exchanges could serve as mixers and make it easier for criminals and hackers.
to cash out. What is your take on that and whether or not, you know, how do you think it is that
the rise of Defi could affect your ability to do this work? Yeah, I think, yeah, just going back to
the kind of previous points, like, you know, we are limited in talking about like the cases we have
seen and like what we've prosecuted. And so kind of predicting what will happen in the future,
that's more like the people at Treasury and policy kind of folks. Like I think they can really speak
to that. Obviously, there's a ton of stuff right now in Defi. And it's just,
so popular. So, you know, when anything like this happens, right, like eventually criminals
try to find a way to leverage that. And so I'm sure, you know, your next podcast episode with Jesse
will be about a defy money laundering and whether or not to act as a mixing service. But I don't
think probably have anything to value to add. I don't know, Jesse, anything other than that.
Yeah, I just think that sort of what Zia is saying, like the regulations and the laws need to
catch up to this as well. Like, as new services and technologies are created, we need to figure out
how they fit within the current regulations and whether new ones need to be made. And that's definitely
a separate side of the government than us, but we're here to sort of watch and enforce as needed.
And I also just wanted to ask, you know, there was a couple points in the discussion where one of you
was saying that turning to cryptocurrency is a bad idea for a criminal because it's easier for,
it makes it easier for people like you to do your jobs. But in general, you know, as we're seeing the rise of,
crimes using cryptocurrency. Obviously, there's this whole trend with the ransomware, but then we've got
these big state actors like North Korea turning to cryptocurrency. What in general would you say is the
relationship of doing cryptocurrency and crime? I feel like one other thing I want to mention is that
early on in cryptocurrency, the narrative around it was that it was criminal money. And clearly now,
that's not really the narrative, I would say. We have all these big institutions that are getting in on it.
But I just wondered, you know, I really do think we're obviously still seeing that criminals do enjoy it.
So I wondered what your take was on, on that relationship.
I guess my sense is that there's still a false sense of security there.
Not everyone fully understands cryptocurrency or realizes that, you know, they can't hide behind a coin at the end of the day.
And I think that that information has just not spread as widely as people in the world like we are,
understand it. And so although we've definitely moved past this whole like criminals are the
own ones using cryptocurrency, I think that's definitely true. I think that a lot of people are turning to
it in order to be able to hide behind their current coins. But at the end of the day, criminals are
still using fiat currency too. They're just finding and shifting and moving and, you know,
taking turns in order to be able to try different ways and see what sticks. Yeah, I think one thing,
you know, it's fascinating Jesse and I have, there used to be this thing where you would get
in this machine and go to another country.
It was called international travel.
It's really hard to remember now, but we've given presentations on cryptocurrency,
and it's amazing, particularly when you're meeting people, you know, very sophisticated,
to still understand cryptocurrency.
When they see the Jesse with her DOJ insignia, they're like, why don't, I mean,
literally had people say, like, why doesn't the U.S. government just turn off?
Like, isn't this all criminals?
Like, people don't understand that, like, A, that's not something that's possible.
But B, my answer to them is always like, you know, people have been committing crime
with traditional Fiat money for a long time
and no one says to ban that.
So like I don't know.
There's this huge psychic disconnect
that I just don't get of like,
okay, great.
Like someone uses money to do something bad.
No one's talking about banning
unhosted wallets in fiat.
That's called cash, right?
Like that's what cash in between someone's bed is.
It's an unhosted wallet, right?
And criminals do that all the time.
Jesse and I could tell you stories
from when we had, you know, narcotics cases
where you find $200,000
and someone's hidden in the floorboards of their floor.
I had a case with that once where it happened, right?
And so like, no one's like,
like, well, we should ban cash. And so it's just, it's a, it's a false narrative. And it's a question I think that
I hope like, you know, if not, you know, years, if not months and days from now, people will just
stop asking like, how much of crypto is, you know, criminals, like that's not the point, right?
Crypto is here. People just need to learn to accept that. And it sounds like, as you point out,
big banks are starting to get that too, right? It's not just, it's just not exchanges anymore.
And that, like, the problem isn't crypto. It's a problem is criminals. And so like criminals will
commit crime with or without crypto.
The question is how can we,
you know, as a society say like,
oh, is this something that should or shouldn't be regulated?
I think that goes to Jesse's point.
It's like, DOJ is trying to find ways to follow up.
You know, and I think they're defense lawyers.
They're doing a fabulous job at trying to say, like, wait a minute,
DOJ, you're going too far.
Like, this is not within that.
You're using a regulatory framework for like Western Union sending money,
and that doesn't apply necessarily to someone just exchanging from one currency to another.
And so there is this big open area right now.
for the law to get fleshed out.
But that does not speak to the goodness or badness of cryptocurrency.
It's here to stay and people just need to learn to live with it.
I think my, especially my more libertarian-minded listeners,
might really like your answer to that question.
But in general, probably my whole audience will
because it's pretty level-headed and makes a lot of sense.
All right, well, it's been so great having you both on the show.
Where can people learn more about each of you and your work?
Well, I think, Jesse, you can reach out to us on LinkedIn.
I think that's one thing.
We keep both, I guess, somewhat little profiles in general, but Jesse's got a bunch of big cases.
You can see, I think, DOJ press releases.
I don't know.
What else, Jesse?
Yeah, I think press releases are probably the main way or LinkedIn.
I mean, at the end of the day, as government workers, we're part of a big team.
So every, like, success or prosecution or forfeiture that we have is the result of lots of people,
both named and unnamed. So, you know, there's not any other way, I guess, to sort of track our
activity other than that. But we, you know, we want to thank you for having us here and also
thank everyone that helped us, you know, accomplish this. And we hope to continue down this path.
Yeah, great. I mean, one other comment I'll make is that you guys did name a bunch of your
other collaborators throughout the show. So hopefully they will appreciate that.
All right. Well, thanks again. And it was so great having you.
Thank you so much.
Thank you. Thanks so much for joining us today.
To learn more about Zia, Jesse, and the DOJ strike force, check out of the show notes for this episode.
Don't forget, you can now watch video recordings of the shows on the Unchained YouTube channel.
Go to YouTube.com slash C slash Unchained podcast and subscribe today.
Unchained is produced by me, Laura Shin, with help from Anthony Yun, Daniel Ness, Bossie Baker, Shishonk VanCod, and the team at CLK transcription.
Thanks for listening.
Thank you.