{"id":9792,"date":"2022-04-01T15:05:53","date_gmt":"2022-04-01T15:05:53","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/skewed-data-how-could-a-new-us-law-boost-blockchain-analysis\/"},"modified":"2022-04-01T15:05:55","modified_gmt":"2022-04-01T15:05:55","slug":"skewed-data-how-could-a-new-us-law-boost-blockchain-analysis","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/skewed-data-how-could-a-new-us-law-boost-blockchain-analysis\/","title":{"rendered":"Skewed data: How could a new US law boost blockchain analysis?"},"content":{"rendered":"
\n

2020 was a record year for ransomware payments ($692 million), and 2021 will probably be higher when all the data is in, Chainalysis recently reported. Moreover, with the outbreak of the Ukraine-Russia war, ransomware\u2019s use as a geopolitical tool \u2014 not just a money grab \u2014 is expected to grow as well.<\/p>\n

But, a new U.S. law could stem this rising extortionist tide. United States President Joe Biden recently signed into law the Strengthening American Cybersecurity Act, or the Peters bill, requiring infrastructure firms to report to the government substantial cyber-attacks within 72 hours and within 24 hours if they make a ransomware payment.<\/p>\n

Why is this important? Blockchain analysis has proven increasingly effective in disrupting ransomware networks, as seen in the Colonial Pipeline case last year, where the Department of Justice was able to recover $2.3 million of the total that a pipeline company paid to a ransomware ring.\u00a0<\/p>\n

But, to maintain this positive trend, more data is needed and it has to be provided in a more timely manner, particularly malefactors\u2019 crypto addresses, as almost all ransomware attacks involve blockchain-based cryptocurrencies, usually Bitcoin (BTC).<\/p>\n

This is where the new law should help because, until now, ransomware victims rarely report the extortion to government authorities or others.\u00a0<\/p>\n

U.S. President Joe Biden and Office of Management and Budget Director Shalanda Young at the White House, March 28, 2022. Source: Reuters\/Kevin Lamarque<\/em><\/figcaption><\/figure>\n

\u201cIt will be very helpful,\u201d Roman Bieda, head of fraud investigations at Coinfirm, told Cointelegraph. \u201cThe ability to immediately \u2018flag\u2019 specific coins, addresses or transactions as \u2018risky\u2019 […] enables all users to spot the risk even before any laundering attempt.\u201d<\/p>\n

\u201cIt absolutely will aid in analysis by blockchain forensic researchers,\u201d Allan Liska, a senior intelligence analyst at Recorded Future, told Cointelegraph. \u201cWhile ransomware groups often switch out wallets for each ransomware attack, that money eventually flows back to a single wallet. Blockchain researchers have gotten very good at connecting those dots.\u201d They have been able to do this despite mixing and other tactics used by ransomware rings and their confederate money launderers, he added.\u00a0<\/p>\n

Siddhartha Dalal, professor of professional practice at Columbia University, agreed. Last year, Dalal co-authored a paper titled \u201cIdentifying Ransomware Actors In The Bitcoin Network\u201d that described how he and his fellow researchers were able to use graph machine learning algorithms and blockchain analysis to identify ransomware attackers with \u201c85% prediction accuracy on the test data set.\u201d\u00a0<\/p>\n

While their results were encouraging, the authors stated that they could achieve even better accuracy by improving their algorithms further and, critically, \u201cgetting more data which is more reliable.\u201d<\/p>\n

The challenge for forensic modelers here is that they are working with highly imbalanced, or skewed, data. The Columbia University researchers were able to draw upon 400 million Bitcoin transactions and close to 40 million Bitcoin addresses, but only 143 of these were confirmed ransomware addresses. In other words, the non-fraud transactions far outweighed the fraudulent transactions. With data as skewed as this, the model will either mark a lot of false positives or will omit the fraudulent data as a minor percentage.<\/p>\n

Coinfirm\u2019s Bieda provided an example of this problem in an interview last year:<\/p>\n

\u201cSay you want to build a model that will pull out photos of dogs from a trove of cat photos, but you have a training dataset with 1,000 cat photos and only one dog photo. A machine learning model \u2018would learn that it is okay to treat all photos as cat photos as the error margin is [only] 0.001.\u2019\u201d<\/p><\/blockquote>\n

Put otherwise, the algorithm would \u201cjust guess \u2018cat\u2019 all the time, which would render the model useless, of course, even as it scored high in overall accuracy.\u201d<\/p>\n

Dalal was asked if this new U.S. legislation would help expand the public dataset of \u201cfraudulent\u201d Bitcoin and crypto addresses needed for a more effective blockchain analysis of ransomware networks.\u00a0<\/p>\n

\u201cThere is no question about it,\u201d Dalal told Cointelegraph. \u201cOf course, more data is always good for any analysis.\u201d But even more importantly, by law, ransomware payments will now be revealed within a 24-hour period, which allows for \u201ca better chance for recovery and also possibilities of identifying servers and methods of attack so that other potential victims can take defensive steps to protect them,\u201d he added. That\u2019s because most perpetrators use that same malware to attack other victims.\u00a0<\/p>\n

An underutilized forensic tool<\/h2>\n

It\u2019s generally not known that law enforcement benefits when criminals use cryptocurrencies to fund their activities. \u201cYou can use blockchain analysis to uncover their entire supply chain of operation,\u201d said Kimberly Grauer, director of research at Chainalysis. \u201cYou can see where they\u2019re buying their bulletproof hosting, where they buy their malware, their affiliate based in Canada\u201d and so on. \u201cYou can get a lot of insights to these groups\u201d through blockchain analysis, she added at a recent Chainalysis Media Roundtable in New York City.\u00a0<\/p>\n

But, will this law, which will still take months to implement, really help? \u201cIt\u2019s a positive, it would help,\u201d Salman Banaei, co-head of public policy at Chainalysis, answered at the same event. \u201cWe advocated for it, but it\u2019s not like we were flying blind before.\u201d Would it make their forensic efforts significantly more effective? \u201cI don\u2019t know if it would make us a lot more effective, but we would expect some improvement in terms of data coverage.\u201d<\/p>\n

There are still details to be worked out in the rule-making process before the law is implemented, but one obvious question has already been raised: Which companies will need to comply? \u201cIt is important to remember that the bill only applies to \u2018entities that own or operate critical infrastructure,\u2019\u201d Liska told Cointelegraph. While that could include tens of thousands of organizations across 16 sectors, \u201cthis requirement still only applies to a small fraction of organizations in the United States.\u201d<\/p>\n

But, maybe not. According to Bipul Sinha, CEO and co-founder of Rubrik, a data security company, those infrastructure sectors cited in the law include financial services, IT, energy, healthcare, transportation, manufacturing and commercial facilities. \u201cIn other words, just about everyone,\u201d he wrote in a Fortune <\/em>article recently.<\/p>\n

Another question: Must every attack be reported, even those deemed relatively trivial? The Cybersecurity and Infrastructure Security Agency, where the companies will be reporting, recently commented that even small acts might be deemed reportable. \u201cBecause of the looming risk of Russian cyberattacks […] any incident could provide important bread crumbs leading to a sophisticated attacker,\u201d the New York Times reported.\u00a0<\/p>\n

Is it right to assume that the war makes the need to take preventive actions more urgent? President Joe Biden, among others, has raised the likelihood of retaliatory cyber-attacks from the Russian government, after all. But, Liska doesn\u2019t think this concern has panned out \u2014 not yet, at least:<\/p>\n

\u201cThe retaliatory ransomware attacks after the Russian invasion of Ukraine do not seem to have materialized. Like much of the war, there was poor coordination on the part of Russia, so any ransomware groups that might have been mobilized were not.\u201d<\/p><\/blockquote>\n

Still, almost three-quarters of all money made through ransomware attacks went to hackers linked to Russia in 2021, according to Chainalysis, so a step up in activity from there can\u2019t be ruled out.\u00a0<\/p>\n

Not a stand-alone solution<\/h2>\n

Machine-learning algorithms that identify and track ransomware actors seeking blockchain payment \u2014 and almost all ransomware is blockchain enabled \u2014 will doubtlessly improve now, said Bieda. But, machine learning solutions are only \u201cone of the factors supporting blockchain analysis and not a standalone solution.\u201d There is still a critical need \u201cfor broad cooperation in the industry between law enforcement, blockchain investigation companies, virtual asset service providers and, of course, victims of fraud in the blockchain.\u201d<\/p>\n

Dalal added that many technical challenges remain, mostly the result of the unique nature of pseudo-anonymity, explaining to Cointelegraph:\u00a0<\/p>\n

\u201cMost public blockchains are permissionless and users can create as many addresses as they want. The transactions become even more complex since there are tumblers and other mixing services which are able to mix tainted money with many others. This increases the combinatorial complexity of identifying perpetrators hiding behind multiple addresses.\u201d<\/p><\/blockquote>\n

More progress?<\/h2>\n

Nonetheless, things seem to be moving in the right direction. \u201cI think we are making significant progress as an industry,\u201d added Liska, \u201cand we have done so relatively fast.\u201d A number of companies have been doing very innovative work in this area, \u201cand the Department of Treasury and other government agencies are also starting to see the value in blockchain analysis.\u201d<\/p>\n

On the other hand, while blockchain analysis is clearly making strides, \u201cthere is so much money being made from ransomware and cryptocurrency theft right now that even the impact this work is having pales compared to the overall problem,\u201d added Liska.<\/p>\n

While Bieda sees progress, it will still be a challenge to get firms to report blockchain fraud, especially outside of the United States. \u201cFor the past two years, more than 11,000 victims of fraud in blockchain reached Coinfirm through our Reclaim Crypto website,\u201d he said. \u201cOne of the questions we ask is, \u2018Have you reported the theft to law enforcement?\u2019 \u2014 and many victims hadn\u2019t.\u201d<\/p>\n

Dalal said the government mandate is an important step in the right direction. \u201cThis surely will be a game changer,\u201d he told Cointelegraph, as attackers will not be able to repeat the use of their favored techniques, \u201cand they will have to move much faster to attack multiple targets. It will also reduce the stigma attached to the attacks and potential victims will be able to protect themselves better.\u201d\u00a0<\/p>\n