Confidential documents retrieved by Edward Snowden and peeled by The Intercept show that the NSA has adapted one of its mass surveillance programs to try to track all Bitcoin users, wherever they are.
In the huge bundle of highly confidential documents that were sent to the press by whistleblower Edward Snowden, it appears that the NSA, has looked very closely at crypto-currencies, especially on Bitcoin . This is what emerges from an investigation conducted by the website The Intercept, which has peeled a number of files from the drawers of the US agency.
According to these documents, relatively old – they date from March 2013, just a few months before the escape of the former employee of the NSA – the organization has set up a specific monitoring program, called MONKEYROCKET, intended to "hunt down" the users of this cryptocurrency, everywhere in the world. Some other, unnamed currencies were also in the viewfinder.
CC John VooToday, it is impossible to know if the MONKEYROCKET program is still running, if it was abandoned or if it was developed.
The rise of a number of crypto-currencies and the growing public interest in these currencies, with the illusion of making easy money, suggest, however, that the NSA has probably not abandoned this field. research, especially that these currencies are sometimes accused of financing terrorism, organized crime, especially the mafia, and all kinds of illegal activities.
This is not the first time that the code name MONKEYROCKET appears. According to previous secret documents, this project is linked to the OAKSTAR program to spy on telecommunications. It is part of Presidential Decree 12333 and aims to collect intelligence (data and metadata) circulating or found on computer networks.
An excerpt from the NSA's confidential documents. "The documents indicate that the tracking of Bitcoin users went well beyond the scrutiny of the Bitcoin public transaction ledger, known as Blockchain, where users are generally referenced by anonymous identifiers; tracking may also have resulted in the collection of personal details on these users' computers, "writes The Intercept.
"The NSA has collected information such as the password of certain users, their activity on the Internet and a type of unique device identification number known as the MAC address," adds the site. Data like Internet addresses, ports and timestamps have also been used to identify targets using Bitcoin, the article says.
CC Flickr Marco VerchAnonymity with Bitcoin
It should be noted that the purpose of cryptocurrencies is to operate transparently and verifiably by everyone. Transactions are therefore written in clear in the blockchain, except in the particular case of currencies that have opted for a higher degree of confidentiality, such as Zcash. Therefore, the transactions that take place are public and therefore traceable.
Bitcoin does not provide complete anonymity – if you use an exchange platform, such as Coinbase, it requires a piece of identification and the sale or purchase of a cryptocurrency requires to associate their credit card or bank account – but this type of currency nevertheless allows access to a level of discretion higher than a conventional payment method.
Trapped by a fake VPN?
The way in which the NSA operated remains uncertain.
In the documents seen by our colleagues, it is evoked software, whose name is not given, which was used to catch users by promising anonymity on the Internet. "Whatever this software was, it served as a bait […] by making customers believe they had to do with a tool that they thought could provide anonymity online, but which, in fact, routed their data directly to the NSA. "
It could be a Virtual Private Network (VPN) type of service, the purpose of which is to encrypt and transmit communications through different waypoints in order to hide its true geographical origin and thus limit the effects of tracking on the Internet. . In this case, of course, you have to rely on the VPN provider. Clearly, give him his trust, without any guarantee that he deserves.
The headquarters of the NSA. Credits: YES to the effects that this survey may have both in the market of VPN and software claiming to care about the privacy of Internet users – who to trust when we know that some providers are fallible or that some offers could actually be remote controlled by intelligence agencies? – and on the US brand image, consequences on Bitcoin could emerge.
In the collective imagination, Bitcoin is synonymous with anonymity. In any case, it is clear that the protection of privacy is one of the expectations of people who make transactions with this currency – or with another cryptocurrency. The question that arises in light of this inquiry is whether this will not lead to a loss of public confidence in certain currencies.
"People who care about privacy will move to more privacy-oriented currencies"
Matthew Green, a cryptographer and professor at Johns Hopkins University, who co-founded Zcash and serves as advisor, told The Intercept that the techniques the NSA uses to track digital currency users make "totally worthless" features confidentiality of all digital currencies, such as Ether or Ripple.
Same story at Emin Gun Sirer, associate professor and co-director of the Cryptocurrency and Contracts Initiative at Cornell University. Financial secrecy "is something incredibly important" for the Bitcoin community, he says, adding that "privacy-conscious people will move to more privacy-oriented currencies" when they will know what the NSA is doing.
And to warn: "When your potential threat schema includes the NSA, the pseudonym disappears. …. You should really reduce your privacy expectations on this network. "