John Bambenek
Bambenek Consulting
John Bambenek is Vice-President of Security Research and Intelligence at ThreatSTOP where he leads the globally distributed research efforts for the company. In addition to his role there, he is a lecturer teaching cybersecurity courses at the University of Illinois at Urbana-Champaign in the Departments of Computer Science and Information Sciences and he is a handler with the SANS Internet Storm Center. He has spent 18 years in the industry helping research emerging threats and leading large-scale intelligence sharing communities to engage in targeted disruption of criminal activities online. He has developed a variety of techniques to conduct digital surveillance that is used to monitor domain generation algorithms and malware configurations which are used by thousands of organizations world-wide. In addition, he tracks financial transactions of various neonazi and supremacist individuals and organizations. He has spoken at conferences around the world, has published two books in addition to several book chapters and articles, and he once appeared on the Daily Show with Jon Stewart. John_Bambenek_AusCERT2018-Cryptocurrency-Adventures-in-Bitcoin-Surveillance

Adventures in Bitcoin Surveillance - Mining the Blockchain and Hunting Miscreants

With the explosive growth in the value of not only bitcoin, but cryptocurrencies in general, criminals and other entities have flocked to this technology as a way to further their criminal enterprises or to exchange money outside the traditional financial system. While this has provided some complications for investigators in that wallets are anonymous random strings of characters, the fact that transactions are public have given raise to new techniques to track money as it moves through the various blockchains. This talk will cover case studies and the efforts to track various criminal operations (both cybercrime and conventional crime) through cryptocurrency leading to the development of new techniques and tools to proactive monitor for suspect activity. One such case involved tracking various white supremacist groups in the United States after the deadly rally in Charlottesville, Virginia that claimed the life of a young woman. The same techniques that allowed for monitoring for white supremacist financial transactions allowed for automated tools to post near-time data when they made changes and led to drastic diminishment of their capabilities. By using similar methods, it was also possible to monitor where the bitcoins gained from the WannaCry attack ended up when they were transferred out of bitcoin by actors suspected to be associated with the government of North Korea. As part of this talk, open source tools and data will be released for investigators to use in their own work including techniques to enumerate transactions from bitcoin to other alternative cryptocurrencies.