How A San Diego Researcher Helped Foil A Cybercriminal’s Heroin Set-Up
Thursday, August 1, 2013
Russian hackers recently tried to frame an innocent man by mailing heroin straight to his home, but UCSD's Sarah Meiklejohn used her research on virtual currencies and online black markets to help the victim clear his name.
Call it an occupational hazard. When you shed light on the shadowy world of international cybercrime as well as Brian Krebs does, hackers are bound to take notice. They may even try to make your life a living hell.
Krebs, a former Washington Post reporter, is an influential security blogger. His writing exposes how tech-savvy bad guys knock people offline, gain access to their bank accounts and hijack their debit cards.
Ill-willed hackers haven't taken kindly to this publicity. A few months ago, one of them called the cops to report a fake hostage situation at Krebs' home, bringing a heavily armed SWAT team to his doorstep.
For their latest prank, Russian hackers recently attempted to frame Krebs by mailing heroin straight to his home in Virginia:
Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery.
Krebs was onto the Russian hackers trying to set him up as a dope fiend, so he knew to expect the drugs in his mailbox, but he wanted a second opinion.
That's where UCSD computer science grad student Sarah Meiklejohn comes in. While this dastardly plot was unfolding, she was busy studying Bitcoin, the virtual currency some people use to buy drugs on the online black market Silk Road.
Before Krebs tipped off the FBI to clear his name, he got in touch with Meiklejohn to make sure the hackers he suspected really had bought the heroin.
"I just helped confirm that the hacker who was boasting about doing this is likely the perpetrator," said Meiklejohn. Her insider knowledge of Bitcoin and clandestine online marketplaces like Silk Road helped her connect—with a reasonable degree of certainty—the Russian hackers with the heroin shipped to Krebs' house.
"The hacker posted, publicly, a Bitcoin address on a forum," she said, retracing the steps she took to verify Krebs' suspicions.
The hacker, known as "Flycracker," put out this call to his fellow cybercriminals:
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road ... We will save Brian from the acute heroin withdrawal and the world will get slightly better!”
Basically, "Flycracker" was crowdfunding a drug plant, sort of like an evil bootleg Kickstarter.
"Then, at some later date, someone did purchase heroin on Silk Road and have it sent to Brian Krebs," Meiklejohn said. "The piece of the puzzle that we helped provide was linking those two events together."
Meiklejohn said this story reveals the cracks in Bitcoin's armor of anonymity. In theory, people can use Bitcoin to mask their identity while buying stuff online, but in practice, she's found that you can learn quite a lot about these transactions.
Considering all Krebs has been through, some researchers might worry that plumbing the darker corners of the web might inspire retaliation against themselves too, but not Meiklejohn.
"Our work is really more about measurement than exposing criminal activity," she said about her and her colleagues' research.
So she's not worried about coming home to find illegal drugs planted in her mail?
"I hope not," Meiklejohn said.
To view PDF documents, Download Acrobat Reader.