Russia’s GRU provides crypto twist to Mueller investigation
The Mueller probe into possible links between Trump family and Moscow claims Russian intelligence mined its own crypto to launder money for US operations
The ongoing Mueller probe into possible Russian collusion with the administration of President Donald Trump disclosed in two separate indictments, issued in July and October, that money laundering operations based on crypto-currency based transactions were one of the preferred methods of payment used by several Russian military intelligence – GRU – officers as they went about purchasing goods and services in the US.
The fact that some of this crypto-currency was either mined or even created by the GRU officers in question is something that some experts believe has not been given enough attention by the mainstream press.
One excerpt from the July indictment outlines the scope and sophistication of the GRU enterprise.
“On or about March 14, 2016, using funds in a bitcoin address, the Conspirators purchased a VPN account, which they later used to log into the @Guccifer_2 Twitter account. The remaining funds from that bitcoin address were then used on or about April 28, 2016, to lease a Malaysian server that hosted the dcleaks.com website, the indictment states.
“The Conspirators used a different set of fictitious names (including “Ward DeClaur” and “Mike Long”) to send bitcoin to a US company in order to lease a server used to administer X-Tunnel malware implanted on the Democratic Congressional Campaign Committee (DCCC) and Democratic National Committee (DNC) networks, and to lease two servers used to hack the DNC’s cloud network.”
“The Russian operatives indicted in the United States evaded the financial transparency regime surrounding Bitcoin in part by mining their own coins, and their activity was exposed only well after the harm had occurred. As satisfying as prosecutions can be, they are poor remedies for national security harms, especially when those indicted are unlikely to face justice,” said David Murray, vice president for product development and services at the Washington DC-based Financial Integrity Network. “Our goal must be near-real time interdiction of national security threats, and our financial transparency regime must support that goal, whether those who threaten our national security choose to transact through banks or using virtual currencies.”
In the July 2018 indictment, it was again revealed that “although the conspirators caused transactions to be conducted in a variety of currencies, including US dollars, they principally used bitcoin when purchasing servers, registering domains, and otherwise making payments in furtherance of hacking activity. Many of these payments were processed by companies located in the United States that provided payment processing services to hosting companies, domain registrars, and other vendors both international and domestic. The use of bitcoin allowed the Conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds.”
To better cover their tracks, for example, “the dcleaks.com domain was registered and paid for using the fictitious name “Carrie Feehan” and an address in New York. In some cases, as part of the payment process, the Conspirators provided vendors with nonsensical addresses such as “usa Denver AZ,” “gfhgh ghfhgfh fdgfdg WA,” and “1 2 dwd District of Columbia. The Conspirators used several dedicated email accounts to track basic bitcoin transaction information and to facilitate bitcoin payments to vendors. One of these dedicated accounts, registered with the username “gfadel47,” received hundreds of bitcoin payment requests from approximately 100 different email accounts.”
The GRU officers even appeared to outmaneuver the blockchain’s system of checks and balances by reworking transactional sequences. This part of the indictment illustrates how this was done.
“For example, on or about February 1, 2016, the gfadel47 account received the instruction to ‘[p]lease send exactly 0.026043 bitcoin to’ a certain thirty-four character bitcoin address. Shortly thereafter, a transaction matching those exact instructions was added to the Blockchain.”
Mining bitcoins was a large and important support element in this criminal enterprise, and this activity and, “was used, for example, to pay a Romanian company to register the domain dcleaks.com through a payment processing company located in the US.”
Bitcoins were purchased through peer-to-peer exchanges, “moving funds through other digital currencies and using pre-paid cards. The bitcoin mining operation that funded the registration payment for dcleaks.com also sent newly-minted bitcoin to a bitcoin address controlled by “Daniel Farell,” the persona that was used to renew the domain linuxkrnl.net. The bitcoin mining operation also funded, through the same bitcoin address, the purchase of servers and domains used in the GRU’s spear-phishing operations, including accounts-qooqle.com and account-gooogle.com.”
The above-mentioned excerpts from the July indictment are closely duplicated albeit not mirrored exactly in the October indictment which focuses on the role of bitcoin in the GRU officers’ alleged money laundering operations as well.
“The success of anti-money laundering regimes is often measured in how well they support prosecutions and asset forfeiture. These are important goals, but countries stand to gain much more from their financial transparency regimes. Governments are recognizing the full utility of financial transparency,” said Murray. “As a result, the aim of the global financial transparency regime is evolving, seeking to keep illicit activity out of the international financial system and to prevent harm in addition to positioning governments to prosecute those who do harm.”
Timing is everything, and coincidentally, several European banks and financial institutions are now being scrutinized for their lack of adequate oversight of large amounts of crypto-currency with its origins in Russia. Thus far, there appears to be no connection whatsoever to the Mueller investigation, but given the huge sums of crypto-currency involved, and the relatively routine nature of the money laundering that was accomplished, these revelations cannot be dismissed entirely.
According to Bitcoin Insider, Mindaugas Petrauskas, Director of Lithuania’s Financial Crime Investigation Service (FCIS) is overseeing an intensive investigation involving transactions now well in excess of €600 million involving dozens of private individuals and corporate entities. The banks and financial services providers identified thus far include Swedbank, Danske Bank, and Citadele, to name just three.
“The question arises as to where does it come from, that’s a lot of money,” said Petrauskas.
Besides Lithuania, Latvia and Estonia are also undertaking major money laundering probes. In September, the Wall Street Journal reported that Danske Bank, Denmark’s largest bank, had initiated an internal money-laundering probe focused on transactions totaling $150 billion at its Estonian branch between 2007 and 2015. The WSJ reported that much of that suspicious activity involved accounts linked to people in Russia who were routinely using shell companies.
This money laundering scandal has spread like a wildfire across Europe in 2018, and it has adversely stained both the perception and reputation of the global crypto-currency sector as a whole. Danske Bank may represent one of the larger players caught up in this scandal, but it is by no means alone.
“It’s not clear what the consequences might be as the volume of this case is much bigger than anyone could have imagined,” Christian Thatje, an equity dealer at Sydbank A/S told Bloomberg in July. “This case brings a lot of uncertainty and investors don’t like that.”
“As governments increasingly look to their financial transparency regimes to prevent harm, regulators’ expectations for financial institutions’ compliance with anti-money laundering and sanctions regulations will increase, and financial institutions’ exposure to reputational risk will increase because the stakes are much higher,” said Murray.
In the meantime, Mueller and his team will have wait in empty courtrooms because the chances of any of the named GRU officers appearing there are very slim indeed.