Sometime this week in Las Vegas, two events were organized dedicated to information security and the global hacking counterculture, namely – Black Hat Arsenal and Defcon 2018. As the conference goes on, there will be a good number of new innovations on display. Innovations like hacker tools, security services, and engineering studies. A couple of developers from threat intelligence platform, Trustar have planned on unveiling a new ‘early warning system’ called White Rabbit. This exposes developing ransomware campaigns that utilize the Bitcoin Core (BTC) network for ransom payments.
As we speak, a lot of cyberpunks, tech-savvy enthusiasts and hackers are coming together to attend the two major tech-conferences. However, the two events take place in two different locations: Defcon 2018 at the Caesar’s Palace and Black Hat Arsenal at the Mandalay Bay. This year’s edition will highlight all types of mobile jailbreaking and rooting techniques, opsec methods, online certificate abuse, DDoS attacks, and drone technology, although there is just one demonstration that is related to cryptocurrencies. Olivia Thet (engineering) and Nicolas Kseib (data science) are the two developers from Trustar, and their new tool will also be on display. Their tool tethers illicit ransomware crimes to bitcoin transactions. They named the tool White Rabbit and they note that it provides a “near real-time contextual awareness of a specific ransomware campaign.”
White Rabbit is a three-part model that first starts by collecting BTC addresses and classifying them as “clean” or “dirty.” In addition to that, the Trustar developers detailed that “The second part is to test the classification models using this dataset and propose decision metrics to optimally pick a model. In this part, we will also discuss ideas about how to compute expensively, but important features obtained from transaction data stored on a graph database.” Also “In the third part, we will show how to use the obtained optimal model to predict if an address is “dirty”. Finally, we will discuss our challenges when solving this problem and propose solutions to overcome them.”
These days companies or firms keeping a close eye on a public blockchain and blacklisting or tainting bitcoin addresses is a very controversial subject in the mist of cryptocurrency proponents. This is due to rise of blockchain surveillance tools like White Rabbit, bitcoin transaction mixers and privacy-centric cryptocurrencies in the past couple of years. Olivia Thet thinks the public should know who is coordinating these types of attacks.
The creators of the White Rabbit mention that the data science collected of “seed bitcoin addresses involved in illegal activities” can be used as a starting point for observers to create “dirty” address clusters reconstructed from the analysis. The White Rabbit demo is scheduled to take place on the 9th of August, during the Black Hat Arsenal and another one two days later (August 11th) at the Defcon Recon Village.