Internet paranoiacs drawn to bitcoin have long indulged fantasies of American spies subverting the booming, controversial digital currency. Increasingly popular among get-rich-quick speculators, bitcoin started out as a high-minded project to make financial transactions public and mathematically verifiable — while also offering discretion. Governments, with a vested interest in controlling how money moves, would, some of bitcoin’s fierce advocates believed, naturally try and thwart the coming techno-libertarian financial order.
It turns out the conspiracy theorists were onto something. Classified documents provided by whistleblower Edward Snowden show that the National Security Agency indeed worked urgently to target bitcoin users around the world — and wielded at least one mysterious source of information to “help track down senders and receivers of Bitcoins,” according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.
Although the agency was interested in surveilling some competing cryptocurrencies, “Bitcoin is #1 priority,” a March 15, 2013 internal NSA report stated.
The documents indicate that “tracking down” bitcoin users went well beyond closely examining bitcoin’s public transaction ledger, known as the Blockchain, where users are typically referred to through anonymous identifiers; the tracking may also have involved gathering intimate details of these users’ computers. The NSA collected some bitcoin users’ password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users’ internet addresses, network ports, and timestamps to identify “BITCOIN Targets.”
The agency appears to have wanted even more data: The March 29 memo raised the question of whether the data source validated its users, and suggested that the agency retained bitcoin information in a file named “Provider user full.csv.” It also suggested powerful search capabilities against bitcoin targets, hinting that the NSA may have been using its XKeyScore searching system, where the bitcoin information and wide range of other NSA data was cataloged, to enhance its information on bitcoin users. An NSA reference document indicated that the data source provided “user data such as billing information and Internet Protocol addresses.” With this sort of information in hand, putting a name to a given bitcoin user would be easy.
The NSA’s budding bitcoin spy operation looks to have been enabled by its unparalleled ability to siphon traffic from the physical cable connections that form the internet and ferry its traffic around the planet. As of 2013, the NSA’s bitcoin tracking was achieved through program code-named OAKSTAR, a collection of covert corporate partnerships enabling the agency to monitor communications, including by harvesting internet data as it traveled along fiber optic cables that undergird the internet.
Specifically, the NSA targeted bitcoin through MONKEYROCKET, a sub-program of OAKSTAR, which tapped network equipment to gather data from the Middle East, Europe, South America, and Asia, according to classified descriptions. As of spring 2013, MONKEYROCKET was “the sole source of SIGDEV for the BITCOIN Targets,” the March 29, 2013 NSA report stated, using the term for signals intelligence development, “SIGDEV,” to indicate the agency had no other way to surveil bitcoin users. The data obtained through MONKEYROCKET is described in the documents as “full take” surveillance, meaning the entirety of data passing through a network was examined and at least some entire data sessions were stored for later analysis.
At the same time, MONKEYROCKET is also described in the documents as a “non-Western Internet anonymization service” with a “significant user base” in Iran and China, with the program brought online in summer 2012. It is unclear what exactly this product was, but it would appear that it was promoted on the internet under false pretenses: The NSA notes that part of its “long-term strategy” for MONKEYROCKET was to “attract targets engaged in terrorism, [including] Al Qaida” toward using this “browsing product,” which “the NSA can then exploit.” The scope of the targeting would then expand beyond terrorists. Whatever this piece of software was, it functioned a privacy bait and switch, tricking bitcoin users into using a tool they thought would provide anonymity online but was actually funneling data directly to the NSA.
The hypothesis that the NSA would “launch an entire operation overseas under false pretenses” just to track targets is “pernicious,” said Matthew Green, assistant professor at the Johns Hopkins University Information Security Institute. Such a practice could spread distrust of privacy software in general, particularly in areas like Iran where such tools are desperately needed by dissidents. This “feeds a narrative that the U.S. is untrustworthy,” said Green. “That worries me.”
The NSA declined to comment for this article. The Bitcoin Foundation, a nonprofit advocacy organization, could not immediately comment.
This “feeds a narrative that the U.S. is untrustworthy.”
Although it offers many practical benefits and advantages over traditional currency, a crucial part of bitcoin’s promise is its decentralization. There is no Bank of Bitcoin, no single entity that keeps track of the currency or its spenders. Bitcoin is often misunderstood as being completely anonymous; in fact, each transaction is tied to publicly accessible ID codes included in the Blockchain, and bitcoin “exchange” companies typically require banking or credit card information to convert Bitcoin to dollars or euros. But bitcoin does offer far greater privacy than traditional payment methods, which require personal information up to and including a Social Security number, or must be linked to a payment method that does require such information.
Furthermore, it is possible to conduct private bitcoin transactions that do not require exchange brokers or personal information. As explained in the 2009 white paper launching bitcoin, “the public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone.” For bitcoin adherents around the world, this ability to transact secretly is part of what makes the currency so special, and such a threat to the global financial status quo. But the relative privacy of bitcoin transactions has naturally frustrated governments around the world and law enforcement in particular — it’s hard to “follow the money” to criminals when the money is designed to be more difficult to follow. In a November 2013 letter to Congress, one Homeland Security official wrote that “with the advent of virtual currencies and the ease with which financial transactions can be exploited by criminal organizations, DHS has recognized the need for an aggressive posture toward this evolving trend.”
Green told The Intercept he believes the “browsing product” component of MONKEYROCKET sounds a lot like a virtual private network, or VPN. VPNs encrypt and reroute your internet traffic to mask what you’re doing on the internet. But there’s a catch: You have to trust the company that provides you a VPN, because they provide both software and an ongoing networking service that potentially allows them to see where you’re going online and even intercept some of your traffic. An unscrupulous VPN would have complete access to everything you do online.
Emin Gun Sirer, associate professor and co-director of the Initiative for Cryptocurrencies and Contracts at Cornell University, told The Intercept that financial privacy “is something that matters incredibly” to the bitcoin community, and expects that “people who are privacy conscious will switch to privacy-oriented coins” after learning of the NSA’s work here. Despite bitcoin’s reputation for privacy, Sirer added, “when the adversary model involves the NSA, the pseudonymity disappears. … You should really lower your expectations of privacy on this network.”
“People who are privacy conscious will switch to privacy-oriented coins.”
Green, who co-founded and currently advises a privacy-focused bitcoin competitor named Zcash, echoed those sentiments, saying that the NSA’s techniques make privacy features in any digital currencies like Ethereum or Ripple “totally worthless” for those targeted.
The NSA’s interest in cryptocurrency is “bad news for privacy, because it means that in addition to the really hard problem of making the actual transactions private … you also have to make sure all the network connections [are secure],” Green added. Green said he is “pretty skeptical” that using Tor, the popular anonymizing browser, could thwart the NSA in the long term. In other words, even if you trust bitcoin’s underlying tech (or that of another coin), you’ll still need to be able to trust your connection to the internet — and if you’re being targeted by the NSA, that’s going to be a problem.
NSA documents note that although MONKEYROCKET works by tapping an unspecified “foreign” fiber cable site, and that data is then forwarded to the agency’s European Technical Center in Wiesbaden, Germany, meetings with the corporate partner that made MONKEYROCKET possible sometimes took place in Virginia. Northern Virginia has for decades been a boomtown for both the expansive national security state and American internet behemoths — telecoms, internet companies, and spy agencies call the area’s suburbs and office parks home.
Bitcoin may have been the NSA’s top cryptocurrency target, but it wasn’t the only one. The March 15, 2013 NSA report detailed progress on MONKEYROCKET’s bitcoin surveillance and noted that American spies were also working to crack Liberty Reserve, a far seedier predecessor. Unlike bitcoin, for which facilitating drug deals and money laundering was incidental to bigger goals, Liberty Reserve was more or less designed with criminality in mind. Despite being headquartered in Costa Rica, the site was charged with running a $6 billion “laundering scheme” and triple-teamed by the U.S. Department of Justice, Homeland Security, and the IRS, resulting in a 20-year conviction for its Ukrainian founder. As of March 2013 — just two months before the Liberty Reserve takedown and indictment — the NSA considered the currency exchange its No. 2 target, second only to bitcoin. The indictment and prosecution of Liberty Reserve and its staff made no mention of help from the NSA.
“The government should not be hiding the true sources for its evidence.”
Just five months after Liberty Reserve was shuttered, the feds turned their attention to Ross Ulbricht, who would go on to be convicted as the mastermind behind notorious darkweb narcotics market Silk Road, where transactions were conducted in bitcoin, with a cut going to the site’s owner. Ulbricht reportedly held bitcoins worth $28.5 million at the time of his arrest. Part of his unsuccessful defense was the insistence that the FBI’s story of how it found him did not add up, and that the government may have discovered and penetrated the Silk Road’s servers with the help of the NSA — possibly illegally. The prosecution dismissed this theory in no uncertain terms:
Having failed in his prior motion to dismiss all of the Government’s charges, Ulbricht now moves this Court to suppress virtually all of the Government’s evidence, on the ground that it was supposedly obtained in violation of the Fourth Amendment. Ulbricht offers no evidence of any governmental misconduct to support this sweeping claim. Instead, Ulbricht conjures up a bogeyman – the National Security Agency (“NSA”) – which Ulbricht suspects, without any proof whatsoever, was responsible for locating the Silk Road server, in a manner that he simply assumes somehow violated the Fourth Amendment.
Though the documents leaked by Snowden do not address whether the NSA aided the FBI’s Silk Road investigation, they show the agency working to unmask bitcoin users about six months before Ulbricht was arrested, and that it had worked to monitor Liberty Reserve around the same time. The source of the bitcoin and Liberty Reserve monitoring, MONKEYROCKET, is governed by an overseas surveillance authority known as Executive Order 12333, the language of which is believed to give U.S. law enforcement agencies wide latitude to use the intelligence when investigating U.S. citizens.
Civil libertarians and security researchers have long been concerned that otherwise inadmissible intelligence from the agency is used to build cases against Americans though a process known as “parallel construction”: building a criminal case using admissible evidence obtained by first consulting other evidence, which is kept secret, out of courtrooms and the public eye. An earlier investigation by The Intercept, drawing on court records and documents from Snowden, found evidence the NSA’s most controversial forms of surveillance, which involve warrantless bulk monitoring of emails and fiber optic cables, may have been used in court via parallel construction.
Patrick Toomey, an attorney with the ACLU’s National Security Project, said the NSA bitcoin documents, although circumstantial, underscore a serious and ongoing question in American law enforcement:
If the government’s criminal investigations secretly relied on NSA spying, that would be a serious concern. Individuals facing criminal prosecution have a right to know how the government came by its evidence, so that they can challenge whether the government’s methods were lawful. That is a basic principle of due process. The government should not be hiding the true sources for its evidence in court by inventing a different trail.
Although an NSA document about MONKEYROCKET stated the program’s “initial” concern was counterterrorism, it also said that “other targeted users will include those sought by NSA offices such as Int’l Crime & Narcotics, Follow-The-Money and Iran.” A March 8, 2013 NSA memo said agency staff were “hoping to use [MONKEYROCKET] for their mission of looking at organized crime and cyber targets that utilize online e-currency services to move and launder money.” There’s no elaboration on who is considered a “cyber target.”
Documents published with this story: