2019 Viterbi Masters Hackathon

Finding Bad Actors through the Blockchain

This is not a problem about improving blockchain technologies. Rather it is a problem about exploting privacy weaknesses in blockchain technologies to assess the spread malware (especially ransomware) and to assess the flow of funds through the dark web.

There is also not one single deliverable, but rather part of the challenge is for your team to decide on what outputs would be most useful and achiveale with respect to this challenge. In particular, there is a wide range of information that can be mined from various blockchain payment solutions and you will need to start small... then decide how to expand the analysis to calculate more and more useful information.

It is a common misconception that blockchain based payment services like bitcoin (often referred to as cryptocurrencies) provide for anonymous payment. While some of these currencies provide more assurance of privacy than others, the ledger itself in these systems is public and easily open to inspection. This means that it is often possible to trace the flow of payments between accounts, and this can be done by anyone. What passes for "anonymity" in these systems is that the accounts are identified by publick keys, and the ability to tie a payment to an individual occurs only when one can link one of these keys to a user when, for example, they withdraw funds or use the account to make a purchase that identifies the owner of the key.

Cryptocurrencies have become a prefered form of payment for illicit activities, and it is quite common for malicious software (such as ransomware) to demand payment to a cryptocurrency account (which I will refer to as a dropbox for now). Finding the creator of the malware may require us to "follow the money". Following the money is made more difficult because the owner of the account will likely "launder" the money by sending it through many other accounts (including what are called tumblers), before using the funds for their own purposes.

Your challenge has multiple components. First, you will develop tools to search the web, social media, discussion forums, and other sources seekikng to identify cryptocurrency addresses that are used as these dropboxes. In a broader application of this technology, one could search for the cryptocurrency addresses of other kinds of underground activity, but we do NOT want you searching for this other kind of ilicit activity as part of this challenge.

To get you started, here are some links to sites that already collect this kind of information regarding ransomware and dropboxes.

Your tools should not just pull addresses from these sites. Instead they should search the web and social media (using standard search tools) for mention of ransomware together with the dropbox addresses, and scrape the addresses yourself.

The second part of your challenge will be to decide what kind of analysis you can perform on the blockchain of the relevant cryptocurrency to generate usful statistics (and possibly individual details) regarding such malware attacks. Some examples of questions you might seek to answer:

What is the total value of ransomware payments that have been made to accounts associated with the ransomware you have identified.
What is the distribution of these payments by region or country of origin.
What percentage of the money deposited in payments has actually been moved out of the target bitcoin account.
What cryptocurrency addresses have received funds moved out of the target bitcoin accounts within some number of steps.

Note that some of the links above provide information on sites that will track payments through the blockchain, and there are many other sites that do this as well, including:

Bitlisten

In the second part of this challenge, members of your team should be finding open source code and changing it for your puposes to do the blockchain analysys yourself. Don't rely on these other sites to do that analysis.

Specific Tasks to be Performed

It is not our intent to define the structure of the software that will be devloped by your team, but we do note that in developing your solution there will be the need for the following activities. As such, there will likely be two separate groups within each team working on the two aspects of this problem.

One would be concerned with scanning the web and social media to identify the dropboxes for ransomware payments.
The second group would focus on the blockchains for the relevant cryptocurrencies, to identify the flow of funds. I would suggest that your teams select a single cryptocurrency on whic to focus for the purpose of the Hackathon.