[00:00:00] Speaker A: I think we should just go with the technology, where the technology's taking us. And I gear more towards giving more freedom to the people. You know, letting the people decide what they want to do, if they want to use crypto or if you want, they want to put their money in a exchange or they want to put their cash in the bank. That choice should be in, in the hands of the people, not necessarily the government or the financial institutions that profit from that.
[00:00:28] Speaker B: This is KBC.
[00:00:31] Speaker A: Primary target for ransomware campaigns, security and testing and performance.
[00:00:37] Speaker C: We can actually automate that, take that.
[00:00:39] Speaker A: Data and use it.
[00:00:43] Speaker C: Joining me now is Lily Infante, who is the CEO at CAT Labs. And today we're discussing the growing prevalence of crime in the crypto space. So, Lily, thanks for joining me and welcome.
[00:00:53] Speaker A: Thank you so much for having me.
[00:00:55] Speaker C: So Lily, for a little bit of context, when I met you, there was an event. Well, actually it was a 2020 partners conference in Miami late last year. Last year when you and I were sort of talking and then you and I had another discussion and then when you started talking, I was like, oh my God, I really need to interview. Because the work that you do, given your background, I know we're going to get into that a little bit more in a second.
It's really fascinating. In 400 plus interviews I've done, haven't really had anyone come on the show to talk about the sort of work that you do. And I think that's really important.
It's quite niche and it's really cool. So I'm really just sort of keen to perhaps start with perhaps your view then on crypto crime. And I know that, you know, you've worked previously at the DOJ and you've pioneered the official DEA Cyber Investigations task force focusing on the use of cryptocurrencies in violation of the US anti money laundering laws. So working on this type of stuff is just really fascinating. So give us a bit of a lay of the land like what's going on out there.
[00:01:53] Speaker A: Yeah, so I like to think of crypto as a tool. It's kind of a modern tool for the bad guys and the good guys. So there's a lot of really good benefits to crypto and there are a lot of abuses of the technology as well by various criminals, terrorist groups and adversarial nation states. And I actually like to use the term crypto enabled crime, because crypto crime is like a very narrow term. It's mostly surrounding crypto specific crime. But when you talk about any kind of traditional crime that has been conducted by traditional criminal organizations that are now using crypto instead of cash or other traditional illicit finance means to either launder money or buy and sell illicit goods and services. So it's essentially enabled by crypto. And when I first started looking into this when I was a DEA agent, but back in around 2013, 2014, this was a very, very niche area of crime. So crypto was kind of, you know, a cypherpunk invention. It was power to the people. It was take the money away from the greedy banks and the corrupt governments and give it to the people. And so it was an idealistic concept that then gained adoption in the criminal space. So the first real use case outside of speculation for cryptocurrency was the dark web. So drug trade on the dark web. And I thought that was really interesting. And since then, the use of crypto by all kinds of criminal organizations has just exploded. And it's emerged as one of very popular ways for transnational criminal organizations to launder money, to receive payment for goods and services, primarily because it doesn't require an intermediary, a regulated financial institution, to transfer money across borders. And so that's a very attractive thing for any criminal organizations that has a global span and needs to scale.
So that's generally the lay of the land, is it's being used by various criminal organizations, terrorist organizations, adversarial nation states, increasingly more because of the fact that you can transfer value across borders quickly and at scale without needing to go through a regulated institution.
[00:04:20] Speaker C: So there's a couple of things that you said, which I'm really curious to understand. So I previously worked in a bank in security myself, so I'm definitely very across anti money laundering and, you know, fraud and all those sorts of things. But just to zoom out before we get into that side of things, do you think people are still really skeptical of like crypto because it's all like crypto bros and all this sort of stuff and then depends on who you are. So obviously some people are really into it, but then you've got some other people that seem pretty cynical about it. Like, what's sort of your view?
[00:04:51] Speaker A: I think the people that are cynical about it, they see a lot of headlines that talk about how crypto is being used for pig butchering scams and other kind of crimes, and there's just a lot of fraud and scab scams happening.
But I think just like I said in the beginning, it's not that more crime is happening because of crypto. It's just crypto is just being used as another tool by the same criminals that used to use traditional financial institutions or traditional illicit finance means to conduct their crimes. So it's not necessarily that crypto is creating necessarily more crime. It is helping a lot of criminals to scale. I'll give you an example. For example, if let's say there's a drug dealer that is used to selling drugs on his little street corner and his little town and cryptocurrency and the dark web allows this drug dealer to now scale his reach and basically sell drugs to the entire world as opposed to just on the street corner. So it allows them to scale their reach. So there's that aspect of it. But there's also a huge opportunity for law enforcement because crypto is very traceable. And if they know what they're doing, they know what to look for. They have the right training, the right tools, the right experience, they can actually combat illicit finance and combat the illicit use of cryptocurrency fairly much easier than traditional finance, because cash is actually harder to trace than cryptocurrency. If you know what you're doing as a law enforcement agency and you have the right tools, you can really seize a lot more funds. And you can see in the past few years we've seized exponentially more cryptocurrency assets than we have seized traditional assets, illicit assets in the past. So you can see it as an example of the opportunities we have to actually dismantle a lot of these transnational criminal organizations just by knowing how to target these crypto enabled crimes.
[00:06:51] Speaker C: And then in terms of regulation, now I know there's talks about people implementing it and there's other nations out there that are trying to do it, or they're a bit further along perhaps.
What are your then thoughts? Because if you look at like the traditional banking model, like some of these banks, like they've been around for such a long time and I guess people don't know any different. So will it get to a point with crypto that will be like, I don't know, driving down a Chase bank. I know that's sort of a bad example, but will it become sort of similar in how people view crypto or what's your sort of thoughts?
[00:07:26] Speaker A: Well, it's great that you asked this question because there's a lot of activity happening right now here in the US with the Clarity act or the market structure bill. We were supposed to have a markup today actually that was postponed to the end of January to bring more clarity to regulation in the crypto space. And there's just a lot of contention in the space in terms of how we should regulate this industry.
You know, I think we shouldn't do anything extreme.
If we write policy and regulation, we need to understand the technology and the limitations of the technology.
There have been some policy proposals that it's very clear that whoever drafted the proposal didn't really understand the limitations of the technology and how it works and what we can and can't do in terms of regulating crypto. But I think one of the main points of contention now is actually yields. So the cryptocurrency exchanges are able to give you, if you have crypto deposits in the exchange, they are able to give you yields and so on, your cryptocurrency deposits. And the banks are actually fighting this because the yields that the exchanges are providing are much higher than the, you know, the savings, you know, the savings rates for the banks if you keep your money, your regular cash in the bank. So the banks are afraid that people are going to start moving cash out of their banks and then putting it in crypto and stable coins and storing them at the exchanges instead at the crypto exchanges because they get better yields. And so there's this whole battle between the banks and the exchanges right now, and policymakers are trying to come to some kind of middle ground to make everyone happy. Obviously, you can't always make everyone happy, but that's, that's one of the main contentions. And what I say is, why don't banks just offer crypto offerings? You know, why don't they just have.
Also offer stablecoin deposits or, you know, other crypto deposits that they can provide yields on? The industry is changing and the banks are going to have to adapt. Blockbuster didn't adapt. And you see what happened to them. BlackBerry didn't adapt. You see what happened to them. And so I, I think the banks are just going to have to get with the program, I think.
[00:09:37] Speaker C: Yeah, that's fascinating. So think certain banks in the US or elsewhere will have like a crypto capability, or do you think that they're relying on the government to try to block the regulation of crypto? Then they're sort of, that's their safety net. But if that goes ahead, then that does potentially jeopardize their position.
[00:09:59] Speaker A: Yeah, some banks already have crypto offerings, and that's why I'm confused why they're so against it, against the yields part. I think the yields give people options and obviously better options than what the banks are giving them on cash deposits. And I think that's a good thing. But you know, the banks that are gonna be forward thinking and adopt some of this new technology and maybe have crypto offerings, they're probably gonna come out on top as opposed to the ones that are really actively trying to deny and resist this, you know, this kind of new technology from making people money. And also another interesting thing that I'm, I was thinking about in the context of the yields is because I think once this technology is adopted, more and more people are actually using stablecoins or storing stablecoins or storing crypto and getting yields out of them. The yields are probably going to stabilize and become less, you know, once you have massive adoption of some kind of technology.
Right now, the yields are higher, much higher than the, in the bank, like when you have a deposit in the bank, because it's still technically a risk asset, right? So there's kind of a risk component to storing money, your money in crypto versus a traditional bank. And so I think we should just go with the technology where the technology's taking us. And I gear more towards giving more freedom to the people, you know, letting the people decide what they want to do, if they want to use crypto or if you want, they want to put their money in a exchange or they want to put their cash in the bank. I think that should be in that choice should be in, in the hands of the people, not necessarily the government or the financial institutions that profit from that.
[00:11:42] Speaker C: And do you think given your background, people will go down that path? And I ask this because as I said when I worked in a bank, like people feel safe because again, something gets scammed in my bank account, which has happened over the years, the bank gives my money back, right? So that certainty, there's that safety net that I'm going to get my money back. I don't have to be sort of worrying each night thinking, oh gosh, what I've heard someone steals my money or something like that.
So do you think just as we've evolved as a society, it will head down that path? Perhaps.
[00:12:13] Speaker A: I think as the industry matures, the crypto industry matures and there will be more insurance products for your deposits. Even the FDIC insurance is kind of a joke. It's okay for, for regular, you know, people that don't have a lot of money in, in stored in the bank. But if, you know, if you're a large corporation or business that has more than 250k in the bank, it's a little bit of a joke, you know, to it doesn't really protect your money that much, but there's a lot of insurance products that are coming out that protect your deposits. And so those are going to be available to, to crypto deposits. The industry is going to mature and I do think it's going to go in that direction.
[00:12:51] Speaker C: So just focusing on the crime side of things. So if we go back to when the Internet sort of started up, like to your point around, you know, there's not more in crypto, it's just that that's where people are heading. And so what I mean by that is before people used to go out and rob banks like we've seen in, you know, Hollywood movies. And then it's like, okay, well now people could do online banking. And then it's like, well, the crime then went online. And now what you're saying, and I know we're going to get into it today, is the crime has now moved towards crypto and all of the interesting things that you've shared with me before.
So probably walk us through, Lily, how crypto was actually discovered in investigations and some of the work that you're sort of doing, because this isn't like, you know, opening a save and like counting cash, right, how people, you know, have envisioned it back in the day. So I'm just trying to paint a picture on your, right, the crime, maybe it's slightly, a little bit more than before, but it's just this is how we've evolved now and this is where the crime's going. So I'm really keen to get into this with you.
[00:13:53] Speaker A: In terms of how crypto is discovered in investigations for seizure is there are two main ways and it really depends on how crypto is being stored. So, so the storage methods that are being used by whoever stores crypto, so in this case it would be the criminals, but anyone storing crypto will probably use one of these two methods and it would either be a self custody wallet, so it could be a paper wallet where you have a backup of a private key, maybe it's in a safe somewhere and that gives you access to the money. So anybody that with access to that private key will have access to the funds, or it's backed up somewhere digitally.
Basically. Self custody wallet means you own your own money, you don't have anybody managing or storing or custodying your funds.
And so the way that you would discover that in an investigation and seize that money with the self custody is if you get access to any kind of private key material that's associated with the funds. So it could be like a string of alphanumeric characters, like a private key, or it could be a mnemonic seed phrase, like 12 random words, 24 random words, things like that.
And just having access, getting access to that, to that private key material gives you direct access to the money. Just laying eyes on it basically gives you direct access to the money, which is kind of unprecedented when it comes to financial investigations. Usually you have direct access to the money if you find cash, for example, and you can grab it with your hands. But this is a little bit different. And so the second way that we would find crypto is if we trace it to trace the transaction, say on the blockchain, and we find out that the target was moving money into one of those centralized exchanges, centralized custody. So self custody versus centralized custody. This could be a crypto exchange or qualified custodian that will store the funds for the individual.
So basically, you don't own the private keys to that wallet. And in order to take that money, you have to go through the financial institution or the intermediary in order to, as a law enforcement agency to freeze or seize that money. So you would have to go to the judge, get an order, freeze order or seize order, and then serve that to the financial institution in order to seize the money. And so those are the two main ways that we would find cryptocurrency in investigations for seizure.
Now, what's unique about the self custody part is because crypto is digital. A lot of times those private keys, the private key material that gives you access to the money, will be found in digital media or, you know, phones or laptops or servers, communications that you may be collecting and seizing in your investigation as a law enforcement agency. And so, in my experience, I've seized millions upon millions of dollars just by looking through this kind of digital evidence and finding private key materials in various locations within that digital media. And so it's kind of the first time that we have a situation where we can find assets and take them right away. And there's some risks associated with that as well. But it also creates huge opportunities for us to actually seize an incredible amount of illicit money if we know what we're doing, what kind of data to look for, what kind of data to seize, and where to look for those private keys.
[00:17:19] Speaker C: So if you're going through like digital media, like someone's phone, maybe it's in their notes app, and it's the private keys. Right. Can I just ask a rudimentary question? Where should, hypothetically, where should people be storing these private Keys in your experience.
[00:17:32] Speaker A: Then I guess safety deposit boxes or wherever you would store something that's extremely valuable. The problem is with this is people want access to the money. You want to recreate the wallet and actually use the money. And so you don't want to have to go to a safety deposit box like on the other side of town and then go get your private key and then restore your wallet and then use it. So this is why some people will in a store the private key digital digitally. Actually, one of our products that we sell at Cat Labs is a key backup and recovery tool that allows you to store and securely store your private keys digitally with access controls. You know, multiple people can have access controls to the key and stuff like that. So there's various ways of doing it. There's key backup and recovery solutions that allow you to store your keys securely. We can break them up into little pieces and do it that way. But a lot of people do it for convenience and they store, store the key in other places. Or if you know how to do digital forensics, sometimes the applications or wallets that people are using will leak some of this information. And so that's how we can, we can get access to that money.
[00:18:49] Speaker C: So then just on the private keys for a moment. So from my understanding, if, I don't know, just say someone left their phone open. I was going through it this bad example, found private keys. I can pretty much then it's like full reign for the money as opposed to, oh, I've dropped my credit card. Yeah, maybe someone has taken and used it. But you can lock it on your, on, you know, your banking app. You can call your bank. Like there's a little bit more security then around it. But is that sort of correct? Because it sort of feels like a little bit more free for all if you lose those keys.
[00:19:24] Speaker A: Absolutely, yeah. Whoever has access to those keys can take that money and then you can't. There's no intermediary that you can then go to to try to get that money back. That's it. If you didn't secure the key properly and you lost it or somebody stole it or whatever, and that's it, that person owns the money just by laying eyes on the private key.
[00:19:45] Speaker C: Yeah. Okay, so, okay, this is really interesting. So then just say someone doesn't secure it properly. Like what, what do people sort of do that? And like how common is this happening?
Like still, okay, stealing is one thing, but people negligent and not storing it properly, like you said before, maybe that's in their Phone because it's convenient, because they need it. But how is this happening a lot, would you say?
[00:20:07] Speaker A: I've seized so much money but just because people do this. So yes, absolutely, it does happen a lot. It's a path of least resistance. They do it for convenience and they sacrifice security for convenience. And so yeah, I would say it's, it's very common.
[00:20:24] Speaker C: And then so these people just curious to understand, are they living on edge, thinking, oh well, I've got, you know, 250k as an example sitting in these keys. Oh well, hopefully no one like or do you think that they've got that much money, doesn't really impact them. And I know there's, there's horses for courses, you know, people have got, there's different levels of it. I'm just sort of curious to get into the mindset of protecting something that's very important and if something goes wrong, stolen, you know, you've, you know, you're being negligent, then there's a serious problem and then, then there's no recourse.
[00:20:57] Speaker A: So are you talking about from like, from a criminal's perspective or just anybody trying to store crypto?
[00:21:02] Speaker C: Well, I definitely think just an everyday person trying to store crypto.
[00:21:06] Speaker A: Yeah, that's why that's a drawback of using crypto in a self custody manner or storing crypto in a self custody manner. Because now you kind of have to have a lot of knowledge and expertise and you have to understand how the technology works and the best ways to actually secure and store your money. Right. And so that's why a lot of people, even now, they just prefer to give it to Coinbase or whatever, an exchange to store or another or qualified custodian. They don't want to deal with having to self custody their own assets. Right. Because they just don't have the knowledge and experience to have the faith in themselves to actually properly store those funds. Crypto just gives you the opportunity to do so and you know, and this becomes very relevant in unstable economies, hyperinflation, you know, countries that have unstable currencies.
You know, it becomes really important to be able to store your funds yourself without needing somebody else to move your funds or get access to your funds. So it's kind of a drawback of self custody is just the necessity for needing to know what you're doing when it comes to securing those keys.
[00:22:26] Speaker C: In fintech, trust is everything and proving it shouldn't slow you down whether you're dealing with ISO 27001, SOC 2, CPS 234 or GDPR. Vanta helps you demonstrate security and compliance without derailing your roadmap. Used by thousands of fast moving regulated companies, Vanta automates the hard part so your team can focus on shipping features, not gathering screenshots. Visit vanta.com kbcast that's V-A-N-T-A.com kbcast to learn more.
So then going back to correct Coinbase for a moment, would you say that they're a massive target? Because like, I mean, like I said, I worked in banks. Like I've seen people have money sort of siphoned out of their bank account. Admittedly, like you get the money back, but there was a whole investigation and depending on how much money it was, it might not come back instantaneously. Right? But then with this, is it just say someone siphoned the keys, private keys, stole them, whatever. How does Coinbase respond to that? Is it just, oh, well, we've tried our best and wasn't good enough and then that's the end of it. What happens next?
[00:23:33] Speaker A: In the case of Coinbase, it wouldn't be the private keys that would be at risk.
Usually the way it works where funds are stolen from Coinbase is the individual willingly generally will send that money to a scammer. Like, it's usually some kind of social engineering attack.
In a lot of the exchanges they're just inundated with these kinds of scams with this kind of fraud. There's even a lot of cases where like elderly individuals, they'll be targeted by what we call pig butchering scams or romance scams where they are actually contacted by a scammer. And then a scammer kind of creates this illusion of, or maybe a romantic relationship, or sometimes it'll be a, some kind of investment scam. So they'll be like, oh, you know, I have, I'm making all this money, all these returns and you should do it too. And so they kind of rope people in to some of these scams where they make them create a Coinbase account and they make them attach their bank account to the Coinbase account and they'll literally walk them through how to do that. So even if somebody never even had a crypto account, the scammer will help them create this crypto account. And so a lot of the scams happen this way and like via social engineering attacks where the individual will send the money out to the scammer themselves.
And so Coinbase and other exchanges, they have kind of anti fraud measures to detect kind of this Kind of suspicious activity or something like that. But a lot of times, yeah, once the money is gone, you can't really do much about it because the money was sent out somewhere else and it's crypto. So there's no like, there's no reversing it usually.
[00:25:19] Speaker C: So there's another guy that I know, he's in the US as well, so he sort of gets involved. When someone does get scammed and they've got to go after, I mean, look, says it's hard, but it is doable. But it does take a lot of resource to find the scammer and hopefully get it back or something like that. I mean, you probably know more about this than me, but do people sort of engage sort of private people to go and get the money back or.
[00:25:42] Speaker A: Yeah, all the time. There's, there's a few service providers that do cryptocurrency, forensics and investigations in these kinds of cases.
But yeah, there is a chance to do it there. There's less chance to do it, the more time goes by. If not a lot of time went by, then there may be an opportunity to actually trace the funds and get some funds back. If the scammer, for example, is still sending money to like another exchange, then if you do an investigation pretty quickly, sometimes you can trace money back to an exchange. You can give that information to law enforcement and then they can kind of freeze that money and try to get it back. They can work with the exchange. So there's various ways of trying to first of all trace the money, see where it's going. Is it going to like a subpoena ball regulated place or is it, you know, going to self custody accounts? And also, you know, there's other ways of trying to find out actually who the scammer is, you know, actually investigating some of the data that's provided by the victim in terms of how they communicate with the scammer. So sometimes they'll be able to get the scammer's identity and you know, then depending on where they are, a lot of times they're overseas, they're the scammers in a totally different place across the world from where the victim is. Sometimes they'll be able to also connect various types of scams and investigations together. So let's say it was a hundred thousand dollars that was stolen from a victim. A lot of times it's the same scammer. So if law enforcement can make a link between this victim and maybe 10 other victims, it could be a much bigger case. And so they can start like a federal investigation on that, that kind of case. So there are definitely ways, but it really depends on, on how fast you, you act, how quickly you're able to trace the money and figure out, you know, what to do and, and figure out if you're able to identify the scammer. If you identify the scammer, then I would always go after their, you know, digital media because that's a lot of times that's where you'll, you'll find the seizable assets or the self custody assets.
[00:27:51] Speaker C: So then if it comes a federal investigation and just speaking to like law enforcement folks over the years, they just said depends on where it is because if there's no treaty with that specific country, we sort of just nothing we can do. Is that still the case for crypto or does it slightly change a little bit when it comes to that?
[00:28:09] Speaker A: Definitely still the case. If the money goes to an exchange, for example, in a country that, let's say the case is in the United States, but the money goes to a country that doesn't have an agreement with the United States to get any kind of legal process served on the exchange that's in that country, or maybe that country doesn't really regulate the exchanges that much. And so the exchanges can do whatever they want. And so there's a lot of, you know, criminal activity, money laundering happening in those exchanges in those countries. So yeah, if you have that kind of situation, it's unfortunately, it's very difficult sometimes to go after that money unless if it goes to an exchange. A lot of times, you know, it's kind of a black hole. You don't, you can't really trace it after that. You know, you can't trace it out of an exchange unless you go and serve process, legal process to the exchange. But if it goes to a self custody wallet, then maybe you can put some kind of lookout on it and see if there's money that, that moves later on. You know, there's things you can do there. But yeah, if it goes into a centralized exchange in a country that's not cooperative, then yeah, that's unfortunate usually.
[00:29:16] Speaker C: So then when you and I spoke originally, you raised an interesting example on a case around a $15 billion seizure without an arrest.
So maybe give us a little bit of context and a little bit of background on this. I found it quite interesting when you and I spoke about this.
[00:29:33] Speaker A: Yeah. So the context behind this seizure is it's, it's very unique and it kind of, it goes to say that we are Able to seize money. With crypto, we're able to seize money without actually laying and putting handcuffs on someone. Somebody can be in another part of the world, but we can take their money, their illicit money. Obviously with legal process, if we get access to private keys, if they have a self custody wallet and we are able to get access to the private keys to that self custody wallet, then we can take the money with legal process.
And so In October, the FBI and some, you know, some other agencies seized $15 billion from this massive pig butchering scammer that was in Asia. You know, he was still in Asia. They didn't put handcuffs on him at the time and they didn't need to, they didn't need to actually arrest him to take his money. And the only thing they needed is to get access to the private keys that he owned. And they did that and they were able to seize $15 billion. And a lot of the seizures that we've done, those massive billion dollar seizures happened exactly like that. They were able to get access to the private keys and seize the money. And so this is kind of unprecedented. We never had this kind of, this kind of process before. And so that's why I highlighted that, that case for you before when we spoke.
[00:30:57] Speaker C: And so just curious to know, were the keys in Asia somewhere? Was it like where he was living or was this dude super advanced where like you said, you can sort of break a piece of it up and spreads it out everywhere? Like, I'm just really curious.
[00:31:10] Speaker A: I'm not super familiar with exactly how they got access to the keys, but how I've got access to access to the keys in the past is usually by, you know, seizing some kind of digital media from the individual. And the keys would, you know, would be in like a spreadsheet or it would be, you know, you do forensics on the phone or laptop or you know, communications and things like that. So that's one of the most common ways of getting access to the private key without actually going to somebody's house and, and finding it in the safe or something like that.
[00:31:42] Speaker C: So how quickly do people know, like stuff's gone? They'd have to like, is it pretty instant that they're like, oh, okay, well that money's gone? Like, like how obvious is it for people?
[00:31:53] Speaker A: Well, I guess it depends on how much money is it and how are they monitoring the funds? Are they not? I mean, $15 billion, that's a lot of money to lose.
[00:32:02] Speaker C: Of course.
[00:32:03] Speaker A: No, so I'm, you know, I'm sure he noticed Pretty quickly that it was gone.
[00:32:09] Speaker C: And then what happened to that dude? Did he go to prison or what happened?
[00:32:12] Speaker A: Yeah, I believe they just arrested him actually afterwards. So they didn't arrest him during the seizure, but they, I think, arrested him just recently.
He's facing some prosecution.
[00:32:22] Speaker C: And so now I just want to move like maybe 2 millimeters on the same sort of thread because I'm curious to understand the insider threat motivation. You and I have spoken a little bit about this as well. So they. There's a significant risk, from my understanding, due to agents being able to view and potentially steal the private keys with little trace. So basically, everything speaking about today, insider threats are doing that, keeping it, and then no one knows.
[00:32:48] Speaker A: Right. This topic is very dear to my heart because I am just screaming at the top of my lungs from all the mountains to fix this problem, because I was doing crypto investigations for over a decade, and the way that I found and seized cryptocurrency in my investigations is by going through this digital media, usually all by myself, and then finding private keys. And once I find the private keys, I lay eyes on the private keys. Now I have access to the money. Let's say the $15 billion, right? Or there was another case a few years ago is $3.6 billion. And that money was found inside a Google Drive spreadsheet that, you know, the agent seized from the target. And so the agent was literally at home in his pajamas, looking through a search warrant return from Google and stumbled upon $3.6 billion in the form of private keys. And if he was corrupt, he would not, you know, nobody would know that he found that money because there's no chain of custody, there's no audit trail. And so that's very different from traditional financial investigations where let's say if I do a search warrant on a target's house and we find a pile of cash in the corner, there's a very strict policy on how to handle this kind of situation. And there's a chain of custody and audit trail. I have to always have a witness every time I go into a house, every room. When you search a house, there has to be two people per room because there has to be a witness to you finding something. So if I find cash as a law enforcement agency during a search warrant, you know, there's always another person there in the room. And so it'll be very difficult for me to steal the cash. It's also big, right? So it's. If it's like a lot of cash, it'll be Difficult for me to just like carry the cash out during out of the house. There's policy in place on how to handle finding high value assets in your investigation. So when you find it, there has to be a witness. When you count the money has to be a witness. You transfer, transport the money has to be a witness. You store the money has to be a witness. And crypto is very difficult to achieve having a witness and having an audit trail because most of the private keys, most of that billions of dollars in criminal assets are sitting in evidence lockers inside digital media and nobody knows who actually laid eyes on those private keys. And so there's a huge insider threat problem, there's a huge problem with lack of auditability, lack of chain of custody for these kinds of assets. So the government, you know, is sitting on all that money that they don't know who's actually laid eyes on those keys and they don't know how much money is actually in government custody because they haven't comprehensively scanned all of that data that they seize for private key material or seizable assets. It's a very new problem that I'm, I'm trying to solve with policy, a combination of policy and technology. So I talk a lot to our policymakers about actually making, making sure that agencies have these policies to, to not only maximize the opportunities for seizures because they can, you know, they're leaving billions of dollars on the table just by not scanning that data, that all of that data, but also making sure that there is a proper chain of custody, there's a proper audit trail, and that the government is properly securing those assets that are in their custody. The fact that they seized it from a bad guy doesn't mean that they shouldn't, you know, take care to secure those assets if there's actually high value assets inside digital media that they seize.
[00:36:21] Speaker C: So hang on, how common then is this? Because if you're working in government agency, you know, you're not doing it, you do this type of work because you really love it, right? Not because it's like, oh, you know, it's just a, another job I've got to do.
How do people get to the point where they're just that corrupt? Like, how do these people sleep at night knowing, well, you know, I was trusted to do something, I took the laptop, I found the 3.6 billion and then I kept it for myself. Like, how do you get to that point in your career?
[00:36:49] Speaker A: Thankfully he, you know, he had integrity. And you know, most people that I, that I used to work with have integrity. But there's always bad apples. You know, there's always going to be a small percentage of law enforcement agents, police officers that are going to be tempted. It's human nature and that's just something that we can't control.
[00:37:07] Speaker C: And.
[00:37:08] Speaker A: But it is something that we need to, to address. You know, we need to first of all reduce the temptation and reduce the probability that, that the person is going to be put in a situation where they're going to be all by themselves looking at $3 billion or even a million dollars. You know, it's also a liability for the agency.
As an agent didn't want, I was freaky every time I found the money, I would freak out. You know, I don't want to have access to that money. It's a liability. It's a liability for me. It's a liability for the agency. You know, what if the, you know, we arrest the target and he comes out and he says, oh, you know, the money was stolen and you guys had my phone. You know, this happened before in investigations where the defendant came out of jail and said and claimed basically that their crypto was stolen.
In some cases it was true, it was stolen. So there, there are actually agents and police officers that have stolen funds from evidence lockers, specifically crypto, because it's so easy.
And you can see some of those cases in the news. And that's just the tip of the iceberg. This is just the ones that we know about.
[00:38:09] Speaker C: Do you think as well people start to get suspicious quickly? Cause it's like, oh, you know, we used to hear from Jane a lot. Now she's sort of kicking back and chilling out a lot more because she's sitting on perhaps $3.6 billion worth of crypto. So, so do you think that there are people that, so the entire, inside these agencies, is there certain behavior perhaps where people start to go, we've got to look into that person a little bit more? I mean, I know it can be hard to, I don't know, we'll talk about this to, to say whether someone stole it or not. But is there certain sort of tip offs perhaps?
[00:38:41] Speaker A: Well, sometimes there are, sometimes there aren't. Depending on, you know, if the person all of a sudden is driving a Lamborghini and working for the government, obviously, like what happened there, you know, but, you know, an agency, a lot of agencies have insider threat programs. Smaller agency agencies typically don't really have insider threat programs. Or maybe they have if, you know, if somebody suspects something, they can talk to like, like oig, like Office of Inspector General here in the US for a particular agency that investigates insider threats and stuff like that. But yeah, I mean, it happens, you know, more than I like to think. You know, I think the best way to handle it is just, is just to have the proper policy, chain of custody policy for digital data. Digital media that contains these private keys, have proper audit trails and have the technology use the technology that's available to actually comprehensively scan all the data that they see for those private keys and those high value assets before putting them and, you know, storing them in an evidence locker for three years and not knowing there's billions of dollars in there. So there's ways to fix the problem. We just have to do it.
[00:39:52] Speaker C: So then, Lily, I'm aware that your business really focuses on training law enforcement on what kind of data that they need to be collecting in order to find seasonal assets and then also giving them sort of technology to actually go through all that data right at scale. So talk to me a little bit more about that.
[00:40:08] Speaker A: Yeah, so we have two types of tech. One is a scanning tool. So essentially every kind of digital media you can think about that's being collected by government agencies that could potentially contain private key material. So our tool will scan that data. And so we also give. They'll scan that data for not just private keys, private keys is very important, but also other traces of cryptocurrency used by who, whoever the data was taken from. So it helps find leads for further financial investigations, and it also helps identify any private keys that may be in that data.
And so that's one of our tools and another tool that we have. And actually this one has kind of an audit trail function in it as well that tells you who actually viewed a piece of data and who laid eyes on a seed phrase or a private key. So there's kind of a little bit of an audit trail there if you have a scaled deployment of the product across the whole agency.
And then we also have another product that is a quantum resistant key backup and recovery vault. So this is for agencies to store, recover, manage cryptocurrency keys in their possession. So whether it be crypto keys that they're using for investigations, for undercover investigations or whatever it is, or if it's crypto keys that they're using to, you know, like for government controlled wallets that they use to actually store seized assets.
So we have two products that allow you to scan all the data for crypto assets, seize the private keys, seize the assets, and also secure the assets so making sure that those assets are properly secured within government custody and not just kind of laying around in evidence lockers and, and with, you know, multiple working copies being, you know, given to different individuals and not knowing who actually looked at it. So the purpose is to give law enforcement a tool to be able to actually find out if there are private keys in the data that they collect and then secure those private keys at scale.
And also we do provide the training. So we tell them, hey, if you actually want to maximize seizures, if you want to seize as much illicit money as possible in crypto, do these are the types of data digital media you should be collecting. This is where we typically would find cryptocurrency assets. And that's important too. It's important to know how to maximize your investigation and maximize your ability to seize assets, especially when you're working on, you know, a victim case, to maximize your ability to get more assets and return those funds to the victims. So, so we do have that kind of very focused digital asset recovery and seizure training.
[00:42:50] Speaker C: And then lastly, Lily, given the work that you're sort of doing that you just explained, and I know that you're working with, you know, policymakers and government to really change how corrupt agents are going as well as the criminals and how all of that looks, do you think that moving forward we will see reduction in corrupt agents and we will see a reduction perhaps in theft against crypto? Like, what are your sort of thoughts now, given the work that you're doing?
[00:43:16] Speaker A: Well, what I would like to see is actually catch the corrupt agents that have stolen crypto in the past, because I have a hunch that there is a lot of those cases out there throughout the last over a decade that we've been doing crypto investigations or crypto enabled investigations. So I think if agencies actually implement some of these policies and technologies in their workflows, they're going to find, if they want to, they're actually going to be able to investigate. Let's say if somebody seized a phone, you know, two years ago, and there was a private key in the phone that the agency didn't know about, which happens all the time, and they, you know, the money is gone or part of the money is gone. So there was money there when the phone was seized, but now there's no money. And so I would love to see some investigations into where that money went. Right. Was it. Because sometimes it can be the target or the target sister that also has a copy of the private key that took the money out, but sometimes it's possible it may be somebody on the inside in the government that took that money. So I would love to see some actual kind of reactive historical investigations being conducted. And then I would like to see agencies actually implement these policies and proper procedures for this modern type of crime where they're going to not only maximize seizures, but also keep that, keep those funds secure. And I do think that it'll surface any attempt by anybody to actually steal the money and it'll discourage people from stealing the money because there is a policy and there is a process and they know that, you know, if they take the money that there's going to be potentially consequences and there's an audit trail for when they process and handle this data that may contain high value assets.
So I think it would definitely help with reducing those insider threats.
[00:45:13] Speaker B: This is KBCast, the voice of Cyber.
[00:45:17] Speaker C: Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today.
[00:45:26] Speaker B: This episode is brought to you by MercSec. Your smarter route to security talent Mercset's executive search has helped enterprise organizations find the right people from around the world since 2012. Their on demand talent acquisition team helps startups and mid sized businesses scale faster and more efficiently.
Find out
[email protected] today.
