With over a decade of experience, James Barnacle (Deputy Assistant Director, Federal Bureau of Investigation (FBI)) joins Jonathan Levin (CEO & Co-founder, Chainalysis) for a deep dive into the nexus of cybercrime, cryptocurrency, and the evolving challenges faced by law enforcement.
You can listen or subscribe now on Spotify, Apple, or Audible. Keep reading for a full preview of episode 171.
Public Key Episode 171: Digital Frontlines: Law Enforcement and National Security Strategy in the Crypto Era
With over a decade of experience, James Barnacle (Deputy Assistant Director, Federal Bureau of Investigation (FBI)) joins Jonathan Levin (CEO & Co-founder, Chainalysis) for a deep dive into the nexus of cybercrime, cryptocurrency and the evolving challenges faced by law enforcement.
James shares insights into the history and progression of the FBI’s strategies in combating cryptocurrency-enabled crimes, shedding light on intricate cases involving ransomware, fraud, and terrorism financing.
This conversation goes in depth on the FBI’s approach to multi-agency cooperation, including the establishment of the Virtual Assets Unit and response teams across field offices and the importance of victim reporting when it comes to pig butchering and other crypto investment schemes.
This is an episode you won’t forget.
Quote of the episode
“ Victim reporting to the Internet Crime Complaint Center, which is IC3 showed a 48% increase year over year in the pig butchering losses to about $5.8 billion roughly in reported losses.” – James Barnacle (Deputy Assistant Director, Federal Bureau of Investigation (FBI))
Minute-by-minute episode breakdown
2 | Background of James Barnacle
4 | Beginning of the FBI’s Involvement with Cryptocurrency
7 | The Evolution of Cryptocurrency Use in Criminal Investigations
10 | Establishment of the Virtual Assets Unit in the FBI
14 | FBI’s Approach to Ransomware Investigations
20 | International Private Sector Collaboration and Strategy in Fraud Cases
25 | Addressing Elderly Fraud and Pig Butchering
31 | Impact of Sanctions on Fraud Prevention
37 | North Korea’s Involvement in Cryptocurrency Theft
40 | Importance of AI and Machine Learning in Law Enforcement
48 | Encouragement for Public and Private Sector Cooperation
Related resources
Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key.
- Website: Mission First: To protect the American people and uphold the Constitution of the U.S.
- Press Release: Ransomware Administrator Charged with Cybercrimes for Deploying “Lockergoga,” “Nefilim,” and “Megacortex” Ransomware Strains Against Hundreds of Victims
- Report: Operation Level Up: Notifying Victims of Crypto Investment Fraud
- Blog: The 2025 Geography of Crypto Report (Reserve Your Copy Now!)
- Blog: The Venus Protocol Incident: How Hexagate and a Community Stopped a Hack and Enabled a Swift Recovery
- Blog: Seoul Police Crack International Hacking Ring with Chainalysis Solutions
- YouTube: Chainalysis YouTube page
- Twitter: Chainalysis Twitter: Building trust in blockchain
Speakers on today’s episode
- Jonathan Levin (CEO & Co-founder, Chainalysis)
- James Barnacle (Deputy Assistant Director, Federal Bureau of Investigation (FBI))
This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.
Transcript
Jonathan L.
Hey, Jim, Jonathan, I can’t believe it’s taken us 10 years to do this. It’s not quite 10, it’s not quite nine years and maybe six months or so. Yeah, well, I’m glad we got it in before our 10 year anniversary. I was wondering if you could just introduce yourself and really tell a little bit about your background and how you got into meeting me all those years ago and why this area became important to you? Yeah, I’d love
James B.
So my name’s James Barnacle. I’m the Deputy Assistant Director in the Criminal Investigative Division for the FBI, and I oversee about half of our criminal programs, so all of our white collar programs, so fraud, financial crimes, money laundering, also the public corruption civil rights programs. I have the undercover programs for the FBI, and I also have the violent crimes against children programs. So years ago, I started in the New York Field Office, and I worked financial crimes. Was eventually promoted to a public corruption supervisory job in New York. And 10 years ago, I got a phone call and was asked to come down to headquarters. They were starting a money laundering unit, and I was asked to come down and lead that unit. So I came down, and there were a couple people in the office that were working cryptocurrencies, and they talk in my ear off about crypto. And of course, I tried to ignore them. It dawns on me that this is a real thing. It’s a real threat.
Jonathan L.
And before we sort of dive into where that went from there. How was it perceived at the time inside the Bureau, and like, How come it landed on the money laundering desk? Yeah,
James B.
so it came to money laundering, Well, two reasons. One, we had some intelligence analysts that were really smart and saw this as a problem, or a potential problem space where criminals would exploit, and I think it’s any new technology criminals are going to try to capitalize and use that technology. So in the crypto space, we had some fraudsters, and we had some people in the money laundering space that were trying to move illicit proceeds through Bitcoin, primarily at the time, and so we needed to be able to trace those transactions. The reason it fell in the money laundering was because of those people, number one and number two, the value transfers, moving a value. Terry, some of value from one place to another falls under the money laundering program. And we had the opportunity to talk to leadership in the FBI and articulate the crime problem and how it impacted multiple crime problems. At the time, it wasn’t really that many crime problems, but we were able to get buy in from management and start exploring
Jonathan L.
the threat. And the threat at the time was largely in the sort of cyber crime and online drug trafficking type things were those sort of predominantly the types of crime that the bureau was concerned about. Yeah,
James B.
back then is a lot of dark marketplaces selling illicit goods and asking for payment in cryptocurrency because of the perceived anonymity, or how anonymous it is to use cryptocurrency. And we saw a little bit in the fraud space as well, but that was pretty much it. It was, it was fairly narrow.
Jonathan L.
And so the criminal division within the FBI sort of takes this sort of lead position on being able to understand how to actually solve these types of cases. Was it successful? Like, how did it go? I would
James B.
tell you this, we never looked at cryptocurrency, Bitcoin, or any of the different currencies that are out there as the crime problem, as the threat. We looked at criminals that were committing other crimes using cryptocurrency to further their scheme, whether it was transfer funds from one place to another, as I said, So, we had to do two things. We had to get a global understanding. We had to make our agents understand what’s cryptocurrency. And so we really started the program with training. We came up with a couple PowerPoint presentations cryptocurrency, 101 and 102 and I took those three analysts, I identified an agent, put them in charge, and said, hit the road. And they started going around the field offices and giving presentations. They went to US Attorney’s Office and gave presentations. They were road warriors.
Jonathan L.
And so that collaboration obviously goes from maybe sort of some healthy tension between the criminal and cyber division on what cases should be done where. But eventually, then there’s formation of, like an actual unit, and you bring in sort of broader capabilities to look at as the threat becomes much, much larger. There’s a funny anecdote that I remember, you actually walked me out of a meeting because I was, I was present in a meeting, and everyone needed to actually collaborate on a case. And they were like, Jim, can you escort Jonathan out of the building, please? And I was like, that’s the best form of success, if I had to think about what a successful meeting looks like.
James B.
Yeah, it’s something becomes sensitive. And we’re like, yeah, get rid of the guy from the private sector.
Jonathan L.
But that’s really what I think is amazing about this, is that it goes from, like, a very narrow part of the crime spectrum to, you know, what does it look like today? Like, fast forward nine years and six months. Like, what does it actually
James B.
look like we see cryptocurrency in almost every type of investigation we have, we have over. Over 200 and around 250 investigative classifications in the FBI. So if you look at a classification, it could be fraud, money laundering, public corruption, terrorism, terrorism, finance, ransomware. So you look at roughly 250 or so, we have about 170 different classifications that have cryptocurrency component to the investigation. So it is across our entire enterprise. We have well over 2500 investigations across the FBI that have crypto as part of the investigation, at least a piece of it. So the landscape has shifted from a very narrow thing to, like I said earlier, bad guys are going to find something. They’re going to try to exploit it. So we see it in terrorism financing. We see it in raising money for Hamas and other terrorism organizations. We see it in the fraud space. See it in the ransomware space, just kind of across the board of the FBI
Jonathan L.
and how easy has it been to get the other divisions on board with capabilities in education? Because clearly people who are used to working whether it’s counter terrorism, maybe weren’t used to this technology beforehand. Like, how easy has it been to get everyone on the same
James B.
page? So that’s been our big evolution, and it was our challenge that was our growing pain. Some very smart people in the FBI decided that we had pockets of experts. So the Criminal Investigative Division, cyber division, Counterintelligence Division, all had some experts, and they were cryptocurrency experts. And of course, they collaborated, and they talked together, and they met regularly, but someone said, why don’t we just put them together? And so about, I don’t know, maybe 434, years ago, we started a virtual assets unit where we co located our crypto subject matter experts in the same office space. So we took the cyber agents and the criminal agents and analysts, and we put them together, and that was the start of a new way for the FBI to do business in this space, and our unit matured. So instead of hitting the road and doing cryptocurrency 101, presentations, we had to do two things. One, we had to make sure our workforce understood what crypto was. If they do a search warrant, and they see 26 characters and numbers. Could that possibly be a wallet address for cryptocurrency? So we needed the recognition of what cryptocurrency was. We also needed agents to know how to do some investigative steps if they were to encounter crypto, and if they didn’t know how to do it, where could they go for a resource? So the virtual assets unit became that resources we recorded with the help of chain analysis training sessions, we created an in house training program to train our workforce. They can go into our computer system and they can watch pre recorded videos. We have about 16 of those, I think it’s actually up to 18 now, and that will give the baseline training to folks, and then we do more advanced or specialized training for what are our power users in the crypto space? So understanding what crypto is, understanding how it could touch your investigation, and then building up our subject matter experts. So like I mentioned, we just have a handful of people at the virtual assets unit in Washington, DC, but we have 14,000 agents spread across the United States and in many countries around the world. And so how do we tap into that? And so we started a virtual currency response team, and we identified people in the different field offices that had an interest and an aptitude to do blockchain tracing, and we now have several 100 members of our virtual currency Response Team, and they’re in field offices throughout the United States, and they support investigations. They are our subject matter experts in field, but that resource is managed by our virtual assets unit,
Jonathan L.
the sort of hub and spoke where you can have triage in the field for cases that cross over all of these different crime types, and then also, like a hub of actual sort of expertise, if people get stuck, or if there’s a very complicated aspect of the case or some sort of obfuscation technique or some sort of advanced capability that needs to
James B.
be leveraged. Yeah, our hub would be our headquarter unit. Those are obviously our most advanced experts. And then we don’t officially rank people as far as their skill set, but, you know, we kind of keep a list of who are our power users and who are a little bit better than others in the field. We throw more training their way. You try to take our top people and make them better. And so it’s funny is we’ve had some folks in the field that have become absolute experts. Some of our best live tracing was done by agents in the field. Of course, we were able to recruit some of them back to headquarters to sit with a unit, but some of our best live tracers are in the field.
Jonathan L.
I’ve often found that it’s fairly random where crypto talent sits, and it feels like there’s just sort of an even distribution of talent around the different offices, and it’s just random where they are. And maybe we could get into some of the different types of cases that have come to light. And the FBI has obviously been leading in a lot of these domains. But what has happened with ransomware? I feel like the FBI has taken. Very sort of strong stance about ransomware, and been a priority for a long time. What’s been happening with sort of ransomware investigations that you’ve seen the
James B.
FBI is well positioned in the US government as both an intelligence agency and a criminal investigative agency that we can work with agencies on both sides in the crypto space, just like the FBI has subject matter experts, all of our federal partners do, whether they’re federal law enforcement agencies or they’re intelligence agencies. In the ransomware space, you have criminal actors and you have nation state actors, so that threat crosses both that intelligence side of the FBI and the Criminal Investigative side of the FBI, what we found to be successful is to get people in a room and talk about these crime threats. So we have working groups with the various threats. We have a ransomware working group, we have a terrorism fundraising working group, we have fraud working groups, and we just get together pretty regularly and we discuss the trends, what we’re seeing, the typologies and targeting. We also do a significant amount of engagement with the private sector. So ransomware, as you know, they’re targeting businesses, industries, hospitals. There’s hospitals that have been targeted for ransomware heights, and we’ve been able to interdict and go to the hospital prior to the attack and say, hey, you need to look at your computer systems. And so our cyber agents throughout the country engage with the private sector and say, here’s what we’re seeing, here’s the new variants of ransomware that are out there. And then we’re helping where we can the private sector take mediation steps or mitigation steps,
Jonathan L.
and oftentimes there is obviously the stance that don’t pay the ransom, but for business continuity reasons, or whether there is some sort of emergency healthcare reason, like people are still paying ransoms, and we see that in the data and What happens after that.
James B.
So ransomware being a more sophisticated type of attack, the bad guys are sophisticated in how they take the ransom payments and hack the ransom payments. So often those payments are in cryptocurrency, as you’re aware, and we immediately try to trace that cryptocurrency through the blockchain ledger where we have good engagement with the private sector. So if a victim company comes to the FBI very early on, we can try to mitigate that and recover their money. Sometimes companies for their business decision, a, we don’t tell them to make a ransom payment and B, we’re not going to interfere in what a business does, but we just encourage institutions, when they’re targeted, reach out the FBI, we’ll try to help, and then we’ll try to recover their money if we can. But we’ve been quite successful in recovering money. There’s been some significant a financial institution, about a year ago, was hit with a ransomware attack. They paid out 15 million or so. I think we recovered 12 of it. So not bad. They still lost 3 million. They got access to their computer systems, but we were able to get some of it back.
Jonathan L.
I think that’s an awesome result. When people first started looking at this, even getting any money back seemed impossible. And so there’s now definitely, like a handful of these cases, now that the FBI has been able to actually go in. And as you say, these targets aren’t easy targets. They often in foreign jurisdictions, there’s often very sophisticated obfuscation techniques and other things that make that case harder to actually be able to go after that is very impressive.
James B.
It is the challenge. It’s one of today’s challenges. But through training, through education, through building the skills and abilities of our workforce and engagement with the private sector were able to be successful, and we needed to engage the private sector, a for the tools, but B for the relationships. And just like where we put our subject matter experts together internally, the private sector your company and all these companies and in financial institutions, they all have crypto experts as well. And so we try to get those people in the room and they talk
Jonathan L.
shop, yeah, and really, the collaboration between the public sector and the private sector is what results in these great wins. And it’s everyone from the cryptocurrency exchanges and the payment companies, the larger financial institutions that are now involved, even the Googles of the world, the hyperscalers and everyone is looking at what are the pieces of infrastructure that are being leveraged and abused by these criminal networks or nation states, and it takes all of those private sector players to play well with the public sector to actually thwart those abuses. Yeah, 100%
James B.
the Internet has brought people together for some wonderful things, but it has also brought the bad guys out and in the criminal space, like fraud, for instance, you know, Americans are being targeted by fraudsters from overseas, and the internet is what brings people together, primarily through social media. And if the social media companies just buried their head in their sand, they’d have a lot of dissatisfied customers. So they have rightfully. Stepped up and tried to identify fraudulent accounts and fraudsters operating on their platforms. The tracing companies have come in with tools all the sectors you talked about, right? So banks, no bank wants to have their customer send money overseas and be lost and gone forever. It’s not a great business model. So it’s not a great business model for anyone. So the private sector has really stepped in into this space quite a bit, and we’ve seen a big impact in the last year or two with a now, I should say this fraud has gone up in the last couple of years. Significantly, 48% last year, is what our reporting is saying in the crypto space. However, the efforts of private sector and government have led to some successes, and have also led to, I think, increased reporting and more recognition of the schemes that are out there, which we wouldn’t have been able to do by ourselves. I think
Jonathan L.
that’s touched on it, because it’s impacting a lot of people. And obviously it’s not only people’s money, it’s people’s lives. And it has like, a huge human cost, both in the United States and abroad that has been sort of widely reported on trafficked individuals that are perpetrating some of these scams under duress and under orders in some of these labor camps in Southeast Asia. And we’ve written a lot about it, and it’s a very sad story on both sides of the human tragedy behind fraud. What has the FBI done about elderly fraud and pig butchering, as it’s called? And you know that type of fraud, because that was your old world. Now, really coming in to marry up with crypto?
James B.
Yeah, absolutely. So the crypto investment frauds is as we call and they’re they’re commonly referred to as pig butchering out there in 2024 victim reporting to the Internet Crime Complaint Center, which is IC three folks can visit the website. IC three.gov showed a 48% increase year over year in the pick butchering losses to about $5.8 billion roughly in reported losses, a significant dollar figure. And so we’re trying to mitigate that crime problem. We’ve had some success in the last couple of years. One of the things we’ve done is we started an initiative that we call Level Up. And level up is a perfect example of engagement between the government and the private sector. On the government side, the FBI, the United States Secret Service, Postal Inspection Service and Homeland securities investigations work this jointly on the private sector side, the tracing companies, financial institutions and mostly the virtual asset service providers, the vasps, are all in the space. And what we’re looking to do is we’re looking to identify victims of of pig butchering, and we proactively, we pick up the phone, or we knock on the door of the victim and we tell them we believe you’re a victim of a crime. We have to build some rapport to do that. We explain why we think they’re a victim of a crime, and that’s what we do. So in the last 1516, months, we have talked to over 6300 people, of which about 76% were not aware they were being victimized at the time. That’s shocking, astonishing numbers, and we were able to look at some data, the average victim loss is about 150,000 so when you you look at the losses, we estimate, we save victims about $275 million of losses that they they would have put in had they not been notified one of the unfortunate sides of pig butchering, besides people losing their money on domestic side, right? We have victims here. A lot of people lose every dollar they have, and a lot of people have chosen to end their life. They’ve committed suicide. With our intervention, we were able to refer a little bit over 60 people to our victim service specialists. We have specialists in the FBI for counseling, and so I think that’s one of the things that really resonates, that we were able to interdict there and help people. But as you mentioned on the other side of it, there are fraud compounds around the world, and we saw a lot of them in Cambodia, Laos, that part of the world, but it’s spread. We’ve seen them in Africa. We see them in South America. They’re throughout the world. And we’ve been able to work with the federal agencies partners. And as you know, the FBI and all the law enforcement agencies have people embedded overseas. We call them our legal attaches, and we’ve been able to engage with our foreign partners and have mitigated some of those compounds. Certainly not all. There’s a lot of them. And then obviously the stories of the victims, which you alluded to, people are taking jobs in a foreign country, and they think it’s a great job opportunity pays really well. Lo and behold, when they show up for the job, they’re working in a fraud compound. It’s a modern day slavery. These people cannot leave. They are stuck in a compound. They live there, they work there. They work very long hours, and their job is to defraud people. It’s pretty sad on that side too.
Jonathan L.
We’ve also seen that there is a full economy too, where people take that job and then their families are actually held to ransom to get their family member back. And that’s. Paid for in crypto, and we’ve actually been able to tie all of those different payments together, from the victims in the United States getting scammed all the way back to the wallets also owned by these people that are monetizing on the other side as well, for ransom for people that are in slavery. Effectively,
James B.
it’s disgusting behavior. I mean, up and down all the way across, people can choose to contribute to this world positively, or they can look to take advantage of people, and that’s what we have here.
Jonathan L.
I think that the lesson for me from a bunch of these different crime types, but this one in particular, is an analysis of that entire supply chain that in order to really go out and disrupt a threat, understanding not just the sharp edge of the threat, but also actually understanding what led up to that is really sort of the important aspects of it, and understanding the money flow that goes through the entire supply chain is actually The way that you can understand the intelligence about how large that threat is, or how significant it is, or the timing of those things, and I think that one of the things that I’ve come to appreciate over the last decade is that cryptocurrency gives you that ability to have real time intelligence about the full supply chain of These types of threats, if you’re monitoring it close enough. And really, with pig butchering and even with scams in general, being able to scale that collection build the strategic intelligence allows you to take a really, much more proactive stance than responding to victim reports 100%
James B.
First off, a lot of victims don’t ever report being a victim. I mean, there’s research and studies out there that say about anywhere between 10 and 20% of victims actually report being a victim of a fraud scheme. So it’s underreported. We know that. Don’t know the percentage, but it’s under reported victims. Some will report it right away. Often it’s way down the road because they didn’t know where they’re a victim of a crime, right? And level up over 70% of the people we talked to didn’t know they were a victim of crime, so they had not reported being a victim of crime. And so all the reporting to the FBI last year for frauds and ransomware and our IC three complaints, the losses reported were over $16 billion
Jonathan L.
and I think that you spoke about this earlier, but I think it’s like a really good point about how to measure success, which is, not only is it the amount that’s seized or the amount that’s recovered or frozen, or the number of cases, it’s actually the amount of harm that’s then prevented, and getting a very good understanding about the life cycle of, for example, a scam, you can actually, then estimate, not only did you freeze the money from the bad actor, but actually you managed to prevent, like, a lot more losses than than what would have happened otherwise,
James B.
absolutely. So make no mistake, the number one goal of the FBI is to put people in jail. And we are trying to identify subjects. We are trying to develop cases, if they are in the United States, is to arrest them. If they are overseas, is to arrest them. That is our number one goal. However, that takes time, and sometimes we can’t operate in that timeframe, so we’ve got to make an impact now. So how do we step in? How do we mitigate these crime problems? When we can’t get the people right away, we’ll get them. The fraudsters that are operating these compounds overseas will be arrested, whether they’re charged by the FBI or foreign government. It will happen. But what can we do in the short term? So we can talk to victims. We can step in and try to mitigate it. We can try to look at the different services the bad guys are using to exploit our foes. What kind of communication systems are they using? Who sets up their internet accounts? Now I’ll give you an example. We identified a Philippine space company, a Fano, that was creating 1000s of internet sites and apps as well that victims of pig butchering were accessing. A lot of those sites were mirrored and very similar to a legitimate financial institution. So we were able to work with the United States Treasury Department office of RNA OFAC, and OFAC sanctioned this company and the CEO, the head of the company, a few months ago. And so that is a place where law enforcement worked with a regulatory agency in the United States to make an impact throughout the world, and to put on notice to that company and that CEO and everyone working for that company, we’re after you
Jonathan L.
and their financial assets. So in that case, the actual listing on the OFAC SDN list, the special designated nationals list, which she was added to, her cryptocurrency addresses were also published on that list, and so then all of our private sector customers at chainalysis, we have more than 1000 customers that screen transactions against chainalysis for money laundering risk, and they then know not to do business with that company.
James B.
That’s right. We find the sanctions to. Be very useful. Financial institutions around the world respect sanctions, and they look at the OFAC list and they they stop doing business with people that are on it. So it is a very important tool that we have in the United States to impact this space,
Jonathan L.
speaking of tools and other authorities and difficult challenges that are across borders. There’s been a lot of talk about DPRK being involved in stealing cryptocurrency. We’ve had a lot of reporting on foreign tech workers. I know that the bureau is again, sort of taking a pretty strong stance and lead on being able to help with this. Could you elaborate a little bit about what you’ve seen DPRK do with cryptocurrency.
James B.
Yes, look, there’s several cases that have been charged. I would refer people to the US Attorney’s Office press releases. But DPRK, as you know, has hacked companies. Has stolen cryptocurrency, and they try to move it across the blockchain. The FBI tries to interdict those transactions, so we work with the private sector companies like yours and the virtual asset service providers to try to identify illicit money that DPRK is stealing, that they are moving through the system, and that they are trying to use to procure nuclear weapons. Last year, we seized about $50 million in crypto value that DPRK moved. So that’s a really important thing, right? It’s national security. It’s a global impact. The FBI is working with partners domestically, obviously, partners globally, to try to stop DPRK, and we’re going to continue to put resources to
Jonathan L.
that. And we’ve also seen that they are very sophisticated in these types of attacks. I mean, the buy bit hack that happened earlier this year was $1.4 billion this is a very high dollar value, and being able to move that quickly and collaborate with the private sector is obviously critical to be able to stop that activity from happening. What has happened with the ability to continue to trace when they are operating at that level and scale.
James B.
Two things. One is we had to get better. Our folks that have the tracing ability could no longer rely on watching a transaction that was already done, come into it afterwards and just follow the transaction. We had to get good at live tracing where the adversary is moving the money, we had to follow it live. And that’s what DPRK does. And so we raised our skill set. The second and the most important was the engagement with the private sector. And so one of the things we’ve done that I think, is a really successful tool, is we created what’s called is known as Ivan, the illicit virtual asset notification system, and that is a group of government agencies and private sector partners that have signed a memorandum, and we work together. And what we do is we share dirty wallets. So here’s a wallet that’s moving, we share it with all the members, and if a member sees some activity with that, if it’s on their platform or their system, they flag it. Chain now flags some stuff to us, and they tell us, hey, this might be DPRK, and we step in. So we obviously have to go through a process. I
Jonathan L.
think this is another really good example of how getting new technology and marrying that with the right authorities is like the key to solving some of these problems. And it takes not just, you know, the technology, but it also takes the strategy of the investigation, and then it takes actually doing work across DOJ with prosecutors and even educating judges about what are the right authorities to be using to actually charge these cases and take those steps to interdict money. Maybe talk a little bit about it doesn’t just stop at the FBI. How does it go with engaging with prosecutors that are now doing these cases?
James B.
Well, I think you said it there. Just like internally, we had to educate our workforce. We have to externally educate prosecutors. There are some subject matter experts at DOJ, but not enough to go around. Our prosecutors are smart folks. They’re highly educated. They’re pretty easy to train, and so we train them. DOJ will hold conferences and training sessions, but when we get into a case, we’ll have the prosecutor that’s assigned to the case, and we’ll just start training them up and teaching them what they need to know to help with the case. So I think the one thing people don’t necessarily understand is the FBI is an investigative agency, and we’re a federal investigative agency, so we don’t investigate state crimes or local crimes. It has to be a violation of federal law, and we can investigate a case, however, we cannot charge a case and we cannot prosecute a case. That is up to the Department of Justice. And around the country, there are United States Attorney’s offices, and they lead prosecutions. So we collect evidence, we conduct an investigation, we work hand in hand with the prosecutors, but ultimately it is up to them. Them to take that piece of the case and move it forward, and then they have to go into the judicial system. Right? They’re going to courts, and that presents another challenge, right? Judges may not know much about cryptocurrency. The jury may not know much about cryptocurrency. So we have our subject matter experts will often have to testify in trials to teach the jury, to educate the jury, or educate the judge, what this is, what is the problem here? And so there’s a lot of steps after our investigation that we’re along for the ride. Once the investigation is over, concluded, and in the cases charged, we’re no longer the lead. DOJ is the lead, and we’re there as a supporting role, and we will support them until the case is adjudicated.
Jonathan L.
I remember back when we first started coming and talking to members of DOJ, members of the FBI, about this technology, and one of the first things that people said was, you’ll never convince a jury, or it’s going to be impossible to convince a judge that this is reliable evidence in court. That was wrong, clearly, and it has been something that the FBI and DOJ have managed to with subject matter experts and training and education managed to really create the reliability of this as admissible evidence in these cases,
James B.
our system, right? Each case has its own case, and each case has its own jury. We don’t have standing juries in the United States, so every time we go to trial, we start the education process during the trial. But we found, like a template, a process that works, and so we just go to that process, and it’s been fairly successful,
Jonathan L.
I think, the the ability to then prosecute these cases is like a major step in proving out, you know, this methodology and this technology. The other thing, though, is then also then seizing cryptocurrency. And I’ve heard that there’s also maybe some specialist resource in the FBI that is a canine that can seize cryptocurrency. Is this true? There
James B.
is no canine that can seize cryptocurrency. We do have canines that can point out electronic devices, and we have all kinds of wonderful dogs. We have canines that can help with investigations, and we have canines that can help come in and help with stress, all ranges of canines in the bureau,
Jonathan L.
I feel like that’s a recruitment tool that is underutilized. The FBI is
James B.
the greatest law enforcement agency in the world. Is a phenomenal place to work. And if a golden doodle is what I have to use to recruit people to come to the FBI, I think I’ll use it.
Jonathan L.
I think that the ability to be able to have the situational awareness in those cases where someone goes into a room or a house or on a search warrant and be able to identify electronic devices, as you say, or cryptocurrency material has been sort of a really important skill that has to be rolled out to an entire workforce. I mean, that’s something that is quite difficult. How does that work?
James B.
Well, it started with presentations, as I mentioned, and it’s about three four years ago when we recorded the video presentations, we made the first couple in the series mandatory for every agent and analyst in the FBI. So there’s a little over 14,000 special agents in the FBI. They all had to watch the first two so they all have a baseline awareness of what cryptocurrency is. As the workforce turns over, people retire, new people come on board, we request that the new agents do that training again, and so that they have a baseline understanding of crypto. What we don’t need was, we don’t need 14,000 agents to investigate crypto and to be able to trace crypto. We don’t need that, but we do need them to recognize how it may be used in their cases and to look for and then if they need help, they go to the virtual assets unit or the virtual or currency response team members in their field office. We have a web page that lists those people, so they have the point of contact, and they just walk down the hall say, Hey, Jonathan, can you help me with this Bitcoin?
Jonathan L.
And I think that that’s something that we have also started to think about mirroring our technology to the actual organizational design of an agency like the bureau that clearly has spent 10 years developing and building organizational structure to deal with virtual assets or cryptocurrencies strategically, is we’ve started to build technology that makes it actually a lot more simple For anyone in the FBI to be able to get a basic insight, and then also built tools for the most advanced traces out there to do the most difficult and complex investigations, all the way to thinking much more strategically, as you’ve sort of outlined a lot, is thinking macro level about these threats and how to understand the entire supply chain and actually go after the money before you necessarily can get to the person. Yeah.
James B.
I mean, it’s really important that you step in and do that. I think one of the things I’ve been remiss in talking about is when we established the virtual assets unit, we embedded our intelligence analyst leads our intelligence team, and she. Is one of the four women pioneers. I mean, she’s probably the foremost expert in the United States government in cryptocurrency. She’s been, I would say, 2011 or 2012 she got into it, right? We Bitcoin started in 2009 so it’s been a long time. So she leads an intelligence team. So when I talk about the different threats, the terrorism threat, the counterintelligence threat, the criminal threat, cyber threat, her intelligence team looks at, Okay, how’s crypto used in those different threats? How is it being used by fraudsters, versus the cartels, versus DPRK, and they write intelligence products, and those intelligence products are shared throughout the FBI. They’re briefed to people in the FBI. They’re put on a website internally so people can read them. They’re shared with our federal law enforcement partners, some intelligence agencies, so we’re sharing that intelligence. I think the biggest thing, and I’ve tried to talk about this, is collaboration in partnerships the FBI, no one program can lead the charge on this. So internally in the FBI, we’re trying to reach out and share across the enterprise. Externally, we’re trying to share the knowledge and the expertise we’ve gained with the government and with the private sector. Because, as you know, the vast majority of use of crypto is legitimate. It’s not business. It’s good business. We’re just looking at the illicit use of it. That’s all we care about.
Jonathan L.
And one of the big threats that we haven’t really spoken about is counter terrorism financing. And I think when this first came across everyone’s desk, actually, in the 2015 16 time frame, there was a lot of concern about cryptocurrencies use for terrorist financing. How has that evolved over the time that you’ve been looking at it? And then I want to bring it all the way through to today and the Iranian threat and how to think about the use of cryptocurrency in Iran.
James B.
When I first got into the space of 2015 we started engaging with the counter terrorism division, and they had some cases here and there. The first real success story that I was part of was about 2019 an analyst came into my office and he says, I’ve identified a wallet that some of the value is being transferred, and I see people that have contributed money to that wallet. I said, Okay, what do you have? And so they identified where the people were located, and what our investigation revealed is these people were donating money to ISIS fighters. And so I had our analyst and Agent call the field offices and say, here’s what we’re seeing. Teach them what cryptocurrency is, show them what we see. It resulted in sending my team to those offices. Fast forward to October 7, the Hamas attack on Israel. What was our response? What would we look for? Well, one of the things we wanted to look for is identify cryptocurrency wallets, and we try to step in and thwart terrorism, which is a very real threat to the United States
Jonathan L.
homeland. And I think that one of the things that this success and the entire picture of being able to identify these cases is that they can be significant indicators to an actual attack or a capability that could exist in a part of the world that we didn’t really think could be related to those cases. And I think that one of the things that I’ve seen in this domain is that being able to view the full network and be able to map that and move from one case to the next to the next has been sort of instrumental in mapping some of those terrorism networks that have dabbled with cryptocurrency over time. We’ve seen a lot of it with some of the Iranian spies that have been arrested in different parts of the world, where cryptocurrency was an integral part of the way that those spies were actually arrested. In terms of the outlook from here. We’ve spoken a lot about the different types of crime and the different threats. What does the landscape actually look like moving forward? If we sat here, in a few years from now, are we still doing the same strategy, same technique, or things changing?
James B.
Well, things constantly change. I think living in the greatest country in the world, the United States, the ingenuity of businessmen and people and the creative minds this digital landscape is going to change. It has evolved a lot over the last 10 years, and it’s going to continue to evolve. And it’s hard to say where we’re going to be in 12345, years. However, we know it’s going to change, and our job is to keep up with the changes, to engage with the brilliant minds in the private sector that have these ideas, and look at the FBI is not going to get away of business. That’s not our job at all. Our job is to fight crime, protect the homeland from cyber attacks and terrorism and counterintelligence threats, and that’s what we’re going to do. And so however, the bad actors are going to use cryptocurrency or whatever the new thing is out there will adjust and will stay on the forefront of those technologies
Jonathan L.
We have a pretty broad audience that that listens to the podcast. I think that maybe it’s the true crime audience. Maybe it’s people who work in financial institutions that are crime fighters in their jobs as well. We have a lot of public sector. To workers around the world. You’ve got just a huge wealth of experience for those people. I mean, what should they be thinking about when they think about the FBI? Well, we’re
James B.
here to help. So I think a lot of people are afraid to talk to the FBI. It’s certainly in the business world, we see that a lot, right? Lawyers come in and say, oh, you can’t talk to the FBI. They might do whatever. I’m not really sure what we would do, but what I would encourage people in industry is to engage their local field office. We have 55 field offices across the United States, and we have satellites, about 430 satellite offices. We call them resident agencies across the United States. If you’re in the space and you haven’t spoken to your local FBI office, you should talk to the Financial Crime Squad, talk to the cyber squad. They will come out and talk to you about the threat landscape, the trends and the typologies that they’re seeing. They’ll share information with you. I would refer you to our website. I would refer you to IC three.gov, in both places, we have public service announcements and we have news stories about many of the things we spoke about today. We constantly release public service announcements to make industry and citizens aware of the different threats that they’re facing, and we will continue to do that. We share intelligence reports so we do intelligence reports for specific sectors. So if you’re in the cyber industry, or if you’re in the financial industry, and we only release those reports to people in that sector, but it takes them to engage. We can’t reach out to everyone, but folks, feel free to reach out to the FBI, and we want to work with you, and we want to help you in your industry.
Jonathan L.
I’ve heard of many examples of business people getting warned by the FBI about some sort of cyber threat, some sort of immediate threat to a business that has really actually saved a company’s existence. And I think that the most tragic forms of this are where you sit on some intelligence and you just don’t have the ability to contact those people. And so I guess, how does someone even find a local field office?
James B.
We’re in the phone book. I guess there is no phone book anymore, yeah, just call one 800 call FBI. They can put you in touch with the local office. You can also just Google, or you do an internet search for the area you are, and the phone number for the local office will come up. We do proactive engagement with businesses, especially in the cyber space. So when we know there is a cyber threat, whether it’s a foreign adversary, which we see now, we will go out and we will engage firms. So we are right now knocking on the doors of cyber companies and sharing the typologies and the trends that we are seeing so that the companies can take mitigation efforts to protect themselves from attacks. It’s really important to have that relationship before a company is attacked. I think I mentioned earlier, there was a hospital in Boston last year. They were being attacked. We got the data to indicate that they were being attacked, and we were able to go to the hospital, knock on their door. Hey, here’s what we’re seeing, here’s the code, here’s what’s out there their computer, folks. CISA went in, looked and said, Yeah, you’re right. We are being attacked. They were able to take mitigation efforts, and the attack wasn’t successful. So those conversations are happening. So we’re knocking on your door. Just confirm that we’re actually the FBI. Same thing if we call, just confirm it’s the FBI. Just there are law enforcement impersonation schemes. So sometimes, when you get a call from the FBI, just get their name and you can call back to that national number and they’ll connect you, or you can call the local office and they’ll connect you, if you’re not sure, and ask a bunch of questions to figure out if they are. But have them come to your office, we will go and we’ll sit down and we’ll explain
Jonathan L.
that to you. We’ve spoken a lot about different threats and everything negative about the world at large. What gives you the optimism to come to work every day
James B.
I love to put bad guys in jail. I love to mitigate threats to the United States in the local communities where I work, this is the greatest job in the world. There is, bar none, no better job than the FBI. So it’s very easy to come to work. I work with about 34,000 people. I don’t know all 34,000 but they come from all over this country with one mission in common, and that is to protect the United States. It’s a great place to work. It’s very easy to go to work.
Jonathan L.
I feel like we’re out in the world. And every third word has the word AI. In fact, chainalysis has AI. In chainalysis, what is the FBI doing about AI?
James B.
We have very limited resources. 34,000 people. We’re not going to grow. So we are always looking to leverage technology to make ourself more efficient and more effective. We have an internal AI Working Group at headquarters that’s looking at how AI can be used to help what we’re doing and machine learning, one of the things we’re doing, we just had a team down doing some work on BSA and. Analysis, right? So some machine learning on BSA analysis to identify suspicious activity reports, to identify new cases and to enhance ongoing and existing cases. So we’re constantly looking internally for technology. We’ll look externally for technology, and we’re also going to look how bad guys use AI to target Americans, which they’re doing, and so we have investigations into the illicit use of AI. That’s
Jonathan L.
really encouraging. I mean, looking at the Bank Secrecy Act data for these types of patterns, it’s been a big challenge that the data is fairly unstructured, and it’s hard to get some of the new technology to work on that. And AI does seem to have, like, a really important role to play in being able to understand structured and unstructured data that is really critical to the mission, and so finding the right path and the right controls and balance on what insights are able to be derived from Ai, it seems like a really important task.
James B.
When I came in the FBI nearly 20 years ago, we had BSA SAR review teams and they IRS and US Attorney’s Office all across the country as SARE UTS. They actually still have them, where they print off the SARS and their area of responsibility, and they manually go through it. The last time I did that was 2009 because it takes forever. It’s not that useful, and you can’t read every single SAR but you can use data analysis. You can use AI, you can use machine learning to funnel down that universe of SARS to focus on the threats you need to focus on. And I think that’s really important. So as a SAR review team, if I’m working fraud, I only care about fraud, but what if I miss a counter intelligence SAR, or counter terrorism SAR, or all these other violations that we work and all these other threats that are impacting the United States. It’s better if I use data analytics to narrow that down and tailor our searches to the different threat streams that we have, and then I can get those SARS to the subject matter experts to go through, rather than that population two plus million SARS, maybe they’re looking at 100 SARS in their AOR, and so, yeah, it’s so important to use I get a little bit on a soapbox when I hear Saar review teams that manually go through it, because you can’t be an expert in every single violation. And I know I can’t be, but I can go to the experts and say, Hey, what do you need out of this data? What do you look for? What are the red flags in the SAR that you would review for your violation, and then I work with our data teams, and I say, Okay, here’s what they’re saying. How do you capture that? How do you funnel that down? And we’re constantly doing that. I
Jonathan L.
think it’s a really good example of the process automation that is the important aspect of this technology. We’re not going to be in a world where AI is deciding and making a decision on what someone should be charged with or not, but there is huge opportunity to think about process automation, where the data can be collected, presented, collated, analyzed to Be able to simplify the job of the actual investigative work that needs to happen, which is the human assessment of is this something that I need to look at or not?
James B.
As a supervisor in the FBI, I’m trying to always help the agents be more efficient and effective. To take a bigger caseload, if I have an agent that’s working five cases, can I get them to eight to 10? If I have an agent that was working 10, can I get them 12? The use of technology is going to allow us to have more investigations by the same number of agents that we currently have. That is going to change over the next five years. I guarantee it. I just don’t know what it looks like, and I won’t be around for it, but it’s going to be great. I
Jonathan L.
think that the KPI of caseload is like a really interesting one, and I think that that is something that we think a lot about at chainalysis, is how many investigations can a crypto tracer do, and what are the ways in which we can build better products to help increase the number of investigations that someone could run at a single point in time? And I think that that’s a really helpful thing for people to actually track and measure the progress on how good the technology is at enabling that to happen.
James B.
We are aligned in that I 100% agree with you. I think that’s gonna be great,
Jonathan L.
awesome. Well, thanks, Jim. I really appreciate you coming all the way to our beautiful podcast studio in North Carolina. Oh,
James B.
I appreciate it. Jonathan, it was a pleasure to talk to you and look forward to talking again. Thanks.
The post Inside the FBI: Crypto, Crime and National Security: Podcast Ep. 171 appeared first on Chainalysis.
