Black Hat Demo to Reveal 'White Rabbit' Crypto-Transaction Surveillance Tool

This week in Las Vegas there are two well-known events taking place dedicated to information security and the global hacking counterculture — Black Hat Arsenal and Defcon 2018. During the conference festivities, there will be a bunch of demonstrations showcasing all kinds of hacker tools, security services, and engineering studies. Two developers from the intelligence platform firm Trustar will be revealing a new ‘early warning system’ called White Rabbit that detects emerging ransomware campaigns that utilize the Bitcoin Core (BTC) network for ransom payments.

Also Read: A Look at Stylometry: Can We Uncover Satoshi Through Literary Quirks?

A New Blockchain Surveillance Tool Called White Rabbit Will be Presented at the World’s Largest Hacker Conference

Right now, many tech-savvy enthusiasts, cyberpunks, and hackers are gathering in Las Vegas to attend two well-known tech-conferences: Defcon 2018 (Caesar’s Palace), and Black Hat Arsenal (Mandalay Bay). This year’s events will feature all types of mobile jailbreaking and rooting techniques, opsec methods, online certificate abuse, DDoS attacks, and drone technology, but only one demonstration that ties to cryptocurrencies. During the visit, people will be able to see a tool created by the intelligence platform Trustar’s lead developers, Olivia Thet (engineering) and Nicolas Kseib (data science), which tethers illicit ransomware crimes to bitcoin transactions. The tool is called White Rabbit and the developers claim it provides a “near real-time contextual awareness of a specific ransomware campaign.” Essentially White Rabbit monitors bitcoin transactions associated with these types of crimes allowing investigators the ability to tag specific transactions.

Clean and Dirty Addresses

According to the demonstration summary, White Rabbit is a three-part model that first starts by collecting BTC addresses and classifying them as “clean” or “dirty.”

“The second part is to test the classification models using this dataset and propose decision metrics to optimally pick a model. In this part, we will also discuss ideas about how to compute expensive, but important features obtained from transaction data stored on a graph database,” explains the Trustar developers.

In the third part, we will show how to use the obtained optimal model to predict if an address is “dirty”. Finally, we will discuss our challenges when solving this problem and propose solutions to overcome them.

The subject involving a company or entity monitoring a public blockchains and blacklisting or tainting bitcoin addresses is a very controversial topic among cryptocurrency proponents. Because of blockchain surveillance tools like White Rabbit, bitcoin transaction mixers and privacy-centric cryptocurrencies have increased in popularity over the years. However, Olivia Thet, the software engineer at Trustar, thinks the public should know who is coordinating these types of attacks.

“We’re fighting the wrong fight in trying to deanonymize the blockchain – we should be looking at the bigger picture instead,” said Thet. “Security analysts who are using Trustar are far more interested in how bitcoin wallet addresses are correlating with the other IOCs they’re tracking versus who is actually implementing the ransomware campaigns.”

The Collection of Bitcoin Seed Addresses Involved in Illegal Activities

Defcon demonstrations have always caught people’s attention when it comes to specific hacking tools. Last year at Defcon 2017 a group called Cryptotronix revealed a presentation to the audience that showed a few hardware wallet exploits. Cryptotronix had shown fault injection techniques, timing, and power analysis methods using the open source hardware tool the Chip Whisperer and the subject caused a big stir among crypto enthusiasts and hardware wallet manufacturers.

The White Rabbit creators say that the data science collected of “seed bitcoin addresses involved in illegal activities” can be used as a starting point for observers to create “dirty” address clusters reconstructed from the analysis. The White Rabbit demo will take place on August 9 at the Black Hat Arsenal, and then on August 11 at the Defcon Recon Village. Trustar’s Nicolas Kseib explains as ransomware and malicious cryptocurrency malware grows exponentially throughout our online lives, the security community needs to up their game.

“As the blockchain evolves and potentially plays a bigger in cyber-attacks, the security community will have to dramatically rethink the current concepts of tracking adversaries,” the lead data scientist at Trustar, Nicolas Kseib concludes.

What do you think about the White Rabbit tool? Let us know what you think about this tool in the comment section below.

Images via Shutterstock, Trustar, Blackhat, Defcon, and Pixabay.

Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi’s Pulse, another original and free service from Bitcoin.com.