The Russian intelligence officers accused of hacking in the Democratic National Committee and Hillary Clinton’s 2016 presidential campaign used bitcoin to finance their operations. The hackers used more than $95,000 to purchase computer servers, register website domains and pay for other “unspecified hacking activities”. They used some of their bitcoins to pay for the registration of dcleaks.com, a site ultimately used to post some of the hacked emails.
Since all bitcoin transactions are recorded on the blockchain, US investigators linked the transactions to the Russian government. The hackers purchased bitcoin and paid for services using bitcoin on some of the same computers that they used to conduct their hacking activity.
The bitcoin was acquired through mining, trading on exchanges, and purchased using prepaid cards.
The Russian intelligence officers attempted to obscure the money trail by moving the bitcoins through multiple wallets and exchanges.
Analysis: The use of cryptocurrencies by Russian intelligence officers (specifically the GRU) demonstrates their broad appeal to threat actors. While not completely anonymous, by layering multiple currencies and using different financial technologies, the money trail can be significant obscured. This example also highlights that all types of illicit activity require funding and have financing activities associated with them, including information operations.