Today we are very pleased to welcome guest blogger Lili Infante. He is the CEO of CAT Labs, a technology company that builds digital asset recovery and quantum-proof encryption tools to fight cryptocurrency crime. Lili previously spent 10 years at the U.S. Department of Justice as a DEA special agent and pioneered an early federal task force focused solely on cryptocurrency and dark web crimes. Lili has led numerous major crypto-related investigations, including the destruction of Hydra, the world's largest crypto-powered dark web criminal organization and money laundering platform.
We reached out to Lili because her work is fascinating and increasingly important. Law enforcement agencies, the U.S. Department of the Treasury, and other regulators are aware of vulnerabilities and potential gaps in the U.S. anti-money laundering (“AML”) and counter-terrorism financing (“CFT”) regulatory, supervisory, and enforcement regimes. is focused on. Regarding the use and abuse of cryptoassets and decentralized finance. Virtual assets can serve as vehicles for terrorist financing, fraud schemes, and state-sponsored cybercrime. Meanwhile, agencies such as the Financial Crimes Enforcement Network (FinCEN) are struggling to come up with potential regulatory solutions.
This blog post also takes the form of a Q&A session, with Lili answering questions posed by Money Laundering Watch about investigating crypto-related illegal activities and recovering digital assets. We hope you enjoy the discussion on this important topic. – Peter Hardy
First, let's set the table for everyone. What is your occupation?
I'm the CEO and founder of CAT Labs. CAT Labs is a technology startup that builds crypto recovery and cyber defense tools to fight crypto-related crimes and protect us from national security threats arising from the misuse of cryptocurrencies.
In a past life, I was a DEA special agent at the U.S. Department of Justice nearly a decade ago, and I founded an early federal task force dedicated to combating crimes using cryptocurrencies and the dark web. Shortly before I left the federal civil service, I was the lead attorney in the case that destroyed Hydra, the world's largest dark web marketplace, which accounted for approximately 80% of all crypto transactions on the dark web.
You worked for the government for many years, but now you run your own private company. In general, what are the differences in how you approach investigations then and now?
First, in government, I had subpoena and search warrant powers, which gave me a lot of different investigative techniques and ways to get leads on my targets. Additionally, as the case attorney, I was in charge of the entire case from start to finish. From collecting initial leads, to pitching and then collaborating with prosecutors, to managing confidential informants, to mobilizing different teams and agencies around the world. Please join my case. Case management also includes gathering information, preparing search warrants, issuing subpoenas, locating, tracing, and seizing assets, and ultimately securing indictments and arrest warrants. Finally, after years of hard work, I had the honor of handcuffing my target.
In the private sector, my work is aimed at addressing very specific pain points and bottlenecks that I and my colleagues have identified when investigating crimes using cryptocurrencies. Specifically, our team is currently working to help law enforcement and other law enforcement agencies discover, identify, and seize more digital assets from their targets by automating many manual investigative processes. is focused on. These manual investigation processes currently require significant time, technical knowledge and experience on the part of investigators, ultimately resulting in countless missed opportunities.
The increasingly widespread misuse of cryptocurrencies is seen as both a challenge and an opportunity to seize far more digital assets than ever before, and at CAT Labs, investigators is working to help leverage these opportunities in a scalable way.
Please talk a little about the role and impact of state-sponsored activity on the dark web.
Nation-states make extensive use of the dark web not only to evade financial sanctions, but also for additional purposes such as cyber espionage, organized cyber attacks, and trafficking in malware, spyware, and ransomware.
Nation-states can openly purchase zero-day attacks, ransomware, spyware, and malware as services on the dark web, and these cyberwar weapons can be stolen from companies and DeFi protocols, or used to launch cyberattacks against other countries' critical infrastructure. It will be used frequently to make adjustments. such as power grids and water systems. These attacks can be launched remotely and anonymously, making their origin extremely difficult to trace. Additionally, many hostile nations will use the dark web to recruit skilled hackers and provide them with employment to conduct cyberattacks on other countries.
They may also collect information by exploiting data breaches and harvesting personally identifiable information or usernames and passwords, which are often sold on dark web markets. This makes it possible to carry out cyberattacks on data breach victims and target their financial accounts, such as cryptocurrency exchanges and bank accounts.
What are the main challenges you and your colleagues currently face at work? If you ruled the world, how would some of these challenges be overcome or at least mitigated? Will it be done?
The main challenge we face when fighting crypto-based crimes is the scalability of knowledge and investigative techniques. As criminals and adversaries continue to evolve in their use of new technologies to influence crime and evade detection, I am committed to developing investigative techniques and tools to combat criminals. We shouldn't lag far behind them. This is what we do at CAT Labs.
As a technology startup building tools to help government agencies scale their investigations, the main challenges we face are (i) long procurement cycles; (ii) bureaucracy in government contracts; (iii) the significant and often insurmountable costs that must be incurred to obtain the necessary qualifications to work with the government; As a result, the barriers to entry are too high for small businesses to enter the market and compete with giant corporations with huge budgets and dedicated lobbying teams.
Many companies are abandoning public sector business models and focusing on commercially using their technology in the private sector, which ultimately comes at a great cost to governments. When it comes to innovation and developing cutting-edge technology, there's no substitute for a small team of dedicated and passionate engineers and scientists on a mission to solve known problems. Some of the most life-changing innovations were born at some point in someone's garage, or its equivalent by a handful of motivated geniuses with an idea and a dream.
If we could remove a lot of the red tape that comes with government contracting and bring the American startup culture into government, we'd have more young geniuses working on innovations that serve our country, rather than just another way to pay someone else. technology (fintech), or alternative ways of interacting with others online (social media).
We talked a lot about technology. What about the role of traditional human intelligence in investigations? What are the benefits and limitations?
No matter where technology goes, human intelligence will always be there. Many criminal organizations are extremely difficult to infiltrate unless someone on the inside provides insight into how the organization operates. However, the unique characteristics of dark web criminal enterprises, such as dark web drug markets, have caused us to rethink our investigative methods when leveraging human resources to gather information.
Traditional drug cartel investigations are typically hierarchical, with lower-level drug dealers leading agents up to the kingpin if they keep passing them around to Team America to get to the next boss in the organization. Can be done. On the dark web, in most cases, lower-level players in crime games do not know who their boss is in the real world. This is because everyone on the dark web uses fake names and rarely uses traceable communication devices. Identification by Law Enforcement. They rarely meet in person and often don't even know where their co-conspirators are in the world.
On the dark web, in most cases, lower-level players in crime games do not know who their boss is in the real world. This is because everyone on the dark web uses fake names and rarely uses traceable communication devices. Identification by Law Enforcement. They rarely meet in person and often don't even know where their co-conspirators are in the world.
You have previously commented publicly on the intersections and tensions between policy and everyday reality regarding digital assets. What does that mean and what do you think is important?
Like fitting a square peg into a round hole, the old approach of regulating traditional finance to prevent illegal activity has proven difficult to apply to the digital asset space. Imagine trying to enforce rules in a place where everyone is anonymous and there is no one in charge. That is the decentralized world of digital assets. Unlike traditional finance, digital currencies can travel around the world instantly, without the need for intermediaries, and with no restrictions on how much or where you can send money, or for what purpose. This makes it extremely difficult for a country to implement controls such as KYC/AML requirements to regulate illicit finance in cryptocurrencies.
Some of the prominent bills that have been proposed to regulate this space are written in ways that make the cryptocurrency industry unviable in the United States as a practical matter, or the underlying distributed ledger Either it was drafted without a proper understanding of the technology and its underpinnings. its technical limits. For example, designating cryptocurrency miners, node validators, and wallet providers as money services businesses (MSBs) and requiring them to comply with know-your-customer (KYC) regulations and maintain AML programs with corresponding reporting requirements is , is not technically viable for these companies. Contributor to the digital asset ecosystem. For example, validators and miners on a node are simply running code that validates transactions on a distributed ledger, but they also need to be compliant with who, why, when, and where crypto transactions are performed through the node. You can't know your customers because you have very little control. His AML/KYC requirements associated with MSB.
I believe the focus should be on regulating virtual asset service providers (VASPs) and holding them to the same requirements as other financial institutions. Most importantly, law enforcement and intelligence agencies must have the tools and training to properly and at scale investigate and detect how and when digital assets are used for illicit finance. about it. As long as we know where to look, what to look for, and what to do when we find it, the use of cryptocurrencies in illegal finance can bring us unique asset seizures. Opportunities must be taken advantage of.
Finally, an unfair question. Do you have any predictions for the future of digital asset research? Where will the progress be made and where will the obstacles remain?
Privacy pools, account abstraction, multi-party computing, and fully homomorphic encryption are some of the technologies currently in development that could make cryptocurrencies more private and secure, but law enforcement It may also be more difficult for agencies to track and seize it. We are always one step behind malicious actors seeking to exploit cryptocurrencies for illegal purposes.
That being said, it is extremely important to allow these emerging cryptographic technologies to be developed here in the United States. Because these technologies will ultimately help build quantum-proof cryptography and a more resilient ecosystem that can withstand post-quantum cyberattacks. Our job is not to kill technology, but to catch the bad guys who are exploiting it with criminal intent.
[View source.]
