EDITOR NOTE: An important foundational principle behind the creation of cryptocurrencies is the right to transactional privacy. Another closely related principle is the prevention of government overreach toward one’s financial assets. It’s as if developers from the earliest stages of crypto tech basically said “to heck with the Fed and the government; this new monetary system we’re creating is going to be 100% decentralized and not reliant on any bank or government.” So, crypto wallets, an important cornerstone of the market’s privacy principle, are exceedingly difficult to crack. But they’re not impossible to crack. And now that cryptocurrencies have been mainstreamed as a new asset class, the IRS Criminal Investigations Division is spearheading efforts to develop new tools and strategies to track and crack crypto wallets. We believe in the right to financial privacy. We just don’t believe that achieving it should be so cumbersome and technologically sophisticated. It’s much easier and more financially prudent to store non-trackable non-CUSIP gold and silver in a private depository. Monetary value is certain, and so are the means to prevent your assets from falling under the eyes and into the hands of a prying, intrusive, and coercive government.
The agency’s Digital Forensics Unit wants to “tame the cybersecurity research into measured, repeatable, consistent digital forensics processes.”
As more people across the globe get into trading and purchasing goods using cryptocurrencies—even the federal government—the IRS’s Criminal Investigations division wants “reliable” tools and processes for cracking crypto wallets.
Cryptocurrencies are digital assets with set or fluctuating market rates that can be traded for real currency. The rise of cryptocurrencies coincided with the invention of the distributed ledger—also known as blockchain—which allows for transparency in accounting while maintaining a user’s anonymity.
For an added layer of security, some cryptocurrency traders use crypto wallets, which keep the private keys needed to access the cryptocurrency separate from the broker making the transaction.
These wallets can take the form of a segmented app with an extra layer of security or a separate piece of hardware—like a thumb drive—that stores the private keys offline until needed.
For the IRS Criminal Division’s Digital Forensics Unit, crypto wallets seized as part of investigations have been tough to crack.
“Though a few known cyber penetration testers have published vulnerabilities on specific devices, the process of decrypting the hardware devices to gain access to the wallets has been challenging,” according to a request for information posted to SAM.gov.
While the Digital Forensics Unit is interested in purchasing tools capable of cracking crypto wallets, the IRS also wants to help “mature the process” to “obtain reliable results.”
“The explicit outcome of this requirement is to tame the cybersecurity research into measured, repeatable, consistent digital forensics processes that can be trained and followed in a digital forensics’ laboratory,” contracting officials wrote.
The tools and processes should be usable for any crypto wallet on the market, including software and hardware models. The RFI drives this home by requiring the ability to analyze software and firmware, reverse engineer hardware and “deconstruction of printed circuit boards and integrated circuit packages.”
Specifically, the contract will look to:
- Validate cybersecurity research in cryptographic wallets exploitation.
- Identify new methods to gain access to cryptographic wallets.
- Identify successful cryptographic models for exploits.
- Document the processes, hardware and skill sets needed for reproduction in an advanced digital forensic laboratory.
- Create hands-on training for the identified techniques in support of IRS-CI Digital Forensics Laboratory.
The RFI seeks to garner industry feedback on the market, small and disadvantaged business set-asides and existing contract vehicles, like governmentwide acquisition contracts and the General Services Administration schedules.
Original post from NextGov