Purpose: The purpose of this paper is to highlight the intelligence and investigatory challenges experienced by law enforcement agencies in discovering the identity of illicit Bitcoin users and the transactions that they perform. This paper proposes solutions to assist law enforcement agencies in piecing together the disparate and complex technical, behavioural and criminological elements that make up cybercriminal offending.
Design/methodology/approach: A literature review was conducted to highlight the main law enforcement challenges and discussions and examine current discourse in the areas of anonymity and attribution. The paper also looked at other research and projects that aim to identify illicit transactions involving cryptocurrencies and the darknet.
Findings: An optimal solution would be one which has a predictive capability and a machine learning architecture which automatically collects and analyses data from the Bitcoin blockchain and other external data sources and applies search criteria matching, indexing and clustering to identify suspicious behaviours. The implementation of a machine learning architecture would help improve results over time and would be less manpower intensive. Cyber investigators would also receive intelligence in a format and language that they understand and it would allow for intelligence-led and predictive policing rather than reactive policing. The optimal solution would be one which allows for intelligence-led, predictive policing and enables and encourages information sharing between multiple stakeholders from the law enforcement, financial intelligence units, cyber security organisations and fintech industry. This would enable the creation of red flags and behaviour models and the provision of up-to-date intelligence on the threat landscape to form a viable intelligence product for law enforcement agencies so that they can more easily get to the who, what, when and where.
Originality/value: The development of a functional software architecture that, in theory, could be used to detected suspicious illicit transactions on the Bitcoin network.
- Bitcoin blockchain
- Illicit transactions
- Law enforcement
- Red flag indicators