Sanctions vs Bitcoin mining
Can’t use the US dollar? Try cryptocurrency insteadAlways listen to Archer memes
Sanctions are a powerful diplomacy tool for countries with abilities to effectively enforce. The US Department of Treasury’s Office of Foreign Assets Control is the brawn behind enforcing sanctions and maintains information about sanctioned persons, countries and related information. Each situation is different, OFAC posts guidelines for concerned citizens and businesses. However, the decentralized nature of cryptocurrencies complicates freezing transactions or disclosure requirements.
Using open source intelligence gathering with internet scanning and reporting tools Shodan.io with a paid account and Censys.io with a free researcher account. The tools enable the discovery of bitcoin mining operations in some sanctioned countries. Both Shodan.io and Censys.io are more effective if using an API connection; all results are returned in machine-readable format for more effective data analysis, building various correlation and detection. Censys.io a tool similar but different to Shodan.io can also be utilized to find Bitcoin and Etherium systems. However, Censys.io doesn’t scan as many ports using the web or API interface, to drill deeper you can run the ZMap project which is behind Censys.io on your own and adjust the ports. ZMap can be downloaded from GitHub.
Discovering bitcoin and similar cryptocurrency mining systems is accomplished by looking for the software which mines the coins and the ports which communicate mining activity. Common ports are 8333, 8433, 8778, 8885 and 9595, common software btcwire, Satoshi. Various mining software versions can also be discovered because the application displays the information in the banner. Some versions of cryptocurrency mining software are vulnerable to exploitation using a variety of tools like XAttacker. Additionally, some discovery tools like Shodan.io also tag the type of internet-connected system with cryptocurrency. To communicate what is being mined, which blocks, the Lastblock is included in the banner of mining systems. This can be utilized to directly trace transactions.Different versions of Satoshi mining software from Shodan.ioLastblock displaying from Shodan.io scan
Using Blockchain.com, hosted in Luxembourg, the transactions based on the Lastblock can easily be discovered.Iranian Bitcoin mining operation information from Blockchain.comEtherium in the HTTP body listing hte Lastblock fromCensys.io
Iran has been under a number of restrictions since around the mid 20th century. The United States and the Iranian government have been playing this cat and mouse game longer than most of us have been alive today.Various versions of Bitcoin mining systems in Iran from Shodan.ioOlder Iranian Bitcoin mining system connected to the internet via Shodan.io
Venezuela is a newly heavily sanctioned country which is currently running low on regular currency and per the western news media, out of everything else. However, with reports of little to no food, clean water and intermittent electricity. Bitcoin mining in the country persists.Multiple Bitcoin mining operations in Venezuela from Shodan.ioSatoshi banner search in Shodan.io for VenezuelaMining rig and a proxy from Shodan.io
Many countries are listed on the OFAC sanctions list, including persons of interest. It’s an ever-evolving process the US and other key governments will continue to leverage for a perceived good. On one side, the ubiquitous nature of cryptocurrency, sanctioning has become extremely difficult. However, to mine in pools and connect with transactions, the systems must be connected at least periodically to the internet. Tools like Shodan.io & Censys.io allow the internet to peel off any perceived anonymity.