петров не хакер, а убийца. не та тема.Нагнетают
Срочно нужен комментарий Захаровой или Пескова.
Расследование Мюллера: американец, продававший банковские счета российским троллям, сел на полгода
Владимир Козловский Для Би-би-си, Нью-Йорк
Вашингтонский федеральный суд приговорил 28-летнего калифорнийца Ричарда Пинедо к шести месяцам тюрьмы и шести месяцам домашнего ареста за мошенничество с личными данными. Пинедо торговал в сети номерами банковских счетов, часть которых была куплена российскими интернет-троллями, обвиненными спецпрокурором Робертом Миллером во вмешательстве в американские выборы 2016 года.
Когда Пинедо затеял в 2014 году этот промысел, он продавал номера собственных счетов, открытых им в разных американских банках. Со временем открывать счета на свое имя делалось все сложнее, и Пинедо нашел в интернете продавцов, у которых он начал приобретать номера банковских счетов и перепродавать их с небольшой наценкой.
По выкладкам обвинения, в общей сложности Пинедо заработал таким образом за три с половиной года от 40 до 95 тысяч долларов.
Покупатели пользовались его услугами в основном для того, чтобы пройти проверку, которую устраивает своим новым клиентам платежная система PayPal. Новый клиент должен предоставить номер своего банковского счета, на который PayPal затем кладет для проверки какую-то микроскопическую сумму и просит клиента сообщить ее точный размер, подтверждая таким образом, что он законный владелец этого счета, имеющий к нему полный доступ.
Пинедо продавал анонимным покупателям номера счетов, а затем сообщал им, какая на них была депонирована проверочная сумма, чтобы они могли правильно назвать ее PayPal.
Он родился и вырос в захолустном калифорнийском городке Санта-Пола, где мать его работала в супермаркете Kmart, а отец сначала служил в Национальной гвардии, а потом стал бухгалтером.
Мальчик увлекся видеоиграми, заинтересовался компьютерами и выучился программированию в местном колледже. Он начал зарабатывать продажей вещей на сетевом аукционе еВау, а потом стал за небольшое вознаграждение помогать знакомым делать то же самое. В один прекрасный день аукцион временно отстранил Пинедо от торгов, заявил суду его адвокат Джереми Лессем.
Пинедо опротестовал эту репрессалию, а между тем нашел себе новое применение. Он открыл компанию Auction Essistance и стал торговать номерами банковских счетов, закрывая при этом глаза на то, что покупатели могут воспользоваться ими в незаконных целях.
Дознаватели спецпрокурора Мюллера, подбиравшиеся к российским троллям из петербургского "Агентства интернет-исследований", вышли на Пинедо в декабре прошлого года и явились к нему с обыском.
Как подчеркивает его адвокат, в отличие от других лиц, допрошенных в связи с "Рашагейтом", Пинедо с самого начала честно отвечал на все вопросы следователей, официально признал в феврале вину, подписал соглашение о сотрудничестве и добровольно летал в Вашингтон, чтобы дать показания в большом жюри, созванном Мюллером.
Прокуроры писали судье в сентябре, что Пинедо действительно оказал следствию "значительное содействие", то есть произнесли волшебные слова, которые сигнализируют, что приговариваемый заслуживает снисхождения.
Они, тем не менее, не указали конкретно, какой приговор они рекомендуют, и лишь отметили, что федеральное уложение о наказаниях предусматривает срок от года до полутора лет.
Защитник Лессем, со своей стороны, призывал вынести приговор, не связанный с лишением свободы.
Лессем подчеркивал в сентябрьском письме судье, что его подзащитный знал лишь номера счетов, которые он перепродавал, а не имена и другие реквизиты их владельцев.
"Пинедо никогда не рассматривал себя как вора, - продолжал защитник, - и он не планировал ничего украсть. Никто никогда не украл с этих счетов ни доллара..."
По версии защиты, Пинедо пребывал в иллюзии, что он просто помогает людям, которые стремятся заработать на жизнь на еВау, но не могут получить туда доступ из-за запутанных правил, установленных на этом и других сетевых аукционах.
Как отмечает сайт Vox, Пинедо, видимо, является наименее значимым из 32 человек, привлеченных на данный момент Мюллером. Он не имел никакого касательства ни к Дональду Трампу, ни к кому-то из его приближенных. Пинедо просто сбыл часть своего товара россиянам, работавшим на "фабрике троллей", которую связывают с российским бизнесменом Евгением Пригожиным.
Несмотря на то, что он имел весьма периферийное отношение к "Рашагейту", Пинедо схлопотал гораздо более строгое наказание, чем двое других фигурантов, замешанных в этом скандале.
Третьестепенный советник Трампа по внешней политике Джордж Пападопулос получил 14 дней тюрьмы, а голландский юрист Алекс ван дер Зваан - 30 дней. Оба признались во лжи на допросе.
Хакеры получили данные около 30 тысяч сотрудников Министерства обороны США, но только тот сегмент, что касается поездок.
«Пентагон в пятницу заявил о кибернетическом взломе командировочной документации Министерства обороны, что привело к утечке персональных и кредитных данных военного и гражданского персонала», - сообщает New York Times.
Пока известно, что взлом мог затронуть информацию о 30 тысячах сотрудниках, но в ходе дальнейшего расследования это число может увеличиться. Также пока не ясна дата проникновения в систему, сообщает только, что отдел кибербезопасности передал эту информацию начальству 4 октября.
Подчеркивается, что в ходе утечки данных секретная военная информация не была скомпрометирована. «Важно понимать, что это был провал одного коммерческого поставщика, который предоставлял услуги очень маленькому проценту от общей численности сотрудников»,- сказал представитель Пентагона подполковник Джозеф Бучино.
Как войны XX века редко начинались без артиллерийской подготовки, так и конфликтам века XXI зачастую предшествует подготовка информационная. Свидетельство тому - тщетные пока попытки России принудительно интегрировать Беларусь не то в свой состав в виде шести областей, не то в некое мифическое "союзное государство", создаваемое, разумеется, по правилам Москвы. В последние недели белорусов начали к этому активно готовить, пытаясь сформировать у них через социальные сети активную пророссийскую позицию. На это не жалеют даже многомиллионных денежных вливаний...
US and Russia Spar Over Accused Crypto-Launderer
A clash between Russia and the US over the fate of a fallen cryptocurrency king has escalated to the Kremlin, where President Vladimir Putin raised the matter directly with Greek Prime Minister Alexis Tsipras.
At issue is who will prosecute Alexander Vinnik, a Russian citizen accused of helping launder at least US$ 4 billion through one of the world’s largest bitcoin exchanges.
Vinnik’s odyssey through the US, Russian, Greek, and French legal systems began in sunny Chalkidiki, Greece, in July 2017. His annual family vacation there slammed to a halt with his arrest at the hands of some 20 plainclothes police officers.
Vinnik, then 37, was known in the murky world of Moscow digital currency exchangers as “Sasha WME.” According to a 21-count US indictment unsealed by the Northern District of California the day after his arrest, he was an online money launderer and the brains behind the now-defunct cryptocurrency exchange known as BTC-e, once one of the world’s largest.
Vinnik was apprehended on the beach of the Avaton Luxury Villas Resort hotel, where the most extravagant suite runs more than $1,000 a night. Police seized five mobile phones, four credit cards, two laptops, two tablets, a 256-gigabyte thumb drive, and a router. He had apparently kept up with the office even on vacation.
And it was a busy office. US prosecutors estimate Vinnik helped launder between $4 billion and $9 billion in bitcoin tied to cybercrime, drug trafficking, public corruption, and tax refund fraud schemes.
The Russian cyber-espionage group known as Fancy Bear was among BTC-e’s clients, according to the blockchain forensics company Elliptic, and US prosecutors allege Fancy Bear in turn used bitcoin to fund hacking the Democratic National Committee. US prosecutors have alleged in 2018 that Fancy Bear is actually part of the GRU, the acronym for Russian military intelligence, while other security firms and experts speculate the group works in cooperation with the GRU.
According to media reports, BTC-e processed $66 million worth of anonymous transactions every day at its peak in June 2017. In Vinnik’s indictment, the exchange is described as “one of the primary ways by which cybercriminals around the world transferred, laundered and stored the criminal proceeds of their illegal activities.”
Vinnik, who according to Russian media reports was recently hospitalized after going on a hunger strike, could spend 55 years behind bars if convicted of all the US charges against him.
No sooner was Vinnik detained on the American arrest order than Russia filed its own extradition request on separate and dubious petty-theft charges in the amount of $11,000 – a veritable jaywalking citation in comparison. The Russian request may have been an attempt to keep Vinnik from falling into US hands.
Sitting in Diavata Judicial Prison outside Thessaloniki, Vinnik was now caught between the US and Russia in a legal battle over who should prosecute him.
This struggle, waged over the past year, has revealed the extent to which the digital underworld has come to rely on cryptocurrencies. A new breed of financial criminal has adopted the blockchain — the distributed ledger that powers bitcoin — to conceal illicit assets from authorities.
Governments, including the US, are concerned that cryptocurrencies can undermine anti-money-laundering and sanctions-enforcement regimes. Drug trafficking organizations operating as far apart as Colombia and China, and even blacklisted nations such as North Korea, Venezuela, and Iran, have made headlines for their clandestine crypto maneuvers.
For the US, which wields significant power in the global banking system, the BTC-e case is a sobering example of how its foreign adversaries can use crypto to subvert cross-border financial surveillance.
Meanwhile, Moscow has fought strenuously to block Vinnik’s extradition to the United States.
One force driving the standoff might be BTC-e’s links to Fancy Bear. According to a July 2018 indictment by US Special Prosecutor Robert Mueller, the 12 Fancy Bear-associated suspects financed their hacking operations by laundering more than $95,000 worth of bitcoin. And, in a joint investigation with the BBC, researchers from Elliptic discovered that Fancy Bear controlled a wallet “worth around $100,000.” Elliptic traced the source of some of the funds in that wallet to the BTC-e exchange.
BTC-e’s alleged association with Fancy Bear raises the question of whether Vinnik may have material knowledge of Russian involvement in US election interference, which would make him a huge intelligence prize.
Former federal prosecutor David Hickton, who reorganized the US Attorney’s Office in Pittsburgh to create a dedicated national security and cyber division, said US law enforcement usually presumes that elite Russian cybercriminals are backed by state security forces. While no Russian official has publicly gone to bat for Vinnik, Igor Ashmanov, one of the country’s most powerful and politically connected tech tycoons, wrote an April op-ed for RIA Novosti in which he urged the Russian government to help Vinnik.
He argued that Vinnik is “a carrier of completely unique theoretical and practical knowledge in the most advanced areas of information technology” and that his expertise is “vital for those technological breakthroughs that the leadership of the country speaks about.” He framed Vinnik’s arrest as an American seizure of a “strategic intellectual resource.”
At the request of US officials, other Russian cybercriminals have been detained or extradited from Cyprus, the Netherlands, the Maldives, Canada, Latvia, the Czech Republic, Spain, Thailand, and Georgia. At least eight suspects were targeted in 2017 alone, including Vinnik. But apart from his case, there have been only six instances over the past 10 years in which Russian officials have submitted competing extradition claims.
According to convicted Russian cybercriminal and online payment entrepreneur Pavel Vrublevsky, Moscow’s tactic is to file “fake” and significantly lighter charges against certain Russian hacking suspects when they are detained on foreign soil. Having served separate six- and nine-month stints in Russian jails and penal colonies for what he says were trumped-up cybercrime and witness-intimidation offenses, Vrublevsky knows how the Russian criminal justice system works.
He previously exposed elite Federal Security Service (FSB) cyber-operatives and Kaspersky Lab officials as double agents for US intelligence, leading to their arrests in Russian for treason in December 2016.
While he doesn’t know Vinnik personally, Vrublevsky says Sasha WME was well-known in the Moscow underworld as a reliable crypto broker for credit card thieves and high-risk merchants in online pornography, gambling, and pharmaceutical sales. He added that Moscow doesn’t go to such lengths to protect just any hacker.
The US went after Vinnik on the grounds that BTC-e was an unlicensed “money service business,” such as a currency exchanger or check casher, which had customers and operations in the country, making it subject to US laws. Vinnik’s Russian defense lawyer, Timofey Musatov, disputes that interpretation.
“BTC-e is just a website that allows people to use new technology and digital currency, which only recently became exchangeable for fiat [physical] money,” Musatov said. “You call it an ‘exchange,’ but it’s not a financial exchange similar to stock or currency exchanges. It’s simply a platform.”
The indictment against Vinnik is flawed, Musatov said, because it relies in part on statements by two discredited US agents who bought bitcoin on the website and alleged that their backgrounds had not been properly checked.
The men are former Drug Enforcement Administration agent Carl Mark Force and ex-Secret Service agent Shaun Bridges, who were convicted of funneling cryptocurrency stolen from the 2013 Silk Road dark web drug-trafficking probe into BTC-e.
In December 2017, Greece’s Supreme Court ruled that Vinnik should be extradited to the US, but his legal ordeal only got more complicated. Although he applied for political asylum in Greece in January, four months later he submitted a written confession to Russian authorities admitting to cyberfraud and money laundering on a large scale through the BTC-e exchange.
In June, Russia filed a new set of charges based on that confession, accusing him of computer fraud that bilked Russians out of $12.4 million. The new charges carry a sentence of up to 10 years and enabled Moscow to file a second extradition request.
Then France submitted a competing request, accusing Vinnik of defrauding French citizens and continuing to operate BTC-e even after being jailed in Greece. In July, Vinnik was shuffled back and forth between Thessaloniki and Athens, where courts issued conflicting decisions: The Thessaloniki authority ordered him extradited to France while the supreme court in Athens ruled in Russia’s favor.
Because France is a European Union member, extraditing Vinnik there doesn’t require approval by the Greek justice minister. The accused’s lawyer says the US orchestrated the French request to bypass the minister and ultimately get Vinnik transferred to the United States.
“The US monetary system controls the world’s financial environment,” Musatov said. “The appearance of any new ideas to tackle that control scares and worries the current controllers as a threat to their dominance. As such, the creators of such technologies are being thrown on the pyre of inquisition.”
Vinnik was born in the provincial Russian town of Kurgan in the late 1970s, according to his testimony in the Thessaloniki court, during which he frequently invoked his devout Orthodox Christian faith. His father was a carpenter, his mother a cook. He grew up assembling radios and learning to program on a rented ZX Spectrum home computer.
Vinnik’s first wife, Natalya Molokova, told Russia’s RBC media conglomerate that the budding tech entrepreneur moved to Moscow with his mother in the early 2000s. He pursued internet ventures there before pivoting to a more lucrative business model: servicing online payments.
The RBC investigation linked Vinnik’s former email address to Wm-Exchanger.com, a now-defunct website registered in 2004, which allowed people to convert rubles and E-Gold, the first widely adopted electronic currency, into WebMoney, another digital currency then popular in Russia.
Earning a commission for every transfer, Vinnik’s Wm-Exchanger business grew. He marketed his skills in online forums under the username WME (for WebMoney Exchanger). In 2006, he went to work for WMExpress, a company that helped clients exchange digital and physical currencies. For almost three years, he worked for its owner, Andrey Klimov.
Klimov told RBC that Vinnik’s Wm-Exchanger became increasingly sought-after because Vinnik was one of just five or six online currency brokers in Russia that had offshore bank accounts at that time. Foreign exchange traders and internet professionals were the first to use digital currency exchange services, but were soon joined by cybercriminals and credit card scammers.
In 2009, the emergence of bitcoin opened Vinnik’s eyes to a new opportunity.
Posting on the cryptocurrency forum bitcointalk in October 2011, Vinnik wrote under his WME handle: “I’ve been doing exchanges for more than 10 years. Now, I’ve started working with bitcoins. I can exchange them for anything. I give priority to cash in Moscow.”
How BTC-e Worked
The BTC-e website was initially registered in Crimea in June 2011. The crypto exchange platform went live the following month with “no meaningful anti-money laundering processes in place,” according to the US Justice Department. All that was needed to create a BTC-e account was a username and an email address. The US indictment alleges that BTC-e deliberately avoided creating a paper trail by declining to collect any bank transaction data from its customers.
One popular method of funding BTC-e accounts involved a company called Mayzus Financial Services. Another used so-called BTC-e codes.
In the first case, users looking to buy crypto with regular money would transfer funds from their bank accounts through one of two companies run by Mayzus Financial Services. Sergey Mayzus, its owner, said his businesses handled about $100 million for BTC-e between 2011 and 2017.
From there, the funds went into the bank accounts of two companies (one offshore and one in the UK) that prosecutors allege Vinnik controlled: Canton Business Corp. and Always Efficient.
The second method of funding a BTC-e account, BTC-e codes, allowed users to anonymously exchange cash for crypto (or vice versa) without posting transaction records to the blockchain. In a cash-for-crypto exchange, a customer could show up in person to a WebMoney exchange office with a duffel bag of cash and buy a code, which essentially worked like a prepaid gift card.
The code holder could punch that code into the BTC-e website and have their BTC-e account merge with another containing the bitcoin equivalent of the cash they had deposited. This process allowed the user to avoid creating any record of the transfer on the blockchain. Brokers like Vinnik charged a commission for the service.
The codes also worked in the reverse order. Bitcoin owners — including those who obtained the currency illegally — could transfer it into a BTC-e account, obtain a code, and sell it for cash to a third party.
The seeds of BTC-e’s demise can be traced to the collapse of a cryptocurrency exchange in Japan known as MtGox. In 2014, some $500 million worth of bitcoins were stolen from the company’s investors, and one of them, a Tokyo-based programmer named Kim Nilsson, set out to track down his losses.
Nilsson and the other defrauded MtGox customers formed a bitcoin investigation group called WizSec, and discovered that in the fall of 2011, an attacker had gained access to private encryption keys for several MtGox online wallets.
For the next three years, the thief or thieves siphoned funds from them into a different group of bitcoin virtual wallets. Nilsson found that many of the stolen tokens were transferred to virtual wallets that Vinnik controlled.
WizSec fingered Vinnik as a key intermediary in laundering stolen bitcoins because some of the stolen funds were deposited back into MtGox accounts Vinnik used between 2011 and 2014. Nilsson also found a bitcointalk forum thread where Vinnik posted as WME (his online handle) and revealed his real name.
“He wasn’t even trying to hide,” Nilsson said.
Nilsson soon brought Vinnik to the attention of a criminal investigator with the US Internal Revenue Service.
The Feds Move In
In May 2016, the FBI began surveilling Vinnik when he logged into a WebMoney account from a luxury hotel in Abu Dhabi, according to Greek media.
Investigators traced 17 transfers of stolen MtGox funds to Trade Hill, a now-defunct cryptocurrency exchange in San Francisco, and then back to an account Vinnik controlled. Authorities also allege that Vinnik was the real owner of bank accounts belonging to Canton Business, the company that managed BTC-e.
The day Vinnik was arrested in 2017, BTC-e users reported website outages. The exchange responded on Twitter, saying that it was undergoing “unplanned maintenance.” Six days later on bitcointalk, the company assured customers they would receive full refunds and declared that “Alexander Vinnik never was the head or [an] employee of the BTC-e service.”
Management moved fast to salvage what it could. Within three weeks, BTC-e announced it was negotiating its sale to an investment company. In August 2017, new managers relaunched BTC-e in Singapore as World Exchange Services, or WEX, under the ownership of Dmitri Vasiliev, a Belarusian card player. (Vasiliev also testified in Vinnik’s defense at an October 2017 extradition hearing in Thessaloniki.)
Though BTC-e initially promised customers that every penny of their investments would be returned, the terms of the company’s sale stipulated that new management would only reimburse 55 percent.
WEX blamed Mayzus — the man whose companies had helped BTC-e customers buy crypto — for the shortfall. The allegation sparked angry online attacks and even threats on his life, Mayzus said in an interview, and in fall 2017 he sued Vinnik and 17 related legal entities for 200 million euros (about $232 million) in Cyprus, alleging fraud and reputational damage.
Vinnik denied any connection to the companies Mayzus named, according to a 2017 interview with RIA. Mayzus dropped the case in November.
WEX, the exchange that emerged from BTC-e’s ashes, has since changed ownership, with Vasiliev selling his stake for an undisclosed amount to the family of Dmitry Khavchenko, a former pro-Russia militiaman who fought in the Donbass region of Ukraine following the 2014 annexation of Crimea. Khavchenko’s daughter, Daria, is now WEX’s registered owner.
In December, Greece’s supreme court upheld a Thessaloniki judicial panel ruling that Vinnik should be extradited to France. On Jan. 15, the Russian state publication RT ran a photograph of him looking emaciated after what it described as 50 days on a hunger strike. The report quotes Vinnik theorizing that the Russian state is paying his legal bills and saying that he hopes ultimately to return home.
The two companies that received customer funds on behalf of BTC-e, Canton Business and Always Efficient, also helped it do business in other ways. Canton acted as BTC-e’s managing company and Always Efficient was listed as its website operator.
According to the indictment, Canton Business was registered in the Seychelles, though it used a Russian phone number. Always Efficient was registered in the United Kingdom.
One court witness said in an interview that the directors of both companies were front men appointed by Vinnik. One of them, Alexander Buyanov, once listed as the director of Always Efficient, is a Moscow disc jockey who said he had no knowledge of the company. The other, Stanislav Golovanov, owned a Moscow apartment where Vinnik and his mother were once registered.
Tracking Illicit Transactions With Blockchain: A Guide, Featuring Mueller
February 1, 2019
By Brenna Smith
In recent years, cryptocurrencies such as Bitcoin have been used by terrorists to conduct funding campaigns, authoritarian governments to subvert its citizens’ human rights, and GRU agents to hack the Democratic National Committee as well as the Clinton campaign.
Though many people utilize virtual currencies for legitimate purposes, the technology is an enticing tool for bad actors as it can be used to help circumvent sanctions and financial regulations as well as shield one’s identity when conducting transactions.
Thankfully, such bad actors are not entirely anonymous, and here’s why:
The blockchain, an open-source investigator’s dream, cuts down on anonymity with regard to cryptocurrency use. The blockchain is a decentralized public ledger that contains every transaction ever made for a particular cryptocurrency. And while privacy coins and tumbler services complicate this matter, as a general rule, Bitcoin still dominates mainstream usage and its transactions can be traced.
In this article, I wish to provide a framework for OSINT investigators to track down transactions on the blockchain provided they have a particular address they want to look into or the date and amount of a transaction.
What You’ll Need & What You’ll Do
To follow along with this tutorial, the only tool you’ll need is a blockchain explorer. I prefer Blockchain.com’s Bitcoin Block Explorer.
To start, let’s look at an example using the Mueller indictment of 12 Russian GRU agents from July 2018. If you look at page 22, you can see that on roughly February 1, 2016, exactly 0.026043 BTC were sent to an unknown address. This is enough information for us to find this exact transaction and perhaps discover more about what the GRU agents were purchasing and where they were purchasing it.
First, let’s try to find transactions that occurred on February 1, 2016. To do this, we’ll need to break out our block explorer and input various block heights into a Bitcoin block explorer.
Keep in mind that hundreds of millions of Bitcoin transactions have occurred since its conception in 2009 and that individual blocks can contain multiple transactions. So, finding a specific day’s transactions can be a bit of a guessing game at first.
I usually try to start with high numbers when doing this type of work. For example, below is a screenshot of the 100,000th block on the BTC blockchain. This block was built on December 29, 2010 at 11:57:43. From there, we know we can probably up the block height significantly in order to get to transactions from 2016.
In the interest of saving time, let’s say we keep on guessing block heights and try 400,000th which gets us to February 25, 2016. We now know we need to decrease the block height slightly more. Keep on inputting different block heights until you get to the first block made on February 1, 2016, which is block 396049.
See video 1.
Now that we are on the first block of February 1, 2016, we need to go through all of the transactions for the entire day until we find transactions that match-up with 0.026043 BTC.
To do this, click the hash portion of block 396049 then Ctrl-F to see if any of the transactions on that block match up with 0.026043 BTC . If no transactions match up with that amount, go to the next block and check for the amount in that block. As you do this, document which transactions correspond to 0.026043 at all as there could be multiple “exact” amounts of Bitcoin sent.
See video 2.
As you keep on searching for related transactions, do not be alarmed when you reach block 396103. As you scroll to click on the next block, you may notice two options. This simply happens when two blocks are produced at similar times, producing an orphaned block. For this exercise, just click the first block link to continue. There is no need to go into further detail.
Keep on checking each block for the amount until you have gotten to the first block of February 2, 2016. This may take awhile as there are many blocks made every hour.
Eventually, you’ll have flagged two blocks from that day that have roughly the amount 0.026043 — block 396060 and block 396123. As you can see in the videos below, block 396123 has a transaction with exactly 0.026043 BTC, whereas block 396060 had a transaction for the amount of 0.02604322.
See video 3.
See video 4.
Looking further into the transaction from block 396123, at 11:13:42, 1LQv8aKtQoiY5M5zkaG8RWL7LMwNzVaVqR sent two different amounts of BTC to two addresses — 0.026043 BTC to 1NZ4MSeYcDKFiPRt8h7VK6XMhShwzhCzCp and 4.54325747 BTC to 1AK79g9gpvZ8jn2C9MsWQpijMFA5JaTdqP (click to enlarge below image):
Since 1LQv8aKtQoiY5M5zkaG8RWL7LMwNzVaVqR sent the exact amount to 1NZ4MSeYcDKFiPRt8h7VK6XMhShwzhCzCp, I think that this address is more likely to be connected to the Russian hackers than the other transaction in block 396060.
To verify that this is the transaction referred to in the Mueller indictment, I repeated these same steps for January 31 and February 2 to make sure no other transactions resulted in the transfer of exactly 0.026043 BTC. As no others did, I feel very confident that the address 1LQv8aKtQoiY5M5zkaG8RWL7LMwNzVaVqR was used by the GRU agents in 2016.
Now that we’ve walked through the steps needed to track down a Bitcoin addresses using a Bitcoin block explorer, let’s see if you all can replicate these steps to find another address associated with GRU agents from Mueller’s second indictment.