CSO Perspectives (Pro) 5.6.24
Ep 5569 | 5.6.24

Bonus Episode: 2024 Cybersecurity Canon Hall of Fame inductee: Tracers in the Dark by Andy Greenberg.


Rick Howard: You're listening to the 2012 song, "Hall of Fame" by The Script and will.i.am which means it's that time of year again. The Cybersecurity Canon Committee has announced the Hall of Fame inductees for the 2024 season to coincide with the RSA Conference -- and I got to interview the winning author. As you all know, N2K and the leaders of the Cybersecurity Canon Project team up each year to highlight this valuable and free resource for the entire InfoSec community to find the absolute must-read books for the cybersecurity professional. And the next book we're going to talk about, the next inductee into the Canon Hall of Fame this year, is Tracers in the Dark by Andy Greenberg. So -- hold on to your butts.

Samuel L. Jackson as John "Ray" Arnold: Hold on to your butts! [SOUNDBITE OF MOVIE, "JURASSIC PARK"]

Rick Howard: This is going to be fun. My name is Rick Howard and I'm broadcasting from the Cyberwire's alternate secret sanctum sanctorum studios located underwater somewhere along the San Francisco/Oakland Bay Bridge in the good old U.S. of A. And the interns can't be more ecstatic for this change of venue. Hey! Hey! Settle down back there. This is only temporary.

Interns: Aww!

Rick Howard: You don't want to give 'em too much hope. And, by the way, you're listening to CSO Perspectives, my podcast about the ideas, strategies, and technologies that senior security executives wrestle with on a daily basis. Before we get started, I have several events that I'm doing at the RSA Conference. If you're attending, I would love for you to come by and say hello. First, members of the Cybersecurity Canon Committee will be in the booth outside the RSA Conference bookstore to help anybody interested in the Canon's Hall of Fame and candidate books. If you're looking for recommendations, we have some ideas for you. It's on Monday, Tuesday, and Wednesday at the RSA Conference bookstore at 2 p.m. Next, I'm hosting a small group discussion -- RSA calls them "Birds of a Feather Discussions" -- titled "Cyber Fables: Debating the Realities Behind Popular Security Myths." The idea came from the Hall of Fame book we're talking about today, Cybersecurity Myths and Misconceptions. If you want to mix it up with a bunch of smart people on this topic, this is the event for you. RSA hasn't picked a location yet, but the session is on May 7th from 9:40 a.m. to 10:30 a.m. Next, I'm doing a book signing. I published my First Principles book at last year's RSA Conference. If you're looking to get your copy signed or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you. It's at the RSA Conference Bookstore on May 8th from 2 to 3 p.m. I'm also hosting a Cyware-sponsored panel on the latest developments in SOC fusion, and Cyware is paying for breakfast, so how can you turn down a free meal? It's at the Billiard Room at the Metreon on May 8th from 8:30 to 11 a.m. And, finally, Simone Petrella and I have been talking about "Moneyball" for workforce development since the last RSA Conference. For those of you that don't know, Simone is the N2K President and I love this "Moneyball" idea. Come see us at Moscone South on the esplanade level on May 9th from 9:40 to 10:30 a.m. So, with all those announcements out of the way, it's time to talk about the book.

Tim Allen as Tim Taylor: Oh, yeah. Ha, ha, ha! [SOUNDBITE OF TV SHOW, "HOME IMPROVEMENT"]

Rick Howard: Andy Greenberg is a longtime tech and security writer and has been working as a journalist for Wired magazine since 2014. He's also the author of three books: one a New York Times bestseller in 2012 called This Machine Kills Secrets about WikiLeaks; a second in 2019, a Cybersecurity Canon Hall of Fame book called Sandworm about the Russian cyber attacks against Ukraine from 2014 to 2017; and now a third book published in 2022 called Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. And, by the way, this is his second book inducted into the Cybersecurity Canon Hall of Fame, which puts him in the same rarified author area as Bruce Schneider, Neal Stephenson, and the writing team of Richard Clark and Robert Knake. I talked to Andy at the end of 2022, right after he published his book.

Andy Greenberg: Thank you so much for that, Rick. I really appreciate -- well, I appreciated your review of Sandworm, and I'm really glad to be talking about this new one.

Rick Howard: I want to congratulate you on this book. I just finished reading it and I have to say it's the best cybercrime book I've read in over five years -- easily. I would place it on the same shelf with two other Cybersecurity Canon Hall of Fame books on cybercrime: Future Crimes by Marc Goodman, and Kingpin by Kevin Poulsen back in 2011. Can you give the audience a summary of what the book is about?

Andy Greenberg: It's about, essentially, the advent of cryptocurrency tracing as a law enforcement investigative technique. I mean -- people forget this, but a little over a decade ago when bitcoin kind of first came into the limelight, people believed -- including even, I would say to some degree, Satoshi Nakamoto himself or herself, believed that bitcoin could be used anonymously, that it might be this kind of digital cash for the internet, that you could put, like, a briefcase full of unmarked bills into a package and send it across the internet, essentially, without revealing your identity.

Rick Howard: As Andy said, we're not sure who Satoshi Nakamoto is. He or she published the seminal paper called "Bitcoin: A Peer-to-Peer Electronic Cash System" in October of 2008, essentially the beginning of bitcoin as arguably the first viable cryptocurrency. Nakamoto has never appeared in public, and the last time anybody has heard from him or her was in April 2011 via email. As far as anybody can tell, Satoshi Nakamoto is a pseudonym. It may represent one person or a collective. In 2014, Newsweek wrongly pointed to a 64-year-old Japanese American named Dorian Prentice. Researchers from Aston University attribute the author to be Nick Szabo, based on writing style comparisons -- something called "stylometry" -- from the original paper and Szabo's public writing. Nakamoto gives credit to Szabo in the original paper for a precursor cryptocurrency called "BitGold." Whomever the Nakamoto collective is, they're worth about $8.8 billion because of all the bitcoins in their possession. It seems so crazy To me that a system that rides on the blockchain, which is supposed to be transparent -- that we would think that it would be anonymous. So how do we rectify those two ends of the equation there?

Andy Greenberg: Well, we can get into, like, how cryptocurrency tracing works which is such a -- a big part of the techniques used by the main players in this book, but back in 2011 when I wrote the first print magazine piece about bitcoin, you know, I'm guilty of this, too. I believed that bitcoin could be used anonymously because, yes, there was this thing called the blockchain that recorded every single bitcoin transaction, but those transactions, as they were listed there, only seemed to be between bitcoin addresses -- these, like, long inscrutable strings of characters. And there were no -- you know, no identifying details on the blockchain. If you couldn't figure out who somebody's addresses were, then how were you going to follow their money or identify their transactions? And that seemed to -- to have convinced even -- you know, Satoshi Nakamoto wrote in the first email to a cryptographer mailing list introducing bitcoin that participants could be anonymous -- in quotes. Even Satoshi believed in this potential anonymity or untraceability of bitcoin and that soon led to its use on the dark web on sites like the Silk Road. I guess, like, I first heard about bitcoin in 2011 from Gavin Andresen, one of the first bitcoin programmers, and he had given a talk about it where he described it as a kind of cyberpunk invention. The cyberpunks were this -- this movement of, like, privacy advocates who I was super interested in, who believe that you could use encryption technologies to take power away from governments and corporations and give it to individuals. And Gavin described Satoshi as having, kind of, created this cyberpunk holy grail, as he put it. Like, truly anonymous untrace -- potentially untraceable digital cash for the internet. That's what bitcoin was perceived to be back then. And so I -- I interviewed Gavin and wrote a piece for Forbes magazine about bitcoin back then. I even, like, tried to get A comment from Satoshi who, back then, had not yet disappeared. And Gavin even relayed a message to Satoshi for me, and I -- you know, I include it in the story, like, Satoshi Nakamoto declined to comment which I think is maybe, like, the only media story that ever has that -- had that phrase in it because he actually did decline -- or she or they or whoever Satoshi is --

Rick Howard: 'Cause we don't know. Right? Nobody knows who Satoship is. Right? That's the whole -- that's the whole game here.

Andy Greenberg: But this is like the funny thing about it. Satoshi wrote, "Participants can be anonymous" about bitcoin, and it has since turned out that I -- that, you know, may be true in a sense, but only in the sense that Satoshi himself has remained anonymous. And almost no one else ever has been able to use bitcoin anonymously, it turns out. I mean, the story of this book is about how, over the last decades, it slowly became apparent that, I mean, as is now clear, as is now clear to you from what you just said about the blockchain, that bitcoin is incredibly traceable. That it is actually far more traceable once you know, kind of, like, how to crack the -- the code of the blockchain bitcoin addresses than even the traditional financial system. And a small group of detectives who are -- who are really the main characters of this book -- figure this out, first in the -- in the sort of research world and then the tech industry, and then law enforcement. And this group kind of went on a -- just a spree of one massive cybercriminal takedown after another, each one bigger than the last, that, you know, kind of still is persisting to this day.

Rick Howard: I guess that's a takeaway from the book. If there's any doubt in anybody's mind today, I think we can wipe that away, that cryptocurrencies, specifically bitcoin, but others for sure, we can use the same techniques.

Andy Greenberg: Not all of them, I would say but, you know, almost all of them except the ones that are specifically designed. I think you're about to get to the -- you know, to -- to foil that kind of tracing like, you know, Monero and Zcash or others that are -- we call them privacy coin. But every one that's sort of based on a -- on a block chain, like this, sort of, traditional blockchain the way that bitcoin is. Yeah. They are -- like, they turned out to be not only traceable but, like, given the way that they were perceived originally, almost like a trap for people seeking financial privacy and for all kinds of criminals.

Rick Howard: So the technique is called "Chainalysis." Is that right?

Andy Greenberg: Well, Chainalysis is the company. Chainalysis is this -- the -- the tech startup that has become, kind of, the world's leading purveyor of cryptocurrency tracing tools and services. They're now -- you know, they -- Chainalysis', like, origin story is a big part of this book, the way that they figured out how to trace cryptocurrency and then they, and now a whole industry of companies like them, are playing this cat and mouse game with all -- all of these cryptocurrency users and criminals trying to stay a step ahead.

Rick Howard: So I'm glad you clarified that 'cause I was thinking Chainalysis was the name of the technique they were using, but you're right. That's the name of the company that developed a lot of these algorithms. Is there a different name for the technique that they are using or is it just a bunch of different techniques that this company uses?

Andy Greenberg: Well, it's -- I mean, I think that the techniques as a whole are called "blockchain analysis," which is where, I guess, the name Chainalysis comes from --

Rick Howard: Mm-hmm.

Andy Greenberg: -- like, the company. But, yeah, I mean the -- the -- the -- Chainalysis adopted, like, a whole bunch of techniques and built them into a kind of slick piece of software called "Reactor" that became this very powerful tool in the hands of law enforcement. But those techniques really came from -- or at least originally the sort of most core techniques that Chainalysis built a company out of came from the research world, but specifically from the work of one University of California, San Diego researcher at the time -- Sarah Meiklejohn who, in 2013, you know, a couple years after the appearance of the Silk Road as, you know, when I first discovered bitcoin, she and her co-authors published a paper that laid out these really surprisingly effective techniques to trace bitcoin, which was -- and, of course, really to trace cryptocurrency of some other kinds as well, but bitcoin was the big one back then.

Rick Howard: For those that can't remember, the Silk Road was the name for an online black market founded in 2011 by Ross Ulbricht, acronym -- the "Dread Pirate Roberts," a nod to the famous movie The Princess Bride. His site facilitated the transactions of all kinds of illicit material, mostly drugs, and were hidden by the encrypted Onion Router network or the Tor network where network transactions were scrambled and obscured by the underlying Tor technology. The FBI shut it down in 2013 and Ulbricht was convicted of seven charges related to Silk Road in the U.S. Federal Court in Manhattan, and was sentenced to life in prison without possibility of parole. He's currently starting his tenth year in prison. I love the way you describe how she started because she was like a grad student, right, and just started buying things with bitcoin just to see if she could track the transactions as they moved around the web. Can you describe what she was doing there?

Andy Greenberg: Yeah. Well, I mean, Sarah had a few, like, really clever ideas about ways to chew -- like, essentially to break through that thin barrier between someone's bitcoin addresses and their real identity. It seemed kind of, you know, impermeable to me when I first read about bitcoin, but she really did figure out how to connect people to their bitcoin addresses. And one way, as you were getting at, is that she kind of became an -- almost like an undercover cop herself. Like she just started interacting with almost every bitcoin service there was, just like moving bitcoins -- her own bitcoins into and out of cryptocurrency exchanges and gambling sites and even the Silk Road, this dark web drug market for -- you know, that offered every kind of hard drug imaginable. She just moved bitcoins into and out of the market without ever buying anything, she says -- at least to me she has. And that allowed her to -- she could see her transactions and then she could see it on the blockchain. She could match up those -- the blockchain transactions with the ones that she knew she had made, and therefore started to identify some of the addresses of these services. But then the real trick was that she also combined that with the ability to create clusters of addresses. Like, the blockchain was and is -- still is just this vast collection of millions upon millions of distinct addresses, but -- but she started to figure out that sometimes dozens or thousands of addresses all belonged to one person or a service. And there were -- she had, like, a few tricks to do that. But she started to see that, like, if she could identify just one Silk Road address, she could also tie it through some of these clever, kind of, almost logic games to a whole cluster of, like, eventually thousands of Silk Road addresses. And she, therefore, could see other people sending money into the Silk Road, too. And she also figured out that if you could then follow that money, you know, out of the Silk Road to a cryptocurrency exchange, or into it -- the Silk Road from a cryptocurrency exchange, then you -- if you were a law enforcement agent, could send a subpoena to that exchange which actually often legally was required to have identifying information on users and start to truly, you know, unmask people and identify their criminal activities with cryptocurrency. That turned out to be incredibly powerful.

Rick Howard: And that's kind of where the story forks a little bit. Right? You follow a couple different lines in the book, which I love. The IRS has a big play in this, and the company we were talking about, Chainalysis. So let's talk about the IRS piece of this. How did those guys get involved in this kind of analysis in the criminal world?

Andy Greenberg: Well, it all starts with this one guy who was really -- if anybody is the -- the main character of the book, it's -- it's this guy, Tigran Gambaryan. And he was a -- he worked within IRS, but within the IRS Criminal Investigations Division which is this interesting part of IRS.

Rick Howard: Which I didn't even know they had until I read your book. It's like -- wow!

Andy Greenberg: Yeah, I sort of had barely heard of them myself until I got into this story. But they are this, like, little-known, you know, law enforcement agency, their own, kind of, little FBI or something within IRS. They are forensic accountants, but they also, you know, carry guns and make arrests and get -- I think they would say very little respect from the FBIs and DEAs of the world who, you know, don't really take them seriously. But it kind of figures that this underdog, you know, law enforcement agency within IRS was the one that began to crack this code. And it was really Tigran who, in 2014, after the Silk Road takedown, he was based in Oakland at the time and the Silk Road, it turned out, had been run by this 29-year-old Texan living in San Francisco, just across the Bay. Ross Ulbricht, who ran and created the Silk Road, was arrested in San Francisco. Tigran's superiors in IRS Criminal Investigations were kind of, like, why didn't we get this guy? I mean, he's -- he was right there under our nose. Yeah. I mean, Tigran had always looked at -- at bitcoin from the beginning and thought, like you just said, like, there's a whole blockchain here, a ledger of every transaction. This has got to be traceable. I mean, he was -- he had, you know, spent years auditing people's tax returns. He was the forensic accountant and he, I think, has kind of an accounting brain, saw that potential. So he started looking closer at the Silk Road investigation after the Silk Road was taken down. And, to be clear, the Silk Road was taken down not through cryptocurrency tracing, but through some, you know, kind of sloppy mistakes made by Ross Ulbricht.

Rick Howard: Mm-hmm.

Andy Greenberg: And Tigran got a tip from a cryptocurrency exchange that this guy, Carl Mark Force, was cashing out hundreds of thousands of dollars worth of bitcoins of unknown origin through this exchange. And Tigran started to look into that case and found that Carl Mark Force was a DEA agent who had been working on the Silk Road investigation. And then essentially sat down at home, like after hours. Nobody thought this was possible, but he just kind of thought differently and sat down and kind of hand-traced on the blockchain Carl Mark Force's bitcoin transactions to show that his -- you know, this kind of mysterious fortune he'd amassed had come from the Silk Road, that the Dread Pirate Roberts, the creator of the Silk Road who went under that name, had been sending payments to Carl Mark Force in exchange for inside law enforcement information, that Carl Mark Force had been a mole inside the DEA for the Silk Road, essentially -- and had tried to extort the Silk Road for money and -- and, you know, just incredibly corrupt behavior.

Rick Howard: So the story twists, like -- which is fantastic that there's a corrupt cop at the end of this, that the IRS guy is tracking just by doing manual analysis of the blockchain.

Andy Greenberg: Totally.

Rick Howard: Wasn't writing programs to do it. Right? He was doing it manually.

Andy Greenberg: Right. I mean, this was in the days before Chainalysis --

Rick Howard: Yeah.

Andy Greenberg: -- and Tigran was just really doing this on his own. But this -- but this was not -- you know, this was the end of the Silk Road story, but really just the beginning of the story of the book because that was when Tigran realized that bitcoin can be traced. And he had just proved somebody's guilt through cryptocurrency tracing for the first time in the history of law enforcement. And not only that, but he soon followed another thread of, like -- a kind of loose thread of, like, missing bitcoins from the Silk Road to show that they had been taken by another corrupt agent, a secret service agent who worked in the same Baltimore office as Carl Mark Force. That was Shaun Bridges. And the two of them were both corrupt agents, both investigating the Silk Road, and simultaneously trying to enrich themselves from the investigation any way they -- just taking whatever dirty bitcoins they could. And both of them had thought that those bitcoins would be untraceable so they could never be caught. and Tigran caught them both and they both went to prison.

Rick Howard: You know, if I was writing a novel about this, the editor would say this is too incredible. No one would believe this. Right? So it's unbelievable this happened in real life.

Andy Greenberg: I knew a bit about that story, but the details of it and then some of the cases that followed -- they truly were just, like, kind of, like truth is more dramatic than fiction, kind of true crime stories. But I don't want to, like, get ahead of myself.

Rick Howard: So I'm a little foggy at this point, but somehow the IRS agent becomes friends with the Chainalysis CEO. Right? And -- and they begin to share information with each other.

Andy Greenberg: So Michael Gronager at this point was this Danish entrepreneur. He is now the CEO and cofounder of Chainalysis, which has grown into an $8.6 billion startup. But back then was just his little idea. And he sort of picked up Sarah Meiklejohn's tricks from her paper and, you know, he was not a researcher. He was a real entrepreneur and coder and built a very slick and fast, like, tool that implemented those ideas and others that he came up with. And then he sort of, just by chance, met Tigran Gambaryan, the IRS agent in San Francisco. Helped him out with that Shaun Bridges tracing case and then they kind of, together, went on to take on this -- this other massive mystery in the cryptocurrency economy which, in 2014, was the fact that Mt. Gox, the big -- you know, the first cryptocurrency exchange, had been just catastrophically hacked and emptied out, essentially, by hackers who had stolen half a billion dollars worth of bitcoins from it. And Michael Gronager, just in his, kind of, first days after founding Chainalysis, this company, took -- took the Mt. Gox bankruptcy trustees on as a pro bono customer, basically. And just, like, decided that he was going to solve this case. And he and Tigran essentially did just that. Tigran was actually looking into this cryptocurrency exchange called BTC-e which, if you remember, was, like, this very mysterious and shady exchange at the time, and nobody could figure out where it was located. Some people thought it was, like, Singapore or Hong Kong, or some people had pointed towards other countries. It was this, like, black hole. Nobody could figure out who ran it, and it was one of the biggest cryptocurrency exchanges at the time. And also anybody could use Chainalysis or cryptocurrency tracing tools to see that tons of dirty money was flowing into it from ransomware which was just starting to be a thing back then, and dark web drug markets, like, that had replaced the Silk Road. And so Tigran started to look into BTC-e and the amazing thing turned out to be that BTC-e had been founded by this -- this Russian guy named Alexander Vinnik who Michael Gronager, through cryptocurrency tracing, proved was part of the group of hackers stealing the Mt. Gox fortune. This guy, Alexander Vinnik, allegedly at least, had amassed so many bitcoins from that heist that he had created his own exchange, BTC-e, just for the purposes of laundering this fortune. And then BTC-e, you know, as this kind of criminal exchange, became the go-to place to launder all sorts of criminal cryptocurrency. And so they essentially both solved the Mt. Gox mystery and took down BTC-e. That takedown of BTC-e and the -- the solving of the Mt. Gox mystery is really like the beginning of a new era because that was Chainalysis' first big case. It proved that cryptocurrency tracing could be used to solve some of the biggest cyber crimes happening on the internet -- period. And it's a sign of the beginning of this golden age of cryptocurrency tracing. You know, the rest of the book has all these bigger and bigger stories of law enforcement wins that they -- the takedown of AlphaBay, this dark web drug market that's ten times the size of the Silk Road, and the Welcome to Video child sexual abuse video dark web market. All of that was taken down through cryptocurrency tracing.

Rick Howard: I love the way you ended the book. I think it's a perfect book end, and I thought it was going to go one way and it didn't go that way. But you end up with Sarah Meiklejohn again. And I really thought that she was going to end up being the number two at Chainalysis, but she went a different way, which I thought was fantastic.

Andy Greenberg: I didn't want to just leave readers with the impression that financial surveillance is 100% good or, you know, that it's not an ethically complicated thing. It is. You know? And luckily for me, like, Sarah Meiklejohn, who begins this whole story with the techniques that she invented, she also serves as kind of the conscience of this story because she was always very ambivalent about the fact that what she had created had been adopted by law enforcement and -- and used in these incredibly powerful surveillance operations. And, as you say, like -- hope it's not a spoiler -- to say that, you know, she -- in one of the final scenes of the book, she was offered a job by Michael Gronager, who -- who had created Chainalysis, and what -- it was very quickly growing. And if -- if she had taken that job, you know, she probably --

Rick Howard: She'd be -- yeah.

Andy Greenberg: -- would have made a fortune.

Rick Howard: Rich beyond her wildest dreams. Yeah.

Andy Greenberg: But she did not take that job. She turned him down and she told me that it was because she just didn't want to be as -- as she put it, a "cyber narc" for a living. You know, she -- that was what her -- her academic advisor had once joked about it -- her -- about -- called her as a joke, and when she was tracing cryptocurrency, and she just -- her -- her, you know, bitcoin tracing worked. She saw it as a kind of public service announcement, like a sort of -- a warning about the fact that bitcoin was anything but private. But she didn't want to be on the side of the cats in this cat and mouse game. She wanted to kind of, like, remain outside of it and she sees that -- I agree with her that there is a real need for anonymity technologies for journalists and dissidents and activists and people in repressive regimes. And the fact that, you know, cryptocurrency was once held up as a way for those people to evade financial surveillance, and the fact that it has turned out to be the opposite of that is, in some ways, tragic, even though cryptocurrency tracing was also used to take down a bunch of people doing horrible --

Rick Howard: Doing bad things, yeah. So is that the takeaway, Andy? If I was going to boil the book down to the learning point, it's that bitcoin, specifically, can be traced by law enforcement and governments now, so if you thought that you are anonymous there, you should change your mind 'cause you are absolutely not anonymous.

Andy Greenberg: I mean, there are now cryptocurrencies like Monero and Zcash that do things with their blockchains that are designed to foil tracing and work probably pretty well to varying degrees, depending on which one we're talking about.

Rick Howard: Yeah, but as you said in the book, the adoption rate for those is really small compared to bitcoin and stuff. So we're not there yet.

Andy Greenberg: Right. And there may still be vulnerabilities --

Rick Howard: Yup.

Andy Greenberg: -- in those that Chainalysis has figured out. They have a lot of money and smart people to -- and a lot of competitors, like, trying to one-up them and find new ways to trace cryptocurrency. So, you know, that cat and mouse game continues. But I -- you know, I appreciate you trying to boil it down to, like, a -- a lesson. But, really, it's like -- it's more like the -- it's like once I saw that -- that bitcoin and cryptocurrency could be traced, you know, it turned out that there -- that that created just, like, an incredible decade-long true crime drama, just a crazy story that had never really been told and, you know, I kind of couldn't believe how much there was to tell. And also, just, like a lot of really interesting ethical questions about, you know, the role of anonymity in society and -- and the role of surveillance.

Rick Howard: Well, it's good stuff, Andy, and I said at the top of the show that it's the best cybercrime book I've read in a long time, so my hat is off to you.

Andy Greenberg: I mean, you of all people. I mean, you are -- you probably read more of these books than anybody, so I really appreciate that. I'm very grateful for that. I have to say, like, you know, Kingpin, MKevin Poulsen's work is amazing and just -- I appreciate any comparison. Thank you.

Rick Howard: Well, you're quite welcome. But we're going to have to leave it there, Andy. That's Andy Greenberg. He's the senior writer for Wired, and the author of the next great cybercrime book. So, Andy, thanks for coming on the show. We really appreciate it.

Andy Greenberg: Thanks, as always, Rick. Thank you very much.

Rick Howard: I'd like to thank Andy Greenberg for coming on the show to discuss his book, the latest inductee into the Cybersecurity Canon Hall of Fame. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. If you'd like to learn more about this book as well as all the other books in the Cybersecurity Canon series, surf on over to Ohio State University, the official sponsor for the Canon Project, at cybersecuritycanon -- all one word --.com. And that's CSO Perspectives brought to you by N2K's CyberWire. Visit thecyberwire.com for additional resources that accompany this episode, and check out our book, Cybersecurity First Principles: A Reboot of Strategy and Tactics for a deep dive on all the topics covered in this podcast. I've added some helpful links in the show notes, and we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly-changing world of cybersecurity. If you like the show, please share a rating and a review in your podcast app. And you can also fill out a survey in the show notes, or just send me an email at csop@n2k.com. We're privileged that N2K's CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment -- your people. We make you smarter about your team while making your team smarter. Learn how at n2k.com. This episode was produced by Liz Stokes. Our theme song is by Blue Dot Sessions. Remix by Elliott Peltzman, who also mixes the show and provides original music. Our Executive Producer is Jennifer Eiben. Our Executive Editor is Brandon Karpf. Simone Petrella is our President. Peter Kilpe is our publisher. And I'm Rick Howard. Thanks for listening.