There are two technical interesting take aways in this:
1 - Microsoft, and probably most big companies, have persistent tracking ID on most stuff that are hard to get rid of and can be used to identify you and devices linked to you in a fuzzy way. I mean, we know about super cookies, fingerprinting and such, but it's another to hear it being used to track somebody that was careful and using multiple anonymous accounts.
2 - BTC mixers will not protect you. Correlating one single wallet with you will make it possible to them retrace the entire history.
> BTC mixers will not protect you. Correlating one single wallet with you will make it possible to them retrace the entire history.
It's also possible they both knew the address which was paid out to buy the stolen merchandise and they saw he had withdrawals from a bitcoin exchange in bank records. Given these two facts, it's pretty easy to draw a line between them even when mixers are used. But if you don't already know who to suspect this is much harder to do.
My guess is this was reverse engineered. Once they had identified which employees had access to this digital currency, they looked to see who had $10m or so more than expected, and worked from that person to the bitcoin account.
Driving a Tesla that costs significantly more than your take-home pay is... a suboptimal way to avoid being identified.
Hmm, that's not enough evidence to connect him -- he could be withdrawing Bitcoin to cash for something entirely unrelated. Him cashing in Bitcoin is circumstantial.
"I bought some bitcoin for cash a decade ago" explains cashing Bitcoin, so what have you got left as evidence.
Other than confessions, most convictions happen mostly on the basis of circumstantial evidence. TV and movies have taught people that circumstantial evidence is "weak" and insufficient to get a conviction. This is simply not true. Sufficient amount of circumstantial evidence will put you in jail. The job of the prosecutor is not to meet some specific pre-defined standard, it's to convince the jury.
And if the prosecutor has just spent the last hour talking to the jury about how they could track that x amount of stolen credits were sold for x bitcoin at date y, and this bitcoin was then fed to a mixer, and that on those same day or soon after you converted 0.95x BTC to $, and you could not positively prove where that money came from, if your strategy was just:
Not only that - circumstantial evidence is enough for a search warrant, and a search warrant almost ALWAYS reveals additional evidence.
The point is that once the cops know who you are, you're fucked. Even if they are using classified methods to ID you, they'll then find something circumstantial to get warrants until they find you.
The only way to get away is to completely avoid detection in the first place.
Sorry if it wasn't clear, I meant his addresses being visible on both the input and output of a mixing process but being discovered via separate means, one via tracing where the codes were sold, one via tracing his bank activity after investigating which account generated the codes.
It certainly could be enough to connect him, if they already know the fraudulent codes were generated from his account, and you can see the mixing process and that he was clearly an output of it, that means that he would have had to buy bitcoin from someone who used his account to generate those codes... that's not going to play well to any judge or jury.
That's really for a jury to decide. It's not circumstantial when they have his device finger printed doing nefarious things at other steps of the theft process for the same amounts of money that are coming out of a coin mixer.
Are coin mixers really that rudimentary, if they are why would you bother? It seems pretty easy to design a mixer that works, logically, so can noone muster the business backing (or is it legal issues?) to do that, not even in any country in the World?
I am yet to see a single mixer that would cryptographically prove that I am not participating in an FBI scheme to mix BTC in order for them to then know who mixed what in the first place.
Apparently this also breaks Moneros privacy by identifying a BTC address associated it (even without KYC). You need to buy Monero from LocalMonero if you want to be truly private.
I'm confused as to why Microsoft needed to use this tracking ID at all.
Wouldn't Microsoft be able to trace the digital currency to the whitelisted test account? I'm assuming there's some kind of approval process for whitelisting test accounts (or at least you have to be in the right permissions group), otherwise anyone (even non-QA) could make a test account that bypasses their security.
Tracing the bitcoin transactions might prove which account stole the money. But the device tracking helps prove which real person was controlling the account.
1 - Microsoft, and probably most big companies, have persistent tracking ID on most stuff that are hard to get rid of and can be used to identify you and devices linked to you in a fuzzy way. I mean, we know about super cookies, fingerprinting and such, but it's another to hear it being used to track somebody that was careful and using multiple anonymous accounts.
2 - BTC mixers will not protect you. Correlating one single wallet with you will make it possible to them retrace the entire history.