Last week I wrote an article on illicit cryptomining – How hackers are stealing cryptocurrency transaction processing software on corporate networks, personal computers and other devices. I tried to raise the alarm, calling this threat the most dangerous of 2018.
I did not go far enough.
At a deeper reflection, the implications of illicit cryptomining are deeply frightening. Because this type of cybernetic attack is "relatively" benign – for some "relatively" definitions – it is positioned to work flawlessly, detecting computers, networks, data centers and cloud environments around the world.
Perhaps there is a way to stop this insidious infection from killing its host, which is none other than the global computer infrastructure. To be safe, cybersecurity providers are already at work.
In my opinion, however, prevention and mitigation technologies will never work well enough. There is only one way to kill this beast. We must make all cryptocurrencies as we know them today illegal.
Here because.
Blockchain authorized or without authorization
In the heart of Bitcoin, and by extension most if not all altcoins (cryptocurrencies other than Bitcoin), is the notion of blockchain without authorization. & nbsp; With an authorized blockchain (generally known as "public" or "open", with few exceptions), anyone can create an address and interact with the network: buying coins, selling coins or mining coins.
The public approach draws a stark contrast to the authorized blockchain (generally "private" or "closed", again with some exceptions). "The authorized Blockchain is a closed and monitored ecosystem in which the access of each participant is well defined and differentiated according to the role", explains Devon Allaby, COO of Design Farm Collective. "They are built for a purpose, establishing rules for transactions in line with the needs of an organization or a consortium of organizations."
I focused on authorized blockchains in my recent article Do not be fooled by the Hool blockchain costswhere I discussed
IBM
However, authorized blockchains are not the subject of this article. They can struggle with scalability and in the end they cost too much, but they do not have the fundamental flaw that blockchains do without authorization that are the basis of cryptocurrencies.
The problem with the absence of permission
The problem with public blockchain without permission is that anyone can sign up as a miner – which means that there is nothing that prevents criminals from doing so.
Of course, not all mining companies are criminals. There are many people who build mining activities perfectly at the height. But having said that, there are many different criminal activities that can exploit mining.
Tax evasion. Money laundry. Terrorist financing or other illegal activities not directly related to cryptocurrency. But the most nefarious of all criminal motivations: illegal cryptography.
Because illegal cryptography is so subtle
Infiltrating our computers and networks is simple: just a phishing victim, a visit to a malicious webpage or a person who downloads a fake app from an app store and a bam! The hacker is inside.
Infiltration is a familiar first step to most corporate cyber attacks that follow the Cyber Kill chain: infiltrate, install malware, move sideways to an important goal, establish a command and control link (C & amp ; C) to the hacker, then extract the data or funds that are the target of the attack.
Hackers follow this model when their goal is to steal something (in other words, "exfiltrate data"). As a result, cybersecurity salespeople have focused on detecting and interrupting the steps in the Kill Chain.
Cryptomining, on the contrary, breaks this mold. Software is technically not malware – after all, many people have undermined cryptocurrency on purpose. It is not necessary to find a valid target, since any computer with processor cycles to be used will do.
And there is nothing to exfiltrate. As long as the compromised computer can reach the Internet, threat actors can cash out their extraction activity.
The more subtle aspect of illicit cryptomining, however, is the fact that it can be executed without being detected indefinitely. After all, nothing is stolen except for excess processor cycles and a bit of electricity. In this world of far more frightening threats, illicit cryptomining will always rank rather low on the list of priorities.
Until, of course, it kneels your whole net.
Cryptocurrency ethics and "Know your miner"
To fight money laundering, regulatory agencies around the world require companies to "get to know your customer" (KYC). In theory, if all the participants in a transaction have sufficient details about the parties they are doing business with, it will be much more difficult for criminals to recycle their illicit gains.
Since anyone can become a cryptocurrency miner, it would be logical for the regulatory bodies themselves to set up a "know your miner" policy.
After all, if you want to conduct any kind of transaction with Bitcoin or any other mess, you'd like to know that the miner who processes your transaction is not a criminal enterprise that could use his commission fee to support terrorists or child pornographers, quite right?
In addition to the regulatory burden arising from the establishment of global policies "you know your miner", therefore, there is also an ethical burden to which all participants in the economy of cryptocurrency must abide, otherwise they risk condoning illegal activities regardless of whether they are criminals themselves.
So far, so good, except for a problem: & # 39; Know your miner & # 39; it can not work for a blockchain without authorization.
For example, when executing a Bitcoin transaction, who is actually processing the transaction? He is not the merchant. It is not the exchange. It is not even the miner who is rewarded for such processing.
It is every miner on the blockchain.
True, only one miner is rewarded for each transaction, but every Miner executes the transaction on his copy of the blockchain – and besides, this distributed and redundant transaction processing is at the heart of how blockchains work.
So if even one of the miners is a criminal, you are supporting a criminal enterprise with every cryptocurrency transaction conducted. And believe me, the number of criminal miners is much, much more than one, and grows every day.
How to solve the problem
Multinational companies will certainly try to prevent illegal encryption, but these efforts are bound to be a losing battle – first, because it is easy to raise these attacks, and secondly, fighting those threats will remain a low priority for the foreseeable future.
This lets you know your miner & # 39; – which can only work on authorized blockchains
Perhaps an approach based on cryptocurrency like
Ripple
However, as long as the unlicensed coins have value, illicit miners will still favor those on Ripple and his brothers.
The world of cryptocurrency, therefore, will have two choices: pass completely from unauthorized to permission (or perhaps semi-authorized) or close completely.
Of course, many aspects of the blockchain that excite the world of cryptocurrency depend on the lack of permission. Without it, all we have is a secure distributed database technology, which could very well prove useful for real business purposes, but is not able to sustain excitement around cryptocurrencies today – including the buzz around offers of initial coins (ICO).
Enjoy the world of blockchain-based cryptocurrencies without authorization as long as you can, because your days are numbered. And do not lose your shirt when everything collapses.
Intellyx publishes the Agile Digital Transformation Roadmap posters, advises companies on their digital transformation initiatives and helps sellers communicate their stories of agility. At the time of writing, IBM is an Intellyx customer. None of the other organizations mentioned in this article are Intellyx customers. Image credit: neepster.
">
Last week I wrote an article about illegal cryptography: how hackers are stealing cryptocurrency transaction processing software on corporate networks, personal computers and other devices. I tried to raise the alarm, calling this threat the most dangerous of 2018.
I did not go far enough.
At a deeper reflection, the implications of illicit cryptomining are deeply frightening. Because this type of cybernetic attack is "relatively" benign – for some "relatively" definitions – it is positioned to work flawlessly, detecting computers, networks, data centers and cloud environments around the world.
Perhaps there is a way to stop this insidious infection from killing its host, which is none other than the global computer infrastructure. To be safe, cybersecurity providers are already at work.
In my opinion, however, prevention and mitigation technologies will never work well enough. There is only one way to kill this beast. We must make all cryptocurrencies as we know them today illegal.
Here because.
Blockchain authorized or without authorization
In the heart of Bitcoin, and by extension most if not all altcoins (cryptocurrencies other than Bitcoin), is the notion of blockchain without authorization. With an unauthorized blockchain (generally known as "public" or "open", with few exceptions), anyone can create an address and interact with the network – buying coins, selling coins or mining coins.
The public approach draws a stark contrast to the authorized blockchain (generally "private" or "closed", again with some exceptions). "The authorized Blockchain is a closed and monitored ecosystem in which the access of each participant is well defined and differentiated according to the role", explains Devon Allaby, COO of Design Farm Collective. "They are built for a purpose, establishing rules for transactions in line with the needs of an organization or a consortium of organizations."
I focused on authorized blockchain in my recent article Do not let Blockchain save on Hype Fool You costs, where I discussed
However, authorized blockchains are not the subject of this article. They can struggle with scalability and in the end they cost too much, but they do not have the fundamental flaw that blockchains do without authorization that are the basis of cryptocurrencies.
The problem with the absence of permission
The problem with public blockchain without permission is that anyone can sign up as a miner – which means that there is nothing that prevents criminals from doing so.
Of course, not all mining companies are criminals. There are many people who build mining activities perfectly at the height. But having said that, there are many different criminal activities that can exploit mining.
Tax evasion. Money laundry. Terrorist financing or other illegal activities not directly related to cryptocurrency. But the most nefarious of all criminal motivations: illegal cryptography.
Because illegal cryptography is so subtle
Infiltrating our computers and networks is simple: just a phishing victim, a visit to a malicious webpage or a person who downloads a fake app from an app store and a bam! The hacker is inside.
Infiltration is a familiar first step to most corporate cyber attacks, which follow the Cyber Kill Chain: infiltrate, install malware, move sideways to an important goal, establish a command and control link (C & C) ) to the hacker and then extract the data or funds that are the goal of the attack.
Hackers follow this model when their goal is to steal something (in other words, "exfiltrate data"). As a result, cybersecurity salespeople have focused on detecting and interrupting the steps in the Kill Chain.
Cryptomining, on the contrary, breaks this mold. Software is technically not malware – after all, many people have undermined cryptocurrency on purpose. It is not necessary to find a valid target, since any computer with processor cycles to be used will do.
And there is nothing to exfiltrate. As long as the compromised computer can reach the Internet, threat actors can cash out their extraction activity.
The more subtle aspect of illicit cryptomining, however, is the fact that it can be executed without being detected indefinitely. After all, nothing is stolen except for excess processor cycles and a bit of electricity. In this world of far more frightening threats, illicit cryptomining will always rank rather low on the list of priorities.
Until, of course, it kneels your whole net.
Cryptocurrency ethics and "Know your miner"
To fight money laundering, regulatory agencies around the world require companies to "get to know your customer" (KYC). In theory, if all the participants in a transaction have sufficient details about the parties they are doing business with, it will be much more difficult for criminals to recycle their illicit gains.
Since anyone can become a cryptocurrency miner, it would be logical for the regulatory bodies themselves to set up a "know your miner" policy.
After all, if you want to conduct any kind of transaction with Bitcoin or any other mess, you'd like to know that the miner who processes your transaction is not a criminal enterprise that could use his commission fee to support terrorists or child pornographers, quite right?
In addition to the regulatory burden arising from the establishment of global policies "you know your miner", therefore, there is also an ethical burden to which all participants in the economy of cryptocurrency must abide, otherwise they risk condoning illegal activities regardless of whether they are criminals themselves.
So far, so good, except for a problem: & # 39; Know your miner & # 39; it can not work for a blockchain without authorization.
For example, when executing a Bitcoin transaction, who is actually processing the transaction? He is not the merchant. It is not the exchange. It is not even the miner who is rewarded for such processing.
It is every miner on the blockchain.
True, only one miner is rewarded for each transaction, but every Miner executes the transaction on his copy of the blockchain – and besides, this distributed and redundant transaction processing is at the heart of how blockchains work.
So if even one of the miners is a criminal, you are supporting a criminal enterprise with every cryptocurrency transaction conducted. And believe me, the number of criminal miners is much, much more than one, and grows every day.
How to solve the problem
Multinational companies will certainly try to prevent illegal encryption, but these efforts are bound to be a losing battle – first, because it is easy to raise these attacks, and secondly, fighting those threats will remain a low priority for the foreseeable future.
This lets you know your miner & # 39; – which can only work on authorized blockchains
Perhaps an approach based on cryptocurrency like
However, as long as the unlicensed coins have value, illicit miners will still favor those on Ripple and his brothers.
The world of cryptocurrency, therefore, will have two choices: pass completely from unauthorized to permission (or perhaps semi-authorized) or close completely.
Of course, many aspects of the blockchain that excite the world of cryptocurrency depend on the lack of permission. Without it, all we have is a secure distributed database technology, which could very well prove useful for real business purposes, but is not able to sustain excitement around cryptocurrencies today – including the buzz around offers of initial coins (ICO).
Enjoy the world of blockchain-based cryptocurrencies without authorization as long as you can, because your days are numbered. And do not lose your shirt when everything collapses.
Intellyx publishes the Agile Digital Transformation Roadmap posters, advises companies on their digital transformation initiatives and helps sellers communicate their stories of agility. At the time of writing, IBM is an Intellyx customer. None of the other organizations mentioned in this article are Intellyx customers. Image credit: neepster.