This blog post will briefly explain what blockchains are and describe three malicious uses of blockchains: surveillance, botnet Command and Control (C2), and “digital gold” in cybercrime and cyberwar.
A blockchain is a data structure that stores a list of data points that can only be read or appended to [1]. Algorithms such as Proof of Work guarantee data integrity by ensuring that data entries in the blockchain cannot easily be rewritten.
A cryptocurrency is an application built on a distributed blockchain, meaning many different instances of the cryptocurrency program run on different machines and store copies of the blockchain, making the system resilient to the failure of individual instances.
This blog post refers to Bitcoin repeatedly since it is the best-known cryptocurrency, but many other cryptocurrencies have the same abuse potential.
Using a Bitcoin-like cryptocurrency means that financial transactions are stored publicly and permanently [1]. Therefore, cryptocurrencies on public blockchains should be considered a privacy risk and recognized as a tool for surveillance. Transactions are not necessarily anonymous: dataset de-anonymization is a well-developed field [2]. Governments could cross-reference the transactions stored on the blockchain with other data to learn about who is sending money to whom. Many governments, including the US and China, are developing government-controlled cryptocurrencies (govcoins) [3], perhaps because cryptocurrencies function as logging servers that store every transaction, enabling easy analysis.
Bitcoin-like blockchains have also become useful for illegal purposes; public blockchains have revolutionized the botnet domain because they can be used as takedown-immune botnet C2. Before cryptocurrencies, when botnets relied on a variety of custom C2 infrastructures [4], a botnet could be destroyed via a “takedown” of the C2 by law enforcement [5]. But with a cryptocurrency-based C2, law enforcement would have to shut down the entire blockchain, i.e., destroy the cryptocurrency, which is nearly impossible due to the distributed nature of the blockchain and the primary non-criminal use of the blockchain for cryptocurrency transactions. And when the cryptocurrency has many users, the bot traffic and commands become nearly impossible to distinguish from financial activities.
Cryptocurrencies are not just ideal botnet C2: they have become a popular tool for extracting money from victims during ransomware attacks and other criminal activities [6].
Bitcoin has been called “digital gold,” and this label is accurate because it can be used like gold bullion that can be transferred via the internet. In “Debt: The First 5000 Years”, Graeber explains that gold bullion becomes popular as currency during times of war since it can be stolen, requires no trust to have value, and can easily be transported [7]. Bitcoins function like gold bullion in cybercrime and cyberwar: illegal botnets can mine it anonymously, it can be used as payment in ransomware attacks against corporations, and it can easily be stolen directly from individuals. And with sufficient effort and cost, thieves can launder the stolen cryptocurrency to avoid de-anonymization [8].
For cryptocurrencies to be useful to criminals, they must be both liquid and valuable. This leads us to an important question: Even though cryptocurrencies still have no use to mainstream consumers and are essential to modern cybercrime, why do so many people purchase cryptocurrencies?
A traded asset, whether a Pokemon card or a bitcoin, is only as valuable as the amount another fanatic will pay for it in the future, which is known as the Greater Fool Theory [9]. Due to media hype, Bitcoin and other cryptocurrencies have turned into mainstream speculative assets. Yet, most people cannot understand what a distributed blockchain actually is since accurate understanding requires at least an undergraduate-level understanding of programming, cryptography, algorithmic complexity, networks, and distributed systems. Therefore, they do not understand the asset they invest in when they purchase cryptocurrency and are relying on the Greater Fool Theory for a return on investment. The large amount of money invested in cryptocurrencies [10] seems partly a reaction to effective marketing rather than a rational assessment of the underlying technology. Therefore, an additional malicious use of blockchains might be how marketers take advantage of the technology’s complexity when convincing people to invest in often worthless tokens.
In summary, Bitcoin and other cryptocurrencies are versatile tools for cybercrime, and enthusiasm for cryptocurrencies fuels public acceptance of financial technology with built-in privacy risks, infrastructure for botnets, and an equivalent of gold bullion for cybercrime and cyberwar.
In the future, there may be solutions to these threats, such as regulation of public blockchains, laws forbidding corporations from paying ransoms, and the integration of financial blockchains with systems that prove identity.
SCYTHE provides an advanced attack emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. Customers are in turn enabled to validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions. Based in Arlington, VA, the company is privately held and is funded by Gula Tech Adventures, Paladin Capital, Evolution Equity, and private industry investors.
[1] Conway, L. (2021, June 1). Blockchain Explained. Investopedia. https://www.investopedia.com/terms/b/blockchain.asp.
[2] How to de-anonymize Bitcoin - Bitcoin and Anonymity. Coursera. https://www.coursera.org/lecture/cryptocurrency/how-to-de-anonymize-bitcoin-qnS76.
[3] The Economist Newspaper. (n.d.). The digital currencies that matter. The Economist. https://www.economist.com/leaders/2021/05/08/the-digital-currencies-that-matter.
[4] Atmer, H. SCYTHE Library: Know Your Enemy: Botnet Command and Control Architectures. scythe.io. https://www.scythe.io/library/know-your-enemy-botnet-command-and-control-architectures.
[5] Greenberg, A. Cops Disrupt Emotet, the Internet's 'Most Dangerous Malware'. Wired. https://www.wired.com/story/emotet-botnet-takedown/.
[6] Chavez-Dreyfuss, G. (2021, January 28). Cryptocurrency crime drops in 2020 but 'DeFi' breaches rise, study finds. Reuters. https://www.reuters.com/article/crypto-currency-crime-int-idUSKBN29X1YO.
[7] Graeber, David. Debt: The First 5000 Years. Melville House, 2014.
[8] Tumbling Bitcoins: A Guide Through the Rinse Cycle. Bitcoin News. https://news.bitcoin.com/tumbling-bitcoins-guide-rinse-cycle/.
[9] Hayes, Adam. “Greater Fool Theory Definition.” Investopedia, Investopedia, 17 May 2021, www.investopedia.com/terms/g/greaterfooltheory.asp.
[10] Cryptocurrency Prices, Charts And Market Capitalizations. CoinMarketCap. https://coinmarketcap.com/.