By Mark James, technical director, ESET UK
Crypto-currencies have been hailed by their advocates as the next revolutionary step in monetary exchange. In an increasingly hyper-connected, digital world where the use of traditional electronic methods of payment can be tracked by organisations tying a digital footprint to consumers, users of services such as Bitcoin, Litecoin and Namecoin cite the privacy and anonymity of transactions as a prime draw. As all transactions also take place over a peer-to-peer network, the absence of transfer fees associated with international payments adds weight to their attraction. In addition, a highly publicised, yet often patchy, rocket in their value over the past year has also draw much attention to the rise in fortunes made by a few members of their avid fan base. However, for what at face value seems like a digital gold rush, much criticism has also been vocalised by those concerned over the potential pitfalls in using a currency nestled so intricately with the digital space. So what dangers should those considering using crypto-currencies be looking out for? And what validity do they have as secure and viable systems of currency into the future?
Firstly, it’s essential to understand how crypto-currencies operate. Let’s take Bitcoin. In contrast to traditional currency, it is a decentralised system with currency generated through a process called mining. This involves the solving of complex algorithms by computers, which when successful generate bitcoins for the user. To control its value, only 21 million bitcoins will only ever be available, with only around half mined to date. Bitcoins are currently pegged at 1 bitcoin to £245, and can be stored both online and offline in ‘wallets’. The currency can then be swapped between users on online sites called exchanges, and at this point hackers often look to take advantage.
Only this month, an Australian website owner running an online wallet service for storing bitcoins claimed hackers stole 4,100 bitcoins worth more than £650,000 in two separate attacks. In the currency’s four-year history, this was one of the largest attacks to date. Likewise, in May 2013, PC gaming service ESEA discovered that user’s PCs had been hijacked in the form of malware to run a hidden bitcoin-mining process which caused users’ graphics cards to overheat as it worked in the background. The scheme came to attention as users noted their GPU usage was over 90 per cent and temperatures far above average. It soon emerged that attackers has earned just over $3,600 in an attack lasting roughly a month.
There are numerous malware families today that either perform bitcoin mining or directly steal the contents of victims’ bitcoin wallets. However, bitcoin is the only crypto-currency targeted by malware. In July this year, a Trojan, dubbed Skynet, designed to steal Litecoins was also discovered. Although rather unsophisticated, its appearance does show that as the number of crypto-currencies proliferate so too are the hackers looking to make a fast buck off this trend.
It’s increasingly common that malware also uses bitcoin as a means to extort victims. Cryptolocker, one such example, encrypts data and hold user’s information ransom and charges in bitcoins to regain access. As the malware continues to spread in the wild, it seems ransoms are also increasing in price.
So what practical advice should users of electronic currencies follow? Firstly, only store small amounts online. As with any data, users need to be extremely vigilant when storing their information. As an alternative, bitcoins can also be stored in offline “wallets”, or even written down as a private cryptographic key. Secondly, look to secure your accounts with features like two-factor authentication and encryption. This process should also include regularly backing-up your wallet in secure online and offline locations. And thirdly, keep all your software and especially your security software up to date with the latest patches and fixes. Using out-dated versions with known vulnerabilities leaves users exposed to attack as hackers will certainly be looking to exploit these holes.
Despite the danger, crypto-currencies seem to be attracting serious government attention. The Canadian government, for example, has recently launched MintChip, an electronic currency backed by the Royal Canadian Mint borrowing philosophies from systems such as Bitcoin. Likewise, a growing number of online and offline merchants also accept bitcoins as payment for goods and services, mainly because the transaction costs associated with the currency are so much cheaper than with credit cards or debit cards. ATMs have also just been developed in North America that allow users to withdraw their cryptocurrency as real currency.
As we continue to re-evaluate how we think of currency and link this with the spending habits of consumers, the use of crypto-currencies looks like a trend that will continue to gain a lot of traction. However, as the currency’s value and use continues to increase, so too will the number of rogue operators. If so, businesses, consumers and the wider security market have to be vigilant in ensuring the processes and operations revolving around their use remain as reliable and secure as possible.