For anyone working with blockchain tech, it is obvious that ransomware hackers who use bitcoin for the payoff don’t care much about their anonymity. People dealing with crypto know that bitcoin is a pseudonymous cryptocurrency, meaning that it does provide some basic degree of anonymity, but scrutinization of the bitcoin blockchain unleashes a lot of information about both the sender and the recipient. And, of course, all the details of transfers and their amounts are publicly visible to anyone. So using bitcoin as a payment method, especially for illegal activity such as ransom is extremely dangerous for the attackers. They can be easily traced and caught, and their money can be seized. The probability that the Colonial Pipeline attackers didn’t know such basics about crypto is near zero. They would certainly have known there are well-developed privacy-centric cryptocurrencies that provide almost absolute anonymity and security to their users.
Monero is one outstanding example; it hides all the details of its transactions from public view, including the sender, the recipient, and the transfer amount. And it is very liquid, with a market capitalization of more than $4.5 billion and a presence on most cryptocurrency exchanges. So why did the attackers not use it — or another privacy-centric cryptocurrency? There are two possible answers to this question. I don’t know which one is right.
The first possibility is that they simply didn’t care. Most are probably located in the hacker-haven countries such as Russia, China, North Korea, or Iran, that don’t have extradition agreements with the West. So they are not afraid of the FBI, not worried about being caught, and simply did not think the law enforcement agencies would be clever enough to find a way to seize their money. The second possibility is that they intentionally used bitcoin so that they would be traced and clues about their location would be exposed. In this scenario, the attack would have been more than just a commercial transaction; it would have been a demonstrative action.
As I said, I don’t know the right answer, but there is an important outcome of this attack, especially if it was a commercial one. Attackers are learning, and for the future attacks, other hackers, whose interests are purely commercial, will be using better methods that will allow them to slip away unnoticed while keeping their money (well, our money) safe. So it’s important that companies brace for impact.
While ransomware sounds terrible for most people, the security community knows how to avoid those attacks, so there is no reason companies shouldn’t be protected. A “Zero trust” architecture, with total multi-factor authentication coverage will deter hackers and prevent security breaches. Security is not free, but recent examples show that ignoring reality can be much more expensive.
This article was originally published by VentureBeat on June 13, 2021