In 2016, I invested 2 U.S. cents in bitcoin. Two years later, bitcoin had increased in value by more than 34 times, and my investment was worth—get ready for it—68 U.S. cents.
For those who take their investments more seriously, achieving a 3,400-percent return may seem like a wild success story—yet it’s happened! (See Figure 1.)
Investors aren’t the only ones interested in cryptocurrency, however; cybercriminals are thrilled with the idea of unregulated, untraceable money. In fact, you can thank cryptocurrency for some of the most popular cyberattacks we see today. To understand how cryptocurrencies affect cybercrime, let’s take a look at some cryptocurrency fundamentals.
What Is Cryptocurrency?
Cryptocurrencies are digital, alternative currencies that do not have any physical form. But how do they work, and how are they different from traditional currency?
- The intention of cryptocurrency is to create a decentralized form of currency that doesn’t have a middleman (i.e., bank or government) regulating transactions. This helps lower transaction fees, prevents tracing purchases back to a buyer, and facilitates international purchases.
- Cryptocurrencies are attractive because transactions are anonymous and offer the potential for a quick gain.
- The first cryptocurrency, bitcoin, debuted in 2009, although the concept of cryptocurrency dates back decades before then. Other forms include ethereum, monera, and litecoin.
The Dark Side of Cryptocurrency
If you want to protect your information against cyberattacks and maintain a healthy level of awareness of the latest threats, it pays to understand how cryptocurrencies affect cybercrime. Here, we’ll explore three ways cybercriminals are taking advantage of cryptocurrencies.
1) Black market transactions. Did you know that there are portions of the Internet that can’t be accessed through your standard browser? An infamous area of cyberspace, known as the dark web, is accessible only through specialized browsers that help keep user activity anonymous. Criminals flock to this hidden part of the Internet to purchase and sell hacking services, compromised credentials and credit card numbers, and other contraband (e.g., drugs, weapons).
So if specialized browsers help visitors reach these places anonymously, how could transactions be made anonymous too? You guessed it: cryptocurrency.
Because there is no central body regulating cryptocurrencies, transactions don’t have to go through a bank, credit union, or other agency. Although cryptocurrency wallets (i.e., accounts where cryptocurrency is stored) have identifying numbers, there’s no surefire method of tracing a wallet to an individual person.
You’ll notice that, as cybercrime flourishes, so does cryptocurrency, due to rising demand.
2) Ransomware. Today, the most popular, profitable form of malware is ransomware: malicious software that holds your files for ransom (via encryption) and demands a sum for returning your files. Ransomware has made headlines a number of times in the recent past for affecting personal computers, damaging businesses, and interrupting hospitals and transportation systems.
Of course, when ransomware strikes, the attackers ask for none other than cryptocurrency. But how do victims pay in cryptocurrency if they know nothing about it? When ransomware infects a computer, a pop-up appears with the ransom message—along with instructions for purchasing and using cryptocurrency.
Attackers are so dedicated to getting the whole transaction system to work that some even offer full-fledged online support centers. You can start a support chat with one of the attackers to figure out how to access the dark web and exchange dollars for bitcoin. It’s ironic to think of these criminals providing “customer service,” but it can be necessary when they prey on folks who know nothing about using cryptocurrency.
3) Cryptojacking. There’s another way to get cryptocurrency that doesn’t involve holding data for ransom. For new cryptocurrency to enter circulation, that currency must be mined. This requires downloading a free cryptomining tool and letting it run. Over time, the program will earn more cryptocurrency for the user to spend online.
But “free” isn’t really free. When your computer is cryptomining, it’s solving complex puzzles to create new cryptocurrency, and this consumes a massive amount of energy. Many miners invest in powerful equipment to get the job done. And even then, the rate at which cryptocurrency is mined doesn’t always outweigh the inflated electric bill.
Unfortunately, someone, somewhere, had this bright idea: what if you could force others to cryptomine for you?
Enter cryptojacking. This new malware typically compromises public websites. It then steals the processing power of visitors to the site—without their knowledge—and uses that power to mine cryptocurrency. Lately, the media has tried to blow this out of proportion as the “next big thing” after ransomware, but in truth, cryptojacking does not put the confidentiality or integrity of your information at risk.
A replacement for Internet ads? What if cryptojacking were used as a legitimate revenue stream rather than a malicious cyberattack? In February, Salon.com, a popular news site, launched the beta of its “Suppress Ads” feature, which allows readers to block ads by allowing Salon to use their unused computing power. Visitors can get an ad-free experience if they cryptomine for Salon in return.
Does the tradeoff make sense? Similar to cryptomining, ads also use up our resources. Ever visit a site so riddled with ads that your browser can’t handle it? If cryptomining ends up being easier on your machine, is it a less interruptive way for companies to profit off of web traffic?
This isn’t to say that cryptomining is justified; it just isn’t worth losing any sleep over. Threats like phishing and password attacks still take the cake in terms of probability and impact, so it’s better to focus our efforts on those areas before worrying about the new threat in town.
Protecting Yourself with Knowledge
It’s no secret that cryptocurrencies have had a lot of influence over the ever-evolving threat landscape. Even if you don’t plan to invest in a cryptocurrency, you shouldn’t turn a blind eye to it. To protect your information against cyberattacks, it’s important to maintain an awareness of threats old and new—and that includes understanding how cryptocurrencies affect cybercrime.
Are you skeptical of cryptocurrencies and their potential effect on cybercrime? What methods do you use to protect your information against cyberattacks? Please share your thoughts with us below.