Many of London’s biggest banks are likely to be stockpiling Bitcoins in order to pay off criminal cyber gangs that hold them to ransom by threatening to damage their IT systems. Bitcoin, which is highly sought after by hackers because, if used correctly, cannot be traced. Large blue chip organisations are acquiring Bitcoin in order to pay off the ransoms, according to a leading IT expert. On Friday, hackers struck the websites of various leading online firms including Reddit, Spotify and Twitter.
They use a special code (or malware) to harness the many hundreds of thousands of internet-connected devices; including Desktops, Workstations, Laptops, Tablets, CCTV cameras and printers, to launch DDoS attack (Distributed Denial of Service) via a US business called Dyn, which provides directory services to online businesses.
DDoS attacks involve overwhelming servers with so much bandwidth they cannot cope. There is nothing to suggest that Dyn was the subject of extortion or any demands but it has become obvious that hackers have been utilising the code to intimidate other businesses into paying them in Bitcoin or chance becoming the victim of similar crimes.
Dr Simon Moores, a retired technology ambassador for the UK government and chair of the annual international eCrime Congress, said the scale and fierceness of the strikes meant that some banks were of the view that it was cheaper to pay off the hackers than risk an attack. “The police acknowledge that they don’t have the resources free to deal with this because of the notable growth in the number of attacks,” Moores said. “From a completely pragmatic viewpoint, financial organisations are now reviewing the need to stockpiling Bitcoin in the unfortunate chance that they themselves become the target of a high-intensity attack when law enforcement conceivably won't be able to assist them at the desired speed with that they need to put themselves back in business.”
Moores refused to name the banks buying up bitcoins but it is understood senior police officers have been informed of the practice. The damage to a business from an attack can far excel paying off the blackmailers. Telecoms provider TalkTalk lost over a hundred thousand customers and suffered costs of over £60m as a consequence of a cyber attack last year.
“Big corporations are starting to fret that an attack is no longer an information security matter, it’s a board, shareholder and customer trust issue,” Moores said. “What we are seeing is a weaponization of these hacking tools. It becomes a much deeper issue than businesses have ever anticipated.” In recent months, DDoS strikes have led to approximately 600 gigabits of data per second being focused on victims – more than sufficient, according to experts, to bring most websites down. Moores foretold that the situation was becoming crucial. “Once it goes beyond a terabit, that wipes out any protection. No current safeguard system can deal with that kind of flood.”
In September, KrebsOnSecurity.com was the victim of what it reports as “a remarkably large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline”. Initial statements put it at roughly 665 gigabits of traffic a second; far more than is typically required to knock most sites offline. Some specialists believe the attacks were launched as a response to pieces that Krebs had published about the DDoS-for-hire service vDOS, which corresponded with the arrests of two young men recognised as its originators. The offence on Krebs was launched by a large botnet, a gathering of compromised and enslaved computers – which in this case, hundreds of thousands of hacked devices that composed of the internet of things (IoT), notably routers, IP cameras and digital video recorders. These devices are the Internet’s Achille's heel.
Unlike laptops, desktops, tablets or smart-phones, they are often-times not password protected, relying on factory settings. Because of this, they make easy targets for botnets scanning the internet for IoT systems that can be effortlessly compromised. The Krebs attack may have gone mostly unnoticed outside of internet security circles if someone using the name Anna-senpai had not then chosen to publish the source code that powered the botnet on to a hackers’ forum.
"When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai said on the Hack Forums site. “I made my money, there's lots of eyes watching the IoT now, so it’s time to GTFO.” Within hours of Anna-senpai’s decision to publish the botnet into the wild, it created havoc as others began to apply the code to enslave more devices.
Soon an army of zombified machines was mobilising against Dyn. By targeting Dyn; it appears that hackers were able briefly to disrupt a raft of sites. Others that announced problems included Mashable, the Wall Street Journal, CNN, New York Times and Yelp. Amazon’s web services reported issues in western Europe. In the UK, Twitter and numerous news sites could not be reached by some users. Anna-senpai’s identity and motivation for releasing the code remain a mystery. Some believe state agents were involved. Russia, China and North Korea have all been named in IT circles.
“While this particular attack may not have been motivated by extortion, a new model of ransom based attacks could be on the horizon, driven to pay off threats for fear of infrastructure customer blackouts,” said Thomas Pore, of IT at Plixer, a malware incident response company. “An infrastructure outage, such as a denial of service, against a service provider affecting both the provider and consumers may provoke a quick ransom pay-off to avoid undesired customer attrition or substantial financial impact.” The dilemma facing businesses fighting the hackers is becoming one of scale. The devices the hackers can recruit to propel their attacks is developing exponentially. It is estimated that there are anywhere between 7bn and 19bn devices connected to the IoT at the moment. Conservative forecasts advise that this figure will expand to between 30bn and 50bn within five years. At some point, Moores maintains that the dam will explode as the rollout of connected smart devices will permit for the harnessing of devastating computer power that can no longer be repelled by existing IT security systems.
He draws a parallel with financial crises, predicting that a “Lehman Brothers occurrence” is on the cards. “We’ve got to get to grips with this,” Moores said. “Everybody’s overexposed.” “Mafiaboy”, a 15-year-old Canadian called Michael Calce, launched the first significant distributed denial-of-service attack (DDoS), crippling popular websites. His Project Rivolta took down Yahoo, the number one search engine at the time, and many leading tech firms.
Hacking collective Anonymous targeted the Church of Scientology in an action called Project Chanology that briefly knocked Scientology.org offline. A cyber-attack by anti-Israel groups on the eve of Holocaust Remembrance Day failed in its attempt to erase all mentions of Israel from the internet. Spamhaus, a filtering service to weed out spam emails, was subjected to a DDoS attack after adding a web hosting company called Cyberbunker to its blacklisted sites. Cyberbunker and other hosting companies hired hackers to shut down Spamhaus using botnets. At its peak, the attack was being handled at a rate of 330 gigabits a second, around five times the normal DDoS attack. A group called New World Hacking attacked the BBC’s website at a rate of 602 gigabits a second, almost twice the size of the previous record of 334 gigabits a second.
What do Bitcoin Miners UK think?
As much as we don't condone hackers, the idea of the banks using Bitcoin for any reason is only a good thing. And although insignificant to the damage that is caused by devaluing currencies, the idea of people not wanting to have their ransoms settled with their fiat currency is in many ways amusing.
For people worried about DDOS growing out of control is blowing things out of proportion, yes the IOT will get bigger and many of the more easily hacked devices will become more secure to prevent this and simultaneously, the DDOS protection services are constantly improving in line with the machines they have to defend, if anything more so. But it is not a bad thing to be over-prepared for events like this.
If you have any questions about using Bitcoin for you business or Bitcoin mining it would be great to hear from you.
Article from our own Bitcoin Miners UK Blog