{"id":269,"date":"2015-06-18T08:25:05","date_gmt":"2015-06-18T08:25:05","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/security\/?p=269"},"modified":"2015-06-18T08:25:05","modified_gmt":"2015-06-18T08:25:05","slug":"perils-of-an-unregulated-global-virtual-currency","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/security\/2015\/06\/18\/perils-of-an-unregulated-global-virtual-currency\/","title":{"rendered":"Perils of an Unregulated Global Virtual Currency"},"content":{"rendered":"

We (Dylan Clarke, Patrick McCorry and myself) recently presented a position paper at the 23rd<\/sup> Security Protocols Workshop (SPW) in Cambridge. Our paper, titled Bitcoin: Perils of an Unregulated Global P2P Currency<\/em>, makes the case that the ideological and design choices that define Bitcoin\u2019s strengths are also directly responsible for the Bitcoin-related crime that we encounter in the news so often today.<\/p>\n

In a nutshell: Bitcoin\u2019s anonymity and lack of regulation are key to freeing users from central banks but they also empower drug dealers and money launderers. Using virtual assets as money reduces dependence on banks as users can handle their own wealth, but this opens the door to hackers and malware. Mainstreaming an entire global financial infrastructure to trade virtual assets cuts banks out of the picture entirely, but also de-risks crime, exposes users to threats from all over the world and opens a Pandora\u2019s box of ethical and legal dilemmas.<\/p>\n

We do a quick survey of the landscape of Bitcoin-related crime and observe that crime is thriving with rapid growth and increasing sophistication. Dark markets are taken down often but they continue to grow<\/a> in numbers and volume. Bitcoin also de-risks crime: drugs can be ordered almost as easily as pizza, and criminals no longer need to take the risks traditionally associated with setting up and protecting illicit financial flows. Bitcoin exchanges are a regular target for hackers and customers routinely end up losing their coins. Malware that steals bitcoins from victim\u2019s computers is booming. The ransomware industry is also thriving. In a short space of three years, CryptoLocker and CryptoWall have claimed hundreds of thousands of victims and successfully made tens of millions of dollars. There\u2019s now even a DIY ransomware kit out called Tox<\/a> \u2013 customers download an executable, secretly infect someone\u2019s computer, and then share the ransom with the makers of the kit.<\/p>\n

Flipping Bitcoin\u2019s positive strengths also gives us insight to anticipate future threats: Governments and law enforcement are already sounding the alarm that Bitcoin\u2019s anonymity and lack of regulation is ideally suited for tax evasion and money laundering. Non-currency exploits can piggyback on the Bitcoin network infrastructure. Researchers have already demonstrated<\/a> how to deliver malware and operate botnets by crafting Bitcoin transactions embedded with malicious payloads.<\/p>\n

There are no easy answers to this. If Bitcoin becomes ubiquitous, this will be the new normal. It is not possible to \u2018tweak\u2019 Bitcoin to make the negatives go away without affecting its key strengths. This is similar to the TOR dilemma \u2013 i.e. an anonymity network for activists living under repressive regimes will also empower hate speech and illegal pornography. This tradeoff, for Bitcoin, has yet to be explicitly acknowledged.<\/p>\n

This theme \u2013 that we must recognize certain security threats do not have solutions in the technological domain \u2013 emerged periodically on the three days in the workshop in talks on disparate topics, including browser fingerprinting, TOR deployment and software design.<\/p>\n

Apart from that, it was good weather in Cambridge. This was my first time at SPW, this particular workshop was\u00a0hugely inspirational during my own PhD, and I was very excited to participate in it for the first time. The food was spectacular. A big and surprising highlight was \u2013 I\u2019m a big fan of Lord Protector Oliver Cromwell<\/a> \u2013 and during the course of the workshop I discovered not only did he study in the college where our workshop was being conducted, Sidney Sussex college \u2013 but even more astounding \u2013 that Oliver Cromwell\u2019s head<\/em><\/a> was buried in a room\u00a0right next<\/em> to where we were convening. (Cromwell died in 1658, his body was disinterred after the British monarchy was restored in 1659 and was hung and decapitated. The head passed into the hands of private collectors and was finally secretly buried in Sidney Sussex College in 1960).<\/p>\n

\"Plaque<\/p>\n

The technical report for our\u00a0paper can be found\u00a0here<\/a>\u00a0and all SPW\u00a0talks are liveblogged here<\/a> (courtesy of Ross Anderson).<\/p>\n","protected":false},"excerpt":{"rendered":"

We (Dylan Clarke, Patrick McCorry and myself) recently presented a position paper at the 23rd Security Protocols Workshop (SPW) in Cambridge. Our paper, titled Bitcoin: Perils of an Unregulated Global P2P Currency, makes the case that the ideological and design … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":5466,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,10],"tags":[16,15],"class_list":["post-269","post","type-post","status-publish","format-standard","hentry","category-academic-paper-2","category-conference-presentation","tag-bitcoin","tag-cryptocurrencies"],"_links":{"self":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/269","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/users\/5466"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/comments?post=269"}],"version-history":[{"count":1,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/269\/revisions"}],"predecessor-version":[{"id":271,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/269\/revisions\/271"}],"wp:attachment":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/media?parent=269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/categories?post=269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/tags?post=269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}