In the “2018 Trustwave Global Security Report,” which looks at a wide range of computing and internet threats, risks and vulnerabilities across more than a dozen industries and 21 countries, cryptocurrency has a starring role.
Trustwave, an information security company with three million business customers in 96 countries, has been observing cryptocurrency-related threats since not long after bitcoin (BTC) was released. Previous editions of Trustwave’s report discussed them, but this is the first year digital currency has gotten its own section, “Cryptocurrency and Crime.”
ThirtyK spoke with Karl Sigler, security research manager at Trustwave SpiderLabs and a 20-year IT security veteran, about the report, the future of cryptocurrency-related attacks and what we can learn from the failures of exchanges like Mt. Gox.
ThirtyK: When did Trustwave start seeing cryptocurrency-related crime?
Sigler: Probably shortly after bitcoin was publicly released. The largest story I remember is from our discovery of a Pony botnet controller that was used to steal cryptocurrencies from victims’ wallets back in 2014.
ThirtyK: How has it progressed since then?
Sigler: More adoption. Getting paid in crypto is pretty much the de facto standard at this point for criminals looking to be paid whether via ransomware or in selling stolen goods and services. We’re also seeing more “alt-coins,” coins other than bitcoin, being used. For instance, monero (XMR) is a popular alternative to bitcoin among criminals due to the privacy and anonymity features it has.
“When you have money, you have fraud and crime. It’s always been that way back to the dawn of civilization and will likely always be that way,” says Sigler.
Thirty: Why are bitcoin exchanges vulnerable to attack as opposed to, say, a big bank like Wells Fargo?
Sigler: Bitcoin and other cryptocoin exchanges often process a massive amount of currency but often don’t have the security protections in place like established banks do. If you store your cryptocurrency in an exchange, it’s very important to use an established exchange with a history of security and professionalism. To be fair, traditional banks and banking accounts get robbed every single day, whether by traditional holdup or tricking people into transferring money to a criminal.
ThirtyK: Is there anything current exchanges can learn from what happened to Mt. Gox?
Sigler: Take security seriously and maybe don’t trust crypto exchanges that were originally set up to sell and trade “Magic: the Gathering” cards [Mt. Gox stands for Magic: The Gathering Online eXchange]. Modern exchanges like Coinbase and Binance are much more mature.
ThirtyK: The report recommends we treat cryptocurrency like physical money. Why?
Sigler: In the end, it’s currency and the people who hold it demand a certain level of protection against fraud and theft. We’ve seen all sorts of evolution of currency over the years. Many people actually carry around debit or credit cards instead of physical money, so the abstraction of currency is nothing new.
The Future of Crypto Crime
ThirtyK: What do you expect the future of cryptocurrency-involved crime to be?
Sigler: With the widespread creation of new non-bitcoin crypto-coins I think there will be more attacks that target those coins directly. If you can find a flaw in the code, you might be able to funnel coins to your own wallets without authorization or commit fraud like “double payments,” or buying two things with the exact same coins.
ThirtyK: Sometimes cryptocurrency feels like a runaway train. Is it growing too fast to be safe?
Sigler: I don’t think so. I’ve been involved with the community for years and there are all sorts of peaks and valleys in not just interest, but value. I think it’s had a very natural evolution.
How to Protect Your Cryptocurrency
ThirtyK: How do these kinds of security risks affect businesses vs. individuals, i.e., me typing on my laptop?
Sigler: Businesses investing in cryptocurrency should use all available security protections to protect that investment. Strong passwords and using a well-protected local wallet rather than an online exchange can help.
As an individual, I would recommend using an established [cryptocurrency] exchange or, if you’re comfortable with the technology, using a local wallet that’s backed up and protected with a strong password. To prevent malware like ransomware that expects to be paid in cryptocurrency, make sure that your software is consistently patched and up to date and beware of strange web links or emails that you are not expecting.
ThirtyK: Should businesses worry more about becoming bots for cryptocurrency mining or ransom attacks?
Sigler: Ransomeware attacks are by far much more damaging than crypto-jacking, aka forced cryptocurrency mining. While crypto-jacking might steal some electricity or tie up your IT resources, ransomware attacks your data.
ThirtyK: Cryptocurrency apostles talk about unlimited possibilities for progress and change. Does this also mean unlimited possibilities for this kind of fraud, too?
Sigler: When you have money, you have fraud and crime. It’s always been that way back to the dawn of civilization and will likely always be that way.
ThirtyK: I know Trustwave has been putting together these reports for some time. Is there anything else we can compare cryptocurrency and cryptocurrency crime with?
Sigler: These cybercrimes haven’t really changed over the years. What’s new and what cryptocurrency changes is how criminals get paid. Cryptocurrency also gives these criminals a new target for theft, whether it’s targeting a wallet stored on an individual’s laptop or targeting a full online exchange.