THE SUBJECT OF this month’s
column came about as a result of
a conversation with a friend who
works in cyber intelligence for a
large global corporate. We often
discuss the latest methods used
by the bad guys as they attempt
to breach his networks, but when
he mentioned “bitcoin-mining
malware” I will admit to being a
little taken aback. This method of
conning you out of your cash
was certainly new to me.
We’ve long seen compromised
networks turned into botnets to
run spam email campaigns, but
using the computing power
you’ve stolen to generate cash
directly seems a logical step, and
so the bad guys have forced
compromised machines to labour
in the bitcoin mines to enrich
themselves at your expense.
This type of compromise has
the potential to be even more
annoying to those infected than
having your machine used as a
spam server. The reason for this
is the way bitcoin mining works;
the malware could make your
whole network slow to a crawl
and lead to some terrifying bills.
To explain why this type of
malware is so nasty, it’s worth
explaining what bitcoin is. It’s one
of a number of so-called
cryptocurrencies, and its use is
becoming more and more
mainstream, with everyone from
hairdressers to restaurants
accepting the virtual currency.
The bad guys can attempt to
generate bitcoins from their
infected botnets, and then spend
them in normal shops: it’s a
direct way to generate cash from
malware without having to jump
through any hoops. The malware
writers are helped by the fact
that, while bitcoin transactions
between bitcoin addresses are
publicly accessible, each bitcoin
address isn’t necessarily linked to
a real human, making it less likely
they’ll be caught when spending
their ill-gotten gains. So the
baddies love bitcoin. However, we
still need to explain why it’s so
bad for a home user to contract
a bitcoin malware infection.
CHAIN REACTION
At the heart of bitcoin is
blockchain technology. A
blockchain is the public ledger of
all bitcoin transactions that have
ever been made. The blockchain
consists of blocks that can be
thought of as individual ledger or
page entries that record each
transaction during a certain time
period. When that time is up, the
block is added to the blockchain.
Each computer (or node)
connected to the bitcoin network
that is running mining software is
tasked with validating and
relaying transactions. To do this,
it sometimes needs to download
a copy of the bitcoin blockchain.
It follows that the blockchain is
constantly growing as blocks are
added to it; at the time of writing,
the size of the blockchain is
about 50GB. If you’re being taken
for a ride by the virus writers,
this will take a big chunk out of
your hard disk space and bung
up your broadband; if you’re on a
limited broadband connection, it
may also cause you to be hit with
a bill from your ISP. More recent
bitcoin versions let you mine
without the entire blockchain,
and this is more likely the
approach to be taken by malware
writers; most people would
notice a 50GB chunk being taken
out of their hard disk space.
Mining bitcoins is a very CPU
(and GPU)-intensive process.
Bitcoin miners constantly process
and record transactions as they
take place and are competing in
a type of race to ‘complete the
current block’ in order to win a
stash of bitcoins. Each block is
sealed off with a hash that is
created from all the data in the
block. If you were to change
anything in that block, it would
also change the block’s hash, so
anyone verifying transactions
would be able to tell that the
block had been tampered with.
This verification process is
not in itself processor-intensive.
However, the total number of
bitcoins ever to be produced is
set at 21 million, and computers
are good at creating hashes. In
order that today’s powerful PCs
don’t just mine all the bitcoins in
a hurry, a degree of complexity is
added to the hashing process
BLOCK PARTY
It is the difficulty of the maths
problem that regulates the
creation of new bitcoins, since
new blocks can’t be submitted to
the network without the answer.
The reward for completing a
block is currently 25 bitcoins, and
at present exchange rates and
electricity prices the power
consumed would cost more than
the bitcoin reward. If you were to
start your own bitcoin-mining
operation, and don’t happen to
have your own wind farm, it
wouldn’t be worth the effort.
However, if you’re running a
botnet using other people’s PCs
and electricity, that isn’t your
problem: free bitcoins for you!
Bitcoin and the technology
behind it has enormous potential.
It provides a way of verifying
financial transactions without a
central authority; the integrity of
each transaction as well as the
ledger as a whole is maintained
by the network’s users. It’s this
feature, together with minimal
transaction costs and the fact
that the register is decentralised,
that has captured the attention
of the financial industry.
But no matter how useful the
technology appears, the bad
guys seem to have found a way
to use it to their own advantage.
All we can wish for is that the
researchers prioritise system
security during their endeavours.
Here’s hoping
No comments:
Post a Comment