Plague of ransomware points to pervasive problems with United States cybersecurity. Cracking down on cryptocurrencies isn’t the solution.
DOJ: ‘Today, we turned the tables on DarkSide’
The Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused Colonial Pipeline to halt its operations last month, officials said Monday. (June 7)
Whenever Bitcoin makes news, there is usually a good amount of confusion amid the headlines. This is the case with the recent story about the Colonial Pipeline ransomware hack. It is fantastic that pipeline billing operations have since resumed, and that federal agents have recovered much of the ill-gotten funds. But it is not true that cryptocurrency makes our systems less secure, nor has the government “hacked” Bitcoin.
Ransomware attacks happen frequently, but they usually don’t shut down gasoline sales on much of the East Coast. These cyberattacks target systems by encrypting or shutting users out from computers until they pay the attackers. Many businesses have had to deal with the headache of ransomware, and it can be more cost effective to just pay the attackers, as Colonial Pipeline eventually did.
This technique has been known for decades, well before the advent of cryptocurrency. But digital currencies can make ransomware more effective. Rather than asking a target to wire money or drop cash in some location, cryptocurrency payments can be made directly online. The rise of programs such as CryptoLocker in 2013 has made cryptocurrency-enabled ransomware a more prominent menace.
But while cryptocurrency might make ransomware payments easier, it also often leaves criminals more open to capture. Most popular cryptocurrencies use public blockchains that maintain records of all transactions forever.
Law enforcement officials can and do use blockchain analysis techniques to nab cybercriminals. This appears to be how the Colonial hackers were caught. Criminals of all flavors ranging from drug traffickers to money launderers and tax evaders are routinely brought down by blockchain analysis.
OPINIONS IN YOUR INBOX: Get a digest of our takes on current events every morning
And contrary to popular belief, the government did not need to “hack” Bitcoin to extract the funds. After tracing the blockchain to determine where the ransomware payments went, law enforcement agents procured a warrant to seize the funds the old-fashioned way.
Don’t clamp down on crypto
It is still unclear whether the agents went to a third-party service or knocked on an individual’s door and got the means to move the funds digitally. Either way, Bitcoin is working entirely as intended. Money can only move by a person who has the private key – kind of like a password – for a Bitcoin address. The government did not hack Bitcoin; it just obtained a private key.
What is a journalist?: AG Merrick Garland raises as many questions as he answers with First Amendment promises
Either way, critics say Bitcoin is socially undesirable. After all, it enables exotic hacks and criminal activity. Shouldn’t we clamp down on this technology?
We must compare Bitcoin with the overall security landscape. Hacking was a problem well before cryptocurrency, and the vast majority of cybercrime – and all crime, for that matter – occurs without any cryptocurrency involved. Blockchain analysis means that criminals often leave digital smoking guns that law enforcement officials use to pursue justice.
And we can’t blame Bitcoin for our generally poor cybersecurity stance. Sophisticated criminals and state-backed actors routinely infiltrate systems under the radar for extended periods, gathering data and planting malware. Ransomware often just gets more attention. One beneficial unintended consequence of ransomware proliferation might be that vulnerabilities are more quickly noticed and patched.
Nor is it the case that cryptocurrency is unregulated. Agencies like the IRS, the Securities and Exchange Commission, the Treasury Department’s Financial Crimes Enforcement Network and the Commodity Futures Trading Commission have well-developed rules around digital currencies, in addition to the states. If anything, cryptocurrencies are overregulated, and lawmakers should strive to update rules to be technology neutral and not treat digital monies any different than traditional payments. But rest assured: Bitcoin operates in far from a Wild West of unregulated activity.
A technology for freedom
Bad events grab headlines, but we can’t underrate the great benefits that cryptocurrency can provide. As a censorship- and inflation-resistant peer-to-peer private currency, Bitcoin can protect marginalized people from political repression and monetary mismanagement. No wonder so many in unstable or authoritarian countries like Venezuela and Nigeria have turned to cryptocurrency.
People in all countries and contexts have something to gain from cryptocurrency. If nothing else, blockchain currencies give people total control of their funds. No bank or government can move your money unless it gets your private key. This kind of financial sovereignty has proved quite valuable to people, as the high price of top cryptocurrencies attests.
Even governments are coming around to see the value of private digital money. El Salvador, for instance, is in the process of naming Bitcoin as an official currency.
Bitcoin is a technology for freedom. A few people have used that freedom to commit crime. Fortunately, blockchain forensics usually catches them quicker than law enforcement otherwise might. But the vast majority of people use Bitcoin for good and important reasons.
The bottom line is we shouldn’t ban or restrain cryptocurrency; we should embrace and promote it.
Andrea O’Sullivan is the director of the Center for Technology and Innovation at the James Madison Institute in Tallahassee, Florida. Her work focuses on emerging technologies, cryptocurrency, surveillance and the open internet.