Cybercrime has morphed over the past decade or so. With unbreakable encryption making breaking directly into a network all but impossible, phishing, Distributed Denial of Service (DDoS) attacks, and other methods of indirect hacking have become en vogue. As a result, software companies are looking in some strange places to find building blocks for intrusion mitigation. One interesting emerging technology being used for this purpose is blockchain.
Developments in blockchain technology have begun to be stretched past keeping records and cryptocurrency. Today there are a couple companies using blockchain to create innovative cybersecurity solutions that aim to drastically reduce a company's exposure to cybercrime. No matter what vertical you work in, blockchain-integrated solutions have begun to pop up. Building new solutions with blockchain is incredibly popular nowadays, but is it just a buzzword used for its role in marketing, or is it making a discernible difference in these solutions?
Often thought to be “unhackable”, security professionals developing a blockchain-based cyber security platform isn’t all that noteworthy, until you realize how they are going about it. Developers have begun to create blockchain-based platforms that uses the distributed nature of the solution to power content delivery networks (CDN) and DDoS attack mitigation services. It does this by allowing users to rent out their spare bandwidth to use as security computing.
This will potentially reduce the ability for hackers to execute attacks, lower the cost for businesses to mitigate the effects of these attacks, and capitalize on their extra bandwidth. Other developers are using smart contract adoption to secure their interoperability and file security.
Being a human invention, there have been some kinks in blockchain technology. For those of you who do not know how the blockchain works, here is a very stripped-down definition: Every transaction made through the blockchain, financial or contractual, is given a permanent, designated “block” in the chain. In order for it to be added to the ledger, the rest of the network (every other node) needs to approve this new block’s validity. Once it is added, it cannot be altered and provides an unchangeable record of the transaction. If a block needs to be changed, a new block would have to be entered. It is only then that the transaction is completed.
While this method may seem extraordinarily secure, this “unhackable” technology has its flaws. In 2018 alone just under one billion dollars' worth of cryptocurrency was stolen. Of the $927 million taken, $532.6 million of it was hacked from the Tokyo-based cryptocurrency company Coincheck where 500 million XEM coins up and vanished from the exchange.
To my surprise, one investigation found that some blockchain and cryptocurrency constructs has over 40 different vulnerabilities. Here are a couple:
Many of blockchain’s vulnerabilities have more to do with the nature of the platform as well. One such vulnerability is known as a 51% vulnerability and is associated with mining cryptocurrencies. Let’s assume you are a cryptocurrency miner and you accumulate hashing power that exceeds more than half of what the blockchain contains, you could leverage a 51% attack to manipulate the blockchain to your own advantage.
Obviously popular blockchains, typically associated with renowned cryptocurrencies, have too big of a price tag to be practical targets for such a hack. Less expensive coins, however, are, and can be lucrative targets for hackers. In 2018, 51% attacks were leveraged against new cryptocurrencies, netting the attackers the equivalent to approximately $20 million.
Using a blockchain requires a user to have a private key to unlock the naturally encrypted platform. Naturally, if this key were to be stolen, the thief would be able to access the user’s blockchain. What’s worse, because the blockchain is decentralized, these kinds of actions are difficult to track and, as designed, harder to undo.
It’s hard to forget in this world that is completely integrated with technology that some tech is just in its infancy. Blockchain, especially outside of the cryptocurrency sphere is only emerging and the tech built with it should be looked at through skeptical eyes. Stay up to date with the latest technology concerns and information, subscribe to Symmetric Engineering Group blogs.