White-Hat Hackers Are Already Being Caught in the Cryptocurrency Regulation Net
Cryptocurrencies have long been associated with cyber crime. The cryptocurrency Bitcoin was the de facto currency of the notorious online black market Silk Road, it remains the preferred payment method on the Dark Net, and the majority of ransomware attacks, including WannaCry, demand payment in Bitcoin. As if cryptocurrency didn’t have enough of a bad rep, shortly after the WannaCry attacks, reports emerged of a new type of cyber attack that may pose an even larger threat than WannaCry: cryptocurrency mining malware, which turns machines into “zombies” to mine a Bitcoin competitor called Monero. It’s no wonder that critics are clamoring for government cryptocurrency regulation.
Cryptocurrencies, in and of themselves, are not nefarious. Many perfectly legitimate businesses accept payment in Bitcoin, and large Wall Street investment firms are betting on a bright future for cryptocurrencies. However, outside the realm of tech enthusiasts, small-government advocates, and cyber security experts, cryptocurrencies are still widely misunderstood – and primarily associated with criminal activity. Ever since Silk Road was taken down, cryptocurrency critics, claiming that the digital currencies are fueling ransomware attacks and other cyber crime, have been calling for governments to implement cryptocurrency regulation, and these calls have grown louder since the WannaCry attacks.
Due to the very nature of cryptocurrencies – unlike fiat currencies, they are not issued or overseen by any central authority – attempts at cryptocurrency regulation have been slow and scattered. Unfortunately, it also appears that they may be harming the “good guys” more than the criminals, as reported in a recent story by CoinDesk. White-hat hacker Vinny Troia found his account on U.S. Bitcoin exchange Coinbase suspended after the exchange flagged his account for engaging in what they considered to be illegal activity, namely, paying ransomware demands and purchasing data from the Dark Net. Problem is, Troia was doing these things on behalf of his clients. Sometimes, Troia told CoinDesk, the best way to find out if a client’s information has truly been compromised, or to determine the scope of a hack, is to buy the data sets in question. Further, while it’s generally advised not to pay ransomware demands, some victims feel that paying up is their best bet; Hollywood Presbyterian Medical Center thought so.
Bitcoin Experts Blame Offshore Cryptocurrency Exchanges
Bitcoin experts and other cryptocurrency enthusiasts, alarmed by experiences like Troia’s and fearing Draconian cryptocurrency regulation, recently told a U.S. House subcommittee that the bulk of the problem lies with unregulated, offshore cryptocurrency exchanges, not those based in the U.S. and Europe, which must already comply with anti-money laundering and “know your customer” laws. However, these exchanges often strategically set up shop in countries where local governments are happy to look the other way and not cooperate with U.S. authorities in exchange for kickbacks.
Another issue hampering cryptocurrency regulation is the rise of next-generation cryptocurrencies such as Monero. While Bitcoin transactions are technically anonymous, the anonymity only stretches so far; all Bitcoin addresses and transactions are recorded on the cryptocurrency’s blockchain, allowing security experts and law enforcement to use blockchain analytics to tie addresses and transactions with users. Monero, on the other hand, uses ring signatures and stealth addresses to provide real, total anonymity.
Proactive Cyber Security Is Still Your Best Bet
Not everyone is against government cryptocurrency regulation. Morgan Stanley claims that government oversight is inevitable if Bitcoin wants to grow and truly go mainstream. But with technology advancing so quickly, the wheels of government moving slowly, and most politicians barely able (if at all) to grasp how the technology that powers cryptocurrencies works, cryptocurrency regulation faces an uphill battle, at best. Even if one technology were banned tomorrow, another one that gets around the new law would undoubtedly replace it. Governments need to tread lightly here, lest new regulations cause more problems than they solve.
Whatever the government decides to do with cryptocurrencies, the best way to cripple cyber crime is for organizations to engage in proactive cyber security practices that prevent hacks from happening in the first place.
The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance with all applicable laws, frameworks, and standards.