Bitcoin in Cybercrime: Questionable Choice That Works
Posted on 02-25-2020.
Looking through the news that came up during the month, one may notice several closely packed cases of hacking, extortion, and other unsavory activities involving Bitcoin. While there seems to be no particular connection between these cases, this is an unkind reminder not to be negligent about basic cybersecurity.
In this piece, we look into the recent events of Bitcoin extortion and figure out if there is something to be wary of.
Right at the beginning of the month, news came through about a data breach affecting 5 law firms in the U.S. According to the report by Cointelegraph, hackers demanded two separate ransoms of 100 BTC from each firm. One would restore access to the data, and the other would buy the hackers’ promise to delete whatever info they’ve copied instead of selling it.
All five hacks are attributed to a criminal group called Maze. The group would target companies and post their names on a website. If a company refuses to pay, the criminals start publishing portions of the stolen data until the ransom is paid. According to Coindesk’s sources, the law firms in question faced a similar scenario.
Later, on February 12th, The New York Times wrote about two mail bomb explosions in post offices in the Netherlands. The explosive devices were said to be not too powerful and luckily nobody got hurt. Notably, in both cases, the sender included notes in which they demand an undisclosed sum in Bitcoin to prevent subsequent attacks. There’s been no news about the investigation so far, but at least the harm was minimal.
Adding to the cybercrime media coverage, in February, the French authorities reported that over the last year at least 90,000 people across the country were victims of “sextortion.” These people paid from hundreds to thousands of euros, primarily in BTC, to prevent the criminals from publishing explicit materials obtained through their hacked webcams. For comparison, in 2018, only 28,885 people were registered with similar cases. This is less than a third from 2019’s numbers.
Lastly, on February 18th, a cybersecurity blog KrebsOnSecurity wrote about the new wave of extortionists who target the users of Google AdSense. The criminals threaten to generate fake views for the ads, prompting Google to block the affected website. Those who want to avoid the trouble were asked for a ransom of $5,000 in Bitcoin.
“Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with a huge amount of direct bot-generated web traffic with a 100% bounce ratio and thousands of IPs in rotation—a nightmare for every AdSense publisher,” reads the message a user got from the criminals.
Google didn’t comment on any particular cases of AdSense-related extortion but commented that the cases of such sabotage are rare and encouraged publishers to contact the company’s support and check the “tips for AdSense publishers on sabotage” presented in Google’s help center.
While these are still separate cases of extortion, they are all similar in using Bitcoin for the ransom. This is a highly questionable way to go with cybercrime, considering the technical side of Bitcoin and a selection of alternative cryptocurrencies that seem like a better fit for the task.
“It isn't obvious why in all these cases Bitcoin was the currency of choice. The anonymity of Bitcoin is a myth and there are cryptocurrencies that appear to be much more instrumental for a shady business like extortion. The people behind the crimes either know something very special or are simply arrogant,” an independent cybersecurity expert said in a comment to forklog.media.
On the other hand, the most straightforward explanation is that almost any cryptocurrency would be better for the job than non-crypto options. Given that, Bitcoin stands out as the most alluring currency in the economic sense. Its popularity means that coins can be traded on any exchange with very few exceptions, while the users and also the victims face less friction when dealing with Bitcoin.
Combined with the hackers’ ability to operate from an arbitrary point on Earth and the tools, such as coin mixers, that make transactions harder to trace, these aspects make Bitcoin not the best, but a viable option for cybercriminals.
Ransomware and extortion attacks have been part of the online world for a while now and may intensify over the course of 2020. As the digitalization goes on, the criminals are getting better tools and the prey gets heftier.
While the volume of cybercrime involving Bitcoin and other cryptocurrencies is expected to grow along with the popularity of the currencies themselves, it nevertheless contributes to the negative portrayal of the entire crypto-industry.
Importantly, this doesn’t pose an immediate threat to those who follow basic precautions ranging from checking domain names and emails to putting a sticker over a laptop camera. You can only be safe entirely off the grid, but being cautious, and a bit lucky, is what works for most people.
Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.