Giving cryptocurrency to making sure cybercrime doesn't pay

Ahead of his session at our annual conference, Professor Bill Buchanan from Edinburgh Napier University's School of Computing asks how cryptocurrency has changed cybercrime and asks what can be done to regulate this area.

While this information age brings many new opportunities, it also brings many risks. Our finance industry will see increased payment speeds and reduced costs, along with more frequent use of strong cryptography. Within this world, transactions will often be signed using a private key, and then a consensus network will quickly define the validity of the payment. While the SWIFT network has seen many recent hacks, a public ledger may actually cut-down the opportunities for hacking, but the opportunities for cracking cryptocurrency wallets bring new risks.

Cryptocurrencies, though, are now also being seen as the currency of choice for many cyber criminals. With the usage of cryptocurrency, it may become more difficult to investigate money laundering, terrorist financing and cyber-enabled crime. While many cryptocurrencies are currently pseudo-anonymised, currencies such as Monero, and zCash have moved to the anonymisation of both the sender and the receiver of a payment, along with the anonymisation of the transaction amount.

Our current financial infrastructure has existed for centuries and integrates with global and national financial regulations. A key focus for these regulations is often around anti-money laundering (AML), the gathering of taxes, and in the detection of financial fraud. Financial organisations must therefore report on suspicious transactions. Within a cryptocurrency world, there can often be little trace of financial transactions, and this is a major concern of many governments and law enforcement agencies around the world. Some criminals, too, have even refuted accusations of criminal activity by claiming that the transactions are not of a financial nature.

There is currently much debate as to whether we need a principle-based approach to the application of regulations rather than a rule-based method. These may focus on a FinTech Federal Charter, which would outline the reporting of SARs (Suspicious Activity Reporting); increased collaboration between AML compliance and cybersecurity risk agencies; along with the sharing of information between financial institutions.

The incidence of cybercrimes involving cryptocurrency has increased over the years, and many criminals look for cryptocurrency for payments. These crimes often exist in the dark web, such as for crime-as-a-service. A cybercrime can thus be set up for a phishing and ransomware campaign, and which are automated in the setup, implementation, and in the payment gathering. Along the way, the path back to the originator is then covered up using of botnets, proxies, and code scramblers. The success rate of ransomware, for example, can be as high as 50%, but many of those who are infected don't actually get their data back, even though they have paid the ransom.

Other criminal activities exist in plain sight of law enforcement. One of the most successful attacks is RDoS (Ransomware Denial of Service) attacks. These often start with a social media post or a letter which announces a forthcoming attack on a site, unless a payment is made. In order to show their power, the attackers will often launch pre-attacks to show that they are serious in their demands.  In some cases, the success rate of this can be greater than 95%.

In 2017, a hacking group named the Armada Collective launched an attack on Nayana (a South Korean web hosting company). The company eventually paid a ransom fee of around $1 million. After this successful extortion of funds, others have tried to cash-in with claims of an attack, that never actually happens. A recent estimate is that around one in six organisations — worldwide — have received at least one of these ransom notes.

Bill is a Professor in the School of Computing at Edinburgh Napier University. His session at Leading Legal Excellence will investigate the modern cybercrime industry and its use of cryptocurrencies. It will also present models which could be used to regulate against possible crimes. Book your place now.