Blockchain and Nefarious UseA peek under the surface

Mariusz Nowostawski

Norwegian University of Science and TechnologyIDI NTNU

SwissRE - January 2017

Introduction

NTNU

→ University

IDI

→ Computer Science

CCIS

→ Centre for Cyber and

Information Security

NTNU.no Norwegian University of Science and Technology

● Oldest and largest campus in Norway● 49k students● Spread over 4 campuses● Largest Computer Science department● Strong research in AI, Peer-to-Peer systems● Strong programming focus curriculum

CCIS.no

Centre for Cyber and Information Security

→ Consortium of 26 academic and industrial partners

Focus on:

● Security research● Cyber defence● Forensics (Testimon group)● Critical infrastructure● Malware and Dark Web

The Team

I am part of Testimon Group

Prof. Katrin Franke

Prof. Slobodan Petrovic

Assoc. Prof. Stefan Axelsson

PhD: Dmytro Pyatkovsky

MSc: multiple students

About me

● Computer Scientist● Coder● Lecturer● Entrepreneur

Research Interests

● P2P systems, Mobile systems, Web technologies● Decentralized Systems● Autonomous Systems

BlockchainPeople

Technology Enthusiasts

Libertarians

Speculators/Investors

Commercial Companies

Criminals → big and small

Nefarious UseOf Blockchain Technology

DarkWeb marketplaces

Anonymous currencies

Malware

Ransomware

Other uses

Darkweb Marketplaces

Market size: 300M USD/annum (2016), estimated 1B USD (2017)

● Drugs● Fake IDs● Counterfeit currency● Compromised data, eg. payment cards, online account credentials● Malware and Ransomware kits● Weapons, real and cyber● Explosives● Chemical substances● Guides for criminals/crackers/blackhat hackers

Darkweb Marketplaces

It looks as of scammers are using it to collect premiums from naive users:

● Terrorists funding sites● Murder orders, Murder for hire offers● Terrorist attack orders

There is some evidence suggesting that those darkweb sites are mostly fake.

Darkweb Marketplaces● Need for anonymous, digital payment system● Bitcoin natively is not anonymous●

Note

● The need for anonymity and privacy strongly correlates with Darkweb Marketplaces, but it is not limited to Darkweb. The same need drives commercial companies research, and libertarians

Emergence of:

● Deanonymization industry● Mixing services, ring signatures, and so on

○ Fake mixing services○ Fake vanity address generators○ Compromised privacy conscious

● Anonymous currencies and mixing services○ Monero, Dash, Cloak, Nav

● New research projects, and research progress○ ZeroCoin, ZCash

● Stronger need for anonymity in the blockchain from the industry too

● Privacy considerations

Child Abuse[mostly not disclosed]

Static content offering

Subscriptions

Crowdfunding campaigns

RansomwareFrictionless payment system enables innovative use cases

2016

The year of Ransomware

RansomwareFacts:

● Market size: estimated to reach 1B USD in 2017

● Almost all ransomware payment requests in Bitcoins (which is actually a good thing!)

● 40% of SPAM emails are linked to Ransomware attacks

● 70% of victims pay the fee● 20% of victims report fees >40k USD

○ E.g. light train network in SF area○ Hospital in Holywood

● Majority of attacks are not reported○ Fear of lawsuits, loss of customer trust, etc

RaaS

Ransomware as a Service

● Often offered for free● Profits split between the software vendor

and the attacker● Targets anything:

○ Laptops, TVs, smartphones, backup systems

In the future:

All of this can be automated and autonomous

Extortion

● AdultFriendFinder data leak, leads to massive number of extortion cases○ Over 3.5 mln e-mail addresses and contact details leaked

● Scams, fake threats● DDoS attack threats● Kidnapping threats, and real kidnapping● Hijacking threats, and real hijacking

Note

The picture from movies of criminals asking for a drop of bag full of unmarked cash somewhere in a public dumpster... is gone. Old-fashioned. Modern way: use cryptocash

Malware

The rise of Malware

Huge growth for both, virtuous and nefarious purposes

● Best, and often the only way, to circumvent encryption and end-to-end security● Wallet stealing trojans ● Clipboard malware (replaces real bank account, account hash, with attacker

address)● Mining botnets (for non-ASIC mining protocols)

Other attack vectors

● Surge in attacks targeting crypto currencies companies and projects● Many exchange failures:

○ Cryptsy, Shapeshift, Gatecoin, Bitfinex, Bitcurex, TheDAO

● The hype drives surge in scams, eg. high-yield investment programs● Clever social engineering tricks for Bitcoin and virtual currency owners

○ For example after exchange failures, scams to supposedly “recover” the funds

● But… no Nigerian scammers is asking for Bitcoin donations. Wrong audience to fall victim of this type of scam.

Upside

Is Ransomware a good thing?

What good does nefarious use do

for Blockchain technology?

Upside

Ransomware is a good thing, because:

● It will surge, and subsequently, it must die out!● It leads to stronger and improved security● Increases the awareness, and better protections being used

Blockchain technology abuse leads to:

● Hardened systems, protocols, and improvement to the core technologies● Harder, or impossible to circumvent● Improved anonymity and privacy● Provides the needed socio-technical balance

Interesting recent developments

ZK-SNARKs and ZCash → huge improvement in efficiency:

● Validation: 40ms● Tx creation: 90-160 seconds

Signature aggregation

BLS signatures

IBE, Identity Based Encryption

Secure multi-party computing

Some of our projects

● Simulation and modelling of human and technical factors● Autonomous, anonymous and decentralized institutions● Scalability, off-chain transactions, Lightning Network attacks● Fog of War: how to play strategy games without a trusted 3rd party

Conclusions Good vs. Evil

Conclusions

● Nefarious use will continue● Systems will evolve and improve, because of it, and in spite of it● All implications of new technical advancements need to be taken in

socio-technical context

Security, Anonymity and Autonomy

● Those areas will achieve a lot of attention, and will subsequently improve● System will become more secure, more anonymous, and more resilient● Technical advancements will enable new types of criminal activities● Technology also improves the criminal “business as usual” models

Some innovation in blockchain technology originates in Academia. Some in Darkweb.

Thank youAssoc. Prof. Mariusz Nowostawski

NTNU, Norway

http://ccis.no

Twitter: @praeteritio

Skype: nowostawski

http://ntnu.no/ansatte/mariuszn

Basic Copyright Notice & Disclaimer

©2017 This presentation is copyright protected. All rights reserved. You may download or print out a hard copy for your private or internal use. You are not permitted to create any modifications or derivatives of this presentation without the prior written permission of the copyright owner.

This presentation is for information purposes only and contains non-binding indications. Any opinions or views expressed are of the author and do not necessarily represent those of Swiss Re. Swiss Re makes no warranties or representations as to the accuracy, comprehensiveness, timeliness or suitability of this presentation for a particular purpose. Anyone shall at its own risk interpret and employ this presentation without relying on it in isolation. In no event will Swiss Re be liable for any loss or damages of any kind, including any direct, indirect or consequential damages, arising out of or in connection with the use of this presentation.