Tuesday 4 December 2018 12:22 pm

Bitcoin’s anonymity: clever or criminal?

Professor Kevin Curran believes that the growing phenomenon of email scams where attackers claim they stole your password and hacked your webcam while you were visiting naughty websites is enabled in large part due to the difficulty in associating a Bitcoin address with any other address in the Bitcoin network. This is a key feature that enables its users to remain anonymous.

The separation of virtual currency accounts from real-world identities, along with the ability for an individual to create an arbitrary number of accounts enables the development of novel, complex layering transaction patterns. Thus, any Bitcoin user can create a number of addresses and operate anonymously – including through blackmail.

Unfortunately, according to Curran, this characteristic of Bitcoin has also given rise to ransomware criminals. “Ransomware is enabled by digital currencies, along with denial of service attacks, since the use of Bitcoin and other cryptocurrencies allows hackers to get paid and remain untraceable, which was not possible prior to cryptocurrencies. Thus, it comes as no surprise that ransomware is one of the main threats to cryptocurrencies at the moment.”

Moreover, Curran explains, we are starting to see virtual currencies forming the modus operandi of trading in a number of illicit goods. Additionally, it can facilitate the payment of services that may be regulated or criminalised in certain countries – for example, online gambling. “The existence of these currencies is ideal for criminals wishing to hide their tracks and we should examine the implications for society when such a powerful anonymous virtual currency exists.” Of course, given the correct resources, specific bitcoin transactions can be traced but if criminals use the proper ‘mixing’ techniques to launder their bitcoin, they will be untraceable.

Concerning the long-term future of Bitcoin, Curran believes we simply cannot foresee what lies ahead for this phenomenon. “Virtual currencies are here to stay, however, law enforcement and regulatory forces are – for the foreseeable future – facing a crisis in their investigations into virtual currency transactions. Furthermore, major problems such as the amount of energy now being used to mine coins may force national governments to step in. Of course, banning it would have to be a globally agreed solution, as Bitcoins cannot be easily traced to a geographical location. Bitcoin can be made truly anonymous with the use of the correct 'mixing' techniques.”

A long-term pitfall is the verification of the blockchain, Curran points out. “In Bitcoin, for instance, the incentive to validate the blockchain lies in the mining process where miners compete to mine new coins. However, since that will end after 21 million are mined, it is hoped that the financial gains will then lie in the transaction fees but incentivising other blockchains may be a larger problem.” Another issue is the governance of Bitcoin and other decentralised blockchains. “They usually have a governance group of lead developers to implement the agreed changes but there is nothing to stop a core of the blockchain from 'forking' off to a competing blockchain.”

A major problem of blockchain currencies is the storage and safekeeping of the 'coins'. Curran points out that unlike traditional banking mechanisms, blockchain currencies can be stolen and moved to a thief’s account with no means of recovery. “This is a real and ever-present danger with using cryptocurrencies and there have been ever-increasing incidents of coins being stolen.” He echoes the European Banking Authority and others who have warned that Bitcoin users are not protected by refund rights or chargebacks and the use of Bitcoin by criminals has attracted the attention of financial regulators, legislative bodies, law enforcement, and media.

For banks, of course, they need to know who the transacting parties are. Curran highlights that the anonymity makes using Bitcoin or other cryptocurrencies impossible for now and believes that public confidence is the main stumbling block. “If there is money to be made in the future, watch them suddenly change this modus operandi! What affects confidence mostly is the theft of Bitcoins, failure of Bitcoin exchanges and the mad varying Bitcoin currency fluctuations. Once those become less worrying, public confidence will grow and real traction will take place. Underneath it all will be the blockchain, verifying transactions in a decentralised manner like we have never seen before.”

In terms of what’s needed next, Curran concludes that the skills required to 'follow the money' have exploded in the last year. “We are likely to need dramatically more computer security incident response teams, real-time collection of traffic data and search, seizure and expedited preservation of stored computer transactions. For now, the safest thing is to back up your data and try to simply become resistance to ransomware or denial of service attacks.”

Curran is also passionate that “to combat the rise of cryptocurrency-enabled crime there needs to be more resources in the form of cyber defence in the UK. We need to upskill more people – from the public up to the IT people working in the industry – on how to do safe computing. In addition, we need more security and forensics experts in our police forces, as well as from a counter terrorist point of view. We must also spend more money in the IT space and reallocate money, which has traditionally been ring fenced for more traditional forms of defence. Modern warfare has changed and we are fighting less in the real world and more for our lives in the cyberspace. Those in charge need to recognise that.”

Professor Kevin Curran, senior member of the IEEE and professor of cybersecurity at Ulster University, in conversation with James Bowater. Professor Curran is an award-winning cybersecurity expert who has made significant contributions to advancing the knowledge and understanding of computer networking and systems, and has served as an advisor to the British Computer Society in regard to the computer industry standards.