However this article is not duplicative. It adds the history of exactly how Viagra spammers got shut down, from the perspective of one of the researchers who did it. And the technique by which that happened is a technique that can shut down bitcoin as well.
It is one thing to say, "We have to get rid of cryptocurrency! We're serious!" It is quite another to say, "Here is the method by which a similar past problem was solved." And lay out something that could actually kill the utility of cryptocurrency today. Namely shut down all bank accounts that are willing to exchange large amounts of cash for cryptocurrency. Just as we shut down all bank accounts that were receiving affiliate payments for Viagra spam.
So yes, it is possible to do this. We know how to do this. The question is whether the dangers of ransomware are such that we should do this. Cryptocurrencies have legitimate uses. For example they enable a variety of kinds of smart contracts, which NFTs are but one example of.
However ransomware is a big and growing problem. What happens when a ransomware attack gone bad winds up killing patients in a hospital? Crashes airplanes? Cuts off people's ability to access credit cards or banks?
If we keep seeing random services in a complex world get shut down by ransomware, it is just a question of time until the wrong service gets shut down with disastrous consequences. So far we have had minor inconveniences. But how will people feel after something bigger goes wrong?
EDIT: See link from user 'px43' below about the history of ransomware. Good read. Predates cryptocurrency, but I think banking technology would make most payment strategies of the past impossible, like the original article argues (e.g., PO Box in Panama is quoted as a 1989 payment plan, but GP article explains that is harder due to extradition of data and logs).
The Internet, after all, makes the dark web--and its myriad crimes, including ransomware, drug trafficking, and illegal porn--possible: without the former, the latter cannot thrive. The defenses we usually hear come in the form "prior telephone and postal systems facilitated bad stuff, too," which is a fact, but one that doesn't absolute the Internet, either. :/ """
^ What you sound like to me.
Like, I honestly just don't understand your point: these currencies (minus Bitcoin, due to proof of work being a bit ridiculous) seem like a very useful tool that you couldn't really ban anyway without taking ridiculously draconian measures (a la China and the open Internet, which is only barely working for them anyway) as--and this is kind of the whole point--there isn't any central actor running or maintaining it.
Money laundering via ACH, SWIFT, stolen credit cards, gift cards, and all sorts of online payment systems like PayPal are still huge, no cryptocurrencies required.
Cryptocurrencies are used today because they're the most efficient way to make online payments, which is a net positive for everyone. It's just as easy to hunt down criminals using cryptocurrencies as it was to hunt online criminals before cryptocurrencies got popular.
Good point, thanks.
However, opaque ledgers may make it difficult to hunt them down (Zcash, monero) in the future.
Pre-crypto ransomware was just dabbling in the idea and flying well below the radar of real enforcement. I really don't mind reclassifying that as proto-ransomware and not a real thing we experience these days.
You know police in many states in the US get uploads of all pawn records and metal recycling to help track down and stop thieves from making money on stolen goods.
There isn't one root cause, there is an environment made up of multiple factors that allows bad behavior, one contributing factor is how cryptocurrency has enabled large ransom payments to bad actors over seas.
Software should be made more secure, but making it 100% secure is impossible. How much time and money should be spent on the software security side? My house isn't made like a fortress, its security is actually pretty minimal, it doesn't need to be better because laws are enforced and its not anarchy outside, its a low crime environment due to multiple levels of protection I don't even think about or manage directly all provided by the government. Part of those protections is making it more difficult for criminals to profit off crimes, though not impossible, it's just one aspect of a defense in depth.
I don't wish to speculate whether the effect on each of those niches is net positive or negative, but it's hard to argue that the real problem is cybersecurity when cryptocurrencies have had such significant effects on other fields for the same reasons that it's useful to ransomware operators. Yes, cybersecurity is a real problem, but that doesn't preclude cryptocurrencies from being a real problem either, nor does it preclude the former from sparking action against the latter - the world operates in parallel and we can tackle multiple problems (which means yes, cryptocurrencies will almost certainly be used as a distraction).
The conversations around ransomware and climate are both slippery slopes. We should be focused on better security to prevent attacks as well as facilitating more renewable energy instead of stifling innovation.
Imagine a world where banks and businesses just kept their cash out on the counter, in unlocked boxes. One day, a bunch of "sophisticated" thieves come in and start grabbing the boxes and driving off. What is the logical response?
1. Ban cars
2. Ask banks and businesses to please use lockboxes and safes
Both are solutions to the problem of thieves jumping in and grabbing cash. But I would submit that option 2 makes far more sense that option 1.
https://www.bloomberg.com/news/articles/2021-06-04/hackers-b...
In terms of security best practices, this ranks right up there with not leaving your keys in the ignition while you go shopping. This is the world in which we live: multimillion dollar corporations being either too cheap, incompetent, or lazy to issue RSA tokens, Yubikeys or phone-based TOTP for their VPNs. And somehow this is the fault of Bitcoin?
Also, I'm not even sure ransomware is a net bad thing in the first place. It encourages better security and makes companies less likely to store my private information.
This principle is true in almost every area of life. Strong encryption, for example, does help terrorists and cybercriminals, but it also helps revolutionaries and businessmen and ordinary citizens. I don't want to give too many examples because these things tend to be politically hot topics, and I don't want to distract from the central principle: meaningful freedoms can be abused, but are worth it because they also change the world.
I would say this is the case with cryptocurrencies as well. It is true that they enable certain criminal economies. Perhaps some of those economies would still function without cryptocurrencies, and perhaps some -- as the article suggests -- would no longer be viable. But cryptocurriencies enable people to build any economy they like without the approval or supervision of a state. There are places where the government does sort of a terrible job managing its money, where this is a major benefit to people. There are people doing things unpopular with some company or some government, who can still do them practically because of the economies enabled by cryptocurrencies. These people are by nature pretty subversive, and a lot of them are doing things I do not like -- but some are doing things I am very glad they are still able to do. Freedom's like that. Some people use it for evil. Some people use it for good. And the difficulties we have in all agreeing on what's good and evil (and the particular difficulties big governments and corporations have in getting the answer to that question right!) are why I'll almost always side broadly with freedom. When people use bitcoin to do criminal things, I'm all for prosecuting them for the crimes -- but leave bitcoin alone. The ability of people to run an economy without the government's permission is something I really like them to have.
This is a feature of anonymous payment not a bug.
Cryptocurrency, like the Internet, is merely the medium.
The bigger point is that a financial system should not have a central authority who can limit access to it. Some cryptocurrencies have gone further and built privacy into the transactions also.
Whether or not you consider cryptocurrencies "progress" is irrelevant, because it's an emerging technology that exists whether you (or I) like it or not.
The cold, hard, unavoidable truth is this: Ransomware may be a Bitcoin problem, and it may not be. Either way, tough shit.
I mean not really. If we were to decide, as a country, that it was bad, we could take actions to stop its proliferation. The dollar-BTC transition points are chokepoints we could easily target to get started.
They are widely adopted and useful, yet their secondary harms warrant laws to be written.
This is the totally incorrect approach. Imagine banning Polaroids because they led to an explosive growth in underage pornography.
These exploits are happening not because of crypto but because of insecure systems that public, money making companies haven't invested in making secure.
Every conversation I've ever had with a crypto purveyor, even as a person who has worked for crypto companies before, always comes down to "crypto is a good thing because it helps people commit financial crimes". There are no other benefits.
I like having options that can be anonymous, don't require banks, immune to government influence, and even completely outside any law. Because laws are not always moral and should be ignored and evaded.
That's freedom. Having it is worth the significant amount of problems that come along with it.
If any of those things were actually true we wouldn’t be having this conversation.
Also, since you apparently do think that they are true, why are you at all concerned about what banks or governments or laws might mean for cryptocurrency? I thought cryptocurrencies were immune?
Doesn’t that better protect the scammers from law enforcement?
- FSPs may question and refuse to facilitate a Monero purchase due to its niche usage
- Major exchanges don't list XMR and you want as few hoops as possible to allow the victim to pay, can easily just switch your btc for XMR later, that's fairly simple on a decentralized exchange or a shady offshore one.
Regarding ransomeware, there is already criminal/scam wallet addresses tracking, so anyone cashing out from these addresses will eventually have to explain it
If it wasn't for payment it would be to destroy competition or disrupt enemy country infrastructure
Hard cash has also been paying criminals since ever and we still use it. If anything Bitcoin is a step up, due to being more traceable
A gov't can (has) made it illegal to mine or hold them as well. Most people won't and the value will evaporate if there is no market
Once violence on main street can be bought with crypto a ban will soon follow.
Outlawing it will make a difference though since it'll make it less likely that victims will pay, meaning the endeavor has a lower success rate.
2. It wouldn't.
Scan the Internet for any BTC/Ethereum open ports and blackhole them.
Also, some ISPs disconnect users upon detection of BitTorrent traffic.
Bitcoin did not create the concept of ransom. It didn't even create the concept of ransom as a business model for organized crime.
See for instance our neighbor to the south: https://www.vox.com/2018/5/11/17276638/mexico-kidnappings-cr...
This is such a common thing, that it has been the central plot of several hollywood movies.
There are even insurance policies that you can get for it: https://www.mexipass.com/mexico-commercial-insurance/special...
This is also common in the shipping industry: https://www.reuters.com/article/somalia-piracy/somali-pirate...
And that type of ransoming has had hollywood movies made about it.
And again that type of ransoming is common enough to have its own insurance: https://www.marineinsight.com/marine-piracy-marine/marine-in...
Should we ban shipping? Or ban the internet?
Probably not.
This article points out that, the last time a similar wave of crime occurred, the way it was defeated was by targeting the banks where the money changes hands.
It is because cryptocurrencies do not currently function as usable currencies that the same trick could work again. If governments pass regulations making it illegal for financial institutions to process cryptocurrency transactions, companies/hackers will have no way to convert real money to and from bitcoin ransoms. Companies can't simply gather up bitcoin paid to them by their customers, because almost nobody uses bitcoin as an actual currency. The ransomers won't be able to spend their bitcoin on groceries and vodka because almost nobody uses bitcoin as an actual currency. Both parties need financial institutions to make the transaction work.
Cryptocurrencies need to achieve real-world, everyday, legal usefulness fast or they're going to be strangled in their cradle by this. If the cost is massive amounts of energy use and billions of dollars of criminal damage annually, the benefit has to be more than providing a shell-game for finance gamblers and purely hypothetical future benefits.
Shipping is pretty useful, though. What are the other major uses for Bitcoin?
And then the broader question is: do you agree that financial instruments are useful?
It seems odd to me that there are so many people on HN who don't seem to understand the importance of finance. You are literally posting on the website of a venture capital firm.
If you don't understand why that's an critical utility for billions of people on this planet, then you're not worth arguing with.
