How cryptocurrency turbocharged the cybercrime racket: Explained

Source: Business Standard

Relevance: Cryptocurrency is an emerging sector. As a UPSC aspirant one needs have knowledge about its pros and cons.

Synopsis: Use of cryptocurrencies for ransomware attacks by hackers and related challenges.

Must Read: What is a ransomware?
How is crypto used in cybercrime?

A typical ransomware attack on a company or organization might proceed like this: Executives realise their business website is down or systems inaccessible, and administrator overrides don’t work. A ransom demand arrives via email, providing a Bitcoin address where the payment must go if the company wants its systems operational again, along with a deadline. The victim calls up the Bitcoin address, which is 26 to 34 characters in length, when signing onto a cryptocurrency exchange to make the deposit.

What makes crypto attractive to criminals?

The anonymity built into the blockchain, which forms the foundation of cyber­curren­cies, can be utilized through a variety of ways.

  • Coin mixer: A ransom paid in Bitcoin can be swiftly run through a so-called cryptocurrency mixer or coin mixer, which obscures the trail of ownership by pooling it with other people’s holdings. (While the practice itself is not considered illegal, mixer operators can get into trouble if found to have laundered illegally gotten money.)
  • Conversion to a different cryptocurrency: Another option is to convert the ransom payment to a different cryptocurrency via a crypto exchange. So-called money mules (a person who transfers illegally obtained money between different payment accounts) can be recruited on dark web forums and directed to withdraw Bitcoins out of certain accounts.

In 2020, victims paid more than $406 mill­ion in crypto­curr­ency to attackers, accord­ing to blockchain analysis firm Chainanalysis Inc. This year, groups had taken at least $81 million from victims as of May, the firm said. Hackers who specialize in ransomware are said to be actively seeking out targets that have insurance.

Can payments made in cryptocurrency be traced?

Yes, at least at first. All Bitcoin transact­ions, while anonymous, are available for anyone to see, so someone tracking a par­ticular Bitcoin wallet can observe when cash arrives. But accessing the money inside the wallet requires a private key, essentially a password, and that’s some­thing ransomware groups do not normally share with anyone outside their operation.

What steps can be taken?

Regulation is the key. In April, the Ransomware Task Force, a private-public partnership created by the Institute for Security and Technology, published an 81-page report with recommendations for how governments can protect against and deal with ransomware attacks.

  • The group urged governments to extend Know Your Customer (KYC), Anti-Money Laundering (AML) and Combating Financing of Terrorism (CFT) requirements — which national and international authorities enforce against banks around the world — to crypto exchanges, kiosks (crypto’s version of automated teller machines) and over-the-counter trading desks.
  • Calls to ban Bitcoin altogether have been quieted by the currency’s gradual acceptance by the financial industry.

Terms to know:

 

Print Friendly and PDF