Russia Investigation Stumbles into Crypto
We have some advice for anyone thinking about meddling in foreign elections or investigating the foreign meddlers:
Before you use — or make allegations about — cryptocurrencies, learn more about them.
The reason we say that is because, in its recent indictment against a dozen Russians, the U.S. Justice Department writes about the use of Bitcoin to help manipulate the 2016 election … and they seem to imply Bitcoin helps avoid detection.
Meanwhile many users, whether Russian operatives or not, also seem to think it helps avoid detection.
If so, they’re both dead-wrong!
We’ll explain why in a second. But first let us cover some key points in the indictment …
Essentially, it alleges that Russian hackers broke into the databases of the Democratic National Committee (DNC).
Did they use sophisticated spyware? No. They merely deployed plain-vanilla spear-phishing techniques to get their hands on user passwords.
Like sending fake emails pretending to be Google and asking for a password reset.
Was there a security flaw in Google’s email service? No. All they did was find DNC staffers gullible or naïve enough to hand over their personal passwords … and they were in. That gave them access to tens of thousands of confidential emails and documents.
Plus, the indictment says attackers also hacked into the DNC’s servers through unspecified vulnerabilities, and more confidential documents were stolen.
How did the hackers conceal their true identities? They merely used servers spread out across the globe.
Everything users do on the internet is monitored and recorded by someone. It leaves a trace. Hackers know this, and so they typically resort to devices for masking their true identity. Using proxy servers is one such way.
A proxy server is basically a computer you use to route your connections. It’s located in a different geographical location from where you are. So it throws off someone trying to trace you.
Is this unusual? Absolutely not.
In fact, the technology is available to everyone — a Virtual Private Network (VPN), commonly used by average people who want their web browsers to think they’re signing in from a different country.
If you’re using Netflix, for example, you may want to watch a movie that’s available only in the United States. So you use a VPN to trick Netflix into thinking you’re logging in from, say, New York City.
Or, suppose you’re in Shanghai and want to access The New York Times and your Facebook page, both of which are blocked by the “Great Firewall of China.” No problem! Your VPN will get you right in.
We travel internationally quite often and we can tell you from personal experience: VPNs that fix your location to the U.S. or the U.K. are a godsend. All perfectly easy. All legal.
And yes, VPNs can also be used by bad actors. That’s how the hackers of the DNC routed their connections through servers spread out across the globe.
Do the attackers own these servers? Not at all. They rent them.
Is this unique or unusual? Again, absolutely not!
It’s standard practice on the Web; the entire internet infrastructure is built on this concept. For example, if you want to create your own webpage, chances are you don’t have the needed hardware to keep that page running 24/7. So you use a web service, effectively renting the specialized hardware.
That’s also what the hackers did. And that’s what brings the story back to Bitcoin: They paid for the service with Bitcoin and other cryptocurrencies.
Why Did They Decide to Use Bitcoin?
The indictment seems to indicate that they used Bitcoin largely because of the perceived anonymity of the Bitcoin blockchain.
And this is where the hackers, investigators or both seem to have missed the boat.
The truth is every single transaction is stored on Bitcoin’s immutable ledger with each user’s public address. And every single one of those transactions will stay there until the end of time.
In fact, it’s this extreme level of transparency that makes Bitcoin a trusted network: You don’t have to be a super-sleuth to peruse all the details. We can do it. So can you. Anyone can do it anytime from anywhere!
The only thing we can’t do is connect the public addresses to the users’ real names. But that’s where intelligence services come in. In fact …
It’s firmly established that the NSA has the capability of connecting anonymous Bitcoin public addresses to their real owners.
In other words, it turns out Bitcoin isn’t nearly as anonymous as some people might think.
Just as intelligence services (or anyone with the technical expertise) can trace everything you do online, they can also trace everything you do when you use a distributed ledger such as the Bitcoin network.
So why did the alleged Russian attackers use Bitcoin?
Two possibilities: Either they were not aware of what we’ve just told you. Or they figured it was the most convenient way to do it.
That’s right. Either plain ordinary ignorance or … plain, ordinary convenience.
Indeed, we’re quite surprised at how careless the hackers were. It’s almost as if they didn’t care whether they eventually got caught. As if they knew from the get-go that they were beyond the reach of U.S. justice. As if all they were concerned about was doing the damage, and getting it done before the 2016 election.
Even if Bitcoin and other cryptocurrencies didn’t exist, they could have done the same thing. They would have simply found other convenient ways of paying for the server time they needed.
How do you prevent this in the future?
Can you ban the rental of servers in the entire world? No. That would destroy the very fabric of the internet.
Can you somehow cut off their source of funding? Not really. The indictment estimates they spent no more than U.S. $95,000 in total. So anyone could’ve staged this attack. It doesn’t take a well-funded nation to do it.
The fact that Bitcoin is being connected to this incident is unfortunate. Blaming it on Bitcoin or any other cryptocurrencies is misguided and shortsighted.
Yes, this Distributed Ledger Technology (DLT) is disruptive. Yes, it will upset the status quo. Just like the internet did. And just like the internet itself, those who harness this new technology to its fullest will become the world leaders of tomorrow, hosting some of the most influential institutions the world has ever seen.
And yes, like the internet before it, DLT will give bad actors new ways to do bad things. But that same DLT also gives the good guys much-better technology for protecting sensitive data from hackers!
There is only one choice that countries need to make: Do we capitalize on this innovation, or do we sit idly by and watch others take the lead?
Tweet your thoughts to us here: @weissratings.
Juan and Martin