The Ransomware Problem Is a Bitcoin Problem
lawfareblog.comI understand that this was flagged because there have been many, many articles on the connection between ransomware and bitcoin.
However this article is not duplicative. It adds the history of exactly how Viagra spammers got shut down, from the perspective of one of the researchers who did it. And the technique by which that happened is a technique that can shut down bitcoin as well.
It is one thing to say, "We have to get rid of cryptocurrency! We're serious!" It is quite another to say, "Here is the method by which a similar past problem was solved." And lay out something that could actually kill the utility of cryptocurrency today. Namely shut down all bank accounts that are willing to exchange large amounts of cash for cryptocurrency. Just as we shut down all bank accounts that were receiving affiliate payments for Viagra spam.
So yes, it is possible to do this. We know how to do this. The question is whether the dangers of ransomware are such that we should do this. Cryptocurrencies have legitimate uses. For example they enable a variety of kinds of smart contracts, which NFTs are but one example of.
However ransomware is a big and growing problem. What happens when a ransomware attack gone bad winds up killing patients in a hospital? Crashes airplanes? Cuts off people's ability to access credit cards or banks?
If we keep seeing random services in a complex world get shut down by ransomware, it is just a question of time until the wrong service gets shut down with disastrous consequences. So far we have had minor inconveniences. But how will people feel after something bigger goes wrong?
I'd like to hear how cryptocurrency advocates address this without deploying a fallacy. Cryptocurrency makes ransomware possible, without the former, the latter cannot thrive. The defenses I usually hear come in the form of "current banking facilitates bad stuff, too," which is a fact, but doesn't absolve cryptocurrencies central role in ransomware. As the article states, there is simply no way to pay a ransom without cryptocurrency. Maybe they could do b2b or cash, but that would be sooooo bold (but not impossible?)
EDIT: See link from user 'px43' below about the history of ransomware. Good read. Predates cryptocurrency, but I think banking technology would make most payment strategies of the past impossible, like the original article argues (e.g., PO Box in Panama is quoted as a 1989 payment plan, but GP article explains that is harder due to extradition of data and logs).
""" While we're at it, maybe those same people can defend the Internet, right? Clearly, this experiment in anyone in the world being able to nigh unto anonymously communicate with anyone else was a mistake... at best, every packet should be tracked back to some regulated endpoint that can be tracked in the real world.
The Internet, after all, makes the dark web--and its myriad crimes, including ransomware, drug trafficking, and illegal porn--possible: without the former, the latter cannot thrive. The defenses we usually hear come in the form "prior telephone and postal systems facilitated bad stuff, too," which is a fact, but one that doesn't absolute the Internet, either. :/ """
^ What you sound like to me.
Like, I honestly just don't understand your point: these currencies (minus Bitcoin, due to proof of work being a bit ridiculous) seem like a very useful tool that you couldn't really ban anyway without taking ridiculously draconian measures (a la China and the open Internet, which is only barely working for them anyway) as--and this is kind of the whole point--there isn't any central actor running or maintaining it.
You might say you're "banning Bitcoin", but what you're really doing is banning Bitcoin's linkages to the existing institutional financial system. That's a very tenable project.
I think it's more difficult than one imagines to ban Bitcoin's linkages to the existing institutional financial system. After all, it's not as if REvil or DarkSide are using Coinbase to trade their Bitcoin. If the United States shuts down all Bitcoin exchanges operating on its territory, but Russia does not, then does that have a meaningful impact on the usage of Bitcoin for cybercrime? It seems to me that all such a step would do is make the positive usages of Bitcoin more difficult while having only a marginal effect on the usage of Bitcoin for cybercrime.
If FinCEN were to take the position that all exchange of Bitcoin to or from other currently were illegal, then there would be at least two major impacts:
1. US people or people in any country that respects FinCEN would have a hard time paying ransoms in Bitcoin, and
2. The value of Bitcoin paid for ransom would go down. What exactly is the criminal holding Bitcoin that is, by the very fact of being Bitcoin, dirty going to do with it? No matter how mixed and laundered it got, it would still be dirty.
At the end of the day, the result would be a lot like trying to extract ransom in the form of Rubles held in a Russian bank. I think this would strongly disrupt the business model.
Yes, it does, because it makes it much more difficult for victims to confidently interact with the criminal financial system.
That is a good point, but we might also end up with yet another layer of criminal organization: "dark exchanges" that allow victims of cybercrime to get cryptocurrency without interacting with the legal financial system. While I would rather that ransoms not be paid at all, if a ransom has to be paid, I'd much rather the company get their cash in a legitimate manner, interacting with financial entities that cooperate with law enforcement, rather than via fences and money launderers.
At some point, companies can just arrange for the transfer of suitcases full of cash. The point is that increasing the friction on these crimes reduces their incidence, and that's a point the author provides evidence for.
Consider there is a war on drugs which has repeatedly proven that "increasing the friction" might actually make the situation worse. Broadly criminalizing any and all exchange of money to unauthorized tokens (any more specific definition of a cryptocurrency will be subverted) is likely to end up in that territory.
Seemed to work well for Viagra spam, and no violent black market for Viagra spam revenue clearing services sprung up.
Interesting, Viagra spam was mitigated by making these payments illegal? I have no idea, any source pls?
See: the article we are commenting on.
Oh I'm sorry. But the point still stands, the article is mistaken that it would require arranging money transfers to outside the U.S. With bitcoin in the mix, it is not true anymore. Sure, you can call the bank but unlike Viagra, scammers don't need one fixed account there.
Tenable, for sure. Effective at preventing companies from finding a way to pay a ransom (where the ransomers know it'll take them additional time to acquire the cryptocurrency funds)? Probably to at least some degree; I'm not sure exactly what the deterrence and enforcement statistics might be like.
But wise or ethical? I'd argue about as wise and ethical as classifying cryptography as munitions. Cryptography in general is certainly more broadly useful than cryptocurrencies, but strong cryptography also enables far more and far worse crimes than cryptocurrencies alone do.
And can you believe there isn't a law preventing US ISPs and network providers from shuttling traffic to or from known Tor nodes? At least 90% of it is obviously used for unethical and/or illegal activity, and it'd be tenable for ISPs to regularly null route public IP addresses they confirm Tor nodes were listening on. Sure, Tor has a few niche use cases like cryptography does, but it so overwhelmingly enables atrocious and criminal activity that it's an injustice no bill has been passed to fight it. Some people could still get around it, and I'm not sure exactly what the deterrence and enforcement statistics might be like, but it'll probably still help to at least some degree.
Governments that shield criminals are the cause here. Go after them rather than the technology the shielded criminals happen to leverage.
The obvious difference to me is that the Internet has a lot of benefits outweighing the negatives beyond just enabling people to do speculation.
What, pray tell, are those benefits that are so obvious to you, and why should they only apply to photos of your lunch and not money? Most of the more "banal" uses of the Internet would still work fine with a tightly regulated system that required you to sign up for services with an ID and have every packet signed and tracked. The reality is that many in the US believe we had an insurrection attempt in January due to 8chan of all things. To me, sure: it is certainly "obvious" that the ability to have speech that isn't centrally controlled is a good thing... but I can't come up with a single argument for it that wouldn't also apply to being able to send money between two parties (and, notably, in the Western world we tend to purposefully conflate "speech" with the ability to transfer and lend resources, as without capital nothing can be accomplished).
The whole article is about why money is a distinctively important regulatory target.
I just re-read the article to see if I was blind, but no where does it answer the question "what are the benefits of semi-anonymous photo sharing that don't apply to money transfer", in no small part as the article doesn't try to talk about the benefits of anything, much less an open Internet. I feel like you might not have actually read my comment to see the question I led with (asked in response to the comment above)? ;P
I think the argument would be that the internet, while enabling bad things, is a net-positive with its good outweighing its bad. Whereas the value provided by cryptocurrencies is not as clear.
I live in a region where electronic cigarettes can't be purchased through the internet. Local shops can sell them, and do at a 100%-150% markup. fasttech.com will sell me products at msrp, but recently payment processors stopped allowing them to sell to me if my order contained electronic cigarette components (heaters, coils, resisters, batteries, etc).
I was very pleased to discover they accept BTC and ETH as payment options.
You're comparing the benefits the internet provides to society with an example of being able to buy e-cigarettes slightly cheaper?
> Whereas the value provided by cryptocurrencies is not as clear.
The problem is that there's a large group of people who don't rely upon it at all, and there's people on the fringes that where using crypto enables non speculative economic activity where the banking sector has ignored/hands tied for too long; and by design, people in the former group can do increasingly very little against those in the latter.
The people saying "convince me" don't matter to those already using it, whereas in the case of ransom w/ crypto, the opposite is becoming more and more true…
People expecting various conflicting laws/jurisdictions globally to catch up to this at scale are going to have a tough time.
The moral hazards deeply embedded in our centralized nation state based monetary systems (and the assumptions built off of them) are once again having to compete with private money in new forms.
Heh, what? Ransomware existed long before cryptocurrencies.
Money laundering via ACH, SWIFT, stolen credit cards, gift cards, and all sorts of online payment systems like PayPal are still huge, no cryptocurrencies required.
Cryptocurrencies are used today because they're the most efficient way to make online payments, which is a net positive for everyone. It's just as easy to hunt down criminals using cryptocurrencies as it was to hunt online criminals before cryptocurrencies got popular.
This is enlightening. The 1989 ransomware that had a PO Box in Panama is hilarious. Really? Panama?
Good point, thanks.
However, opaque ledgers may make it difficult to hunt them down (Zcash, monero) in the future.
Maybe companies will start enabling MFA by then?
Kind of frustrating how easy it still is to break into critical infrastructure. I do that sort of thing regularly as my day job. Companies who put a slight effort into security don't get ransomwared.
The idea that law enforcement needs full visibility into everyone's financial history, and that's the only way for them to stop crime, is ridiculous.
I think it also makes a convincing argument for bringing back on-site backups. If there are weekly/daily backups on local disks (tapes?) that are airgapped after backup, that would save exposing credentials to the cloud storage backups. Tape is dead, long live tape!
I deeply disagree that crypto is the easiest way to make online payments. Have you ever used Venmo? Or even Facebook pay? Or Zelle? Sure, it might be the easiest way to send money cross-border, but that's an edge case, the vast, vast majority of transactions are same-country.
Those aren't payments, those are custodial services that offer users the ability to move around numbers within their respective closed ecosystems. There's a reason that every one of those services is now moving heavily into the cryptocurrency space.
Crypto is definitely the easiest way. No accounts (well I suppose a wallet could be an account, so perhaps a wash here), no bank linking, no credit cards.
Crypto is the closest thing to internet cash payments.
How do companies pay ransoms without bank accounts? Where does the Bitcoin come from?
Before cryptocurrency, ransomware was tiny and pretty easily trackable if it grew too large. It was so tiny, barely anyone knew about it. Now it's multi-million dollar business for each of multiple ransomware groups. You can't launder that much money through gift cards, and definitely not from a single entity.
Pre-crypto ransomware was just dabbling in the idea and flying well below the radar of real enforcement. I really don't mind reclassifying that as proto-ransomware and not a real thing we experience these days.
I'm not a cryptocurrency advocate but as arberx points out in another comment this is avoiding the real problem. The problem isn't cryptocurrency or ransomware. The root cause is what needs to be fixed: Software publishers and software owners are to blame for insecure systems. Software development is like the wild west with absolutely no accountability. This need to change.
To me this is like saying we shouldn't make it hard to make money off stolen goods or even police the streets, the problem is my houses security isn't good enough. We should just focus on making houses more secure otherwise its open game and your fault if someone steals from you.
You know police in many states in the US get uploads of all pawn records and metal recycling to help track down and stop thieves from making money on stolen goods.
There isn't one root cause, there is an environment made up of multiple factors that allows bad behavior, one contributing factor is how cryptocurrency has enabled large ransom payments to bad actors over seas.
Software should be made more secure, but making it 100% secure is impossible. How much time and money should be spent on the software security side? My house isn't made like a fortress, its security is actually pretty minimal, it doesn't need to be better because laws are enforced and its not anarchy outside, its a low crime environment due to multiple levels of protection I don't even think about or manage directly all provided by the government. Part of those protections is making it more difficult for criminals to profit off crimes, though not impossible, it's just one aspect of a defense in depth.
Well, first of all no one said it should be 100% secure but by far the most attacks are against systems so insecure and outdated that Windows 7 might be an upgrade. It takes minutes to find US water plants or the likes running Windows XP with internet access. That's not comparable to a house. That is a used plastic bag full of cash being blown down the street. Besides you house is secure exactly because your money isn't in you house but in a bank. Your argument should be "banks aren't fortresses because...." but that is what they are and so should important software.
Ransomware isn't the only illegal activity that's greatly enabled by bitcoin. For better or worse, it has enabled stable online marketplaces that allowed one to buy safer/purer drugs, heavy weaponry, assassins, and false passports with less exposure and risk. That used to be the stuff of spy movies - now it's available to anyone who understands how to navigate the web enough to figure out onion addresses or FreeNet. IIUC it has even enabled new methods for money laundering with unique advantages and allowed nations to evade global sanctions with near impunity instead of having to rely on foreign powers to help.
I don't wish to speculate whether the effect on each of those niches is net positive or negative, but it's hard to argue that the real problem is cybersecurity when cryptocurrencies have had such significant effects on other fields for the same reasons that it's useful to ransomware operators. Yes, cybersecurity is a real problem, but that doesn't preclude cryptocurrencies from being a real problem either, nor does it preclude the former from sparking action against the latter - the world operates in parallel and we can tackle multiple problems (which means yes, cryptocurrencies will almost certainly be used as a distraction).
It's one cause, but in my opinion the root here is the fact that ransomers are frequently identified but brazenly don't skip a beat even if they get publicly doxed, because they know they'll face no repercussions. Their governments turn a blind eye as long as the victims aren't citizens of the country or closely allied countries.
There is no evidence at all that computer science and information technology actually knows how to solve the underlying security problems without forcing untenable compromises on the economy. We can produce secure software, but only at a level of expense and time that would preclude most commercial software development.
That may be but that doesn't change that fact that the underlying problem isn't cryptocurrency. Lashing out at other technologies because of lack of accountability in software development won't solve anything. At best it will move it somewhere else but in the end the problem stil haven't been solved.
Besides, software could absolutely be made much safer without destroying the economy. We all know that the systems that get hit are often a mess a twelve year old could "hack" by using specific search engines or kiddy scripts. Laws punishing those that run software with known vulnerabilities that end up causing society problems like these ransomware attacks do should have been made decades ago.
The whole point of the article is that you could have said the same thing about Viagra spam, but financial system interventions did shut that down.
There is, again, no evidence that we know how to make commercially deployed software meaningfully safer at the scale we need to do it at to stop ransomware attacks from disrupting society.
I kinda feel like this is something DARPA and the NSF should really be working on. Like, why can't we have an OS and programming environment where it's straightforward to prove basic end-to-end security properties before runtime, like "this data has a `sensitive` type, and thus cannot be written to any potentially-persistent I/O facility?". I'd love it if that was something that my command shell could statically verify for me before running a job, for example.
This is just a terrible argument. Often times, systems are compromised through social engineering so it's not even remotely possible to solve this issue by software engineering alone. But more importantly, think about the morality of what you are saying. It is absolutely not ethical to rob someone just because they are an easy target.
I despise this sort of "technological nihilism." Just because something can be done with technology doesn't mean that it should be done. The fact that bitcoin exists does not mean we should revert back to the stone age. Anarchy is obviously a very bad idea, but I guess some people are determined to learn this lesson the hard way.
I think you're reading a lot of stuff out of my comment that isn't there. I've spent most of my career doing software security, if that helps with context.
Yeah I replied to the wrong post
Then perhaps we shouldn't produce software.
If the costs to mitigate the negative externalities of a certain product or service outweigh the net benefits of said product or service, the creation of that product or service is a net negative on society, and we should cease that activity.
It's like arguing that a coal-fired power plant isn't profitable if it has to pay for all the carbon that it's producing.
"We should stop producing software" is a take, and I support it! But I also recognize that the societal cost of ceasing all software development would be huge, and the cost of stopping all cryptocurrency is small and would be felt mostly by speculators. As the saying goes: first you couldn't use Bitcoin to buy a pizza, then you could use Bitcoin to buy a pizza, and now you can't use Bitcoin to buy a pizza.
Coal power plants aren't profitable if they have to pay for their externalities, and should be shut down.
You could just as easily point to Russia as the root cause, since they are providing a home for this.
car accidents account for 38K deaths a year in the US alone. If we ban cars, we'd be saving 38K lives every year. Why do people continue driving knowing this statistic?
The conversations around ransomware and climate are both slippery slopes. We should be focused on better security to prevent attacks as well as facilitating more renewable energy instead of stifling innovation.
Is the claim that cryptocurrency is providing a societal benefit comparable to the automobile then?
some of the biggest plagues on society are rooted in central banking policies. If you have ever been upset at the amount of money bankers make, markets they've manipulated which resulted in tiny fines, or went bankrupt and needed bailouts which require printing money which devalues all the current dollars you own as well as not enforce any reason for them to avoid future bubbles then you might be more open to something like Bitcoin and DeFi initiatives.
Governments are no better than banks. Both right & left admins want bigger government, just in different ways. They both print money at obscene rates which is cheapening the money you have in your bank account right now.
If cryptocurrency can be a salvation from some of these problems then we should 100% be seeing if it can work.
Deflationary currency would be an absolute nightmare for everyone except those lucky enough to be holding on to a lot of it before it was too valuable.
> Deflationary currency would be an absolute nightmare for everyone except those lucky enough to be holding on to a lot of it before it was too valuable.
The era 1870~1910 in the US was deflationary (as was late 19th century sweden), hardly characterizable as a "nightmare", especially compared to the nightmare that immediately preceded it. The world had a brief experiment with deflationary currency and it wasn't all terrible, in fact one of the two major participants went from "failed state" to "global superpower" in that timeframe, even while enduring the economic challenges associated with freeing its slaves.
Deflationary currency would be a nightmare because some cohort would become very wealthy? I am not sure those two thoughts are connected.
Deflation is not a bad thing for the end consumer. Our purchasing power should be going up over time as advancements/efficiencies in technology, shipping, healthcare create more for less.
Deflation is "bad" in our current system because we have so much debt that isn't backed by much collateral. Interest rates rise putting a hold on businesses that don't produce much and creates an endless domino effect
How is an entity encouraged to take on entrepreneurial risk in a deflationary environment?
If you have a lot of capital, it literally gains value by just sitting there.
Less incentive to use it.
Only people who benefit are those that have a lot to begin with (obtain more value by doing nothing).
That's not what I said, is it? It would be great if you happen to have a bunch of Bitcoins. For everyone else it would be a nightmare because it would encourage disinvestment. Why take a risk when you can literally just sit on your money? Loans would also become pretty much unfeasible both for business purposes and for consumers (hope you can buy a house with cash).
"Hodling" is certainly part of the culture but it wont be as more services get rolled out. Look at the volume on exchanges, people move coins around, stake them, or even loan them out for APY rates.
Loans would not become unfeasible, but they would be extremely reduced to people who can pay them back. That encourages healthy financial investment. It also encourages business to focus on profitability instead of raising the next round.
Whether its Bitcoin/Ethereum/Gold/Silver or something else, a thriving financial system must be backed by something finite or an extremely controlled and low inflation rate. Thats not an opinion, thats a fact. Cash or StableCoins could still be issued and backed by something like Bitcoin or has its been done in the past with Gold.
> Whether its Bitcoin/Ethereum/Gold/Silver or something else, a thriving financial system must be backed by something finite or an extremely controlled and low inflation rate. Thats not an opinion, thats a fact.
I think most people would be surprised to learn that the US financial system is "unsuccessful." It certainly sounds a lot like your unsubstantiated opinion.
Not yet, but it might. Early cars were noisy, slow, finicky and far more polluting than cars today. They're only as useful as they are today because they were allowed to evolve for a hundred and twenty years.
Banning Bitcoin because it's used in cybercrime is analogous to banning the Model T because it got used in a bank robbery.
It's much more akin to if a competitor to Ford made a car with a bank-robbing feature.
If Bitcoin had a bank-robbing feature all transactions and wallets would be private. They aren’t.
Which wallets aren’t private?
Yes. Ask your average Lebanese or Venezuelan citizen. Outside of privileged western states crypto has been a massive societal benefit. Crypto will jeopardise the monopoly of statists however, which explains the coordinated establishment pushback.
https://www.businesswire.com/news/home/20210331005682/en/Glo...
Before cryptocurrency it was iTunes giftcards or money transfer services to a 3rd world country. Cryptocurrency is not the only way to transfer money that’s relatively hard to trace.
As the article points out, it's the only way to reliably transfer the 7 figure sums that make large-scale ransomware attacks workable.
Maybe the problem is the internet. Without that, critical infrastructure would not be susceptible to cyberattack.
We successfully attacked critical infrastructure before it was connected to the Internet, so perhaps the problem is simply telecommunications. I think it's cryptocurrency, though.
Sorry but before cryptocurrency there also were hostage that were freed on payment of millions. For that kind of money life does find a way.
Good point. But that's a lot of giftcards to transfer $5 million, let alone the $100MM claimed-size of the ransomware market from the article.
The "problem" here is that a market for infrastructure bugs now exists. The birth of a market isn't a bad thing, though. Furthermore, the market hasn't created the bugs, but exposed them! This exposure is a net benefit to society because the bugs have value that predates the advent of cryptocurrencies. It's just that before cryptocurrencies the value was hidden and only unlockable by nation states in times of war. Far better for infrastructure to be continuously under attack and strengthened via ransomware than to completely collapse in battle.
I'd like to hear how internet advocates address child pornography without deploying a fallacy. The internet makes child pornography possible, without the former, the latter cannot thrive. The defenses I usually hear come in the form of "CD ROMs facilitate bad stuff, too," which is a fact, but doesn't absolve the internet's central role in child porn. As the article states, there is simply no way to attain child porn without the internet. Maybe they could do DVD or CD ROM, but that would be sooooo slow (but not impossible?)
The problem isn't that Bitcoin enables hacking. The problem is, pardon my language, that our cybersecurity is absolute, utter unremediated shit. Every time a corporate PR press release uses the word "sophisticated" to refer to hackers, I roll my eyes. These hackers aren't using processor-level side channel attacks to read secrets out of memory. They're not using Rowhammer to alter encryption keys. They're doing basic things like, exploiting SQL injection. They're getting people with phishing. They're taking advantage of the fact that these giant corporations have willfully ignored every cybersecurity best practice for the past twenty years because it might cost them a few days worth of revenue to implement things like least-privilege access and two-factor authentication.
Imagine a world where banks and businesses just kept their cash out on the counter, in unlocked boxes. One day, a bunch of "sophisticated" thieves come in and start grabbing the boxes and driving off. What is the logical response?
1. Ban cars
2. Ask banks and businesses to please use lockboxes and safes
Both are solutions to the problem of thieves jumping in and grabbing cash. But I would submit that option 2 makes far more sense that option 1.
Just to follow up on the point, here's a Bloomberg piece that states that Colonial Pipeline was because they didn't use 2FA to secure their VPN, which allowed the hackers to compromise their network with a single cracked or sprayed password:
https://www.bloomberg.com/news/articles/2021-06-04/hackers-b...
In terms of security best practices, this ranks right up there with not leaving your keys in the ignition while you go shopping. This is the world in which we live: multimillion dollar corporations being either too cheap, incompetent, or lazy to issue RSA tokens, Yubikeys or phone-based TOTP for their VPNs. And somehow this is the fault of Bitcoin?
I don't think you'll ever be able to fully ban cryptocurrency.
Also, I'm not even sure ransomware is a net bad thing in the first place. It encourages better security and makes companies less likely to store my private information.
If the G7 banned crypto trading, even if ransomware hackers wanted to be paid in crypto, companies would be unable to do so without breaking the law, which would be untenable. The bottom would fall out. Yes, people in other countries could do it, but without major economies pumping in value, they're more of a curiosity. Which, maybe would be better.
You don't need to ban crypto trading for that, you can just criminalize paying ransoms.
You don't have to; it's only valuable because you can legally change it for real currency.
Meaningful freedoms always include the possibility of abusing those freedoms. People will use the free exchange of ideas to advocate for falsehoods, start cults, and create political movements with terrible consequences. But they also use it to make the world a better place. New ideas that have advanced us as a civilization have generally started out as subversive and the freedom that allows them to grow to widespread acceptance is important. While the abuses are awful, and we can try to make the specifically abusive aspects illegal, it's hard to fully separate the good from the evil. In the end, the freedom to change to world for good always entails the freedom to change it for evil, too. But at least in this area, historically, the big wins wipe out the big losses -- and even if they didn't, I still want the wins.
This principle is true in almost every area of life. Strong encryption, for example, does help terrorists and cybercriminals, but it also helps revolutionaries and businessmen and ordinary citizens. I don't want to give too many examples because these things tend to be politically hot topics, and I don't want to distract from the central principle: meaningful freedoms can be abused, but are worth it because they also change the world.
I would say this is the case with cryptocurrencies as well. It is true that they enable certain criminal economies. Perhaps some of those economies would still function without cryptocurrencies, and perhaps some -- as the article suggests -- would no longer be viable. But cryptocurriencies enable people to build any economy they like without the approval or supervision of a state. There are places where the government does sort of a terrible job managing its money, where this is a major benefit to people. There are people doing things unpopular with some company or some government, who can still do them practically because of the economies enabled by cryptocurrencies. These people are by nature pretty subversive, and a lot of them are doing things I do not like -- but some are doing things I am very glad they are still able to do. Freedom's like that. Some people use it for evil. Some people use it for good. And the difficulties we have in all agreeing on what's good and evil (and the particular difficulties big governments and corporations have in getting the answer to that question right!) are why I'll almost always side broadly with freedom. When people use bitcoin to do criminal things, I'm all for prosecuting them for the crimes -- but leave bitcoin alone. The ability of people to run an economy without the government's permission is something I really like them to have.
Ransomware existed before cryptocurrency and cryptocurrency was popular to the degree that it was widely abused before ransomware became a serious issue. They're related but probably not to the degree you think.
Independently of how you or I feel about it, crypro enables anonymous payment.
This is a feature of anonymous payment not a bug.
This is an exchange and banking problem. Someone somewhere is allowing these terrorists to cash out. Find the bank (or country hosting it), cut them off from SWIFT, and apply sanctions until they stop funding terrorism.
Cryptocurrency, like the Internet, is merely the medium.
I think creating a currency outside the reaches of politicians is the point, come what may. That isn't to say ransomware isn't bad, there are other obvious ways of stopping ransomware.
The bigger point is that a financial system should not have a central authority who can limit access to it. Some cryptocurrencies have gone further and built privacy into the transactions also.
You are another one of those that want no privacy for anyone...
Cash enables muggings so we must ban cash?
We don't have a huge mugging problem. We have muggings (I've been mugged), but they occur infrequently enough that society isn't disrupted. You can't say that about ransomware. Not only that, but we have done things to defang muggings; for instance, it's been made less lucrative (and more dangerous for the mugger) to steal a modern phone.
But that’s not what decides if cash is viable. If we had a huge mugging problem, we would call for better law enforcement, not less cash.
No, people generally carry much less cash now, and part of the reason why is that it's so easily stolen.
I'd argue that's a small part of the reason. Like a rounding error vs the inconvenience factor of dealing with stuff like coins, having to go to a physical location during restrictive hours/days to obtain more than a trivial amount of cash, etc.
you say this in jest but in reality plenty of people have stopped using cash by themselves for this exact reason.
People abandoned cash out of convenience, not fear of mugging.
Sure, but there are some people who don’t carry cash because of mugging and other related things (can get lost, be stolen, etc)
You're talking a rounding error on the number of people that don't carry cash simply because it's not convenient to obtain and deal with it.
Ask someone younger than 20 if they have more than 10$ cash on them.
You literally did not read my post. I address your exact fallacy.
The answer is that sometimes progress comes with a cost.
Whether or not you consider cryptocurrencies "progress" is irrelevant, because it's an emerging technology that exists whether you (or I) like it or not.
The cold, hard, unavoidable truth is this: Ransomware may be a Bitcoin problem, and it may not be. Either way, tough shit.
> Whether or not you consider cryptocurrencies "progress" is irrelevant
I mean not really. If we were to decide, as a country, that it was bad, we could take actions to stop its proliferation. The dollar-BTC transition points are chokepoints we could easily target to get started.
I just want to be sure we're on the same page. Is the full version of that: "If we were to decide, as a country, that it was bad, we could assign new orders to our federal, state, and local law enforcements officers to target and violate the property rights of people who engage with cryptocurrencies"?
In order to solve the ransomware problem, we create a new problem in the use of violence or the threat of violence in order to stop anyone from using crypto at all.
Yeah, I'm not an anarchist, so I am indeed advocating that the state use its power to achieve societal benefits, which is ultimately, one might say, backed by its monopoly on the use of violence. Property rights are not and should not be absolute.
Money laundering is also illegal and it's still prolific. Buying weed is also illegal and it's still prolific.
Banning things like this just turns them into another laundering opportunity - where there's money to be made there's a way.
If I take this claim literally it's never worth having any kind of law at all. I don't believe that. I also don't think crypto currency looks nearly as attractive if there are no legitimate channels to convert or spend it.
How does this compare to banning ICE vehicles?
They are widely adopted and useful, yet their secondary harms warrant laws to be written.
"This means that cryptocurrencies are the only tool left for ransomware purveyors. So, if governments take meaningful action against Bitcoin and other cryptocurrencies, they should be able to disrupt this new ransomware plague and then eradicate it, as was seen with the spam Viagra industry."
This is the totally incorrect approach. Imagine banning Polaroids because they led to an explosive growth in underage pornography.
These exploits are happening not because of crypto but because of insecure systems that public, money making companies haven't invested in making secure.
While I mostly agree with you about cryptocurrencies, the idea that companies don't invest in security is a lazy argument. It's not that simple. Companies can't secure themselves against bugs in software that no one knows about (zero days) no matter how much they invest.
While this is true, the overwhelming majority of these incidents do not use or require zero-days. The attack vector is nearly always basic phishing/social engineering, or wildly misconfigured/unpatched systems exposed to the internet. Implementing a bare-bones security program, or giving an existing security program the tools & authority to enforce policies, would cut down on ransomware incidents by a factor of 5-10, easily, without touching cryptocurrency in the slightest.
They can audit the projects they use. It will never be perfect but most do nothing.
The difference is that polaroids are useful for legitimate purposes.
Every conversation I've ever had with a crypto purveyor, even as a person who has worked for crypto companies before, always comes down to "crypto is a good thing because it helps people commit financial crimes". There are no other benefits.
I believe the benefits of cryptocurrency outweigh problems.
I like having options that can be anonymous, don't require banks, immune to government influence, and even completely outside any law. Because laws are not always moral and should be ignored and evaded.
That's freedom. Having it is worth the significant amount of problems that come along with it.
> don't require banks, immune to government influence, and even completely outside any law
If any of those things were actually true we wouldn’t be having this conversation.
Also, since you apparently do think that they are true, why are you at all concerned about what banks or governments or laws might mean for cryptocurrency? I thought cryptocurrencies were immune?
Ransomware is a gift — people are exposing insecure systems only for a few million dollars of payout. A more nefarious actor would do more nefarious things than just collect what is at the nation-state scale a very small amount of money. More ransomware will accelerate security improvements and protect systems from CCP, Five Eyes, etc.
This argument is pretty weird: ransomware is bad, but there's a potentially worse actor out there, so ransomware is good? I'd say that's like someone robbing a bank, but saying "someone else could have robbed you for more".
Yes, if someone sticks up your bank for $10 then it likely benefits you in the long run since you implement security measures for when the million dollar stickup man comes by.
I'd liken it to giving your immune system a work out to better prepare for next year.
Agreed, same for crypto miners IMO. These consequences are significantly more benign than if real criminals had gotten into the system. It's essentially a decentralized bug bounty program that every large company who connects to the internet has to opt in to.
And the cryptocurrency problem is a central banking problem. Therefore, we should eliminate central banks.
Indeed, it is rather simple, all the founders and idealists of btc have been something like technology supremacist and do not want any government interventions infringing on their business matters. They need to pretend how this is legal and a technology achievement to obfuscate the real purpose. These are, founders getting rich, money laundering(called anonymous transactions), exchange of illegal goods( how many people pay with btc for legal things and how many use it to pay for all kinds of illegal things on the dark web?) . Someone intelligent enough to create Bitcoin is intelligent enough to know this will be used for illicit purposes. No way in hell did a borderline anarchist cypherpunk believe the general population will trust his system more than the banking system. If most governments simply outlaw it, the price will have a rapid trajectory towards zero. Bitcoin and the ecosystem are the only logic tool for ransomware transactions, there is no sugarcoating this.
Bitcoin is not anonymous and should not be used for illegal purchases as it is trivial to trace. Use Monero if you care about privacy.
Never understood why ransomware didn’t use more anonymous crypto currencies like Monero or ZCash.
Doesn’t that better protect the scammers from law enforcement?
- Low liquidity on exchanges for privacy coins, meaning if you order 5m Monero it drastically increases the price
- FSPs may question and refuse to facilitate a Monero purchase due to its niche usage
- Major exchanges don't list XMR and you want as few hoops as possible to allow the victim to pay, can easily just switch your btc for XMR later, that's fairly simple on a decentralized exchange or a shady offshore one.
Criminals will keep doing what works until it stops working. There are botnets that still do command and control over IRC.
I thought you can easily wash the money by converting it through an anonymous cryptocurrency and then out again anyways.
The networks don't interoperate, so you need a "trusted" party to provide this service.
An atomic exchange fulfills this requirement, assuming your capable of auditing the code that runs the swap smart contract.
Most dark markets are indeed shifting towards Monero
A few crews have started asking for Monero.
Bitcoin/cryptocurrency are an amazing technology breakthrough, and they will be the future, companies and govs will not accept anything less than self auditable immutable transactions. Resistance is futile
Regarding ransomeware, there is already criminal/scam wallet addresses tracking, so anyone cashing out from these addresses will eventually have to explain it
If it wasn't for payment it would be to destroy competition or disrupt enemy country infrastructure
Hard cash has also been paying criminals since ever and we still use it. If anything Bitcoin is a step up, due to being more traceable
Is it possible to ban cryptocurrency traffic in general? How would that even work?
You ban it at the point of interaction with the existing financial system. You don't have to ban or block the technology.
A gov't can (has) made it illegal to mine or hold them as well. Most people won't and the value will evaporate if there is no market
The same way any other statue works. “No person shall convert, convey or tender in any currency not approved by the Department Of Treasury under penalty of …”.
Once violence on main street can be bought with crypto a ban will soon follow.
You can make it illegal to transact crypto. That would devastate the price and ruin it as a currency. The network would still exist, but it'd be useless as a medium for criminal payments due to the low value.
Low value won't change its criminal utility. A criminal looking for a $50k ransomware payment doesn't care if the market cap is $50M or $50B.
Outlawing it will make a difference though since it'll make it less likely that victims will pay, meaning the endeavor has a lower success rate.
This misses a big point though. If Corporation A needs to pay $1M in crypto to Hacker B, Corporation A needs to acquire $1M in crypto (whether that's 20 BTC or 20,000). If it's illegal for them to acquire the crypto they can't make the payment. The bottom falls out.
That's what I said in my second paragraph. The illegality itself is what will work. The market value is irrelevant
Aren't they already "illegally" making the payments via some 3rd party loophole?
Maybe. Let’s say you can, for example, purchase a cruise missile strike in crypto. Once a few cruise missiles land in LA I imagine the world governments will take a more aggressive stance on crypto. Drone strikes and military intervention will follow.
Indeed, and since attackers are now on notice from the US Govt, they might reconsider these types of attacks
Bitcoin was wildly popular on darknet markets even when it was worth less than $10. It's still tied to a dollar value, so it can be used for payments without issue.
When Bitcoin was worth less than $10 how difficult was it to change your bitcoin into cash?
Way back in the early days before exchanges, you literally bought and sold them on forums using bootleg paypal ripoffs (since paypal didn't recognize virtual money = buyers could refund)
I put off my 20,000 BTC purchase because it was so sketchy.
That is exactly as dumb as trying to make the internet illegal. It would financially ruin any country who tried it and give a significant advantage to everyone else on the planet.
....That is an extraordinary claim, and thus requires extraordinary evidence.
There is no significant legitimate commerce taking place using cryptocurrency. By what mechanism would banning converting BTC to USD "financially ruin" the US?
It would certainly be bad for ransomware companies, who probably make up a substantial portion of GDP in some dark corner of the world. Think of their children!
What evidence is available that crypto is so essential to the national economy that it would cause financial ruin?
Just last month, China banned the use of crypto by any financial institution. Are you suggesting this will ruin their economy?
1. No.
2. It wouldn't.
Same way as currently botnet command center IPs are blackholed.
Scan the Internet for any BTC/Ethereum open ports and blackhole them.
Also, some ISPs disconnect users upon detection of BitTorrent traffic.
the government could block the whole internet tomorrow if they wanted to.... because weapons.
I think that what you're seeing is HNers, and techies in general not really understanding that there is a world that exists well outside of their bubble of technology.
Bitcoin did not create the concept of ransom. It didn't even create the concept of ransom as a business model for organized crime.
See for instance our neighbor to the south: https://www.vox.com/2018/5/11/17276638/mexico-kidnappings-cr...
This is such a common thing, that it has been the central plot of several hollywood movies.
There are even insurance policies that you can get for it: https://www.mexipass.com/mexico-commercial-insurance/special...
This is also common in the shipping industry: https://www.reuters.com/article/somalia-piracy/somali-pirate...
And that type of ransoming has had hollywood movies made about it.
And again that type of ransoming is common enough to have its own insurance: https://www.marineinsight.com/marine-piracy-marine/marine-in...
Should we ban shipping? Or ban the internet?
Probably not.
Ordinary people use shipping and the internet every day. They do not use bitcoin.
This article points out that, the last time a similar wave of crime occurred, the way it was defeated was by targeting the banks where the money changes hands.
It is because cryptocurrencies do not currently function as usable currencies that the same trick could work again. If governments pass regulations making it illegal for financial institutions to process cryptocurrency transactions, companies/hackers will have no way to convert real money to and from bitcoin ransoms. Companies can't simply gather up bitcoin paid to them by their customers, because almost nobody uses bitcoin as an actual currency. The ransomers won't be able to spend their bitcoin on groceries and vodka because almost nobody uses bitcoin as an actual currency. Both parties need financial institutions to make the transaction work.
Cryptocurrencies need to achieve real-world, everyday, legal usefulness fast or they're going to be strangled in their cradle by this. If the cost is massive amounts of energy use and billions of dollars of criminal damage annually, the benefit has to be more than providing a shell-game for finance gamblers and purely hypothetical future benefits.
> Should we ban shipping?
Shipping is pretty useful, though. What are the other major uses for Bitcoin?
I don't really know how to ask this question without it sounding insulting, but: do you agree that currency itself is useful?
And then the broader question is: do you agree that financial instruments are useful?
It seems odd to me that there are so many people on HN who don't seem to understand the importance of finance. You are literally posting on the website of a venture capital firm.
> do you agree that currency itself is useful?
Currency itself is useful, but has existed a lot longer than Bitcoin. If we're trying to evaluate the utility of some new thing, merely the fact that it's another kind of currency really doesn't get you much. Ocean Shipping on the other hand gets you a lot of things that other kind of shipping don't get you.
In the long run? Maybe destroying the petro dollar. One can dream.
This doesn't make sense to me. Are you opposed to people paying for oil, or the influence of oil? Because that still exists whether they are paying with dollars or crypto, and will exist no matter what currency is used.
No, I'm opposed to using a currency that is force-fed down the throat of oil producing countries at the the risk of invasion if refused.
Ask someone in a country whose currency has been debased.
Those people end up hoarding stable currencies like USD today, how is BTC any better?
Sending money over the internet.
If you don't understand why that's an critical utility for billions of people on this planet, then you're not worth arguing with.
> Sending money over the internet.
> If you don't understand why that's an critical utility for billions of people on this planet, then you're not worth arguing with.
Are you aware that there are other ways to send money over the internet than Bitcoin?
Is bitcoin really going to enable billions of people to send money over the internet? Or is it going to enable a very few people to send money over the internet?
This isn't a question about whether people want to use it. The question is, does bitcoin scale to that many users?
Crypto is one tool for sending money over the internet, but it's hardly the only one, and it's far from the best. Most transaction utilities don't have potential for your transfer to lose 30% overnight.
Have you invented a magical currency that always retains its value? If so you should probabally let the world know.
I use the wonderfully stable US dollar.
The US dollar has lost 99% of its purchasing power since moving off the gold standard in 1933.
Wonderfully stable if you consider $1 in 1933 = $1 in 2021, inflation is hidden taxation and disproportionately affects widows and orphans.
And bitcoin lost 30% of its value in the last month. So yes, the dollar is in fact wonderfully stable by comparison.
No one is arguing that Bitcoin is stable. I was simply pointing out that the USD is not as stable as you presume on a long-enough timescale. In fact it loses approximately 100% of its purchasing power per century.
The context was exactly bitcoin losing value very rapidly. When thehappypm said that the dollar was stable, that wasn't a claim of "absolutely stable" - it was "far more stable than bitcoin".
I don't know if you're doing it deliberately, but in the context, you're kind of doing a motte-and-bailey here...
The "how much value it loses per century" time scale is unimportant for most applications.
You need a currency to be "not 1923 Germany", because it becomes impossible to plan for anything past your next meal.
But the "loses 100% of the value per century" doesn't really seem to be a hindrance to our real-world financial needs. Lenders are capable of understanding this risk and extending 30+ year mortgages and even those weird century-plus infrastructure bond products.
The whole long-term stability thing seems to be a very narrow scare tactic: a bugabear for those who are wealthy enough to hold a lot of cash, but too naive/risk-averse/fearful to invest it in any meaningful way o beat inflation.
“But the "loses 100% of the value per century" doesn't really seem to be a hindrance to our real-world financial needs. Lenders are capable of understanding this risk and extending 30+ year mortgages and even those weird century-plus infrastructure bond products.”
We are going to have to disagree on this point. To me inflation is taxation without representation. It is theft of purchasing power by Central Banks. It disproportionately negatively affects savers or those on fixed incomes and it benefits those closest to the new spending (read Wall Street Bankers) via the Cantillon Effect.
I am less concerned with the needs of lenders to compensate for inflation than I am worried about the disastrous effect it has on those who wish to save for the future.
>To me inflation is taxation without representation. It is theft of purchasing power by Central Banks.
I guess, in the end, I see central banks as "indirectly representative". While they have some free hand in day-to-day policy, in the end, their leadership has to answer to elected officials. If they drive the economy into a ditch, the head of the Federal Reserve/Bank of England/ECB will get fired.
So the decisions they make aren't much more "taxation without representation" than when the city sanitation department has the authority to adjust the rates for trash collection. Eventually, there's accountability.
>I am less concerned with the needs of lenders to compensate for inflation than I am worried about the disastrous effect it has on those who wish to save for the future.
The point was more that it's already priced in. Inflation doesn't seem to be hindering us from building projects like railroads or semiconductor fabs where the real payback may be many years after the first cheque is written.
As far as I can tell, the primary loser in a managed-slow-inflation scenario is the person who is saving via the "wad of banknotes under the mattress" strategy or similar equally naive choices (i. e. a main-street bank savings account that pays below the inflation rate).
It's not hard to build a very conservative investment portfolio that beats managed competent-Western-central-bank inflation. Hell, you could just buy something like TIPS or Series I savings bonds and be done with.
From that perspective, it's less "robbing savers of purchasing power" and more about converting savers from "dragons sitting on top of a pile of gold" into actual investors participating in the real economy.
“It's not hard to build a very conservative investment portfolio that beats managed competent-Western-central-bank inflation. Hell, you could just buy something like TIPS or Series I savings bonds and be done with.
From that perspective, it's less "robbing savers of purchasing power" and more about converting savers from "dragons sitting on top of a pile of gold" into actual investors participating in the real economy.”
I will concede that one could build an investment portfolio that beats typical western consumer price inflation rates but I don’t think it is right to force savers (read unsophisticated investors) to risk their life savings just to earn a positive inflation-adjusted return. To me, more choices for individuals is generally a good thing. Governments around the world are starting to consider or even implement negative interest rates. I for one believe Bitcoin should exist as a counter to such things as forced negative interest rates, which I referenced earlier as theft by central banks.
Since the 1933/34 when the US, Canada and the UK all simultaneously dropped the gold standard (and confiscated their citizens gold by force) there has been no option for a citizen to store their savings in a bank while earning a positive return net of inflation. Store your money in a bank and you are guaranteed to lose purchasing power over time. That has been true nomatter what the inflation rate is at the time. Bank yields on savings always trail inflation.
With Bitcoin individuals finally have an option that, while volatile in the short term, has a high likelihood of retaining purchasing power relative to inflation over the long-term. As such I find it difficult to understand why so many are so quick to ban such an instrument simply because it could also be used for criminal purposes.
On a side note, one of the greatest inventions of the cryptocurrency revolution is the availability of positive real yields on stablecoins. With USDC, an individual has multiple options to earn 8-13% nominal annual return on a stablecoin that is pegged to the US Dollar. For the first time since 1933, an individual has an option to store their life-savings in a stable currency which maintains it’s purchasing power over time - try that with a bank.
I appreciate your point of view but if we look at the origin story of Bitcoin and Satoshi’s vision of the hardest money ever created, the fact that all fiat currencies lose value over time is exactly why it was created.
While bitcoin may be volatile in USD over the short term, I can tell you the exact inflation rate of Bitcoin today, tomorrow or 100 years from now. Try that with the US Dollar.
What is the inflation rate in terms of purchasing power?
It took a century for USD to swing 99%, how long did it take BTC?
I’m not sure I understand, has BTC ever lost 99% of it’s value? If I understand correctly, the value of Bitcoin has only gone up over the past 11 years. While the purchasing power of the US dollar has fallen in real terms every single one of those years.
Depends on your time frame. It has definitely gone down at times - it's not at 55,000 any more. So "only gone up" might be true, if you pick your sampling intervals in a way that misses all the dips. It's definitely false as an absolute statement, though.
And, to thehappypm's point: Has the US dollar ever lost 30% of its value in a month? No. This point was badly stated (bitcoin has never lost 99% of its value), but I think the point is rather clear: Bitcoin can lose value much more rapidly than the US dollar, and in fact has done so.
BTC is up 100x from a couple years ago, is that desirable for a currency?
It is desirable for a reserve asset and a store of value - which are use-cases for a currency. It is obviously not great to have a deflationary currency as the only option for spending. However, luckily we still have fiat currencies which are ideal for spending as well as Bitcoin which is the superior savings vehicle.
Bitcoin has only been around for ~11 years and by all accounts it is still in price discovery mode. Eventually it’s value will stabilize and it may serve as a better unit of account.
Until then, spend your fiat and Hodl your bitcoin.
Sending money over the internet is faster and safer using methods that existed before bitcoin (sending via banks / paypal / venmo / cashapp / etc). Crypto does not enable this.
None of those services actually let you send money over the internet. All of them are custodial. You give them your money, they hold onto it, and when they feel like it, they might let you interact with other users within their closed ecosystems.
That is a distinction without a difference and a nonsensical one at that. I have money in my bank account and it goes to someone else’s bank account.
The same is true for Bitcoin anyway - you have to use exchanges to get money in/out and you are completely dependent on strangers to process your transactions, and they cost far more. Sure you can have your own wallet but it’s entirely useless until you interact with an exchange and the network.
You've got that backwards, exchanges are only used by people with USD or trying to get USD. The Bitcoin ecosystem did just fine before exchanges existed. I was there. We either mined our own coins, or earned them by doing work for people with coins. It was great.
Also recognize the privilege that you were born with that allows you to open a bank account. About a third of the people in this world don't have that luxury. I've used Bitcoin to pay under-served artists and programmers in corners of the world that I had never heard of, and with many of them I never knew where they were located geographically, because it just doesn't matter anymore.