A new report released by the Interpol at the Black Hat Asia conference shows that the Bitcoin blockchain could be easily used by hackers to spread harmful and dangerous malware among the cryptocurrency community.
The Interpol’s investigation was conducted in partnership with digital security firm Kaspersky Labs in the new Research and Innovation unit at Interpol’s Global Complex for Innovation (IGCI). According to the report, the core of the Bitcoin system – which keeps a decentralized list of all BTC transactions ever made – can be used to store malware or facilitate access to illegal content like child pornography.
Interpol cyber threat researchers have identified a threat to the blockchain in virtual transactions which could result in their being embedded with malware or other illegal data, including child abuse images.
When a new transaction is completed and verified, the information is uploaded to the blockchain and becomes visible to the general public. However, following a successful verification, the blockchain will accept any kind of upload, whether it is a transaction log or other type of (malicious) file.
“The design of the blockchain means there is the possibility of malware being injected and permanently hosted with no methods currently available to wipe this data. This could affect ‘cyber hygiene’ as well as the sharing of child sexual abuse images where the blockchain could become a safe haven for hosting such data,” says the report.
Also, once a file is uploaded into Bitcoin’s decentralized record, it’s also downloaded onto every piece of hardware and server running the blockchain software. This means millions of computers across the planet could be infected at once.
The investigation conducted by the international police organization also points out that the blockchain “could also enable crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.”
The executive director of the new IGCI said that “to conduct this type of research and identify new cyberthreats were among the key aims behind the creation of the Interpol Global Complex for Innovation.”
Noboru Nakatani promised the Interpol will act to find a solution. “Having identified this threat, it is now important for Interpol to spread awareness amongst the public and law enforcement, as well as encourage support from communities working in this field to find solutions for the potential blockchain ‘abuse’.”