Last updated on March 12th, 2018 at 12:23 am
“Last week I wrote an article on illicit cryptomining – how hackers are sneaking cryptocurrency transaction processing software onto corporate networks, personal computers, and other devices. I attempted to raise the alarm, calling this threat the most dangerous of 2018… In my opinion, however, prevention and mitigation technologies will never work well enough. There’s only one way to slay this beast. We must make all cryptocurrency as we know it today illegal.
At the heart of Bitcoin, and by extension most if not all altcoins (cryptocurrencies other than Bitcoin), is the notion of a permissionless blockchain. The problem with permissionless, public blockchains is that anybody can sign up as a miner – which means that there’s nothing stopping criminals from doing so.
Tax evasion. Money laundering. Funding terrorism or other illegal activity not directly related to cryptocurrency. But the most nefarious of all criminal motivations: illicit cryptomining.
Infiltrating our computers and networks is dead simple – all it takes is one phishing victim, one visit to a malicious web page, or one person downloading a fake app from an app store, and bam! The hacker is inside…Cryptomining, in contrast, breaks this mold. The software technically isn’t malware – after all, plenty of people mine cryptocurrency on purpose. There’s no need to find a valuable target, since any computer with processor cycles to spare will do. And there’s nothing to exfiltrate. As long as the compromised computer can reach the Internet, the threat actors can cash in on their mining activity.
Because anyone can become a cryptocurrency miner, it would only be logical for the same regulatory bodies to institute a ‘know your miner’ policy. In addition to the regulatory burden of instituting global ‘know your miner’ policies, therefore, there is also an ethical burden that all participants in the cryptocurrency economy must adhere to, else they risk condoning illegal activity regardless of whether they are criminals themselves.
Corporations will certainly try to prevent illicit cryptomining, but such efforts are doomed to be a losing battle – first, because it’s dead simple to mount such attacks, and second, fighting such threats will remain a low priority for the foreseeable future.
That leaves ‘know your miner’ – which can only work on permissioned blockchains.”
Eulogy made by Jason Bloomberg