The year 2017 saw the proliferation of cyber crimes[1], with ransomware being the most notorious of such crimes. The likes of “WannaCry” and “Bad Rabbit” took over numerous computers all over the world, threatening its users with harm, usually by denial of access to data. The attacker demands a ransom from the victim, promising – truthfully or not – to restore access to the data upon payment of “ransom”. The modes of cyber attacks are varied: hackers may use email attachments to embed malware, they may pose as customer support to obtain user log details or they may resort to phishing to obtain an unsuspecting user’s sensitive personal information. Stealing sensitive information is not the only modus operandi of cybercriminals; they can also undermine business through information sabotage and the spread of fake data to cause system failures. Whatever the method used, the basis of their strategy is consistent: exploiting weak points in security systems[2].

Traditionally, organizations store information in highly centralized systems. Unfortunately, recent cybercrime cases have shown the inherent vulnerability of centralization, especially when it concerns personal data security. The Equifax data breach in the summer of 2017, where the personal information of approximately 143 Million Americans may have been stolen, is such an example.[3]

This is where blockchain technology or distributed ledger technology comes in. The emergence of blockchain as a development platform has given rise to decentralized services. As opposed to a centralized approach, these new services rely on the blockchain’s distributed network that may be used for a variety of purposes, including cybersecurity.[4]

Blockchain opens up new ways to combat the rampant threat of cybercrime in a variety of ways, one of which is data storage protection. By storing and sharing information via the distributed ledger or record technology, institutions and businesses can ensure that there is no single way which hackers could steal data. Information, through distributed records, can be decentralized, and sequentially hashed and encrypted – making it almost impossible for intruders to make sense of information.[5] Think of it as a one thousand piece puzzle. By hacking a centralized system, an intruder can access all one thousand pieces in one go. In real life this could mean getting the personal details of around one thousand individuals just through one security breach. With a decentralized system, cyber criminals can only access one piece at a time, making it much more time consuming and nearly impossible to see the whole picture. They would have to hack a variety of gateways multiple times in order to acquire someone’s personal information. This would give the security system enough time to identify the source of the vulnerability and contain the breach.[6]

This principle may also be applied to create distributed network security to safeguard vital external infrastructure, such as domain name services (DNS) for company websites. The attack that took down Twitter and Spotify in 2016 illustrated the vulnerability of the current DNS practice of keeping the access key on only one server and relying on caching[7]. A blockchain-based server would minimise the risk by creating a wider network of security keys. Imagine a chest with multiple locks. Before it can be opened, all the locks should be unlocked using different keys that could be hidden anywhere. This is the underlying logic behind the decentralized approach to network security.[8]

Of course, in addition to protecting the data itself, the method of information sharing should also be shielded from cyber attacks. For example, instant messaging tools such as Facebook Messenger or WhatsApp, though already armed with in-app security measures, still have weak points in terms of security. WhatsApp, though it has end-to-end encryption to protect the contents of messages, still collects metadata (information about who the user is talking to). Such metadata is frequently stored in single systems, presenting a vulnerability that hackers will surely take advantage of.  To solve this problem, blockchain technology can decentralize the network itself and divide the metadata – thereby making sure that they cannot be assembled in one place.

From a cybersecurity point of view, blockchain technology offers a new way to think about system design that disincentivizes cyber-attack. It is akin to the difference between a community storing all their money in a central bank and each person keeping their own money at home. While a bank has security systems it is also an obvious target for bank-robbers who want to make a big windfall.

The $81 Million hacking heist of the Bangladesh Central Bank in 2016 demonstrates the vulnerability of many institutions’ existing financial security platforms clamoring for blockchain-based security. Investigators at BAE Systems, a U.K.-based defense contractor, believe the attackers hacked into the Society for Worldwide Interbank Financial Telecommunication (SWIFT) financial platform, the heart of the global financial system. SWIFT confirmed it was aware of malware attacks on its client software. The unprecedented cyber heist indicates that the Belgium-based SWIFT, which is owned by 3,000 financial institutions and provides a core to the security of the global financial system, is more vulnerable than many realize.[9]

Given the severity of the Bangladesh hack, financial firms would be remiss not to consider blockchain-based technology. Thus, banks are now turning to blockchain for help and are exploring hybrid systems where a single authority looks after records centrally but at the same time encourages and maintains a distributed ledger system where security and integrity are maintained.[10] The scope of application for blockchain technology in cyber security is limitless. The use of blockchain to fight cybercrime could be expanded across financial services, law, conveyancing, or any other industry that requires third party verification.[11]

These new approaches could help thwart probing attacks and discourage attackers from launching more disruptive attempts such as data breaches and malware. While many of these blockchain applications are still works in progress, they do offer a potent sign of what lies ahead. As the cybersecurity sector strives for greater efficiency and less human error, demand for independent and immutable networks will rise — and so will the use of emerging technologies which leave no room for discrepancies or breaches.[12]

[[1]]      Richard van Hooijdonk, “Cybercrime may be the biggest global threat of 2018”,  https://www.richardvanhooijdonk.com/en/blog/cybercrime-may-be-the-biggest-global-threat-of-2018/, Accessed 06 August, 2018.

[[2]]      Catherine Luff, “Cybersecurity and the future of blockchain technology”, http://www.gingermaypr.com/cybersecurity-blockchain-technology.htm, Accessed 10 August 2018.

[[3]]      Paul Worrall, “Blockchain: the solution to the cybercrime epidemic?” https://www.ibtimes.co.uk/blockchain-solution-cybercrime-epidemic-1660702, Accessed 09 August 2018.

[[4]]      Ralph Tkatchuk, “Is Blockchain the ultimate weapon against cybercrime?” http://dataconomy.com/2017/10/blockchain-ultimate-weapon-cybercrime-2/, Accessed 07 August 2018.

[[5]]      Catherine Luff, “Cybersecurity and the future of blockchain technology”, http://www.gingermaypr.com/cybersecurity-blockchain-technology.htm, Accessed 10 August 2018.

[[6]]      Paul Worrall, “Blockchain: the solution to the cybercrime epidemic?” https://www.ibtimes.co.uk/blockchain-solution-cybercrime-epidemic-1660702, Accessed 09 August 2018.

[[7]]      An area or type of computer memory in which information that is often in use can be stored temporarily and reloaded very quickly

[[8]]      Catherine Luff, “Cybersecurity and the future of blockchain technology”, http://www.gingermaypr.com/cybersecurity-blockchain-technology.htm, Accessed 10 August 2018.

[[9]]      Lester Coleman, “$81 Million Cyberheist Underscores Need for Blockchain Security”, https://www.ccn.com/81-million-cyberheist-need-for-blockchain-security/, Accessed 11 August 2018.

[[10]]    Rebecca Campbell, “Is Blockchain the Answer to Preventing Cybercrime?”, https://www.ccn.com/blockchain-cybercrime-prevention/, Accessed 11 August 2018.

[[11]]    Ralph Tkatchuk, “Is Blockchain the ultimate weapon against cybercrime?” http://dataconomy.com/2017/10/blockchain-ultimate-weapon-cybercrime-2/, Accessed 07 August 2018.

[[12]]    Catherine Luff, “Cybersecurity and the future of blockchain technology”, http://www.gingermaypr.com/cybersecurity-blockchain-technology.htm, Accessed 10 August 2018.

Disini & Disini Law Office
info@privacy.com.ph