Fraudsters constantly look for ways to keep their activities up and running. The recent takedowns of two of the largest underground marketplaces, Alphabay and Hansa Market, sent them scrambling for new ways to secure their operations. They found it in by hosting their websites on the blockchain.
Everyone has a vague notion of what blockchain is, or has at least heard the term – usually tied to Bitcoin or cryptocurrency. It has been touted as either the next evolution in financial technologies, or a silly fad. Blockchain is a relatively new way to organize distributed applications. It disrupts the traditional model of storing application information in a large single database updated and managed by a central authority. Blockchain opens up new possibilities for writing and organizing applications with no central, trusted authority to manage the data. This may sound insecure, but in order to make an unchangeable digital ledger, and remove the need for a trusted authority, cryptography ensures users can only edit the parts of the blockchain that they “own” using private keys.
More simply put, blockchain is a public ledger where transactions are recorded and confirmed anonymously. Once entered, the data cannot be altered.
Businesses can use it to streamline operations and create new opportunities. It also offers many new ways for criminals to profit. For a normal bank account, if a criminal steals your login details, there are bank-imposed limits on how fast your account can be drained. Often, the bank will temporarily suspend your account and contact you. None of these safeguards exist in blockchain systems. If your cryptocurrency wallet is stolen, there is no recourse. All responsibility lies with the end user.
Makes sense in terms of finance, but how does it apply to hosting websites on the blockchain?
For the last couple of years, fraudsters have been selling “dedicated host servers” marketed as “bulletproof” to takedown attempts. These servers gained popularity among many fraudsters looking to guarantee the sustainability of their websites. Blockchain technology seemed to be an ideal solution, allowing fraudsters to keep their forums, marketplaces and websites always online.
This trend is emerging, and we expect to see more and more fraud schemes taking advantage of the blockchain features. On the upside, the use of blockchain-based DNS is less relevant for phishing attacks as accessing such websites requires the use of special extensions on the browser, which end users generally do not have. This is small consolation given the ingenuity and persistence of the fraudster when finding new ways to commit cybercrime.
Want more insight on this emerging trend?
If you would like to learn more about this emerging fraud trend, you can download the full report here.
This is a Security Bloggers Network syndicated blog post authored by Heidi Bleau. Read the original post at: RSA Blog