Getting your Trinity Audio player ready...
|
On June 7, 2022, the Senate HSGAC hearing on ransomware attacks and digital currency took place.
Expert witnesses, including Megan Stifel, Chief Strategy Officer at the Institute for Security and Technology; Bill Siegel, CEO of Coveware; and Jackie Koven, Head of Cyber Threat Intelligence at Chainalysis; gave their views on the increase in ransomware attacks and the role of digital currencies in them.
What transpired was that, while many think digital currencies like Bitcoin are untraceable systems destined to bring about an era of anarchy and chaos, quite the opposite is true.
Senator Gary Peters identifies the problem
Senator Gary Peters (D-MI) opened the hearing with a brief introduction of the problem and his recent report on it. He outlined how:
- Ransomware attacks are on the rise, affecting both small businesses and large as well as critical infrastructure operators. According to his research, $692 million in ransoms were paid in 2019 alone.
- The cybercriminals behind the attacks almost universally demand payment in various digital currencies like Bitcoin.
- Almost 75% of ransomware attacks are linked to the Russian state or entities controlled by it.
- The U.S. federal government does not have sufficient data to even comprehend the scope of the ransomware problem, let alone address it.
Senator Peters calls for the implementation of legislation making it mandatory for ransomware victims to report attacks within 72 hours and calls for more to be done to monitor digital currencies and blockchains.
Bill Siegel explains why cybercriminals use digital currencies
Bill Siegel told the Senate that, via his company Coveware, he has dealt with thousands of ransomware attacks over the last few years. Agreeing with Senator Peters’ assessment, he backed up the claim that attackers almost universally denominate their ransoms in digital currencies.
Why so? Siegel claimed it’s because digital currencies are easier to launder and harder to trace. He also noted that once a payment is sent, it’s typically settled quickly, whereas wire transfers can be recalled up to 72 hours after they’re sent.
However, Siegel also emphasized that digital currencies are not the reason ransomware exists. He noted that ransomware existed before them and stated his belief that ransomware wouldn’t stop even if they were gone tomorrow.
Jackie Koven outlines the true nature of blockchain
Jackie Koven from Chainalysis told the Senate how she tracks ransomware gangs on various blockchains and works with law enforcement to bring them to justice.
Koven told the Senate that, in her experience, blockchain technology makes it easier to track, trace, and monitor the activity of the cybercriminals behind ransomware attacks. She emphasized that digital currencies are not the cause of these attacks and that, thanks to the transparent nature of public blockchains, she’s better able to track the links between networks, trace cashout destinations, and gather information. She emphasized that doing so when attackers demand payment in fiat currencies is much more laborious and requires all sorts of subpoenas and legal processes just to get started.
In short, Koven testified that blockchains make her work easier, not harder. She also called for new agencies to be formed and funding and equipment to be made available to combat the ransomware problem, which by her estimation, cost victims $712 million in 2021.
Calls for regulatory harmony, new laws, and information sharing
Throughout the rest of the hearing, the senators asked various questions about both ransomware and digital currencies, and a common thread became clear; all of the experts in the room called for stricter regulations, harmonization of regulations internationally, and better information sharing between all involved parties.
Each of the experts emphasized that blockchains make this criminal activity easier to track and trace. However, they noted that there are ways to make transactions more private using tools like coin mixers.
Senator Peters ended the hearing by asking an important question; he wondered if there was any way to recover digital currency payments that had been made to ransomware attackers and other cybercriminals. He also expressed his intention to keep digging and discovering more about the links between ransomware and digital currencies.
Analysis: Ransomware is the problem, and Bitcoin is the solution
One thing that was absolutely clear from the HSGAC hearing was that ransomware is a huge problem. Wherever the criminals may be located, and whatever their agenda may be, businesses, organizations, and individuals of all kinds are being wrecked by the equivalent of a digital plague.
Yet, underneath the obvious surface-level facts about ransomware, the hearing revealed another truth—the experts in the room know that the Bitcoin blockchain is not what many mistakenly believe it to be. While the media and others think falsely that Bitcoin transactions are anonymous, the cyber experts involved in dealing with it know that the opposite is true; they all said at one point or another that blockchain technology makes their work easier and that additional features have to be added to make transactions harder to trace.
Of course, those who have studied and understood Bitcoin have known this for a long time. Bitcoin is the opposite of what most people believe it to be. Far from being a system enabling anonymous transactions, it’s the first electronic cash system designed with traceability in mind. Every Bitcoin transaction leaves a timestamped entry on the public ledger, meaning cybercriminals who demand payment in it leave an immutable evidence trail for investigators to follow.
Perhaps most interesting of all was the final question by Senator Peters on whether it is possible to recover digital currency payments made to criminals. Legal action initiated by Bitcoin’s inventor Dr. Craig Wright, will soon answer that question in the affirmative.
Watch: US Congressman Patrick McHenry on Blockchain Policy Matters with Bitcoin Association’s Jimmy Nguyen