Security researchers have recently discovered a botnet with a new takedown defense. Normally, authorities can deactivate a botnet by taking control of its command and control server. Having nowhere to go for instructions, the botnet becomes useless. But over the years, botnet designers have found ways to make this counterattack more difficult. Now the Akamai content delivery network reported on a new method: a botnet that uses the Bitcoin blockchain ledger. Since the blockchain is globally accessible and difficult to remove, botnet operators appear to be safe.
It’s best to avoid explaining the mathematics of Bitcoin’s blockchain, but to understand the colossal implications here, you need to understand a concept. Blockchains are a type of “distributed ledger”: a record of all transactions from the start, and everyone who uses the blockchain must have access to – and reference – a copy of it. What if someone puts illegal material on the blockchain? Either everyone has a copy or the blockchain security fails.
To be fair, not everyone who uses a blockchain absolutely owns a copy of the entire ledger. Many of those who buy cryptocurrencies like Bitcoin and Ethereum don’t bother to use the ledger to verify their purchase. Many don’t actually hold the currency and instead trust an exchange to transact and hold the coins. But people need to constantly check the history of the blockchain in the ledger to keep the system secure. If they stopped, it would be trivial to forge coins. This is how the system works.
A few years ago people started to notice all kinds of stuff built into the Bitcoin blockchain. There are digital images, including one of Nelson Mandela. There is the Bitcoin logo and the original document describing Bitcoin by its alleged founder, the pseudonym Satoshi Nakamoto. There are advertisements and several prayers. There is even illegal pornography and leaked classified documents. All of these were installed by anonymous Bitcoin users. But none of this, so far, seems to seriously threaten those in power in governments and business. Once someone adds something to the Bitcoin ledger, it becomes sacrosanct. Removing something requires a fork in the blockchain, in which Bitcoin fragments into several parallel cryptocurrencies (and associated blockchains). Forks do occur, rarely, but never yet because of legal duress. And repeated forks would destroy Bitcoin’s stature as a stable currency (ish).
The botnet designers use this idea to create an unstoppable means of coordination, but the implications are far greater. Imagine someone using this idea to escape government censorship. Most Bitcoin mining occurs in China. What if someone added a bunch of censored Chinese Falun Gong from texts to the blockchain?
What if someone added a type of political speech that Singapore regularly censors? Or cartoons for which Disney owns the copyright?
In Bitcoin and most other public blockchains, there are no trusted central authorities. Anyone in the world can trade or become a minor. Everyone is equal as long as they have the hardware and electricity to perform cryptographic calculations.
This openness is also a vulnerability, which opens the door to asymmetric threats and small malicious actors. Anyone can put information into the one and only Bitcoin blockchain. Again, this is how the system works.
Over the past three decades, the world has witnessed the power of open networks: blockchains, social media, the web itself. What makes them so powerful is that their value is related not only to the number of users, but the number of potential links between users. This is Metcalfe’s Law – the value in a network is quadratic, not linear, in number of users – and every network opened since has followed its prophecy.
As Bitcoin grew, its monetary value exploded, even though its the uses remain unclear. Without barrier to entry, the blockchain space has been a Wild West of innovation and anarchy. But today, many prominent advocates suggest that Bitcoin should become a global and universal currency. In this context, asymmetric threats such as embedded illegal data become a major challenge.
The philosophy behind Bitcoin dates back to the early days of the open Internet. Articulated in John Perry Barlow’s 1996 Declaration of Independence of Cyberspace, it was and is the ethics of technology startups: the code is more trustworthy than the institutions. Information is supposed to be free and no one has the right – and should not have the capacity – to control it.