Snow White and the seven cryptocurrency miners
Hi Ho-oo-oo! Hi Ho-oo-oo! Hi ho, hi ho, it’s off to work in the Data Centre we go! Deep in the magic forest there sits a large, anonymous-looking grey shed; inside, seven Data Wizards And Regional Facility Staff (D.W.A.R.F.S.) are hard at work loading new servers (they call them “compute nuggets”) into equipment racks and tending the cooling and fire suppressions systems, and uninterruptible power supplies, that are essential safety and backup systems in any data centre (or mine). These seven D.W.A.R.F.S. used to be expert geologists, hacking deep into the rocks in cramped tunnels looking for lustrous gold deposits, but have now changed careers toward information technology in search of their hoped-for riches instead; they are now mining and trading cryptocurrencies such as Bitcoin and Ethereum, hallmarking new blocks on the blockchain (and gaining new crypto coins) as they go.
Cryptocurrencies are indeed big business, especially within the context of their rocketing, albeit volatile value. Indeed, Digiconomist estimates that the mining of just Bitcoin alone uses more energy, at 32.36 TWh, than consumed by Ireland – or about the same as Serbia. Our D.W.A.R.F.S. have been extremely industrious. Their haul is often traded in exchanges, which inevitably have become prime targets for cybercriminals (let’s call them the “Wicked Queens”) who, through various heists, have stolen an estimated $1bn (Crytovest) to $15bn (Fast Company) of cryptocurrencies.
The most recent incidents involved the theft of 4,700 bitcoins (worth around $80 million at current prices) stolen from the cyptocurrency mining marketplace, NiceHash and a freeze of Ethereum wallets worth $170 million as a result of a “security test gone wrong”. Technologically, a cryptocurrency system consists of a large (and growing) distributed database or ledger recording transactions (often anonymously) amongst cryptocoin users (including Wicked Queens), with blocks of transactions being verified cryptographically by miners (our D.W.A.R.F.S. and others) who gain additional cryptocoins for their efforts. There is no specific guidance on the security controls that our D.W.A.R.F.S. should implement to protect the results of their hard work in their Cryptocurrency system and Exchange, however, our guardian, Snow White, can help. The first step to protection is to apply the principles outlined in the recognised best-practice security frameworks, already widely-used across more mature enterprises, including the ISO 27000 and NIST 800 series. Software, of course, is fundamental to cryptocurrency systems and exchanges, and software flaws in these have been used in some recent attacks; a software flaw may have been the ultimate cause of the Ethereum wallet lockout, and the NiceHash breach may have been possible due to flaws on the that marketplace’s website.
As in most organisations, software developers in cryptocurrency marketplaces are likely to be under constant pressure to release the latest features; too often, software is developed for functionality, with security as an afterthought, so sadly it’s not surprising that flawed software is a primary route of attack. But, leaving security to be an afterthought, perhaps to be dealt with after security tests during the QA phase, can delay release schedules as security retrofitting can be more time-consuming than building it in in the first place – and may even be less-effective (and secure); the end result is an easier nut to crack targets for attackers. So, secure application design and secure coding practices should be incorporated into e software development lifecycle from the outset and, where possible, inputs from threat analysis incorporated into the design phase (perhaps as “abuser stories” in an agile SDLC), as well as “white box” penetration testing – peer code review, and consider automated static code analysis. After release, continued proactive defence strategies including vulnerability monitoring, red teaming exercises as well as user education – after all, 19,000 bitcoins were stolen from the exchange Bitmap in 2015 through a simple phishing attack – will reduce the attack surfaces at the Wicked Queen’s disposal. As the cryptocurrency mining and trading efforts of our D.W.A.R.F.S continue to expand, they will become more attractive to attack by those Wicked Queens; Snow White will be extremely busy indeed!
Dr Wendy Ng, CISSP, CCNP; 18th December 2017