Hacking Blockchains: Major Cybersecurity Attack Vulnerabilities To Be Mindful For
Blockchain is Entirely Secure, Right? Well…
The relationship between the internet and the countless millions of users that make up its population and all of the information they share have a, less than positive relationship with those that want access to that information. Much like the relationship between criminals and cops; the relationship is based on constant escalation to find or resolve a weakness.
And in the current state of affairs, the internet, with all of its users and companies, is in no position to patch holes rapidly in comparison to those actively looking to break through them.
As much as we'd like to think that the race for cybersecurity is a near-run one. The reality is far more unsettling for those considering they are safe on a system that is proving to be increasingly outdated.
Recent memory demonstrates this to a worrying, if not painful degree for those witnessing the attacks of Equifax or WannaCry. And even worse for those that were the subject of these attacks.
The difference in size between a monstrously large company versus a select team of hackers says all we need to about just how the race is being lost by the former. With companies proving that they are in no position to react fast to an attack when it happens, betraying the trust of countless numbers of users in the process.
But Blockchain's The Exception To This Rule… Right?
While Blockchain technology and its many applications have been a watershed moment for individuals and companies. And while the level of security that they provide is exceptional in comparison with what was once available.
The unspoken and unfortunate reality is that Blockchain, like any kind of system, has its vulnerabilities or holes in the level of security it has. This means that blockchain while being lauded as a cybersecurity marvel, is as vulnerable to breaches as anything.
Here are some of how blockchain can find itself attacked and infiltrated by malicious programmes and users.
This form of attack is made possible with the direct infiltration or cooperation of a key service provider operating within the blockchain system. Contrary to popular belief, while nodes within a cryptocurrency like Bitcoin are meant to be a decentralised element.
Currently, these nodes are more centralised than we're led to believe. This means that a routing attack would have a direct influence on a greater number of nodes. The centralisation of these nodes is demonstrated by research recently conducted by ETHZurich.
What this shows is that, while 13 nodes are responsible for 30% of Bitcoin transactions. Only 3 of these nodes conduct over 60% of transactions currently. Meaning that even if one of these nodes had its ISP hit with a routing attack, the hacker would have access to 20% of Bitcoin transactions.
Based on the book ‘Sybil', these attacks happen when a large number of nodes on a single network are owned by the same party. All with the intention of subverting its initial functions by falsifying or interrupting transactions that take place between the node and the user.
While these attacks are not common, they still present a significant enough threat to lead to cryptocurrencies to implement countermeasures to prevent this fear from becoming a reality.
Bitcoin, Dash and others, are capable of circumventing this through its ‘proof of work' system. Meaning that a failsafe exists which can assess the validity of any transaction that takes place; weeding out any potentially false actions.
For those that aren't as familiar with cryptocurrencies and their [unfortunate] experience with these attacks, Silicon Valley's ‘Pied Piper' had the fortune to reverse theirs. But what it involves is a user or collection of users gaining a majority over the hash power available on the blockchain.
Control over the majority of hash power means that the user can mine cryptocurrency faster than anyone else on the blockchain. This majority would also allow them to defraud cryptocurrency exchanges through ‘double spending'.
Double spending refers to the defrauding of crypto by committing to a transaction, receiving the goods or service within that transaction. And before the transaction completes on the majority holders side, forking the blockchain.
Effectively, this erases the transaction and allows the culprit to complete another transaction using the same cryptocurrencies that were used in a previous action.
While a 51% attack doesn't give the user control enough to change anything drastically on the system. The real damage is to the level of confidence users have in the system.
Direct Denial Of Service
These attacks are epitomised by flooding a system with a high volume of requests and traffic to the server. Causing a significant backlog on whatever the user is targetting. These DDoS attacks can be undertaken by users against anything from websites to specific cryptocurrencies.
These methods of attack are different from other cybersecurity attacks for the reason that they're easily accessible for individuals to buy. The only reason that blockchains like Bitcoin are able to counter these DDoS attacks is because of previous design choices.
The Real Threat To Users? Users
Blockchain, as a system, is a strong system, there's no question over how effective it is for providing an improved level of security for individual users. And while cybersecurity is a wall that is occasionally breached, the emphasis is definitely on ‘occasionally'.
The problems that cybersecurity has within the realm of blockchain and cryptocurrencies are two-fold. One is with the effectiveness of third-party users in providing this same level of security over their products.
Recent events have shown that while the number of cryptocurrency wallets and exchanges is increasing over time. The level of security they provide is wanting when because over the years, millions of dollars in different cryptocurrencies have been stolen.
The other glaring threat is one we see in the mirror: Users. We, as people, have a tendency to be secure when we want to be, but idle time, busy schedules and a tendency to forget, mean that we are likely to reuse passwords and not operate with a high-level of security.
This fact not only puts the individual at risk but has the possible outcome of meaning that countless other users and their information are put at risk because of human error. As long as we live in a world where this is a predominant factor for why breaches of security and trust happen. Cryptocurrencies can't thrive in the way we'd like to see them.