The Blockchain Revolution Page 14

  If a criminal bought the exploit, he would likely launch it immediately. But a government agency might also purchase it, Israel’s Unit 8200, perhaps, or the NSA in the United States. Such agencies were constantly buying zero-day exploits to hold in reserve against the day they wished to infiltrate or compromise a foreign government or criminal enterprise. All these would-be buyers competed against each other on the Dark Web until the highest bidder won.

  But not this time. Crypto was an anarchist, not a capitalist. He wanted to make sure at least several black hats purchased each of the exploits he was about to offer. For that reason, he would offer them to anyone for a fixed price, not just to a single successful bidder. That way, there would be as many attackers as possible, each one racing against the others to steal as much cryptocurrency as possible before the vulnerability upon which the exploit was based was found and patched.

  The profits were irrelevant to Crypto. But he must require payment to avoid arousing suspicion. Why would anyone give something so valuable away for free? But he would take no chances. He would accept only bitcoins payable to a blockchain wallet he created solely for that purpose and would never access.

  He logged on to the first site.

  Now! Finally, now! A Bee enthused.

  Yes, now. Crypto smiled. The voices had been mostly patient with him since he had committed to his plan. They were welcome to share this moment with him now.

  Watch! he thought, hitting “enter” after uploading the first zero exploit offer, This is how it’s done!

  Yes! Now on to the next site! A Bee rejoiced.

  Bravo! B Bee agreed.

  Half an hour after logging on, Crypto’s work was finished, and the Bees were ecstatic. For once Crypto and they were in emotional sync.

  * * *

  Josh Peabody was at his office, hosting a cocktail party for CryptoBoom!’s biggest investors when the telephone in his pocket went berserk. He ignored it for most of a minute because he was speaking to the chairman of the fund’s valuation committee. But at last, the angry vibrations unsettled him.

  That sense of unease was nothing compared to the sinking sensation he experienced when he looked at the phone’s screen. With a sick smile, he left the room as rapidly as he could without attracting attention.

  Once in the hallway, he dashed to his office and logged on to the site of the largest cybersecurity exchange. To his horror, the price of BitchCoin was plummeting on the breaking news that over twenty-two percent of the tokens in its initial coin offering – including CryptoBoom!’s entire position – had been stolen.

  * * *

  Discovering vulnerabilities in so many cryptocurrency blockchains had required great time and skill on Crypto’s part. But the time between his posting them to the Dark Web and the resulting attacks was trivial. Greed had seen to that. It was amusing to watch the feeding frenzy as black hats snapped up his exploits and raced each other to launch their assaults and even more diverting to observe the desperate attempts of his victims to comprehend what was happening to them.

  This time, the message was too clear to be ignored, even by alt coin fanatics. In a matter of hours, the value of untouched as well as affected cryptocurrencies alike had dropped catastrophically. Most importantly, the credibility of private blockchains – including BankCoin – was on the rise. And that was the sole purpose of the exercise.

  Chapter 17

  All Fall Down

  Frank was once again sitting in the main conference room on the management floor of First Manhattan Bank. At the head of the table sat a grim-faced Horace Nukem, waiting for an update on the wave of assaults that had nearly destroyed alt coin markets. To varying degrees, everyone else looked shell-shocked.

  The door opened, and the receptionist ushered in the last attendee, a middle-aged man wearing the expensively tailored uniform of someone who advises similarly dressed people. Nukem stood up to greet him.

  “All right, everybody,” Nukem said. “Let me introduce you to Henry Gould, from Bingham & Dana, the analytics firm advising us on cyber securities. Henry, please dive right in, and tell us how your people are reading the situation.”

  “Hello, everyone,” the analyst said. “I know you’ve all read a lot about the chaos roiling the alt coin markets over the last two days. What I’ll do this morning is try to quantify the losses and give you B&D’s take on the possible short- and long-term impacts on BankCoin.

  “Let’s start with the high-level numbers. The attackers hit six cryptocurrencies, including bitcoin and the three alt coins with the next highest market values, other than BankCoin. They made off with seven to twenty-five percent of the total number of each of those alt coins, depending on which one we’re talking about. Taken together, the stolen coins have an aggregate value of over twenty billion dollars – yes, that’s ‘billion’ with a ‘B’ – based on their trading values at the time of the attacks. That’s a truly staggering amount – far higher than all previous coin thefts combined.

  “But that’s just the tip of the iceberg. In reaction, the market valuations of all major exchange-traded alt coins plunged, dropping between fifty-six to eighty-two percent, depending on the coin. That amounts to a loss of another one hundred fifty billion dollars of value.”

  A hand went up. “Yes?” Dana asked.

  “Why was the impact so great on coins that weren’t hit? That’s new.”

  “You’re correct. The difference is that, previously, only one type of coin was stolen at a time. In this case, six were hit. The market presumably decided that if six different coins could be compromised at once, every other one must also be vulnerable. I expect they’re right. Regardless of the motivation, we know a lot of people moved some or all of their money out of the blockchain ecosystem and into traditional investment alternatives, like stocks and bonds, or even cash. It’s too early to tell whether those reallocations will be temporary or long-term.

  “At its lowest point, the main alt coin index dropped below twenty-seven percent of its pre-attack value. So far, the same index has only recovered about ten percent of those losses. Assuming no more events occur, we expect index values will gradually move up, but it’s too early for us to guess how far or how fast. You’ll notice I didn’t use the word predict there, either.”

  “Happily,” Cronin interjected, “the value of BankCoin couldn’t be affected, since it’s pegged to the dollar. And our blockchain remains secure. Can you confirm that, Dirk?”

  “This is correct,” Magnus intoned. Frank noted that Audrey Addams had not yet succeeded in paper-dolling the crotchety Dane; he was lounging as usual in a soccer team jersey and jeans.

  “And just as I would expect,” Magnus continued, “because the BankCoin system is not set up in the same manner as other blockchains. We are a closed network. This is fundamental to maintaining its security.”

  “Can you tell whether the same attackers tried to take us down?” Nukem asked.

  “There is no evidence to that effect,” Magnus responded.

  To Frank’s embarrassment and Magnus’s obvious annoyance, Nukem turned to Frank. “Do you agree?”

  “I do,” Frank said. “We’ve seen no increase in the frequency of BankCoin attacks.”

  “Well, thank God for that,” Nukem said. “Here’s hoping it stays that way.”

  Sure, it was great the criminals had spared BankCoin, Frank thought. But why?

  Was it because the BankCoin blockchain was as secure as Magnus believed, or were the attackers simply saving BankCoin for later on?

  That possibility troubled Frank. And another thing did, too: each of the six successful attacks had exploited a blockchain flaw and not a vulnerability in some supporting part of its ecosystem, like wallets or an exchange. That was unnerving as it undermined the prevailing wisdom that the blockchain was an inherently secure architecture.

  At the same time, Dirk’s poin
t was valid. Any Tom, Dick, or Harry with a powerful enough computer could download a copy of most blockchains, become a miner, and start validating new blocks. Because there was no central authority, there was no minimum level of security required for any of those platforms. If some Dick wanted to set his password as “password” or “123456,” there was no one to stop him. That was crazy. And since every miner had a copy of the blockchain, each represented a point of vulnerability that might allow a black hat to break in, mess with that copy, and then try to export the malware from there to other copies.

  “So, where does that take you, Frank?”

  Frank jolted back to attention. Nukem, and everyone else, was looking straight at him.

  Frank had no idea what had just been said, so he ran for what he hoped was safe ground. “It’s certainly a credit to Dirk and the rest of the BankCoin coders that BankCoin wasn’t hit. That said, the fact we weren’t breached this time is no reason to be complacent. Even if we’re more secure today than the competition, we can assume the best of the other alt coin projects will up their game to plug the gaps, or investors won’t come back to them. That means over time we’ll become a more attractive target, on a relative basis, unless we figure out some way to maintain our security lead.”

  “Nonsense!” Magnus snorted. “You are all looking – what is your saying – the gift mule in the mouth. There is a reason every major alt coin scheme was hit except BankCoin. That reason is because BankCoin is far better protected. Unlike the other blockchains, it was designed with security against theft as its highest priority, not as an afterthought. Instead of sitting here wringing our hands, we should be telling the world how BankCoin is the only safe blockchain in existence. I do not understand why we are not doing this.”

  Cronin grabbed the lifeline thrown to him from such an unexpected quarter. “Dirk is spot-on, Horace. These attacks are an opportunity, not a disaster. We should do exactly what he said. Not inappropriately, of course. We don’t want to sound like we’re exploiting other peoples’ misery for our own benefit. But we shouldn’t be shy about pointing out that not one penny of First Manhattan customer assets was stolen.”

  Nukem paused and frowned. “Fair enough. I’m as happy as the next man to ride a gift horse – or even a mule, for that matter – for all it’s worth. But I’m also with Frank. If anyone gets complacent about BankCoin security, they’ll be doing it somewhere else if I find out. From now on, I want a weekly update on everything we can learn about these attacks – how they were carried out, who might be behind them, and what the vulnerabilities were.”

  * * *

  Crypto’s grudging regard for the ill-at ease, cybersecurity-fixated expert that was also his nemesis was beginning to take on Stockholm Syndrome-like properties. Once, while wrestling with a particularly knotty bit of BankCoin code, Crypto caught himself wondering how Frank might work his way through the same problem. But that was nonsense. BankCoin was software to be destroyed, not improved. And Adversego was someone to be defeated, not befriended.

  * * *

  An exhausted Josh Peabody turned off his computer and slumped back in the office chair he’d scarcely left in thirty-six hours. Exhausted but triumphant: he could still call on the old magic when he needed to. Truth to tell, he’d been coasting for the last couple of years, taking advantage of investment waves anyone with reasonable savvy and flexible scruples could ride to a wealthy result. But pulling off the thousands of complicated puts, calls, and swaps he’d just executed in the face of plummeting alt coin prices had taken real skill, not to mention balls. Now that the dust had settled, he could congratulate himself on snatching a small profit out of the jaws of a major disaster.

  Yes, he thought, rolling his sleeves back down and watching the first light of dawn coloring the coastal mountains in the distance, I do believe that Elvis has reentered the building.

  Chapter 18

  Don’t Worry, Be Happy

  Frank felt uneasy as he and Magnus left the meeting on the sixty-fifth floor. True, BankCoin had been spared, but what about the future? Now that such spectacular sums had been stolen, wouldn’t many more criminals want to stick their greedy hands into the cryptocurrency cookie jar? And not just criminals. North Korea, chronically short of hard currency, was suspected of stealing more than a hundred million dollars from South Korean banks through cyber theft.

  “You know,” Frank said to Dirk as they walked to the elevator, “it’s tough for me to feel as confident as you about BankCoin. There’s a ton of bad guys out there, and only so many alt coins to go around.”

  “Only so many, yes,” Magnus replied, “but that is not the same as ‘not enough.’”

  “Okay, I’ll grant you that,” Frank said, “but how about this? The more the valuations of the other alt coins go down, the bigger the prize BankCoin becomes in comparison.”

  “Yes, but so what? When speculators lose money, people say ‘Who cares? What should they expect?’ But if criminals hack the global banking system, every law enforcement service will say ‘Oh my! We must catch these very bad guys!’ Does that not make the criminals stop and think?”

  As always, Magnus made sense, Frank thought as they went their separate ways. Still, while higher stakes might give some black hats pause, others would certainly be up to the challenge. Also, not all member banks were in developed countries. Some of those in emerging economies might not be as sophisticated when it came to cybersecurity controls or as diligent in paying attention to them. A successful attack against a single bank would not take down the entire BankCoin network, but it would undermine its credibility.

  That type of risk was clear. Hackers had penetrated the Central Bank of Bangladesh in 2016. At first, they laid low and watched how the bank managed its electronic transfers. After they’d seen enough, they followed the same steps to instruct the New York Federal Reserve Bank to transfer a billion dollars to the criminals’ accounts. The Fed wired over eighty-one million dollars before it caught on and turned off the tap. And that was only because they grew suspicious when the hackers misspelled “foundation” as “fandation” in an instruction.

  If black hats could do that with the traditional inter-bank transfer system, why couldn’t they figure out how to misdirect payments from BankCoin accounts as well? So, no, he didn’t feel nearly as confident as Magnus. Now what was he going to do about it?

  * * *

  Crypto was back at work, more cautious than ever. He expected some law enforcement officers might not have worried much about thefts of alt coins owned by speculators foolish enough to put good money into invisible tokens. But they could scarcely ignore the financial bloodbath Crypto had just unleashed.

  He would need to be particularly careful regarding BankCoin. Surely, the banks would push their cybersecurity experts as hard as possible to make BankCoin invulnerable. They would also look hard to discover what someone like Crypto might be up to.

  What if they are successful? A Bee interrupted. WHAT IF THEY SUCCEED?

  Hush! Crypto thought. You know I’ve considered that possibility a hundred times.

  But what, A Bee persisted, if this Adversego person is as good as his bank keeps trumpeting?

  If he is, then you must stop him! A deeper voice boomed.

  Oh no, Crypto thought. B Bee was back. That was a bad sign.

  Then both Bees went on the attack, each with unexpected fury. He would have to appease them. But how? He had already considered one possibility …

  Yes! Do that! You must do that! the Bees called out in unison.

  But to do that, he would need help …

  Then get it!

  Crypto looked back at his screen. He hated it when the voices grew so insistent; so confident. Sometimes too confident. But often they were right.

  Do it!

  Ah. He sighed, wavering.

  The Bees had a point. He could not risk Adversego noticing so
mething. But if Crypto sought assistance, there was also the risk that whoever he entrusted with the task might be careless. Or even betray him.

  What to do?

  Do it! Do it NOW!

  It was growing hard to separate his thoughts from the words of the voices. Perhaps he should embark upon a measured response. Greed was a powerful motivator. There was no stronger glue to keep lips sealed than the promise of money. He could afford to pay well, and he would need to expose little to gain much. Maybe that would be all that was needed. And he could, after all, instruct one of his lieutenants to act as a middleman on his behalf.

  Yes. DO IT! A Bee shrilled.

  We’ll be watching, the somber voice of B Bee intoned.

  The background stadium sound Crypto could usually ignore ratcheted up to a sullen roar, as if the home team had just been defeated. He hoped it didn’t signal the beginning of another difficult period in his life.

  * * *

  By “one of his lieutenants,” Crypto was referring to a member of the cadre of Dark Web co-conspirators he referred to as his general staff. It had taken him years to gather them, and most of the rest of the decade for them to build his vast network of true believers in anarchist political theory. In the beginning, he had spent countless hours at radical chat sites, observing but never taking part. Doubtless the security agencies of many nations were monitoring the same web locations, and he could not risk being noticed by governments he hoped someday to overthrow. Instead, he lurked and listened, assessing the comments of regular participants and paying equal attention to how they expressed them. He was looking for zeal, to be sure, but also for maturity and for people he sensed he could trust. When he decided someone met those requirements, he added them to his list of potential allies.