On Tether Cryptocurrency and Ransomware
Tether has become the defacto reserve currency as the hundreds of different cryptocurrencies are actually created and exchanged on it.
I'll touch on Tether and go into Ransomware briefly, as these are the reason for the post. The I'll deep dive on Cryptocurrency because there is actually three totally separate concepts to address: the concept of the cryptocurrencies themselves, public blockchain, and then there's the concept of the private or permissions blockchain.
Tether and Bitcoin
If you look at Bitcoin trading volume most of it is not actually being exchanged on fiat but these notional cryptocurrencies (refer to crypto as notional cryptocurrencies) that are not backed-up, questionably legal, and not in the wider public interest (allow me to explain).
It is surprising to me that it has lasted this long, reached the market cap it has, and the blind average person will invest without question.
Scam artists have learned a few new tricks this decade.
I can only imagine that in the next decade people will generally look back in disgust of themselves at the wasted investment and energy, worse then any time in history, or look back with victorious greed at how fantastically evil and clever they were.
There is (or rather was) a selection bias in crypto where it attracted only true believers like myself. Some people would look at it and think this is garbage and ignore it, or become true believers. There was no economic model for somebody to look at crypto and say it is a scam, but maybe keep looking at the field in case it shows promise (except a few academics maybe). You were a true believer or not interested.
This was great for an immature and developing community.
However It's no longer harm-limited to a small population of self-inflicted believers, it is spilling over to the average person. Segue into Ransomware.
About 4-5 years ago we had the first Ransomware epidemic and I believe it was a person name Giovanni who famously introduced it to us, he was able to somehow get control of one of these Ransomware server infrastructure and found at the time you can pay with the either Bitcoin or the greendot moneypak, and effectively everybody paid with greendot because you could walk into 7-Eleven buy a moneypak and get your data back.
This ended up disappearing when the U.S. treasury forced greendot to clean up money laundering and now when you register greendot cards you must provide your Social Security number and there is no longer illegal harvesting of greendot cards for illegal value exchange. This disrupted ransomware for a while, but now it has come back with crypto solely. I don't really care about the drug dealers or any of that, Silk Road was entertaining to watch, but the ransomware epidemic is affecting real people who actually are innocent victims.
Fortunately and controversially I believe the nefarious parts of the cryptocurrency space can die with proper application of regulation because of how the regulations already are in most countries.
It's become important for me to advocate for the need to clean up this space as an early true believer and as an InfoSec professional. The current state of crypto doesn't provide benefit to society, just those who are interested in committing crimes with a very thin slither of an exception to the few off-the-grid purist privacy-minded who only benefit when mass-adoption is achieved or they have a less privacy concerned middle-man that takes payment as crypto from you to provide goods when you need from society (a compromise in-itself), so even such privacy people get no benefits of crypto unless we all adopt it (and they need no compromise) as our primary trade currency.
So we have 2 groups; criminals, and the rest of us who don't benefit yet regardless of our beliefs.
So Blockchains are distributed append only ledgers, but what is a private or permissioned blockchain?
Simply it is still an append only data structure, just with a limited number of authorised writers. a.k.a. a get archive or WORM.
There is nothing nothing fundamental in a private blockchain that's hasn't been understood in the field for 20+ years, and even the truly paranoid had tarsnap for 10+ years now with the same characteristics, it's just that now crypto has a buzz word Blockchain that causes idiots to throw money at the problem.
Crypto has a buzz word Blockchain that causes idiots to throw money at the problem.
So if you see a private or permission blockchain project it means either one of two things; either it's a delusional piece techno-utopianism or somebody smart in IT knows that there real problems with what data you store, how you access it, data provenance and all this other stuff. and they have banded around this buzzword because idiots up management will now throw money at him to solve the said real interesting hard problems with a new label.
So the public blockchains are a global data structure where the idea is there's some sort of centralised point of trust but anybody can append to these systems, so not actually distributed as advertised. Distributed in a sense the data is duplicated to everyone but the trust design decisions are still a centralised point or you have no security, and what is security without trust?
A little on the distributed topic, it is well covered that the Bitcoin blockchain is effectively controlled by only three entities, but in an attempt to be distributed somehow there's this religious notion that being a distributed trust is somehow good and in of itself. The result is systems that are either grossly insufficient or insecure.
The biggest tool that's used for this is called proof of work (best described as proof-of-waste), the idea of POW is that for somebody to rewrite the history they have to do as much useless work as was done to create the history in the first place so as to make it too hard to do and that work is more economicly put to creating value legitimately. Although we have seen a lot of 51% attacks lately I won't digress into these, or how the crypto developers can wipe out ownership of thier blockchain if something they don't like occurs. I will talk about how POW is great if your goal is to do a lot of useless work, though inefficient. Though it is more interesting to look at how to make the system efficient and don't do a lot of useless work, you run into the problem of now you actually don't have any real protections any more.
For example Bitcoin, proof of work is "paid for" and ends up using as much power as many major cities and that's just an obscene waste of energy to claim there's any benefits worth that.
So far a distributed public append only ledger has only been useful for cryptocurrencies regardless of any individual concern of security, privacy, distrubted ledgers, any of that, if it's public it's limited use period.
So although called cryptocurrency, they don't actually work as "currency", they are provably inferior and can never be superior to the alternative fiat or real world payments like VISA, unless you need what is known as censorship resistance, and then you might have an argument for crypto. So let's look at censorship resistance.
The only way to do a censorship resistant transaction without a cryptocurrencies cash, and cash requires physical proximity and mass (a million dollars in US dollars weighs 10KG). So for modern censorship resistant transactions, let's do a direct peer-to-peer payment system (make it public so as to appear legitimate) but make it so that there are no central intermediaries, but it must be solely electronically.
This has been used quite practically for illegal purposes.
But if I, as an average law-abiding person, want to do any payments that is one that the central authorities will actually process, then crypto provably do not work as I have to turn my dollars into crypto because I don't want to always keep it in crypto because the prices jumping up and mostly down at the moment, that's expensive, then I transfer the crypto (that's relatively cheap right now but it's been upwards of $30 in the past even for sub-dollar transactions), and then the recipient on the other side has to convert the crypto back into dollars. You have these mandatory currency conversion steps for any real world transaction using crypto, and even the public companies that used to embraces cryptocurrency (most have backed out including the Bitcoin conferences) only keep a few hundred thousand dollars worth of cryptocurrency when they operated, they are mostly converting crypto to dollars themselves.
Crypto does not work for legitimate purchases, but suppose you believe in the vision of the great Satoshi; you don't want to use crypto either because even his monetary policy is that crypto are designed to be deflationary (JP Buntinx - Cryptocurrency Inflation vs Deflation).
The first rule of a deflationary currency is never spend your deflationary currency!
So when you purchased that pizza of regret for a 10k Bitcoin that's now worth more then your house. Is that FOMO then when you invested, or a result of hard work by the true believers? Neither it turns out. Tether is responsible. But first;
There is way to make a cryptocurrency work, you have to have an entity that takes dollars and give you crypto of equal value and vice versa (take the crypto and return you dollars). This is called a bank and the value exchanged are called banknotes and it's recreating the 18th century banking system digitally yet again. This can work but one of three things have to happen. Regardless of legality or country. these concepts are transferable, so either you;
- have regulation and enforcement money laundering laws (and everything else) in which case you have a system that ends up being no cheaper to operate than VISA or Paypal so whats the point
- you can have what's known as a wild cat bank which is classically a bank that print banknotes but the term can be modernized with any form of value, but wildcats are actually not backed-up, again, 18th century banking.
- you can have something like an liberty reserve where they actually had a backup for their reserve which differentiates itself from the descendant (not backed-up) Crypto. They didn't follow the money laundering laws which is the reason they're not operating today, but you can learn from their mistake.
So now we've set the stage;
Tether is technically a Cryptocurrency, but unlike others it promises to be backed by dollars. The problem is is this is almost certainly a wildcat bank because they manage to produce 2 billion dollars in the space of a few months and they are tied to a Bitcoin exchange that is otherwise cut off from banking.
The core reason why the Bitcoin price exploded was because this is what enables most of the Bitcoin exchanges to operate, very few (if any) of the crypto exchanges actually are connected to any fiat banking systems.
Coinbase and Gemini as the two well known exchanges that will take your fiat (how exactly they connect to a banking system is clouded in secrecy, smoke, and mirrors), the rest of them pretty much you can't actually transfer fiat money in or out of them, they use various investment methods have what is called a "Pay out currency" which is just your desired crypto and it's wallet address, you don't get fiat money.
Every Initial Coin Offering (ICO) should be regarded as a scam, yes i said it, here's why.
In the U.S. banking system and treasury there's this thing called a security that legally describe an ICO, in fact most countries recognise securities. However an ICO is an unregistered security in legal terms, and there is so much precedence i don't have the space to link to them all.
Okay we all fell for the ICO because we fell in love with the Ripple company, and then we figured out XRP the ripple never-ending ICO we now hate has nothing to do with Ripple the company, not even a little bit. The ICO was (is) essentially a money grab that perhaps a small amount of the proceeds were used for Ripple the company but this is entirely discretionary at a personal level with zero obligation apart from public pressure.
On the other side of the spectrum we have companies like Winding Tree, who before the February 2018 ICO I felt passionate about fundamentally, and now I fear the ICO folly will eventually come back to haunt them. To their credit they have addressed certain issues like fake hotels and fiat currency fluctuations among other concerns in their white papers at a high-level using pseudo-tech language that investors really like (but actual technical people find hard to swallow) so it just comes down to the fact Ethereum is subject to POWH, batch overflow bugs, flaws like the "i accidentally killed it" by devops199 or the DOW race condition, and more hard-forks for any arbitrary reason they want (because we can. i.e. not decentralised, not immutable).
If you're familiar smart contracts or not, this is arguably the most popular driver behind ICOs and a really bad idea.
With regular contracts you have this exception handling mechanism called a judge and the legal system. If I can walk up to a smart contract and say give me all your money and it does, is that even called theft? In the real world it would but not for smart contracts. The "i accidentally killed it" flaw shows how it is possible to burn someone else's money without permission figuratively speaking, a highly illegal act.
Smart contracts are intended to be stadardised in that they written in a formal language (normally this is called legalese) but they eliminate the exception handling mechanism and then requires that the code be bug free (the usual I can assure you that we've looked at the code and it's bug free statement applies here).
And the notion that code is law and there's no central authorities, no way to undo things, with basically revealed to be a transparent lie when it's their money on the line (DOW race condition).
There are so many issues with Parity Multisig Wallets like the "i accidentally killed it" flaw, means wallets should never be on internet connected devices, ever. And these are considered cryptographically strong, it's the Smart contract that was at fault.
You need Smart contracts to be one of two things; be perfect from the beginning (right...) or be upgradable (immutable?..) with trust the programmer/s (central authority?..) do not cause further damage and keep the values in their programming outcomes.
Bottom-line, if a central authority can destroy "hack created" smart contracts, they have means to destroy or otherwise alter and fabricate value and you have given them your approval to do this to you inherently when you agreed to the cetralised trust model (bet you didn't think of that), irony? legal? We'll see.
Arguably you can arrange what is poorly named a 51 percent attack to change things however you see fit, it is not actually an attack but actually a design flaw and doing so is not really a bug or an exploit but it certainly will make the central authority irate to the point they'll just hard-fork and you've wasted your effort.
Ultimately all the power belongs to the select few at the top, all the profit also sits at the top with the earliest adopters. Does this sound familiar? It should because this describes precisely a pyramid-scheme.
This turned out to be a negative toned post.. That just shows how amateurish Crypto is currently.
As I mentioned I'm a true believer in Crypto, but the technology that embodies it's values hasn't been invent yet. What we have today is a utopia for scam artists, criminals, and privacy paranoid.
If implemented correctly we may one day realise a truly fair decentralised and secure virtual currency that is adopted throughout humanity, whether that is trust based like past attempts, privacy focused like some of us dream, or a perfect system from the start I doubt, but we can hope.