The Bitcoin Blockchain Could Be Used to Spread Malware, INTERPOL Says

The blockchain can be used for both good and evil.

|
Mar 27 2015, 3:02pm

​Image: Flickr/​BTC Keychain

​Bitcoin's core technology, the blockchain, could be repurposed by hackers to serve harmful malware to unsuspecting cryptocurrency traders, according to INTERPOL.

The blockchain is a decentralized public ledger of all Bitcoin transactions. Whenever a new batch of Bitcoin transactions are verified, they're uploaded to the blockchain. Because the blockchain is decentralized, that data is also downloaded to the computers of everyone running Bitcoin software. The problem is that all kinds of files, not just Bitcoin transactions, can be uploaded to the blockchain, including malware.

According to a statement from INTERPOL and researchers from cyber security research firm Kaspersky Labs, uploading malware to the blockchain would make it extremely hard to get rid of. Indeed, there are "no methods currently available to wipe this data," according to the statement. Once a file is in the blockchain, and hence on every computer in the Bitcoin network, it's there forever. For now, at least.

Some proposed solutions, like filtering pure data uploads from those containing transactional information, have been floated. However, censoring what enters the blockchain is likely to raise the ire of Bitcoin's more libertarian-leaning supporters. As Bitcoin developer Jeff Garzik put it in a 2013 blog post on the issue, "Is data transmission a valid use of bitcoin? The users themselves choose the definition of 'valid.'"

This issue poses serious security questions regarding blockchain technology, which promises to be a key concern going forward as the blockchain is adopted by industry. IBM is considering using the blockchain to power a network of internet-connected devices, for example. Blockchain technology can also be used to further decentralize all kinds of services, from email to online activism.

In each of these cases, the blockchain could theoretically be repurposed to infect computers with harmful malware.

At the Black Hat Asia 2015 conference in Singapore, where the work in the INTERPOL statement was presented, the researchers also unveiled a proof-of-concept malware to prove that this attack really works, Forbes reported. The malware ran on the Bitcoin network and communicated with a hacker-controlled Bitcoin address, extracting information on transaction recipients. Using this information, the malware could be used to perform a number of attacks, such as installing software that can track what you type on a user's machine without their knowledge.

The INTERPOL statement also noted that the blockchain could be used to host malicious or illegal content of different kinds, such as child pornography. This isn't a new concern. In 2013, Bitcoin users discovered that someone had uploaded links to sites containing child pornography to the blockchain. People freaked out, and for good reason—technically, they all had links to child porn stored on their computers, and will for as long as they use Bitcoin.

While blockchain technology is certainly promising as a tool to decentralize services and power virtual currencies, like Bitcoin itself, it can be also be used for more nefarious purposes