A major threat to the increasingly popular virtual currencies was recently discovered by researchers from Kaspersky and INTERPOL. The identified threat has the capacity to embed malware, illegal data, child sexual abuse images or other malicious or elicit data in blockchains of virtual transactions.
Like the Heartbleed flaw this cyber threat hinges on a fixed open space on the blockchain—the transaction’s balance sheet—where data can be stored, hosted and referenced within encrypted transactions and records. The researchers determined that this fixed open space can be exploited by malware and phishing techniques.
The flaw in the blockchain can be exploited by individuals looking for a safe haven to store unwholesome data such as child sexual abuse images and illegal transactions. The possibility of it enabling cybercrime by creating inroads for black market trading is also high, thereby jeopardizing cyber security and cyber hygiene.
How does INTERPOL intend to respond? INTERPOL is taking a two-pronged approach. It is launching an awareness campaign designed to sensitize public and law enforcement departments worldwide about the risks associated with this threat, and will also work closely with the cyber security community to develop a permanent solution to close the blockchain gap.
The threat was revealed at Black Hat Asia 2015 in Singapore. According to Kaspersky’s principal security researcher Vitaly Kamluk:
The core principle of our research is to forewarn about potential future threats coming from decentralized systems based on blockchains. While we generally support the idea of blockchain-based innovations we think that’s it is our duty, as a part of security community, to help the developers make such technologies sustainable and useful for the purpose they were intended for. We hope that bringing potential problems to light now will help in improving such technologies in the future and will make it more difficult for them to be used for any malicious purpose
INTERPOL has also taken the fight against cybercrime a step further by creating an INTERPOL Global Complex for Innovation (IGCI) where security experts including Kaspersky Labs have a part to play.