It's been used for illicit dark web drug deals, it may well be the future of banking, and it's driving speculators on a wild ride — bitcoin is many things to many people. For an increasing number, however, the cryptocurrency is a tool for extortion.
Bitcoin has been used before in ransomware — a type of malware that restricts computer access unless a ransom is paid — but a new report from cyber intelligence firm Recorded Future details how criminals are increasingly turning to bitcoin as a means of payment for another kind of attacks.
"The adoption of bitcoin within the cyber extortion landscape is going to continue to grow," Tyler Bradshaw, the solutions engineer behind the report, told CNBC.
The Recorded Future report outlines how a group called DD4BC unleashed distributed denial-of-service (DDoS) attacks against companies, lobbing massive amounts of digital requests at a service through a network of addresses in order to disrupt access for legitimate users.
The attackers, whose name stands for "DDoS for Bitcoin," would threaten companies with an upcoming attack, demanding a ransom paid in bitcoin in exchange for standing down. In a September report, Internet services provider Akamai revealed that it had recorded 141 attacks from the group.
The publicity afforded to the group after that report's release may have led to copycat criminals, Bradshaw said. A new group called Armada Collective quickly sprang up, using the same methodology as DD4BC, and Recorded Future said it had discovered several recent Dark Web requests for information on how to conduct similar attacks.
The DDoS threats sometimes worked, as the attackers demanded relatively little money — usually between 10 and 200 bitcoin, or $4,100 to $82,000 at the current exchange rate.
A group calling itself Armada Collective — which may not be the one that originally claimed the name — appears to have upped the ante, demanding that three Greek banks each pay 20,000 bitcoins (worth more than $7 million at the time). Despite seeing disruptions in transactions for a period, all three banks declined to pay the ransom and employed protections against future DDoS attacks.
"Nevertheless, the DDoS threat landscape continues to evolve. While cyber extortion has been around for quite some time, the adoption of Bitcoin as a method of ransom will continue to attract new miscreants into the DDoS space," the Recorded Future report concluded.
Speaking with CNBC, Bradshaw said he thought the anonymity commonly associated with cryptocurrencies (of which bitcoin is the most popular) "is pretty enticing" for those considering cyber extortion. Earlier schemes relied on bank accounts or money orders, he said, so criminals felt they were at greater risk of being tracked down by authorities.
Bitcoin, however, is not even remotely an anonymous system. Law enforcement agencies have on multiple occasions traced bitcoin transactions to criminals. Famously, former FBI Special Agent Ilhwan Yum traced 3,760 bitcoin transactions from servers tied to the investigation of illicit online marketplace Silk Road to the laptop of Ross Ulbricht.
In part on the basis of this testimony, a Manhattan court found that Ulbricht had been the mastermind behind the Silk Road, and consequently found him guilty on seven counts — including being a "drug kingpin." He was sentenced to life in prison.
That cautionary tail has not stopped some criminals from using the digital currency in brazen attacks such as those by DD4BC and the Armada Collective.
"Perhaps that might be something that might be a little misunderstood," Bradshaw said of authorities' bitcoin tracing capabilities. Still, he said, the relatively minimal barriers to entry and the lack of personally identifiable information tied to bitcoin addresses make it appealing to hackers.