Several of London’s largest banks are looking to stockpile bitcoins to pay off cybercriminals who threaten to bring down their critical IT systems.
The virtual currency is highly prized by criminal networks because it cannot be traced and is now being acquired by blue-chip companies to pay ransoms, according to a leading IT expert.
On Friday, hackers attacked the Web sites of a number of leading online companies including Twitter, Spotify and Reddit. They used special code to harness the power of hundreds of thousands of Internet-connected home devices, such as CCTV cameras and printers, to launch attacks through a US company called Dyn that provides online directory services.
There is no evidence that Dyn was the subject of extortion demands, but it has become apparent that hackers have been using the code to threaten other businesses into paying them with bitcoins or risk being the target of similar attacks.
Simon Moores, a former technology ambassador for the British government, visiting lecturer in applied sciences and computing at Canterbury Christ Church University, and chair of the annual international eCrime Congress — a global body for IT professionals to discuss the threat — said the scale and the ferocity of the attacks mean some banks are deciding it would be cheaper to simply pay the criminals off.
“The police will concede that they don’t have the resources available to deal with this because of the significant growth in the number of attacks,” Moores said. “From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack.”
Moores declined to identify the banks buying up bitcoins, but it is understood senior police officers have been made aware of the practice.
Telecoms provider TalkTalk lost 101,000 customers and suffered costs of £60 million (US$73.4 million) as a result of a cyberattack last year.
“Big companies are now starting to worry that an attack is no longer an information security issue, it’s a board and shareholder and customer confidence issue,” Moores said. “What we are seeing is the weaponization of these [hacking] tools.”
Cybercriminal gangs have been known to extort bitcoins from the large Web hosting providers in return for not launching a distributed denial of service (DDoS) attack — when large amounts of data are directed against a company’s IT infrastucture.
In recent months, DDoS attacks have seen about 600 gigabits of data per second being directed at targets — more than enough to bring most Web sites down.
“Once it goes above a terabit, that wipes out any protection, no current protection systems can deal with that sort of flood,” Moore said.
There are also fears that criminal gangs could seek to escalate their targets. Earlier this year, the IT systems of a German nuclear power station were compromised. Governments have become so worried about the threat to critical infrastructure that they are taking evasive action.
The Singaporean government has taken some of its services off the Web and three years ago the Kremlin reintroduced typewriters.
Moores predicted a “Lehman Brothers moment” was on the cards.
“We’ve got to come to grips with this. Everybody’s over exposed,” he said.
|
.jpg)
