In the past few weeks, a widespread and coordinated international cyberattack seized control of hundreds of thousands of computers in 150 countries. Those affected by the cyberattack would see a window pop up on their screen telling them that their files were inaccessible, then demanding payment of a ransom lest their files be deleted. But the ransomers in this attack weren't demanding gold bars, a parachute or sacks of unmarked bills delivered to a secure location. They wanted bitcoins.
Bitcoin is what is known as a "cryptocurrency," a digital currency that is distributed without any kind of centralized bank. The mechanism of distribution is complicated — you can read a full rundown — but basically bitcoin relies on users’ distributed computing power to ensure the viability of transactions. Running the software to keep track of transactions takes resources, and users who do so are motivated by the prospect of earning bitcoins in exchange for their computers’ assistance in keeping track of a bitcoin ledger.
Boosters of bitcoin see the currency as having many strengths compared to regular money: Cryptocurrencies have no central bank managing and issuing them and their use remains mostly anonymous when transactions occur. (This latter point is arguable, as I’ll discuss momentarily.) And unlike regular money, which usually moves across the world via banks or financial agencies, cryptocurrencies can move around through digital wires unhindered by processing fees or taxes.
The perceived strengths of bitcoin as an alternative to fiat money — that it moves around pseudonymously and thus is much harder for government officials to track or seize accounts — is also its weaknesses. Indeed, these characteristics have made bitcoin the currency of choice for ransomware hackers as well as illicit online marketplaces like AlphaBay (and the now-shuttered Silk Road) allowing buyers and sellers to trade black-market goods like drugs and credit card numbers alongside quotidian, traditional online marketplace goods such as clothes and books. Yet the ethereal aspects of bitcoin — you don’t need to store it in a bank and it doesn’t exist on paper but is merely a string of numbers — means it's the ideal tool for a digital ransom.
“I think [bitcoin’s] association with malware and ransomware signals that it has a problem because bitcoin investors and developers and — pardon this terrible term — ‘bitvangelists’ don’t want that,” Julian Gottlieb, a visiting assistant professor of politics at the University of Oregon who studies cryptocurrencies, told Salon.
Institutional investment gives cryptocurrencies like bitcoin a patina of legitimacy, Gottlieb explained. “In Japan right now, because of some economic stagnation, there’s been an effort for investors to diversify their portfolios, and they’ve been encouraging people to diversity portfolios and invest in bitcoin,” he said.
The value of a single bitcoin, currently about $1,700, rises and falls depending on how many people invest in the currency — meaning how many people buy bitcoin in exchange for "real" money.
So is bitcoin to blame for enabling these digital ransomers? Many bitcoin enthusiasts scoff at this idea. Becky Metivier, in a blog for Sage Data Security, argued that bitcoin is not to blame for ransomware. Metivier pointed out that “poor security policies and practices” are just as much to blame for ransomware as “encryption and bitcoin.”
Metivier wrote, “Because of its association with ransomware, bitcoin’s benefits have been obscured by a cloud of misconception.”
Part of that misconception is the notion that bitcoin use is really anonymous. Because all transactions are recorded in the “blockchain” — basically an ever-growing ledger — there's some ability to track bitcoin transactions. "Bitcoin is pseudonymous, not anonymous," says Charles Bovaird, lead markets writer for CoinDesk, a cryptocurrency news site. "The cryptocurrency's transactions involve transfers between bitcoin addresses, which are strings of letters and numbers. Every time a bitcoin transaction takes place, it gets recorded on the blockchain, where it is linked to the addresses involved."
Outside of enthusiasts, who share information about cryptocurrencies in many different online forums and news sites, the average person might hear about bitcoin only when it’s in the news for something like a cyberattack or ransomware story. “Bitcoin has shown its promise for a lot of illicit activities, like hacking for pay, large-scale heists online," said Gottlieb. "The semi-anonymity of the technology does lend itself to that.”
Gottlieb sees a problem in the way that the media industry covers bitcoin: Since the currency is decentralized, no central voice can defend bitcoin when a news story portrays it in a negative light.
“If Chase Bank were hacked, they would have a PR community,” Gottlieb said. “But [bitcoin] is a fractionalized community; there’s no way to respond to something like this en masse.”
One might draw a similarity to the Occupy Wall Street movement: Because of the inherently decentralized nature of bitcoin transactions, one bad apple — say, a man climbing a public art structure and refusing to dismount at a protest — reflects poorly on the entire organization, with no point person in the PR department to run damage control.
For his part, Gottlieb sees bitcoin as having more populist possibilities that extend beyond its potential as a tool for cybercriminals. “The same thing that makes it possible for hackers to hold digital assets hostage and extract wealth from people with bitcoin also allows it to be a potential source of power for activists in authoritarian regimes,” he said. “It can keep people anonymous, protect their identity.”