Friday, April 25, 2014
Inquirer Daily News

The bitcoin economy's darker side: Botnets

Bitcoin simultaneously captured the imagination of a corner of the tech world and a corner of the financial world. Now, as its price wildly fluctuates, those corners seem increasingly shadowy.

The bitcoin economy's darker side: Botnets

After its introduction in 2009, into a world economy still reeling from the recent financial crisis, bitcoin simultaneously captured the imagination of a corner of the tech world and a corner of the financial world. Now, as bitcoin's price wildly fluctuates, those corners seem increasingly shadowy. 

Bitcoin's appeal is easy to understand. Here was a currency free from control by world leaders and their central bankers, who didn't look particularly good at that historical moment. Its money supply was controlled - only a fixed amount could be digitally "mined" each year - so the inflation risk was minimized. And it was exchanged over the Internet through encrypted, peer-to-peer communications, so it was outside the purview of the ordinary tools of law enforcement. No wonder bitcoin appealed both to libertarian technophiles and players on the financial fringe.

Just a few days ago, the world supply of bitcoin was said to have surpassed the equivalent of $1 billion - prompting Reuters blogger Felix Salmon to suggest the world was facing "a bitcoin bubble." That followed February's news that the Internet Archive was accepting bitcoin donations, and even paying some employees partially in bitcoin.Two months earlier, the French government gave bank-like status to one of bitcoin's exchanges, making it "as legit as PayPal," according to the Atlantic Wire.

But in recent days, reports by Salmon and others have exposed one of bitcoin's darkest sides: mining. Much as real-world wealth has sometimes been built by the use of human slaves, bitcoin miners are capturing computers to amass the digital currency, according to warnings from Internet security firms such as Fortinet, which called a bitcoin (and click-fraud) botnet called ZeroNet the top security threat of 2013's first quarter. 

Adam Pasick, who notes FBI concerns about the Bitcoin malware, described the methodology in his April 8 piece for Quartz, Working in a Bitcoin Mine:

The digital currency Bitcoin is having a bit of a moment, which is drawing the attention of cybercriminals. They don’t want to steal your money (though there is some of that too). Instead they want to hijack the processing power of your computer to create more bitcoins out of thin air.

There is no company, central bank, or government behind Bitcoin—there is only math. The currency, created by a pseudonymous researcher and governed by computer code, is slowly adding more coins to circulation. New bitcoins are distributed to users with access to hugely powerful computers, which compete to process fiendishly complicated math problems. The system gives new coins to the winner as a reward; the process is known as “mining.”

The newest Bitcoin scam was discovered last week by security firm Kaspersky Lab, which found a type of computer malware that hijacks computers and uses them to mine new bitcoins.

The computers are infected through links within Skype—users click on an link that installs software on their machine, and they become unwitting slaves in the bitcoin mines. Kaspersky’s Dmitry Bestuzhev found infected computers in Italy, Russia, Poland, Costa Rica, Spain, Germany and Ukraine that have been brought to a crawl as nearly all of their processing power is stolen.

This isn’t the first Bitcoin botnet, as massive networks of hacked computers that are controlled by cybercriminals are known. A botnet called ZeroAccess was estimated to be earning $2.7 million a year by using infected computers to mine new coins, even offering bounties for new infected computers. And as the media hype and Bitcoin’s valuation rises, there will undoubtedly be further exploits.

It's hard to tell where this all leads. Bitcoin's exchange rate plummeted yesterday from $265 to $150 - a crash initially attributed to a "classic correction" after the price quintupled in the last month, but also on signs of distributed-denial-of-service attack.  Today, a new TechCrunch report blames the fluctuations on a spike in interest in the alternative currency.

If I had any coins to bet, I wouldn't bet them on the future of bitcoin. But maybe that's why I'll never be rich.

Jeff Gelles Inquirer Business Columnist
About this blog

Jeff Gelles, who writes the Inquirer's weekly Consumer 14.0 and Tech Life columns, takes a broad look at the marketplace of goods, services, and ideas.

Reach Jeff at jgelles@phillynews.com.

Jeff Gelles Inquirer Business Columnist
Business Videos:
Also on Philly.com:
Stay Connected