Banks Are ‘Hoarding’ Bitcoin To Pay Attackers

Major British financial institutions are looking into hoarding bitcoins for use in buying off online attackers as the risk posed by distributed denial-of-service (DDoS) attacks grows, according to a prominent computer security expert.

Banks are now looking into buying bitcoins in order to have a way of quickly dealing with online extortion, Dr Simon Moores, a former technology ambassador for the British government and chair of the annual international e-Crime Congress, told The Guardian.

Bitcoin hoard

“From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack,” he told the newspaper.

Police admit they don’t have the resources to deal with attacks that can make websites inaccessible in real time and “might not be able to assist (banks) at the speed with which they need to put themselves back in business“, Moores said.

Online attacks are no longer merely a matter of information security, affecting the confidence of boards, shareholders and customers, he argued.

Moores didn’t identify particular institutions, but senior police officers have been informed of the practice, the newspaper said.

Hackers usually demand payments in bitcoin because the digital currency can’t be traced.

Latest DDoS attack

Moores’ remarks follow a distributed denial-of-service (DDoS) attack on Friday that disabled a number of major websites, including Twitter, Spotify and Reddit, by targeting a service that provides domain name server (DNS) hosting.

That attack appears to be directly linked to the explosive growth in Internet-connected devices such as set-top boxes and security cameras, which have little or no security and as such can be easily taken over en masse by hackers and used to carry out crimes.

DDoS attacks use large, distributed networks of hacked devices to inundate servers with more traffic than they can handle.

While most DDoS attacks to date don’t appear to be motivated by financial considerations, security experts have said extortion is a growing concern.

IoT botnets

Friday’s attack made use of Mirai, a botnet-building tool that relies exclusively on connected devices, sometimes called the Internet of Things (IoT), according to security firm Flashpoint.

Mirai was recently used to launch a massive DDoS attack on the website of security journalist Brian Krebs and on France-based hosting firm OVH, and the hacker who developed the tool later publicly released its source code.

Other hackers then used the code to create their own “copycat” botnets, and it may have been one of these that figured in Friday’s attack, Flashpoint said in an advisory.

“While Flashpoint has confirmed that Mirai botnets were used in the 21 October, 2016 attack against Dyn, they were separate and distinct botnets from those used to execute the DDoS attacks against ‘Krebs on Security’ and OVH,” the firm stated. “It is unknown if the attacks against Dyn DNS are linked to the DDoS attacks against Krebs, OVH, or other previous attacks.”

Chinese electronics firm Hangzhou Xiongmai over the weekend issued a recall in the US for the webcams identified as playing a role in the Friday attack on Dyn.

Are you a security pro? Try our quiz!