OFFICIAL SECURITY BLOG
August 24, 2012 | BY Adam Kujawa
BitCoin is a new-ish form of digital currency. It allows people to perform financial transactions without the need for a bank or central authority and allows for a large amount of privacy. Transactions are currently limited to ones performed online and only by individuals and organizations that accept BitCoin as payment. However, in the next few months BitCoin will be available on more than just shops on the web with the release of the BitInstant BitCoin debit card, a new way to spend virtual money in the real world. However, is this new creation a step in the right direction or just another avenue for cyber-criminals to steal your money?
A company called BitInstant, which specializes in converting real cash into BitCoins (and vice versa) by either transferring them from a BitCoin virtual wallet or a non-digital financial institution, is on their way to creating a BitCoin debit card. With this debit card, users will be able to withdraw real cash from ATMs by converting their BitCoin balance into whatever currency the ATM supports. It also allows the user to conduct real-time BitCoin transactions in person using a special phone App and the QR code located on the debit card itself. It is a revolutionary idea that, combined with BitCoin itself, serves as a shining example of real life science fiction.
While BitCoin has been a great tool for getting around government and private industry control of our finances, cyber-criminals heavily abuse it. Just like most things designed to help people keep their virtual independence. BitCoin has been used notoriously by cyber-criminals on the black market to buy and sell things like credit card numbers and bot installs. It is also used as a tool for money laundering and keeping law enforcement guessing when it comes to funding Hactivism and “extra-legal” activity.
Contrary to how BitCoin has been abused before, the BitInstant debit card might actually be used for good. BitInstant automatically has rules against any kind of money laundering activities. In addition, in order to comply with credit card application standards, people will probably be required to submit identification to apply for the card itself. This means that cyber-criminals will less likely use it. Although historically proof of identification does not stop the bad guys. We have seen the use of fake identification used to register domain names and purchase hosting servers in the past and there is nothing stopping them from doing it here. The benefit for the criminals being the ability to easily withdraw “dirty” money from ATMs or use the card to pay for things like black fedoras or vans with tinted windows.
In addition to fake identification, BitCoin account stealing malware already exists and has for some time. Other related malware includes “BitCoin mining” malware which uses the processing power of the infected system to involuntarily participate in “mining” operations, an action which helps BitCoin clear transactions in exchange for free BitCoins for the attackers. Combine the end goal of the BitCoin malware with the credit card scanning technology and BitInstant debit cards may very well become targets for literal “walk-by” card scans to steal account information and virtual money.
BitCoin takes Science Fiction straight from the paper and puts it into reality, one where virtual money and real money are equal in value. I do not expect BitCoin or anything that might be similar to it, to be going away any time soon. I also think that making purchases in the future will rely even more on an international tender that exists in the physical world as nothing more than binary code. However, it is important to realize that as we put more and more of our dependencies, our assets and ourselves in the digital hands of the internet, we are opening the door for cyber-criminals to walk in and take it all from under our noses.
For more information about BitCoin and BitInstant, check out: