Abusing block chain to share illegal data, including pedo material

The international criminal police organisation Interpol and private researchers discovered a severe flaw in block chain used by virtual currencies.

INTERPOL cyber threat researchers, including members of the Kaspersky Lab, have identified a serious vulnerability in the virtual currencies schema. The flaw resides in the ‘block chain’ related to virtual transactions and it could be exploited to transmit code embedding malware or other illegal data, including child abuse images.

The flaw was uncovered by an Interpol researcher and a colleague from the Kaspersky Lab Research and Innovation unit at Interpol’s Global Complex for Innovation (IGCI), the research was presented at the Black Hat Asia 2015 conference in Singapore.

The block chain is the public ledger used to register the various transactions in the virtual currency scheme, it is constantly updated and confirmed by autonomous computers. The transmission of ‘bits’ of data can be performed using Cipher Block Chaining (CBC) where a sequence of bits are encrypted with a cipher key applied to each block.

The mechanism is common to many crypto-currencies including Bitcoin, Litecoin, Peercoin, Ripple, Nextcoin and others, the unique difference is space in the block chain used to store encrypted data related to transactions.

This space could be abused for the illegal activities mentioned before, the experts discovered that it is possible to inject malware or any other data in that space and the bad news is the absence of procedures to delete this data.

The experts speculate that the mechanism could be exploited to share child sexual abuse images, to archive modules of a malware and also sell any kind of illegal odds exactly like ordinary happens in illegal underground marketplaces.

“The design of the block chain means there is the possibility of malware being injected and permanently hosted with no methods currently available to wipe this data. This could affect ‘cyber hygiene’ as well as the sharing of child sexual abuse images where the block chain could become a safe haven for hosting such data. It could also enable crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.” reportes a press release issued by the Kaspersky Lab.

The exploitation of decentralised systems like Bitcoin and the possibility to complete a transaction without the validation of a trusted third party (like a bank) makes this security issue very dangerous and effective.

The research is very important because warns security community about potential future threats coming from decentralized systems based on blockchains. While we generally support the idea of block chain-based innovations we think that’s it is our duty, as a part of security community, to help the developers make such technologies sustainable and useful for the purpose they were intended for. We hope that bringing potential problems to light now will help in improving such technologies in the future and will make it more difficult for them to be used for any malicious purpose,” said Vitaly

Public disclosing this kind of issues could help operators of virtual currency systems to improve the technology and prevent illegal abuses.

Pierluigi Paganini

(Security Affairs –  virtual currency, block chain)