« Payday Rule Comments | Main | Counting Healthcare Chapter 11 Filings: Are There More Than Expected? »

Is Cryptocurrency What Makes Ransomware Possible?

posted by Adam Levitin

The story about Baltimore's entire municipal IT system being held hostage by ransomware has two angles that might be of interest to Slips readers. 

First, among the services that are affected is the city's lien recordation system (the city is treated as a county; confusingly there is a separate Baltimore county). That means you can't readily get a lien search, and that's gumming up property transactions.  To me this underscores the risk of electronic property records. They are vulnerable to disruption in a way paper is not. One has to worry about fire and water with paper, but we know how to deal with those risks pretty well. Electronic systems are vulnerable in other ways.  Indeed, if a system can be taken hostage, what prevents data from being altered without Baltimore's knowledge?  I don't want to be a Luddite here, but the convenience of electronic systems comes with some scary risks. 

Second, the payment demanded is in Bitcoins. Ransomware seems very dependent upon cryptocurrencies (particularly Bitcoin). Did ransomware even exist before Bitcoin? (That's a serious question. Maybe someone knows.) The only reason to take data hostage is to get paid. But payment is the dangerous moment for the hostage-taker:  if the payment can be traced to the hostage-taker, the long arm of the law can likely get him too.  This means that a bank-based payment system doesn't work well for the ransomware model. Banks are required to "know their customer," and while false fronts can be used that still creates a possible route for law enforcement, as the beard may know who hired him, etc.  Prepaid cards and cash present similar problems because they have to be physically delivered.  But crypto, ah, crypto seems perfectly made for ransomware, particularly when the hostage takers are overseas.     

If I'm right about this, it leaves me wondering first, why there isn't much more stringent regulation of crypto-currency markets for AML? Not all the players can base themselves off-shore. Even if an exchange is in Ruritania, US consumers need to have a wallet provider. Someone's going to be doing business in the US and using a US bank. If the US can squeeze state actors with its AML regime, why can't it similarly squeeze crypto markets into compliance?   

Second, is there any positive social value to crypto currencies? They seem to be used primarily for two purposes:  money-laundering (I'm including ransom payments in this bucket) and speculation.  Other than the occasional odd case, they aren't being used to hedge, for payments, or for any other socially beneficial purpose that I can tell. Maybe I have this wrong, but I'm having trouble seeing why crypto currencies should be tolerated by the law. 

Comments

I'm pretty sure that ransomware existed, and exists today, independently of bitcoin. While bitcoin is a particularly good vehicle for money laundering and untraceable payments, scammers have long used other payment systems like Western Union and MoneyGram, as well as various kinds of prepaid cards and gift cards. The balances on many such cards can be accessed electronically by anyone with the card number and PIN, making physical delivery of the card unnecessary.

" I'm having trouble seeing why crypto currencies should be tolerated by the law".....

I guess proponents of cryptocurrency would say its all about "freedom".....

but I agree with you, being able to use our money supply to steal from people is freedom to be a criminal without consequences.....

that's called anarchy, people think that's cool when watching mad max or other similar movies or shows, but in real life, its not so cool.....

I think the most socially valuable use of cryptocurrency I've seen is the inflation-hedging use described in this story

https://www.marketplace.org/2019/03/04/world/bitcoin-provides-stability-venezuelas-shaky-economy/

Not that this type of hedging can only be accomplished via Bitcoin, but I think it's the rare case study of true innovation in cryptocurrency.

Of course, Adam's arguments against crypto mostly apply to its physical instantiation: currency. The only difference (and it is a big one!) is that we don't have a noncurrency payment system that really works for the unbanked. And nobody really seems to want to develop such a system: Federal Reserve pieties notwithstanding.

The comments to this entry are closed.

Contributors

Current Guests

Follow Us On Twitter

Like Us on Facebook

  • Like Us on Facebook

    By "Liking" us on Facebook, you will receive excerpts of our posts in your Facebook news feed. (If you change your mind, you can undo it later.) Note that this is different than "Liking" our Facebook page, although a "Like" in either place will get you Credit Slips post on your Facebook news feed.

Categories

Bankr-L

  • As a public service, the University of Illinois College of Law operates Bankr-L, an e-mail list on which bankruptcy professionals can exchange information. Bankr-L is administered by one of the Credit Slips bloggers, Professor Robert M. Lawless of the University of Illinois. Although Bankr-L is a free service, membership is limited only to persons with a professional connection to the bankruptcy field (e.g., lawyer, accountant, academic, judge). To request a subscription on Bankr-L, click here to visit the page for the list and then click on the link for "Subscribe." After completing the information there, please also send an e-mail to Professor Lawless ([email protected]) with a short description of your professional connection to bankruptcy. A link to a URL with a professional bio or other identifying information would be great.

OTHER STUFF