Eventually a better version of this will most likely be included in “The Phallus of AGILE and Other Ruminations.” I wanted to get at least part of it written down while much of it is fresh in my mind. I went to visit friends shortly after New Years Eve and we got into a discussion on crypto currency. I almost communicated my point, but not quite. Speaking out loud is rarely as effective for me as writing. Brain works way faster than mouth and loses track of what mouth has said.
It’s easy to get tunnel vision when you work in the financial world. Having done two tours of duty working on a stock exchange trading floor system, I know. This friend still works in the financial world so I could completely understand why he viewed investing in Bitcoin and other crypto currencies as walking up to the roulette table and plopping down a stack of chips on red. The trouble is that reality hasn’t made it out to the general population.
The supposed financial news media is all gaga over the run without any concern for the reality. And why should they supposed financial news media care. Arch criminals like Jamie Dimon weren’t locked in prison until their bones turned to dust, nor were they lined up against a wall and shot live on television, so, no matter what financial crime is going on, as long as it is big enough, Hillary Clinton will keep you out of prison for roughly $750,000 in speaking fees.
Let me preface this by saying, for those who don’t know me, that I’ve worked in IT for over 30 years. I’ve done large scale OpenVMS systems which straddled continents long before we had anything even remotely called “the Internet,” all the way down to an embedded system and touch screen application in a medical device. As a consultant who moves around from company to company around the country on a regular basis, I tend to keep my worldly perspective on information technology. Too many of us periscope down without looking around. It’s __really__ easy to do in IT.
Let me also say that IoT (Internet of Things) is another, related apocalypse.
So, let’s see if I do better in writing than I did in person. My premise is that each and every crypto currency will eventually be hacked and compromised on a massive scale. This will lead to its implosion taking out all chunks of the market associated with it just like the mortgage crisis did. The only ray of hope is that it happens soon, before one or more of these things becomes widely adopted so it only wipes out a few financial institutions, not the global economy like Jamie Dimon’s buddies did.
You cannot, under any circumstances, take a technology based on a commodity hardware platform running a commodity operating system, connect it to the Internet and keep it secure. It’s physically impossible. There are in excess of a billion cast-off machines out there which can be picked up by anyone, many times with a thank you for hauling them away. Those machines can then be used for destructive testing to identify vulnerabilities and perfect exploitation software.
The only way you can hope to have a secure system is to have it hosted on a proprietary platform with a price tag in the millions per unit which communicates via a closed/proprietary communications method. All software for the machine and which communicates to said machine(s) has to be written by heavily vetted beyond Top Secret clearance geeks. Yes, Snowden proved that vetting doesn’t always work, but the price of the machines combined with cradle to grave tracking is the only method of networked security. It’s not open and it is not Internet.
Before you go jumping up screaming bullshit, take a short walk down memory lane.
How about the Intel processor bug which may impact every processor made in the past ten years. Yes, I know. Right now the fur is flying and the true scope of what is wrong won’t be known for a while, but, those cast-off machines could easily have been used to find it.
Read up on ShellShock. A bug in the Bash shell some say was there for around 25 years.
Then read up on the Wanna Cry ransomware virus.
It doesn’t matter just how secure your blockchain or whatever security method is. When it is completely based in software, that means the check value(s) are generated by another chunk of software which can be reverse engineered. Depending on how it exists on the machine holding the blockchain, it may not even need to be reverse engineered, just called once a wee bit of trimming and changing have been done.
My friend’s argument was something along the lines of, “It doesn’t matter if one machine is compromised. Other machines have copies of the original and if that machine doesn’t match it is _untrusted_ right away.”
I have little doubt that is true, but, he was thinking small.
Weighted trust has a flaw. If you tell a big enough lie, it becomes the truth because it has the most weight.
The way you bring down any crypto currency is invalidate its trust both in the public eye and within the system.
You might want to go read up on the October 2016 DDoS attack which used IoT (Internet of Things) devices. This was massive and it was just a tire kicking. Millions and, before long, billions of these things with little to no security will be connected to the Internet and exploited by nefarious creatures. The October 2016 attack simply pointed out how many of these devices are already compromised and as long as whatever is running in the background on them doesn’t cause visible problems, they will most likely be compromised for their entire life.
How this will implode is really quite simple. It won’t be a single exchange or a single person’s idiot phone. It will be a massive hit scheduled to go off during the same N second window. It won’t be deleting or trashing. These people will have been invading machines for months. When they believe they have “critical mass” they will each unique blockchain the same way on every machine. This will then be a big enough lie. Their altered blockchains will have enough weight to become the trusted blockchains per the trust algorithm.
There will be billions stolen and thousands of vendors which can no longer accept the few remaining Bitcoin or (insert crypto currency name here) and public trust will be gone.
Yes, I’ve heard the argument that Equifax is still in business after its data breach. The difference is that few consumers directly do business with Equifax. That whole credit reporting thing is a B2B service. There will also be a large “Merchants of Doubt” response to individual identity theft reports.
To understand the level of what is coming you really have to have watched “The West Wing” Season 3 “The Women of Qumar” episode and paid attention to the debate over announcing the first case of Mad Cow Disease in America. Tobey had some great lines.
We’re not talking about sushi, it’s hamburgers, and I’m not kidding around.
These things, the everyday American things, the 99-cent things that when you suddenly have to be afraid of them, strike at our equilibrium.
You see, the first domino to fall will be the people trying to buy their morning coffee, enough gas to get to work or any of the other ordinary purchases made at some point during an ordinary day. Their coins will be gone or the vendor has been locked out because their machine is now untrusted. Social media will light up and the supposed news media will fan the flames. Eventually Wall Street will hear about it and everything even thought to be associated with a crypto currency will go into free fall. The SEC will be forced to trigger “circuit breakers” and news of that will create an even bigger sell-off when the halted issues re-open for trading. While many investors try to play a dead cat bounce, no investor wants to be left holding the dead cat.
Here is the dirty little secret about commodity platforms. Yes, there are a dedicated group of individuals looking for flaws so they can be fixed, but, that group is exponentially smaller than the group looking to exploit those vulnerabilities.
Perhaps you don’t remember when the CIA exploits got published? Do you really think they are the only group not reporting vulnerabilities to the manufacturers?
This is why I, as an IT professional and author will have nothing to do with crypto currencies. Even that “paper wallet” thing won’t be immune from such an attack because the “trust” required to utilize the coins you printed out will be broken. Whether INTEL’s chip bug exists on all CPUs made within the past decade or just the past few years doesn’t matter. That will be only one of oh-so-many exploits the dark world has at their disposal.