Decentralized Malware on the Blockchain

Presented at Black Hat Asia 2015, Unknown date/time (Unknown duration)

The blockchain is the public ledger stacking all bitcoin/altcoins transactions. It is constantly growing as "completed" blocks are automatically added to it with a new set of records. The blocks are added to the blockchain in a linear and chronological order. The blockchain has complete information about the addresses and their balances right from the genesis block to the most recently completed block through the mining process. Depending on the crypto-currency and the implementation of its protocols, there would be a fixed open space, where data can be stored, referenced or hosted on the blockchain within encrypted transactions and their records. This very versatile nature of the blockchain offers great opportunities for future innovation especially in decentralized systems.The research focus revolves around the threat of embedding decentralized chunks of malware on the blockchain by either hosting it or referencing it with cascaded pointers. Transactions and data are encrypted throughout the blockchain networks using different versions of public/private key encryption. Could malware survive eternally inside crypto-transactions? A proof of concept will be explained highlighting the concerns revolving around the "abuse and bloating" of the blockchain while comparing it to previous malware hosting and deployment models.In this talk, INTERPOL will frame the scope of this future threat and provide potential solutions for a threat surrounding the blockchain technology.


Presenters:

  • Vitaly Kamluk - Kaspersky Lab
    Vitaly has been working with Kaspersky Lab for 10 years. He has dealt with major malware outbreaks such as Conficker worm in 2009, struggling against RSA-encrypting ransomware back in 2008, analyzing advanced cyberespiponage operations such as RedOctober, Duqu, Flame, Careto, NetTraveler, Icefog, DarkHotel, Equation and more. In 2010, Vitaly spent working in Japan as a Chief Malware Expert, leading a group of local researchers. He specializes in threats focusing on global network infrastructures, malware reverse engineering and cybercrime investigations. He is an author of patented technology used at Kaspersky Lab for automated malware analysis and discoverer of 0-day attacks against anti-theft software embedded in most of modern PC BIOS/UEFI firmware. Vitaly lives and works in Singapore as a member of INTERPOL Digital Forensics Lab team, doing malware analysis and investigation support. He has been engaged as a speaker at many information security/hacker conferences such as DEF CON, Black Hat, FIRST, Underground Economy, PHDays, ZeroNights and more.
  • Christian Karam - INTERPOL
    Christian Karam is a Cyber Threat Researcher at the Research & Innovation Sub-Directorate (R&I) at INTERPOL. Mr. Karam develops the activities in the fields of global cyber threat research, future trends analysis, cyber intelligence analysis and R&D within the INTERPOL Global Complex for Innovation (IGCI). Prior to joining INTERPOL, Mr. Karam was an independent security researcher, penetration tester, and security consultant for multiple firms in the private sector. Mr. Karam's subjects of expertise falls under different fields: cryptography, darknets, future trends and cryptocurrencies. Mr. Karam is a Certified Ethical Hacker, Certified Hacking Forensic Investigator, Licensed Penetration Tester, CISSP, and holds degrees in Information Security Engineering, Cybersecurity and is currently pursuing advanced research in the areas of trend analysis and threat models.

Links:

Similar Presentations: