When the Spanish colonized the Americas, they brought back so much gold and silver that the price of metal coins was hit by inflation, devaluing currencies across Europe. All this wealth floating around on the high seas also resulted in a so-called “golden age of piracy,” now romanticized into a staple of Hollywood imagination.
Modern hackers have a few things in common with the pirates of old; they’re subject to wildly unrealistic depictions in pop culture, some loot the wealth from a booming economy based on advances in technology and trade, and like the privateers of the past, they have now become tools in the imperial politics of major powers.
In this age however, the looters are actually helping power an economic paradigm shift. This new paradigm is based on cryptocurrencies, “digital gold” on the high seas of cyberspace.
Although some advocates try hard to dissociate cryptocurrencies from illegal activities, the fact is that black market activity is still essential to the continued growth of decentralized, digital currencies like Bitcoin. In fact, their usefulness in the underground digital economy is probably one of the strongest arguments for the continued growth of cryptocurrencies. The growth of this economy has implications not only for the dark web, but the whole world.
The Evolution of the Dark Web
Cryptocurrency first gained fame (or infamy) by enabling the rise of online dark marketplaces, where it was possible to browse crack, heroin, or LSD in the same way you might do on Amazon or eBay. Although not exactly legal, having user reviews on products did help to keep drug dealers honest— an impressive feat.
The dark web also presented opportunities for the trade-in many other illegal products, digital goods in particular. Stolen credit card data, entire identities, and even military secrets could be purchased without the seller needing to disclose any personal information.
Ransomware was perhaps the most significant development arising from this new economy. The ability to send anonymous, online payments enabled an unprecedented wave of ransomware attacks. This is not only because of the ability to blackmail victims by encrypting or threatening to leak sensitive date; it also makes possible the development of a more sophisticated ecosystem where hackers can anonymously coordinate and collaborate.
Ransomware Gangs Getting Organized
Recent years have seen the rise of “ransomware-as-a-service,” where professional hackers develop software which they then license out to lower level hackers, thus forming syndicates which are not unlike conventional corporations. Like any professionally built software, RaaS products are maintained and regularly updated to circumvent the latest cyber-security features in an endless arms race.
This “business model” has proved a resounding success— ransomware attacks netted an estimated $20 billion in ransoms in 2020, up from $11 billion in 2019, with no signs of slowing down. The actual statistics are probably much higher, because most companies prefer to avoid publicizing security failures.
Cryptocurrency enables guarantees which make it easier for hackers to trust each other. For example, an RaaS group can syndicate its software out to affiliates. Multiple groups then search for companies with lax security. When they find a vulnerability and successfully deliver a payload, the software requires that the ransom payment be sent to the RaaS providers address.
The RaaS provider then transfers the payment to their affiliate, minus their percentage of the booty. RaaS providers can guarantee that their affiliates won't get scammed by using multi-signature wallets. They can also incentivize affiliates to carry out more attacks by discounting their share of the spoils if affiliates increase their total profits.
Demand for Cryptocurrency Driven by Ransomware Fears
The most devastating cost associated with ransomware is not the ransoms, however— it’s the downtime resulting from file encryption. It can sometimes take days to get a network back online after a ransomware attack. For companies with hundreds of millions of dollars of turnover every year, the cost of a partial or total shut down for a few days can easily run into the millions.
Due to the high cost of downtime, some companies have started to hold Bitcoin reserves in order to regain access to their data more quickly if they need to pay a ransom. A survey in 2016 found that over a third of British companies had such reserves, and that number has certainly increased since then. This makes economic sense; in the event that a company is forced to pay a ransom, having the funds handy could significantly reduce the downtime and the overall losses.
As the frequency and severity of attacks increases, so too does the demand for cryptocurrency. Bitcoin is still by far the most demanded cryptocurrency, but some gangs have also started requesting payment in Monero, another cryptocurrency with more anonymity features.
As ransomware gangs improve their techniques, the average ransom amount paid by victims is increasing. One study suggested the average ransom payment may be as high a $1 million. Another survey of companies, government agencies, and institutions showed that over half of organizations have been hit by ransomware in the last year. Of those who had data encrypted, around one quarter paid. Insurance coverage for ransomware attacks has now become a standard component in cyber insurance policies, driving up premiums worldwide.
Considering there are millions of private companies, government, medical, and educational institutions worldwide, all of this amounts to a huge contribution to the overall demand for cryptocurrency.
Geopolitical Importance of Hackers Growing
This demand is not likely to disappear any time soon, either; many of the gangs carrying out these attacks are under state protection. The Russian government appears to tolerate hackers on the condition that they don’t target Russian interests. Some variants of RaaS software have code built in that prevents them from being used to target organizations in Russia or former Soviet countries.
Some ransomware attacks have also been linked to groups of hackers backed by the Iranian and North Korean governments. All of these countries have a vested interest in disrupting American and European political and economic dominance, so they turn a blind eye, or in some cases, actively sponsor ransomware gangs. This means there is little or nothing law enforcement can do to stop most of these attacks. The only likely way to actually slow the rising tide of attacks will probably require international political action, and no such solution appears likely in the foreseeable future.
This was also the case with state backed piracy in the past. The British empire rose with the help of famous privateers like Sir Francis Drake, who became notorious for looting Spanish ships under license from the British crown. In the Mediterranean, the Ottoman empire granted safe passage pirates based in the Balkans until well into the 19th century.
Ottoman backed pirates, commonly called corsairs, operated on the understanding that they only target French and British shipping in exchange for amnesty from the Ottomans. This practice only stopped completely with the demise of the Ottoman empire in World War 1.
Bullish for Cryptocurrency
The prospect of cyber piracy rising on the high digital seas is troubling, to say the least, but like it or not, there is no denying that this trend increases the relevance and value of decentralized digital currencies. Cryptocurrencies have real utility for both hackers and those seeking to minimize the damage from attacks. This trend is forcing many to adopt the use of cryptocurrencies against their will, compounding the already robust growth of the sector.
Speculators and traders are beginning to realize this too. As markets notice the growing demand for cryptocurrencies in criminal enterprise and even inter-state conflicts, investors are trying to jump on to get a piece of the action. Since these digital assets are fixed in quantity, demand outpaces supply, driving the price up further, attracting still more investors and generating the stampede effect that underlies Bitcoin’s parabolic price increases.
Of course, there are many other factors contributing to the popularity of cryptocurrency. The prominence of their usefulness on the black market ensures, however, that they will continue to have value even if governments try to outlaw them. It seems, though, that most governments (who seem to be cognizant of their inability to stop them) are more likely to try to cash in on the digital gold rush themselves— the IRS recently added a question about cryptocurrencies on the standard 1040 income tax form.
So how is this likely to end? While there is still sporadic piracy on the analog oceans, it was the ascendancy of the British empire that finally brought security to maritime transport— also known as the Pax Britannica. After the second world war, the role of global policeman was taken over by the United States in the Pax Americana. Now, American military dominance helps ensure the safe flow of ocean commerce.
If ransomware continues to get worse (and it certainly looks like it will), people are bound to start demanding that governments do something to secure cyberspace. So who will bring security to the web in the age of digital gold? And perhaps even more importantly (and frightening)— how?