Itai Damti

@itai.damti

The Dark Side of the Chain: Blockchain Viruses and Decentralized Autonomous Crime Organizations

How twisted can things get when an anonymous piece of code harms people but can’t be stopped? Two cinematic masterpieces offer us devastating answers and lots of food for thought:

  • Dr. Strangelove (1965). In this Stanley Kubrick classic that takes place at the height of the cold war, an American General loses his mind and orders a nuclear strike on the Soviets. The planes are mid-air, will drop the bombs in just 2 hours and cannot be stopped by the anxious American government. Once the Americans lose all hope of preventing the strike, the president calls the Soviets to warn them and offers the planes’ positions and targets. Sadly, the Soviet ambassador then reveals that the Soviet Union has long been running a computerized “doomsday device”: upon any nuclear strike on Russia, the device is programmed to automatically detonate an array of highly radioactive bombs that will wipe out all life on earth. The device can’t be switched off. In fact, it’s designed to go off if anyone tries to tamper with it
  • Black Mirror S03 E03 (2016). Shut Up And Dance is probably Black Mirror’s most disturbing episode. As summarized by Wikipedia: it tells the story of a teenage boy who is blackmailed into committing bizarre and criminal acts by a mysterious hacker possessing a video of him masturbating. The boy is joined by a middle-aged man, whom the same hacker is blackmailing over infidelity. Shut Up And Dance is a breathtaking tour-de-force of what Black Mirror is all about: dark, uncomfortable yet highly recommended watch

And if it’s code, why couldn’t it be a smart contract? Could harmful programs be launched onto blockchains and live there forever? Close your eyes and stretch your imagination towards 2030, when the world could play host to webs of code, data and physical devices that are immune to external regulation, empowered to carry to extremes the depravity or immorality of its creators. Here are some disturbing scenarios that become possible:

  • Ungovernable Illicit Markets- Silk Road was a breakthrough in anonymous exchange, powered by Bitcoin. Its ultimate weakness (and one which led to its fall) was reliance on the postal system. In the future, mixed networks of drones and people, launched by anonymous groups and sustained by market dynamics, may provide programmable delivery services. With this type of infrastructure, Silk Road type marketplaces can be built using nothing but smart contracts. They could then deliver a whole supply chain of physical goods in a way that will be very hard to stop or trace, from UI to payments to fulfillment (and even financing to merchants). Just as Bittorrent gave Napster its wings, these networks will enable to proliferation of illicit markets like Silk Road
  • Blackmail- home addresses can be easily found today in leaked databases. Hackers could write a smart contract, lease an armed drone or robot and send it to a victim’s house. The device would threaten to harm life or property unless the victim scans a QR code and wires them a certain amount of money in cryptocurrency within a short deadline
  • Money Laundering- proceeds from illegal activities can be transformed from one cryptocurrency to another via decentralized exchanges with no KYC mechanisms (as far as I know, most decentralized exchanges today don’t do KYC). Privacy coins (ZCash) go straight for the jugular, where even if KYC requirements were met, it is near impossible to trace the provenance of each coin. Even anonymous cash-to-crypto exchange becomes possible, if hackers build an Ungovernable Illicit Market (as described above) in the spirit of Local Bitcoins and send a drone to pick up cash from you in a street corner
  • Assassination Markets- once enough identity and real-time biometric data is available on blockchains, we could see the emergence of assassination markets on smart contracts. Assassins can stake funds to communicate confidence in the outcome and proceed to carry out the crime. Once a public blockchain confirms that the victim’s heart is no longer beating (or that a video drone passed by and confirmed the outcome), a smart contract would reward the perpetrator
  • Unstoppable content networks- it’s very easy to imagine how censorship-resistant file systems (Storj) can be combined with censorship-resistant VPN systems (Orchid) to produce, host and consume illegal content (insert your favorite genre of illicit content here)
  • Decentralized Autonomous Crime Organizations (DACO)- DAO’s can help groups of hackers “incorporate” as a DACO, exploiting the self-governing powers of DAOs to raise funds, communicate anonymously, vote, and launch any number of malicious schemes. Members would share the profits of those schemes in the long term
Illustration: Thomas Glucksmann

Very much like malicious AI, blockchain viruses and DACOs can take a life of their own as long as someone benefits from having them and can sustain markets around them. What can we do to prevent the rise of viruses and DACOs in the blockchain economy? The answers aren’t simple, but here are a few thoughts:

  1. Built-in governance in blockchains- blockchains such as Tezos are trying to raise awareness to the topic of governance, but both they and Ethereum haven’t passed the test of time when it comes to controversial or malicious contracts. Human moderation and voting are powerful ways to eliminate malicious content that’s been reported. Blockchain “anti-viruses” and mandatory code reviews can come later as the industry matures
  2. Forks- if the predetermined blockchain governance doesn’t eliminate certain bad content, communities can hard-fork the network into a cleaner version (just like Ethereum was forked into ETC after the DAO attack). However, forks are extremely expensive to the ecosystem. Even worse, as long as someone (even 5% of the original ecosystem) will see the economic benefit in serving “blockchain viruses”, those viruses will be able to find infrastructure to run on
  3. Regulation & Enforcement- the examples above prove (again) that governments and blockchains are on a collision course in the long term, with blockchain money being the canary in the coalmine. As the case of Silk Road proved, proactive governments are the ultimate actor in securing our world. The key to preventing many (but not all) blockchain viruses is in controlling infrastructure, especially when it comes to physical devices and online-offline exchange of information. If countries want to prevent the rise of blockchain viruses and DACO’s, they should tightly control the flow of real-world information to blockchain code (e.g. biometric data, videos or transactions from the banking system). They may also want to control the exchange of crypto-to-fiat (centralized exchanges currently suffer problems with banks, but a compliant centralized exchange can be a government’s best friend in the long term). Finally, they should strive to decide what physical infrastructure can be offered via blockchains (should people be allowed to launch smart-contract controlled delivery networks, or smart-contract controlled 3D printing services?).
  4. Defense by offense- active cyber defense is an interesting emerging weapon in traditional cybersecurity. Can we run networks code and devices (whether on blockchain or not) that would proactively detect, counter, and mislead bad actors? Who would launch and fund the operations of such networks?

Can the vision of unstoppable, open, market-driven networks turn into a nightmarish anarchy? Are law enforcers equipped with the right technology and skills for such a world? Future real world battlefields may not be about heroes with fast cars, gadgets or superpowers- but talented coders in a virtual cat-and-mouse game. Stay tuned.

Thanks to my friends Michelle Lai, Thomas Glucksmann, Benjamin Joffe and Itamar Har Even for their thoughtful feedback & contributions

More by Itai Damti

Topics of interest

More Related Stories