Let's talk about the geopolitical implications of the ransomware crisis, why additional money launder rules won't solve anything, and how a blanket cryptocurrency ban is the inevitable solution. (1/) 🧵
Since the early dotcom era there was always been a criminal element looking to profit from insecure software for their own gain. Ransomware has existed long before crypto, it just wasn't generally profitable or scalable. (2/)
What is new is that what was a once a small fire has had gasoline poured on it and turned into an uncontrollable blaze ripping across our most critical infrastructure Our hospitals, power grids, local governments and soon I fear much worse. (3/)
stephendiehl.com/blog/ransomwar…
And this is all because this cyberpandemic was left to metastasise by the last US administration's inaction and "wait and see" attitude on cryptocurrency that has left society in this vulnerable position. (4/)
Cryptocurrency didn't just revolutionise ransomware, it created an entire nitro-fueled economic engine around it.

Ransomware gangs are now operating more like unicorn tech companies and siphoning off hundreds of millions in revenue from victims. (5/)
marketwatch.com/story/ransomwa…
These gangs have a corporate structure with VPs, Product Managers, Human Resources, KPIs and standups just like any other tech company. The banality of evil is on full display in how normalized it is to extort hospitals and COVID labs. (6/)
moneylaundering.com/wp-content/upl…
And for every big-game corporate ransom that gets paid, it just creates 10 more ransoms of ever-increasing size, efficacy and frequency. (7/)
cybernews.com/security/how-w…
In 2020 ransomware attacks were up over 150% over the previous year, and 2021 has only seen that count and the size of ransomware demands explode exponentially. We're in a pandemic now. (8/)
hbr.org/2021/05/ransom…
In an economy like Russia, which has drawn the short straw of history so many times in the last century, these are life-changing job that drawing in best cybersecurity talent just like Google or Netflix would. These are clever people who are very good at what they do. (9/)
When we have $10m+ big-game ransoms payed every other week by half a dozen S&P500 companies, all split across five or six people in the ransomware gang that's a very lucrative profession and makes a lot of economic sense for people living in an authoritarian regime. (10/)
That's enough money to buy your way out of the country and resettle your family in Europe if you play your cards right. Important not to forget that ransomware criminals are real people living under an oppressive authoritarian regime. (11/)
And for every company that pays these ransoms it only increases the realisable size of future ransomware demands and incentives even more growth. The gangs can take that money and recruit another dozen people to scale out their enterprise just like a startup would. (12/)
We're at like the Series A funding level of ransomware sector. And I don't want to see what happens when we get to multibillion dollar ransomware demands against our nuclear arsenal and power grid, but we're heading there pretty fast. (13/)
From the US (and G7 generally) the only sustainable solution is not to pay, but that's an impossible ask for companies which have to weigh the cost of recovery against the ransom cost and which is most often strictly less than paying the hackers. (14/)
Even if it was made illegal to pay the ransomware, multinationals would just have their foreign offices pay it or lobby the government to lift the ban. (15/)
Controlling the flow of extortion payments is also unlikely to do anything. Even if every nation in the G7 added insanely strict AML provisions across all their domestic cryptocurrency exchanges (which they totally should do anyways) it wouldn't change the dynamics. (16/)
Ransoms are payed via offshore security consulting companies (often in Malta) that prebuy their crypto over the counter and then bill their clients in dollars for "services" and then pay the ransom on their behalf. Rarely is the company even exchanging dollars on-demand. (17/)
On the opposite side we have absolutely no sway over Russian exchanges trading BTC/RUB pairs or Russian banks keeping illicit transactions off the books. That's far outside the reach of the US and it's a notoriously opaque "jurisdiction" (and I use the term very loosely). (18/)
True that extorted Bitcoin can be tracked, but that means little if the tainted coins only flow between criminals, they just trade at a discount and effectively operate as an uncensorable settlement network for entities that are under UN sanctions. There's a market for that.(19/)
And crypto could very well form the de facto channel for countries not aligned with the rules-based international order to route around US dollar restrictions and circumvent sanctions entirely. We see North Korea doing that today. (20/)
Especially so once tens of billions of extorted funds are sloshing around fueling the fastest growing tech sector in sanctioned countries. And that kind of dark crypto shadow banking is certainly not in the geopolitical interests of the United States or our NATO allies. (21/)
The elephant in the room is cryptocurrency, why are we letting a technology whose benefits are purely illusory and has no clear use case other than gambling and extortion a free pass when it's reaching the level of a national security crisis?

This is insane. (22/)
Cryptocurrency exchanges need to be brought to heel, they are dangerous unregulated casinos operating in a Wild West environment that provides nothing to society that couldn't be done better in other ways and extracts from all of society for their continued existence.

/fin

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Stephen Diehl

Stephen Diehl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @smdiehl

11 Jun
Let's talk about the similarities between QAnon and #Bitcoin. (1/) 🧵
Both movements fall into the category of "conspiracy cults". Their pattern of enticement is similar to religious cults in the illusory pretense of leading acolytes deeper and deeper into the group's secrets while isolating followers from friends and family outside the cult. (2/)
The bizarre cult-like antics of the Bitcoin faithful were on full display in Miami last week in which thousands of faithful descended on Miami to worship Bitcoin in Trump-style rallies which turned into a superspreader event. (3/)
nytimes.com/2021/06/05/tec…
Read 16 tweets
5 Jun
Let's talk about why the software industry is helpless to do anything about ransomware and why there's no technical solution anytime soon. (1/) 🧵
First let's discuss the scope of all software that exists, and it's nearly unfathomable. Your average Android phone runs on 15 million lines of code dating back to ancient 1970s era Unix toolchain code written by our grandparents generation. (2/)
Windows 10 contains over 50 million lines of code and no one person on Earth even fully understands in its entirety. It contains code from tens of thousands of global companies for running hundreds of thousands of devices all manufactured with different goals and standards. (3/)
Read 18 tweets
3 Jun
Let's talk about market manipulation and how the cryptocurrency exchange ecosystem is an unregulated cesspit. (1/) 🧵
A exchange business is one that connects buyers with sellers, it maintains what's called an "order book" which matches the price intention of buyers (called the "bid") with the seller (called the "ask"). (2/)
A market maker combines this price information of what a potential buyer is willing to pay with the quantity they will purchase, for that proposed price and quantity from sellers. A match between buyer and seller is called a "fill". (3/)
Read 22 tweets
29 May
Lets talk about how pyramid schemes like #bitcoin have historically exploded and the public damage that happens when they do. (1/) 🧵
A pyramid scheme is a type of fraud whereby investments are solicited from the public on the pretense (implicit or explicit) of offering high returns on their investment. Normally returns far beyond that of normal markets. (2/)
The secret sauce that makes it all spin is that returns are paid to the early investors out of the funds received from those who invest later. (3/)
Read 18 tweets
23 May
It's always interesting to consider that Madoff employed close to a hundred people. Many of whom absolutely either in on it or basically a turned a blind eye to what they saw.
Just normal people waking up every day, having their coffee, and going to work for a Ponzi scheme. Just like software engineers go to work for cryptocurrency companies.
The nature of the scam has change. The whole crypto investment fraud scheme is a different flavour of financial fraud but it's not significantly different. Promises of insane returns and no questions asked about where they come from.
Read 6 tweets
21 May
Let's talk about why cryptocurrency is the single factor that created the ransomware plague that is ravaging our healthcare system and public infrastructure. (1/) 🧵
Malware is not a new phenomenon, it has existed since the 90s and has seen massive proliferation ever since the rise of widespread internet connectivity and home computing. (2/)
What is a new phenomenon is 'ransomware' which is a form of malware which infects a target's computer, encrypting or threatening to delete their files in exchange for a ransom to be paid to the hackers. (3/)
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(