Cybersecurity Trends for 2014 – Trend 2 – Cryptocurrency Surprise


Litecoin, Dogecoin, and Bitcoin (here slashed for emphasis).

Cross-posted to the Blue Coat security blog.

There’s a lot of press about Bitcoin, which is an electronic currency that has been around since 2009, but really only in the attention of most people since 2011. Created by “mining”, or solving difficult math problems, each ‘coin’ is essentially a public/private key pair that is listed on a public ledger. This ledger is shared among all the people who interact in the bitcoin infrastructure, and the cryptography behind mining, the coins themselves, and the public ledger assure that there is no double-spending and that things operate as they should.

Bitcoin is the main cryptocurrency – there are several others, called “altcoins”, and the biggest of these is Litecoin. There are others still, such as “Dogecoin”, after a popular internet meme, and things like Mastercoin as well. With hundreds of others at this point, each has their supposed strengths and weaknesses. Most are based on Bitcoin in spirit if not actual implementation, with some tweaks – for instance, Litecoin shares many of the same features of Bitcoin but uses a different type of mining and a shorter transaction confirmation period.

Bitcoin mining requires specialised chips, called “ASIC” chips, or “Application Specific Integrated Circuits” – literally chips that are created for the sole purpose of doing the mathematical calculations required to solve the cryptography problems involved. This puts bitcoin mining out of the reach of most non-technical people, and/or people who don’t have the capital to invest in specialised equipment that often costs $10,000 or more.

Litecoin (and offshoots like Dogecoin) use Scrypt mining, which was designed so that the mining could be done with ordinary hardware. You can still use regular desktop CPUs and GPUs (graphics cards) to mine Litecoin and its ilk. This means that it’s within the reach of most people. However, it also means that even if you don’t have CPUs and GPUs, you could take over other people’s in order to get their machines to do the mining for you.

This was seen in the early days of Bitcoin – there was malware that took over machines to mine bitcoins. However, since ASICs became a necessity, this has no longer been the case. While there will be ASICs for Scrypt mining for Litecoins and the like, Scrypt mining is designed so that even with ASICs, using off-the-shelf- hardware will still be profitable.

I made this prediction last month, and it has already come true. Russia Today is reporting that there has been a discovery of malware specifically for mining Litecoins on the Android OS that uses people’s phones as the miners. We can expect to see more of this in the near future – with the ability to use regular hardware, the more computers that cybercriminals can infect with Litecoin/Dogecoin mining malware, the more money they stand to make. Since these altcoins are easily redeemable for bitcoin, they don’t need to worry about ‘getting’ bitcoin in the strictest sense anymore.