City banks plan to hoard bitcoins to help them pay cyber ransoms
Experts say blue chip companies have decided it’s cheaper to deal with extortionists than risk damaging attacks
By Jamie Doward
Oct 22 2016
Several of London’s largest banks are looking to stockpile bitcoins in order to pay off cyber criminals who threaten to bring down their critical IT systems.
The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms, according to a leading IT expert.
On Friday, hackers attacked the websites of a number of leading online companies including Twitter, Spotify and Reddit. They used a special code to harness the power of hundreds of thousands of internet-connected home devices, such as CCTV cameras and printers, to launch “distributed denial of service” (DDoS) attacks through a US company called Dyn, which provides directory services to online companies. DDoS attacks involve inundating computer servers with so much data traffic that they cannot cope.
There is no evidence that Dyn was the subject of extortion demands but it has become apparent that hackers have been using the code to threaten other businesses into paying them with bitcoins or risk becoming the target of similar attacks.
Dr Simon Moores, a former technology ambassador for the UK government and chair of the annual international e-Crime Congress, the global body that brings together IT professionals, said the scale and ferocity of the attacks meant some banks were coming round to the view that it was cheaper to pay off the criminals than risk an attack.
“The police will concede that they don’t have the resources available to deal with this because of the significant growth in the number of attacks,” Moores said. “From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack, when law enforcement perhaps might not be able to assist them at the speed with which they need to put themselves back in business.”
Moores declined to identify the banks buying up bitcoins but it is understood senior police officers have been made aware of the practice. The cost to businesses of an attack can far outweigh paying off the blackmailers: telecoms provider TalkTalk lost 101,000 customers and suffered costs of £60m as a result of a cyber attack last year.
“Big companies are now starting to worry that an attack is no longer an information security issue, it’s a board and shareholder and customer confidence issue,” Moores said. “What we are seeing is the weaponisation of these [hacking] tools. It becomes a much broader issue than businesses ever anticipated.”