The perpetrators of the global cyber attack that caused havoc in 150 countries demanded “ransom” money in bitcoins, but experts believe the anonymity that the virtual currency affords is not necessarily impenetrable.
Bitcoin, heavily-coded electronic tokens that take their name from software first put online in February 2009 by several software designers using the pseudonym Satoshi Nakamoto, essentially allow those who possess them to remain anonymous.
The message that flashed up on hundreds of thousands of screens infected by the WannaCry virus over the last few days demanded payment of $300 (275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”
It warned that if payment was not made within three days the price would double, and if none was received within seven days the locked files would be deleted.
“Bitcoin is digital cash. The transactions are totally anonymous and non-refundable. However they are totally traceable, Nicolas Debock of London-based Balderton Capital that specialises in virtual currencies said.
“All the transactions are stored in databases called blockchains. It’s anonymous but anyone can monitor a bitcoin address and see how the money moves,” Debock said.
“No-one can take the money off those who hold it, but it is possible to follow in detail the activity on the account.”
That is the problem for investigators, according to Pierre-Antoine Gailly, who compiled a study on bitcoin and other cyber currencies for French state body CESE in 2015.
“Bitcoin doesn’t need a bank so this monetary flow escapes any supervision and any checks,” he told AFP. “The accounts don’t have a physical address or a bank address and they are not stored centrally — anonymity comes before anything else.”
The extent of the damage caused to computers around the world, the number of victims and the sheer number of companies concerned is likely to push international investigators and national security agencies to investigate the bitcoin address to which any ransom money has been paid.
Adding to the complexity of tracking the hackers, the holders of bitcoins can use services available on the so-called dark web known as “tumblers” which can offer an additional layer of anonymity.
“The tumbler divides the bitcoin amounts into thousands of tiny pieces, spreads them around to millions of different addresses and carries out lots of transactions,” said Manuel Valente, the manager of a Bitcoin-selling service in Paris.
“Within a week, all of the bitcoins can be put on a new address with the aim of covering (the holder’s) tracks. It is essentially money-laundering of bitcoins. And people offer this kind of service on the dark web.”
Clement Francomme, the director-general of Utocat, a software company that specialises in blockchains, said collecting ransoms was perhaps not the hackers’ real aim.
“The idea was perhaps to show the rest of the world that they have pulled off a really, really big coup. With an attack like that, they’re going to gain notoriety in the international hacking fraternity.
“They probably don’t have any desire to spend the bitcoins, knowing they are being monitored. Their real aim is to use their reputation to sell other services.”
And Francomme warned: “This team has made a show of force and I suppose there will be another attack before very long.”
European police agency Europol said Tuesday it was too early to say whether North Korea was involved in the massive cyberattack.