Pentagon Funded Report: Terrorists Might Use Cryptocurrency to Protect Own Cyber Ops, Break Encrypted Security of States

A report by RAND Corporation examines the capability of non-state actors, such as terrorist and insurgent groups, to increase their political and economic power through launching a digital currency for use in common economic transactions. The report, titled “National Security Implications of Virtual Currency”, was sponsored by the US Department of Defense and was released in December.

The key findings of the report are that digital currencies, which it calls “virtual currencies” or “VCs”, could be used by non-state actors to disrupt sovereignty and increase political and economic power, are vulnerable to attack by technologically sophisticated adversaries, and could be used to advance the technological capability of non-state actors to store data, protect information dissemination, and develop secure multiparty computation.

The report identifies how the cryptography of digital currencies might be used to block disruption by nation-state actors:

VCs represent the latest step toward decentralized cyber services. In particular, the historical trend suggests the development of a resilient public cyber key terrain, which this report defines as the ability of unsophisticated cyber actors to have persistent, assured access to cyber services regardless of whether a highly sophisticated state actor opposes their use. This has implications for national firewalls, access to extremist rhetoric, the feasibility of nation-state cyber attacks, and the ability to maintain uninterruptible and anonymous encrypted links.

The RAND report also notes difficulties that non-state groups will find in using digital currencies; Bitcoin is vulnerable to attack by a sophisticated adversary, and creating new digital currencies may pose great challenges requiring technical sophistication.

Interestingly, the report authors believe that bitcoin is vulnerable to unsophisticated and sophisticated attacks.

Unsophisticated attacks are possible by governments, other non-state actors, and users of another VC; more sophisticated attackers could target services that are more centralized, even for decentralized VCs, such as digital wallets and, if applicable, mining pools.

On the other hand, the report notes how greater experience in mining digital currency by terrorist and insurgent groups might enhance their ability to break through the cryptographic security of nation statess.

Finally, increased mining-based VC use might have implications for the availability of special-purpose hardware to break cryptographic security. For example, the process of mining Bitcoin is the same process employed to crack the SHA-2 cryptographic hash function. Currently, hardware miners are capable of performing over 5 trillion hashes per second; to put this in perspective, only 1,000 of these miners would have accounted for the total mining power of Bitcoin in December 2013, at the height the VC’s market capitalization. The economic incentivization toward evermore powerful hardware that could break cryptographic security may rival nation-state investments in similar hardware, which could have broad implications for the security of cryptographic tools.

In conclusion, the report makes the following recommendations:

The Department of Defense should be aware of the following: (1) VCs are an increasingly technologically feasible tool for non-state actors to deploy in order to increase their political and/or economic power; (2) efforts to destabilize confidence in a new VC are effective, while popular sentiment is still untrusting of VCs for common transactions; (3) VCs are just like any other service in cyberspace, and methods to successfully attack them are not meaningfully different than for any other cyberspace operation; (4) decentralization affords more, though not total, resilience to disruptions from cyber attacks; (5) the trend toward decentralized cyber service will only make it easier for unsophisticated cyber actors to have increasingly resilient access to cyber services, which is a two-way street that could enable unprecedented global access to information and communication services that, at its core, is agnostic to the national security interests of the United States.

Some members of the bitcoin community are already wondering if this is the US government signaling an effort to develop the capability to destabilize bitcoin and cryptocurrency in general.