Banning crypto to stop cybercrime: would it really help?
Although technology works best when it brings people together, the fear of the unknown caused by technological change means that many desperately try to stifle progress. Authorities have banned everything from Twitch, Facebook, VPNs, WhatsApp to playing video games after midnight. But if we continue with what we knew yesterday, we rob future generations of a better tomorrow.
Bitcoin has been declared dead by mainstream media and self-proclaimed futurists over 400 times in the last decade. More recently, a Wall Street Journal editorial suggested banning the cryptocurrency that refuses to die would help prevent ransomware and win the fight against cybercrime. The article argued that Bitcoin has no real-world utility and is the currency of criminals.
Why banning crypto will not solve anything
The misinformed argument around the banning of cryptocurrencies tells only one side of the story and conveniently misses a few inconvenient truths. Accepting payment for a criminal act that leaves a permanent and public record of your activity is foolish at best. Cyberattacks also come in many forms and not just ransomware.
Some of the biggest recent data breaches, such as the cyberattack on SolarWinds and the Target credit card hack, did not involve any demands for crypto payments.
While many will argue that $5.2bn has been laundered through cryptocurrencies in Europe alone, this figure is a drop in the ocean compared to the $800 billion to $2 trillion in cash laundered internationally on an annual basis. Traditional banking has also left over 2 billion in the world without access to financial services, a problem that crypto is attempting to fix.
If you dare to look under the hood, the traditional financial landscape provides even more red flags than the world of crypto.
One of the most damaging suggestions in the WSJ article that launched the argument for banning crypto was that cybersecurity defence methods such as zero-trust were pro forma and inadequate. The suggestion that banning cryptocurrency would be easier and more effective against stopping ransomware than improving cybersecurity is an irresponsible message to send out to businesses.
Although crypto is indeed the payment option of choice for cybercrime and ransomware, it's not the cause.
We need to look at the problem from a different vantage point, rather than knee-jerk reactions and talk of banning crypto. In our physical world, many countries have made it illegal to pay kidnap ransoms or bribes. There is an argument for making it illegal to pay cyber-ransoms which could be a better approach for reducing profit and future motives for such attacks.
If ransomware victims cannot pay attackers due to the threat of even larger fines from authorities, the theory is attackers would be forced to find another way of making money. But the reality is attackers could quickly turn their attention to critical infrastructure in the education, medical and energy sectors.
Once again, the simplistic thinking of cutting off the financial supply to smoke out the cybercriminals is incredibly naive. Rather than blaming the victims and cryptocurrencies, we need to work together to develop new global security standards. Clickbait headlines are distracting leaders from the security solutions that can help them overcome cybersecurity challenges. In many ways, this is more dangerous than the risks caused by crypto.
Old problems, new solutions
Contrary to popular belief, money laundering and extortion existed hundreds of years before Satoshi Nakamoto thought of creating Bitcoin. Many have conveniently forgotten the days where criminals would ask victims to send cheques to anonymous PO boxes or make payments to an unidentified vendor on an eCommerce marketplace.
In the same way that banning telephones won't stop scams, banning crypto will not prevent cybercrime. The genie is already out of the bottle.
It's too late to ban crypto or prevent anyone from turning cryptocurrency into fiat currency. Coinbase joined the Nasdaq earlier this year, and like it or not; cryptocurrencies look destined to become a legitimate medium of exchange.
Criminals will always find a myriad of ways to get paid without getting caught. Banning crypto would move the problem somewhere else. Rather than fighting against digital currencies, we should be talking about improving cybersecurity standards and increasing regulation. The biggest problem is that many are looking for a quick fix to a very complex issue that is much older than crypto and the internet.
When navigating through the change curve, the fear of the unknown will typically make people want to ban things they don't understand and retreat to a simpler period. But we cannot go back in time, we can only progress forward. Unfortunately, there is no such thing as a silver bullet that will make the bad guys pack their bags and turn their back on crime.
Even if it was an option, banning crypto would not make the problems go away, and businesses will never be able to lower their cybersecurity guard. If we can accept these realities, we can begin exploring new ways to raise our cybersecurity game and adopt a more proactive than reactive approach to attacks.