You may not have heard of Hidden Cobra, but chances are they’ve heard of you. On Tuesday, US-CERT, a division of Homeland Security, released an alert on the dangers of this North Korean hacking team. While national attention has been focused on the country’s nuclear capabilities, according to the Wall Street Journal, “North Korea is cultivating elite hackers much like other countries train Olympic athletes.”
In a recent hacking competition featuring 7,600 contestants, the top three teams were from North Korea. While the Hidden Cobra attacks are generally targeting organizations, consumers are no safer at home. Cyberterrorism is the sleeping giant of the digital world. As networks become more connected and we continue to surrender data and privacy, this giant will only grow stronger.
You’ve probably noticed the flood of emails from every list you’ve ever been added to addressing new security measures in an effort to better protect your identity. The problem, writes Michael J Casey and Paul Vigna in The Truth Machine: The Blockchain and the Future of Everything, is that data controlled by singular organizations will never truly be secure. The centralization of data makes for an easy attack.
For all the billions of dollars that corporations and governments spend every year fending off attacks, hackers keep getting better, just as bacteria evolve to resist antibiotics. A recent email-based scam, Efail, took advantage of weak security coupled with inventive phishing:
The lesson of Efail is that you can build everything well, but if you’ve built on a bad foundation, there’s no structure strong enough to stand. No one is responsible for email itself, and in the days since the Efail disclosure people have been pointing fingers at each other—email clients, vendors, OpenPGP standards, and S/mime software vendors. It’s no one’s fault and it’s everyone’s fault. These kinds of disclosures, and the hacks built on the flaws of email, will keep coming for the foreseeable future.
The illegal mining of your data—your “identity"—will also remain a recurring problem. It’s already a lucrative trade. According to Experian, your social security number sells for a buck on the dark web, while your driver’s license nets $20. Credit card data starts at around $20 while online payment logins can bring in $200. It’s no wonder that 59 identities are stolen every second, roughly five million a day. These thefts are not coming from your email server, but by attacks on Equifax, eBay, Anthem Blue Cross, or any of the numerous other companies that have recently been hacked. The overall cost attributed to security breaches in 2017 was nearly $17 billion.
When the Internet made its first widespread impact in the late nineties, promises of utopia were everywhere. The notion of decentralization was rampant. The Web was going to connect the entire planet. Humans being humans, however, we applied old-world systems to this new tech. Tribalism and populism are now what's rampant. Instead of everyone having an equal say, a few corporations control the predominant amount of information online. And they own your data.
Which is where blockchain comes in. While the idea was first described in 1991, the actual application of this technology was not put into practice until Satoshi Nakamoto (who might be one person or a group) used a blockchain as the public ledger for Bitcoin transactions in 2009. That’s all a blockchain really is—a continuous, decentralized list of records secured through cryptography.
Giant letters, reading the word 'blockchain' are displayed at the blockchain centre, which aims at boosting start-ups, on February 7, 2018 in Lithuania's capital Vilnius. Britain's divorce with the European Union is paying off for Lithuania as it strives to become a northern European hub for financial technology, or 'fintech' firms, and blockchain-based start-ups. (Photo by Petras Mallukas/AFP/Getty Images)
Blockchain’s main distinction is decentralization. Instead of my data being controlled by one corporation or government, it relies on a trust network spread across multiple computers around the world, with each operator earning cryptocurrency for maintaining their network. It is, in a strange twist, an ideal compromise between altruism and selfishness. As Casey and Vigna put it, blockchain relies on
A group of otherwise independent actors, each acting in pure self-interest, coming together to produce something for the good of all—an immutable record that everyone can trust and that’s not managed by a single, centralized intermediary.
And it’s secure. To hack the blockchain Bitcoin is built on, it would take a powerful network 4,500 trillion trillion trillion years to work through all the possible numbers to gain access. (Cryptocurrency designers are also working on quantum-proof systems.) Bitcoin is the most well-known token, but Ethereum is the platform over 1,500 decentralized applications are running on. Ethereum is not without issues: it is not fast enough to process corporate-level transactions and is more prone to attacks than Bitcoin. That said, it’s still more secure than what we’re accustomed to.
To support transactions at the level of Facebook and Visa, co-ops like RChain are working on building “better blockchain architecture.” At this point, it’s insufficient to say that blockchain could revolutionize how society operates. While the anarchist ethos that initially gave rise to the concept (and community around) blockchain persists, the top two companies that have filed for blockchain-based patents are Bank of America and IBM. Humans, as stated, are still humans. Even corporate leaders recognize that blockchain is the future.
Corporate interest does not discount the importance of this technology. In fact, it might be necessary, otherwise their influence over governments could quickly shut it down. This is why Casey and Vigna argue for the creation of self-sovereign identity, the idea that “individuals are better off establishing their own proofs of who they are based on data about their lives they’ve accumulated and they control, not a government.” We’ve ceded too much control to entities we have no contact with. They’ve continually taken advantage of us, whether through monetizing our identities or being susceptible to hacks. Blockchain is the best shot we have in addressing these issues.
And it’s already happening. lifeID, which is building on top of the RChain platform, aims to create a self-sovereign identity application. Through its biometric-secured phone app, you’ll provide only the data necessary to third parties when needed. Usernames and passwords will become obsolete. Most importantly, since the data is spread out on a decentralized platform, it will be the most secure means for all of our transactions.
Identity is a loaded word. In the social space, identity politics has captured the public’s imagination, often counterproductively. Yet the idea that your identity can be reduced to data stored in the servers of corporations and governments is insidious. While ID is essential for many basic functions in society—over 2 billion people have no proof of identity and therefore cannot maintain credit, buy property, bank, or even ‘prove’ they exist—we must remember identity is created by your culture and the people in it. However much we evolve technologically, we remain tribal animals bonded by rituals, morals, and shared customs. This fact is not reducible to a string of numbers. It does not speak to the true beauty of being alive.
Which is why we need to fight for applications like lifeID. As Casey and Vigna conclude, there will be a steep learning curve. Some verification from third parties might be necessary along the route to self-sovereignty. Centralized companies will be building atop decentralized platforms, which will create an unavoidable tension. Yet blockchain is an essential step in the right direction, as what we have is certainly not working.