How to poison a blockchain, and how to prevent it.
This week, the Gizmodo reported that child porn images were uploaded
to the Bitcoin Satoshi Vision (BSV) core ledger through the payment processing app Money Button.
https://gizmodo.com/someone-uploaded-child-pornography-to-a-blockchain-ledg-1832398480
Blockchain is the underlying technology behind Bitcoin, but can be used for far more than just currency trading. The Hyperledger project is an open source project sponsored by several big name companies including IBM, American Express, and Accenture. Being a project for a shared ledger, there have been multiple tools and frameworks that are being spun up around it.
If you are a hacker, and have let’s say an opponent or target that used a blockchain technology, you need to know what they are using it for. What information is allowed on the chain? Once you know that, the next objective is to know how to get your payload on the chain. In the case of the story from Gizmodo, the payload was child porn. Possession of such imagery is considered a felony in all U.S. States and much of Europe. Since a blockchain is distributed, it means that anyone using that particular blockchain will then have such imagery pulled into their ledger and thus potentially implicate them in a crime. This can wreak havoc on a ledger. Those who are familiar with blockchain, know that once it’s in the ledger, its immutable. This effectively destroys the ledger, or the very least, puts the entire audience at serious legal (civil and criminal) risk.
Another example of where this can be used/abused is in the case of government state secrets. Let’s take the case of the Pentagon papers. If such an example of these papers were discovered today, and put on a blockchain ledger, those secrets could potentially become very public, immutable, nearly impossible to scrub, and extremely expensive to get rid of. Can you say Wikileaks blockchain ledger?
I could name several other scenarios, but for my own sake, I’ll leave it at these two above. Such scenarios could be malicious or accidental. So, if you are responsible for a blockchain ledger, how do you prevent such a situation from happening?
This means you need a filter in front of the entry point to the ledger. This needs to be something that allows you to quarantine content before it can get into the ledger permanently. Allowing unknown entities to post images and videos directly to the ledger should never be allowed. Only authorized users using MFA should be allowed. Even with that, your frameworks should further require certain antivirus or OS patches to be applied before it will allow access to the interface. Think very carefully before allowing imagery, videos, or binary attachments to the ledger.
In the case where you must allow this (perhaps this part of the business of the ledger), such content should be run through filters first. Any binary attachment must be run through an antivirus filter (or multiple if possible). In the case of the BSV ledger above, you may have to run the video or imagery either through human checks or through an AI based tool that has been trained to identify and reject such content. Amazon Web Services has its Kinesis Video Streaming service, which has parser libraries that can read and classify content based on meta data or MKV elements in a video stream. Similarly, Amazon Sagemaker is a tool than build, train, and deploy machine learning models, which would allow you to train a model for your filter. Interestingly, Amazon has a preview of its managed blockchain service, but its not a production service as of yet.
For text based issues, where only text content is allowed on the chain, you can filter through services such as Grammarly, or Quetext. This will help avoid plagiarism suits, or even duplicitous content. I can think of little solution to avoiding state secrets being uploaded to a ledger, except for looking for classified markings. However, if those classified markings have been stripped, you would be left to parsing the text and looking for things such as government email address domains (i.e. @something.mil or @somthing.gov).
At the very least, if you are developing a blockchain based solution, you MUST think of security early in the design process. Don’t try to retrofit it. The consequences could be devastating.