SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Bitcoin and the Blockchain: Understanding Cryptocurrency and Its Technology

Posted on October 19, 2017

Today, we’ll be tackling a couple of buzzwords in the tech industry today: blockchains and Bitcoins. Not unlike HTTPS and botnets, blockchain and Bitcoin are terms that are starting to seep into everyday use. Before we all start using them, though, we should figure out what they mean and how they work! In fact, the blockchain concept has even begun to garner its own “buzzword” status in the security community regarding how secure it can be for storing and accessing information. So, for all our listeners who aren’t even sure what these terms mean, that’s a good place to start for today’s episode.

What is a blockchain?

For the purposes of our discussion, let’s assume that we’ll mostly be discussing the Bitcoin blockchain in particular. However, this technology works in the same way for any implementation of blockchain technology. There are many other cryptocurrencies out there using blockchains, and each one is separate and distinct from each other. Overall, a straightforward way to think of a blockchain is to visualize it as a giant decentralized ledger book — a very technological way of keeping track of financial transactions.

Let’s describe it this way:  if you send someone a payment in Bitcoin for goods and services, a record of your transaction will go into the blockchain. The whole chain is distributed across the many “nodes” or computers that participate in that blockchain. When you send your transaction, other nodes on the chain work to verify your transaction and confirm its details.

For example, Ken sends Nick one Bitcoin. When enough computers on the blockchain verify that one Bitcoin was indeed transferred from Ken’s wallet to Nick’s wallet, the transaction is finalized and approved, entering into the blockchain as a permanent record. Now there will always be a record of that 1 Bitcoin transfer, no matter what — once a block has been filled with data, it is permanent for all intents and purposes. The only way to make a change is to change every subsequent block — and that would need the majority of nodes to agree on the bad data. That’s extremely unlikely. In this way, it is easy to see a given Bitcoin’s entire lifetime transaction history by looking back through the blockchain. Not only does this prevent coins from being spent twice, it also provides very solid accountability.

We mentioned the nodes that make up the blockchain, but what are they specifically? Each node acts as an administrator on the blockchain, meaning no one can modify the chain alone. For this reason, it’s impossible to tamper with records once they have been set. Every individual in the chain has a complete copy of the blockchain, going all the way back to the very first block. That means everyone has the same record.

In just about every case, each “node” is a computer acting as a Bitcoin miner — that is, one of the machines competing to solve the cryptographic problems necessary for unlocking each block and earning newly minted Bitcoins. It involves seriously heavy number crunching, and these same calculations also verify the transactions in the chain. As miners unlock new coins, they also verify transactions.

Sometimes, you can be a part of this process without even knowing! Mining coins is very CPU intensive, and dedicated mining rigs can cost thousands of dollars — to say nothing of the electricity they consume. As a result, bad guys these days have turned to deploying malware that runs crypto miners in the background. By distributing the intensive load across many compromised machines and stealing your CPU cycles, they hope to make money for themselves.

In a few cases, even ads on legitimate websites — like cable TV channel Showtime’s site — can serve up crypto miners by using JavaScript. Though it’s not the fastest way to mine coins, all these small contributions add up to valuable cryptocurrency. Often, the currencies mined through malware and websites is not Bitcoin, but a less-popular or up-and-coming currency such as Ethereum.

What else can we do with blockchain?

Could we use this technology for something other than currency transactions? Is there a particular type of information best suited to storing in a blockchain? So far, as a relatively new technology, the next applications are all still in their formative stages. Some researchers, for example, have explored storing computer files in a decentralized blockchain. The idea here is to use the entire Internet to back up your files, leaving you with the key to unlock them. This idea is in the very early stages, though.

One more obvious application, though, is any scenario where there must be an immutable record of what happened — like voting. That’s a very interesting potential application some people have proposed, and there are studies into making this a reality. In this scenario, you would cast your vote at the ballot box, and after the fact, all the votes would be validated and set down into a permanent, decentralized, and tamper-proof record.

You would be able to verify your vote was cast for exactly whom it was intended. With rising concerns about voting machines being hacked and the potential for digital election tampering, this is a very intriguing idea. Though we’re still in the preliminary stages where companies are just beginning to realize the potential of blockchain technology, there is awesome potential there.

It’s very much like the situation we saw back in the early days of peer to peer file sharing, such as with Napster. Though people originally started using the technology for one basic purpose — “sharing” music and other copyrighted material — it has since morphed into something used in many other everyday applications. Spotify, for example, works by turning your computer into a legitimate P2P music sharing service — while you’re streaming music, you’re also helping to share bits and pieces of data to other Spotify users. There are also a lot of applications like this where P2P is used for large file distribution, such as with software updates, and many other things outside its original scope. Right now, blockchain has the same potential to branch out from cryptocurrencies.

So, what if everyone suddenly decided that blockchains were the hot new thing and everyone wanted to use them for new applications? Who is bearing the costs of keeping these nodes running, and would it be possible to overload the system? Not really — as with P2P, the more people you have participating in the system, the more efficient it is. As to the costs, it is fair to say they’re distributed just like the rest of the blockchain; if you’re running this software on your home computer, you’re paying for power, the connection, and more. In that way, you’d be shouldering some of the cost. Now, keep in mind that most home PCs aren’t powerful enough to mine most cryptocurrencies efficiently.  It could take years for a single PC to mine a single Bitcoin.

How come? The difficulty of mining new coins goes up exponentially as time goes on, especially with Bitcoin, as there is a hard limit on the total number of coins it will be possible to mine. The computational power necessary is therefore immense. Most Bitcoin mining rigs are power hogs filled with graphics cards, because GPUs are far more efficient and faster at the necessary heavy calculations. There are warehouses full of these machines, especially over in China, because owning new coins is very lucrative. Even GPUs have been superceded in recent times by ultra-efficient ASIC devices that are custom-built solely to mine coins.

This difficulty is why there are now other currencies out there, like Ethereum and Litecoin. Some users did not like the hard cap on the number of Bitcoins and so decided to create their own cryptocurrency that had no cap. Others felt that new coins did not enter the economy fast enough, and created a new blockchain that could unlock coins faster. All that’s necessary to join in one of these blockchains is installing the software for that particular coin — think of it like joining a bank. If you have an account at Wells Fargo and Bank of America, neither bank can look at your ledger at the other bank.

Blockchain in other applications

How do we know that blockchains can be kept honest? If we think of another area where lots of people contribute to an overall “big picture,” like Wikipedia, we often see lots of vandalism or small errors like typos. How can a blockchain avoid that problem? Unlike Wikipedia, there is no need for human intervention. Since every block is tied to the block before it and the one after it, and all nodes mathematically verify that everything is in order, it is easy to discard any invalid information. Altering information would require a majority consensus between all the blockchain nodes, which would be extraordinarily difficult to accomplish.

When we talk about using a blockchain for currency, it’s easy to think of it as a matter of addition and subtraction — A Bitcoin leaves one account and goes into another. But when we’re talking about storing other types of information in a blockchain, like votes or medical records, how does that work regarding mining and all these other steps? Right now, that’s what many big companies are still trying to figure out; transitioning the blockchain away from a purely transactional record is an effort that requires some serious thought and planning.

For example, there is certainly potential value in storing medical records in a blockchain-like apparatus. Ensuring that not only is the data secure, but that it cannot be tampered with in any way, something very important for many medical establishments. However, that doesn’t mean you’re likely to be transmitting your doctor’s notes through a blockchain as though you were sending a Bitcoin. The actual mechanics are still fuzzy right now due to the relative youth of the technology — and the heavy cryptography that underpins its functionality. We can expect, hopefully, more and more people going “Wait, maybe we could use this to fix this problem” in many industries.

Learning about Bitcoin

Let’s pivot back to Bitcoin specifically and talk more about that. Today, Bitcoin trades somewhere between $4,000 and $6,000 per coin, though its price fluctuates with some regularity. Once you’ve mined a coin, or acquired some by trading real currency for crypto, what do you do with it — in other words, where is it kept? You keep Bitcoins in digital “wallets,” and several companies operate wallet services for safekeeping. These store the keys that identify your coins and other data securely — though there have been no shortage of stories where some major wallet sites have been hit with hacks, and wallets drained as the bad guys made off with the funds.

You can hold your own wallet, too — it’s essentially a digital file with the address of where your coins are in the blockchain and the keys required to access and spend them. It’s up to you to keep these secure! Bitcoin has undergone a lot of growth over the years, and safeguarding wallets has therefore become more important. One of the first Bitcoin transactions ever was when a man paid 25 Bitcoins for a pizza — you must imagine he’s kicking himself now given the value of each coin! The chances are good that there are plenty of Bitcoins stuck in abandoned or lost wallets from the early days of mining.

In fact, we have a little experience with forgetting about Bitcoin from “the old days” ourselves. A few years back, around 2014, malware that could look for and pilfer Bitcoins from personal wallets on Macs hit the wild. After seeing references to problems with missing coins on Reddit, we got to the bottom of the issue and uncovered the malware, alerting Apple and sharing the solution on Reddit. A few Reddit users offered to send a tip in Bitcoin as thanks. After setting up a wallet and receiving a fraction of Bitcoin, we promptly forget about it! Now, that fraction has appreciated in value substantially. It wasn’t always obvious that cryptocurrency would someday be a hot item.

What is the real value of a cryptocurrency, though? Sure, this might be a philosophical question, but it’s worth asking. Banks deal with currencies backed by governments, but governments don’t back a decentralized currency like Bitcoin. Its value comes from what people ascribe to it, particularly due to aspects like the immutability of the blockchain and the anonymity it can provide. These benefits make it worthwhile and therefore “valuable” to hold Bitcoin. Today some companies are beginning to offer payment by bitcoin, which simply adds more value to the coins as a result.

So, is it objectively worth anything? That’s the question argued over by everyone from major banking experts to government regulatory bodies to random Internet users. With some banking institutions pushing back against investments into crypto and even some nations outright banning coin exchanges, the disagreements over Bitcoin’s worth and value are strenuous. Since Bitcoin is unregulated right now, it also tends to undergo massive value fluctuations based on users fears and items in the news.

Wrapping your brain around the blockchain and Bitcoin isn’t easy — we certainly had to go through some twists and turns to find an obvious way to explain its function. Luckily, there are plenty of sites out there that also have accessible, clear summations of how these new technologies work, and some of the leading theories behind their potential. We’ll include those links here:

https://blockgeeks.com/guides/what-is-blockchain-technology/

https://www.linkedin.com/pulse/blockchain-explanation-your-mum-could-understand-jamie-skella

That’s everything we have for this week on the latest buzzwords in the world of technology — are you going to run out and try to acquire some Bitcoin or another cryptocurrency? As always, thanks for joining us, and if you have questions about Bitcoin or any other subject, we’d love to hear from you! Just send us an email at checklist@securemac.com with your name and question. We’ll be back again next week with another in-depth discussion.

Join our mailing list for the latest security news and deals