When situations develop in a predictably bad direction and some people including yours truly saw it coming, at least in broad outlines, and pretty much no one took basic steps to change the trajectory, it’s hard not to marvel at our collective stupidity. I sent a little rant to our Brexit group, which is overweight in experts in banking, IT, and regulatory matter, on the Colonial Pipeline hacking debacle and the role of crypto in it.
Note that as of yesterday, gas shortages were starting to stick. Local contacts said nearly all gas stations around Atlanta were out of gas, for instance. From the Wall Street Journal:
Last night, Colonial announced it was “restarting” its service. I’m not the only one who noticed the paucity of details such as when they expected to be back to normal.
Can someone please explain to me why Colonial Pipeline, which supplies almost half the fuel consumed on the East Coast, doesn’t have to disclose a thing about the ransomware attack, whether it paid the attackers, or what steps it’s taking to prevent another attack?
— Robert Reich (@RBReich) May 13, 2021
Officially, per Reuters, Colonial is making no comment as to whether it paid or might pay a ransom. However, it appears Colonial is trying to have it both ways. From the article:
Colonial Pipeline does not plan to pay the ransom demanded by hackers who have encrypted its data, according to sources familiar with the company’s response on Wednesday.
“Does not plan to” is not “will not”. For instance, from Colonel Smithers:
Soon after new year, a client of [Euro TBTF[ in the US was held to ransom. After some high level discussions with regulators, it was decided to engage a negotiator to facilitate the ransom into crypto. It was interesting to hear from our US counterpart that negotiators who specialise in this shadow exist and numbers are growing.
And vlade:
On your last point. It’s the talking point of govts “you don’t negotiate”.
The reality is, that they do, most of the time. As long as the ransomers are smart enough to keep under radar (i.e. not to attract media). When at LBS, we had a couple of sessions with professional negotiator, it was fun and one learned lots of interesting tidbits.. (like what is the precise weight of $10k in $100 notes)
Now let’s step back a little:
1. No one saw this coming??? Did all of these big infrastructure providers, and more important, their government dependents miss Stuxnet and Iran? That was 2010, dudes. Of course, we are now generations into software and hardware where security was never a high priority in design (witness default user IDs and passwords of “admin/admin”). Retrofitting is much much harder than building it in from the get go, but we are well past where that’s attainable. And that’s before you get to corporate cultures where inconveniencing workers is a career limiting move for an IT professional.
Regarding Stuxnet, I’m surprised that a commercial version, as opposed to state actor v. critical facilities, took this long to happen. Of course, this does have to have more features, since presumably you need to turn it off w/o leaving [more] fingerprints.
2. The ransom ($1 billion) has to be due in crypto. Yet no one is saying this is confirmation that letting crypto run wild was a bad idea? And on top of that, the $1 billion ask has now focused the minds of all sorts of criminal mischief-makers as to how profitable holding the right actors hostage could be.
By contrast, if anyone tried to move $1 billion through the banking system, even to a bank in a supposedly-beyond-our-reach country, Gina Haspel and every sadistic mercenary in US employ would be on the list for the team to capture and render that bank’s execs. We’d find it imperative to make an example of them. We’d probably settle for car bombings and strangulations in bathtubs since the Khashoggi treatment is a tad uncivilized.
3. Worse I see crap like this, from a Politico newsletter:
Lawmakers could crack down on the anonymity of cryptocurrency marketplaces by requiring them to collect more information about their users. But that effort, too, would provoke strong opposition from the cryptocurrency industry, which is assembling a growing army of lobbyists.
So what next, a syphilis lobby? It’s not just “marketplaces,” it’s the whole damned premise.
Banks had to have known that the use case was criminal, which to them means high margin. They stupidly thought they could wind up owning enough of the market for it to make for a decent profit center. So they didn’t oppose it and many supported it. As Colonel Smithers pointed out:
When pack horses like DB and BNYM, so not just the thoroughbreds, are raring for a piece of the action, you know it won’t end well.
I get the impression that financial institutions see this like dark pools and the opportunity to trade away from regulatory scrutiny.
Even my chiropractor in Pelham, Alabama has worked out what crypto is about. I saw him yesterday and he was asking about Bitcoin and Dogecoin. He said friends were in it, had made some money, and were pressing him to buy. He said he didn’t like the volatility (and said they’d got in around $4000, saw it run to over $16,000, and then fall way back and they sold out at a bit over $5,000. I assume they got back in at a higher price).
More important, he said he didn’t see what you could buy with it and was unfamiliar with the tax issues (which I explained). And he said he didn’t like investing in something that had no real use and was mainly good for crime (!!!) and he wanted his investments to be in things that were productive.
And vlade pooh poohed the idea that it would be hard to reduce the use of crypto to nuisance/hobby level:
Your points re crypto. All I can say is “death to crypto!”. It’s literally the worst invention of humanity, ever. There is not a single positive element (even if you look at it as a wealth-redistribution lottery, lotteries already exist and are at least more transparent). Even leaded petrol and nuclear fusion had some positives.
The response to this should be “fuck crypto, let’s outlaw it, right now” *). Instead we’ll get handwringing from Politico and similar crap.
*) you could start by making it a crime to be in any blockchain that includes a wallet that can be tied to a known criminal use, as participation in money laundering. Just the uncertainty of that would kill crypto.
To add to what vlade said, there is no legitimate purpose for crypto that isn’t done as well or better by existing financial services products. It’s only use case is for crime.
Finally, Elon Musk’s reversal on Bitcoin as a means of payment for Teslas is oddly timed. Musk’s professed excuse, that he had no idea what an energy hog Bitcoin is, is laughable. One theory is that Musk is enjoying showing his power by whipsawing crypto prices.
But my pet and unprovable belief is that Musk realized or even was quietly told that his legitimation of Bitcoin and therefore crypto generally didn’t sit well with key players in the defense/intel state. They may now feel they sat pat for too long and are now playing a rearguard game to curb its use. While Musk has no inhibitions about pushing around a weak regulator like the SEC, he needs the cooperation of the Feds for his SpaceX plans to advance. There are all sorts of plausibly deniable ways to hold up projects like that, such as protracted safety inspections.
The time is overdue to crack down on this socially destructive complex. But absent bloody-minded measures like the one vlade suggested, the officialdom will be playing whack-a-mole.
my theory is CIA likes crypto. easier than flying tiger airplanes filled with drugs…
….or pallets of stacked 100 dollar bills.
my theory is they dont like crypto
My theory is that whoever is behind Bitcoin, it is not some smart*rse programmer dude working in his garage.
Ordinary people creating currency usually get jailed. And bitcoin is currency for crooks to boot.
So if someone went to the trouble of creating Bitcoin, what was in it for them? And since Bitcoin goes from strength to strength, are they getting what they wanted?
Is it a government actor? A TBTF corporate actor? A rogue secret services actor? An international consortium of crooks?
At least one of the previous bubbles was tied to a government wanting to get rid of war debt (South Sea Island?).
We will never know if nobody asks the questions.
If you read even a little bit into the history behind Bitcoin – all the efforts of individuals that preceded it (over a period of decades), and similar efforts around things like encryption, for example – then you would have a much better idea of “what was in it for them”. It’s genuinely interesting, so I would encourage you to at least Google it.
My theory is the closer you get to the ground at CIA the better they like it and the inverse equally.
I don’t figure they’re anymore competent or coherent than any other institution in the Federal system.
One hopes some vanishing traces of wisdom persist, but if so it’s their best kept secret.
… it’s hard not to marvel at our collective stupidity.
The people making policy, and the people living under policy, are two different peoples, and of considerably different numbers. I would say a lot of the stupidity is purposeful stupidity. Plenty of people knew about ninja home loans and that the whole edifice would collapse – it continued because the money makers wanted it to continue, and in this society money rules. This is just the logical outcome of such a philosophy.
I wonder how much our nuclear arsenal is worth?
The stupidity of our political class was on display recently in the NYC mayor’s race. Former Secretary of Housing and Urban Development, Shaun Donovan, a candidate in the Democratic primary, was asked to estimate the the median price of a home in Brooklyn. He responded about $100,000. The correct answer was $900,000. This is the former HUD Secretary. Watch Krystal Ball’s takedown on The Hill Rising:
https://www.youtube.com/watch?v=wsCCcCNjJ28
As far as the policy makers are concerned, it’s not a bug, it’s a feature.
Why stop at ninja home loans…stock trading on the secondary market is just a Ponzi scheme, no money go to the company for productive use just changing hands and the price rises when there is new money flowing into the market… pure Ponzi, no one can make money on stocks if no new money flow in
If I was the hackers, make your demands a lot tougher and ask for a billion in physical all that glitters, and watch the scramble to come up with the goods…
The fact that an oil pipeline, an asset that is both itself and in its consequences as physical and reality-based as it gets, was interrupted by a digital attack should also raise questions. Moving oil is not like quite like moving money, and the fact that it couldn’t be operated in the absence of networked computers, via some sort of mechanical redundancy is a fiasco.
Obviously, I don’t think anybody who is working age is even able to conceive of this possibility any longer.
Yes. That kind of back up would also be tech…engineering tech.
Also one of the things that annoys me is the phrase: “tech is the future”..as if there was no technology ever until digital.
Maintaining either a stand alone computer network or a set of manual backup procedures are both expensive and don’t contribute to profit. We are all about “lean” and “efficient” and not so much into “reliable” or “resilient”.
Which is why such critical infrastructure should immediately be nationalized under the auspices of National Security, thus removing any excuses about running lean in order to maximize profits. And before anyone claims that “government can’t do anything right,” how many nuclear missiles has the US government lost in the past fifty years and never found?
Excellent question. Naturally the answer is classified Stratospherically Above Top Secret.
“To date, six U.S. nuclear weapons have been lost and never recovered.”
But missiles are harder to lose because they are enormous rockets.
Even the “six” nuclear weapons “lost” are not the full item. The old bombers carried the nuclear “pits,” the radioactive cores that actually went boom, separate from the bomb housing. Several of those “pits” are what were ‘lost.’ Now, there are also the nuclear torpedoes and missiles that sank with submarines from several nations naval forces. Those unit’s positions are usually ‘known’ but not presently recoverable.
For example, Ballard stated that finding the Titanic was just a cover story for the search for the lost American submarines Thresher and Scorpion, both nuclear weapon equipped vessels.
See: https://www.popularmechanics.com/military/navy-ships/a25603601/titanic-discovery-nuclear-submarines-navy/
thinking the biggest issue….is why they exposed their systems to the internet…and not protect them….but its the short sided US business decisions…that lea to this….do wonder why the regulators allowed them to get away without some sort security …couirse Congress tends to hear from business and do what ever they ask for ….makes one wonder why Congress critters….think they represent the people…when they really represent business
I do not believe the Honorable Members of Congress think they represent the people, although they might find private amusement that any members of the Populace could believe such fictions after being given so much evidence to the contrary.
its one of those they talk differently than they actually do
I’m not sure that we have enough details to understand exactly which parts of the pipeline were attacked, but I cannot stress enough how not just oil pipelines, but all major utilities such as power plants, power distribution grids, water distribution, natural gas, dams, you name it, are controlled using programmable logic controllers (PLCs), controlled via Human Machine Interfaces (HMIs), and all monitored and controlled using Supervisor Control and Data Acquisition (SCADA) systems:
https://en.wikipedia.org/wiki/SCADA
These are all essentially computers (normally Windows PCs after you peel back enough layers) controlling valves, pumps, transducers, etc, the hardware which performs the process.
Often, what is refereed to as “manual control” means that the operator uses the HMI to select “manual control” and can then control the individual components of the system, but it all done through the PLC. I’m not saying that the days of having a operator spinning a valve manually open or close are gone, but it’s getting rare.
As stated below, these systems are installed when the infrastructure is built and are not often updated so it’s not unusual to have very old operating system underneath. At one site I worked at, there was MSDOS, OS/2, and every variety of Windows going back to version 3.1 up to about seven years ago.
It’s not from lack of trying to stay up to date, it’s just expensive, and management will generally not care since stock buybacks, and such which enhance their pay are much more important. They generally don’t know much about the equipment, and have made careers out of cutting maintenance and upgrades to the bone.
Bottom line, these systems are the backbone of your national infrastructure, did not get much attention concerning security until fairly recently (2000-ish):
https://en.wikipedia.org/wiki/SCADA#Security_issues
American corporations are also cutting local IT support, and not spending in capital equipment improvements, all of which exacerbates the problem.
Thank you for your inside view of a significant component of the remarkable fragility that lies behind so much of the infrastructure holding up our Society. To the risks due to hacker attack add:
— software failures like the problems with the computer system at FirstEnergy in Akron, Ohio that lead to the Northeast blackout of 2003
— risks from the ill-maintenance of a tree branch free power right-of-ways for electric power lines or the 2006 Prudhoe Bay oil spill from knowingly neglected corroding BP pipelines
— risks due to age past end-of-life transportation bridges or water supply systems and pipes build a century or more before now
— add risks from the increasingly angry weather
….
That we do not know about the fragilities listed and the many left unlisted is very stale baloney.
And much of this infrastructure is coupled together and some of the coupling is complex — think “for want of a nail”.
I wonder how much security impact there will be from covid work-from-home measures.
Form what I have seen, many plants were keen to send people to WFH if possible – because they worry about outbreaks that bring down whole shifts of people who can’t work from home.
I suspect there have been many IT cludges built, to access on-site systems that are supposed to be isolated from the wider world. Not so much for operators, but for IT people or engineers who just need a quick look, or to try out a little thing.
Right, the fact Colonial had critical infrastructure connected to the open Internet, or otherwise allowed the introduction of malware to its systems, with seemingly no limits on what the malware could access or do, is the real issue here. I absolutely do not condone this type of attack, but if there is a silver lining, it’s that corporates and governments are just about everybody else are starting to take IT security much more seriously. What better incentive, really?
Anyone who doesn’t understand the finances of a monetary sovereign, and that’s most citizens, won’t understand the threat to our sovereignty posed by crypto currency. They should be illegal. Ignorance is just as damaging as stupidity
Please do not speak with such confidence when you then immediately make clear you are way way way over your head. Crypto is not a threat to monetary sovereignity. Please read up on this topic.
The fundamental requirement is that the sovereign net spends the currency first to get it in circulation and requires its use to settle tax obligations.
Everything you just said is why crypto lobbying is concerning.
The IRS and SEC have already taken positions on crypto. They are foreign currencies. Profirs on trades are subject to taxation, and not at capital gains rates either.
The IRS treats cryptocurrencies as property, not currency.
https://www.irs.gov/individuals/international-taxpayers/frequently-asked-questions-on-virtual-currency-transactions
That’s the same as its position for retail currency trading. Taxable personal property. That’s why it’s been asking Coinbase et al for the identity of wallet holders beyond a certain size. The IRS does not bother with retail foreign currency sales and purchases that are incidental to other activities.
To add to what vlade said, there is no legitimate purpose for crypto that isn’t done as well or better by existing financial services products. It’s only use case is for crime.
I’m at the point in my life where I believe the purpose of many financial products is crime, if not de jure crime, than some kind of de facto grift.
So for the decision makers, crime is a feature, not a bug…
Which begs the question of course: If crime is one of the big objections to cryptos, then well don’t we already have that in our current financial system anyway?
Aumua
May 13, 2021 at 1:55 pm
Innovation
Money never sleeps…or more accurately, the grifters never sleep
One aspect that doesn’t seem to be getting a lot of attention – probably because “OMG Bad Foreigners Hold Pipeline Software To Ransom” makes for better headlines – is that there are several mentions in the IT security space which suggest that it’s not the actual pipeline control software that’s been affected by the ransomware, but what looks like backend systems at Colonial. This Twitter thread suggests that the ransomware attack has affected the billing system: https://twitter.com/kimzetter/status/1391568102316384258?s=21
Either way it’s not a good look that the broader contingency plan appears to be “who cares if people can’t get to work if our pipeline monopoly prevents fuel delivery”. Good thing they had plans for such an emergency and had enough truck drivers with appropriate endorsements on retainer so they could switch to OTR delivery.
Oh, wait…
This is what a recall as well.
It sounded like they were turning off the flow because they wouldn’t be able to track billing.
Yes, they can still get to the fuel and for half a billion could have done many things except agree to pay the 1 billion ransom.
Actually, this suggests the attack was superbly thought out.
There are work-arounds, probably not horribly complicated, if the software running the physical plant was what was hit. There may have been safety and staffing issues that would have led to lower throughput, but they probably could have gotten some semblance of operation back in a day or two and then figured out how to improve the manual ops.
How to work around the billing sounds much harder to fix quickly.
the attack was superbly thought out
Not so much. An automated wash, rinse, and repeat methodology is all that’s required to absolutely and systemically devastate the overwhelming majority of Windows dependent networks and application servers. https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
SCADA and environmental controls frequently run on ancient and unsupported windows software. Not only would it be prohibitively expensive to upgrade, in many instances, it’s simply not possible. At a minimum, however, these systems have to be air-gapped from the Internet, and, you now have to diligently protect them from unsophisticated disgruntled insiders capable of introducing pirate SaaS into the environment.
No matter where you go, “All around the world the same song…,”
I think you are misconstruing my point. It is the choice of which part of the Colonial operation to take hostage, not whether it was all that hard to do that.
> This Twitter thread suggests that the ransomware attack has affected the billing system
That would be very interesting to learn if it is true. I assume that Colonial would do its best not to release the information to the public if they truly turned off oil deliveries to half of the East coast, because they temporarily can’t get paid for them.
Oh it appears to be true from this article….
https://zetter.substack.com/p/biden-declares-state-of-emergency?s=09
Interesting. Though some points in the article seem odd. I suppose those will be cleared up with time.
Jack, you’ve been gone now for a decade. Where does the time go?
On Zetter, see Water Cooler 5/10.
TTG does a good job providing further background into the SaaS tools and methods employed in this incident. https://turcopolier.com/the-darkside-hackers-ttg/
Darkside is not new, it’s just greatly improved and easier to use. In the last ransomware incident I personally witnessed, a trusted insider engaged a more primitive variant of this type of pirate service for his own nefarious purposes and devastated a school district’s backend operations. As described in the linked cyberreason article, a big part of the attack involved taking down the microsoft network beginning with domain controllers and also the standard backup solutions. It’s very nasty stuff.
Two years later, the school district in question still hasn’t completely recovered from the SaaS attack on its Windows network and server infrastructure.
Krebs on Security is my goto in these cases, he has a nice writeup too. What’s really interesting is that he exposes the text of the negotiations for a previous victim.
Also, that article you linked is worth going all the way through, because they link to another excellent writeup, with tons of low-level technical details, including disassembly of the binaries. It’s a bit of a sales job for their product, but it’s great detail.
And finally, apparently Colonial was warned three years ago that they were a disaster waiting to happen:
And also:
I’ve said for a long time that you can tell what’s important to a company by the titles of the C-suite, and that theory got proved again.
My guess on Tesla is that they’re concerned that they’re getting paid in an overvalued, thinly-traded asset and want to get ahead of a crash cash-out. I’d take it as a sell signal on Bitcoin in particular and crypto in general.
Banning it is so sensible, I expect the corrupt scum in Congress not to do it. Instead they will enrich themselves, and their benefactors, and damn the consequences.
well they cant represent their bosses (companies) which will lead to them loosing the power and jobs
I’m sure their fat bribe filled crypto wallets will tide them over.
I agree with your post, but I’m not sure about this. Not too long ago, HSBC got a relative slap on the wrist for the repugnant money laundering they were doing for cartels: https://www.icij.org/investigations/fincen-files/hsbc-moved-vast-sums-of-dirty-money-after-paying-record-laundering-fine/
People were being shot over the money that HSBC was laundering, but they managed to just settle the case.
The cartels moved the money in smaller much smaller amounts at once, and through branches, where it would blend it with other transactions (as least enough not to look like a rabbit going through an anaconda).
By contrast, this is a billion everyone would know was en route.
One of my most important resources, an employee of a vendor, was unavailable for about 20 days last month due to 80 hour weeks spent fixing a multi-national customer who tried to fight with Russian cyber criminals over a ransom threat.
Rather than give in to demands, call for help or negotiate, they first shut down their main servers, this tripped a ‘dead-man’ switch which destroyed all their back-ups, and encrypted every hard drive in every device in their offices in 22 different countries.
It turns out the hackers were in this company’s networks for 3-4 years, and understood each and everything about their business and systems.
As a side issue, a very large side issue, IMHO, in the process of helping them, my friend learned that this corporation had been virtually taken over by their enterprise software provider.
Leverage being what it is, I’ve never understood how any business owner could turn over their books to a computer in the cloud, owned by someone else.
You’ve hit on the reason ransomware works. It is less disruptive, and usually cheaper, to pay up and move on. The cases I’ve known of are like what you’re describing. They aren’t just chance crimes of opportunity where someone brute forces in and locks things down. They knew what they were doing and knew how best to cripple the business (or hospital system) they were attacking.
As for turning things over to the cloud, everything is headed more and more that direction to the point where you don’t have an option not to go that direction. Some of the medical offices I’ve worked with, for instance, software was either cloud based or it is obvious it was heading that way. That would be billing, records, xrays, prescribing, the whole nine yards. I’ve worked with mostly small offices, so it’s kind of a catch-22. They either go cloud or continue to have on-site servers that they really don’t want to pay the cost of operation and maintenance, and, because of that, are often way out of date in hardware and software.
Businesses, and people, for that matter would be better off if they owned up to the cost of doing business, which includes secure systems.
“Businesses, and people, for that matter would be better off if they owned up to the cost of doing business, which includes secure systems.”
Agreed. Unfortunately, I think technology is too often sold as a cost and labor saving thing that can be out of sight, out of mind until something goes wrong. And when something does go wrong, it’s never the people who wouldn’t pay for proper IT support or maintenance who get taken to task. I think things like the $5 million they apparently paid for this ransomeware are increasingly seen as the cost of doing business, not putting the money into the infrastructure, even if the later would be cheaper and help prevent the former.
You see what I see.
Short-sighted people ‘saving‘ money.
I see “I’ll be gone, you’ll be gone” …
A business manager would turn over control of their books, so long as they trusted that any problems would not mar their ten-year as manager or follow them after their rise or departure.
The question that puzzles me is the ransom asked. A billion dollars far exceeds the usual $10 million or less I read of a decade ago — the amount that banks would readily pay, eat, and keep quiet. A billion dollar ransom ask in crypto currency no less raises many questions. I am very suspicious of this attack — its motives and intent. It smells funny.
A $1 billion one-shot. I wonder what sort of energy hit that will create.
and who pays for it
can you say the companies customers?
i forgot…we will too, since that payment is a tax deduction
Another thing on Elon-the-wannabe-Tony-Stark.
It is estimated that about quarter of all BC in existence is vulnerable to a quantum-computer attack (see https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/quantum-computers-and-the-bitcoin-blockchain.html for example). IMO, it’s not inconcievable that within a decade or two there will be something capable of that. Do you want to have an “asset” (never mind currency) that becomes worthless as a technology can advance?
The article I link above (a disclaimer – I’m not a crypto expert, never mind quantum computing one, and you’d need someone who can do both and has no dog in the race, which may be hard to find) also states that BC could be terminally broken if a quantum computer was able to break BC signature in less than 10 minutes, which is the time BC block takes to mine and this time is sort of in-built in the BC, being the whole point of “proof of work”. Making it shorter won’t help, as it means the problem to solve is easier which means that a quantum computer can also solve it faster. The relation between the two is unlikely to be 1-1, so it may be some hiccups but anyways.
Hence, for all the “BC is here to save the world”, _IF_ you’re a technology wonk (like Elon keeps saying), you’d ignore BC because it can become worthless overnight if someone builds the right quantum computer.
Which we know is _theoretically_ possible is “just” a matter of engineering.. (which is more than can be said of cold fusion).
As a technology nerd, I’d actually want to see a quantum computer way way more than BC, and unlike BC or any other crypto, it would be something that is useable.
Quantum computing and crypto are a little advanced for me at my advanced age. For fun, toss in a Carrington Event — we have had a few near misses of late — or regard the possible impacts of an EMP attack [I recently re-read Forstchen’s “One Second After” regardless of his colorful backers.]
I once watched a Vitalik Buterin (creator of Ethereum) interview in which he countered, that breakthroughs in computing power, or cryptography in general, will be observed and iteratively adapted to through the governance of each crypto-economy/currency/system (typically a democratic process which allows changes to the code/laws, requiring consent by the majority of a token’s miners).
If you make a quantum computer, they will simply make quantum encryption.
Yeah, that’s my understanding too. Seems like most people think solutions exist to this problem. I guess at a minimum you could pause to fix and then roll back, fork, etc.
It will be interesting to see if Alex Karp backtracks. I believe he stated that Palantir will be or is accepting bitcoin. I imagine they would wish to stay in those good graces too.
The very notion that any critical social and economic infrastructure is so designed as to accessible through the Internet because it is more profitable than stand alone ‘unconnected computer-operated’ systems is as absurd as Screen Doors for Submarines … a term used by another commentator on this site in a different context.
I’m sure you smart UK and US posters would know, but what is it I vaguely recall about it being illegal to pay ransomware demands?
RE: the Silcon Valley persona-bot holding up the Tesla brand who spoke highly of bitcoin and has since reneged
A commentor, may have been Vlade, made the fascinating comment a little while ago: the aforementioned Tesla persona-bot had purchased more bitcoin than it was possible to purchase (US2 billion I believe) which therefore indicated they had purchased futures. Now, Yves and some others here have written about how dangerous BC futures would be. They don’t exist to my knowledge (I know Vlade knows far more than me about these things and I’m not suggesting he said BC futures exist) Whats the gap here? It’s very interesting – how does someone purchase 2 billion worth of BC if it’s not physically possible? Love to you all from Australia xoxo
Will the combination of unmaintainable software,(too much software to maintain), or or undecipherable AI take down our Civilization before or after Global warming starves most of us to death?
At what date in this progression is everybody on the planet programming?
Or will AI come to the rescue, except we will have no idea why AI has decided to do what it has decided to do. Which puts a huge spear through any Judicial System.
Or is there an unholy symbiosis where all will work together to our extinction?
Species on this planet have come and gone multiple times over the epochs.
Demand for USD is propped up by all manner of evil. Consider ransomware one such tactic, ensuring demand for crypto: evil, but arguably less so than say, Venezuelan sanctions, etc etc and etc. Imagine the criminals’ goals were to destroy infrastructure (as is the case in Venezuelan sanctions) and not merely defraud it…
I find it ironic that Yves will likely admit the status quo was built and continuously maintained through criminal enterprise (see: banks), yet balks at the prospect of democratizing that process, because: “crime”.
People do not appreciate the social technology that is cryptocurrency, and instead focus on how it has been introduced to the masses via speculation and illicit activity… which are relevant only in the sense they are what are catalyzing the transition… but I urge Yves to explore the social and philosophical ramifications of cryptocurrencies, as they are profound, and go well beyond the layman’s get-rich-quick mania, or even criminal enterprise.
NC preaches revolution, but doesn’t know one when it slaps them in the face. Don’t mistake the forest (cryptocurrencies) for the trees (crime).
I doubt it, because synonimising banks with criminal enterprises as though that were their sole and historical raison d’être is the trivial pablum of keyboard revolutionists. Banks have utility beyond speculation and illicit activity, which in fact are not only relevant as the catalyst for a “transition” that is never going to happen, but are instead the culmination of crypto’s utility. So the comparison with banks is utterly fatuous.
ditto handwaves about profound social and philosophical ramifications of *checks notes* cryptocurrencies. There are none. You have been bullshitted. Bullshat. And now the bullshit is disseminated. It’s like a pyramid scheme of bullshit.
“yet balks at the prospect of democratizing that process”
The idea that crypto is/or any form of democracy[tizing via an inanimate object vis-à-vis human social organization is like saying the Free Banking period was the exemplar of democratic social organization and crime free[tm] too boot … let alone challenge any of the sacred neoliberal cornerstones.
I see you specialize in ignorance as well as fabrication.
Demand for the dollar results from the fact that the dollar is the reserve currency, which in turn results from our willingness to run trade deficits, as in export jobs. That’s politically unacceptable in most countries where the powers that be (even in authoritarian China) see preserving employment and decent wage levels as essential to their legitimacy. The only evil here is screwing our own middle and lower classes.
And please tell me how well democracy scales. You can’t run anything of scale on a democratic basis, in particular a banking system. So please don’t sell pleasing blather that won’t work. We have been able to have tough regulation and that’s the best we can get to. Or do you advocate going back to Little Home on the Prairie lifestyles? I can see going there as a result of climate change, but to implement your finance fantasy? No one will be on board with that when they grok the implications.
And since when are we revolutionaries? Another straw man. We’ve repeatedly pointed out that revolutions have always done great damage to the population at large. It generally takes at least a generation for average people to see any benefit.
There are parts of crypto that will (or already) have huge productive value. A few quick examples:
Decentralized Finance or DeFi. Already $81 billion in dollars in DeFi such as lending, derivatives, currency exchange etc. I can deposit dollar-denominated (equivalents) and get 6%+ with large balance sheets to back them up.
Unbanked or underbanked. Will help a lot of people here.
Smart Contracts. Reduce overhead, ensure compliance, code-based terms are not really open to interpretation.
Auditability. A ledger to trace every transaction.
Auditability 2. Open source code.
Sending money quickly, cheaply, and securely. Can anyone think of a use case or existing problem this solves? I understand the whole terrorism point but do you think without crypto hackers wouldn’t be targeting US infrastructure?
Artists and NFTs. Means artists can monetize digital art and receive a portion (say 5-10%) on every sale and not just first sale.
Owning currency that is not fiat and subject to known supply.
There are drawbacks or risks here obviously to many of the above but the idea this is all bad seems really misinformed. I’ve read this site for years and at first was hoping it would be a good place to discuss all the great stuff that is going on in DeFi.
I find it interesting that a tool that opposes and reduces the profit taking tax of the banking and financial system is being cast as enabled/allowed by them here.
Prosecuted Futures ….
What market operates on a suggestion ‘prosecuted futures’ which as no productivity or physical attachment besides consuming energy and commodities to grind out code … largely front run by money laundering and illegal trade.
Yet all that blockchain can’t stop people from running off with billions of others property[tm] …..
The irony in all this is that the thing the exchanges and Tether and the people running them clearly value the most is…. fiat ie. they are bending over backwards to prove that they have more fiat on their balance sheet. Why? If crypto is a superior currency why would that be?
The whole edifice is supported by a tiny amount of real money, with no access to the banking system, let alone the CB.
How do people think this can end well?
The problems with the banking sector are ideological in nature due to its administration and not intrinsic, crypto is ideological in origin ie. intrinsic.
The thing we need to be talking about is ‘how can the evolution of crypto and DeFi be used to force better acting from banks and monetary policymakers.’ The extreme sides of ‘it’s going away’ or ‘it’s replacing fiat/banks.’ are equally ridiculous to anyone who has a seat on both sides.
Most activity on the Ethereum network isn’t illegal. Having fiat denominated on the blockchain has many obvious benefits with respect to constructing financial instruments, providing liquidity, stability, etc.
The rest of your points simply appear to be creating labels and then arbitrarily excluding crypto from them. If these currencies aren’t real money then how can people be using them for money laundering and illegal trade? For better or worse, it is money because people treat it that way, and that is unlikely to change anytime soon.
There is a clear central bank type structure to schedules for printing most of these currencies that ensure everyone knows how things are going to work months in advance. BTC has a fixed final supply (21 million), and ETH supply growth is mostly straightforward. How fees are collected is governed and voted on. Lack of a necessary connection to banking is the key feature.
There are certainly good critiques to be made but the (a) illegal (b) not real (c) electricity consumption are kind of a waste of ink at this point.
You are incorrect regarding what constitutes a currency and the use of crypto in facilitating illegal activity. No one would call blood diamonds money and crypto is serving the same function for crooks.
Go read up on Adan Khashoggi or Marc Rich. They both facilitated massive trade transactions for countries or interests under sanctions. No one would have called their activities currency dealing.
And a banking system does as hell of a lot more than provide for irrevocable transactions. The fact that you assert that crypto can substitute for or even impinge on banking shows you don’t understand what banks do.
Thanks for weighing in. I was trying to say that crypto was not going to replace banks in my second sentence but I apologize to the extent that wasn’t clear.
If I want to lend out or borrow crypto or stable coins pegged to the dollar like USDC I can use Maker ($12.9 B). AAVE ($11.4B), Compound ($9.8 B), etc. If I don’t like the risk profile embedded in smart contracts or inherent to stablecoins I could deposit on Gemini or BlockFi and have their balance sheets as a backstop. If want to exchange these “assets” directly with a peer rather than passing through an intermediary I could use an exchange like Uniswap or many others. I can build and trade derivatives on Synthetix ($2.4B). There are payment companies like Flexa ($1.3B) that are trying to use crypto to accept payments for regular small business and merchants (it’s sketchy right now, but someone will do this reliably well soon – besides PayPal). All of the above dollars noted are assets locked up as of right now converted to USD from current spot prices of ETH, BTC, USD (1:1), etc. All above are secured cryptographically on the Ethereum blockchain. H
To me, this looks like a developing and thriving financial ecosystem. Moving this fast without regulation is not ideal – to much extent that cat is out of the bag here. Certainly, there are issues, fraud, and illegal activity. But I personally would not characterize it solely in those simplistic terms. I’ve used it for months and been happy with the yields (and of course asset appreciation). My opinions and thoughts are a result of (a) hundreds of hours of study and practice in DeFi (b) and as someone who spent 6 years practicing business and security valuation at a Big 4, including for some financial institutions (not typically banks but occasionally), and (c) and open mind about technology and finance. Hester Peirce certainly thinks there is a way forward.
You are free to characterize all who use crypto, including myself, as criminals or embedding them. I’m okay being wrong about what constitutes banking, currency, assets, etc. – I will research and learn more. I do believe that DeFi, crypto, and blockchain are going to be a big part of the future, and to some extent already are. Many want to avoid banks not because we are bad actors but because we feel banks are.
A big problem is that DeFi and crypto are being shaped by computer scientists, former bankers, and kids with no experience. Much like big tech ‘disrupted’ with all the ignorance but less arrogance and profit-seeking motives. We could use your help and most of us want to listen. I read your site and donate every month for the past 4 years because I value your experience, expertise, and contributions. If you want to make a good faith effort to understand what is going on and to help then your words will find an influential audience. And I am always happy to help teach you about what I’ve learned and what is going on. However, if you want to pick out or extrapolate something I’ve written here and prove me wrong again that is helpful in a way too.
I have no interest in supporting this project. We also had unregulated peer-to-peer lenders that are now in a world of hurt. Look at Greensil for a bigger scale example of what happens with “innovation” in lending. Derivatives that are not exchange traded should be banned.
The answer to banking is more regulation. We had sound and not dramatically profitable banking prior to deregulation. Average pay in financial services was the same as economy wide due to the lack of a rentier premium (see Simon Johnson’s The Quiet Coup for confirmation). The answer is not reckless experiments that allow for even more rentierism and criminal activity.
Fair enough. I agree about regulation but not optimistic on that front. I would argue that we have ‘exchanges’ for derivatives but suppose we can choose to define all these terms differently like we do for ‘currency’ or ‘banking’ activities. I actually think that instant settlement, automatic liquidation for margin calls, strict digital custody to ensure real over-capitalization, and other aspects may offer some advantages over t+3 and some other current structures and practices. Not for all asset classes but certainly for some.
But I think understand your perspective.
Late to this amends …
From its inception crypto was never conceived as some means to “force” any behavioral changes on banks or otherwise. It was trotted out as a means to conduct transactions outside any regulatory agency [freedoms] and sold as a permanent store of labour due to blockchain.
The behavior of banks is not just a money problem, its been a concerted effort by those pushing an agenda based on some self serving philosophy which has been codified into law and it effects all the rest of the market and society as a whole.
Crypto does absolutely nothing to redress the underlining fundamentals of neoliberal theology, more so, and if not, just the opposite in my view. Most of all it takes oxygen away from the important discussions and debates about how we got here and how to get back to a reasonable pluralist system.
Just wow at all the waste of actual currency and resources bled away from socially productive enterprise with some re-decanted hard money ideology with a side of technological gimmickry.
Sigh …. banks did not push Plaza, banks did not push corporatism, nor did they advance neoliberalism all on their own ….