17 - Hacks and attacks
The Colonial Pipeline is the largest US pipeline which carries about 3 million barrels of oil a day between Houston and New York. The pipeline is one of the most important sources of energy for the east coast of the United States; and on May 6, 2021 an unknown operative was able to access the Colonial Pipeline’s internal system. The operative performed a ransomware attack, meaning that they “locked” or rendered the pipeline's internal data (pricing, amount owed by customer, etc.) inaccessible. Once they had effectively locked the company out of most of its critical operating information, the operative demanded 75 bitcoin as ransom. The Colonial Pipeline had no choice but to shut down the pipeline for a number of days and pay the ransom.
Large scale cyber attacks like these are not uncommon, and there are a few ways they can occur. In the case of the Colonial Pipeline, a previous Colonial employee's credentials were not deactivated thereby allowing the operative, who probably obtained the credentials on the dark web, to gain access to the pipeline’s system. In this specific instance, better management controls around employee departures would have saved the pipeline from this attack. Colonial uses a centralized database to store and manage all their information. We have learned that blockchains are decentralized which would save the system from this kind of attack; but it doesn’t mean they cannot be disrupted in other ways.
Building a city
The Colonial Pipeline’s internal system is a great example of a database built using proprietary software. Two weeks ago we learned about proprietary software but only examined it from the perspective of upgrades. A good way to think about the comparison between the security of proprietary vs open source software is through the example of building a city in the early 1200’s. Back then there were many small localized wars, and you needed to make sure that your city was protected. Before starting to build your city and its defenses, you had two options as to how to proceed: 1) You can either build the city in total secrecy, not telling anyone what its defenses are; or 2) you could build it in public, circulating the blueprints for your new city throughout the countryside.
The advantage of the first option is that no one would actually know all the defenses that your city has. There could be some unexpected trap doors that give your city an extra layer of protection. On the other hand, there could also be a gaping hole in your defenses that isn’t visible to the people building the city. The second option has the advantage of having many more people looking at the city's blueprints. You battle test your city before it is even built. When you have so many eyes and different perspectives looking at how something is being built, you notice flaws that might not otherwise be noticed. The disadvantage would be that the feedback might cause delays in building your city. Another great analogy around the difference between protected and open source software development is given by Andreas Antonopoulous and his description of bubble boy and the sewer rats (short explanation here).
Hacks and attacks
Both of these approaches have their advantages and disadvantages: but regardless of which option you choose, there are going to be vulnerabilities. Blockchains are a unique type of open source software which means that the vulnerabilities that the type of attack the Colonial Pipeline faced would not impact a blockchain. Instead, blockchains suffer from a different set of attacks. The most common attacks are: 1) a 51% attack; 2) distributed denial of service (DDOS) attack; 3) and sybil attacks. Blockchains are not designed to completely prevent these attacks, but rather, to make them as impractical as possible. In the digital world just like when building your cities, the question is not if there are vulnerabilities but rather how do you handle them.
A 51% attack is the most well known type of attack that is discussed within the blockchain industry. 51% attacks occur when a single individual or group controls over 50% of the mining capability of the network. As we discussed in Coming to consensus & proof of work, a miner’s responsibility is to find hashes and create valid blocks. If a single party controls 51% of the network’s mining power, they are able to decide what transactions get processed. Any time another miner into the 49% attempts to add a block, the miner with control will reject it and replace it with a block they have created.
Gaining 51% control is hard to obtain because it would require extensive amounts of resources to purchase the required equipment in a PoW system and assets in a PoS system. Additionally, if you were to take control of a blockchain, you would be destroying its value. No one wants to use a blockchain controlled by a single person; and the attacker would have therefore spent a ton of money to control something that thereby has become worthless.
Blockchains have different kinds of participants. While the miners create blocks, nodes store the history of a blockchain. Miners create the pages for our distributed ledger while nodes maintain the full copy of the ledger. When a block is mined, it is passed around to all the nodes which then add it to their copy of the ledger. In a sybil attack, a bad actor obtains control of many different nodes on the network. If a bad actor controls many nodes and those nodes are withholding blocks or otherwise hindering the network, it can wreak havoc on the nodes that are trying to behave correctly.
Blockchains help to prevent this through their public design. All nodes are visible to everyone; and once a node sends bad information, the rest of the network knows that it is a bad node and can ignore it. In theory this works well , but in practice, it would take some time for the entire network to get an understanding of who is bad vs who is good. Sybil attacks are less (As an aside, the term “Sybil” comes from a book called Sybil that describes the life of Shirly Ardell Mason, a woman who suffered from multiple personality disorders. The name is fitting considering that these many different personalities made it almost impossible to function in society and a Sybil attack against multiple nodes makes it incredibly hard for a network to operate.)
Finally, DDOS attacks occur when a network is overloaded with requests. Bad actors can flood a system with more requests than that network can handle, effectively rendering it unusable. Imagine trying to squeeze too much toothpaste through a small tube. Eventually, the toothpaste will become overwhelming and clog the hole. In a blockchain, a DDOS attack is executed by overwhelming the system with too many transactions. A bad actor can constantly spam the network filling up blocks causing other blockchain users to be unable to use the network.
Blockchains are unique networks in that the information they track has a market value. A transaction fee’s primary purpose is not to compensate miners/validators, but rather to prevent attacks. If every time I wanted to conduct a transaction I needed to pay a fee, then overwhelming a network with transactions would become extremely expensive.
The attacks I have described might be hard to understand without some historical examples. In next week's newsletter we will discuss some examples of these attacks throughout history.