Leave a comment

Tech Forecast: Cryptocurrencies Have DLP Implications

Cryptocurrencies such as BitCoin and Ethereum are getting a lot of attention these days. Bitcoin, created in 2009, is arguably the largest and most well known cryptocurrency with a market cap of over $99 billion. With explosive growth and popularity it’s no wonder that organizations are beginning to embrace cryptocurrencies, whether for payment transactions with customers and employee’s or as a more multi-purpose ledger leveraging bleeding edge technology such as smart-contracts.

While there is a lot of opportunity in a shift to digital currency, there is also the typical security pitfalls that come with new technologies. In this forecast we’ll take a closer look at the mechanics of storing cryptocurrencies and the downstream DLP implications that exist.

Primer: What is a Cryptocurrency?

A cryptocurrency is a type of digital asset protected with cryptography and stored in a public decentralized blockchain ledger. Anytime people want to transfer money around there are transactions describing digital asset movement from one account to another account, and these transactions are stored in a digital and publicly viewable ledger. Cryptography is used to secure the transactions and be sure that only valid account holders can actually spend the currency.

Bitcoin and Ether are the two most well known examples of a cryptocurrency based on blockchain technology, though tens of new currencies are being created monthly. The underlying details of how a cryptocurrency works is deeper than we’ll go today, but there are great resources online for more information. Cryptocurrencies, however, do have implications when it comes to Data Leak Prevention – that implication comes in the form of the Wallet.

What is a Wallet?

A ‘cryptocurrency wallet’ is the place where you store your cryptocurrency.  To be accurate; the actual currency is not stored in the wallet, but cryptographic information about the currency you hold is.  The wallet is a software program that stores the account identity information and cryptographic private keys used to “spend” the cryptocurrency.  Wallets can be local software to your phone or computer, or hosted by wallet providers.

Implications on DLP.

Much like a physical wallet, if someone has access to your cryptocurrency wallet they could potentially steal all of your cash.  Wallets can be protected by encrypting the contents with passphrases; however this assumes that users implement a strong password (which we know isn’t always the case).

Unlike a physical wallet, if your crypto-wallet is stolen you may have no idea until you attempt to use your money. This is where the DLP concern comes in. How can you detect if somebody tries to exfiltrate your wallet? There’s obviously a lot of different ways that an attacker could steal your wallet, but we’re specifically concerned with somebody that has physical access to your machine.

For the geeks out there, here’s where you’ll find the Bitcoin wallet on Windows & Mac:

  • Windows: C:\Users\YourUserName\Appdata\Roaming\Bitcoin\wallet.dat
  • Mac: ~/Library/Application Support/Bitcoin/wallet.dat

Given the decentralized nature of cryptocurrencies; there is no company that will protect you from the liability of stolen currency.  If the wallet is lost or stolen that currency is gone forever.

Without proper monitoring and controls, if your crypto-wallet is leaked outside your organization on a USB drive, you may never be aware that the account is at risk and the funds could disappear at any time in the future.

As organizations looking to embrace the use of cryptocurrencies, it is critical to protect crypto-wallets and have appropriate monitoring and data leak prevention controls to ensure your corporate or employee funds are not at risk. Squadra’s secRMM can easily track wallet.dat files, reporting any occurrence of wallet.dat being copied or moved to removable media.

 

What do do next?

Contact us to see a demonstration of our solution.

Or watch an overview of the secRMM integration with Microsoft Systems Center.

Or if you’re really impatient, jump right to downloading the trial.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: