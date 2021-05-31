At 5:30 am Eastern Daylight Time on 7th May, Wednesday, Colonial Pipeline, which transports 45 percent of gasoline and natural gas in the eastern US, received a blackmail threat from DarkSide. Thirty minutes later, Joseph Blount, the CEO of the company, learned of the situation and decided to pay a ransom of 75 Bitcoin, equivalent to US$4.4 million approximately. That Blount made such an important decision in a flash is a testimony to his readiness to take on huge responsibilities and his quality as a talented leader who rises to challenges. (On the mainland, it took the central government more than a month to make a decision on combatting the virus after cases broke out in Wuhan.) And as a blackmailers’ group, DarkSide can’t be faulted for being unprincipled. As soon as they received the ransom, they handed the unlock code over to Colonial Pipeline for it to restart the computer system. However, there is real controversy about whether to pay a ransom or not.

Blount’s rationale was straightforward. It was early summer, and many people drove a car. Interruptions to the gas supply in gas stations would cause panic. Given the dense population of the east, the consequences of social panic could be profound. While US$4.4 million was not a small sum of money, Colonial Pipeline was a big company and could afford it. As reported by The Economist, Maersk, a logistics company from Denmark whose operations are the largest in the world, had also been the target of hackers in 2017. As Maersk had operations all over the world, the paralysis of its system would have even greater ramifications than a Colonial Pipeline breakdown. That the company yielded to the hackers by paying the US$300 million ransom was perfectly understandable.

US law enforcement agencies, including the FBI at the top, advise against ransom payment. The reason is simple: giving in to blackmail threats is the same as encouraging them. However, a week before the Colonial Pipeline blackmail, hackers did something comparable to bearding the lion in his den – they blackmailed the police station in Washington DC, the capital. In 2019, the government of Baltimore, located near Washington DC, was also blackmailed and lost US$18 million, four times the amount blackmailers were to extort from Colonial Pipeline. Unless law enforcement agencies have absolute confidence about bringing hackers to justice, their vociferous appeal to those being blackmailed not to pay the ransom is hardly convincing. In the eyes of hackers, cities on the east coast of the US are obviously lucrative. Apart from government agencies, hospitals and medical systems have also been blackmailed from time to time. As human lives are at stake, the paralysis of these systems would have far more serious repercussions than a cut-off of the oil supply or a breakdown of the transportation system. Not paying the ransom is out of the question.

While the victims seem to be at the mercy of hackers, there is indeed honor among thieves, as the saying goes. The Economist points out that the amount paid in ransoms increased by 311% last year compared with 2019 to around US$350m. This translates into almost US$1 million every day pocketed at no cost. Though that is no small sum of money, hacking Maersk alone is all it takes. Obviously, hackers know very well that if they make outrageous demands every time, they will be forcing the victims into a corner, resulting in a collapse of negotiations that benefits neither side. When hackers demanded US$40 million from the education department of Florida months ago, the negotiator told them the truth bluntly, “This is a PUBLIC school district. You cannot possibly think we have anything close to this!” For blackmail to remain a sustainable racket, the demands must be measured.

Experts point out that hackers’ tactics are not complicated - most of them use emails to invade corporate systems. A single employee’s carelessness can bring down the entire computer system of the company. As the COVID-19 pandemic is raging, many people have to work from home, and this presents a door of opportunity to hackers. The FBI reported a 300% increase in online crimes involving hackers since the pandemic began. The internet is by default an open territory, so it is difficult to guard against hackers. Blackmail happens every day because hackers do not have fixed targets, otherwise law enforcement agencies would be able to focus on them. Why is that so?

Just like protesters, hackers have adopted “be water” as their winning formula. They are decentralized and employ guerrilla tactics. Experts also point out that the hackers involved in a blackmail scheme are a ragtag band of people. Some of them are responsible for identifying possible hacking opportunities, some for compiling ransomware, and some for issuing the blackmail threat and selling the Bitcoin that has been extorted. There are different people responsible for different processes who do not know each other. A team of criminals is assembled only after a target has been identified. How can law enforcement agencies tackle them with ease when they are formless, flexible and flowing like water?

Every time after blackmail by hackers makes headlines, there are public calls for government action. It is not that the authorities have paid no regard to the string of blackmail schemes. However, they face difficulties in enforcing the law because of restraints from the design of the system and the modes of operation. The US Treasury Department recently ordered that a Bitcoin transfer worth more than US$10,000 must be registered. However, even if the government possesses a record, it does not mean that it can arrest a hacker hiding on the territory of the former Soviet Union. Therefore, the new measure’s practical significance is limited. If law enforcement agencies can do little about the situation, what about private organizations?

Anti-hacking software is certainly a big business. Recently, a retired US general has advocated a return to an eighteenth-century practice. Under the proposal, Congress will issue a so-called “letters of marque and reprisal”, allowing those who can catch a hacker to give him a taste of its own medicine, i.e., robbing the hacker legally of his spoils in the same way pirates were treated. This, of course, will work only in theory. As mentioned above, the hackers disperse and part ways as soon as ransom is received. How can they be pursued?

But hackers have one weakness, which is Bitcoin. Whenever these electronic currencies change hands, the transactions are recorded. However, they were designed in a way that conceals the identities of their holders. That you can trace the whereabouts of these currencies does not mean you can catch the hackers. Furthermore, there are programs that can fragmentize Bitcoin like blenders, making tracing extraordinarily difficult, not to mention that most hackers are thought to be in hiding in Russia, China, or even North Korea. Even if the authorities in these countries are not openly shielding these hackers, it is obvious that the relevant authorities connive their hacking activities and let them go unpunished.

Despite the advantages of Bitcoin, a currency cannot be said to be one if is not recognized as having the key function of being the medium of exchange. Since its launch in 2009, few established companies, with the exception of a few US chain stores selling hardware and building materials and coffee shops, are willing to accept Bitcoin for big transactions. Elon Musk’s Tesla was the only exception. However, Musk changed his mind out of the blue, causing Bitcoin prices to plummet.

If Bitcoin cannot be widely circulated and accepted for big transactions, it will be difficult for the cryptocurrency to establish a meaningful presence, and its values will go on roller coaster rides constantly. This will make it difficult to become a widely accepted medium of exchange. This is a difficult question of “which came first, the chicken or the egg”. If Bitcoin cannot become a medium of exchange, it cannot escape from the plight of being a cult object. Although it is not completely useless, it does not seem that hackers who succeed in extorting Bitcoin can live the lives of billionaires. What is the point of high-tech blackmail? Probably more than a cup of coffee, isn’t it?

Epilogue: cars are a necessity

There is a cyclic pattern to this world. A century ago, there were three types of automobiles: one-third were steam-driven, one-third were electric, and another third were propelled by internal combustion engines. Today, without doubt, cars driven by internal combustion engines still reign supreme, but electric and hydrogen-driven cars have emerged and are gradually gaining a foothold in the markets.

It remains to be seen whether there will be a repetition of a three-way race in the car industry. What is certain is that the notion that “one can replace cars with walking” is self-deception. The evolution of cars, be they powered by steam, electricity, fuel, hydrogen or even nuclear energy, is an endless process. Humans are by nature “restless in a room”, and you cannot travel without cars.

