American Banker recently ran an interesting article about the attack patterns of many recent hacks as they apply to the banking industry. They hit the nail on the head with regard to the attack pattern, but seem to miss the point when it comes to defense. They posit that masking “quiet” surgical attacks with “loud” brute-force or DDoS attacks is the new standard and I can’t argue with the logic – it was certainly the case in the Sony attacks and seems to be a common M.O. these days from the numerous examples the article cites. If I were going to hack a bank, this is certainly the way I’d go about it. Unfortunately the article misses the point of security entirely in its suggestions for remediation of the problem. We have a tendency, whenever a new hole is found in the banking boat, to slap a patch over it and keep right on sailing – but at some point there is more patch than boat left and the boat must be rebuilt or it will crumble and sink. In this author’s opinion, the problem goes deeper than the banks themselves, it goes all the way down to the currency.
Once upon a time most business was transacted via the barter system, but this was bulky and complex, so we added a patch: we picked something valuable and called it money, typically gold or silver.
Gold and silver worked, for a time, but eventually they became too bulky to carry meaningful quantities of, so we added a patch: we created “bearer notes” – a note from a bank that could be exchanged for the real money.
Bearer notes worked for a time, but they weren’t very easy to manipulate or inflate, a property that both banks and governments despised. The storage of all that gold and silver also became a significant problem and a source of quite a bit of extra cost, so we added a patch: no more backing, let’s just print as much paper money as we like. Fiat currency is born.
Fiat went great for a while, but then someone didn’t have enough cash in their wallet to pay for dinner and had to go to the bank and thought “this should be easier.” The credit card was born, but this introduced new problems which needed patching and the patches introduced more problems still.
With the birth of the internet age came more problems, people wanted to transact online but security problems made it dangerous. More patches. Those patches become compromised, new patches replace them or get slapped over existing patches – how much longer do we wait before we rebuild this thing?
The American Banker article suggests we fix the problem with another layer of patches but at this point the system is so overly complex that it’s likely got more holes than structure. Whether you’re a fellow proponent of Bitcoin or not, you must admit that something simple and built for the kind of transactions we actually make today is in order.
No doubt whatever system does take the current system’s place, Bitcoin or not, will eventually need a patch, then another and so on. To that end I suggest that it is not only our duty to replace the current system, whether the bankers like it or not, but that we must also take care to never become the bankers. Bitcoin is decentralized, removing the single point of failure these banks are trying to defend. Bitcoin is small, simple and agile, removing the tremendously large attack footprint the banks have to contend with. Bitcoin is the community and the community is Bitcoin – we’re small still and we have the opportunity to determine, to an extent, our own growth patterns. Let’s make sure that the community always understands what we’re doing here today and recognizes when it’s time to repeat history. It’s a day I hope is long in the future, but one we must still plan for. We are growing the roots of the monetary revolution, let’s make sure they run healthy and deep.