 Welcome to NewsClick today in Talking Science and Tech, we have with us Praveep Rukhadasan to discuss the issue of cryptocurrencies and what seems to be a fall in their popularity, how really secure they really are and also other forms of digital currencies that are now emerging. So Praveep can you first talk to us about you know how secure these currencies, cryptocurrencies really seem to be anymore because you know the main lure of these was that they are anonymous and you know so they can also help in criminal transactions which could you know be carried out without getting caught but now we see that even those sort of activities are getting under the scanner and especially with this case of the colonial pipeline which had to pay I think around over four million dollars in ransom to ransom to a group called dark side but then the FBI was able to recover a major part of this. So then with this sort of change in landscape what can you tell us about this case and you know the sort of future of these cryptocurrencies? So now the large canvas that you made out, the question is the cryptocurrencies strength has been there is no digital empire so to say there is no central government which supports the currency stands behind it and therefore it's not what is called fear to money. Fear to money is where as nation state says this is my money and I'll redeem it in other currencies if somebody presents it to me. So this fear to currency which also you will see on your note which says I'll pay the bearer 100 rupees, 100 rupees a note so the government of India. This is the fear to nature of the currency that is the government nation state standing behind the currency. Cryptocurrency does not have any such entity but essentially it is to do away with a national government standing behind the currency that the cryptocurrency is immersed. It's a mistaken notion to think that it is anonymous because it goes from one wallet to another the wallets are public but there are the two parts to the cryptographic puzzle. One is what's called a public key and the other is a private key. Now both these are required to operate the transaction and your private key therefore remains with you as long as it's private it could cost posted down on the internet that's a different issue. So the question is your private key remains with you if the money comes to your wallet given in this case by the colonial pipeline to dark side they gave to their wallet then you can take out the money for a crook take out that money using your private key. So this is in essence what it is supposed to be except from the fact please note that it goes to a public wallet where the money is going can be tracked because all crypto transactions like Bitcoin are actually in a public ledger which is by its very definition public. So you know which wallet it has gone to I'm not getting into more details about how the currency is created and how the transactions are recorded in a blockchain all of that but if you do that then the destination of the money is actually known now the FBI seems to have seized that money how they have seized the money is not clear it is possible that they and they had a court order by the way that this wallet was under the jurisdiction of US law which means it seems to have been the exchange which control the wallet was in the United States and then how they all got the private key of dark side that is not clear and there are two conjectures on this both conjectures we will not know unless FBI says so one is that the exchange had the private key and therefore it was a penal legally the US government asked them to hand over the private key and therefore they could recover the money or that they hacked the dark side themselves and dark side if they got hacked it does seem that they were also rather incompetent and then the private key was recovered and the public the money was recovered from the public wallet which everybody knows where the money the destination of the money was. Now both these conjectures at the moment the conjectures we don't know what really happened is very unlikely that the essential cryptographic process through which bitcoin transactions take place and are safeguarded the basic blockchain architecture was hacked I don't think that is that seems to be very very unlikely so there are people who are saying that maybe the US government has some deep hole into this and they can hack this I don't think that is the case but it does seem to show that the US government in this case FBI was tracking dark side and it does seem that dark side was probably either hacked or if they were not hacked if they had put the criminal money they had got to this extortion into a public wallet which was in an exchange in the United States that means it was the key was available or accessible by that exchange then it seems that they were really very very incompetent and that raises the even more you know dangerous question if they were so incompetent and could then hack colonial pipeline what is the danger then crooks now pose to a number of companies because colonial is not a small outfit if they can pay 4 million dollars to avoid further disruption of their business you have to accept that they were a rather large company if they cannot safeguard their digital infrastructure is very unlikely that most of other business can also safely do so if they were hacked by a group which was incompetent as it seems to be to have lost access to their private key to FBI that this is rather dangerous question to all of us last part that according to those who I am now reading on the security side of the question they say you know nobody keeps the private key in a either in an exchange where other people have access to it the exchange has access to it or in a computer which is connected to the internet it's supposed to be in a cold known which means it's not connected to the internet where you can recover the private key only for the purpose of your wallet transaction and again put it back so essentially the fact that FBI could either hack it on procuring from the exchange does seem to show that what the security people claim that operational security of the dark side criminals were rather pathetic so I think there we are that we the danger is that if this inept group could act the colonial pipeline then I think a lot more companies are at risk and therefore the much larger question is there how do you deal with all of us so probably with these attacks sort of attacks on the rise the ransomware attacks on the rise and hackings which are happening how I mean of course there's a growing concern and then how what are garments FBI was able to do this of course right now but as you said that seemed to be an incompetent group this time but in other cases what should countries and governments be doing to clamp down on this you know that's I think the most important issue and it really starts from the fact that what should be the role of nation states should they be interested in developing hacking tools hacking each other which is what the current scenario is or should they be cooperatively working to see that the digital infrastructure of the world is strengthened protected and they share each other's weaknesses so that they can be patched and this was something which has been discussed for a very long time now it started in fact by the Russians and the Chinese at one point proposing that there should be a cyber weapon equivalent to a cyber peace treaty like it was done for chemical and biological weapons that we did a similar kind of declaration and a cooperative agreement that will not hack each other now this was rebuffed at the time by the United States and they have been doing it since then they believed and they were right at the time that the NSA and the CIA had a huge lead over the Chinese or the Russians and therefore they felt that they would not let go of their advantage so this discussion has taken place a number of times it's in public domain that why the United States actually turned down any proposal on that count it came out also in the ITU discussions on questions of how the internet the telecom infrastructure should also look at some of these issues because they're basic to how the internet operates operate through the telecom common telecom infrastructure that exists between countries so all of these issues the argument for the United States was crime is something we should look at separately and we have other platforms to do it this is not the platform to do it and therefore they turned down all the proposals either in the United Nations or which had come to the ITU that we should not talk about hacking and cyber war cyber weapons kind of discussions they don't belong here now the question is as we now know that the NSA tools were dumped on the internet there is a group which actually dumped this whole NSA tools they said we've got it and here it is they wanted money or something else for it we don't know what but basically whatever happened we don't know but those tools were available and they were available to all the criminals in the world even the CIA tools we know because of WikiLeaks we know what kind of tool CIA has and the question is are those tools also available to others and has it also been hacked and is it available to others because the fact that WikiLeaks did not make those tools public but made the capabilities public means they really know what are the kind of tool CIA has now all of that is quite a frightening picture and this is not I talking about it or the Russians or the Chinese major American companies like for instance Microsoft are on record saying that nation states should not be in the business of hacking or developing hacking tools they need to work differently and one of the reasons why that is also very important for digital companies is the fact that there are a number of what are called zero day errors with zero day vulnerabilities that exist which means nobody knows about the vulnerabilities the holes in the security of software and those are something that the NSA and the CIA store and the use to hack for instance Microsoft operating system platforms where their targets may be there who are using such platforms and therefore it gets them into computers of almost all parts of the world given that and Windows is a popular operating system the zero day errors vulnerabilities and there are a whole range of software which are used extensively in the world which seems to have this undiscovered errors that they are bought by NSA CIA others spy agencies I'm sure they are hoarded they're not communicated to the company's concern and therefore they actually make the whole software platforms much more vulnerable than they need be because if this information is a quickly exchanged with the company they're told to patch it then the securities then are strengthened but this is not what has been happening what has been happening is that the spy agencies their their stake is an ability to hack their stake is not in keeping people's computers safe so therefore they have taken a position that these are in our interest not to be made public and therefore that they they don't share this with the companies that have the vulnerabilities second issue is the quality of the software a nation state can do for hacking is far beyond what a rack tag bank of the dark side equivalents can do and therefore when these tools leak out in the public domain there is a much greater risk to the public the third part of it is the fact that you have thousands of people developing these tools in the nation states therefore the capabilities that they developed are far beyond what would be otherwise be possible all of this means that is it possible for us to cooperatively protect the software infrastructure of the world the answer is yes if the nation states agree that this is what they should do after all chemicals and biological weapons are not that difficult to make after all a small criminal group in Japan did create sarin and released it in the Tokyo subway so those weapons that existed are relatively easy to recreate today and we know that but it hasn't happened and therefore the same logic is I think which should be applied here as well cyber weapons need to be really stopped as long as the nation states are in the business of hacking the hacking tools are only going to develop more and more and that poses a huge risk to the world so thank you for me for joining us today in this discussion and that's all the time we have keep watching news clip