WannaCry hackers overestimated anonymity of bitcoin

ECE News

Julia Sullivan, ECE ILLINOIS
8/25/2017 5:02:07 PM

Story Highlights

An article in Scientific American has dubbed the WannaCry ransomeware attack this past May as "The Imperfect Crime." The attack encrypted files on out-of-date Windows computers and demanded ransom in the form of bitcoin cryptocurrency to avoid permanent deletion of data. However, instead of generating a unique bitcoin address for each victim, the hackers directed people to send funds to one of only three addresses. Since all bitcoin transactions are public, authorities only had to look at the transaction paths connected to those three addresses, as opposed to having to hunt down countless individual addresses.

ECE ILLINOIS and CS @ ILLINOIS Assistant Professor Andrew Miller was one of the experts cited in the article. A leading expert in cryptocurrencies and bitcoin, he discussed the flaws in monero, a bitcoin alternative used by the hackers to obfuscate their trail. He added that regardless of the cryptocurrency and its security measures, the network connections and timing of transactions are additional points of vulnerability. 

“If [the perpetrators] make even a single mistake, there may be enough information to track them,” Miller said in the article.

For more, read the full article, "The Imperfect Crime: How the WannaCry Hackers Could Get Nabbed," in Scientific American.

Media Contact

Julia Sullivan

Assistant Director of Communications
1064 ECE Building
(217) 300-3731
juliams@illinois.edu

Todd Sweet

Director of Communications
1066 ECE Building
(217) 333-5943
tmsweet@illinois.edu