Spam Comes to Blockchain – and its consequences go far beyond erasing a simple mail

The term Spam usually refers to those tedious emails that we receive assiduously offering all kinds of products and services, but that are almost always deceptive or malicious offers. The massive and global scale of the internet means that there is an entire industry behind Spam, and that a tiny percentage of unsuspecting people who fall into the trap. But multiplied by millions of recipients,  operation becomes more than profitable.

But Spam is not limited to email. In general, Spam refers to any type of unsolicited electronic bit packet that comes to us. And under this definition, we have to say that, sadly, spam has also reached Blockchain networks. And no, it isn’t limited to the simple operation of erasing an email: it can have far more serious consequences.

The ability to scale infinitely of some Blockchains loses the battle against Spam

There are some Blockchain networks that have been designed under the premise of supporting a theoretically infinite scalability, as in the case of IOTA. This feature is not simply a whim or a “techie” challenge that the technical community has set as an objective. Indeed, after the long delays suffered to see a confirmed transaction, the scalability is behind the serious limitations that Bitcoin has been experiencing for several months, which lead to a fork to help address the problem. As you can see, scalability is a very important issue in the era of an internet and a crypto-economy open to the general public.

But not even the virtually infinite scalability of IOTA has saved it from suffering delays, although in this case it has not been (solely) due to the architecture of the network. The fact is that IOTA has suffered the first Spam attack of the Blockchain universe. Check out the ever doomsday reddit discussions around IOTA. Interesting as always.

How is Spam produced in Blockchain?

DDoS, or distributed denial of service attacks. This type of computer attack is difficult to avoid, and can be implemented with relative simplicity. A DoS is based on flooding an internet server with millions of messages and simultaneous requests from a fraudulent server. The intention is to overflow the target server, or your Internet connection, saturate it so tht it can’t serve real customers. This type of attack can be easily mitigated by detecting the IP address of origin of the malicious connections, and setting the firewall up to prevent any data packet coming from it.

But if DoS adds the lethal “distributed” feature, we have moved on to what is known as DDoS (or distributed denial of service attack). In a DDoS the mechanics are the same as in a DoS, only that the malicious connections are produced from hundreds, if not thousands (or even millions) of different computers.

Usually this is achieved with a network of infected computers, where your own computer becomes a bot and obeys the remote orders of the cyber-activist host computer – or whatever it is called. These attacks are therefore much more difficult to mitigate, since it is very complex to differentiate between the requests coming from IPs of real users, and the requests coming from the IPs of the bots that are executing the DDoS.

What the Blockchain IOTA network has suffered on this occasion has been a full-fledged DDoS attack, which in turn has generated an unaffordable amount of fraudulent data packets to be processed by the Blockchain network. These fraudulent and unsolicited packages fall into the category of Spam, which is why it is considered that IOTA suffered a DDoS attack that degenerated into a spam overflow.

As a result, the Blockchain IOTA network became saturated and it was not able to process all the packages. This caused Blockchain’s real processing capacity to deteriorate materially, adversely impacting the real users of the network.

One defense, and one that sheds some light on the future of Blockchain in an environment of massive DDoS attacks on its servers, is that the Blockchain IOTA network was deployed in a limited number of nodes. And, obviously, more nodes equals greater processing capacity, and less possibility of saturating the network and causing a disruption of the high impact service. But this is not an unlimited solution, and it simply brings the need for a DDoS attack to another level in the number of bots required so that it is once again effective.

The economic implications of a vulnerable Blockchain

So far, this issue does not go beyond a mere issue of Computer Security, but actually a more detailed analysis leads us to see that it really is an issue that has important economic implications, especially as far as Blockchain networks are concerned, because we should remember that Blockchain is predicted to be one of the foundations of the economy and the financial sector of the future.

The fact of the matter is that what has been described above is an obvious weak point of a Blockchain network when compared to a traditional interbank network, such as the SWIFT network. The vulnerability comes precisely because of one of the characteristics that is most intrinsic to the nature of Blockchain, which at the same time brings important advantages: its openness to the general public. This openness allows Blockchain to become an option for financial transfers, smart contracts, etc. directly executed with reliability between the parties.

On the contrary, the SWIFT network is a tightly closed network, whose access is very restricted and rigorously validated by the SWIFT company that operates the interbank network. But of course, SWIFT is a private and closed network, and yet one of the ideals of Blockchain is that it brings economic freedom for the general public.

This is a real battle between centralization and decentralization at the highest level. Whether this risk compensates for its great advantages or not, it is everyone’s decision: or not, because Blockchain seems a predominant trend in the market that will be difficult to resist.

The situation in which the Blockchain ecosystem and the crypto-economy is so vulnerable is worrisome, especially when the attack has been successful in a network such as IOTA, designed under the premise of infinite scalability. Theoretically, IOTA should have been able to increase its processing capacity at the same rate as spam, and thus have been able to process both fraudulent and non-fraudulent data packets without delays.

But that was not the case, and we must learn from this lesson how to make Blockchain more reliable and more scalable in the future. This is essential if we want Blockchain networks to be a central part of our financial and business activities. Yes, let’s build the future on the basis of technological disruption and ideals that are difficult to achieve, but, please, let’s do it in a sustainable way and, above all, in a safe way.

Leave a Reply

Your email address will not be published. Required fields are marked *