PowerKee’s Bastion of Privacy #15 – How privacy networks address attacks like “credential stuffing”
One of the advantages of blockchain technology is the fact that it does not have any single point of failure. Data on the blockchain is not stored on centralized servers. It is difficult and extremely costly to breach blockchain networks.
Recently, the weaknesses of centralized systems were once again exposed. The data storage platform of British energy provider Npower was breached by hackers and vital information was stolen. Critical data of customers, such as date of birth, addresses, contact details, bank sort codes, and the last four digits of bank account numbers were stolen. The pattern of this recent hack, “credential stuffing”, exposes why more sophisticated systems of data management are essential. Credential stuffing involves hackers using login details that were stolen from other websites to gain access to the Npower accounts of customers.
These hackers took advantage of the tendency of people to use the same login details across different platforms on the internet. Considering how much internet users need to input login details, a lot of people would rather use particular details to avoid mixing them up or forgetting them. In the latest “Bastion of Privacy” release, we analyze how blockchain networks can secure users from hackers, instead of leaving them exposed to attacks like credential stuffing.
Why Centralized Databases are Vulnerable
In 2019, hackers put roughly 93 million records from eight companies for sale on the dark web. This has become a lucrative and widely practiced strategy of hackers. Even more concerning, state-sponsored credential stuffing is not ruled out, especially with the growing trend of cyber wars. Recent reports suggest that the theft of FireEye’s red team tools and the SolarWinds Orion supply chain attack were state-sponsored attacks against public and private institutions that are of strategic importance to the United States.
As mentioned above, one of the reasons why hackers could easily breach the Npower platform is because all the information was stored on a particular server. This is one of the basic problems that is solved by implementing blockchain technology.
Information on the blockchain is stored across all the participating computers in the network removing a single point of failure. When one or even several points fails, the numerous other nodes continue to sustain the system. This automatically enforces a decentralized security architecture that is very difficult to penetrate. Breaching the platform would require a simultaneous takeover of the majority of the blockchain network, which is almost impossible to do on any well-established network.
The Npower breach was not a complicated attack, as noted by Adam Palmer, the chief strategist at cybersecurity company Tenable. Palmer advised that online users should use unique passwords for different accounts as a way of reducing the risk of falling victim to credential stuffing. Palmer’s suggestion sounds like passing the responsibility to customers, rather than fixing the system.
Bringing Blockchain Privacy Back
Hackers could also steal the critical information of Npower customers because their accounts on different platforms could be easily matched. Anonymity engrained in the database architecture would have solved this.
Privacy and anonymity used to be a major focus of first-generation blockchains like Bitcoin. Many major blockchains offered anonymous, or pseudo-anonymous data networks.
Unfortunately, mainstream adoption has compromised such ideals. As major blockchains like Bitcoin become increasingly integrated with the financial world, privacy assurances are bastardized.
Restructure Cyber Security Through Privacy Blockchains
Networks like PowerKee that prioritize data privacy and security offer an alternative to netizens that eliminates the risk of their credentials being compromised. The PowerKee platform is designed to embed anonymity in the base layer of the network, ensuring that data can’t be breached.
If customer data on the Npower platform were stored on a blockchain like PowerKee, hackers would have little incentive to penetrate the network. Even if they did succeed, data stored is encrypted, thereby obfuscating its meaning and providing no value to the hacker. In times when data breaches like Npower are becoming frequent, decentralized privacy networks like PowerKee are becoming more important than ever.
PowerKee is a cryptocurrency network that makes privacy easy. Users can transact cheaply and instantly while maintaining anonymity. The PowerKee protocol uses a mixture of zero-knowledge proofs and coin mixing to provide strong privacy assurances to its users.