IBM will hack your blockchain—for a fee.
With enterprise blockchain being touted as the solution for securely verifying transactions ranging from cheaply transferring money across borders to tracking organic chickens from farm to table, it doesn’t solve another basic security problem: ensuring the accuracy and security of data before it is added to the blockchain.
To solve that problem, and make a buck off of it, Big Blue is now offering hacking-as-a-service (let’s call it HAAS) to the growing number of private, permissioned blockchains springing up around the globe.
IBM announced on March 5 that its X-Force Red hacking team of “offensive security experts” will provide blockchain testing services using the same techniques—and mindset—criminals use as they attempt to penetrate everything from enterprise blockchain code and public key encryption infrastructure to the backend processes, applications, and hardware used to access the blockchain to add new data, read existing data, and manage the network. In other words, protect private blockchains from the garbage-in, garbage-out (GIGO) weaknesses that all computing networks face.
“While blockchain is a breakthrough for protecting the integrity of data, that does not mean the solutions that leverage it are immune from attackers, which is why security testing is essential during development and after deployment,” said Charles Henderson, global head of IBM X-Force Red.
A typical X-Force Red test will focus on four areas, starting with identifying users and protecting the access to blockchains by evaluating tools like password policies and the use of security procedures like two-factor identification. They will also look into the security and management of the encryption used to secure access. Other tests will include ensuring that the basic software code can stand up to attacks such as malware and attempts to fake software updates. Finally, they will look into the smart contracts themselves, seeking ways to exploit flaws in the actual agreements that automate blockchain transactions.
X-Force Red will be available to users of IBM Blockchain and other enterprise blockchain developers.