Obviously this is a hacker because he's on a computer while wearing a hooded sweatshirt. Inexplicably, there's an Apple iPhone in front of him with the IBM logo on it but this is the only stock photo we could find when we searched "IBM hacker" (via Shutterstock).
Obviously this is a hacker because he's on a computer while wearing a hooded sweatshirt. Inexplicably, there's an Apple iPhone in front of him with the IBM logo on it but this is the only stock photo we could find when we searched "IBM hacker" (via Shutterstock).
Technology

IBM to try hacking enterprise blockchains as a service

‘Security halo’ of distributed ledger systems doesn’t protect on-ramp to blockchain

By  / March 7, 2019 /

IBM will hack your blockchain—for a fee.

With enterprise blockchain being touted as the solution for securely verifying transactions ranging from cheaply transferring money across borders to tracking organic chickens from farm to table, it doesn’t solve another basic security problem: ensuring the accuracy and security of data before it is added to the blockchain.

To solve that problem, and make a buck off of it, Big Blue is now offering hacking-as-a-service (let’s call it HAAS) to the growing number of private, permissioned blockchains springing up around the globe.

IBM announced on March 5 that its X-Force Red hacking team of “offensive security experts” will provide blockchain testing services using the same techniques—and mindset—criminals use as they attempt to penetrate everything from enterprise blockchain code and public key encryption infrastructure to the backend processes, applications, and hardware used to access the blockchain to add new data, read existing data, and manage the network. In other words, protect private blockchains from the garbage-in, garbage-out (GIGO) weaknesses that all computing networks face.

“While blockchain is a breakthrough for protecting the integrity of data, that does not mean the solutions that leverage it are immune from attackers, which is why security testing is essential during development and after deployment,” said Charles Henderson, global head of IBM X-Force Red.

A typical X-Force Red test will focus on four areas, starting with identifying users and protecting the access to blockchains by evaluating tools like password policies and the use of security procedures like two-factor identification. They will also look into the security and management of the encryption used to secure access. Other tests will include ensuring that the basic software code can stand up to attacks such as malware and attempts to fake software updates. Finally, they will look into the smart contracts themselves, seeking ways to exploit flaws in the actual agreements that automate blockchain transactions.

X-Force Red will be available to users of IBM Blockchain and other enterprise blockchain developers.

 You May Also Like

Leo Jakobson, Modern Consensus editor-in-chief, is a New York-based journalist who has traveled the world writing about incentive travel. He has also covered consumer and employee engagement, small business, the East Coast side of the Internet boom and bust, and New York City crime, nightlife, and politics. Disclosure: Jakobson has put some 401k money into Grayscale Bitcoin Trust.