Staying secure in the crypto economy

“I break into banks for a living,” is one of Konstantinos Karagiannis’ regular quips. As part of his role as chief technology officer for security consulting at BT Americas, he specialises in hacking financial applications, including smart contracts based on the Ethereum blockchain-based platform.

Such automated pre-programmed contracts are at the heart of blockchain applications, and finding the flaws and loopholes is an important part of ensuring that banking customers don’t end up as victims of fraud or cyberattack.

Karagiannis spends much of his day talking to BT clients and explaining current and future threats to them. But his role encompasses much more besides. As a result of his work in the financial sector, he came across blockchain and crypto currencies early on, and in addition to guiding the technical direction of ethical hacking and security engagements, he now spends a fair amount of time explaining concepts such as quantum computing, neural nets, encryption, and more to those who need to know.

He also speaks at a lot of conferences and interacts with BT’s innovation labs at Adastral Park in the UK.

“I’m only really involved in the security aspects [at BT],” says Karagiannis. “In my role I deal with emerging threats. I deal with guiding the technical direction of the ethical hacking team, making sure than BT is helping our customers with things that are on the horizon, not just necessarily what’s happening today. Also, making sure that we are doing due diligence for our customers.”

Karagiannis has worked at BT Americas for about 13 years. The company is part of the UK-based BT Group, which has maintained a presence in the United States and Canada for more than 30 years.

Before BT, Karagiannis worked as the “only hacker” at a smaller consultancy firm, “which was kind of a weird experience, being alone in a sea of non-hackers. And before that I tested products for PC Magazine; I would try to break products there.”

Karagiannis has always been interested in hacking, even as a child. “I would kind of crack games and trade them with my friends. It was just always interesting to me,” he says. He is also increasingly being pulled back into another of his early interests, physics, because of his involvement in quantum computing.

Since joining BT, he has specialised in bringing technical insights to customers in order to identify what they actually need. That involves spending a lot of time travelling, he concedes. “I’m at the airport at least twice a week,” he says. “I’m now getting hugs from the American Airlines gate agent.”

Weapons ready
Karagiannis can barely contain his amazement at how badly the Internet of Things began, in terms of securing the millions and billions of devices that are expected to be connected to networks worldwide.

“Talking about threats to IoT and in that respect, we have to remind everyone that [as a technology] it was kicked off and brought out very poorly. Probably the worst I’ve seen ever,” he says, pointing to the dangers of having multiple, unsecured devices on a network. “We ended up with all sorts of problems with those devices becoming remote nodes for attackers.”

Karagiannis explains: “We are seeing that when you have a new shadow network being created of devices like this, it’s a good idea to secure them with this concept of out-of-band protection,” he says. Out-of-band refers to the use of a dedicated channel for managing network devices to prevent a rogue network attacking the mainstream network.

“It applies to everyone,” he adds. “People are bringing IoT in without even understanding they are bringing IoT in. They are just saying, ‘oh this a new device that replaces my old device’, without realising they have a new whole shadow layer of networking.”

As far as concerns for broadcasting go, it’s a matter of how soon people are going to start using these devices for mission-critical applications.

“So, if you’re using a camera that has an internet connection, and you’re doing a live TV feed, it’s not going to be so great if all of a sudden something else starts being pushed up into the satellite other than what is being captured by your camera,” he says. “There is some potential for critical, critical failures if we don’t do due diligence with what these network-aware devices are and what critical functions they are serving.”

Getting in gear
Karagiannis says blockchain: “Is really good at ensuring integrity”, although he notes that this is something that is still “penetrating industries”.

“The most interesting aspect of blockchain is this idea that instead of just a way of moving money, there are more complete blockchains out there. Ethereum especially. It allows for something new.

“On the horizon we’re waiting for this unleashing of a Web 3.0. Instead of just moving money, Ethereum lets you actually save state and run programmes. So, one day it might be possible to have this really robust, decentralised internet around the world where there are no servers, there are no censorship points. And that’s going to have a potential impact on broadcasting because all of a sudden anyone will be able to share – without any chance of some central body deciding whether it can be shared or not.”

It sounds like we have that now with social media, he adds, “but we really don’t.” In theory, YouTube can take down videos if it chooses to do so, for example.

“Whereas this will be a world where people might have no shot at being censored no matter what. So, take that as a great thing or a bad thing depending on the situation,” Karagiannis says. “I think that censorship-free decentralisation is going to have a greater impact on broadcasting than maybe anyone is yet considering.”

Securing blockchain remains one of his biggest concerns, however. “Everyone’s just moving into it, and the potential for pitfalls is severe. Everyone thinks of blockchain as so secure because of the way the chain is created. And in theory the blockchain itself is secure. However, all the applications written to interact with it, and all the infrastructure that runs it, [that’s all] still vulnerable to all the attacks we’ve always seen.

”All that traditional security still has to be done. I’m concerned with people that have that false sense of security that we’ve seen before. We’ve seen it with mobile apps… we’ve seen it time and time again.”

A further concern is making sure the world is ready to deal with the ‘post-quantum threat’, as he puts it. “It’s not just about cracking encryption and reading people’s messages; if we do have more of a crypto economy in the form of blockchains, a quantum computer in theory can reverse the entire bitcoin blockchain. It can just download it and it can get everyone’s private keys and take whatever money they have left.”

It all sounds pretty scary stuff, but Karagiannis is on a constant mission to stay up to date and make the internet the most secure tool it can be to support our digital future. As he points out, “we often spot a major disaster before it happens. That is amazingly gratifying.”