Security Research

Don’t Fall For Movie Plot Threats

August 31, 2023

Forta is a real-time detection network for security monitoring of blockchain activity. The decentralized Forta Network scans all transactions and block-by-block state changes, leveraging machine learning to detect threats and anomalies on wallets, DeFi, NFTs, bridges, governance and other Web3 systems. When issues are detected, Web3 infrastructure can respond to prevent attacks via transaction screening and incident response.

In the world of security, we often fall prey to what Bruce Schneier, a titan in the world of Web2 security, coined the term 'movie-plot threats'. These are dramatic, often sensationalized threats we imagine based on our past experiences or what we see in movies and popular media, like a plane dispersing anthrax or drones exploding in a packed stadium. While these threats might sound plausible, by focusing on them exclusively, we leave vulnerabilities to other unpredictable threats. Schneier's argument is that true security shouldn't be about guessing the next threat. Instead, it should prioritize intelligence, investigation, and emergency response that can mitigate any threat, regardless of its nature.

This concept translates seamlessly into the realm of cybersecurity. Take sybil attacks, for example. If we narrow our focus on detecting only the most obvious methods of creating sybil accounts, we might miss more covert techniques. As Chris Whinfrey aptly points out based on his experience with the Hop Protocol airdrop, assumptions to combat Sybil attacks were weak.

Distributed Web3 security communities are an excellent antidote for this movie-plot threat thinking. Consider the Forta community, a decentralized consortium of hundreds of bot developers, each bringing their unique perspective, skills, and interests to the table. Such a rich mosaic of insights counters any singular, arbitrary threat assumptions. In the Forta Network, which is open and permissionless, developers don't have to wait for approval to contribute. Currently, there are over 10 different phishing detection bots on the network, each employing distinct methodologies to detect threats. It is this openness and different of opinion that shutters groupthink within the community, if you believe a detection method or heuristic is wrong, you are encouraged to explore that disagreement and see where it leads you.

Parallel to Schneier's emphasis on intelligence and investigation, Forta community members are continuously analyzing alerts, delving deep into data, and investigating campaigns. Their collaborative efforts have led to continuous discoveries of the threat landscape. For instance, one member recently shed light on a gas minting issue, prompting another to create a detection bot tailored for it. Moreover, their findings are not kept exclusive. Through the Forta Threat Research effort, insights are shared with the broader community (Join us at Forta Threat Research Initiative).

Beyond detection, disrupting the financial backbone of these cyber threats is crucial. By collating and disseminating high-quality, actionable threat intelligence, we empower the larger ecosystem to safeguard end-users and, crucially, cripple scammers' revenue streams. This objective has been further bolstered by the introduction of fees on the Forta Network. By aligning economic incentives, security researchers are motivated to generate and share vital threat intelligence. Subscribers, in turn, can leverage this intelligence to protect their users and systems.

By fostering collaborative, decentralized security communities, we move beyond the limiting confines of 'movie-plot threats' to create robust, adaptable defenses against the unpredictable landscape of cyber threats. The story of Web3 security isn't scripted by Hollywood; it's written by communities like Forta.

Share