Colleagues, Blockchain
technology is about to meet once of its biggest challenges to date – the Japanese Banks'
Payment Clearing Network consortium. The
critical success factors include performance, security and dependability when
processing of low-cost transfer of small-scale transactions using RTGS.for nine commercial banks. Fujitsu has been selected to develop the new Blockchain-based
system. If this test proves successful, it will clearly distinguish Japan as a
“first mover” when it comes to the industrial use of Blockchain technology
among the world’s leading economies. One advantage here is the fact that all
the players are Japanese owned and operated entities and may benefit from both
technological and well as cultural synergies. China, South Korea and the US
will closely monitor this stress test as they seek to implement comparable
systems. Share a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, we have written
extensively on the propensity of central sovereign banks to issue their own
cryptocurrencies. The US Federal Reserve and the PBoC appear to be on opposite
ends of the adoption continuum. New research published by the OMFIF (Official Monetary and Financial Institutions Forum) and IBM point us to the Occam’s razor of CBCD
adoption: Distributed Ledger Technology (DLT). Download the CBDC report here.
Private sector ICOs continue to rise with no end in sight. While they
understand that their underlying Blockchain technology likely has bugs and
security vulnerabilities, financial institutions in particular – such as JP Morgan,
Fidelity,
BlackRock,
etc. – clearly see the benefits of trans-border remittances, increased
transaction speed and lower OPEX. In aggregate central bankers have major
reservations on the security and dependability of DLT. The report states that the
goal is to “construct a convincing RTGS replacement that
can be properly benchmarked against existing systems and meet the high
standards for security, robustness, efficiency and speed.” The PBOC is hiring staff
to develop its CBDC as we speak, whereas the US Fed is cautiously assessing its
options. Many other central banks are somewhere in between. Our prediction: By 2023,
most G20 nations will have launched their own CBDC. Post a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, does the global cryptosphere truly need another hardware
wallet? The CEO of Blockchain clearly believes the answer is yes, indeed. The firm has announced
plans to begin shipping its new LockBox device this November. LockBox’s distinguishing features is that it
enables the exchange between different cryptocurrencies in partnership with SWAP brokerage. The value proposition is that traders can exchange Bitcoin for
Ethereum, XRP for LiteCoin, Ripple for Ether … you get the idea. Two key
factors will determine the success of LockBox. First is the Total Addressable Market
from “crypto-to-crypto” transfers. With a global market cap of some $209B we anticipate that roughly 10% of crypto traders will need to make such
a transfer during their financial careers. Second is the infamous security
challenge – how secure is the hardware wallet when connected to the Internet as
well as the security of LockBox’s interface with the SWAP brokerage when making
transactions. Our recommendation: Proceed with caution. Post a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, under mounting political and economic pressure
from the US – and to lesser extent China and Russia – North Korea’s infamous Lazarus
Group appears to have cryptocurrency exchanges in the center of its
radar screen. The highly respected Group-IB
cyber intelligence firm reports that the DPRK was the source of some 14
cyber attacks targeting cryptocurrencies exchanges during the past
one and a half years yielding $571m
in illicit digital assets. Allow us to make two rather obvious
assumptions: One, the cash-starved North Korean government has no viable
exports other than the sale of rogue military hardware. Two, despite its
economic deprivation, the DPRK funnels as disproportionate level of the financial
resources it does have to the Lazarus Group’s cyber
warfare ventures. These assumptions lead us to a fundamental
question: How does North Korea use the crypto assets acquired by Lazarus? We
believe the answer is two-fold. First, to build and acquire the country’s
military arsenal. Second, the widespread and ongoing disinformation campaign
needed to prop-up the ill-fated Kim political dynasty. Post a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, as the debate continues regarding whether cryptocurrencies
are securities or commodities, a parallel debate is emerging which concerns the
legality of including predictive code in smart contracts. The Commodities Futures Trading Commission governs the use of binary options, derivatives and event
contracts for US-based traders and investors. The centerpiece of CFTC
enforcement is protecting the “public interest”. Crypto smart contract security issues, which may lead
to financial losses, are under particular scrutiny by the CFTC. Best practices
concerning smart contracts vary by the Blockchain used by each
cryptocurrency. If your prediction is right, the
contract automatically sends you the remittance as long as it is in the public
interest. The issue of nefarious uses of cryptocurrencies let alone betting on
illicit financial transactions (e.g. money-laundering, evading economic
sanctions and payment for drug trafficking). Smart contract security audits are key to uncovering vulnerabilities in the
underlying Blockchain. The CFTC’s chief concern is the prohibition of so-called
“prediction markets”. Bottom line: When it comes to US-based cryptos and developers
including predictive code in smart contracts raises a red flag by the CFTC.
Until the CFTC issues formal guidelines, our recommendation is to avoid
predictive code in crypto Blockchain. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, crypto time
warp attacks occur when miners collude to report incorrect timestamps that are farther
apart, messing with the rate at which blocks can be mined. Incorrect timestamps
are do occur and can be innocuous. Chain Analysis reports that timestamp errors have steadily
decline since 2018. However, specific manipulation by miners who bends the
rules with the goal of creating illegitimate tokens is cybercrime … pure and
simple. Bitcoin (along with Litecoin) are most susceptible to time warp
attacks. However, some argue that the same Blockchain bug which allows these
attacks have favorable unintended positive side effects … faster transaction speeds and attraction of
more users. By contrast, if the
difficulty of creating a new block is low, a cyber-criminal can mine many fast
coins, or in the case of a small chain, a criminal with 51% hash power could reduce the difficulty to one and mine a new fork from the original block.
The debate continues within the Bitcoin developer community. While consensus
will be hard to reach, the community needs to reach at least a majority vote or
risk a division, which split BTC into Bitcoin and Bitcoin Cash in 2017. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, the threat of 51% attacks loom
large in the global cryptosphere. However, findings suggest that the potential
for a 51% mining attack has an inverse correlation to the market cap of a given
cryptocurrency. Attacks by a group
of miners controlling more than 50% of
the network's mining hashrate or computing
power of the currency’s Blockchain. Two factors drive the propensity of a
cryptocurrency 51% attack. First, cryptos with smaller market caps typically
have fewer active miners. It is easier to gain control over 1000 miners of ZCoin, which ranks 100th
in market cap by CoinMarketCap at some $60m USD #1 ranked Bitcoin valued at roughly
$114t USD with perhaps 1,000,000 active miners worldwide. Second, the
availability of relatively low-cost mining pools enable cyber criminals the opportunity to “rent”
GPU power from multiple
pools simultaneously while subtly approaching the 51%+ threshold for
controlling hashrates. Pre-emptive measures include making code changes at the Blockchain protocol level, boycotting likely attackers, increasing the
number of confirmation requirements and unleashing a DDoS attacks on suspected hackers. Bottom line: There is no
fail-safe strategy become a victim of a 51% Attack, however, investing in Tier
1 cryptocurrencies (e.g. the CoinMarketCap’s top 10 cryptos) provides optimal security
and peace of mind. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, the US Fed’s Jim Cunha, Vice
President for Treasury and Financial Services, offered up a prediction that the
US government could adopt a Blockchain-based cryptocurrency within the next
five years. We have previously stated such a move could take place within three
years. Perhaps the reality of US Fed-backed cryptocurrency lies somewhere in
between. Cunha’s remarks at a recent conference in Boston (akin to an East
Coast version of South by Southwest) reveal some insight to the US Fed’s
thinking. The major reservation shared by Fed officials is security of a
central bank crypto and its underlying Blockchain. By contrast, the 30-year Fed
veteran recognizes that millennials in aggregate have concerns about the
old-school financial establishment – presumably government and private sectors
alike – which makes them much more open to a national cryptocurrency than their
gray haired “over 50” financial leaders of our current era. Share a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, by now it should come as no
surprise that the US government has filed charges in absentia against seven
Russian nationals suspected of engineering a disinformation effort to influence
(read the
indictment). The defendants are alleged employees of
Russia’s infamous GRU Main
Intelligence Directorate. In addition, it is no surprise that the
defendants purportedly used Bitcoin and
other un-named cryptocurrencies to fund
their illicit tactics. Bottom line: The goal of this campaign was to influence
and undermine the credibility of US-based sports “anti-doping” entities
including the US
Anti-Doping Agency (USADA), which claims Russian illegally,
allows doping among its athletes to boost their performance and stature.
Cryptocurrencies, chief among them being Bitcoin, were the means used to fund
these illegal actions. Why use cryptocurrencies? Two reasons emerge. First, the
defendants are believed to have “mined” their own digital assets (akin to
printing their own money). Second, the lack of transparency when acquiring
computers and related infrastructure to implement their disinformation efforts
to move public opinion in their favor. Share a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, a recent bug in Bitcoin’s
public code has led to the illicit printing of some 235
million Pigeoncoins.
Although Bitcoin has released a software
patch which altcoins, exchanges and mining pools can
install to mitigate this bug, the specter of crypto double-spend cyber-attacks
looms large. Double spending is a
problem unique to digital currencies because digital information can be
reproduced with relative ease. Bitcoin transactions take some time to verify
because the process involves intensive computational power and complex algorithms,
which can be measured in seconds or milliseconds. Two fundamental questions
emerge. First, just how many exchanges, pools and altcoins use BTC’s public
code? Given the size, complexity and global diversity of the crypto ecosystem this question is almost impossible to answer.
Second, how many of these crypto entities will expeditiously implement the
software patch before cyber criminals can perform double-spend transactions?
Sadly, this question is equally difficult to answer. When in doubt we once
again offer our baseline guidance: Stay with established (aka Tier 1) currencies,
exchanges and pools that typically have more comprehensive security measures in
place. Share a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, as we have previously reported
cyber security attacks, specifically cryptojacking via
Internet browsers, has risen some 400% YoY from 2017 through H1 2018. Google
Chrome commands almost 67% market share according to data from Statista. Earlier
this year Google banned cryptocurrency-related ads from AdWords and
placed major restrictions on apps and extensions on Google
Play and the Chrome
Web Store. Therefore, it comes as welcomed news for
individual and corporate Chrome users that Google has taken the next step of
adding more stringent rules for developers of Chrome extensions. Chrome,
Firefox and Safari have been the primary targets of cyber criminals seeking to
perform crypto mining by way of installing malicious code (aka illegal extensions)
to mobile and desktop browsers alike. The Chrome Web Store’s Developer
Program Policies clearly states “Do not create an extension
that requires users to accept bundles of unrelated functionality”. Nevertheless, written policies are no better than
the vendor’s enforcement practices and penalties. We will report back in Q1
2019 on the initial impact these stricter policies have on mitigating the
cryptojacking tsunami impacting Chrome users … and hopefully stemming the tide
of illicit crypto mining. Share a comment while visiting us today! Lawrence Wilson – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
