Wednesday, November 28, 2018

How secure are cryptocurrency software wallets against cyber criminals injecting malicious code?

Colleagues, the on-going debate regarding which type of crypto wallet is more secure continues with no clear consensus – hardware, software, clod-based and paper wallets. This debate has returned to the spotlight given the recent security breach of BitPay’s Copay (software) Wallet. Copay claims its mobile The Copay app securely stores multiple, distinct bitcoin wallets, allowing both business and privacy-conscious users to keep funds carefully separated. GitHub issued a memo to users reporting an  ‘event-stream` dependency attack steals wallets from users of copay. For details take a look at the YCombinator news feed on this attack. The bottom line: For individual digital asset traders software wallets are immensely more convenient than hardware and paper wallets, however, they are far more prone to cyber-attacks – quantum password processing, malware and adware … just to name a few. If you do use a software wallet we highly recommend using any and all security features at both the application and OS levels. The Copay breach reminds us that the cryptocurrencies are no more secure than the weakest link in the crypto ecosystem. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)

Friday, November 16, 2018

Will the enforcement of economic sanctions force crypto exchanges to purge Iranian traders?

Colleagues, Bittrex, BitMex and now Binance have banned Iranian cryptocurrency traders in an effort to avoid penalties in the wake of US economic sanctions. The exchanges issue a warning to users based in Iran to withdraw their funds or face the confiscation of their assets. There are surely legitimate crypto traders in the Persian state, however, the goal is to place an embargo on any state-sponsored entities from circumventing US trade sanctions. Binance has moved from China to Japan, while BitMex HQ is in Hong Kong and Bittrex is located in the US. Exchanges, whether with large or modest trading volumes, face penalties for aiding and abetting Iranian actors from participating – even on the margins – in the global economy. Will other crypto exchanges follow their lead? We believe the strategies of other crypto platforms will depend on the rigor of direct or indirect US penalties. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)

Thursday, November 15, 2018

Cryptocurrency Triple Play - How common are pyramid schemes similar to those in China, South Korea and Japan?

Colleagues, East Asia has become a hotbed for multi-level marketing schemes which exploit the allure of and poor transparency of cryptocurrencies, namely Bitcoin. Whether this past May in China ($47m) or more recently in South Korea ($20m) and Japan ($68m), crypto fraud schemes are running rampant across the region. Bottom line: Despite many efforts by credible members of the global crypto ecosystem, digital such as Bitcoin, Ethereum, Ripple and others, are wrought with the potential for scams and related cybercrimes. Government enforcement entities such as China’s Ministry of Public Security or the US SEC only have the bandwidth to track and prosecute a small minority of crypto fraud cases. We do not foresee a significant reduction in crypto cybercrimes until government agencies have both the cyber tools and manpower to launch a counter-offensive which is likely to be 2-3+ years in the future. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)

Thursday, November 8, 2018

What is the impact of the malicious JavaScript code injection into StatCounter’s URI among cryptocurrency exchanges?

Colleagues, the world’s thirty-eight largest crypto exchange Gate.io was successfully hacked via the injection of code into StatCounter’s URI “myaccount/withdraw/BTC”. Reported by security firm ESET WeLiveSecurity indicated that although Gate.io is the only known crypto exchange effected, all of StatCounter’s some 2 million customer sites are at risk. For readers with a programming background the code was injected via the Dean Edwards JS packer in the middle of the script. We assume that economic gain is the chief motive although the ESET report did not provide corroborating details. This cyber-attack raises two questions. First, how susceptible are URIs (uniform resource identifiers) to injections via the Dean Edwards packer? And second, how many more web sites which use StatCounter – a competitor to Google Analytics – are effected? We will continue to research answers to both questions. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Tuesday, October 30, 2018

Can Blockchain deliver security, performance and dependability for Japan’s new Payment Clearing Network?

Colleagues, Blockchain technology is about to meet once of its biggest challenges to date – the Japanese Banks' Payment Clearing Network consortium. The critical success factors include performance, security and dependability when processing of low-cost transfer of small-scale transactions using RTGS.for nine commercial banks. Fujitsu has been selected to develop the new Blockchain-based system. If this test proves successful, it will clearly distinguish Japan as a “first mover” when it comes to the industrial use of Blockchain technology among the world’s leading economies. One advantage here is the fact that all the players are Japanese owned and operated entities and may benefit from both technological and well as cultural synergies. China, South Korea and the US will closely monitor this stress test as they seek to implement comparable systems. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Monday, October 29, 2018

Does Blockchain’s DLT hold the key to Central Bank Digital Currency Adoption?

Colleagues, we have written extensively on the propensity of central sovereign banks to issue their own cryptocurrencies. The US Federal Reserve and the PBoC appear to be on opposite ends of the adoption continuum. New research published by the OMFIF (Official Monetary and Financial Institutions Forum) and IBM point us to the Occam’s razor of CBCD adoption: Distributed Ledger Technology (DLT). Download the CBDC report here. Private sector ICOs continue to rise with no end in sight. While they understand that their underlying Blockchain technology likely has bugs and security vulnerabilities, financial institutions in particular – such as JP Morgan, Fidelity, BlackRock, etc. – clearly see the benefits of trans-border remittances, increased transaction speed and lower OPEX. In aggregate central bankers have major reservations on the security and dependability of DLT. The report states that the goal is to “construct a convincing RTGS replacement that can be properly benchmarked against existing systems and meet the high standards for security, robustness, efficiency and speed.” The PBOC is hiring staff to develop its CBDC as we speak, whereas the US Fed is cautiously assessing its options. Many other central banks are somewhere in between. Our prediction: By 2023, most G20 nations will have launched their own CBDC. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Friday, October 26, 2018

Security Lies in the Balance as Blockchain’s LockBox Wallet Uses the SWAP Crypto-to-Crypto Brokerage

Colleagues, does the global cryptosphere truly need another hardware wallet? The CEO of Blockchain clearly believes the answer is yes, indeed. The firm has announced plans to begin shipping its new LockBox device this November. LockBox’s distinguishing features is that it enables the exchange between different cryptocurrencies in partnership with SWAP brokerage. The value proposition is that traders can exchange Bitcoin for Ethereum, XRP for LiteCoin, Ripple for Ether … you get the idea. Two key factors will determine the success of LockBox. First is the Total Addressable Market from “crypto-to-crypto” transfers. With a global market cap of some $209B we anticipate that roughly 10% of crypto traders will need to make such a transfer during their financial careers. Second is the infamous security challenge – how secure is the hardware wallet when connected to the Internet as well as the security of LockBox’s interface with the SWAP brokerage when making transactions. Our recommendation: Proceed with caution. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Monday, October 22, 2018

How does North Korea’s cyber warfare unit Lazarus Group use gains from crypto exchange attacks to its military?

Colleagues, under mounting political and economic pressure from the US – and to lesser extent China and Russia – North Korea’s infamous Lazarus Group appears to have cryptocurrency exchanges in the center of its radar screen. The highly respected Group-IB cyber intelligence firm reports that the DPRK was the source of some 14 cyber attacks targeting cryptocurrencies exchanges during the past one and a half years yielding $571m in illicit digital assets. Allow us to make two rather obvious assumptions: One, the cash-starved North Korean government has no viable exports other than the sale of rogue military hardware. Two, despite its economic deprivation, the DPRK funnels as disproportionate level of the financial resources it does have to the Lazarus Group’s cyber warfare ventures. These assumptions lead us to a fundamental question: How does North Korea use the crypto assets acquired by Lazarus? We believe the answer is two-fold. First, to build and acquire the country’s military arsenal. Second, the widespread and ongoing disinformation campaign needed to prop-up the ill-fated Kim political dynasty. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Thursday, October 18, 2018

Does Crypto Smart Contract Predictive Code Violate US CFTC Policies?

Colleagues, as the debate continues regarding whether cryptocurrencies are securities or commodities, a parallel debate is emerging which concerns the legality of including predictive code in smart contracts. The Commodities Futures Trading Commission governs the use of binary options, derivatives and event contracts for US-based traders and investors. The centerpiece of CFTC enforcement is protecting the “public interest”. Crypto smart contract security issues, which may lead to financial losses, are under particular scrutiny by the CFTC. Best practices concerning smart contracts vary by the Blockchain used by each cryptocurrency.  If your prediction is right, the contract automatically sends you the remittance as long as it is in the public interest. The issue of nefarious uses of cryptocurrencies let alone betting on illicit financial transactions (e.g. money-laundering, evading economic sanctions and payment for drug trafficking). Smart contract security audits are key to uncovering vulnerabilities in the underlying Blockchain. The CFTC’s chief concern is the prohibition of so-called “prediction markets”. Bottom line: When it comes to US-based cryptos and developers including predictive code in smart contracts raises a red flag by the CFTC. Until the CFTC issues formal guidelines, our recommendation is to avoid predictive code in crypto Blockchain. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/

Monday, October 15, 2018

What is the scope and impact of Bitcoin time warp attacks cyber criminals? Should the software bug be fixed?

Colleagues, crypto time warp attacks occur when miners collude to report incorrect timestamps that are farther apart, messing with the rate at which blocks can be mined. Incorrect timestamps are do occur and can be innocuous. Chain Analysis reports that timestamp errors have steadily decline since 2018. However, specific manipulation by miners who bends the rules with the goal of creating illegitimate tokens is cybercrime … pure and simple. Bitcoin (along with Litecoin) are most susceptible to time warp attacks. However, some argue that the same Blockchain bug which allows these attacks have favorable unintended positive side effects … faster transaction speeds and attraction of more users. By contrast, if the difficulty of creating a new block is low, a cyber-criminal can mine many fast coins, or in the case of a small chain, a criminal with 51% hash power could reduce the difficulty to one and mine a new fork from the original block. The debate continues within the Bitcoin developer community. While consensus will be hard to reach, the community needs to reach at least a majority vote or risk a division, which split BTC into Bitcoin and Bitcoin Cash in 2017. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/