Friday, October 26, 2018

Security Lies in the Balance as Blockchain’s LockBox Wallet Uses the SWAP Crypto-to-Crypto Brokerage

Colleagues, does the global cryptosphere truly need another hardware wallet? The CEO of Blockchain clearly believes the answer is yes, indeed. The firm has announced plans to begin shipping its new LockBox device this November. LockBox’s distinguishing features is that it enables the exchange between different cryptocurrencies in partnership with SWAP brokerage. The value proposition is that traders can exchange Bitcoin for Ethereum, XRP for LiteCoin, Ripple for Ether … you get the idea. Two key factors will determine the success of LockBox. First is the Total Addressable Market from “crypto-to-crypto” transfers. With a global market cap of some $209B we anticipate that roughly 10% of crypto traders will need to make such a transfer during their financial careers. Second is the infamous security challenge – how secure is the hardware wallet when connected to the Internet as well as the security of LockBox’s interface with the SWAP brokerage when making transactions. Our recommendation: Proceed with caution. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Monday, October 22, 2018

How does North Korea’s cyber warfare unit Lazarus Group use gains from crypto exchange attacks to its military?

Colleagues, under mounting political and economic pressure from the US – and to lesser extent China and Russia – North Korea’s infamous Lazarus Group appears to have cryptocurrency exchanges in the center of its radar screen. The highly respected Group-IB cyber intelligence firm reports that the DPRK was the source of some 14 cyber attacks targeting cryptocurrencies exchanges during the past one and a half years yielding $571m in illicit digital assets. Allow us to make two rather obvious assumptions: One, the cash-starved North Korean government has no viable exports other than the sale of rogue military hardware. Two, despite its economic deprivation, the DPRK funnels as disproportionate level of the financial resources it does have to the Lazarus Group’s cyber warfare ventures. These assumptions lead us to a fundamental question: How does North Korea use the crypto assets acquired by Lazarus? We believe the answer is two-fold. First, to build and acquire the country’s military arsenal. Second, the widespread and ongoing disinformation campaign needed to prop-up the ill-fated Kim political dynasty. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Thursday, October 18, 2018

Does Crypto Smart Contract Predictive Code Violate US CFTC Policies?

Colleagues, as the debate continues regarding whether cryptocurrencies are securities or commodities, a parallel debate is emerging which concerns the legality of including predictive code in smart contracts. The Commodities Futures Trading Commission governs the use of binary options, derivatives and event contracts for US-based traders and investors. The centerpiece of CFTC enforcement is protecting the “public interest”. Crypto smart contract security issues, which may lead to financial losses, are under particular scrutiny by the CFTC. Best practices concerning smart contracts vary by the Blockchain used by each cryptocurrency.  If your prediction is right, the contract automatically sends you the remittance as long as it is in the public interest. The issue of nefarious uses of cryptocurrencies let alone betting on illicit financial transactions (e.g. money-laundering, evading economic sanctions and payment for drug trafficking). Smart contract security audits are key to uncovering vulnerabilities in the underlying Blockchain. The CFTC’s chief concern is the prohibition of so-called “prediction markets”. Bottom line: When it comes to US-based cryptos and developers including predictive code in smart contracts raises a red flag by the CFTC. Until the CFTC issues formal guidelines, our recommendation is to avoid predictive code in crypto Blockchain. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/

Monday, October 15, 2018

What is the scope and impact of Bitcoin time warp attacks cyber criminals? Should the software bug be fixed?

Colleagues, crypto time warp attacks occur when miners collude to report incorrect timestamps that are farther apart, messing with the rate at which blocks can be mined. Incorrect timestamps are do occur and can be innocuous. Chain Analysis reports that timestamp errors have steadily decline since 2018. However, specific manipulation by miners who bends the rules with the goal of creating illegitimate tokens is cybercrime … pure and simple. Bitcoin (along with Litecoin) are most susceptible to time warp attacks. However, some argue that the same Blockchain bug which allows these attacks have favorable unintended positive side effects … faster transaction speeds and attraction of more users. By contrast, if the difficulty of creating a new block is low, a cyber-criminal can mine many fast coins, or in the case of a small chain, a criminal with 51% hash power could reduce the difficulty to one and mine a new fork from the original block. The debate continues within the Bitcoin developer community. While consensus will be hard to reach, the community needs to reach at least a majority vote or risk a division, which split BTC into Bitcoin and Bitcoin Cash in 2017. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/

Thursday, October 11, 2018

Cryptocurrencies with lower market capitalization have the greatest risk of 51% mining attacks

Colleagues, the threat of 51% attacks loom large in the global cryptosphere. However, findings suggest that the potential for a 51% mining attack has an inverse correlation to the market cap of a given cryptocurrency. Attacks by a group of miners controlling more than 50% of the network's mining hashrate or computing power of the currency’s Blockchain. Two factors drive the propensity of a cryptocurrency 51% attack. First, cryptos with smaller market caps typically have fewer active miners. It is easier to gain control over 1000 miners of ZCoin, which ranks 100th in market cap by CoinMarketCap at some $60m USD #1 ranked Bitcoin valued at roughly $114t USD with perhaps 1,000,000 active miners worldwide. Second, the availability of relatively low-cost mining pools enable cyber criminals the opportunity to “rent” GPU power from multiple pools simultaneously while subtly approaching the 51%+ threshold for controlling hashrates. Pre-emptive measures include making code changes at the Blockchain protocol level, boycotting likely attackers, increasing the number of confirmation requirements and unleashing a DDoS attacks on suspected hackers. Bottom line: There is no fail-safe strategy become a victim of a 51% Attack, however, investing in Tier 1 cryptocurrencies (e.g. the CoinMarketCap’s top 10 cryptos) provides optimal security and peace of mind. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/

Saturday, October 6, 2018

Security and buy-in from millennials cited as the two big drivers influencing the US Fed’s position on cryptocurrency

Colleagues, the US Fed’s Jim Cunha, Vice President for Treasury and Financial Services, offered up a prediction that the US government could adopt a Blockchain-based cryptocurrency within the next five years. We have previously stated such a move could take place within three years. Perhaps the reality of US Fed-backed cryptocurrency lies somewhere in between. Cunha’s remarks at a recent conference in Boston (akin to an East Coast version of South by Southwest) reveal some insight to the US Fed’s thinking. The major reservation shared by Fed officials is security of a central bank crypto and its underlying Blockchain. By contrast, the 30-year Fed veteran recognizes that millennials in aggregate have concerns about the old-school financial establishment – presumably government and private sectors alike – which makes them much more open to a national cryptocurrency than their gray haired “over 50” financial leaders of our current era. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/


Friday, October 5, 2018

US DOJ Incites Russians Who Are Claimed to Have Used Cryptocurrencies to Fund Disinformation Campaign

Colleagues, by now it should come as no surprise that the US government has filed charges in absentia against seven Russian nationals suspected of engineering a disinformation effort to influence (read the indictment). The defendants are alleged employees of Russia’s infamous GRU Main Intelligence Directorate. In addition, it is no surprise that the defendants purportedly used Bitcoin and other un-named cryptocurrencies to fund their illicit tactics. Bottom line: The goal of this campaign was to influence and undermine the credibility of US-based sports “anti-doping” entities including the US Anti-Doping Agency (USADA), which claims Russian illegally, allows doping among its athletes to boost their performance and stature. Cryptocurrencies, chief among them being Bitcoin, were the means used to fund these illegal actions. Why use cryptocurrencies? Two reasons emerge. First, the defendants are believed to have “mined” their own digital assets (akin to printing their own money). Second, the lack of transparency when acquiring computers and related infrastructure to implement their disinformation efforts to move public opinion in their favor. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Thursday, October 4, 2018

Will a bug in Bitcoin’s software lead to double-spend exploits of Altcoins which use BTC’s public code?

Colleagues, a recent bug in Bitcoin’s public code has led to the illicit printing of some 235 million Pigeoncoins. Although Bitcoin has released a software patch which altcoins, exchanges and mining pools can install to mitigate this bug, the specter of crypto double-spend cyber-attacks looms large. Double spending is a problem unique to digital currencies because digital information can be reproduced with relative ease. Bitcoin transactions take some time to verify because the process involves intensive computational power and complex algorithms, which can be measured in seconds or milliseconds. Two fundamental questions emerge. First, just how many exchanges, pools and altcoins use BTC’s public code? Given the size, complexity and global diversity of the crypto ecosystem this question is almost impossible to answer. Second, how many of these crypto entities will expeditiously implement the software patch before cyber criminals can perform double-spend transactions? Sadly, this question is equally difficult to answer. When in doubt we once again offer our baseline guidance: Stay with established (aka Tier 1) currencies, exchanges and pools that typically have more comprehensive security measures in place. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Wednesday, October 3, 2018

Google Moves to Prevent Cryptojacking via Illicit Chrome Extensions

Colleagues, as we have previously reported cyber security attacks, specifically cryptojacking via Internet browsers, has risen some 400% YoY from 2017 through H1 2018. Google Chrome commands almost 67% market share according to data from Statista. Earlier this year Google banned cryptocurrency-related ads from AdWords and placed major restrictions on apps and extensions on Google Play and the Chrome Web Store. Therefore, it comes as welcomed news for individual and corporate Chrome users that Google has taken the next step of adding more stringent rules for developers of Chrome extensions. Chrome, Firefox and Safari have been the primary targets of cyber criminals seeking to perform crypto mining by way of installing malicious code (aka illegal extensions) to mobile and desktop browsers alike. The Chrome Web Store’s Developer Program Policies clearly states “Do not create an extension that requires users to accept bundles of unrelated functionality”.  Nevertheless, written policies are no better than the vendor’s enforcement practices and penalties. We will report back in Q1 2019 on the initial impact these stricter policies have on mitigating the cryptojacking tsunami impacting Chrome users … and hopefully stemming the tide of illicit crypto mining. Share a comment while visiting us today! Lawrence Wilson – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/

Monday, October 1, 2018

Bitcoin, Ethereum and Monero at the core of a new cryptocurrency money-laundering scheme

Colleagues, the lack of transaction transparency and money laundering have long been the Achilles heel of the crypto ecosystem. A recent Wall Street Journal study revealed that some $88m in cryptocurrencies from 2500 wallets was laundered through exchanges including Shape Shift. To date this exchange (and others) have allowed investors to anonymously trade digital assets – mostly Bitcoin that holds 50% market capitalization share among cryptocurrencies – without needing to create an account. To its credit ShapeShift is replacing its “account less” trading model with a new “loyalty program” which requires users to create a traceable account. Money laundering has long been a high priority of entities such as the US Drug Enforcement Agency and Europol … and so-called crypto laundering is reaching epic proportions. Having reported all too many times on this topic we believe that first and third world governments need to implement strict regulations requiring the transparency of crypto trading and exchanges alike. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)