“Most of them are saying they are, but they are not”- European Parliament VP.
0 Comments
Publisher: Apress Berkeley, CA (an imprint of Springer)
A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using funds stolen during attacks on cryptocurrency platforms to support its nuclear and ballistic missile programmes. Here is the article.
By the way, “Pyongyang blockchain and cryptocurrency conference” sounds very attractive. This is very interesting, detailed article that describes the investigation if the crypto cyber theft from DeFi platform called Indexed, with a lot of specifics on how the the attack was conducted as well as how the decentralized crypto index funds work. Great research which shows the main vulnerability of DeFi: it fully relies on the code, there are no human safeguards, which is great for freedom, independance, and privacy, but if the code fails (which happens often as all software developers know!), there is nothing else to stop hackers.
#crypto #cybersecurity #defi #index #hacking I guess as every tracking tool it will have a dual purpose: tracing criminal activities or–if used by authoritarian governments or hackers–spying on ordinary people. Storyline is able to interpret smart contracts and will automatically label common types of transactions like an NFT purchase or an asset swap. A user can quickly add additional related transactions in a timeline-based format with a transaction shown in each row and destination addresses — including those on new blockchains — as columns. That way, investigators know right away what tokens a wallet of interest swapped for and when. Here is the announcement in the company blog.
I just created two NFT on OpeSea with the signed covers of my previous books:
opensea.io/collection/slava-gomzin-books The one for the new book is coming up! The book is coming along well. In fact, it's nearing the end of its first phase–the manuscript writing–and editing is in progress as well. There is a code title of the book:
Crypto Basics The full name (with the subtitle) will be unveiled soon. It is still the code name which theoretically can change before the publication, but the chances are it will be the name. I will also post the final Table of Contents soon. Stay tuned. As some of you know, I am working on a new book about crypto with one of the big tech publishers. Although some chapters are complete already, there is always room for more before it goes to print. If you have any questions about crypto that you could not find answers to online or in other books, please don’t hesitate to reply here, if you like publicity, or send me a direct message, if you care about privacy. I will mention the best questions (if I have answers) in the book, with reference to you (with your permission).
Reading multiple reviews and analysis on recent ransomware attacks, especially the most famous one on Colonial Pipeline which paid a ransom of 75 bitcoins (about $4 million), I am seeing a lot of discussion about what the victims did wrong and how they can avoid such attacks in the future. But no one is asking (let alone answering) a very simple question: What did the hackers do wrong that allowed the FBI to recover at least a half of the ransom already successfully transferred to them by Colonial Pipeline? And an even more important question: How did they make the mistake of allowing their transaction to be traced?
For anyone working with blockchain tech, it is obvious that ransomware hackers who use bitcoin for the payoff don’t care much about their anonymity. People dealing with crypto know that bitcoin is a pseudonymous cryptocurrency, meaning that it does provide some basic degree of anonymity, but scrutinization of the bitcoin blockchain unleashes a lot of information about both the sender and the recipient. And, of course, all the details of transfers and their amounts are publicly visible to anyone. So using bitcoin as a payment method, especially for illegal activity such as ransom is extremely dangerous for the attackers. They can be easily traced and caught, and their money can be seized. The probability that the Colonial Pipeline attackers didn’t know such basics about crypto is near zero. They would certainly have known there are well-developed privacy-centric cryptocurrencies that provide almost absolute anonymity and security to their users. Monero is one outstanding example; it hides all the details of its transactions from public view, including the sender, the recipient, and the transfer amount. And it is very liquid, with a market capitalization of more than $4.5 billion and a presence on most cryptocurrency exchanges. So why did the attackers not use it — or another privacy-centric cryptocurrency? There are two possible answers to this question. I don’t know which one is right. The first possibility is that they simply didn’t care. Most are probably located in the hacker-haven countries such as Russia, China, North Korea, or Iran, that don’t have extradition agreements with the West. So they are not afraid of the FBI, not worried about being caught, and simply did not think the law enforcement agencies would be clever enough to find a way to seize their money. The second possibility is that they intentionally used bitcoin so that they would be traced and clues about their location would be exposed. In this scenario, the attack would have been more than just a commercial transaction; it would have been a demonstrative action. As I said, I don’t know the right answer, but there is an important outcome of this attack, especially if it was a commercial one. Attackers are learning, and for the future attacks, other hackers, whose interests are purely commercial, will be using better methods that will allow them to slip away unnoticed while keeping their money (well, our money) safe. So it’s important that companies brace for impact. While ransomware sounds terrible for most people, the security community knows how to avoid those attacks, so there is no reason companies shouldn’t be protected. A “Zero trust” architecture, with total multi-factor authentication coverage will deter hackers and prevent security breaches. Security is not free, but recent examples show that ignoring reality can be much more expensive. This article was originally published by VentureBeat on June 13, 2021 |
Books
Recent Posts
Categories
All
Archives
October 2024
|