Indian Startup Develops a Next-Gen Cybersecurity Solution on the Blockchain

A new innovative prototype startup powered by blockchain technology for cybersecurity has recently launched in India aimed at curbing the global phenomenon of cybercrime.

Mumbai-based Block Armour was thought up by Narayan Neelakantan, former CISO and Head of IT Risk and Compliance with India’s National Stock Exchange (NSE) and Floyd DCosta, who has a background in management consultancy and spent 11 years at Capgemini.

Representing a disruptive approach to reclaiming enterprise cybersecurity, Block Armour is attempting to do so faster and at a fraction of the current cost. According to U.S. market research firm Gartner [PDF], global expenditures for IT security rose by $148.5 billion from $65.5 billion in 2013 to $83 billion in 2016 with cloud security expected to grow by 50 percent.

And yet, despite a significant rise in global IT security spending, cybersecurity incidents continue to grow across industries with existing solutions struggling to keep pace.

Speaking to CCN, Neelakantan said that the dramatic increase in networked devices and the Internet of Things (IoT) has further complicated the situation while the use of yesterday’s technology to fight cybercrime is further compounding the issue. With cybersecurity challenges expected to get bigger, bolder and more complex in the years ahead, a solution is needed.

He said:

We have emerging technologies like blockchain and TLS technology as well as architectures like the Software Defined Perimeter that can be effectively used to reclaim cybersecurity. That’s exactly what we are bringing together at Block Armour.

Tackling Cybercrime

With the use of the Software Defined Perimeter, the team at Block Armour are planning to use digital signatures based on authentication for humans, devices and data.

According to Neelakantan, this then allows them to securely ring-fence critical infrastructure in addition to providing IoT related security.

As this is an issue that cuts across many industries the interest the team has received is expected to be high from those keen to have a solution that will provide the protection they need.

Whether it provides the answer is yet to be determined; however, given that such a platform could be available before the summer is bound to give many the confidence that Block Armour may provide the answer where others have failed.

Since the launch of the prototype, Block Armour has received positive feedback on the potential that it can achieve. As a result, the team are keen to bring the solution to the market with an alpha version expected to be launched in February and a beta version expected to launch in May 2017.

Images from Block Armour.

Bitcoin Extortionists Hold Taiwanese Schools for Ransom

Cybercriminals have reportedly targeted a number of schools in Taiwan, threatening to destroy their computer systems and data if a bitcoin ransom isn’t paid.

According to a report in Focus Taiwan, a national news agency, malicious hackers have compromised computer networks from 9 schools in Hualien, Taiwan’s largest county situated on the eastern coast of the country.

The cybercriminals are demanding a payment of eight bitcoins (approx. $9,600), the Hualien County government revealed. Taking control of a number of schools’ printers, hackers have left a number of undisclosed threats with sheets of paper print-outs, according to the county’s education department.

So far, no bitcoin ransoms have been paid. Instead, schools have received instructions from the education department to password-protect their printers and purchase antivirus software to mitigate cyberattacks.

While fears of a data compromise remain, there is no evidence to show any leak of information. It’s entirely likely that the cyberattack was carried out through ransomware malware, a common ploy for cybercriminals to extort ransom from victims in exchange for decryption keys to unlock the compromised computers and network.

Figures from the country’s ministry show that at least 55 schools in Taiwan have been targeted and attacked by hackers demanding bitcoin ransoms, since the turn of the year. Law enforcement officials have deployed investigators to the affected schools but police have, so far, been unable to determine the cybercriminal operation instigating the attacks.

A Global Menace

Extorting bitcoin through ransomware has become a global menace to such an extent that big businesses have started stockpiling the cryptocurrency. Threat intelligence statistics peg ransom payments to have reached $ 1 billion in 2016, representing a 4000% increase in a year. Through 2015, the cybercriminal group behind the then-infamous Cryptowall 3.0 variant of ransomware reportedly raked in an estimated $325 million in bitcoin. Hundreds of thousands of individuals around the world became victims of the malware.

In figures from December 2016, cybersecurity firm Kaspersky estimates that one business is hit every 40 seconds by a ransomware, on average. It’s worse for individuals, where the rate went from 20 seconds to every 10 seconds last year.

Wall Street Journal: Bitcoin as Terrorist Money is Exaggeration

In the Morning Risk Report, the Wall Street Journal emphasized that law enforcement agencies and financial organizations that are describing bitcoin as a terrorism financing tool are exaggerating the risks involved in digital currencies including bitcoin.

Bitcoin as Terrorism Money Narrative Pushed by Governments

Since the beginning of 2016, law enforcement agencies including the FBI and Europol have begun to describe bitcoin as a terrorism financing tool due to its use case in the dark web. However, these law enforcement agencies were harshly criticized for misleading the public, as fiat money or cash, which serves the global financial ecosystem as the base monetary system, accounts for nearly 97% of all criminal activities due to its complete anonymity.

Analysts and supporters of bitcoin expressed their concerns over governments and law enforcement agencies’ attribution of bitcoin to criminal activities, mostly because bitcoin is not completely anonymous as anyone can track down the flow of transactions using the public blockchain. When a criminal tries to sell bitcoin in a regulated bitcoin exchange, with KYC and AML systems in place, government agencies will be able to unravel the identity of the bitcoin user with ease.

More to that, criminals are always in search for better technologies and alternatives. Criminals utilize automobiles, cash, phones, and other technologies to supplement their operations. However, this shouldn’t necessarily lead to the struggle of the general public. In other words, government agencies shouldn’t attempt to ban every technology utilized by criminals across the world. If so, no one will be able to utilize the internet, bitcoin, banking system, cars, amongst many other technologies.

International defense and security think-tank Royal United Services Institute consultant and former US Department of the Treasury’s Office of Terrorism and Financial intelligence official David Carlisle stated:

“Treating cryptocurrencies as an exceptional threat creates the misleading impression that more conventional financial products are not already equally, or more, vulnerable to terrorist exploitation.”

Terrorist Financing: Bitcoin Vs. Conventional Banking

Essentially, bitcoin is a decentralized protocol built to facilitate payments between two parties with the absence of moderators or third party service providers. Everyone within the network has equal authority over each other and there exists no administrators who can manipulate, alter or delete transactions from the public blockchain.

This decentralized architecture of bitcoin prevents exploitation and manipulation of funds, unlike conventional banking. Over the past decade or so, banks have been exposed for leading fraudulent operations that have led to hundreds of billions of dollars in losses. In fact, it was revealed last week by Bloomberg that the world’s largest banks were fined US$321 billion in total since the 2008 financial crisis.

In consideration of this staggering number, it is dishonest and deceitful of governments to attribute bitcoin as criminal and terrorist money, when their most trusted partners have deluded the public for decades before being fined billions of dollars for their actions.

Carlisle also noted that terrorist groups including the ISIS have their own forms of money such as their unique minted gold coins as the unified currency. Thus, bitcoin or other digital currencies will not be a priority for terrorist groups especially if bitcoin is difficult to obtain without forfeiting user identity due to KYC and AML regulations implemented across the world.

Image from Shutterstock.

BoJ: Blockchain Could Come Under Dark Cloud Amid DAO Hack

The Bank of Japan’s director has said that it’s important to constantly engage in taking measures against threats made to the blockchain or else it could impact the technology’s credibility and hinder its development.

Speaking at the third meeting of the FinTech Forum, Shigehiro Kuwabara, executive director of the Bank of Japan, presented a speech entitled ‘Distributed Ledger Technology and Designing “Trust”’ [PDF], which presented the banks view on blockchain and the issues of adopting it in the financial industry.

According to Kuwabara, establishing trust is an important facet in the financial industry compared to other fields. It is because of this that to make full use of the blockchain within the financial sector and how to design it as a trustworthy mechanism is going to be a challenge.

He proceeds by explaining three issues in designing a framework for blockchain to be trusted.

The first is ensuring ‘resiliency in emergency responses.’ He cites the DAO hack, which occurred last year, ‘in which an enormous amount of digital currency was drawn from a digital currency-based investment fund by hackers exploiting its system’s vulnerability.’

He adds that to recover the money, the operator proceeded to rollback the payment records, which wouldn’t normally occur.

And yet, as the cyberspace is exposed to threats such as hacking it’s necessary for the blockchain system to be resilient against potential threats that, as Kuwabara states, could ‘hinder the development of FinTech,’ as the credibility of the technology is put into question.

The second point is understanding the advantages and disadvantages of the blockchain.

There is no doubt that the technology is innovative and has exceeded expectations in its relatively short lifespan. However, Kuwabara believes that based on the level of the technology at its current stage, it has not yet to reach its full potential of replacing the current centralized system.

The DLT system, on one side, has strength in high fault resistance, but on the other side, there is also the challenge that it needs time to build consensus.

Thirdly, Kuwabara states that if the financial industry is to work with the blockchain it must have a deep understanding of the technology first.

At present, the core elements of the blockchain are developed by IT vendors and FinTech firms, outside of financial institution resources. But if the finance sector is to advance its services with the blockchain it needs to understand the technology.

Bank of Japan Initiatives

The Bank of Japan is committed to ensuring its economy and advancement with the blockchain.

Today, it was announced that the Japan’s central bank will ‘seriously consider’ digital currency despite saying at one stage that bitcoin doesn’t pose a threat to fiat money.

However, the central bank is continuing to watch the developments of blockchain knowing that in the future it may have to apply FinTechs to its operations.

Featured image from Shutterstock.

Danish Police Proclaim ‘Ground-Breaking’ Bitcoin Tracking System

Denmark’s cybercrime police unit has claimed to have developed a specialized software system to track bitcoin transactions, one that has led to the prosecution of drug traffickers.

The revelation comes to light a report by regional news publication Berlingske. According to the report, a specialized IT system developed by the Danish National Cyber Crime Center (NC3) is described as “ground-breaking” by Kim Aarenstrup, the head of the unit. The report further adds that the same system has been used by the FBI and Europol.

“The potential of this is groundbreaking. The investigation can now proceed from where it used to stop before,” Aarenstrup said.

In roughly translated statements, Aarenstrup told the publication:

We are pretty much unique in the world at this point, because there aren’t really any other agencies who have managed to use these [bitcoin] trails as evidence in the past. Every is looking toward Denmark ins this field and we are now in close dialogue with a number of other countries right now, so we can further develop our methods and teach them how we do it.

While details of the workings of the ‘special software’ remain scarce, the mechanism reportedly correlates two separate transactions where bitcoins used to purchase illegal goods are matched against those listed on the blockchain, which are then compared with listings of the marketplace and other information about users. That’s about the extent explained by Jesper Klyve, the prosecutor involved in the cases where the tracking software led to the convictions of drug traffickers last month.

“All [bitcoin] transfers that have ever been made are coded into the bitcoin-system [blockchiain]. Therefore, you can, at any time, log in and search in the system to try and identify individual users” he told the publication.

One of the trafficking cases involved a Danish man in his 20s who purchased large quantities of methamphetamine, cocaine and ketamine on andark web marketplace.

Contrary to the popular notion that bitcoin transactions are anonymous, its pseudonymous nature leaves every transaction open to anyone looking into the public blockchain. While the wallet addresses are public – leaving every transaction openly traceable – they are not tied to any personally identifying information on the blockchain.

However, the very nature of traceable transactions leaves room for bitcoin blockchain surveillance firms like Elliptic to work with law enforcement agencies to curb online criminal activity that abuses bitcoin. Perhaps notably, Elliptic CEO James Smith stated “Bitcoin is too transparent”, adding that his firm studied major darknet drugs markets like Alphabay, every day.

Dutch Authorities Look to Deem ‘Bitcoin Mixers’ as Money Laundering

The Dutch government is trying to make it easier to launch a criminal investigation against persons who use bitcoin to launder money from illegal activities, according to Financieele Dagblad, a Dutch newspaper.

Dutch investigators have discovered criminals are shielding activities using “bitcoin mixers.” A bitcoin mixer is a grab bag with bitcoins of several owners. The bitcoins paid out from the bitcoin mixer cannot be traced back to the original owner.

Bitcoin And Money Laundering

The FIOD, the investigative arm of the Dutch tax authority, wishes to have the bitcoin mixers recognized as money laundering. By recognizing this activity as money laundering, investigators can take action against a suspect without having to demonstrate a reasonable suspicion of a crime.

Rolf Van Wegberg, of the knowledge institute TNO, which is investigating money laundering through bitcoin, said he researched a handful of bitcoin mixers, with names like Onion Wallet and BitcoinBoost. He said the mixers are reviewed on the darknet by users.

Van Wegberg found that at low-rated mixers, his money was lost. On highly-rated mixers, he received his bitcoins back and was able to convert them into euros and send them to online payment services like PayPal and Western Union.

Laundering costs often exceed 40%, but with the bitcoin mixer, it was only about 15%.

A Different Criminal Standard

The use of the mixer alone will be sufficient to launch a case against a trader. A criminal can be prosecuted for money laundering more easily than for conducting a criminal transaction in which bitcoins are earned.

Van Wegberg said there can be legitimate reasons for using a mixer. If you are a foreign journalist in Myanmar getting your salary from a foreign medium, the mixer will hide the fact that the money is coming from a foreign media company.

The FIOD has been able to identify darknet criminal traffickers and parties that exchange bitcoin for euros.

In one case, a 24-year-old from Amsterdam and a 27-year-old from Utrecht were arrested on suspicion of drug trafficking and money laundering and participating in a criminal enterprise.

A second case concerns four Dutch nationals suspected of swapping bitcoins for euros after obtaining bitcoins from illegal activity. The men fled to Malta in 2015 when banks became suspicious of their activities.

Also read: 11 Fintech Companies in UK’s Trade Delegation to Australia & New Zealand

International Money Laundering

The third case concerns an international investigation of a money laundering gang that used bitcoins. In January 2015, Dutch prosecutors announced the arrest of 10 men suspected of using bitcoin to launder up to 20 million euros. It was reported that the suspects were seen as facilitators to drug dealers operating on the Dark Web laundering bitcoins.

Traders from this gang used “cashers,” parties that exchange bitcoins for euros.

According to the Dutch report, there are approximately 50 so-called cryptomarkets and vendor shops and the Netherlands occupies a crucial position in the European illicit drugs markets.

Image from Shutterstock.

Malware Discovered Sending Fake Emails to Steal Bitcoin and Passwords

A new malware that steals passwords and bitcoin from cryptocurrency wallets has been discovered by Cyren, an Internet security service provider, according to the company’s blog. The malware targets banking customers, and according to Cyren, is carrying out a massive campaign.

The emails inform the recipient of a deposit. The emails originate mainly from bots in the United States andSingapore, and are branded as being from various banks, including Emirates, NDB and DBS.

The malware is a keylogger that is carried as an attachment to emails for fake bank transfers. Once the victim opens the attachment, the malware can record everything the victim types on their keyboard and every place they place their mouse.

How It Works

The malware queries the victim’s registry for passwords and other information related to various types of software. The subject line usually has financial details like an online wire transfer payment notification. The attachments have a SWIFT variation, making the emails look legitimate. SWIFT codes identify financial institutions for fund transfers.

Files that appear to be PDF are really executable files, according to Cyren. Once executed, the file deletes itself and opens a new one called “filename.vbs” in the Windows startup folder. When the computer boots, the software executes itself.

The malware collects passwords and other information, focusing on web browsing software and FTP software. It gathers usernames, passwords, cookies, browsing history and more.

Also read: Austrian Luxury Hotel Pays Bitcoin Ransom to Regain Access to Rooms

Cryptocurrencies Targeted

The malware looks for cryptocurrency wallets and targets a long list of currencies, including bitcoin, Namecoin, Litecoin, Anoncoin, BBQcoin, Bytecoin, Craftcoin, Devcoin, Digitalcoin, Fastcoin, Feathercoin, Florincoin, Freicoin, I0coin, Infinitecoin, Ixcoin, Junkcoin, Litecoin, Luckycoin, Megacoin, Mincoin, Phoenixcoin, Primecoin, Quarkcoin, Tagcoin, Terracoin, Worldcoin, Yacoin and Zetacoin.

Image from Shutterstock

BitGo Enhances Its Security With Ledger’s Hardware Based Key Storage

BitGo’s wallet protects against loss and theft with features like webhooks, multi-user approvals, rate limits, address blacklists and whitelists, and more. The integration with Ledger, a provider of hardware solutions for key management and endpoint security, now allows BitGo customers to signature keys in an offline device, providing extra protection from malware and other attack vectors.

Improved Asset Security

The integration will be an easy choice for BitGo customers to improve asset security. It will provide peace of mind to digital currency users.

Ledger’s core technology is a low footprint embedded operating system built for CPU enclaves and secure elements, according to the company website. It creates solutions to integrate the physical world with blockchain technology, including personal security devices, hardware security modules for servers, and hardware oracles for connected objects, machines and the Internet of Things.

BitGo is offering a 15% discount for customers who buy a Ledger Nano S or Blue for a limited time. Customers interested in taking advantage of the offer should use the promo code, BITGO15.

Also read: Bitcoin Wallet Xapo Receives Early Approval from Swiss Financial Regulator

A Multi-Sig Transaction Pioneer

BitGo pioneered the multi-signature transaction in 2013. In 2015, it partnered with XL Group, an insurer, to provide up to $250,000 coverage for theft claims, another pioneering move for the bitcoin industry.

That same year, CoinHako, a Singapore-based exchange, contracted with BitGo to secure its wallet, pointing out they could insure customer holdings against loss by hacking or theft on account of the XL Group coverage.

In 2016, BitGo introduced BitGo Instant, offering an immediate settlement of bitcoin transactions. The service guaranteed recipients a compensation if the transaction was not confirmed by the blockchain.

Featured image from Ledger.