[BreachExchange] The cybersecurity side of cryptocurrency

Audrey McNeil audrey at riskbasedsecurity.com
Thu Feb 23 20:10:30 EST 2017


http://www.csoonline.com/article/3166938/data-breach/
the-cybersecurity-side-of-cryptocurrency.html

In 2014, hackers stole about $350 million in bitcoins from Tokyo's Mt. Gox
exchange. More recently, attackers successfully moved about $60 million
worth of the virtual currency ether from the DAO, or Decentralized
Autonomous Organization, to an account controlled by an unknown individual
or group. Although most - but not all - of the funds taken in that theft
were later recovered, it was another reminder that cybercriminals are
targeting cryptocurrencies.

Cryptocurrencies, such as bitcoins and other digital alternatives, have
been hailed as representing the future of money and global finance.
Bitcoin, the first cryptocurrency, was created in 2009. Nowadays, hundreds
of types of cryptocurrencies are in use, often referred to as altcoins (an
abbreviation of “bitcoin alternative.”) New altcoins get launched every day.

There’s reason for the excitement. The technology lets people and
institutions shift funds instantly and without the need for a middleman.
Unlike paper currencies controlled by governments, cryptocurrencies are
fully decentralized and operate independently of central banks. The digital
assets work as a medium of exchange using principles of cryptography to
secure transactions.

These various digital currencies have soared in popularity with a market
capitalization now estimated to be around $13 billion.

But with regulators and governments still trying to figure out appropriate
legal structures and business norms governing cryptocurrencies,
cybercriminals are finding clever ways to exploit that window of
opportunity.

Regulators still a step behind the technology

A study funded by the Department of Homeland Security found that about 33
percent of bitcoin trading platforms have been hacked. What’s more,
cryptocurrencies now frequently feature as preferred forms of exchange in
ransomware attacks.

In late 2015, a U.K. phone and broadband provider called TalkTalk received
a ransom demand for £80,000 in bitcoin. Around the same time, three Greek
banks were threatened with dire consequences by an entity calling itself
the Armada Collective unless they paid “hundreds of thousands of Euros,”
also in bitcoin. More recently, a number of hospitals in the U.S., such as
Hollywood Presbyterian Medical Center, have been attacked by hackers who
demanded their victims pay ransom, also in digital currencies. The common
thread in these and other ransomware incidents: attackers can easily mask
their true identities on cryptocurrency exchanges where they then convert
their profits back into traditional currencies.

As cryptocurrencies become more widespread, there’s concern that criminal
actors will try to use them to camouflage their illicit activities in other
arenas, particularly when it comes to laundering funds. In late 2015, for
instance, Dutch police arrested six people on suspicion of bitcoin-related
money laundering. And early last year, they arrested another 10 people in
connection with a suspected global bitcoin laundering scheme valued at $22
million.

It’s part of a trend that law enforcement agencies expect will gather
momentum in the new year. And given the lack of independent oversight,
criminals already have a head start.

However, none of this is likely enough to derail the popularity of
cryptocurrencies. Every new technology suffers through growing pains on its
way to being accepted by the mainstream. There’s no reason to believe that
cryptocurrencies will be any different.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170223/aae0b436/attachment.html>


More information about the BreachExchange mailing list