cryptocrime Archives - aml-knowledge-centre.org

How is Blockchain Being Applied to Cybersecurity Right Now?

We’re getting pretty used to hearing about cool new projects using blockchain. From online marketplaces to green energy; every man, woman, and their respective dogs are busy leaping on the bandwagon. Future promises, flashy launches, impressive white papers… These things are all well and good. But what about practical use cases happening now, starting with cybersecurity?

Blockchain and Cybersecurity

Whenever you talk about the blockchain, you almost always enter a discourse of hypotheticals. This is true in relation to government and commerce, and it’s true of cybersecurity as well. But cybersecurity is a pressing problem, costing the global economy an estimated $450 billion a year.

So, rather than speculate over how blockchain may eventually resolve the woes of this problematic industry, what problems is it tackling now? And which companies are getting their hands dirty (so to speak)?

“Blockchain has plenty of genuine use cases,” says Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks, “for example decentralized storage, preventing fraud and data theft, and distributed public key infrastructure for user or device authentication.”

Multi-Factor Authentication

DDoS (Deliberate Denial of Service) attacks are one of the most common cybersecurity threats in the industry today. And they are rampant and widespread mainly due to our existing Domain Name System. When we hold data in one centralized location, it’s infinitely easier to break into. With blockchain’s decentralized structure, distributing information over nodes, systems will become virtually impossible to hack.

“Instead of all passwords of users being held in one database in the network operations center of one company, each individual holds their private key,” says Nick Spanos, founder of the Bitcoin Center NYC. “Companies like Equifax and Wells Fargo would never again handle information the way that they did. You would have to hack millions of their users simultaneously–a much more difficult feat.”

Winner of the Microsoft Blockchain Incentive award, blockchain security startup REMME is currently preventing cyber attacks on companies large and small. By eliminating the room for human error, and the simple one-step password system widely used, we close the window for opportunist hackers scouring for easily crackable passwords.

REMME’s robust solution is built on the decentralized ledger and manages and authenticates users and devices through multi-factor authentication. This eliminates the chances of preying on the easiest target for cyber attackers (weak passwords).

The company is also working with several Bitcoin exchanges to help prevent phishing attacks like the Bitfinex attack that lost $60 million (120,000 BTC at the time). They provide the security of an authorized platform based on cryptographic principles and a user-friendly, one-click 2FA.

Improving IoT Security

One of the stumbling blocks in the road of IoT’s growth is the constant threat of device security. According to research by Gemalto, 96 percent of companies and 90 percent of consumers believe that their IoT devices aren’t secure–and that there should be government regulation in place. Their main concern, it seems, is that a hacker will take control of their device, or that their personal data will be stolen.

When baby monitors and medical devices are infected with Malware, and major car manufacturers lose control over their vehicles, the public’s concern is understandable. The thought of losing control of your car or respiratory equipment is indeed panic-inducing. But here too, blockchain is starting to show some results.

IBM has a long history of innovation. So it’s not surprising that they’re leading the charge when it comes to blockchain tech. The IBM Watson IoT Platform is allowing IoT devices to transmit data to blockchain ledgers. This data is then included in shared transactions and records that are tamper-resistant and validated through secure, smart contracts.

Australian telecommunications giant Telstra is also seeing success using blockchain to secure their “smart home” IoT ecosystems, by verifying people’s identity through stored biometric authentication data. And IOTA is also showing promise for the scaling of IoT through its Tangle technology.

Filling the Talent Gap

You may have thought there were more than enough computer engineers to go around. But it turns out that there’s quite a talent shortage when it comes to cybersecurity.

Unemployment in the industry hovers around zero. This means that when new positions crop up, they are extremely hard to fill. And with the constant challenges of emerging tech (and with them, greater cyber threats) by 2020, Frost & Sullivan predict at least 1.8 million vacant positions in the cybersecurity industry.

Companies like PolySwarm, a decentralized antivirus marketplace, incentivize techies around the world to contribute toward fighting cybercrime. Not only does this give bright talent a chance to shine, regardless of their location, education, or history, but it also helps detect cybercrime faster.

Dwell times (the amount of time a virus sits dormant inside a system before activating) is one of the most serious threats today, meaning speed is of the essence. With former McAfee Antivirus CIO Mark Tonnesen as an advisor to the PolySwarm team, stopping cybercriminals in their tracks and preventing attacks is becoming a reality.

Not Everyone’s in Agreement

Of course, the debate about blockchain and its suitability as a technology rages throughout the cybersecurity industry as well. Despite the growing number of use cases and gathering momentum for blockchain, not everyone’s in agreement about its potential.

CEO of Gunner Technology Cody Swann says, “We’ve been inundated with requests for blockchain apps from entrepreneurs. Unfortunately, none of these products have made it past alpha on the blockchain. Why? Because in the vast majority of the cases, the blockchain is an inferior choice to most technologies.”

Worldpay Vice President and Head of Global Cyber Defense & Security Strategy, Peter Tran, is also less than enthused with blockchain technology so far. He believes that artificial intelligence and machine learning have the upper hand in fighting cybercrime. And also that rehauling existing infrastructures may not be an economic reality.

The challenge here will be in making blockchain technology easier, more effective, and cheaper to use. But it’s heartening to know that blockchain is already solving many of our problems and can only go up from here.

Originally published on Coincentral: https://coincentral.com/blockchain-applied-cybersecurity/

“Cryptocurrency Modern Day Payment System or Uncalculated Risks?” can be read on Amazon Kindle Unlimited for Free You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)

Author:

Christina Comben

“Top Misconceptions of Cryptocurrency as a Payment System”

Which can be read on Amazon Kindle Unlimited for Free You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)

Crypto Crimes: ICO Scams, Robbery, and Money Laundering

by Admin | Cryptocurrency, Terrorist financing

The rising popularity of cryptocurrency and blockchain technology has brought many benefits to the world; however, this hasn’t come without a few downsides. Along the way, we have also seen a rise in the number of cryptocurrency crimes. From kidnappings to money laundering and many more types of crime, police and governments around the globe are looking to coordinate efforts in order to stop crypto criminals. In this article, we’ll take a look at some example cases and how law enforcement is handling them.

ICO Scams

ICO scams are one of the most common types of cryptocurrency crimes. Oftentimes, project teams are completely fictitious. As during any ICO, investors send ETH, BTC, USD, and/or other currencies to the wallets of the project. The only difference is that fake projects keep the funds and give no tokens whatsoever in return. Most often, these scams involve fake project team profiles, which sometimes even include big-name entrepreneurs like Richard Branson.

One ICO for a project called Miroskii used a photo of actor Ryan Gosling for a profile of a fake graphic designer named “Kevin Belanger”. While it might appear evident to some or even most people that this was a fake profile, this fraudulent ICO actually claimed to have raised $830,000. Little is known about the consequences of such a scam since there is currently no info online about any charges against the project. Even the project website is still running; however, you won’t find the profile for “Kevin Belanger” or anyone else on the team any more.

The ICO scam issue is so bad that the United States Federal Trade Commission (FTC) will be discussing this as part of its workshop in Chicago on June 25, 2018, at DePaul University. One of the biggest problems with ICO scams is the overall lack of regulatory framework in place for public fundraising at a national level. In the US, for instance, states like Texas have been the most proactive in banning certain cryptocurrency projects and ICOs that are deemed to be fraudulent.

Robbery

It’s bad enough when someone loses money due to a cryptocurrency exchange hack or an ICO scam but there are even worse ways to get funds stolen. There have been quite a few incidents of robbery and kidnappings involving cryptocurrency. During one such incident in Dubai, a gang of ten individuals pretended to be in charge of issuing mandated trade licenses for the cryptocurrency. Two brothers who were looking to purchase trade licenses were carrying around $1.9 million in cash. The gang impersonating the trade license issuers stole the cash from the two brothers and also assaulted them. Since that time, the ten suspects have been apprehended and referred to public prosecutors.

In another incident, Louis Meza, a man from New Jersey, even kidnapped his friend and stole $1.8 million in cryptocurrency. Meza lured his friend into a minivan and a gunman pointed a pistol at the friend, demanding his 24-word passphrase to access the victim’s Ledger Nano S wallet. Meza also looted the victim’s apartment, stealing a ledger and other information. While a lot of cryptocurrencies are designed to make the transfer funds untraceable or at least rather difficult to track, Meza made two key mistakes.

First, there was surveillance video showing him enter the victim’s apartment. Second, he used a popular cryptocurrency exchange to transfer stolen funds from ETH to BTC. The account’s public address included his own name, which gave a lot of evidence linking Meza to the crime. Meza pleaded not guilty to grand larceny, kidnapping, robbery and related counts at his arraignment in the Manhattan Supreme Court in December 2017. The judge ordered $1 million bond or $500,000 cash bail.

Money Laundering

There have already been a few large-scale cases for money laundering via cryptocurrency. Thomas Mario Costanzo allegedly used cryptocurrencies to launder proceeds for drug dealers. Costanzo was arrested during a USDHS-coordinated raid in April 2017. Evidence also shows that Costanzo used crypto to buy drugs and offered an online cryptocurrency exchange service for other people to purchase drugs without adding the required KYC authentication process.

The possible sentence for such crimes is rather hefty. The five charges placed on Costanzo can bring a maximum sentence of 20 years in prison, a $250,000 fine, or a combination of the two. In addition, any cryptocurrencies used in these crimes could be taken away by the U.S. Justice Department. The sentencing will take place on June 11, 2018.

There have even been some cases requiring international law enforcement cooperation. One recent example involved authorities from Finland, Spain, the United States, and Europol. In this case, 137 individuals were investigated and 11 were ultimately arrested in April 2018. Originally, criminals laundered drug money from Spain to Colombia using credit cards.

The group realized quickly switched to cryptocurrencies after realizing the easy traceability of traditional bank accounts. Nonetheless, law enforcement officials from Europol were able to track down criminals by monitoring crypto-to-fiat exchange transactions (Colombian pesos). Europol has stated that it is committed to giving additional cryptocurrency crime detection training to its officers. It will also continue to coordinate to stop such crimes both within the EU and beyond.

The Future of Crypto Crimes

Undoubtedly, crimes related to cryptocurrency will continue to rise as the popularity of cryptocurrency in general rises. Even though there are many good aspects of a crypto-based economy (i.e. greater transaction privacy, users control over funds, and freedom of capital flow), these same benefits do bring new potential challenges to stopping crimes of the present and future. In some instances, criminals might still leave behind evidence that can be tracked.

However, it is also likely that cryptocurrency crimes will become more intricate and potentially even more difficult to stop than traditional crimes attached to fiat currency. As criminals become smarter, it is clear that law enforcement agencies will have to remain on top of changes in emerging technologies as they relate to criminal activity.

written by Delton Rhodes

This article was originally published on Coincentral: https://coincentral.com/crypto-crimes-ico-scams-robbery-and-money-laundering/

“Top Misconceptions of Cryptocurrency as a Payment System”

Follow the Money – Has Cryptocurrency Rendered this Adage Useless?

by Admin | Anti-money laundering

Cybercriminals predate the use of cryptocurrency

Indeed, editorial stories like this one “Bitcoin Gains Value Due to Criminal Use [Only], writes a Forbes Columnist” has influenced many into believing that cryptocurrency is only used by cybercriminals, organized crime and terrorist on the darknet. Before cryptocurrency, victims were informed to transfer ransom money by mailing cash through a money transfer operator (MTO). The pick-up person using fake documentation would take possession of the victim’s cash, leaving no trace of their real identity.

Victims of the WannaCry ransomware attack, in May 2017, received a simple message informing them to send $300 worth of bitcoin to this address if they want to see their data again.

Criminals continue to evolve by exposing any method or means available to them including technology. However, using cryptocurrency doesn’t put criminals out of law enforcement’s reach. On the contrary, as soon as a cryptocurrency is spent, the forensic trail begins. This is an excerpt from the book Cryptocurrency Modern Day Payment System or Uncalculated Risks? Which can be read on Amazon Kindle Unlimited for Free

The Forensic Trail Begins

Maybe, law enforcement panicked in the beginning, but they have adapted to cryptocurrency and their blockchain technology. Granted, cryptocurrency transactions themselves are not tied directly to anyone’s identity, but every transaction uses a unique string of letters and numbers 1Ez69nzzmePmZX3WpEzMKTrcBF2gpNQ55, that recognize the destination of both sender and receiver. These unique strings of letters and numbers give law enforcement enough information to follow transactions on a blockchain and eventually to a recipient’s e-wallet. More importantly, than the information itself is that all of a blockchain’s data is traceable, permanent, immutable, reliable and available to everyone who wants to see it. Therefore, that line “follow the money” made famous in the 1976 motion picture “All the President’s Men” is as true today as it was then. Not only a digital time stamp but a digital witness!

Techniques and Tools

Like criminals, law enforcement has adapted to these new technologies developing new techniques and tools to follow and identify cyber attackers, even on unused addresses. Agents monitor blockchains and the darknet looking for correlations across transactions and their attributes such as:

Timelines
Amounts
Domain names
IP and email addresses
Pseudonyms
Payments
Connections
etc.

Upon detecting any conspicuous activity or transactions on a blockchain or on the darknet, law enforcement will start investigating. In the hope of finding similarities that will give them vital clues in both new and unsolved cases. Therefore, agents comb through thousands of registered cases at the IC3 (Internet Crime Complaint Center). For example, in cases that involved ransomware, if a ransom was paid by registered victims, law enforcement can search for connections between the recipient’s wallets to generate a list of wallets associated with the same entity that issued the ransom demand. At the same time, new addresses are constantly checked against cases in the FBI’s case management system that are currently being worked on. For example, another agent might have already come across these addresses in association with another crime. For instance, someone who sold remote desktop protocol (RDP) credentials on the darknet for accessing third-party computers from anywhere in the world.

This analysis can lead agents to exchanges, e-wallets, and even gambling sites, on which law enforcement could serve a subpoena to learn more details on the transactions and the account owners. Once the payment recipient is identified, the investigator will have a confirmed IP address, location as well as a criminal profile, potentially linking a suspect to other criminals and crimes.

Consider this before Going the Extra Mile

For those, individuals willing to go the extra mile to cover their tracks. The market is saturated with unlawful businesses offering alternative entry points and mixing services to help users improve the anonymity of their cryptocurrency transactions. Likewise, there are cryptocurrencies like Monero (XMR), DASH (DASH), and ZCash (ZEC) that offer users an extra layer of privacy by applying zero-knowledge proof or a built-in mixing process as is the case with DASH. Granted, the options for concealing one’s identity are endless and as a result, it makes life harder for law enforcement to follow or tie a transaction to an individual, but not impossible! Before deciding to use an alternative entry point or a coin with zero-knowledge proof to hide one’s identity here are some things to consider:

Cyberattacks and insider fraud are not uncommon events at legitimate cryptocurrency businesses. I can’t imagine that an unlawful business would be a better custodian for someone trying to hide the source of their money.
A majority of businesses operating unlawfully are already on law enforcements’ radar and a subpoena can be issued at any time.
A business offering unlawful services can also be a setup by law enforcement.
Mixing is more vulnerable to Sybil attacks.
Mixing is not immune to forensic technology so there is always a real chance that investigators can link the coins back to the original address.
Mixing needs at least two people, therefore you are helping someone to launder their money
What if, after mixing, you receive coins that were involved in a crime and law enforcement traced them to you. Likely outcome these coins will be confiscated and you might require expensive legal counseling to avoid criminal charges.
Let’s not take our eyes off the main players in the industry. Miners confirm valid transactions. Also, 50 percent of the hashpower is controlled by a handful of miners. Government agencies can always apply pressure to these miners as witnessed in China.
Coins that claim to offer total privacy all have their own nuances and if not used accordingly can jeopardize any chance of anonymity. For example, take Monero it offers users full anonymity as long as it is used on its blockchain. Also, many are relatively new ICOs, therefore, the bugs haven’t yet been identified.
It’s only a matter of time before the crypto-industry is regulated and it’s probably safe to say that holders of coins offering total anonymity will be penalized.
Unfortunately, for bad actors, the flow of sending and receiving data through these cryptocurrency networks are not well-coordinated events. Therefore, anyone monitoring a network will be able to immediately recognize when a transaction is sent out and map it to that IP address as the owner of that cryptocurrency. Also, when a massive number of transactions are sent from a single source, it’s only a matter of time before the addresses are unwound and mapped to their proper IP addresses.

Furthermore, any serious exchange or wallet service will conduct a thorough Know Your Customer (KYC) on every new account as part of their onboarding process. That means linking personal identity to your wallet and to your bank account. Recently, Circle-owned Poloniex exchange froze a slew of user accounts in the midst of implementing a new know your customer (KYC) verification process. Legacy account users, those whose accounts were verified under Poloniex’s old guidelines, reportedly received emails from Poloniex support requesting that they comply with the new verification method. The email asks that each legacy account provides “a verification photo…as well as a photo of a valid government-issued ID card or passport.” More on the Poloniex exchange story can be found at coincentral or click here Even the smartest criminals get careless and blockchain technology continues to be a bonafide weapon for combating and prosecuting crimes. Written by Paul Hamilton