The Legitimacy of Cryptocurrency Has Made It Harder for Hackers

Last year a few noteworthy things happened in terms of cryptocurrencies. The IRS won their case against Coinbase and over 14,000 people who traded over $20,000 USD in 2015 now have to face the IRS.   Exchanges in Asia started forcing KYC (Know Your Customer) requirements on customers as did most of the rest of the world. Bitfinex decided to block all U.S. customers in November of 2017 due to regulatory issues and uncertainty. What this means is that Bitcoin and cryptocurrency is becoming harder to trade anonymously and without paying taxes. This is what happens because of legitimacy from regulation, lawful trade and taxation. I am not saying there isn’t much debate still regarding the legality, legitimacy or utility of cryptocurrencies; I’m saying 2017 had a significant change in how it is viewed.  Today, the SEC in the U.S. has been discussing forcing cryptocurrency exchanges to register with the SEC and there is no definitive answer to what this is going to mean or if it is going to happen.

Current views on whether an asset is a security tends to follow the “Howey Test,” which comes from a 1946 U.S. Supreme Court case. The ruling says a security involves the investment of money in a common enterprise, in which the investor expects profits primarily from others’ efforts.  Many speculate that Bitcoin in itself is not an enterprise, however Initial Coin Offerings or ICOs may fall into that category. With many organizations adopting blockchain technologies today, we may begin to see the ICO as needing to register with the SEC from the Howey Test. What this could mean is that tokens or “alt coins” may begin to see heavier regulation than just following KYC and AML (Anti Money Laundering).

What we’ve seen in the past from ransom campaigns is that buying cryptocurrencies has gotten more and more difficult.  If I were to ask you to procure 3-5 Bitcoin within 24 hours, could you do it? What steps would you have to take?  Depending on where you are, you might NOT be able to simply wire the funds for 3-5 Bitcoin and have it within 24 hours. Because of KYC and AML, you may find that purchasing 3-5 BTC could take you between 5-8 days. In the U.S., Coinbase has limits for new users.   Coinbase today will allow instant purchases for customers who have been fully verified and have linked bank accounts (and have purchase habits that justify the limit) to buy up to $25,000 per week. New customers may not purchase on day one. Here in India, some organizations have basic verification limits of 2 Crore Rupees per day, or 10 Crore Rupees per month in Bitcoin buying. Bitcoin is 5 Crore Rupees right now. So, if you think of these limits, and the verification processes, you may NOT be able to purchase enough Bitcoin to pay a ransom.

So, with that, you may have to ask: When Uber lost 57 million passengers’ data and silently paid, did Uber pay $100,000 in Bitcoin? The answer could be that they would have had to stockpile Bitcoin in the event that they needed to pay the ransom.  Research studies have been published that 33% of organizations are stockpiling bitcoin to pay ransoms. Two years ago, Radware’s Emergency Response Team Report found 7% of organizations were stockpiling cryptocurrencies to pay for ransoms.

One of the difficulties that WannaCry had last year was customer service. Because of the size and magnitude of infection of WannaCry, it was considered a large failure for the hackers to monetize because of the difficulty of buying cryptocurrencies. This could also be a large factor in the increase of companies buying and stockpiling cryptocurrencies to pay ransoms.

A month after WannaCry, the same vulnerability was exploited in Linux-based computers running un-patched Samba services. This new exploit based on WannaCry was called Eternal Miner. It was designed to NOT encrypt the hard drive and send a ransom note. Instead, it just made the machines mine a more anonymous cryptocurrency known as Monero. This simplified the process of monetization and eliminated the need to do customer support in teaching the victims how to buy cryptocurrency and send it to the criminals. Since then, we have seen over 500,000 unpatched Windows computers joined onto the Smominru botnet which has earned the hackers over $3.6 Million USD.  So, using the same vulnerability to fumble out $170,000 turns to $3.6 million when the tactic changes to cut out the end user here.

Now, it’s become very commonplace for the hackers to utilize compute resources today instead of the old-fashioned ransomware virus. We’ve seen the “CoinHive” JavaScript hijack browsers around the world, and some shady ISPs inject this code into data streams to make extra money. This is the change of the landscape from 2017 to 2018. The regulation of bitcoin and crypto-trading has made it much more challenging for hackers to bring their ill-gotten gains back to fiat currency.

Bitcoin’s underpinning blockchain technology was initially designed to record transactions on the public ledger. The digital ledger also stores addresses of the sender and receiver of a payment with the exact time. Investigators have developed databases and tactics to use this data to tackle criminal activities.

Monero, created in 2014, encrypts addresses and produces fake addresses to shroud the sender. Additionally, the cryptocurrency feature can also conceal the amount of the transaction. Hence, providing a safe haven for wrongdoers and regular privacy-minded users alike.

Because of this difference, the hacking and Darknet communities have switched to favoring Monero. With this change, it definitely is going to make tracking criminals much harder in the near future.   Law enforcement worldwide will now have to focus more on money laundering. This may be part of the reason why the regulators are looking to track the crypto-exchange activities, as getting record of trade activity is going to be one of the ways to identify criminals.  The next couple of years are going to be interesting as we watch these changes in regulation weave into investment platforms and assist law enforcement. The rollercoasters of the markets will probably continue as we see these scenarios play out.

 

Source : www.radware.com

Share to:

VIRTUS PARTNER ACADEMY

Program benefit terbaru Virtus untuk Mitra Bisnis. Virtus Partner Academy adalah kursus pelatihan IT online dengan kurikulum lengkap yang dapat diakses kapan saja dan dari mana saja.

BELANJA LEBIH, DAPATKAN LEBIH

PROGRAM INSENTIF VIRTUS

untuk Mitra Bisnis

Privacy Policy

PT Virtus Technology Indonesia (“VTI” atau “kami”) sangat berkomitmen untuk memastikan bahwa privasi Anda dilindungi sebagai hal yang sangat penting bagi kami. Pada https://www.virtusindonesia.com/, kami akan mengatur penggunaan Anda terhadap situs web ini, termasuk semua halaman di dalamnya (secara kolektif disebut sebagai “Situs Web ini” di bawah ini), kami ingin berkontribusi untuk menyediakan lingkungan yang aman dan terjamin bagi pengunjung.Berikut adalah ketentuan kebijakan privasi (“Kebijakan Privasi”) antara Anda (“Anda” atau “Anda”) dan VTI. Dengan mengakses situs web ini, Anda mengakui bahwa Anda telah membaca, memahami, dan setuju untuk terikat oleh Kebijakan Privasi ini.
Penggunaan Layanan Langganan oleh VTI dan Pelanggan Kami
Ketika Anda meminta informasi dari VTI dan memberikan informasi yang secara pribadi mengidentifikasi Anda atau memungkinkan kami menghubungi Anda, Anda setuju untuk mengungkapkan informasi tersebut kepada kami. VTI dapat mengungkap informasi tersebut hanya untuk keperluan pemasaran, promosi, dan aktivitas semata-mata untuk kepentingan VTI dan Situs Web.
Pengumpulan Informasi
Anda bebas menjelajahi Situs Web tanpa memberikan informasi pribadi tentang diri Anda. Ketika Anda mengunjungi Situs Web atau mendaftar untuk layanan langganan, kami menyediakan beberapa informasi navigasional agar Anda mengisi informasi pribadi Anda untuk mengakses beberapa konten yang kami tawarkan. VTI dapat mengumpulkan data pribadi Anda seperti nama, alamat email, nama perusahaan, nomor telepon, dan informasi lainnya tentang diri Anda atau bisnis Anda. Kami mengumpulkan data Anda secara online dan offline. VTI mengumpulkan data Anda secara online menggunakan fitur media sosial, pemasaran melalui email, situs web, dan teknologi cookies. Kami mungkin mengumpulkan data Anda offline dalam acara seperti konferensi, pertemuan, lokakarya, dll. Namun, kami tidak akan menggunakan atau mengungkap informasi tersebut kepada pihak ketiga atau mengirim email yang tidak diminta ke alamat yang kami kumpulkan, tanpa izin eksplisit Anda. Kami memastikan bahwa identitas pribadi Anda hanya akan digunakan sesuai dengan Kebijakan Privasi ini.
Cara VTI Menggunakan Informasi yang Dikumpulkan
VTI menggunakan informasi yang dikumpulkan hanya sesuai dengan kebijakan privasi ini. Pelanggan yang berlangganan layanan langganan kami diwajibkan melalui perjanjian dengan mereka untuk mematuhi Kebijakan Privasi ini.
Selain penggunaan informasi Anda, kami dapat menggunakan informasi pribadi Anda untuk:
Meningkatkan pengalaman penjelajahan Anda dengan mempersonalisasi situs web dan meningkatkan layanan langganan.
Mengirim informasi tentang VTI.
Mempromosikan layanan kami kepada Anda dan berbagi konten promosi dan informatif dengan Anda sesuai dengan preferensi komunikasi Anda. Mengirim informasi kepada Anda mengenai perubahan pada ketentuan layanan pelanggan kami, Kebijakan Privasi (termasuk kebijakan cookie), atau perjanjian hukum lainnya.
Teknologi Cookies
Cookies adalah potongan kecil data yang situs web transfer ke hard drive komputer pengguna ketika pengguna mengunjungi situs web. Cookies dapat mencatat preferensi Anda saat mengunjungi situs tertentu dan memberikan keuntungan mengidentifikasi minat pengunjung kami untuk analisis statistik situs kami. Informasi ini dapat memungkinkan kami untuk meningkatkan konten, memodifikasi, dan membuat situs kami lebih ramah pengguna. Cookies digunakan untuk beberapa alasan seperti alasan teknis agar situs web kami beroperasi. Cookies juga memungkinkan kami untuk melacak dan mengarahkan minat pengguna kami untuk meningkatkan pengalaman situs web dan layanan langganan kami. Data ini digunakan untuk memberikan konten dan promosi yang disesuaikan dalam VTI kepada pelanggan yang memiliki minat pada subjek tertentu.Anda memiliki hak untuk memutuskan apakah menerima atau menolak cookies. Anda dapat mengedit preferensi cookies Anda pada pengaturan browser. Jika Anda memilih untuk menolak cookies, Anda masih dapat menggunakan situs web kami meskipun akses Anda ke beberapa fungsi dan area situs web kami mungkin dibatasi.Situs Web ini juga dapat menampilkan iklan dari pihak ketiga yang berisi tautan ke situs web lain yang menarik. Setelah Anda menggunakan tautan ini untuk meninggalkan situs kami, harap dicatat bahwa kami tidak memiliki kendali atas situs tersebut. VTI tidak dapat bertanggung jawab atas perlindungan dan privasi informasi apa pun yang Anda berikan saat mengunjungi situs web tersebut, dan Kebijakan Privasi ini tidak mengatur situs web tersebut.
Kendalikan Data Pribadi Anda
VTI memberikan kontrol kepada Anda untuk mengelola data pribadi Anda. Anda dapat meminta akses, koreksi, pembaruan, atau penghapusan informasi pribadi Anda. Anda dapat berhenti berlangganan dari aktivitas pemasaran kami dengan mengklik berhenti berlangganan dari bagian bawah email kami atau menghubungi kami langsung untuk menghapus Anda dari daftar langganan kami. Kami akan menjaga informasi pribadi Anda agar akurat, dan kami memungkinkan Anda untuk memperbaiki atau mengubah informasi pribadi Anda melalui marketing@virtusindonesia.com.