Police are closing in on thieves who stole Bitcoin valued at $370 million during the collapse of popular exchange Mt Gox – and just 1% of the theft is believed to be the work of outside hackers.
The post Police close in on Bitcoin fraudsters who stole $370m in Mt Gox collapse appeared first on We Live Security.
By now you’ve probably heard a little about Bitcoin or one of the other virtual currencies. You’ve probably heard about the price fluctuations, maybe about the connections with illegal activities, or maybe even new companies starting to accept them as payments. These are all great ways to start learning about Bitcoin, but what interests me the most is the potential positive impact on privacy.
Bitcoin has been around for over five years now and many are still trying to really get a good grasp on what it is. The best way to describe Bitcoin is that it is a protocol, similar to what powers your email or phone number, which uses a public ledger to record every transaction. So when I purchase a new computer with Bitcoin or even just give some to a friend, anybody in the world can see it happen in near real time if they are looking at the ledger. This makes the world a much more public place, but still gives us more privacy by the pseudo-anonymous addresses and decentralized system.
The biggest case for privacy in Bitcoin is the pseudo-anonymous transactions. When looking at the public ledger we can see transactions occurring every second, the exact amount in each address, any notes attached to transactions, and what address each transaction is going to. While everything is very public in the ledger, the addresses themselves are all random strings of letters and numbers to allow the owner of each address to remain private.
One way to understand how these random strings allow for us to be anonymous, if we wish, is by making sure nobody knows what your address is. These addresses are something you can generate yourself without any need to connect with an email address or real name. You can then make payments or send Bitcoin to other people without ever having to give over personal information.
Some people may wish to publicize one of their Bitcoin addresses to allow others to send Bitcoin their way. This might be posted on a website, in an email, or even on social media so that others can see. For this reason it’s easy to generate multiple addresses that don’t need to be tied together in any matter so that you can remain pseudo-anonymous while still providing some public information.
One of the most common themes seen in today’s technology news is breaches or hacks around credit cards. Most of the time there is a central company or website that has a collection of credit cards, names and addresses associated with them, and sometimes even the pins to the cards. This presents hackers with a treasure chest of information to attempt to get their hands on. Using Bitcoin, all of the information remains in your hands, and any attempts to alter the transaction records and forge payments is instantly broadcast and seen by everybody.
There are many “wallets†for Bitcoin online, which allow users to quickly setup addresses and start using Bitcoin, but it’s important to make sure you utilize all of Bitcoin’s security and privacy settings by keeping things in your own hands. With any amount of Bitcoin it would be smart to send to an “offline wallet†or addresses that only you have access to the private key, similar to pins for debit cards. With an offline wallet it’s important to keep a backup of the private key and if stored on a computer encrypt so not anybody can access. The recommendation however is to print and save in a secure location like a bank or safe offline.
Bitcoin may be interesting to watch because of the investment opportunity and hearing about those that have become rich off of it but the protocol itself opens up a lot of doors for privacy and security in the payment industry. By being able to anonymously send Bitcoin to anybody in the world, audit the entire system at any time, and keep the keys in your own hands people should be able to feel more trust in a world full of breaches and hacks.
By now you’ve probably heard a little about Bitcoin or one of the other virtual currencies. You’ve probably heard about the price fluctuations, maybe about the connections with illegal activities, or maybe even new companies starting to accept them as payments. These are all great ways to start learning about Bitcoin, but what interests me the most is the potential positive impact on privacy.
Bitcoin has been around for over five years now and many are still trying to really get a good grasp on what it is. The best way to describe Bitcoin is that it is a protocol, similar to what powers your email or phone number, which uses a public ledger to record every transaction. So when I purchase a new computer with Bitcoin or even just give some to a friend, anybody in the world can see it happen in near real time if they are looking at the ledger. This makes the world a much more public place, but still gives us more privacy by the pseudo-anonymous addresses and decentralized system.
The biggest case for privacy in Bitcoin is the pseudo-anonymous transactions. When looking at the public ledger we can see transactions occurring every second, the exact amount in each address, any notes attached to transactions, and what address each transaction is going to. While everything is very public in the ledger, the addresses themselves are all random strings of letters and numbers to allow the owner of each address to remain private.
One way to understand how these random strings allow for us to be anonymous, if we wish, is by making sure nobody knows what your address is. These addresses are something you can generate yourself without any need to connect with an email address or real name. You can then make payments or send Bitcoin to other people without ever having to give over personal information.
Some people may wish to publicize one of their Bitcoin addresses to allow others to send Bitcoin their way. This might be posted on a website, in an email, or even on social media so that others can see. For this reason it’s easy to generate multiple addresses that don’t need to be tied together in any matter so that you can remain pseudo-anonymous while still providing some public information.
One of the most common themes seen in today’s technology news is breaches or hacks around credit cards. Most of the time there is a central company or website that has a collection of credit cards, names and addresses associated with them, and sometimes even the pins to the cards. This presents hackers with a treasure chest of information to attempt to get their hands on. Using Bitcoin, all of the information remains in your hands, and any attempts to alter the transaction records and forge payments is instantly broadcast and seen by everybody.
There are many “wallets†for Bitcoin online, which allow users to quickly setup addresses and start using Bitcoin, but it’s important to make sure you utilize all of Bitcoin’s security and privacy settings by keeping things in your own hands. With any amount of Bitcoin it would be smart to send to an “offline wallet†or addresses that only you have access to the private key, similar to pins for debit cards. With an offline wallet it’s important to keep a backup of the private key and if stored on a computer encrypt so not anybody can access. The recommendation however is to print and save in a secure location like a bank or safe offline.
Bitcoin may be interesting to watch because of the investment opportunity and hearing about those that have become rich off of it but the protocol itself opens up a lot of doors for privacy and security in the payment industry. By being able to anonymously send Bitcoin to anybody in the world, audit the entire system at any time, and keep the keys in your own hands people should be able to feel more trust in a world full of breaches and hacks.
Bitcoin creator ‘Satoshi Nakamoto’ – a pseudonym – could be about to have his identity made public, after a series of odd emails from the address that has been his only point of contact with the world after he ‘went dark’ in 2011, according to a report in Forbes.
Someone claiming to be a hacker has access to “[email protected]â€, and has posted a threat to Pastebin, saying that he would “de-anonymize†the mysterious Bitcoin creator for a ransom of 25 Bitcoins.
The threat says, “Releasing the so called “gods” dox if my address hits 25 BTC.And no, this is not a scam.†A series of mysterious emails from the Bitcoin creator’s supposed address, reported by Vice.com, have done little to clear up the mystery.
A test email from We Live Security found that the address is now delivering a “mailbox unavailable†error message.
One colleague received a threat to “hitman†him from the account, which Forbes reports drily as not being in the “usual style†of the cryptocurrency founder.
The identity of ‘Satoshi Nakamoto’ who handed over control of the site to a developer nearly four years ago, has been hot property since Newseek incorrectly identified a man, Dorian Nakamoto, as beeing the mysterious developer of the cryptocurrency.
Forbes reports that the email address has lain dormant since 2011, since ‘Nakamoto’ ceased corresponding with people via the address. The magazine speculates that the GMX.com addresss may have fallen dormant through disuse, and been opened up to another user, as GMX’s terms of service specify that accounts can be “terminated†after that time.
Things got yet more mysterious when two separate people appeared to correspond with Motherboard at Vice from the same address. One sent a screenshot showing an Inbox with 11,000 emails.
The site writes, “Motherboard was able to communicate with two individuals who have access to Nakamoto’s old email address. The first said he was only browsing Nakamoto’s for fun. The second not only claimed to be the real hacker of the account, but also said the first person we spoke with was Nakamoto himself.â€
The series of emails, chronicled by Vice, become increasingly cryptic as the supposed hacker denies he is associated with the Pastebin post.
One of the concluding emails thickens the plot still further. Asked if he is sure that the other individual with access is definitely Satoshi, the hacker replies, “Satoshi is smart and will have tried to put the people looking for him on the wrong path. This is why I can’t be sure.â€
The post Bitcoin creator – could he be ‘outed’ after email ransom? appeared first on We Live Security.
Nothing is ever certain about our future, but when it comes to privacy, we can take a look at current trends and make some educated guesses as to what we will see tomorrow, next year, or even in 10 years’ time…
Looking at those trends, it’s clear that no matter how people’s privacy is violated and taken away, there will always be new tools to help protect it combat them and most important of all, keep people in control of their own privacy.
Innovation helps both sides of the spectrum and will lead to many games of cat and mouse moving forward into the future. To be more specific though I see two primary areas where privacy will be influenced the most in the future: anonymity and user owned data.
Being anonymous is one of the hardest things to do, if not impossible, in this day and age. With the prevalence of online tracking, government surveillance, and login systems everywhere it is very difficult to keep things to yourself unless you are willing to forgo the online world. While there are many services that start to offer “anonymous†services such as Secret and Telegram, there is always something that is connecting your device to the posts you do or the interactions you make. That’s why I see a future where pseudo-anonymity is commonplace.
Pseudo-anonymity would allow people to be anonymous to others and possibly to the application they are interacting with, but still be able to put together a profile and have an account. Adopting a pseudo-anonymous system has potential far beyond simple messaging apps and in something like Bitcoin, has the potential to really change the world.
In Bitcoin, everyone has a public address where you can see where Bitcoins are being sent to and from, and follow transactions very publicly, but you can’t actually identify the person that has the addresses unless they specifically tell you. This form of pseudo-anonymity is regarded as a positive step for privacy as it allows for direct audits and transparency of information while still letting individuals control their identifiable data.
Bitcoin is just one example of pseudo-anonymous technology, while even Facebook is taking steps to allow for Facebook login where apps cannot access your identity but rather just verify you are a person. It’s important I think to separate out task of verifying users as real people and learning their identities. That way we can have quality services supported by real users but without them having to sacrifice their privacy. Pseudo-anonymityis a good bridge for these two things.
Right now as you browse the web there are dozens of companies that are collecting information about what you search for, what pages you visit, what you watch, and more. These companies make inferences about you such as your gender, income bracket, and marital status. They then sell this information to advertisers who will try to serve you with more relevant ads so that you are more inclined to click on them. This is the current status quo but it relies heavily on inferences and guesswork, which means there is a limit to how accurate the information can be.
Currently many companies have tried to bring user control to this aspect of online data collection, but nobody has truly succeeded. To get users to willingly hand over their data to companies, there needs to be a high enough value proposition for the users. Facebook and Google do a great job of this currently by providing free services that we use every day in return for data to be used for advertising. Other companies are still trying to crack the code on what would be valuable enough to these users. Online advertising is still in a high growth phase though and has a strong outlook to expand and grow into the future. Once advertising matures enough, it may become worth enough for other companies to be able to provide proper incentives to users in return for access to their data.
While nobody can predict the future we can help build the future we want to be a part of. The next time you sign up for a site or enter a competition in exchange for your email address and phone number, consider what information you are really giving up, who is getting access to it, and how it will be used. If we want a future where we are all more in control of our privacy we must start to take better care of our data.
If you have any ideas of what would be ideal in your future for privacy, let us know in the comments or drop us a line on our Facebook page at https://www.facebook.com/AVG.
A new tactic where waves of Bitcoin wallet phishing emails are targeted at corporations has proved a success for the criminals behind it – with nearly 2.7% of victims clicking on the malicious link embedded in the two waves of 12,000 emails. Previous Bitcoin wallet phishing campaigns usually targeted known lists of Bitcoin users.
Proofpoint, which monitored the attack, said people who did not use Bitcoin wallets clicked on the emails as well as users of the cryptocurrency, which were sent in two separate waves directed at organizations across various industries.
Proofpoint said that the high success rate proved how much the hype behind the Bitcoin wallet had caught the imagination of the general population.“Unregulated and designed for anonymity, Bitcoin represents an attractive, $6.8 billion target to cyber criminals,” Proofpoint said.
The Register’s John Leyden reported, “This high click-through rate is a concern because crooks could easily switch from Bitcoin scams to targeting curious users with DDoS malware, remote access Trojans, corporate credential phish, or other threats.â€
Anti-phishing firm Cloudmark commented on The Register’s report that the relatively low volume campaign had not been effective at avoiding spam filters – and thus was likely the work of “inexperienced spammers.â€
The emails took the form of fake “account warning†emails, except using the Bitcoin wallet site Blockchain instead of banks or online payment services. The warning described a failed login attempt “originating in Chinaâ€. As soon as victims clicked they were directed to a fake version of the Blockchain site, which includes a Bitcoin wallet.
Unlike with many banks and credit cards, there is little protection for Bitcoin users who have had their currency stolen – hence the many, many campaigns targeted at them.
The phishing campaign follows a fairly straightforward “account warning†template, using the Bitcoin site Blockchain.info instead of the usual bank or online payment service names. Prospective marks were falsely warned about a failed login attempt originating in China, attempting to create a sense of urgency by capitalising on popular fears over Chinese hacking.
Kevin Epstein, vice president of Advanced Security at Proofpoint said, “Cybercriminals are continuing to improve their odds of success by exploiting human psychology as well as technology. Proofpoint’s research team recently observed a startling example of these ‘human factor’ exploit tactics in a campaign nominally targeted at stealing Bitcoin access credentialsâ€
“People who had no Bitcoin accounts – no reason to click on the email solicitation – were clicking anyway. It seems likely that attackers were taking advantage of Bitcoin’s recent popularity in the news to engage targeted users’ curiosity.
“The implications for corporate security teams are significant. Security professionals cannot afford to ignore any phishing emails, even what initially appear to be consumer-oriented campaigns not relevant to professional end users, as such topical phish clearly compels clicks even from users who should have no reason to click.â€
The post Bitcoin wallet phishing scores unlikely hit with crypto-curious appeared first on We Live Security.
