"Oh, the things you can find, if you do not stay back!"
Those words, spoken by Theodor Seuss Geisel, or as we know him, Dr. Seuss, still have the power to change the world, even with cybersecurity and blockchain technology. That's right, I brought the good doctor home.
For those fans of technology and blockchain, & nbsp; continues to push forward, because this space is opening up a whole new world worth exploring. Of course, the path that awaits us can be blocked with silos, but nevertheless, it is time to put them aside.
"And will you do it? Yes, you really will! (98 and & frac34; percentage guaranteed)." & Nbsp;-Dr. Seuss
National cyber security awareness raising month
With October 15thth anniversary of the "National Cybersecurity Awareness" at the end, our digital hygiene must remain first. Started by United States Department of Homeland Security, & nbsp; October has served for 15 years, & nbsp; as a time for everyone to learn about new computer security tips for the season.
I asked Robert Herjavec, Founder and CEO of Herjavec Group, as the period will describe:
"Supporters of this great initiative are committed to raising awareness on the importance of cybersecurity, educating businesses and consumers about industry trends, threats to cybersecurity and best practices".
Yet both I and Herjavec agree that the industry currently reflects a vital need to monitor the strength of our digital infrastructure on a daily basis; not just annually. But with all this talking about blockchain, how can technology help strengthen our infrastructure?
If Dr. Seuss were still around today, the lessons he would teach could help reduce a breach! So, I went to the global cybersecurity team at DLA Piper and talked to its partners, & nbsp;Deborah Meshulam& Nbsp; and & nbsp;Mark Radcliffe, also the head of & nbsp; the new blockchain division of the company. & nbsp; According to both Radcliffe and Meshulam, blockchain technology can help restore integrity in space.
Unfortunately, as Radcliffe pointed out to me, "The data integrity problem is rarely discussed and this new technology can help prevent attacks by detecting and discouraging unauthorized and undetected data tampering."
"The Blockchain can provide greater security over the identity of humans, such as Street number is Register of citizens of Estonia, in addition to the origin of articles and information, especially in the supply chain and in high value goods ", explained Radcliffe.
"By implementing this technology, we are helping to protect data integrity by making it very difficult to alter and reject data that is fake or altered, without authorization, in real time".
Radcliffe has identified five real incidents in the world where the use of blockchain technology could help reduce and / or significantly prevent them from occurring:
- Data of "doping" of an athlete who have been altered by "Fancy Bears", And then released;
- Oil platforms drilling in the wrong place because location data has been compromised;
- Counterfeit drugs that pass as valid prescriptions with diagnosed tracking data;
- Corporate IT departments that install hacked software; is
- Patch that to introduce security holes.
In essence, this technology helps reduce the risk of certain attacks such as phishing, theft and other unauthorized access crimes. With the Blockchain, the ability of a hacker to conduct an efficient attack, according to Meshulam, is "much more difficult, expensive and time consuming".
# 1 "A Phish, two Phish, Red Phish, run!"
Unlike Dr. Seuss "A fish, two fish, goldfish, blue fish", This story does not have a happy ending for his victim.
"Phishing" scams are the most widespread and often successful forms of cyber-theft in space, especially for the crypto-community. "phishing", It's a cyber-attack started in the early days of America Online (AOL), in which a hacker uses a "camouflaged weapon" as a weapon to obtain access information. The goal is ultimately to deceive the recipient of the email by making him believe that the message is something they want, need or have seen before. Examples include an "email" from their "bank", "friend / relative", "office", or even a family "seller".
But instead of these hackers following login information, they look for crypto-community positions, & nbsp; specifically by addressing the keys to their cryptocurrency portfolios. By implementing similar techniques replacing a letter with something similar (replacing an "i" with an "i" with an accent), hackers make it appear that a user or HODLr is accessing the same destination as if they had written it in themselves. And, before they know it, the hacker now has control over his portfolio. So, add your site to bookmarks and visit it only via the preferred link.
Attacks of 51%
Another common attack is the 51% offense, which substantially exceeds the validators needed to run a blockchain network. The Blockchain is difficult to modify because no single miner possesses most of the network's validation power, or hashrate.
But with these attacks, once the hacker reaches the majority of the network hashrate (51%), the Blockchain becomes theirs, in a sense, allowing them to rewrite the data as they see fit. This translates into changing the transaction history and re-routing transactions to their personal portfolios.
# 2 – "How the Grinch stole your funds" & nbsp;
It may not be Christmas yet, but having the cryptocurrency or the compromised portfolio from "black hat" the wrinkles can surely ruin your Christmas holidays.
Just this year, black hat hackers have already run away over $ 1 billion in stolen cryptocurrency funds. For a good that does not exist "physically", this seems to be rather the rough diamond.
The cryptography industry has been hit hard by a persistent number of centralized exchange attacks (CEX), decentralized exchanges (DEX) and exploits in the vulnerabilities of smart contracts.
bancor
More recently, bancor, a popular, semi-DEX, was hacked, but was able to implement an incident response measure that allowed the company to freeze some, but not all stolen funds.
According to Bancor, a portfolio used to update some smart-contracts, was compromised, which was then used to withdraw Ether (ETH) from the smart BNT contract, for a total of 24.984 ETH-equivalent to $ 12.5 million USD.
Thanks to a protocol functionality integrated in the smart contract, Bancor was able to freeze the value of 3.2 million dollars of BNT, its native token, which was stolen. However, the stolen ETH can not be frozen, making Bancor work jointly with dozens of exchanges to help identify stolen funds, making it difficult for hackers to liquidate them. In addition, another 230 million NPXS (PundiXTokens were also stolen in the breach, which eventually shared the same fate as the stolen ETH.
This revealed a more centralized nature of Bancor, leading to controversy throughout the cryptocurrency community.
DAO Hack
The infamous Exploit DAO, has brought about $ 150 million in stolen funds and possibly split of Ethereum in "Ethereum" and "Ethereum Classic" attack has been attributed to a Technical Problems at the intelligent contract encoding level, a bug that DAO developers had ironically "corrected" before the violation.
Mt. Gox Hack
The crypto-violation has heard "turn the world". In 2014, the cryptocurrency community was introduced to what was considered the biggest attack of an exchange, up to $ 500 million and nbsp;Coincheck hack, which coincided with its impact. The hacking of the Mt. Gox Exchange, has caused the theft of over 740,000 bitcoins, which have translated into over $ 530 million of lost funds.
These attacks & nbsp; they are showing that an essential defense mechanism to protect against such threats is often overlooked, especially real-time monitoring. Currently, many of the security solutions on the markets, particularly related to DEX, tend not to focus "chain analysis, alert systems, or data feed in real time " able to quickly identify and propagate information to necessary parties on a potential threat.
Smart contracts
Largely attributed to their novel, complicated nature, smart contracts have become extremely vulnerable and subject to security breaches. These exploits derive mainly because:
- A lack of technical experience and resources of small exchanges;
- Token contracts vulnerability for listed assets; is
- A general inability to identify and prevent fraudulent behavior.
As a result, these exploits have led to some of the most profound hacking schemes in the industry, as we have seen. But, moving from the ashes, there are new programming and auditing solutions like StellarX is MonitorChain. The recently launched StellarX front-end market takes a unique approach by including the universal order portfolio of Stellar Blockchain. StellarX tackles the tokenization at the protocol level, rather than hiding this information in depth in the coding of the smart contract.
For control purposes, Zenchain recently launched his MonitorChain product, in an attempt to monitor, alert and protect various participating entities from suspicious and fraudulent activity on the Ethereum blockchain. The product is an "Ethereum Oracle" chain serving as a universal monitoring center for detecting threats in real time.
I was able to contact Zenchain for his newly released service.
"MonitorChain was built out of necessity," said Seth Hornby, CEO of Zenchain.
"We started creating this security platform months ago to protect our decentralized applications from a hacked or fraudulent token landfill, which allows the internal alerting system and associated associated smart contracts to notify users so they can block inbound or outbound transactions from compromised accounts. "
The CEO told me that if the market were to use a product similar to MonitorChain, companies like Bancor would have been able to track down and identify the suspect addresses in real time, as well as notifying all the necessary exchanges on the incident.
3 – "What pet should I have?"
In a recent article In this sense, I have outlined why it was important for millennial investors, as well as any other investor, to take note of the type of cryptocurrency exchange they chose to outsource their funds to and why.
The differences between control units (CEX) and decentralized exchanges (DEX) are clear, but as between DEXs, understand which factors to consider are equally significant. & Nbsp; Secondly, find the right crypto-wallet in which to store them. Knowing the difference between a "hot wallet "and a" cold wallet"It can perhaps save you from making a very expensive and damaging mistake.
Having recently read the book, "Blockchain 101: Foundations of a new economy, "I contacted his author, Monika Proffitt, a serial entrepreneur and blockchain influencer, for more information on some of these cryptographic threats.
This portfolio connected to the Internet 24 hours a day, 7 days a week, is one of the main vulnerabilities that according to Profitt, combined with the volume of funds they hold, makes these exchange portfolios a primary target for hackers.
"The security of funds in a hot portfolio is only valid as the security habits of individuals or third parties who control the portfolio." "Cold wallets", on the other hand, are those not connected to the Internet, making them a much safer alternative. According to Proffitt, the most common form is a paper wallet– A piece of printed paper that contains private keys for a specific wallet address, usually in the form of a QR code. Until it is scanned, the wallet remains completely isolated from all incoming network connections.
While many crypto-holders use both hot and cold portfolios, it is important to know how much encryption is allocated to a particular portfolio for daily transactions and "savings".
# 4 – "If I Ran The Zoo" & nbsp;
When I asked DLA Piper's Mark Radcliffe to consider what he believes to be the biggest threat in the cybersecurity space today, he aimed at regulatory agencies:
"One of the biggest threats, in my opinion, is that government agencies depend on Blockchain, but they do not adequately protect their systems from DDoS, consensus attacks, and lose total control over the registry, but these problems have to be compared with the systems. Existing Fraud and Tamper Evidence. & nbsp; When combining blockchain technology with "hashes" or digital fingerprints of data and documents, the company can create a tamper-proof chain. and unauthorized, can compare the fingerprint of the original data with a fingerprint of the current data and confirm that it matches, otherwise the data are suspect.Because the blockchains are immutable, they provide the safest storage of the "seals "data without publicly sharing data … in a world of growing distrust, digital integrity is essential to doing business".
But the question of how the US Securities and Exchange Commission (SEC) plans to regulate cryptocurrency is a matter that has yet to be resolved.
Last month, more than one dozen members of the United States House of Representatives sent to letter to the president of the SEC, Jay Clayton, urging him and the agency to provide clear guidance to investors on how he intends to regulate this new class of digital assets.
But, in the eyes of the SEC, the law is clear, always from the 1946 Howey's decision. To date, the "Howey Test"It was used to clarify whether or not a resource was considered a" security "compared to a" commodity ".
In the United States, laws have allowed the emergence of companies like AngelList and its spinoff, Republic, Kickstarter and Indiegogo. Second Greg SparrowSenior Vice President of CompliancePoint, companies are taking a closer look at changing market trends, as well as growing public awareness of how their data is being used. "
In Europe, there is Desico, a recently launched platform for security token (STO) offers. I was able to reach the company because it believes that collaboration with these agencies is vital for the survival of space.
"Complying with SEC regulations is illegal," explained Laimonas Noreika, founder and CEO of DESICO. "Without anyone taking these companies into account, there are a number of those who have acted irresponsibly with investor money."
The general uncertainty regarding the regulatory environment is contained in a lack of trust in the crypto-ecosystem.
# 5 – "Oh, the places you will go!"
Security problems in the cryptocurrency space will continue to be a topic of trend discussion since the prevalence of hacks reaches an unsustainable level.
Code-level innovations with formal audits and improved programming languages offer a new opportunity to reduce the exploit instances of smart contracts. Using the tools available on the market, regulators, investors and exchanges can help provide a monitoring and alert structure that has been lacking in the cryptographic ecosystem.
Looking at how these projects and potentially solutions affect the evolution of our cybersecurity will be a vital factor for the growth and traditional acceptance of both blockchain and cryptocurrency technology.
">
"Oh, the things you can find, if you do not stay back!"
Those words, spoken by Theodor Seuss Geisel, or as we know him, Dr. Seuss, still have the power to change the world, even with cybersecurity and blockchain technology. That's right, I brought the good doctor home.
For technology and blockchain fans, keep pushing forward, because this space is opening up a whole new world worth exploring. Of course, the path that awaits us can be blocked with silos, but nevertheless, it is time to put them aside.
"And will you succeed? Yes, you really will! (98% ¾% guaranteed)." -Dr. Seuss
National cyber security awareness raising month
With October 15thth anniversary of the "National Cybersecurity Awareness" at the end, our digital hygiene must remain first. The initiative, initiated by the US Department of Homeland Security, has now worked for 15 years, and it is time for everyone to train on the new computer security tips for the season.
I asked Robert Herjavec, founder and CEO of Herjavec Group, how he would describe the period:
"Supporters of this great initiative are committed to raising awareness on the importance of cybersecurity, educating businesses and consumers about industry trends, threats to cybersecurity and best practices".
However, both Herjavec and I have agreed that the industry currently reflects the vital need to monitor the strength of our digital infrastructure on a daily basis; not just annually. But with all this talking about blockchain, how can technology help strengthen our infrastructure?
If Dr. Seuss were still around today, the lessons he would teach could help reduce a breach! So, I went to the global cybersecurity team at DLA Piper and talked with its partners, Deborah Meshulam and Mark Radcliffe, also at the head of the company's new blockchain division. According to Radcliffe and Meshulam, blockchain technology can help restore integrity in space.
Unfortunately, as Radcliffe pointed out to me, "The problem of data integrity is rarely discussed and this new technology can help prevent attacks by detecting and discouraging unauthorized and undetected data tampering."
"The Blockchain can provide greater security on the identity of human beings, such as the civic register of Civic and Estonia, as well as the origin of objects and information, particularly in the supply chain and in high value goods", explained Radcliffe.
"By implementing this technology, we are helping to protect data integrity by making it very difficult to alter and reject data that is fake or altered, without authorization, in real time".
Radcliffe has identified five real-world incidents in which the use of blockchain technology could help reduce and / or significantly prevent them from occurring:
- Data of "doping" of an athlete that have been modified by "Fancy Bears", and then released;
- Oil rigs drilling in the wrong place because location data has been violated;
- Counterfeit drugs that pass as valid prescriptions with diagnosed tracking data;
- Corporate IT departments that install hacked software; is
- Patches that introduce security holes.
In essence, this technology helps reduce the risk of certain attacks such as phishing, theft and other unauthorized access crimes. With the Blockchain, the ability of a hacker to conduct an efficient attack, according to Meshulam, is "much more difficult, expensive and time consuming".
# 1- "A Phish, two Phish, Red Phish, run!"
Unlike Dr. Seuss "A fish, two fish, goldfish, blue fish", This story does not have a happy ending for his victim.
"Phishing" scams are the most widespread and often successful forms of cyber-theft in space, especially for the crypto-community. "phishing", It is a cyberattack started in the early days of America Online (AOL), in which a hacker used a" camouflaged "weapon as a weapon to obtain access information.The goal is ultimately to deceive the email recipient making him believe that the message is something they want, need or have seen before.The examples include an "email" from their "bank", "friend / relative", "office", or even a " "family" seller.
But instead of these hackers who follow the login information, they look for the crypto-community positions, focusing in particular on the keys to their cryptocurrency portfolios. Implementing similar techniques of replacing a letter with something similar (replacing an "i" with an "i" with an accent), hackers make it appear that a user or HODLr is accessing the same destination as if they had written it in themselves And, before they know it, the hacker now has control over his portfolio. So, add your site to bookmarks and visit it only via the preferred link.
Attacks of 51%
Another common attack, is the 51% attack, which substantially exceeds the validators needed to run a blockchain network. The Blockchain is difficult to modify because no single miner possesses most of the network's validation power, or hashrate.
But with these attacks, once the hacker reaches the majority of the network hashrate (51%), the Blockchain becomes theirs, in a sense, allowing them to rewrite the data as they see fit. This translates into changing the transaction history and re-routing transactions to their personal portfolios.
# 2 – "How the Grinch stole your funds"
It may not be Christmas yet, but having a cryptocurrency or a compromised "black hat" wallet" the wrinkles can surely ruin your Christmas holidays.
Just this year, black hat hackers have already run away over $ 1 billion in stolen cryptocurrency funds. For a good that does not exist "physically", this seems to be rather the rough diamond.
The cryptography industry has been hit hard by a persistent number of centralized exchange attacks (CEX), decentralized exchanges (DEX) and exploits in the vulnerabilities of smart contracts.
bancor
More recently, bancor, a popular, semi-DEX, was hacked, but was able to implement an incident response measure that allowed the company to freeze some, but not all stolen funds.
According to Bancor, a portfolio used to update some smart-contracts, was compromised, which was then used to withdraw Ether (ETH) from the smart BNT contract, for a total of 24.984 ETH-equivalent to $ 12.5 million USD.
Thanks to a protocol functionality integrated in the smart contract, Bancor was able to freeze the value of 3.2 million dollars of BNT, its native token, which was stolen. However, the stolen ETH can not be frozen, making Bancor work jointly with dozens of exchanges to help identify stolen funds, making it difficult for hackers to liquidate them. In addition, another 230 million NPXS tokens (PundiX) were stolen in the leak, which eventually shared the same fate as the stolen ETH.
This revealed a more centralized nature of Bancor, leading to controversy throughout the cryptocurrency community.
DAO Hack
The infamous Exploit DAO, led to about $ 150 million in stolen funds, and eventually to the demerger of Ethereum in "Ethereum" and "Ethereum Classic." attack has been attributed to a Technical Problems at the intelligent contract encoding level, a bug that DAO developers had ironically "corrected" before the violation.
Mt. Gox Hack
The crypto-violation has heard "turn the world". In 2014, the community of cryptocurrencies was introduced to what was considered the biggest attack of an exchange, until the $ 500 million hack of Coincheck, which offset its impact. The hacking of the Mount. The Gox exchange caused the theft of over 740,000 bitcoins, which resulted in more $ 530 million of lost funds.
These attacks are demonstrating that an essential defense mechanism to protect against such threats is often overlooked, particularly real-time monitoring. Currently, many of the security solutions on the markets, in particular concerning DEXs tend not to focus on "chain analysis, alert systems, or data feed in real time " able to quickly identify and propagate information to necessary parties on a potential threat.
Smart contracts
Largely attributed to their novel, complicated nature, smart contracts have become extremely vulnerable and subject to security breaches. These exploits derive mainly because:
- A lack of technical experience and resources of small exchanges;
- Token contracts vulnerability for listed assets; is
- A general inability to identify and prevent fraudulent behavior.
As a result, these exploits have led to some of the most profound hacking schemes in the industry, as we have seen. But, moving from the ashes, there are new programming and auditing solutions like StellarX and MonitorChain. The recently launched StellarX front-end market takes a unique approach by including the universal order portfolio of Stellar Blockchain. StellarX tackles the tokenization at the protocol level, rather than hiding this information in depth in the coding of the smart contract.
For control purposes, Zenchain recently launched his MonitorChain product, in an attempt to monitor, alert and protect various participating entities from suspicious and fraudulent activity on the Ethereum blockchain. The product is an on-chain "Ethereum Oracle" that serves as a universal monitoring hub for real-time threat detection.
I was able to contact Zenchain for his newly released service.
"MonitorChain was built out of necessity," said Seth Hornby, CEO of Zenchain.
"We started creating this security platform months ago to protect our decentralized applications from a hacked or fraudulent token landfill, which allows the internal alerting system and associated associated smart contracts to notify users so they can block inbound or outbound transactions from compromised accounts. "
The CEO told me that if the market were to use a product similar to MonitorChain, companies like Bancor would have been able to track down and identify the suspect addresses in real time, as well as notifying all the necessary exchanges on the incident.
3 – "What pet should I have?"
In a recent article In this sense, I have outlined why it was important for millennial investors, as well as any other investor, to take note of the type of cryptocurrency exchange they chose to outsource their funds to and why.
The differences between control units (CEX) and decentralized exchanges (DEX) are clear, but as between DEXs, understanding which factors to consider are equally significant. Next, find the right crypto-wallet to store them. Knowing the difference between a "hot wallet" and a "cold wallet" can perhaps save you a very expensive and damaging error.
Having recently read the book "Blockchain 101: Fundamentals of a New Economy", I contacted its author, Monika Proffitt, a serial entrepreneur and influencer blockchain, for more information on some of these cryptographic threats.
This portfolio connected to the Internet 24 hours a day, 7 days a week, is one of the main vulnerabilities that according to Profitt, combined with the volume of funds they hold, makes these exchange portfolios a primary target for hackers.
"The security of funds in a hot portfolio is only valid as the security habits of individuals or third parties who control the portfolio." "Cold wallets", on the other hand, are those not connected to the Internet, making them a much safer alternative. According to Proffitt, the most common form is a paper wallet– A piece of printed paper that contains private keys for a specific wallet address, usually in the form of a QR code. Until it is scanned, the wallet remains completely isolated from all incoming network connections.
While many crypto-holders use both hot and cold portfolios, it is important to know how much encryption is allocated to a particular portfolio for daily transactions and "savings".
# 4 – "If I Ran The Zoo"
Quando ho chiesto a Mark Radcliffe di DLA Piper di considerare quella che lui ritiene essere la più grande minaccia nello spazio della sicurezza informatica oggi, ha puntato verso le agenzie di regolamentazione:
"Una delle maggiori minacce, a mio parere, è che le agenzie governative dipendono dalla Blockchain, ma non proteggono adeguatamente i loro sistemi da DDoS, attacchi di consenso e perdono il controllo totale sul registro. Tuttavia, questi problemi devono essere confrontati con i sistemi esistenti soggetti a frodi e manomissioni. Quando si combinano tecnologia blockchain con "hash" o impronte digitali digitali di dati e documenti, l'azienda può creare una catena di custodia a prova di manomissione. Qualsiasi parte interessata e non autorizzata, può confrontare l'impronta digitale dei dati originali con un'impronta digitale dei dati correnti e confermare che corrispondono, altrimenti i dati sono sospetti. Poiché i blockchain sono immutabili, forniscono la memorizzazione più sicura dei "sigilli" dei dati senza condividere pubblicamente i dati … in un mondo di crescente sfiducia, l'integrità digitale è fondamentale per fare affari ".
Ma la questione su come la Securities and Exchange Commission (SEC) degli Stati Uniti pianifichi di regolamentare la criptovaluta è una questione che deve ancora essere risolta.
Il mese scorso, più di una dozzina di membri della Camera dei rappresentanti degli Stati Uniti hanno inviato una lettera al presidente della SEC, Jay Clayton, sollecitando lui e l'agenzia a fornire indicazioni chiare agli investitori su come intende regolare questa nuova classe di risorse digitali.
Ma, agli occhi della SEC, la legge è chiara, sin dalla decisione Howey del 1946. Ad oggi, il "Howey Test" è stato usato per chiarire se una risorsa fosse considerata o meno una "sicurezza" rispetto a una "merce".
Negli Stati Uniti, le leggi hanno permesso la nascita di imprese come AngelList e il suo spinoff, Repubblica, Kickstarter e Indiegogo. Secondo Greg Sparrow, Senior Vice President di CompliancePoint, le aziende stanno dando un'occhiata più da vicino alle tendenze mutevoli all'interno del mercato, nonché alla crescente consapevolezza da parte del pubblico su come vengono utilizzati i loro dati ".
In Europa, c'è DESICO, una piattaforma recentemente lanciata per offerte di token di sicurezza (STO). Sono stato in grado di raggiungere l'azienda sul perché crede che la collaborazione con queste agenzie sia vitale per la sopravvivenza dello spazio.
"Evadere le normative SEC è illegale", ha spiegato Laimonas Noreika, fondatore e CEO di DESICO. "Senza nessuno che tenga conto di queste aziende, c'è un numero di coloro che hanno agito irresponsabilmente con i soldi degli investitori".
L'incertezza generale riguardo al contesto normativo è racchiusa in una mancanza di fiducia nel cripto-ecosistema.
# 5 – "Oh, i posti che andrai!"
I problemi di sicurezza nello spazio criptovaluta continueranno ad essere un argomento di discussione di tendenza in quanto la prevalenza di hack raggiunge un livello insostenibile.
Le innovazioni a livello di codice con verifiche formali e linguaggi di programmazione migliorati offrono una nuova opportunità per ridurre le istanze di exploit di contratti intelligenti. By utilizing market-available tools, regulators, investors, and exchanges can help to provide a monitoring and alert structure that has been missing for the crypto ecosystem.
Watching how these projects and potentially, solutions, impact the evolution of our cybersecurity, will be a vital factor in the growth and mainstream acceptance of both blockchain technology and cryptocurrency.