[ad_1]<div _ngcontent-c14 = "" innerhtml = "
Photocredit: GettyGetty
On August 15, Michael Terpin presented a & nbsp;$ 224 million lawsuit against AT & T. His 69-page claim states that the telecommunications giant could not protect his phone number–even after the escalation of your account to a "higher security level" with "special protection"–resulting in a combined $ 24 million hack of its cryptocurrencies.
This number could nano compared to the notorious Monte. Gox hack, where over $ 460 million has been stolen, or the DAO hack ($ 50 million), or the most recent hacks of Conrail ($ 37.2 million) e Bithumb ($ 31 million). But the scary part is the ease with which these hacks are executed. In fact, instead of breaking up smart contracts or hacking swaps and stealing private keys, now boys between 19 and 22 can steal millions at a cost of 99 cents, without any effort.
Has the blockchain failed to provide a secure digital currency and has turned into a haven for cybercriminals?
Fundamentals of security
The idea behind bitcoin was to create a peer-to-peer system that would allow two parties who now do not trust each other and who do not trust each other financially, without allowing for double spending or hacking. of the system. For this, he created an immutable ledger that can only break a "51% attack"–an attack that requires enormous computing power of malicious nodes to invade honest ones. While this system has failed minor networks, was tried by the battle with bitcoin, which so far has not suffered from such blows.
But no matter how safe a system we design, it will always have a point of failure: humans.
The Heathrow Airport has been fined for & £ 120,000 ($ 155,000) when an employee lost a USB drive containing 2.5 GB of sensitive files. It does not matter how secret the files were kept; without adequate training and procedures, the system can still fail miserably.
Security is a process, not a final state. And our main enemy is "convenience". Even the president of the United States is no exception. That's why we reuse the same passwords on disparate websites or we totally abandon them with two-factor authentication. Indeed, the AT & amp; case T had nothing to do with blockchain vulnerabilities; the victims had fallen for the exchange of SIM.
SIM exchange is a technique used by hackers to trick (or even corrupt) a telecommunications operator to redirect the victim's phone number to the hacker's SIM card. Hackers impersonate their goal by providing false documents and claiming to have lost their phone and need their old number redirected to their "new" SIM card. From there, they can penetrate the target's email and social media accounts, and extract valuable information about any other account that is insecure stored there.
For the exchange of SIM, the hacker just needs to know the phone number of his target, then do some social engineering to trick the operator. In an SS7 attack, even social engineering is not necessary, as hackers can use the attack to intercept SMS messages and steal all PIN codes that are sent to the victim's phone during an access attempt. The only way to protect yourself from these measures, for now, is not to use mobile phones for authentication–or keep one for access only and never share the number with anyone.
worsens
What makes this particularly important for cryptocurrencies is its nature. When hackers steal private data or even health data, they still need to sell those accounts or start exploiting them before they can turn their earnings into cash.–and in some cases, victims can block these accounts or minimize the damage. But with crypts, they have immediate access to money.
In some cases, hackers even ignored the funds they could access in traditional banks. Second REACT Lieutenant John Rosethe attackers "are mainly interested in targeting cryptocurrencies due to the ease with which these funds can be recycled through online exchanges and because transactions can not be canceled".
Whom do you trust?
It is interesting to note the pattern here: hackers attack central positions for gains and hide anonymity in the decentralized network. In a sense, blockchain is doing exactly what it was supposed to do: remove individual points of failure and create a network in which anyone could trade freely.
As we listen to the regulatory demands of the blockchain, it is also important to remember the main reason behind the birth of bitcoin: the failure of the big central banks, which caused the 2008 depression.
In the end, is it about who we trust? The central bodies, which should be good guys, but sometimes have shown they can turn the evil, or the masses in which you can also merge hackers and scammers?
For the supporters of the blockchain, the answer is clear: we can not hope that people in power always do the right thing, but we can give the masses more power to take corrective action. In other words, should we opt for a dictatorship and hope to get a "good" dictator or do we believe that democracy always prevails?
It's about how we use technology. Blockchain has answers in itself.
Blockchain "white hat"
When the Ghash.io pool approached 51% control of the bitcoin mining power in 2014, the community reacted by leaving the pool–so much so that the owners have had to publicly announce that "they will take all the necessary precautions to prevent reaching 51% of all hashing power, in order to maintain the stability of the bitcoin network".
To protect himself from hacks of smart contracts, he called an Israeli start of computer security Safeblocks& nbsp; has created a decentralized web firewall that protects smart contracts against unauthorized transactions and malicious attacks in real time. The platform's activity is to monitor smart contracts and review transaction requests as they arrive, approving or disapproving them based on the security exceptions set by users. In this way, users can place a limit on the number of transactions per day, reducing the number of withdrawals also by setting a designated address for collection.
The basic idea is that instead of relying on code checks, we need to measure the system in real time and act accordingly. This vision is much closer to the principle of "security is a process". Only this time, blockchain is part of this process.
Evaluating the violations mentioned above, it is clear that blockchain could not prevent the exchange of SIMs or SS7 attacks–but it has a system that is immune to surveillance: obscure routing. This technique, as implemented by Mainframe, allows full privacy of data, surveillance resistance and resistance to censorship. It works only by partially revealing the destination, letting the message out at a number of nodes such that the recipient can not be located. However, only the destination recipient can actually decrypt the message.
background he used this technique for penetrate the big Chinese firewall. The platform divides the data transmitted in several parts and forwards them through the nodes, using artificial intelligence to find the fastest routes. Combined with encryption, it creates a secure and non-censurable connection without using VPN or Tor.
Putting this system on the blockchain actually plays a crucial role. In the end, VPN hosts are limited and expensive. Tor is free but the only incentive for anyone to use it would be anonymity. Blockchain, on the other hand, overturns the entire equation. Here, nodes can actually earn revenue by sharing their network. For example, Substratum implements a model where you pay for content based on "clicks". This decentralized version of the web enhances nodes rather than centralized players and has the potential to bring back network neutrality.
Do hackers circumvent these techniques or, worse still, use them in their favor? Obviously. Just like they can do with many other systems–even centralized ones. The most important takeaway is that security is a process. Blockchain is not good or bad. It can be used for both. But it is a step in the right direction.
">
On August 15, Michael Terpin introduced a $ 224 million lawsuits against AT & T. His 69-page claim states that the telecommunications giant could not protect his phone number–even after the escalation of your account to a "higher security level" with "special protection"–resulting in a combined $ 24 million hack of its cryptocurrencies.
This number could nano compared to the notorious Monte. Gox hack, where over $ 460 million has been stolen, or the DAO hack ($ 50 million), or the most recent hacks of Conrail ($ 37.2 million) e Bithumb ($ 31 million). But the scary part is the ease with which these hacks are executed. In fact, instead of breaking up smart contracts or hacking swaps and stealing private keys, now boys between 19 and 22 can steal millions at a cost of 99 cents, without any effort.
Has the blockchain failed to provide a secure digital currency and has turned into a haven for cybercriminals?
Fundamentals of security
The idea behind bitcoin was to create a peer-to-peer system that would allow two parties who now do not trust each other and who do not trust each other financially, without allowing for double spending or hacking. of the system. For this, he created an immutable ledger that can only break a "51% attack"–an attack that requires enormous computing power of malicious nodes to invade honest ones. While this system has failed minor networks, was tried by the battle with bitcoin, which so far has not suffered from such blows.
But no matter how safe a system we design, it will always have a point of failure: humans.
The Heathrow Airport was fined for £ 120,000 ($ 155,000) when an employee lost a USB drive containing 2.5 GB of sensitive files. It does not matter how secret the files were kept; without adequate training and procedures, the system can still fail miserably.
Security is a process, not a final state. And our main enemy is "convenience". Even the president of the United States is no exception. That's why we reuse the same passwords on disparate websites or we totally abandon them with two-factor authentication. In fact, the AT & T case had nothing to do with blockchain vulnerabilities; the victims had fallen for the exchange of SIM.
SIM exchange is a technique used by hackers to trick (or even corrupt) a telecommunications operator to redirect the victim's phone number to the hacker's SIM card. Hackers impersonate their goal by providing false documents and claiming to have lost their phone and need their old number redirected to their "new" SIM card. From there, they can penetrate the target's email and social media accounts, and extract valuable information about any other account that is insecure stored there.
For the exchange of SIM, the hacker just needs to know the phone number of his target, then do some social engineering to trick the operator. In an SS7 attack, even social engineering is not necessary, as hackers can use the attack to intercept SMS messages and steal all PIN codes that are sent to the victim's phone during an access attempt. The only way to protect yourself from these measures, for now, is not to use mobile phones for authentication–or keep one for access only and never share the number with anyone.
worsens
What makes this particularly important for cryptocurrencies is its nature. When hackers steal private data or even health data, they still need to sell those accounts or start exploiting them before they can turn their earnings into cash.–and in some cases, victims can block these accounts or minimize the damage. But with crypts, they have immediate access to money.
In some cases, hackers even ignored the funds they could access in traditional banks. Second REACT Lieutenant John Rosethe attackers "are mainly interested in targeting cryptocurrencies due to the ease with which these funds can be recycled through online exchanges and because transactions can not be canceled".
Whom do you trust?
It is interesting to note the pattern here: hackers attack central positions for gains and hide anonymity in the decentralized network. In a sense, blockchain is doing exactly what it was supposed to do: remove individual points of failure and create a network in which anyone could trade freely.
As we listen to the regulatory demands of the blockchain, it is also important to remember the main reason behind the birth of bitcoin: the failure of the big central banks, which caused the 2008 depression.
In the end, is it about who we trust? The central bodies, which should be good guys, but sometimes have shown they can turn the evil, or the masses in which you can also merge hackers and scammers?
For the supporters of the blockchain, the answer is clear: we can not hope that people in power always do the right thing, but we can give the masses more power to take corrective action. In other words, should we opt for a dictatorship and hope to get a "good" dictator or do we believe that democracy always prevails?
It's about how we use technology. Blockchain has answers in itself.
Blockchain "white hat"
When the Ghash.io pool approached 51% control of the bitcoin mining power in 2014, the community reacted by leaving the pool–so much so that the owners have had to publicly announce that "they will take all the necessary precautions to prevent reaching 51% of all hashing power, in order to maintain the stability of the bitcoin network".
To protect himself from hacks of smart contracts, he called an Israeli start of computer security Safeblocks has created a decentralized web firewall that protects smart contracts against unauthorized transactions and malicious attacks in real time. The platform's activity is to monitor smart contracts and review transaction requests as they arrive, approving or disapproving them based on the security exceptions set by users. In this way, users can place a limit on the number of transactions per day, capping the number of withdrawals also by setting a designated address for collection.
The basic idea is that instead of relying on code checks, we need to measure the system in real time and act accordingly. This vision is much closer to the principle of "security is a process". Only this time, blockchain is part of this process.
Evaluating the violations mentioned above, it is clear that blockchain could not prevent the exchange of SIM or SS7 attacks–but it has a system that is immune to surveillance: obscure routing. This technique, as implemented by Mainframe, allows full privacy of data, surveillance resistance and resistance to censorship. It works only by partially revealing the destination, letting the message out at a number of nodes such that the recipient can not be located. However, only the destination recipient can actually decrypt the message.
Substratum used this technique to penetrate the Great Firewall in China. The platform divides the data transmitted in several parts and forwards them through the nodes, using artificial intelligence to find the fastest routes. Combined with encryption, it creates a secure and non-censurable connection without using VPN or Tor.
Putting this system on the blockchain actually plays a crucial role. In the end, VPN hosts are limited and expensive. Tor is free but the only incentive for anyone to use it would be anonymity. Blockchain, on the other hand, overturns the entire equation. Here, nodes can actually earn revenue by sharing their network. For example, Substratum implements a model where you pay for content based on "clicks". This decentralized version of the web enhances nodes rather than centralized players and has the potential to bring back network neutrality.
Do hackers circumvent these techniques or, worse still, use them in their favor? Obviously. Just like they can do with many other systems–even centralized ones. The most important takeaway is that security is a process. Blockchain is not good or bad. It can be used for both. But it is a step in the right direction.
