Crypto

now browsing by tag

 
 

#deepweb | Crypto is fueling organized crime in Latin America, claims new report

Source: National Cyber Security – Produced By Gregory Evans

In brief

  • Threat intelligence firm Intsights says criminals are turning to cryptocurrencies in greater numbers in Latin America.
  • Mixing services, P2P and unregulated crypto exchanges are the tools of choice to covertly wash and launder illicit funds.

Organized crime and drug cartels in Latin America are increasingly turning to cryptocurrencies to launder money and orchestrate scams, according to the latest collaborative report by threat intelligence firm Intsights and blockchain forensics firm CipherTrace. 

The report, “The Darkside of Latin America,” demonstrates how threat finance in Latin America has evolved with the rise of cryptocurrencies and peer-to-peer and unregulated exchanges. Researchers for Intsights say they arrived at their findings from access to “closed-access databases” and “hundreds of underground sources (deep web and dark web),” among other tactics.

The report claims that the region’s countries “top the list of the world’s worst money laundering nations,” and organized crime and cybercriminals are turning to cryptocurrencies to move money and to hire hackers. The report also highlights the fact that extreme political corruption in the region helps criminals operate without much resistance. 

One way criminals are specifically using cryptocurrency is through “mixing services” to obfuscate “potentially identifiable or ‘tainted’ cryptocurrency funds with others,” according to Intsights. Once “washed” through mixing services, criminals continue to trade their crypto on other exchanges to profit.

Further, criminals are laundering money through the many unregulated exchanges through Latin America, which lack the know-your-customer (KYC) and anti-money laundering (AML) policies that are commonplace in more developed countries. Criminals use these exchanges to trade Bitcoin for altcoins to further obfuscate and profit from their illicit funds. According to the researchers, they estimate that 97% percent of washed cryptocurrency ends up in places like Latin America that have “extremely lax KYC/AML regulations.” 

To compound this, criminals also turn to peer-to-peer exchanges (P2P), which remain the preferred way for criminals to exchange crypto to fiat money. The report cites P2P exchanges such as LocalBitcoins, which has relatively high trading volume in Latin America, as favorites for criminals to launder money because they ”typically lack AML programs and perform little or no KYC due diligence.” 

In recent months, P2P exchanges like Paxful and Local Bitcoins have stepped up their regulations to combat this reputation. 

The report cites the case of the now notorious Panamanian payment processing firm Crypto Capital as a prominent example of how criminals use crypto. The alleged operators of the “shadow bank” are charged with aiding drug cartels with money laundering operations between Latin America and Europe, among other misdeeds.

It’s a problem that’s unlikely to be resolved any time soon, according to the researchers, given Latin America’s lack of established anti-money laundering laws and poor enforcement of the laws that are in place.

Nevertheless, the report recommends firms that want to combat cybercrime in the region to “collect, monitor, and analyze cyber crime intelligence,” learn and “follow best security practices.”

Source link
——————————————————————————————————

The post #deepweb | <p> Crypto is fueling organized crime in Latin America, claims new report <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27, Crypto And Privacy Village – Mark B. Cooper’s ‘PKI And SHAKEN STIR Will Fix Robocalls’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27, Crypto And Privacy Village – Mark B. Cooper’s ‘PKI And SHAKEN STIR Will Fix Robocalls’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27, Crypto And Privacy Village – Mark B. Cooper’s ‘PKI And SHAKEN STIR Will Fix Robocalls’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27, Crypto And Privacy Village – Sarah McCarthy’s ‘Quantum Safe Instantaneous Vehicle Comms’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27, Crypto And Privacy Village – Sarah McCarthy’s ‘Quantum Safe Instantaneous Vehicle Comms’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27, Crypto And Privacy Village – Sarah McCarthy’s ‘Quantum Safe Instantaneous Vehicle Comms’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Indian authorities arrest their first crypto dark web drug dealer

Source: National Cyber Security – Produced By Gregory Evans

  • The suspect, Dipu Singh, is accused of selling psychotropic and prescription pills on the dark web.
  • He was taken into custody by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act.

In an investigation done by the Narcotics Control Bureau (NCB), India has caught its first darknet crypto drug dealer. The authorities have seized 55,000 tablets in the arrest. The NCB participated in “Operation Trance” – a multinational crackdown on illicit dark web drug sales using couriers, international postal services, and private parcel deliveries.

Global post offices and international courier services were used as logistics for illicit trade. The payments gateways of cryptocurrency were used by the operators to conceal the transactions from law enforcement agencies.

The accused, Dipu Singh, is a 21-year old whose father is a retired army officer. Singh is accused of selling many psychotropic and prescription pills on the dark web and shipping them to the US, Romania, Spain, and other countries.

He started out by selling health supplements and erectile dysfunction medication on major dark web markets. Later, he began selling tramadol, zolpidem, alprazolam and other psychotropic prescription medications. The suspect was taken into custody by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act. 

 

Source link
——————————————————————————————————

The post #deepweb | <p> Indian authorities arrest their first crypto dark web drug dealer <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | This week in crypto: clouds, mugs, and Binance

Source: National Cyber Security – Produced By Gregory Evans Thank God for the weekend! It’s been, what, ten days since the last one? But it’s finally here! So, what’s happened in blockchain world this week? A whole bunch: Peter Schiff’s tweets are memorialized, Nimbus gets $650,000 to build on Ethereum, and Binance cures coronavirus… or […] View full post on AmIHackerProof.com

A #15-year-old #hacked the #secure Ledger #crypto #wallet

A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a “supply chain attack” – meaning a hack that could compromise the device before it was shipped to the customer – and another attack that could allow a hacker to steal private keys after the device was initialized.

Rashid is not affiliated directly with any Ledger competitors although there was some suggestion that he did some work on Trezor and other competing hardware wallets. His response:

Bay Area Crypto Day

General Cybersecurity Conference

 May 25, 2018 | Stanford, California, United States

Cybersecurity Conference Description

The Bay Area Crypto Day is a recurrent one-day workshop about cryptography research, held at different locations in the Bay Area.

Read More….

advertisement:

The post Bay Area Crypto Day appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Attackers #Increasingly #Turning to Personal #WordPress Sites to Mine #Crypto

Source: National Cyber Security – Produced By Gregory Evans

Attackers #Increasingly #Turning to Personal #WordPress Sites to Mine #Crypto

We’ve heard the many stories about hackers looking to mine cryptos making their way into large businesses computer networks to do their deeds. However, average people with WordPress sites are just as vulnerable, and they are increasingly being targeted.

A WordPress research firm just released a report detailing the growing problem, and it includes ways to detect hackers, as well as ways to keep them out in the first place.

Here, we’ll go over their findings.

WordPress site owners beware

The thought of a company hacking large companies to mine digital currencies took many by surprise. The most striking was Showtime, whose hit was discovered in September. We recently told you about Politifact, which was hit this month.

These grabbed headlines, but individuals with WordPress that may be used just for their personal blogs are just as vulnerable, according to research site Wordfence.

It found that these mainstream sites are increasingly being targeted. Consider that an estimated 25% of websites worldwide are powered by WordPress, and you can see why the popularity of these mining attacks would likely rise too, notes Wordfence.

It says it’s been monitoring the crypto mining malware situation closely over the course of October and is starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected.

The attacks we have analyzed are all trying to exploit well-known security vulnerabilities that have been around for a long time; for example, the Gravity Forms exploit from mid-2016, or the Joomla com_jce exploit from early 2014. We have also seen quite a few attempts to insert mining code using compromised WordPress administrator accounts, as well as some attacks using compromised FTP accounts.

Money driver

The research firm Checkpoint analyzed the profit potential for an attacker planting this malware, and found successful hackers who can attack an average of 1,000 users at the same time across all infected sites would generate $2,398 a month.

Due to the lucrativeness of these schemes, they will continue to grow. It was noted that although that attacks that attempt to embed cryptomining malware are currently unsophisticated, these attackers are thought to likely increase their skills just because of the money they stand to make.

Also expected is for attacks on higher-traffic websites to increase because there’s more money to be made with them.

Protect yourself

The tool of choice to protect your computer from crypto mining attacks is CoinHive.

Checkpoint notes the risks of not protecting yourself from this very real threat:

Aside from damaging their machines, users put themselves at risk for DOS attacks and additional injected code. It will become ever more necessary to ensure that users are protected from such attempts.

While popular, we told you how CoinHive still may not keep these devious, bad actors out. Such was the case of Politifact, in which CoinHive could not have done anything to prevent that particular incident.

The lesson to be learned is that you should be on guard if you have a WordPress site, as attackers are increasingly seeing these popular sites as prey.

The post Attackers #Increasingly #Turning to Personal #WordPress Sites to Mine #Crypto appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Crypto currency hacks: Hacking the unhackable

Source: National Cyber Security – Produced By Gregory Evans

When asked to name a cryptocurrency you’d likely think of Bitcoin, but today there are now over 900 cryptocurrencies on the market. In theory, the blockchain that cryptocurrencies use should be un-hackable and yet last month we saw hackers make off with $32 million worth of the cryptocurrency Ether. Before…

The post Crypto currency hacks: Hacking the unhackable appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

HeartBleed – Critical Crypto Bug Exposes Yahoo Mail

OpenSSL is considered as a certificate for security but what when OpenSSL itself have a bug. That’s the reason Yahoo mail’s passwords were exposed. Heartbleed is a bug which is the result of a mundane coding error in OpenSSL.

OpenSSL is for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website’s entire cryptographic certificate.

After this bug and a huge loss to Yahoo Mail, OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high.

This worked as by sending many requests at a time and get an entry into website through a hole because of heavy traffic. The bug allows to eavesdropping in a website who is using OpenSSL library.

The OpenSSL patch is only the starting point on the path of Heartbleed recovery. Website operators should strongly consider replacing their X.509 certificates after applying the update and getting all users and administrators to change passwords as well.

Source: http://whogothack.blogspot.co.uk/2014/04/heartbleed-critical-crypto-bug-exposes.html#.Vik8h_mqqko

The post HeartBleed – Critical Crypto Bug Exposes Yahoo Mail appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof