At the beginning of the year, cybercrime legalized about $5.5 billion through digital coins with the help of fundraising. However, this is not all the problems existing in the digital industry market. There are several public cases denoting crime in the virtual economy. This is, for example, the attack of the WannaCry virus, the investigation of which took several months. Hackers have earned 53 bitcoins on the virus (approximately $350 thousand). Then, cloud mining is a technology for building a financial pyramid on the cryptocurrency hype, which has been bringing 300 bitcoins ($2 million) a day. This and many other things were discussed at the CYBERCRIME CON/2018 conference, which opened on Tuesday in Moscow.
The first day of the forum was devoted to four important topics. The first and main one is “Annual forecasts with the proven predictive validity”. This is a relevant and even acute question, especially when it comes to the recent scandal with the Pantera capital venture crypto fund when the wrong analytical case led to a loss of 72% of revenues. Coming up next in the program, there were the panels: “Cyber-terrorism and attacks on critical infrastructure”, “Cross-border exchange of intelligence information on strategic threats”, and “Next generation of intellectual property protection”.
But the following panel discussion became the most interesting part. The following head officers and top managers took part in the discussion: Alexey ARKHIPOV, the managing partner of the QIWI blockchain technologies; Pavel LOZHKIN, National Settlement Depository; Oleg RAVNUSHKIN, the managing partner and co-founder of CONIC; Alexander LAZARENKO, the head officer of R&D, Group-IB; Alexey PROKOFIEV, the managing partner of AddCapital; and Herbert SHOPNICK, business development officer of BitFury. The roundtable – in that particular format the panel was held – was conducted by Ruslan YUSUFOV, the special projects director of Group-IB.
The conclusion of the discussion looked like this: despite the change in technology, human psychology stayed mostly the same, people prefer to believe in a possibility of fantastic profits with next to no expenses. The vast majority of the new fraud schemes turned out to be well overlooked old ones. Simple fishing through fake accounts on the same social networks or messages of respected news agencies are working today and, apparently, will work tomorrow. And not only simpletons get hooked on fishing schemes. Large market players buy into fake information and links. An interesting example was given by one of the participants. He spoke about the case when investors fell for a message about Donald TRUMP’s support for one of the projects.
The digital economy ended up being a “fertile soil” for the old types of fraud schemes. So called “Cloud mining” is one of them and it is based on the fact that a lot of people have no real understanding of the crypto technology and mining process in general. Investors that were scammed out of their money were sure that they were getting freshly mined coins because they had no idea that they could look into the hashrate and look through entire history of the coin. But then they figured this out - it became clear that their coins were mined years ago. This obviously made them start asking questions about the overall legitimacy of cloud mining. Cloud mining companies answered it by closing down.
“ Projects like this usually live for 6 months – Herbert SHOPNICK said – Typical cloud mining project named CashOcean had existed for 18 months. At the same time, it turned out that not a single bitcoin earned on such a cloud service had been mined; and it demonstrated clearly that it had been a pyramid that had disappeared with all the money 1.5 years later.”
And still, internet is full of the offers to jack into the pyramid game with 115% profits. Cybercriminals use not only the gullibility of the people but also their carelessness, people tend to provoke hackers to hack them
“But still - Ruslan YUSUFOV made the topic actual. – Only this year, hackers have stolen almost $1 billion. Can anybody of the attendees say how it happens? Give examples and denote some methods of combating with threats?”
Of course, the guests immediately remembered the largest thefts of virtual coins from crypto exchanges.
“In my opinion, the case with the ShapeShift exchange was interesting,” Alexander LAZARENKO took the floor. “There was a hacker who infected a developer’s computer and then drained all the hot wallets of this crypto exchange. He was upset because there was no money, and moved to another iCloud... The hacker, naturally, was on the alert. He made a cash-out of hot wallets, sold access to the backdoor of this developer, and a new person on a new computer connected access to this computer and re-drained these hot wallets. As a result, the exchange moved again, and the story ended. Probably, they still fired all the developers and disabled access.”
This is a good example of the so-called early cybercrimes, which, according to Alexander LAZARENKO, were built on insider information: “Either the developers took the keys and withdrew funds from the stock exchanges, or their computers were hacked from outside with the help a Trojan. Either the IP address was stored in the key-pass, or the passwords were something like 123qwerty123qwerty. And there were a lot of cases like this.”
“Traditional digital custody looks like this -noted Alexey PROKOFIEV - 3 administrators gathered, set up a server, and decided to trade services. And the crypto exchange is about the same. And the security level will be similar. They cannot provide all the necessary measures only because they cannot properly distribute duties and even distribute passwords. In other words, they cannot use the traditional measures of information security properly. The technology, of course, has its own vulnerabilities. There are complex variants of attacks, for example, the attack of 51%, the same fishing. But practice shows that, as a rule, they break the simplest things. ”
Then the conversation turned to guarantees for customers. Crypto exchanges differ from traditional ones in that regulators have long ago defined procedures and guarantees for returning funds to investors. You can see the movement of funds, known keepers and guarantors. Therefore, if something happens, then all losses will be compensated to people. That cannot be said about digital trading platforms.
At the same time, Alexey PROKOFIEV asked himself a rhetorical question: “When money comes to the crypto exchange, investors are trembling because they risk hacking it. Therefore, you can trust only at the time of the transaction, and you will need to withdraw the money, but where? ”
“Obviously, you need to withdraw money to some kind of custody,” he thinks. “Some sort of more reliable storage than you, our dear exchange.” At the same time, the speaker recalled many cases of embezzlement of funds, including those from decentralized exchanges such as Bitstamp. So the advertised decentralization is far from being a panacea. “So why can't the exchanges integrate some kind of custody on board? - PROKOFIEV asks another rhetorical question. “Make a separate store and store on some D3?”
The answer is sadly simple. Most often, crypto exchanges do not have specialists of the appropriate level and tools to guarantee a return of investments.
At the end of the panel, they got to quantum cryptography. As Alexey ARKHIPOV said, “this story is still under the “cape of secrecy” since so far - little is known about its practical application in data storage and protection.”
However, Alexey PROKOFIEV holds to a special opinion regarding quantum technologies. “Quantum history is a terrifying thing,” he said. “The private key, which we are all planning to protect and hide it in different places carefully, is brute forced with a quantum computer, and it will not take millions of years, only months or weeks or even days.”
Alexey PROKOFIEV suggested that if a certain number of qubits will be accumulated in 2019 and the super-reliable SHA3-256 algorithm will be cracked, prices of Bitmain along with Bitfury and Bitcoin cost will plummet. And what will happen if cybercriminals will get that piece of tech in their hands?“ I personally hold to the opinion that a quantum computer will be banned as a mass destruction weapon, because, in fact, it is such a weapon, — noted PROKOFIEV. — Most likely, such a device will be taken over by the governmental institutions such as the NSA and other competent departments, and they will make their attacks from time to time.”