Security

A Hacker Gang is Wiping Lenovo NAS Devices and Asking for Ransoms (zdnet.com) 36

A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back. From a report: Attacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams. Attacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password. ZDNet was able to identify around 1,000 such devices using a Shodan search.
Bitcoin

You Can Now Buy Bitcoin At CVS, 7-Eleven, Rite-Aid (forbes.com) 64

Bitcoin ATM operator LibertyX now offers bitcoin purchases at the United States' most popular convenience and drug stores. From a report: Per a PR Newswire released on Jun 22, the company has finished rolling out the buying option which will be available in "20,000 retail locations around the U.S., including major convenience store and pharmacy chains, such as 7-Eleven, CVS Pharmacy, and Rite Aid." This service will give LibertyX users the option to purchase bitcoin with cash at any of the participating retailers' cashier counters. These 20,000 new buying centers add to the 5,000 Bitcoin ATMs that the company has established across the United States since it launched in 2014.
The Internet

'Largest Distributed Peer-To-Peer Grid' On Earth Laying Foundation For A Decentralized Internet (forbes.com) 80

Forbes reports on ThreeFold, an ambitious new "long-term project to rewire the internet in the image of its first incarnation: decentralized, unowned, accessible, free." "We have 18,000 CPU cores and 90 million gigabytes, which is a lot of capacity," founder Kristof de Spiegeleer told me recently on the TechFirst podcast. "It's probably between five and ten times more than all of the capacity of all the blockchain projects together..."

"It's a movement," de Spiegeleer says about ThreeFold. "It's where we invite a lot of people to...basically help us to build a new internet. Now it sounds a little bit weird building a new internet. We're not trying to replace the cables... what we need help with is that we get more compute and storage capacity close to us." That would be a fundamentally different kind of internet: one we all collectively own rather than just one we all just use.

It requires a lot of different technology for backups and storage, for which ThreeFold is building a variety of related technologies: peer-to-peer technology to create the grid in the first place; storage, compute, and network technologies to enable distributed applications; and a self-healing layer bridging people and applications. Oh, and yes. There is a blockchain component: smart contracts for utilizing the grid and keeping a record of activities. "Farmers" (read: all of us) provide capacity and get micropayments for usage.

So instead of a Bitcoin scenario where some of the fastest computers in the world waste country-scale amounts of electricity doing arcane math to create an imaginary currency with dubious value (apologies, are my biases showing?) you have people providing actual tangible services for others in exchange for some degree of cryptocurrency reward. Which, in my (very) humble opinion, offers a lot more social utility...

ThreeFold and partners have invested more than $40 million in make it happen, de Spiegeleer says, and there are more than 30 partners working on the project or onboarding shortly. "So it's happening," he says.

In the interview, de Spiegeleer points out 80% of current internet capacity is owned by less than 20 companies, arguing on the podcast that "It really needs to be something like electricity.

"It needs to be everywhere and everyone needs to have access to it. It needs to be cost effective, it needs to be reliable, it needs to be independent..."
The Almighty Buck

The US Government Just Paid a Crypto Startup to Explore Digital Dollars (futurism.com) 49

"The U.S. federal government just awarded a grant to the blockchain startup Key Retroactivity Network Consensus (KRNC)," reports Futurism.com, "to study the feasibility of integrating cryptocurrency into the economy." That doesn't mean that the U.S. is going to pivot to a digital blockchain dollar, CoinDesk reports. Rather, the National Science Foundation funded KRNC because it's interested in exploring new ways to improve the security of digital transactions.

The protocol KRNC is developing would meter out a new cryptocurrency in proportion to a user's existing wealth, CoinDesk reports, instead of requiring them to purchase or actively mine new crypto. In other words, it wouldn't make people richer, but it would grant them an alternative means to transfer funds online.

"Bitcoin, which runs on the principle of Proof-of-Work, is wasteful," KRNC CEO Clint Ehrlich told CoinDesk. "It requires people to waste money and computing power solving pointless problems."

Java

New Java-Based Ransomware Targets Linux and Windows Systems (zdnet.com) 37

"A newly uncovered form of ransomware is going after Windows and Linux systems," reports ZDNet, "in what appears to be a targeted campaign." Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cyber criminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.

Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanised Java Runtime Environment and is compiled in a Java image file (Jimage) to hide the malicious intentions... [T]he first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing Remote Desktop Protocol servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop removal of their attack...

After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch and .thanos — and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email.

The fact the campaign is still ongoing suggests that those behind it are finding success extorting payments from victims.

Bitcoin

Latest Satoshi Nakamoto Candidate Buying Bitcoin No Matter What (bloomberg.com) 53

Adam Back's name has surfaced again in the crypto community's favorite guessing game: Who is the anonymous creator of Bitcoin who went by the pseudonym Satoshi Nakamoto. From a report: In mid-May, YouTube channel Barely Sociable, with nearly 400,000 subscribers, released a 40-minute video claiming that 49-year-old Back is Satoshi. The video has since raked up nearly 300,000 views. Back does check off a lot of the boxes: He is a British cryptographer with a PhD in computer science, who, back in the 1990s, invented Hashcash, a system of verification that Bitcoin uses. He is also the first person Satoshi contacted online in 2008, asking about Hashcash.

So is he Satoshi? "No, I am not," Back said in a June 1 phone interview from Malta. But he also pointed out it's better for the creator of the world's largest cryptocurrency to remain a mystery. "It's generally viewed at this point as better that the founder of Bitcoin is not known, because a lot of people have a hierarchical mindset," Back said. "If you read about a technology, you try to figure out who is the CEO of a company, and people want to ask questions. Because Bitcoin is more like a digital gold, you wouldn't want gold to have a founder. For Bitcoin to keep a commodity-like perception, I think it's a very good thing that Satoshi stays out of the public."

Security

Hackers Plan To Use Stolen Cryptocurrency Exchange Data for SIM Swapping (vice.com) 10

Hackers who obtained personal data on users of Canadian cryptocurrency exchange Coinsquare say they plan to use the information to perform so-called SIM swapping attacks, according to one of the hackers. Motherboard: The news shows hackers' continued interest in trying to leverage security issues with telecom-based forms of authentication. In a SIM swapping attack, a hacker takes control of a target's phone number, which then gives them the ability to request password resets for some websites or a victim's two-factor authentication code. Often, SIM swappers will use these techniques to steal cryptocurrency. The breach also signals the continued risk of insider access, with Coinsquare telling Motherboard a former employee was responsible for stealing the data. "The original intent was to sell it [the data] but we figured we would make more money by SIM swapping the accounts," a pseudonymous hacker who provided the Coinsquare data to Motherboard said in an online chat.
Bitcoin

Bitcoin Mining Difficulty Drops by 6% In First Adjustment After Halving (coindesk.com) 48

The Bitcoin network just fine-tuned a key parameter to coax back miners who quit after last week's halving hammered their profits. From a report: More than 20 exahashes per second (EH/s) of computing power -- the equivalent of around 1.5 million older-generation mining machines -- has been switched off from Bitcoin since the network's halving. The 7-day rolling average of Bitcoin's hash rate has dropped over 20% from around 122 EH/s just prior to the halving on May 11 to now 97 EH/s. The once-in-four-years event reduced miners' block rewards from 12.5 to 6.25 bitcoin (BTC) per block. The hash rate drop after the halving has significantly outrun the hashing sprint prior to it. As such, Bitcoin's mining difficulty, which measures how hard it is to compete for block rewards, decreased 6% to 15.14 Trillion at 2:00 UTC on Wednesday in the network's first biweekly difficulty adjustment since the halving. The amount of computing power connected to Bitcoin has been on a roller-coaster ride over the past two weeks. Bitcoin's mining difficulty adjusts itself every 2,016 blocks, roughly 14 days, to ensure the average interval between blocks remains at 10 minutes. If a large number of miners are switched off from the network, resulting in a longer-than-10-minute average block interval, the difficulty will decrease to encourage participation. And Bitcoin's third halving on May 11 happened exactly at the halfway mark of the previous 2,016-block difficulty cycle.
Bitcoin

JPMorgan Extends Banking Services To Bitcoin Exchanges (coindesk.com) 15

According to The Wall Street Journal, JPMorgan Chase has taken on Coinbase and Gemini Trust as banking customers (Warning: source paywalled; alternative source) -- "the first time the bank has accepted clients from the cryptocurrency industry." From the report: The move is the latest in a string of positive developments for bitcoin and another sign that Wall Street is becoming more comfortable with the business of cryptocurrencies. Coinbase, founded in 2012, is the largest U.S.-based bitcoin exchange, with more than 30 million accounts. Gemini, founded in 2014 by Tyler and Cameron Winklevoss, is a smaller exchange, but it has been in the vanguard of the industry's movement to attract mainstream clients and embrace regulation. The accounts were approved in April, and transactions are just starting to be processed, the people said.

The bank is primarily providing cash-management services to the firms and handling dollar-based transactions for the exchanges' U.S.-based customers, according to the people. It will process wire transfers, and deposits and withdrawals through the Automated Clearing House network, an electronic funds-transfer system. Although Coinbase and Gemini are built around trading cryptocurrencies, many of their customers link traditional bank accounts to their accounts on the exchanges. Handling transfers in and out of those bank accounts requires a payments processor. JPMorgan's services don't extend to any bitcoin or cryptocurrency-based transactions. The firms handle those themselves.

Bitcoin

It Happened: Bitcoin Just Experienced Third Halving In Its History (cointelegraph.com) 52

The most anticipated cryptocurrency event of 2020, Bitcoin's (BTC) third halving, has just taken effect. Occurring only once every four years, the latest Bitcoin mining block reward halving just reduced the Bitcoin block reward from 12.5 BTC to 6.25 BTC. Cointelegraph reports: Since the first Bitcoin block was generated back in 2009, there have been three halving events. Taking place once every 210,000 blocks mined, or approximately once every four years, a Bitcoin halving cuts the current miner block reward by 50%. The first Bitcoin halving event took place in 2012, cutting the original block reward from 50 BTC to 25 BTC. The second halving took place in 2016, with the reward dropping from 25 BTC to 12.5 BTC. As Bitcoin's supply is limited to 21 million coins, Bitcoin halving events should continue to take place until the year 2140, or until the 21-millionth BTC. By that time, the block reward should reach 1 satoshi, or the smallest unit of Bitcoin at 0.00000001 BTC. At the time of publication, the number of Bitcoin in circulation amounts to 18.37 million, according to Blockchain.com.

As the two previous Bitcoin halvings eventually impacted Bitcoin's price in positive ways, Bitcoin halvings have become the subject of diverse price predictions and speculation. While some crypto players have predicted that the third Bitcoin halving will have no effect on Bitcoin's price, others are confident that the halving will definitely affect the price of the cryptocurrency due to a cut in new Bitcoin supply.

Bitcoin

Bitcoin Crashes as Halving Hype Loses Impetus Over the Weekend (bloomberg.com) 139

Bitcoin appears to be running out of steam just before one of the most anticipated milestones among cryptocurrency enthusiasts. From a report: The largest digital token tumbled over the weekend, declining about 13% to around $8,675. It rebounded to about $8,840 as of 10 a.m. in New York trading on Monday. The decline took place ahead of a closely watched technical event known as its halving, when the rewards miners receive for processing transactions will be cut in half as soon as later today. "It's likely that we're going to see increased volatility through May, with the pandemic, ongoing stimulus measures and the halving," Rich Rosenblum, co-head of trading at crypto market maker GSR, said in an email. "The record open interest for futures and options at multiple exchanges adds to this. The market is in a state of information and position overload, exacerbating the potential for volatile moves."
Security

Details of 44 Million Pakistani Mobile Users Leaked Online, Part of Bigger 115 Million Cache (zdnet.com) 11

An anonymous reader quotes a report from ZDNet: The details of 44 million Pakistani mobile subscribers have leaked online this week, ZDNet has learned. The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin. Data contains names, phone numbers, national IDs, and home addresses among others, and is believed to have originated from Jazz, a local mobile provider. According to our analysis of the leaked files, the data contained both personally-identifiable and telephony-related information. This includes the likes of: Customer full names; Home addresses (city, region, street name); National identification (CNIC) numbers; Mobile phone numbers; Landline numbers; and Dates of subscription.

Based on the dates of subscription, the oldest entries in the leaked files are from late 2013, suggesting that hackers either got their hands on an older backup file, or the breach took place in 2013, and only now surfaced online. The vast majority of entries in the leaked files contained mobile phone numbers belonging to Jazz (formerly Mobilink), a Pakistani mobile operator. However, ZDNet also identified phone numbers that appeared to belong to other mobile operators. [...] The incident is already under investigation in Pakistan, where the Pakistan Telecommunication Authority (PTA) and the Federal Investigation Agency (FIA) are looking into the matter since last month when the hacker first tried to sell the entire 115 million batch on a hacker forum.

Bitcoin

Ripple Sues YouTube Over Cryptocurrency Scam Videos (reuters.com) 27

Blockchain firm Ripple sued YouTube on Tuesday, alleging the video-sharing platform failed to protect consumers from cryptocurrency "giveaway" scams that use fake social media profiles to dupe victims into sending money. Reuters reports: The company says scammers on YouTube have been impersonating Ripple and its chief executive, Brad Garlinghouse, to bait viewers into sending them thousands of dollars worth of XRP, a cryptocurrency championed by Ripple, according to a court filing. The scammers promise to send back up to 5 million XRP, worth nearly $1 million, but victims who participate in the fake "giveaways" never receive any money in return, said the filing.

Ripple says it wants the case to be a "call to action" for the social media industry to stop their platforms from being overrun by fake accounts and misinformation. "For every scam, giveaway, fake conspiracy that is taken down, multiple more pop up nearly immediately," Ripple said in a blog post. "YouTube and other big technology and social media platforms must be held accountable for not implementing sufficient processes for fighting these scams."

Bitcoin

China Rolls Out Pilot Test of Digital Currency (wsj.com) 43

China's central bank has introduced a homegrown digital currency across four cities as part of a pilot program, marking a milestone on the path toward the first electronic payment system by a major central bank. The Wall Street Journal reports: Internal tests of the digital currency are being conducted in four large cities around China -- Shenzhen, Suzhou, Chengdu and Xiong'an, a satellite city of Beijing -- to improve the currency's functionality, the digital currency research institute under the People's Bank of China confirmed Monday, in response to a request for comment. Chinese domestic and state-run media outlets reported on the trials over the weekend. The trials followed years of research by the central bank dating back to 2014.

The new currency, which doesn't have an official name but is known by its internal shorthand "DC/EP," or "digital currency/electronic payment," will share some features with cryptocurrencies including bitcoin and Facebook Inc.'s Libra, PBOC officials have said. While it won't boast the anonymity that bitcoin and other cryptocurrencies tout, China's central bankers have vowed to protect users' privacy. The intention, China's central bankers have said, is to replace some of China's monetary base, or cash in circulation. It won't replace other parts of the country's money supply, such as bank deposits and balances held by privately-run payment platforms, Yi Gang, the governor of China's central bank, said last year.

In Xiangcheng, a district in the eastern city of Suzhou, the government will start paying civil servants half of their transport subsidy in the digital currency next month as part of the city's test run, according to a government worker with direct knowledge of the matter. Government workers were told to begin installing an app on their smartphones this month into which the digital currency would be transferred, the worker said. Civil servants were told that the new currency could be transferred into their existing bank accounts, or used directly for transactions at some designated merchants, the person said.

Bitcoin

Hacker Hijacks Microsoft YouTube Accounts To Broadcast Crypto Ponzi Scam (zdnet.com) 15

A hacker has hijacked all of Microsoft's official YouTube accounts and is broadcasting a cryptocurrency Ponzi scam to all of the company's subscribers, ZDNet reported Monday. From the report: The hijacked accounts are still streaming at the time of writing, despite being reported to YouTube's moderators for more than an hour. The hacker is currently live-streaming an old Bill Gates talk on startups that the former Microsoft CEO gave to an audience at Village Global in June 2019. Hackers are live-streaming an altered version of the presentation, but also asking for viewers to participate in a classic "crypto giveway" -- where victims are tricked to send a small sum of cryptocurrency to double their earnings but never get any funds in return.
The Almighty Buck

Crypto Margin Trading Challenged By US Derivatives Regulator (bloomberg.com) 10

The main U.S. derivatives regulator is taking a significant step in defining the sometimes blurry line between cryptocurrency futures and trading in the spot market. From a report: The Commodity Futures Trading Commission this week laid out its view on what it means to take "actual delivery" of a digital asset. The long-awaited guidance is significant because it means that there could be penalties for trades that don't let the buyer take physical possession and control of a coin within 28 days -- the cut off line for when trades in commodities like wheat and oil start to be considered futures contracts. Long-existing rules requiring traders and exchanges to be able to deliver physical commodities unless they're futures trading on a CFTC-regulated exchange has sowed some confusion for Bitcoin, Ether and other digital assets because they exist only in cyberspace. The issue has been further complicated by trading platforms allowing investors to leverage their bets multiple times using margin, or borrowed money.
Bitcoin

Russia Will Ban the Issuing and Selling of Cryptocurrencies (forbes.com) 61

A senior Russian official says an upcoming digital assets bill will ban the issuing and selling of cryptocurrencies.

Forbes reports: "We believe there are big risks of legalizing the operations with the cryptocurrencies, from the standpoint of financial stability, money laundering prevention and consumer protection," Russia's central bank head of legal, Alexey Guznov, told Russia news agency Interfax this week in comments translated to English via Google. "We are opposed to the fact that there are institutions that organize the release of cryptocurrency and facilitate its circulation," Guznov said, adding the coming bill "directly formulates a ban on the issue, as well as on the organization of circulation of cryptocurrency, and introduces liability for violation of this ban...."

However, Guznov admitted that Russia would not be able to completely ban bitcoin and other cryptocurrencies. "Nobody is going to ban owning cryptocurrencies," Guznov said, adding people will not be punished for owning crypto "if they made their deal in a jurisdiction that does not prohibit that."

Bitcoin

Bitcoin Drops Almost 30 Percent To Under $5,800 (forbes.com) 99

Draconi writes: The price of Bitcoin dropped from it's March 6th, 2020 high of $9,126 to under $5,800 today as market sell-offs accelerated with the S&P and Dow Jones dropping 7% in early hours trading. Bitcoin, long considered to be a safe-haven during times of economic stress, currently costs at least $4,313 in electricity per coin to generate. The latest drop has wiped out all 2020 gains for Bitcoin and sent a ripple effect across other cryptocurrencies, with Ethereum down nearly 35%. While the bitcoin price has recovered slightly to around $6,000, the 24-hour low was $5,721 per bitcoin from just under $8,000 yesterday. Forbes notes that the bitcoin and cryptocurrency market as a whole "is now down a staggering $100 billion in the last seven days -- and has wiped out its year-to-date gains after starting the year at around $7,000 per bitcoin."

"Previously seen as a possible safe haven in difficult times, investors now seem to be selling out to take back liquidity in case the coronavirus spreads even further," said Simon Peters, analyst and crypto expert at multi-asset investment platform, eToro. Bitcoin's crash was also a result of oil cartel Opec's failure to agree to a supply cut last weekend, sending the oil price to historic lows.
Businesses

Meet the Man Being Sued By the FTC Over His Kickstarter Campaign for a High-Tech Backpack (theverge.com) 100

The Verge takes a 5,000-word look at a Kickstarter campaign "that raised more than half a million dollars, only to never ship and leave behind thousands of angry backers."

"The difference in this story, however, is that for only the second time, the Federal Trade Commission is coming for the creator." The agency claims Doug Monahan took his backpack funds and spent them on "personal expenses," including bitcoin purchases, ATM withdrawals, and credit card debt. The agency says he threatened backers who pursued him for their bags. The state of Texas is suing him, too. A lot of people want a piece of Monahan, but he's not going down without a fight. He's serving as his own lawyer to dispute the claims in court, and he invited me down to Texas to clear his name and reputation...

He sold iBackpack as a high-tech wonder that would "revolutionize" backpacks and improve people's lives, whether they're eight or 80. On Indiegogo in 2015 and again on Kickstarter in 2016, Monahan advertised the backpack as the bag of people's dreams: it'd feature more than 50 pockets, include multiple external battery packs, RFID-blocking pouches, a precipitation hood, a USB hub, charging cables, a Bluetooth speaker, and a mobile hotspot for a portable Wi-Fi connection. That's a lot of stuff in one bag that you could seemingly be talked into believing is useful...

He got addicted to pain pills, too. At the same time, the batteries that were supposed to go in the bag represented a liability. The iBackpack drama occurred around the same time that Samsung Galaxy Note 7 batteries started catching fire, and he didn't feel comfortable shipping lithium-ion batteries. Someone could have died, he says.... Monahan says they just don't understand him or crowdfunding, in general. He's not a bad guy, he says. It's just that businesses fail sometimes, which is what he invited me to Texas to prove.

Poking at Monahan's past, however, suggests this isn't a man with a one-time flub, but rather someone with a trail of failures. Is he a con-artist? An irresponsible businessman? Does the difference even matter?

The Verge also investigates a claim that the whole backpack idea was stolen from another company -- and talks to a former employee who says their manager at Monahan's company was a 14-year-old.

And at one point, Monahan "essentially crank calls the FTC's lawyers with me in the room."
Bitcoin

India Lifts Ban on Cryptocurrency Trading (techcrunch.com) 21

India's Supreme Court on Wednesday overturned central bank's two-year-old ban on cryptocurrency trading in the country in what many said was a "historic" verdict. From a report: The Reserve Bank of India had imposed a ban on cryptocurrency trading in April 2018 that barred banks and other financial institutions from facilitating "any service in relation to virtual currencies." At the time, RBI said the move was necessary to curb "ring-fencing" of the country's financial system. It had also argued that Bitcoin and other cryptocurrencies cannot be treated as currencies as they are not made of metal or exist in physical form, nor were they stamped by the government. The 2018 notice from the central bank sent a panic to several local startups and companies offering services to trade in cryptocurrency. Nearly all of them have since closed shop.

Slashdot Top Deals