Connect with us

Published

on

In this article

When the FBI successfully breached a crypto wallet held by the Colonial Pipeline hackers by following the money trail on bitcoin’s blockchain, it was a wake-up call for any cyber criminals who thought transacting in cryptocurrency automatically protected them from scrutiny.

One of the core tenets of bitcoin is that its public ledger, which stores all token transactions in its history, is visible to everyone. This is why more hackers are turning to coins like dash, zcash, and monero, which have additional anonymity built into them.

Monero, in particular, is increasingly the cryptocurrency of choice for the world’s top ransomware criminals.

“The more savvy criminals are using monero,” said Rick Holland, chief information security officer at Digital Shadows, a cyberthreat intelligence company.

Created in 2014

Monero was released in 2014 by a consortium of developers, many of whom chose to remain anonymous. As spelled out in its white paper, “privacy and anonymity” are the most important aspects of this digital currency.

The privacy token operates on its own blockchain, which hides virtually all transaction details. The identity of the sender and recipient, as well as the transaction amount itself, are disguised.

Because of these anonymity features, monero allows cyber criminals greater freedom from some of the tracking tools and mechanisms that the bitcoin blockchain offers.

“On the bitcoin blockchain, you can see what wallet address transacted, how many bitcoin, where it came from, where it’s going,” explained Fred Thiel, former chairman of Ultimaco, one of the largest cryptography companies in Europe, which has worked with Microsoft, Google and others on post-quantum encryption.

“With monero, [the blockchain] obfuscates the wallet address, the amount of the transactions, who the counter-party was, which is pretty much exactly what the bad actors want,” he said.

With monero, they’re obfuscating the wallet address, the amount of the transactions, who the counter-party was, which is pretty much exactly what the bad actors want.
Fred Thiel
CEO, Marathon Digital Holdings

While bitcoin still dominates ransomware demands, more threat actors are starting to ask for monero, according to Marc Grens, president of DigitalMint, a company that helps corporate victims pay ransoms. 

“We’ve seen REvil…give discounts or request payments in monero, just in the past couple months,” continued Holland.

Monero was also a popular choice on AlphaBay, a massive underground marketplace popular up until it was shut down in 2017.

“It’s almost like we’re seeing, at least from a cyber criminal perspective, a resurgence…in monero, because it has inherently more privacy than some of the other coins out there,” Holland said of monero’s recent rise in popularity among actors in the ransomware space.

Monero’s limitations

There are, however, a few major barriers when it comes to the mainstreaming of monero.

For one, it’s not as liquid as other cryptocurrencies — many regulated exchanges have chosen not to list it due to regulatory concerns, explained Mati Greenspan, portfolio manager and Quantum Economics founder. “It certainly isn’t enjoying as much from the recent wave of institutional investments,” he said.

In practice, that means that it’s harder for cyber criminals to get paid directly in the currency.

“If you’re a corporation and you want to acquire a bunch of monero to pay somebody, it’s very hard to do,” Thiel told CNBC. 

The digital currency could also be more vulnerable to regulation at its on-and-off-ramps, which is the bridge between fiat cash and crypto tokens. 

“I would wager to say the U.S. and other regulators are going to shut them [monero] down pretty hard,” said Thiel.

One way they could go about that: telling an exchange that if they list monero, they risk losing their license.  

But while the U.S. government can indeed keep monero at bay by marginalizing liquidity points, Castle Island Ventures founding partner Nic Carter believes that markets which allow peer-to-peer transfers of monero to fiat will always be hard to regulate. 

There’s also nothing to keep hackers within U.S. jurisdiction. Criminals could easily choose to carry out all of their transactions overseas, in places that aren’t subject to the kind of controls American regulators might put in place.

Bitcoin still rules ransomware

Cyber insurance is another reason why bitcoin is still the currency of choice for most ransomware attacks.

“Insurance is so important in this space, and insurers often refuse to reimburse a ransom payment if it’s been in monero,” said former CIA case officer Peter Marta, who now advises companies about cyber risk management as a partner with law firm Hogan Lovells. 

“One of the things that insurers will always ask for is what type of due diligence the victim company conducted, before making the payment…to try to minimize the chance that the payment goes to an entity on the sanctions list,” explained Marta. 

Traceability is more easily accomplished with bitcoin, given that its blockchain lays bare transaction amounts and the addresses of both the sender and recipients taking part in the exchange. There is also an established infrastructure already in place for officials to monitor these transactions.

Authorities keep lists of bitcoin wallets, which are tied to different sanctions regimes.

While monero does offer a greater degree of privacy over bitcoin, Holland points out that threat actors have mastered certain techniques to anonymize transactions in bitcoin, in order to obscure the chain of custody. 

He says that cyber criminals often turn to a mixing or tumbling service, where they can combine the illicit funds with clean crypto to essentially make a new type of bitcoin, at which point, they turn to currency swaps. 

“Just like you would do dollars to pounds…they may go bitcoin, to monero, then back to bitcoin, and then get a bitcoin ATM card, where they can just cash out dollars with it,” explained Holland.

So even though bitcoin’s blockchain is public, there are still ways to make it difficult for investigators to trace transactions to their ultimate destination. 

Continue Reading

Technology

Dark web researcher warned Columbus, Ohio, residents ransomware attack was bigger than mayor said. The city is suing him

Published

on

By

Dark web researcher warned Columbus, Ohio, residents ransomware attack was bigger than mayor said. The city is suing him

Ransomware has long been plaguing American municipalities. It appeared to be another typical ransomware attack that impacted the city of Columbus, Ohio, this past July. The city’s response to the hack, however, was not, and it has cybersecurity and legal experts across the country questioning its motives.

Connor Goodwolf (legal name is David Leroy Ross) is an IT consultant who plumbs the dark web as part of his job. “I track dark web-type crimes, criminal organizations, and stuff like what the Telegram CEO has been arrested for,” Goodwolf said.

So when word got out that the city of Columbus, his hometown, had been breached, Goodwolf did what he does: he poked around online. It didn’t take him long to discover what the hackers had in their possession.

“It wasn’t the biggest, but it was one of the most impactful breaches I have seen,” Goodwolf said.

In some ways, he described it as a routine breach, with personal identifiable information, protected health information, Social Security numbers and driver’s license photos exposed. However, because multiple databases were breached, it was more encompassing than other attacks. According to Goodwolf, the hackers had breached multiple databases from the city, the police, and the prosecutor’s office. There were arrest records and sensitive information about minors and domestic violence victims. Some of the breached databases, he says, went back to 1999. 

Goodwolf found over three terabytes of data that took over 8 hours to download.

“The first thing I see is the prosecutor’s database, and I’m like ‘holy sh-t’ these are domestic violence victims. When it comes to domestic violence victims, we need to protect them the most because they have already been victimized once, and now they are again by having their information exposed,” he said.

Goodwolf’s first action was to contact the city to let them know how serious the breach was, because what he saw contradicted official statements. At a press conference on August 13,  Columbus Mayor Andrew Ginther said: “The personal data that the threat actor published to the dark web was either encrypted or corrupted, so the majority of the data came by the threat actor is unusable.”

But what Goodwolf was finding didn’t support that view. “I tried to reach out to the city multiple times to multiple departments and was blown off,” he said.

Google-owned Mandiant, as well as many other top cybersecurity firms, have been tracking a continued increase in ransomware attacks, both in prevalence and severity, and the rise of the Rhysida Group behind the Columbus hack, which has come into prominence within the last year.

The Rhysida Group claimed responsibility for the hack. While not much is known about the cyber gang, Goodwolf and other security experts say they appear to be state-sponsored and based in Eastern Europe, possibly linked to Russia. Goodwolf says these ransomware gangs are “professional operations” with a staff, paid vacation, and PR people.

“They have ramped up the attacks and targets since last autumn,” he said.

The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a bulletin about Rhysida last November.

Goodwolf said that because no one from the city responded to him he went to the local media and shared data with journalists to get the word out about the seriousness of the breach. And that is when he heard from the city of Columbus, in the form of a lawsuit and a temporary restraining order preventing him from disseminating additional information. 

The city defended its response in a statement to CNBC:

“The City initially moved to obtain this order, which was granted by the Court, to prevent the dissemination of sensitive and confidential information, potentially including the identities of undercover police officers, that threatens public safety and criminal investigations.”

The city’s temporary 14-day restraining order against Goodwolf has since expired, and now it has a preliminary injunction and an agreement with Goodwolf not to release more data.

“It should be noted that the Court order does not prohibit the defendant from discussing the data breach or even describing what kind of data was exposed,” the city’s statement added. “It simply prohibits the individual from disseminating the stolen data posted on the dark web. The City remains engaged with federal authorities and cyber security experts to respond to this cyber intrusion.”

Meanwhile, the mayor did have to perform a mea culpa at a subsequent press conference, saying his initial statements were based on the information he had at the time. “It was the best information we had at the time. Clearly, we discovered that that was inaccurate information and I have to accept responsibility for that.”

Realizing the exposure to residents was greater than first thought, the city is offering two years of free credit monitoring from Experian. This includes anyone who has had contact with the city of Columbus via an arrest or other business. Columbus is also working with Legal Aid to see what additional protections are needed for domestic violence victims who may have been compromised or need help with civil protection orders.

To date, the city has not paid the hackers, who were demanding $2 million in ransom.   

‘He’s Not Edward Snowden’

Those who study cybersecurity law and work within the realm expressed surprise at Columbus filing a civil lawsuit against the researcher.

“Lawsuits against data security researchers are rare,” said Raymond Ku, professor of law at Case Western Reserve University. On the rare occasion they do happen, he said, it is usually when the researcher is alleged to have disclosed how a flaw was or can be exploited, which would then allow others to take advantage of the flaw as well.

“He wasn’t Edward Snowden,” said Kyle Hanslovan, CEO of cybersecurity company Huntress, who described himself as troubled by the city of Columbus’s response and what it could mean for future breaches. Snowden was a government contract employee who leaked classified information and faced criminal charges, but considered himself a whistleblower. Goodwolf, Hanslovan says, is a Good Samaritan who independently found the breached data.

“In this case, it appears we have just silenced someone who, as far as I can tell, appears to be a security researcher who did the bare minimum and confirmed the official statements made were not true. This can’t possibly be an appropriate use of the courts,” Hanslovan said, predicting the case will be quickly overturned.

Columbus City Attorney Zach Klein said during a September press conference that the case was “not about freedom of speech or whistleblowing. This is about downloading and disclosure of stolen criminal investigatory records.”

Hanslovan worries about the ripple effect where cybersecurity consultants and researchers are afraid to do their jobs for fear of being sued. “The bigger story here is are we seeing the emergence of a new playbook” for hacking response in which individuals are silenced, and that should not be welcomed, he said. “Silencing any opinion, even for 14 days, could be enough to prevent something credible from coming to light, and that terrifies me,” Hanslovan said. “That voice needs to be heard. As we see bigger cybersecurity incidents come up, I am worried that folks will be more concerned bringing them to light.”

Scott Dylan, founder of United Kingdom-based venture capital firm NexaTech Ventures, also thinks the actions of the city of Columbus could induce a chilling effect on the field of cybersecurity.

“As the field of cyberlaw continues to mature, this case is likely to be referenced in future discussions about the role of researchers in the aftermath of data breaches,” Dylan said.

He says legal frameworks must evolve to keep pace with the sophistication of both cyberattacks and the ethical dilemmas they generate, and the approach taken by Columbus is a mistake.

Meanwhile, the legal process will grind on for Goodwolf. Despite Columbus and Goodwolf reaching an agreement last week on the dissemination of information, the city is still suing him for damages in a civil suit that could reach $25,000 or higher. Goodwolf is representing himself in his talks with the city, though says that he has a lawyer on standby, if needed.

Some residents have filed a class-action lawsuit against the city. Goodwolf says that 55% of the information breached has been sold onto the dark web, while 45% is available for anyone with the skills to access it.

Dylan thinks the city is taking a big risk, even if its actions may be legally defensible, by creating the appearance of an attempt to silence discourse rather than encourage transparency. “It’s a strategy that could backfire, both in terms of public trust and future litigation,” he said.

“I am hoping the city realizes the mistake of filing a civil suit and the implications not just on security,” Goodwolf said, noting that Intel is building a $1 billion facility in a Columbus suburb. In recent years, the city has been positioning itself as a new tech hub in the Midwest, and attacking white hats and cybersecurity researchers, he said, could cause some in the tech sector to rethink it as a location.

Continue Reading

Technology

With Apple on board, OpenAI’s next act could be its toughest yet

Published

on

By

With Apple on board, OpenAI’s next act could be its toughest yet

OpenAI stormed onto the scene with ChatGPT and upended the tech world in less than two years. But over the next few months, the artificial intelligence darling will face some of its biggest tests yet.

A highly anticipated partnership with Apple will supercharge its reach, putting it in front of millions of users who may have never interacted with generative AI before. A massive valuation that is growing at breakneck pace has set the stakes higher than ever, especially with interest from investors including Apple and Nvidia.

A reorganization of its hybrid nonprofit and for-profit entities has drawn criticism for abandoning the startup’s roots of building AI to benefit humanity. After just releasing a preview of its newest AI model, codenamed Project Strawberry but officially launching as OpenAI o1, the next breakthrough and GPT-5 are still on the line.

It is all a tall ask for a company that has had a bumpy ride to the top. OpenAI’s co-founder and CEO Sam Altman is divisive, surviving a coup, scrutiny around conflicts of interests, doubts around his motivations and now an exodus of top talent from the company.

Can he lead OpenAI into the big leagues? Watch this video to learn more.

Continue Reading

Technology

Brazil supreme court unfreezes assets of Elon Musk’s Starlink, X after taking fines

Published

on

By

Brazil supreme court unfreezes assets of Elon Musk's Starlink, X after taking fines

Elon Musk, chief executive officer of Tesla Inc., at the US Capitol in Washington, DC, US, on Wednesday, July 24, 2024. 

Samuel Corum | Bloomberg | Getty Images

Brazil’s supreme court announced Friday that it ordered banks to transfer funds from Starlink and X accounts to pay fines the court levied against Elon Musk’s social network.

The court’s top justice, Alexandre de Moraes, and a panel of five other justices, found that X had repeatedly violated Brazilian law when it refused to appoint a legal representative in the country, and when it refused to remove content or profiles from its platform that the court determined to be harmful towards democratic institutions in Brazil.

The court had nearly 18.4 million Brazilian reals, or approximately $3.3 million, transferred out of the accounts. Musk acquired X, then known as Twitter, in 2022. Starlink is the satellite internet service run by SpaceX.

Following the transfers, the court ordered that the frozen bank accounts and assets of X and Starlink be released, saying there was no longer any need to keep them.

The court suspended X at the end of August, and the suspension remains in place. 

Musk and his businesses have said they view the actions of de Moraes as “illegal,” and his court’s orders as having been issued without due process. X and SpaceX did not immediately respond to requests for comment on Friday.

Brazilian news agency UOL reported earlier this month that some of the accounts de Moraes ordered Musk to suspend at X belong to users who allegedly threatened federal police officers involved in a probe of former right-wing Brazilian President Jair Bolsonaro.

Bolsonaro has been accused of instigating Brazil’s Jan. 8 riots and of attempting to stage a coup there.

Musk is a proponent of Bolsonaro, in part because the former Brazilian president authorized his business Starlink to operate in the country.

Musk has been ramping up insults and calls to impeach de Moraes since April. On Sept. 5, his long-time collaborator at the helm of SpaceX, COO Gwynne Shotwell, also took shots at the Brazil supreme court online.

She wrote, “@Alexandre, please stop harassing Starlink and let us keep serving the people of Brazil.”

Backers of de Moraes and the STF have seen the orders against X Corp. as an assertion of Brazilian sovereignty.

WATCH: New data shows Musk’s Twitter takeover is worst deal for banks since 2008 financial crisis

New data shows Musk's Twitter takeover is worst deal for banks since 2008 financial crisis

Continue Reading

Trending