All about Blockchain, Cryptocurrency, Digital Transformation

Discussion in 'Off Topic' started by Dr. AMK, Jan 7, 2018.

  1. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,775
    Messages:
    1,309
    Likes Received:
    2,746
    Trophy Points:
    181
  2. Vistar Shook

    Vistar Shook Notebook Deity

    Reputations:
    1,820
    Messages:
    1,106
    Likes Received:
    1,146
    Trophy Points:
    181
    Dr. AMK and hmscott like this.
  3. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,915
    Messages:
    17,290
    Likes Received:
    21,215
    Trophy Points:
    931
    Yeah, saw that, it's pretty bad - imagine downloading some infected miner GUI or parts into that secure facility, and have it spread.

    This whole crypto currency thing needs to be stopped. Regulated and controlled so that poor suckers that don't know any better - with no common sense or self-control - don't waste their life savings on scams, GPU's and electric bills.

    Imagine those huge electric bills coming due after the exchange of coins to real money stops working, and they keep mining for months hoping it clears up so they can cash out - just enough to cover the power bills, and they lose everything, for nothing.
     
    Vistar Shook and Dr. AMK like this.
  4. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,775
    Messages:
    1,309
    Likes Received:
    2,746
    Trophy Points:
    181
    Mining with CPU instead of GPU.

     
    Vistar Shook likes this.
  5. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,775
    Messages:
    1,309
    Likes Received:
    2,746
    Trophy Points:
    181
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,915
    Messages:
    17,290
    Likes Received:
    21,215
    Trophy Points:
    931
    Now that's taking the p... Sewage plant 'hacked' to craft crypto-coins
    Mining Monero on SCADA networks? Why can't you kids be normal and just DDoS
    By Iain Thomson in San Francisco 8 Feb 2018 at 19:51
    https://www.theregister.co.uk/2018/02/08/scada_hackers_cryptocurrencies/

    "Updated: Infosec bods say they have uncovered what's thought to be the first case of a major industrial control system network infected with cryptocurrency-mining malware.

    SCADA security outfit Radiflow claimed today it found the software nasty lurking in computer systems at a water treatment facility.

    Several operational servers used to monitor and regulate critical water supplies were found to have been infected with code that secretly harvested Monero cyber-dosh and sent the coins over the internet to its masterminds, we're told.

    The malicious software was, we're told, chewing up processor time, noisily shifting data over the network, and potentially exploiting the fact that industrial networks tend not to be running the latest security patches – typically because they oversee critical processes that cannot be interrupted or knocked out by bad updates.

    In short, it's not particular great to see malicious code running that near important systems. Luckily, it was just mining Monero rather than anything more sinister.

    "Cryptocurrency malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a critical infrastructure operator," said Yehonatan Kfir, chief tech officer at Radiflow.
    "PCs in an OT [operational technology] network run sensitive HMI [human-machine interface] and SCADA [supervisory control and data acquisition] applications that cannot get the latest Windows, antivirus and other important updates and will always be vulnerable to malware attacks."

    The malware family caught on the water utility's equipment wasn't named, and it sounds relatively sophisticated – more than a JavaScript miner running on a webpage on someone's laptop. It used obfuscation techniques, we're told, such as shutting down any installed antivirus tools, and was designed to be stealthy to maximize its moneymaking before it could be discovered.

    The software nasty was apparently spottedthanks to researchers noticing unusual spikes in HTTP connections to the outside world from the infiltrated hardware, and the computers trying to send data to servers already identified as malware command-and-control machines. The hidden miners have since been removed from the sewage plant's systems, it is claimed.

    Currency mining infections are fast becoming the preferred method for online scumbags to make a fast buck. Even ransomware is losing ground to mining infections, thanks in part to people keeping better backups and antivirus tools becoming more effective at blocking extortionware.

    There's no word on how the malware got onto the SCADA network in the first place. It was either placed there by a rogue employee, via an open hardware port, or possibly through a network service left open by a careless admin.

    We've pinged Radiflow, based in New Jersey, USA, for more information – we'll let you know if they get back to us. ®

    Updated to add
    While the cause of the infection is still being investigated, Ilan Barda, Radiflow’s CEO, told The Register today the malware was probably installed after someone used a browser on a server to visit a website they shouldn't have. The nasty would have been accidentally downloaded and run, and it likely exploited network file shares to move through the utility company's computers, we're told. It sounds a lot like a variant of Adylkuzz.

    The plant has not been named due to customer confidentiality agreements.

    "What we see is that it got into one of the servers, and moved across to others using SMB vulnerabilities," he explained.

    "The main problem with systems like this is that they aren't usually properly patched or running security software, so once you get in it's usually easy to infect other computers on the network."

    The mining software, derived from Coinhive's code as usual, was running infected servers' CPUs at very high rates, apparently, and presumably reaping a lot of currency. A standard PC running Coinhive can typically pull in around 25 cents per day, but servers are more powerful and can churn out more crypto-cash.
    Thankfully, in this case the mining code doesn't seem to have affected normal operations at the plant. Radiflow is now working with regulators to lock down the infected network and check for other malware in connected systems."
     
    Dr. AMK likes this.
  7. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,915
    Messages:
    17,290
    Likes Received:
    21,215
    Trophy Points:
    931
    UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin hacked
    Biz scrambles to shut down crafty coin crafting operation
    By Chris Williams, Editor in Chief, 11 Feb 2018 at 15:41
    https://www.theregister.co.uk/2018/02/11/browsealoud_compromised_coinhive/

    "Thousands of websites around the world – from the UK's NHS and ICO to the US government's court system – were today secretly mining crypto-coins on netizens' web browsers for miscreants unknown.

    The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

    This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.
    For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

    A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

    Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.

    The Monero miner was added to Browsealoud's code some time between 0300 and 1145 UTC: here's a clean copy of its JavaScript, andthe hacked version. Coinhive's code is mostly detected and stopped by antivirus packages and ad-blocking tools. The miner perishes when you close the browser tab, so if you have visited one of the affected sites, your computer shouldn't be infected: the code only runs while the tab is open.

    [​IMG]
    Scrambled ... A portion of the obfuscated mining code injected via Browsealoud today

    The injected mining code was obfuscated, but when converted from hexadecimal back to ASCII it spelled out the necessary magic to summon Coinhive's stealthy JavaScript miner to the page.

    Defense mechanism
    The malicious code was first spotted by UK-based infosec consultant Scott Helme, and confirmed by The Register. He recommended webmasters try a technique called SRI – Subresource Integrity – which catches and blocks attempts by hackers to inject malicious code into strangers' websites.

    Just about every non-trivial website on the planet loads in resources provided by other companies and organizations – from fonts and menu interfaces to screen readers and translator tools. If any one of these outside resources is hacked or tampered with to perform malicious actions, such as mine crypto-coins, all the websites relying on that compromised resource will end up pulling the evil code onto their pages and into visitors' browsers.

    SRI uses a fingerprinting approach to stop vandalized JavaScript from being imported into webpages. If an internet dirtbag changes a third-party provider's source code, the alteration is detected and blocked by the individual websites using this signature technique.

    Until more websites use this protection mechanism, third-party resource providers – like Browsealoud – will be targeted by criminals to spread miners, or worse, on thousands of websites. A scumbag simply has to hack one provider to effectively infect countless other webpages.

    "Third parties like this are absolutely a prime target and have been for some time," Helme told El Reg today. "There's a technology called SRI (Sub-Resource Integrity) designed to fix exactly this problem, and unfortunately it seems that none of the affected sites were using it."

    A spokesperson for Texthelp told us as we were preparing to publish that it has removed its Browsealoud code from the web while it probes the security cockup, shutting down the illicit Monero-crafting operation.

    "We are addressing this immediately," the biz said via Twitter. "Our Browsealoud service has been temporarily disabled whilst our engineering team investigates."

    Luckily, the injected code was just trying to slyly mine Monero coins – one XMR is worth $238.65 or £172.56 right now – rather than anything more malevolent, such as popping up dodgy ads or tricking people into installing malware.

    Texthelp's altered JavaScript was pulled offline by 1600 UTC today, we can confirm, meaning the affected websites are, for now, back to normal. The UK's ICO has also switched its website to a minimal "maintenance" mode as a precaution."
     
    Dr. AMK likes this.
  8. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,915
    Messages:
    17,290
    Likes Received:
    21,215
    Trophy Points:
    931
    CRYPTO CON
    Bitcoin Lenders Take the Money and Run During Crypto Crash

    KELLY WEILL, 02.09.18 5:00 AM ET
    People keep lending money to anonymous cryptocurrency dealers. Now that crypto values are plummeting, the dealers are vanishing.
    https://www.thedailybeast.com/bitcoin-lenders-take-the-money-and-run-during-crypto-crash

    "Lend us your money and you’ll have the chance to win $1,000,000, the cryptocurrency company Davor Coin promised users on Jan. 31. Optimists poured cash into the platform, but a week later all anyone had was a cease-and-desist letter from the state of Texas.

    As cryptocurrency values skyrocketed in the final months of 2017, some enthusiasts took out loans to buy the digital money. Others invested in lenders like Davor Coin, which accept real money for “interest” paid out in fringecryptocurrencies. The lending scheme works as long as the cryptocurrency values keep rising. But cryptocurrency values are crashing, and lending companies are cutting and running with the cash, or getting slapped with cease-and-desist letters from government regulators alleging securities fraud.
    A week before its closure on Wednesday, Davor Coin was flying high.

    “WELCOME TO THE ‘BE A MILLIONAIRE’ LENDING LOTTERY !!!” the company screamed in a Medium post. “We will offer an amazing $1,000,000 to someone from the Davor community and many more prizes!”

    All users had to do was loan Davor Coin their money. Even if customers didn’t win the million-dollar jackpot, Davor Coin promised them huge returns on their loans, in the form of the company’s own kind of cryptocurrency.

    The investment might have been a gamble for buyers, but for Davor Coin it was almost a surefire money-maker. At least one study suggests that buyers of cryptocurrencies like bitcoin are comfortable entering loan schemes for the digital money, which they believe will soar in value.

    In a December survey of bitcoin buyers, more than 18 percent of respondents said they had borrowed money to purchase bitcoin. Of those who bought bitcoin with borrowed money, 22 percent told the research group LendEDU that they had not paid off the debt. Of those bitcoin fans who did not pay off their bitcoin debts, more than 70 percent said they agreed with the statement “I believe owning Bitcoin is worth the interest expense.”

    Cryptocurrency forums are rife with discussions like this one, where a user boasts of taking out a title loan on his Honda to buy cryptocurrency, which he expects to increase in value until he can buy a Lamborghini. Meanwhile,companies like Shift Cash advertise cryptocurrency-based title loans for cars.

    It’s a buyer’s market for people willing to spend money they don’t have on digital currencies that might be worth nothing next week.

    Davor Coin also had another reason to be optimistic. Two weeks before the company announced its million-dollar jackpot, one of its biggest competitors folded.

    Bitconnect, one of the largest crypto-lending companies, had long been accused of being a Ponzi scheme for its aggressive marketing that encouraged customers to recruit other users. The company’s management was completely anonymous. They promised a 1 percent daily return on investment, which experts derided as impossible.

    Red flags aside, investors kept loaning Bitconnect money until the Texas State Securities Board and the North Carolina secretary of state sent the company cease-and-desist letters in early January, accusing the company of securities fraud. On Jan. 16, Bitconnect announced it was shutting down, blaming “continuous bad press has made community members uneasy.”

    The value of Bitconnect’s cryptocurrency fell through the floor, resulting in people like this Reddit user who claims to have taken out a $500,000 business loan and loaned most of it away to the now-defunct crypto company.

    But instead of acting nervous over Bitconnect’s closure, the near-identical Davor Coin celebrated. “This does not change anything for us,” Davor Coin wrote of Bitconnect’s closure. Davor Coin had just become “the largest lending platform in the world !!”

    The boasts caught the attention of the same Texas authorities who issued a cease-and-desist to Bitconnect. On Feb. 2, Texas sent Davor Coin its own cease-and-desist, asking it to stop selling in the state until it registered as a securities firm.

    Five days later, Davor Coin announced it was shutting down its loan platform. Customers were left with nothing but the mostly defunct company’s cryptocurrency, which plunged from its peak value of $177 per coin to less than 1 cent per coin.

    Buyers took to Facebook to announce their losses. One, who had loaned the company $4,000, was left holding $9, he said. Another complained of loaning Davor Coin $20,000 and receiving the equivalent of $23.50 when he tried to cash out.

    But as swindled investors lamented their losses on Twitter, other crypto companies rushed to take the place of the two previous lending scams.
    “Good announcement for you guys,” a Twitter user with no profile picture tweeted at dozens of people who complained of losing money to Davor Coin. The “good announcement” was an advertisement for a new cryptocurrency lending company launching on Saturday."

    Wave of crypto scams, bitcoin crash spook card firms
    America’s largest banks have started to ban customers from using credit cards to buy cryptocurrencies citing the risk that borrowers might not repay
    Published: Sun, Feb 11 2018. 11 43 PM IST
    http://www.livemint.com/Money/FMz1q...pto-scams-bitcoin-crash-spook-card-firms.html

    "America’s largest banks had myriad worries in mind when they rushed this week to ban customers from using credit cards to buy cryptocurrencies. Bitcoin’s gut-wrenching slide was just one of the threats.

    JPMorgan Chase & Co., Bank of America Corp. and Citigroup Inc. started to decline purchases as industry executives zeroed in on a variety of ways they could get burned, according to people briefed on the decisions. Publicly, JPMorgan cited the risk that borrowers might not repay. Behind the scenes, card issuers were also concerned about the protections they offer shoppers and their vulnerability to thieves.
    Near the top of many lists were initial coin offerings. ICOs drew $3.7 billion last year, but in many cases companies have struggled to make good on obligations or revealed themselves as scams.

    Card executives saw a few dangers, said the people, who asked not to be identified. It can take days for buyers to receive their tokens, and if the instruments turn out to be fraudulent or illegal, cardholders may dispute the charges. Major crypto exchanges such as Coinbase eschew most tokens, but some ICOs and smaller venues enable card purchases. In December, US regulators sued a Quebec man and his firm, claiming they raised $15 million in a fraudulent ICO that found workarounds to accept cards.

    Another worry is that a thief could open a credit-card account with a stolen or fake identity, or just poach someone else’s number. The fraudster would then be able to convert the credit line into a hoard of digital cash that would be almost impossible to trace.

    Of course, Bitcoin’s plunge also creates a classic problem for any banks providing financing. Consumers who lean on credit lines to speculate—and bet wrong—may struggle to repay. The danger wasn’t so acute last year when cryptocurrencies kept climbing. But since briefly exceeding $19,000 in late December, Bitcoin has plunged.

    One Reddit user, going by bitconnected1369, drew a mix of pity, disbelief and scorn over the weekend after writing in a forum about loading up on Bitcoin at $17,000.

    “Am I worried? No,” the user wrote. “I bought it on my credit card through Coinbase and had planned the repayments would be paid out of Bitcoin profits. First payment due in a couple of weeks and I believe we will start to rise up before then.” Short of that, the user might sell a portion of the investment to keep up with initial card payments.
    What could possibly go wrong?

    Bitcoin dipped below $6,000 this week after authorities continued to speak out against speculation.

    Coinbase said people using credit cards are starting to get stung by “cash advance” fees. Customers began noticing the costs in their card statements after payment networks told banks it’s okay to classify crypto exchanges as buying a currency.

    “You’ve got people that are eschewing their mortgage to buy Bitcoin to get rich quick,” said Kristina Yee, an Aite Group analyst who studies cryptocurrencies and blockchain. The banks are “worried that people are over leveraging themselves and they won’t be able to pay back the debt.”"
     
    Last edited: Feb 11, 2018
    Dr. AMK likes this.
  9. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,775
    Messages:
    1,309
    Likes Received:
    2,746
    Trophy Points:
    181
  10. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,775
    Messages:
    1,309
    Likes Received:
    2,746
    Trophy Points:
    181
Loading...
Similar Threads - Blockchain Cryptocurrency Digital
  1. Dr. AMK
    Replies:
    1
    Views:
    204

Share This Page