All about Blockchain, Cryptocurrency, Digital Transformation

Discussion in 'Off Topic' started by Dr. AMK, Jan 7, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,882
    Messages:
    17,085
    Likes Received:
    20,983
    Trophy Points:
    931
    Miner vs miner: Attack script seeks out and destroys competing currency crafters
    There is no honour among CPU thieves
    By Richard Chirgwin 6 Mar 2018 at 04:57
    https://www.theregister.co.uk/2018/03/06/cryptocurrency_miner_sans_martens/

    "Cryptocurrency-mining malware-scum have started to write code that evicts rivals from compromised computers.

    The miner in question was first noticed by SANS Internet Storm Center handler Xavier Mertens. Mertens spotted the PowerShell script on March 4, and noting that it kills any other CPU-greedy processes it spots on target machines, he wrote: “The fight for CPU cycles started!”

    Pre-infection, the attack script checks whether a target machine is 32-bit or 64-bit and downloads files known to VirusTotal as hpdriver.exe orhpw64 (they're pretending to be HP drivers of some kind).

    If successfully installed, the attack then lists running processes and kills any it doesn't like. Mertens noted that alongside ordinary Windows stuff, the list of death-marked processes includes many associated with cryptominers, some of which are listed below.

    Silence
    Carbon
    xmrig32
    nscpucnminer64
    cpuminer
    xmr86
    xmrig
    xmr

    Mertens wrote that the script also checks for processes associated with security tools.

    Marten's next post is also worth a look if you're a Linux admin. He followed up on this Tweet from ESET's Michal Malik.

    https://t.co/KjDgSgGz94 < infects Linux servers

    1) adds public key to authorized_keys
    2) runs a coinminer
    3) generates IP ranges, uses masscan
    3a) to pwn Windows hosts with EternalBlue, then its payload downloads a PE file
    3b) to pwn Linux hosts via Redis & downloads itself on pic.twitter.com/IvWzU1jBqy

    — Michal Malík (@michalmalik) March 2, 2018

    It's a bash script that tries to push a miner onto Linux boxes, along with scanning the Internet for Windows machines vulnerable to the NSA's EternalBlue attack."


    Bitcoin heist with a twist: This time it's servers that were stolen
    Icelandic cops cuff 11 on suspicion of data centre robberies
    By Simon Sharwood, APAC Editor 5 Mar 2018 at 04:57
    https://www.theregister.co.uk/2018/03/05/iceland_cryptocurrency_mining_servers_stolen/
     
    Last edited: Mar 6, 2018
    Dr. AMK likes this.
  2. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    Which big banks are most digitally ready?
    https://thefinanser.com/2018/03/big-banks-digitally-ready.html/
    I shared this list of banks that are supposedly the most digital of the large players on twitter the other day:
    • Banco Santander
    • Bank of America
    • Barclays
    • BBVA
    • BNP Paribas
    • Citi
    • DBS Bank
    • Deutsche Bank
    • HSBC
    • JP Morgan Chase
    • RBS
    • Société Générale
    • UniCredit
    • Wells Fargo
    People came at me, stating that it was a biased and short-sighted list, but they failed to notice that I had put a question mark over the list and a link to the company that had compiled it, Juniper Research.

    [​IMG]

    The most digitally mature of the large banks, according to Juniper, are BBVA and DBS. I can agree with this. However, as many pointed out, it’s a strange list. The banks closely following BBVA and DBS, according to Juniper, include HSBC, RBS, Santander, Unicredit and Bank of America, none of whom I would have anywhere near the level of transformation that BBVA and DBS have achieved. Equally, where are other players like USAA and Capital One, who are the top of my tree for digital readiness alongside BBVA and DBS. I wonder why they also assessed Barclays, HSBC and RBS and missed out Lloyds, arguably one of the leading UK big bank digital players. There are also many smaller players who would be in the top quadrant too, such as mBank (Poland) and Denizbank (Turkey).

    So I downloaded their report and see that their assessment is made on the following criteria to derive weighted scores for innovation and digital readiness, and the banks’ overall agility score:

    • Profitability;
    • Customers & Branding Strength;
    • Ecosystem Enablement;
    • Digital Enablement & Offerings;
    • Digital Investment; and
    • Innovation & Personalisation.
    They then put the banks into different categories based upon their agility and readiness for the digital age. The categories are:

    a) Evolve Phase

    We did not assess any of the banks included in the Index above to have completed a successful digital transformation roadmap, and/or be working towards setting up future technological innovation path.

    b) Mature Phase

    A number of banks were found to be in the mature stages of digital transformation, reaching the final stages of the objectives defined in the roadmap. These players have already invested in digital enablement and have successfully completed parts of their current digital transformation roadmap. These banks continue to offer a wide ranging digital portfolio, as well as investing in rapid development of technology and customer enablement. People investment is critical for the completion of a successful banking transformation, and these banks lead others in customer and people training and enablement.

    c) Focus Phase

    As the name suggests, the banks positioned in this Phase have begun their digital transformation process and offer a selected number of digital products and/or offerings to its customers. These banks are expected to focus on the next level of digital transformation in terms of organisational changes, automation of services, integration of other stakeholders and the development of innovative business models.

    d) Establish Phase

    Juniper also profiled a few banks in this Phase; these are mainly banks with a digital transformation roadmap in place. They have started product enablement, offering digital solutions including mobile banking services and often have a significant user base.

    Anyways you can read it all yourself, but lots of people came back and asked me what my list would be. Assuming it’s just looking at the big, established banks, as the list would be too long if I included all the new digital banks and smaller players, my list would definitely include the ones I’ve named:
    • BBVA
    • DBS
    • USAA
    • Capital One
    I’d wouldn’t consider adding any others right now, as my criteria is based upon whether the C-suite is truly transforming the bank to digital or just investing in digital. As I keep saying, a bank has to have a digital culture, not just invest in it. That means having a leadership team who truly believe in transformational digital change, and I haven’t met many of them yet. Although Bank of America, Barclays, Citi and Lloyds can make claims in this space, I think they are a year or two behind the ones I’ve mentioned. Equally, many big banks talk digital but aren’t actually doing digital in the way in which I’m discussing it here. Hence, I’m going to be cagey and not cast a vote to anyone else … unless they can show me the leadership commitment.
     
  3. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    The 'Sinister' Dangers Of Companies Collecting Our Data
     
  4. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    New Cryptocurrency Mining Malware Infected Over 500,000 PCs in Just Few Hours
    https://thehackernews.com/2018/03/cryptocurrency-mining-malware.html

    [​IMG]
    Two days ago, Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent.

    Dubbed Dofoil, aka Smoke Loader, the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mines Electroneum coins, yet another cryptocurrency, for attackers using victims' CPUs.

    On March 6, Windows Defender suddenly detected more than 80,000 instances of several variants of Dofoil that raised the alarm at Microsoft Windows Defender research department, and within the next 12 hours, over 400,000 instances were recorded.

    The research team found that all these instances, rapidly spreading across Russia, Turkey, and Ukraine, were carrying a digital coin-mining payload, which masqueraded as a legitimate Windows binary to evade detection.

    However, Microsoft has not mentioned how these instances were delivered to such a massive audience at the first place in this short period.

    Dofoil uses a customized mining application that can mine different cryptocurrencies, but in this campaign, the malware was programmed to mine Electroneum coins only.

    [​IMG]

    According to the researchers, Dofoil trojan uses an old code injection technique called 'process hollowing' that that involves spawning a new instance of a legitimate process with a malicious one so that the second code runs instead of the original, tricking process monitoring tools and antivirus into believing that the original process is running.

    "The hollowed explorer.exe process then spins up a second malicious instance, which drops and runs a coin mining malware masquerading as a legitimate Windows binary, wuauclt.exe."

    To stay persistence on an infected system for a long time to mine Electroneum coins using stolen computer resources, Dofoil trojan modifies the Windows registry.

    "The hollowed explorer.exe process creates a copy of the original malware in the Roaming AppData folder and renames it to ditereah.exe," the researchers say. "It then creates a registry key or modifies an existing one to point to the newly created malware copy. In the sample we analyzed, the malware modified the OneDrive Run key."
    Dofoil also connects to a remote command and control (C&C) server hosted on decentralized Namecoin network infrastructure and listens for new commands, including the installation of additional malware.

    Microsoft says behavior monitoring and Artificial intelligence based machine learning techniques used by Windows Defender Antivirus have played an important role to detect and block this massive malware campaign.
     
  5. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    3 Cryptocurrencies To Earn Passive Income With — Part 2
    https://hackernoon.com/3-cryptocurrencies-to-earn-passive-income-with-part-2-39c127cd5dd8
    Before proceeding any further, I’d like to thank each and every reader of my blog for the enormous support and responses I’ve been receiving over the past few weeks.

    As promised in Part 1, which you can find here, I will highlight 3 (more) cryptocurrencies that allow you to earn a passive income. And since this quote was highlighted hundreds of times last time, I’d like to re-iterate and quote Warren Buffett once again — “If you don’t find a way to make money while you sleep, you will work until you die”.
    [​IMG]
    ICON (ICX)
    [​IMG]
    ICON is another project that has been making headlines as of late, which I also see as having great potential. It has been dubbed as the “Korean Ethereum” but has so much more going for it and this tag does not justify it. ICON has recently launched their main net and will soon allow converting (or token swap as they call it) the “placeholder” ICX ERC20 Tokens (these were just used to launch their Initial Coin Offering) to “real” ICX tokens.

    Closely tracking ARK.io from my previous post, ICON uses a consensus mechanism called Loop Fault Tolerance (LFT) with an incentive system very similar to Delegated Proof-of-Stake (DPoS). This mechanism requires coin holders to vote for delegates, who are responsible for validating transactions and maintaining the blockchain. You can find more details about LFT here.

    Once ICON has fully launched their main net (including their wallet ICONex and token swap mechanism) all you would have to do is set up an ICONaccount and cast your delegate vote. You will then receive a payout through the delegate as a reward for voting for them. Details on how much you will receive in return has not been formalized yet, as there are no historical data to calculate estimates.

    You can purchase ICX (ERC20 tokens) on Binance, COSS, Gate.io and many others.


    COSS.io (COSS)

    [​IMG]
    Unlike all other coins discussed above, Crypto One Stop Solution (COSS) is an “exchange token” and these have been gaining popularity over the past few months.

    COSS works as follows —Every transaction executed on the exchange carries a small fee (between 0.04–0.2% depending on each individual’s trading volume), for both the price maker and taker. Half of the fees will then be placed into a Decentralized Autonomous Organization (DAO), which are then distributed to COSS Token holders at the end of the week. These dividends are paid out in the respective tokens that the transaction was executed, i.e. if the transaction was on the ETH/OMG pair, you would receive an ETH and OMG payout, instead of COSS.

    Depending on where you store your COSS tokens, the procedure to receive your payout is slightly different:

    • If your COSS tokens are stored on the COSS.io exchange, then nothing extra is required. The payouts will happen automatically every week (which are cumulative and you can claim with a few clicks).
    • If you use an external wallet for storing your COSS tokens (i.e. MyEtherWallet) then you would need to execute a particular function in the COSS Token smart-contact. Details on how this can be done can be found here.
    CossCalc has an excellent calculator that allows you to determine dividends, while also allowing you to modify the specific variables that affect payouts (daily volume and fees).

    COSS can be, unsurprisingly, purchased on COSS.



    PIVX (PIVX)

    [​IMG]
    Private Instant Verified Transaction (PIVX), is a fork of the Dash (DASH). Unlike Dash, which uses Proof-of-Work (PoW) as a consensus mechanism, PIVX uses Proof-of-Stake (PoS). I will not go into details about PoW but you can find more details here.

    From Ethereum’s wiki (which will eventually become PoS as well):

    PoS is a category of consensus algorithms for public blockchains that depend on a validator’s economic stake in the network. In PoS-based public blockchains, a set of validators take turns proposing and voting on the next block, and the weight of each validator’s vote depends on the size of its deposit (i.e. stake).
    More information about PoS can be found here.

    Naturally, those who hold the most amount of coins and are staking will play the largest role in securing the network. As a reward for securing the network, they are paid with newly minted (created) coins.

    There are two ways to earn a passive income with PIVX.
    1. Running a Masternode — Masternodes provide extra services to the PIVX network than normal nodes. In return, Masternodes earn additional rewards. In order to run a Masternode, you need at least 10,000 PIVX. Details on how to set-up your own Masternode can be found here.
    2. Stake your PIVX — This method is very simple and has no minimum PIVX requirement; you can stake any amount of PIVX. All you need to do is set-up a PIVX wallet and keep your wallet “active” (i.e. online). Detailed steps on how to stake PIVX can be found here.
    In order to find out how much you can be passively earning with PIVX, you can visit the PIVX Reward Calculator page here.

    You can purchase PIVX on Binance and others.
     
  6. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    Blockchain: Opportunities for health care
    http://deloi.tt/2Ge2IfX
    A new model for health information exchanges
    Blockchain technology has the potential to transform health care, placing the patient at the center of the health care ecosystem and increasing the security, privacy, and interoperability of health data. This technology could provide a new model for health information exchanges (HIE) by making electronic medical records more efficient, disintermediated, and secure. While it is not a panacea, this new, rapidly evolving field provides fertile ground for experimentation, investment, and proof-of-concept testing.

    Blockchain health IT challenge

    A team from Deloitte Consulting LLP won a blockchain ideation challengesponsored by the Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC). Deloitte’s winning white paper, describes opportunities for applying blockchain technology to health care to make health information exchanges (HIE) more secure, efficient, and interoperable. The paper was selected from over 70 submissions from a wide range of individuals, organizations, and companies addressing ways that blockchain technology might be used in health and health IT to protect, manage, and exchange electronic health information.

    Download the PDF
    What is blockchain and how can it provide opportunities for health care?
    A blockchain powered health information exchange could unlock the true value of interoperability. Blockchain-based systems have the potential to reduce or eliminate the friction and costs of current intermediaries.

    The promise of blockchain has widespread implications for stakeholders in the health care ecosystem. Capitalizing on this technology has the potential to connect fragmented systems to generate insights and to better assess the value of care. In the long term, a nationwide blockchain network for electronic medical records may improve efficiencies and support better health outcomes for patients.

    What is blockchain?

    At its core, blockchain is a distributed system recording and storing transaction records. More specifically, blockchain is a shared, immutable record of peer-to-peer transactions built from linked transaction blocks and stored in a digital ledger. Blockchain relies on established cryptographic techniques to allow each participant in a network to interact (e.g. store, exchange, and view information), without preexisting trust between the parties. In a blockchain system, there is no central authority; instead, transaction records are stored and distributed across all network participants. Interactions with the blockchain become known to all participants and require verification by the network before information is added, enabling trustless collaboration between network participants while recording an immutable audit trail of all interactions.

    Blockchain as an enabler of nationwide interoperability

    The Office of the National Coordinator for Health Information Technology issued a shared nationwide interoperability roadmap, which defines critical policy and technical components needed for nationwide interoperability, including:

    1. Ubiquitous, secure network infrastructure
    2. Verifiable identity and authentication of all participants
    3. Consistent representation of authorization to access electronic health information, and several other requirements.
    However, current technologies do not fully address these requirements, because they face limitations related to security, privacy, and full ecosystem interoperability.

    Implementation challenges and considerations

    Blockchain technology presents numerous opportunities for health care; however, it is not fully mature today nor a panacea that can be immediately applied. Several technical, organizational, and behavioral economics challenges must be addressed before a health care blockchain can be adopted by organizations nationwide.

    Shaping the blockchain future

    Blockchain technology creates unique opportunities to reduce complexity, enable trustless collaboration, and create secure and immutable information. HHS is right to track this rapidly evolving field to identify trends and sense areas where government support may be needed for the technology to realize its full potential in health care. To shape blockchain’s future, HHS should consider mapping and convening the blockchain ecosystem, establishing a blockchain framework to coordinate early-adopters, and supporting a consortium for dialogue and discovery.
     
  7. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    Report Alleges Egyptian Government is Secretly Mining Cryptocurrencies on Citizens’ Devices
    https://www.ccn.com/report-alleges-...tly-mining-cryptocurrencies-citizens-devices/
    [​IMG]
    An investigation by The Citizen lab has found evidence that Egyptian authorities are mining cryptocurrencies on citizen’s computers and laptops.

    Using Internet scanning the researchers found deep packet inspection middleboxes on Telecom Egypt connections. Unencrypted traffic, (that uses http, not https) was redirected to browser cryptocurrency mining scripts. The researchers suggest this was done in order to extract revenue from unsuspecting internet users.

    The report also identified the same malicious system being used in Turkey to inject citizen’s devices with spyware. Both Egypt and Turkey have been increasingly authoritarian in recent years, breaching multiple human rights obligations. Reporters Without Borders ranked Egypt 161st out of 180 currencies in its 2017 World Press Freedom Index, and 800 people have been sentenced to death since 2013. Journalists, human rights defenders, and protesters have experienced mass arrests, disappearances, and torture.

    After an extensive investigation, the team was able to track the network injections from both Egypt and Turkey to Sandvine PacketLogic devices – an American-based firm which sold the Turkish system as part of a $6,000,000 contract. At the time the deal caused a prominent member of the company to resign in protest.

    Attitudes to cryptocurrency are split in the highly religious Egypt. Earlier this year Egypt’s foremost religious leader called for a blockchain ban, stating that Bitcoin was illegal under Sharia law.

    Whilst some authorities in Egypt are against the technology, the attackers are likely making large amounts of money. A report from Talos earlier this month, a leading cyber security intelligence firm, estimates that malicious mining could be netting attackers over $100m a year. The report estimated that each infected device can generate about 28 cents a day. With 2000 devices that adds up to $568 per day, and $200,000 a year. It’s likely however that the nation-wide system uncovered could have many many more devices infected – leading to much higher profits.

    This type of attack has grown hugely in recent years, with malware research labs alleging that over 1.5 million devices have been affected. Website owners have deployed the technology as an alternative to ad-hosting. However, the primary use has been by hackers who slide the system onto internet users without them knowing.

    The news of Egypt and Turkey’s use of the software comes as a reminder not only of the shaky human rights situation in these countries, but of state-sanctioned spying globally. As we progress through 2018 the internet is increasingly becoming less of a tool to connect citizens, and more a weapon to spy on them.
     
  8. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    All powerful Governments around the world and their Intelligence Agencies monitoring and controlling all the Cryptocurrency activities. I don't like to be fooled by anyone saying that there is no one control this industry or no one can know what you have and what you pay for or where did you get your cryptocurrencies. Everything related to this industry is monitored and under control.
     
  9. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    FBI, CoinBase and BitCOiN



    Watch LIVE: Senate Moves To Destroy Bitcoin Privacy, As FBI Head Faces Multiple Investigations


     
    Last edited: Mar 12, 2018
  10. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,724
    Messages:
    1,274
    Likes Received:
    2,707
    Trophy Points:
    181
    ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries
    https://thehackernews.com/2018/03/cryptocurrency-spyware-malware.html
    Friday, March 09, 2018 Swati Khandelwal
    [​IMG]
    Governments in Turkey and Syria have been caught hijacking local internet users' connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users' web traffic in Egypt.

    Governments, or agencies linked to it, and ISPs in the three countries are using Deep Packet Inspection technology from Sandvine (which merged with Procera Networks last year), to intercept and alter Internet users' web traffic.

    Deep packet inspection technology allows ISPs to prioritize, degrade, block, inject, and log various types of Internet traffic, in other words, they can analyze each packet in order to see what you are doing online.

    According to a new report by Citizen Lab, Turkey's Telecom network was using Sandvine PacketLogic devices to redirect hundreds of targeted users (journalists, lawyers, and human rights defenders) to malicious versions of legitimate programs bundled with FinFisher and StrongPity spyware, when they tried to download them from official sources.
    [​IMG]
    "This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default," the report reads.

    A similar campaign has been spotted in Syria, where Internet users were silently redirected to malicious versions of the various popular application, including Avast Antivirus, CCleaner, Opera, and 7-Zip applications bundled with government spyware.

    In Turkey, Sandvine PacketLogic devices were being used to block websites like Wikipedia, the sites of the Dutch Broadcast Foundation (NOS) and Kurdistan Workers' Party (PKK).

    ISPs Injected Cryptocurrency Mining Scripts Into Users' Web Browsers
    [​IMG]
    However, in Egypt, Sandvine PacketLogic devices were being used by a Telecom operator for making money by:
    • Secretly injecting a cryptocurrency mining script into every HTTP web page users visited in order to mine the Monero cryptocurrency,
    • Redirecting Egyptian users to web pages with affiliate ads.
    In Egypt, these devices were also being used to block access to human rights, political, and news outlets like Al Jazeera, HuffPost Arabic, Reporters Without Borders, and Mada Masr, as well as NGOs like Human Rights Watch.

    Citizen Lab researchers reported Sandvine of their findings, but the company called their report "false, misleading, and wrong," and also demanded them to return the second-hand PacketLogic device they used to confirm attribution of their fingerprint.

    Citizen Lab started this investigation in September last year after ESET researchers published a reportrevealing that the downloads of several popular apps were reportedly compromised at the ISP level in two (unnamed) countries to distribute the FinFisher spyware.
     
Loading...
Similar Threads - Blockchain Cryptocurrency Digital
  1. Dr. AMK
    Replies:
    1
    Views:
    188

Share This Page