MEDIA DIGITAL INDONESIA: January 2017

Friday, January 27, 2017

Comprehensive Guide to Backdoors

When I was learning this, I was disappointed with internet guides for setting up remote access, aka backdoor to a computer so here’s my contribution. Also, it’s important for security and privacy concerned people to understand this because these methods are often used maliciously to gain control over target computer.

In this article, I’m going to cover theory and practice behind binding TCP shells and reverse TCP shells. After that I will briefly touch upon their advanced versions – secure shells (SSH) and reverse secure shells.

Theory

Transmission Control Protocol (TCP) is a way to transfer data from one IP address to another. It’s used to transfer the command to the remote computer as well as the command output back to the command and control computer. In TCP connections, one side has to listen for a connection and the other side has to connect.

There are 2 ways to get a shell on remote machine:

Remote machine listens for a connection. There has to be a process on the remote machine that waits for a connection and executes a shell once the connection is established.

Remote machine connects to us. This one goes the other way around – local command and control machine has to listen for a connection and remote machine has to ‘send’ a shell to the listener.

Which one is better? Of course, it depends on the circumstances, otherwise one wouldn’t be mentioned. Each paragraph explains corresponding row in the table below.

At a first glance, option #1 seems superior because we can connect to remote computer anytime, instantly. When using reverse shell, persistent backdoors try to connect to the control computer periodically, so we usually have to wait.

By default, firewall blocks all connections to the machine. To allow connections to the listener process, firewall must open that port. Firewall only works for incoming connection, it has no restrictions on outgoing connections so by choosing option #1 or option #2, you’re also choosing which computer’s firewall you need to configure. This is why hackers prefer reverse shells – it’s easier to configure their than victim’s firewall.

When using TCP connection, each side’s router assigns a unique port to a specific computer in local area network. That’s how the router knows which packet should be sent to what computer in LAN. If we try to connect to our listener on remote machine (option #1) without configuring the router to forward our connection to the exact computer and exact process, the router will refuse connection because it doesn’t know where to send the packet. By choosing option #1 or option #2, you’re also choosing which router needs to be configured to port forward the connection. Obviously, hackers prefer to configure their router, rather than their victim’s.

ValueShuffle – Comprehensive Transaction Privacy For Bitcoin Users

The public ledger is an indispensable part of bitcoin’s blockchain, yet it imposes a serious threat that undermines the privacy of anyone sending or receiving bitcoin. Since the source of coins can be traced and tainted, the value of two bitcoins from 2 different sources might not be the same (as the coin whose source cannot be traced can be worth more than a traceable coin); hence, the fungibility of bitcoin can be questionable. To overcome these threats, many researchers have proposed a number of privacy enhancing solutions to render bitcoin more secure and anonymous. Nevertheless, the majority of the proposed solutions either solve only a small number of bitcoin’s privacy issues, so they would provide limited value if implemented successfully, or require major modification(s) of the blockchain protocol.

Researchers from Saarland University, Germany, proposed a solution to promote privacy of bitcoin’s transactions. The new solution, which they named ValueShuffle, is designed on the basis of CoinJoin, a method for anonymizing bitcoin transactions that was proposed by Gregory Maxwell. ValueShuffle is by far the first coin mixing solution to conceal the amount of coins involved in transactions, which is a proposal known as “Confidential Transactions” (CT). ValueShuffle is designed to guarantee the anonymity of the participants of a coin mixing round, not only against blockchain observers, but also against possible malicious attackers participating in the coin mixing round.

Via coupling ValueShuffle with Confidential Transactions along with “Stealth Addresses”. the proposed solution promotes what can be described as “comprehensive privacy” (sender’s anonymity, receiver’s anonymity and privacy of the paid amount), without having to do any modification to the current bitcoin protocol. The paper proved that combining the aforementioned three privacy promoting strategies creates synergies that can solve the two major problems that have hindered the implementation of coin mixing practices, mainly that participants need to mix the same amounts of coins, and need to do so before the funds can be actually spent. As such, ValueShuffle can unleash the full potential of coin mixing practices as a solution to enhance bitcoin’s privacy and anonymity.

The Features of ValueShuffle:

ValueShuffle is the first ever coin mixing protocol that utilizes the CT technology. ValueShuffle is considered a developed version of CoinShuffle++, which is considered the most efficient Peer-to-peer bitcoin mixing protocol to date, which relies on the DiceMix paradigm.

ValueShuffle combines bitcoin mixing practices, stealth addresses and CT to promote a comprehensive privacy for bitcoin users (untraceability, sender’s & receiver’s anonymity and amount privacy). The new technology inherits a group of features from CoinJoin, which are essential to practical implementation of ValueShuffle along bitcoin’s network e.g. compatibility with blockchain’s script and pruning.

Combining ValueShuffle, with Stealth Addresses and CT will yield the following features:

A- Comprehensive Privacy:

Neither observers of the blockchain nor participants in the mixing procedure can trace the inputs or outputs of a ValueShuffle’s execution instant. Accordingly, the output transactions cannot be used to identify the sender’s address among the other honest input addresses that participated in the mixing round (receiver’s anonymity). Moreover, Stealth Addresses create one-time addresses to receive payments while preventing tracing funds to already known addresses (sender’s anonymity). CT promotes amount privacy.

B-Single Transaction:

ValueShuffle will send payments to recipients directly without having to go through any premixing procedures that are required by the present peer-to-peer mixing solutions, and without having to interact with the recipients. Accordingly, private anonymous payments can be sent with just one transaction recorded on the blockchain.

C- Dos Resistance:

ValueShuffle is resistant to denial-of-service DoS attacks launched by disruptive users who aim to keep honest users from successfully completing a mixing round. Although disruptive users can delay execution of an instance of ValueShuffle, they can never stop it, as it is based on the DiceMix protocol, so an instance will always terminate throughout a number of communication rounds equaling 4 + 2f where f represents the number of disruptive users. So, an undisrupted instance of ValueShuffle will be successfully completed within 4 communication rounds.

D- No Anonymous Channel Required:

To prevent linkage of the inputs and outputs of a CoinJoin transaction, ValueShuffle doesn’t utilize any external anonymous channels such as the Tor network. Nevertheless, to prevent an observer from linking inputs of a given CoinJoin transaction with network identifiers, such as IP addresses, it is highly recommended to use external means for anonymous communications such as proxy servers, or VPN.

Designing Trust – Weighing The Utility of Smart Contracts Against The Risk of Decentralization

By the year 2025, around 10% of the world’s gross domestic product (GDP) will be stored on blockchains, according to a report that was published by The World Economic Forum in August, 2016. Smart contracts are forms of electronic contracts that are coded and executed on a blockchain, and can disrupt global finance by omitting the need for intermediary third parties. Use cases of smart contracts in the financial sector include the following:

Overseas payments to reduce transactions’ fees, capture obligations and minimize operational human errors.

Real estate business and insurance casualty claims to eliminate the need for third parties.

Syndicate loans to aid in real time loan funding and automate servicing operations without the need for intermediaries.

Lending and deposits in trade finance to automate the process of creation and management of various forms of credit facilities which would ultimately eliminate the need for retail banking services.

Capital raising via contingent convertible bonds to forewarn regulators whenever absorption of a loan needs to be activated and reduce the demand for point-in-time stress testing.

Compliance within the context of investment management to formulate reporting and aid in automation of periodic filings.

Proxy voting within the context of investment management to automate the process of end-to-end confirmation via votes’ validation and maximize transparency.

Re-hypothecation of assets in market provisioning to promote real-time asset history reporting and reinforce regulatory constraints via facilitation of settlement and clearance to omit the need for intermediary third parties and minimize settlement time.

Equity post-trade throughout market provisioning to transfer cash and equity simultaneously in real-time and reduce the possibility of occurrence of errors that can affect settlement.

The policy connotations of decentralization and the blockchain technology require economists and attorneys to understand the mechanics of this technological shift and the risks that emerge from tangible factors ( e.g. utilization of consensus as a security measure) and intangible factors ( e.g. script errors and occasional incompleteness of some smart contracts). A recently published paper examined the trust design of smart contracts, while balancing the utility of smart contracts against the risk of decentralization. Percy Venegas, the author of the paper, proposed a method for decision making that measures utility by means of “levels of trust” via utilization of artifacts from the financing sector and applying them to a portfolio that is comprised of smart contract cooperations.

Expected utility was estimated via mapping of a demand vector field, i.e. the attention level, and funding through creation of a scalar field, i.e. the investment level; the associated risk exposure is implied in the consensus mechanism tradeoffs, with regards to the progression of firms represented in the system of coordinates. This aims at creating a device for construction and analysis of a given portfolio. The data utilized in this study represents 200 million web users as well as a number of investment databases. The results of the paper represents a scalable and comprehensive view of decentralized portfolios that are inspired by the methodologies of behavioral finance.

Results of The Study:

The author of the paper concluded that utilizing a field’s approach when constructing portfolios, has revealed essential demand signals that are dependent on levels of trust. Trust flourishes with increased visibility and trust is resolved whenever funding sources are realized. Nonetheless, the nature of some of this attention can occasionally be detrimental, as is the case of negative brand associations. Digital businesses represent part of the economy of attention, and in the case of smart contracts, one should pay attention that they also operate within the context of the economy of attention as well.

The market share of digital businesses and the ability to acquire new investors/adopters quickly, and retain current users, are pivotal to promote the survival of most platforms that rely on the smart contract technology. Accordingly, enterprise users are required to collect competitive intelligence and take their due diligence to perfection before commencing in a pilot. How can one know all this, if the tangible value and associated risks are not ideally visible? It is worth mentioning that the initial step in the process of meta automation is rendering these signals tangible so that machines would efficiently manage machines, which is the main goal of the smart contract technology. Within this context, this paper can be useful to both blockchain developers and fund managers.

The Firearm Vendor Involved in the Munich Shooting Now Stands Trial in the Bavarian State Capital

In 2016, the events that followed the Munich shooting spiraled in several different directions. As soon as authorities announced that the 9mm Glock 17 and ammunition came from a darknet vendor, Germany’s darknet scene changed dramatically. Arrests started picking up. Police raided both suppliers and buyers on a constant basis. Then news spread regarding the 31-year-old darknet firearm vendor—the one who sold the Glock to David Ali Sonboly. He began fully cooperating with police and contributed to many of the recent arrests.

Not but a few short weeks after that news broke, the darknet vendor made the news again. The headlines, this time, changed perspectives completely. Previously, The Federal Public Prosecutor’s Office of Frankfurt all but congratulated the vendor for his contribution to law enforcement’s newfound ability to make DNM arrests. He gave the authorities access to his PGP keys in part of an anti-weapons operation. Consequently, those keys unlocked messages that incriminated him to a new extent.

“The arrest warrant was initially issued only because of the violation of the arms laws. The further investigation of the secured communication from the supposed arms dealer on the Darknet – the secret area of the Internet – however, showed indications of negligence. There was no evidence that the 31-year-old Marburger knew what the amok gunman had in mind.”

The Federal Public Prosecutor’s Office of Frankfurt re-opened the case against the vendor after finding previously hidden messages—messages between David Ali Sonboly and the seller, Philipp K. The current arrest warrant for the vendor applied only to his violation of weapon laws in Germany. While the gun laws in Germany are notoriously strict, the messages revealed the vendor potentially violated the law to a much greater degree than initially believed.

The vendor then faced new charges pertaining to the nine deaths in Munich. Nine counts of negligent homicide and four counts of negligent bodily injury. Even though the investigation “restarted,” investigators believed the newly-uncovered messages showed a new side of the vendor. The messages proved that Philipp K. knew exactly what David Ali Sonboly planned to do. The 31-year-old returned to a jail cell, awaiting a new hearing in Frankfurt.

However, a new trial in Frankfurt never took place. Instead, as of early January, The Federal Public Prosecutor’s Office of Frankfurt handed the case over to the Bavarian State Capital. The investigation will proceed from there, along with the remainder of the court appearances.

Man Arrested for Ordering 500g Amphetamines from the Darknet

The Customs Office of Essen opened an investigation into a 31-year-old after intercepting a suspicious package. Essen Customs became a commonplace on the news after another recent bust—and an even bigger one that involved illegal firearms. In it, a similar event took place. And, as with the interception of the 31-year-old’s suspicious package, authorities failed to provide the public with the vital details.

However, in this case, the investigation took far less time finalize. The Customs Office of Essen opened a package that contained 500 grams of mixed amphetamines. In no time, the criminal police from the recipient’s address received a notice from the Essen Customs Office regarding the package and addressee. The original package shipper sent the package to a residence in Norderstedt, a city in the Hamburg Metropolitan Region of Germany.

After a brief investigation, officers determined that the purchaser used an invalid address to order the amphetamines. A 31-year-old from Elmshorn, a town in the Pinneberg in Schleswig-Holstein district, proved to be the police’s number one suspect. Through the District Court of Kiel and public prosecutor, the Criminal Police of Elmshorn (Kriminalpolizei Elmshorn) received an oral search warrant for the suspect’s address—an apartment in the town.

On December 30, investigators from the Criminal Police of Elmshorn as well as a special narcotics squad from the same district, raided the suspect’s apartment. The Narcotics Taskforce (Rauschgift) of the Criminal Police of Elmshorn, during the raid, found enough drugs to consider the 31-year-old a drug dealer. The investigation broadened in spectrum and no longer focused solely on the importation of 500 grams of amphetamine. This situation, in and of itself is not surprising. Germany sees amphetamine-related darknet vendors arrested on a near-daily basis.

According to police reports, the task force found and counted 280 grams of marijuana; 30 grams of hashish; an unannounced amount of ecstasy; “small amounts” of MDMA, presumably contained in a different medium than the ecstasy; and another unquantified amount of amphetamine. The amphetamine and ecstasy, according to some reports, amounted to only a small percentage of the drugs found—nothing akin to the 500 grams that sparked the investigation.

Following Criminal Police’s search of the apartment, the officers placed him in custody for the possession of drugs and conspiracy to distribute said drugs. Once in custody, the 31-year-old suspect’s actions allowed this case to move much quicker than the previous weapons case in the same district. He confessed to both buying the intercepted amphetamines from the darknet. He additionally admitted to buying the drugs found at his apartment from the darknet as well. Moreover, in a further incriminating statement, he told investigators that he bought the drugs to sell on the streets.

“In the ensuing interrogation, the accused showed up and confessed. He explained the process by which he placed extensive orders for narcotics on the so-called Darknet. He revealed that he ordered the drugs to sell offline,” said police spokeswoman Peggy Bandelin. Despite referring to the findings and situation as “not small,” the Criminal Police of Elmshorn released the 31-year-old, for now. They began an investigation into the darknet vendor, or source, behind everything.

Wednesday, January 25, 2017

Kehidupan Suku Kanibal Pemakan Manusia di Pedalaman Papua Indonesia 2017

Hal Kuno ini Ternyata Sangat Canggih Asli Indonesia 2017

Hacker Membobol Bank 2017

Mendapatkan Uang atau Dollah di YouTube Tanpa upload vidoe 2017

perintah cmd untuk hacking wmv 2017

Menyadap BBM, Facebook, SMS, Foto, Dan Telpon Pacar 2017

Tutorial Hack Pengguna Dalam Satu Wifi 2017

hack facebook 10 menit untuk hacker pemula 2017

Presentasi Etika Profesi Teknologi Informasi 2017

The Hacker Movie 2017

Mematikan HP Android Orang Lain Dari Jarak Jauh 2017

Irish Law Enforcement Calls Darknet Drug Trafficking an “Overwhelming Challenge”

Law enforcement across the world in 2016 struggled to stay ahead of crime on the internet. Major accomplishments, for both regional and international agencies, made headlines many times. However, as the year ended, quarterly reports from law enforcement authorities, police spokespersons, and even government representatives revealed that the “breaking news” cases were not a regular occurrence. Ireland’s Gardaí (Garda) is one of the branches of law enforcement that admittedly faces an “overwhelming challenge.”

Brian Roberts, a Detective Sergeant in the Drugs and Organized Crime Bureau of the Gardaí told thejournal.ie that online drug trade is a “trend that has developed significantly.” He explained that a street drug dealer and his customers continued to follow the same pattern, year after year. Police have no difficulty tracking the “in real life” drug dealer or customer. Although bits and pieces moved and shifted throughout the years, the connection between physical cash and drugs on the street has bonded to a nearly inseparable level. Only so many aspects of a “real” transaction have the ability to change—to the extent that the online industry has changed, that is.

Not only the Gardaí started battling the illegal activity on the darknet, Roberts explained. He said that the challenge provided by darknet drug vendors and customers—or any darknet criminals—brought a unique element of crime to the Gardaí. However, he added, not only the Gardaí faced the “unique challenges.”

Not long ago we wrote of an ex-Federal Police Officer in Germany; the reason the prefix “ex-” came before “Federal Police Officer” consisted of the BKA’s lack of ability to fight cybercrime. “Capacity to fight the Cybercrime on the Internet must also be improved – from the monitoring of the terrorist recruitment to the arms trade in Darknet. A stronger executive police force in all areas is urgently needed,” he told a local news outlet.

Law enforcement in Switzerland, too, reported the current darknet challenges in their path. In another of our recent articles titled “Swiss Authorities Left Powerless Against Online German Weapons Shop,” Bernhard Graser of the Aargau police said, “in theory, everyone can order a weapon online or from the Darknet.” He spoke in reference to a website where anyone could easily buy weapons. German authorities, Vitáris wrote, tried to shut the site down but ultimately failed.

“Drugs are indeed sold on the open internet, but the real problem stems from the multi-million-euro global drug trade on ‘Darknet’ marketplaces. Darknets are used for the sale of many illegal commodities and services including firearms and child pornography, but the biggest deal is in drugs, this can be pharmaceutical drugs,” Roberts explained.

The Gardaí made several power moves in 2014, however. They are among the world’s leading cybercrime and darknet law enforcement agencies, thanks to and international cooperation with Europol, Interpol, and global law enforcement agencies. “International law enforcement operations are continuing to try to tackle these online platforms, which are regarded as the modern era of drug dealing,” he concluded.

Coin.MX Operator Admits Fraud and Money Laundering

On Monday, January 9, 2017, the United States Attorney for the Southern District of New York announced the long-awaited guilty plea in the Coin.mx case. Preet Bharara, the aforementioned US attorney, said Anthony Murgio, the owner of Coin.mx, pleaded guilty in front of U.S. District Judge Alison J. Nathan. Murgio, according to the recently released court documents, illegally processed more than $10m in Bitcoin and participated in a multi-million dollar fraud scheme.

The case nearly set standards for the crypto-currency—Bitcoin and likely all forks and similar currencies—in September 2016. Murgio fought many of the charges and used the IRS’s definition of Bitcoin to do so. The IRS, when cryptocurrencies started growing in popularity, felt the need to define Bitcoin and similar virtual currencies as property—not currency at all.

According to IRS Virtual Currency Guidance: Virtual Currency Is Treated as Property for U.S. Federal Tax Purposes; General Rules for Property Transactions Apply

“The notice provides that virtual currency is treated as property for U.S. federal tax purposes. General tax principles that apply to property transactions apply to transactions using virtual currency. Among other things, this means that: …A payment made using virtual currency is subject to information reporting to the same extent as any other payment made in property.”

Judge Nathan disagreed. Despite the implications a decision such as hers could bring to a sector, the general public believed this decision indicated relevant progression. She said during the hearing that “Bitcoins are funds within the ordinary meaning of that term. Bitcoins can be accepted as payment for goods and services or bought directly from an exchange with a bank account.” She continued after reminding the court that this referenced the money laundering charges—not fraud. “They, therefore, function as pecuniary resources and are used as a medium of exchange and a means of payment.”

Her decision went unopposed by the state of Florida. Florida, in another recent case, made their disagreement with the IRS definition—from 2014—very clear.

Murgio pleaded guilty to operating Coin.MX in violation of federal money is transferring laws. Coin.mx, according to court documents, neglected to meet both state and federal licensing laws created by the Department of Treasury. He admitted to unlawfully operating this illegal currency exchange between 2013 and July 2015. Additionally, Murgio admitted committing fraud and money laundering in the name of Coin.mx.

Three others already pleaded guilty to Coin.mx crimes. Judge Nathan scheduled Murgio’s sentencing for June 16, 2017.

Bitcoin Price Analysis Jan 24th

This week, Bitcoin continued its recovery from the $758 low of January 12, 2017 to a high of $940 on January 22. Since two consecutive sharp sell offs from $1139 all time high at the beginning of 2017, the digital currency’s price is gradually reclaiming its lost levels. While part of this resurgence is down to classic technical analysis, recent comments from China and development in the United States have fueled the recent trend up: an expected Bitcoin IPO on the NYSE in October 2017 and unofficial approval of Bitcoin trading activities by the Chinese Central Bank. Bitcoin is going back to $1000

2 sharp sells off from $1139 on January 2nd broke past both $850 and $780 support levels dating back to 2015. Price managed to recovery from a $750 spike and much of this week was about gradually gaining ground on $780, $850 and $900. As at writing this analysis, price is trading at $919, in a $25 range between $900 and $925. After flirting with $937, price sold off to retest $900; it seems price might linger at this level for another before another break.

Having tracked Bitcoin charts for 3 years now, I have observed numerous classic chart patterns play out. The current sideways trading range is oscillating around a neckline, that might play out as an inverted head and shoulders pattern. It is possible the right shoulder shoulder may not yet have fully formed, so a second sell off to $870-$900 could materialize to complete a deep V shoulder. CarpeNoctom says a break out with volume should confirm this break out soon.

Seen here are the 30, 50, 100 and 200 day EMAs on the 6 hourly chart. The test of the long term EMAs shows an attemot to change the trend. This one failed to break past both the 100 and 200 EMA, bouncing off as support.

This chart above shows 30, 50, 100 and 200 day simple moving averages on the 6 hour chart. The past 40 hours of volumes traded just slightly above 100 day moving average. There is room between 100 MA (2) and 200 MA (1), and I would not be surprised to see a drop to retest the 200 MA at $870 – $900. This would be the second right shoulder to complete an inverted head and shoulders pattern.

The shape of these moving averages suggest a change of trend to come; the first dip is a test of whether the trend is strong enough to continue. I am cautious of another leg up, and will be looking for a top to cap off the past 15 months of a bull trend. I expect a change of trend to ‘bearish’ after the market finds a top. For now, it is wise not to get caught up in euphoria as we head up to retest $1100.

Bitcoin Investment Trust Files for IPO

Grayscale BIT, a publicly listed bitcoin open ended trust fund listed on OTCQX, has made an application to the Securities Exchange Commission for an IPO planned to launch in October 2016. BITs registration papers, filed on January 21, revealed its intention to list on NYSE Arca, as reported on Bitcoin.com. The IPO “is designed to provide investors with a cost-effective and convenient way to invest in Bitcoin.” according to Grayscale Investments, LLC, the sponsor of BIT.

The race to launch mainstream Bitcoin backed financial products is heating up. Besides BIT, Solid X and the Winklevoss Coin ETF are yet to be approved by the SEC. The regulator has a reputation of delaying decisions on the controversial digital currency. One is bound to be approved at some point.

An approval of any of these products would result in a higher Bitcoin valuation for sure.

Chinese Exchanges set to begin charging trading fees

After Bitcoin’s exponential price rise past the 2013 all time high in January 2017 (in CNY prices), the People’s Bank of China met with exchange operators. Concern raised by officials included high margin trading.

This week On January 21, OkCoin, Huobi and BTCC announced they will introduce a 0.2% charge as from January 24 as via official statements.

Chinese exchanges have long been criticized for “fake wash volumes” due to their zero trading fees policy. Some credible Bitcoin price indices even go as far as excluding Chinese data over lack of transparency between real and fake data.

BITCOIN WEEKLY PRICE FORECAST

This week I am neutral. It is hard to pinpoint where price will head in the short term. it is a coin toss between testing a low $870 for a second right shoulder of an inverted head and shoulder pattern or a bounce off the $900 neckline of the head and shoulder pattern that then materializes into the medium term rise to retest $1000.

In the medium term I am bullish. I expect a gradual rise up to retest $1000 levels.

Tuesday, January 24, 2017

Edge Weight Prediction On Bitcoin And Other Weight Signed Networks WSNs

The bitcoin network is a semi-anonymous platform where it is rather difficult to build trust among individuals receiving or sending bitcoin payments across the blockchain. A group of researchers from University of Maryland experimented using edge weight prediction along a group of models of weighted signed networks WSNs including bitcoin’s .

A Weighted signed network WSN is a network where edges, or participants, are marked with positive and/or negative weights. In other words, a WSN can monitor and record like/dislike, trust/distrust and other forms of online social relationships between individuals across the network. The paper addressed the problem of weight prediction of edges across such networks. The researchers proposed two new parameters for node behavior:

1- The goodness of a node: this parameter reflects how much a node it liked and trusted by other nodes across the network.

2- The fairness of a node: this parameter reflects how fair is the node in evaluating the trust level and likeability of other nodes across the network.

The authors of the paper proved that these 2 parameters have to be considered to provide a practical design that wasn’t fulfilled by previous work involving WSNs. The paper provided a detailed definition of these two parameters and proved that they both converge to yield an ideal solution with a linear time context. The two parameters were utilized to predict the weight of an edge, or a user in case of a bitcoin exchange, across a WSN. The paper also compared the results of their experiment to various algorithms used in both signed and signed social networks and concluded that “fairness” and “goodness” parameters, that they defined in their work, yielded the best predictive power.

They experimented using their proposed metrics with various regression models and showed that they can predict the weight of edges on 2 examples of bitcoin WSNs (bitcoin-OTC and bitcoin-alpha), Wikipedia and Twitter.

The “Fairness” and “Goodness” Algorithms:

The researchers developed two parameters; fairness and goodness, to use them to predict the weight of edges across a WSN. The fairness of a vertex represents a parameter that measures the degree of fairness or reliability of a vertex along the process of assigning ratings (agree/disagree, like/dislike, trust/distrust). Accordingly, a fair or reliable rater would give each user the rating he/she really deserves, while an unfair or unreliable user would deviate from the value given by a fair user. Ratings given by unfair users would be marked as of low importance, while fair users’ rating will be the most important. To better illustrate this, in the real context of bitcoin exchanges and similar sites, fraudsters would create multiple accounts to try to increase their own ratings and to manipulate the ratings of honest users; this would be prevented by giving those scammers a low fairness score.

The goodness of a vertex denotes how much other vertices agree/disagree, like/dislike or trust/distrust this vertex. Having a higher goodness score means that the vertex is more trustworthy across the network. Consequently, a vertex with a high goodness score would receive positive ratings from a fair vertex, while a vertex with a low goodness score would receive negative ratings from a fair vertex. RI /01

Can Bitcoin Be Used As a Hedge Against Uncertainty Towards the World’s Fiat Economy

A group of researchers from the University of Pretoria, South Africa, examined bitcoin as a method to hedge uncertainty towards the global fiat economy. They used historical data that represented the period between March 17th, 2011 and October 7th, 2016. Global uncertainty was quantified using the first principal component of the VIXs which represents 14 developing and developed equity markets.

The researchers used wavelets to categorize bitcoin’s returns into various frequency groups. i.e. investment horizons. Afterwards, standard OLS regressions were applied which concluded that global economic uncertainty reduces bitcoin’s returns and its long term outcome. Nevertheless, due to the heavy tails of the variables, the researchers relied on quantile methods which yielded some interesting results. Quantile regressions have proven that bitcoin is currently a real hedge against global economic uncertainty, as it has shown to react in a positive matter to uncertainty at higher quantiles as well as short frequency movements of bitcoin’s returns. The researchers also used quantile-on-quantile regressions which showed that hedging is seen at short investment horizons and at upper as well as lower ends of bitcoin’s returns and uncertainty towards the global fiat economy.

What Does This Study Add To The Finance Literature?

This study is a valuable piece of work that makes three important contributions to the literature of finance:

1- The first contribution represents the study’s unique methodology which combines QQ regressions with the wavelets approach. Wavelets divide the time series according to several frequencies, while QQ regressions formulate not only the heterogeneous relationship that links global uncertainty to bitcoin’s returns at various points of time, but also the quantile of bitcoin’s returns, and its different frequencies, as a function that relies on the quantile of the global uncertainty index. In such a way, using QQ regressions allows the relationship between the two studied variables to vary according to their respective distribution points.

2- The second contribution is related to the fact that even though many studies have examined market uncertainty, as measured by means of VIX, in analyzing the relationship between various equities and global uncertainty or economic variables and financial assets, none of these studies have paid attention towards the influence of global uncertainty on bitcoin’s markets.

3- The third contribution emerges from the researchers’ use of a relatively broad measure for market uncertainty that covers input from 14 emerging and developed equity markets, apart from previous studies that relied solely on the US VIX as a proxy to reflect global uncertainty towards the fiat economy. When doing so, the researchers provided a wide-spectrum measure of global uncertainty which is ideal for assessment of the relationship between bitcoin’s returns and global uncertainty, while taking into consideration that bitcoin is used and traded all over the world in both developed countries ( such as Japan, USA and Europe) and developing countries (Nigeria, Pakistan and China), which makes using the US VIX a restricted choice that isn’t ideal for use on a global scale.

The findings of the research paper emphasize the importance of decomposition of bitcoin’s returns into different investment horizons and they also highlighted the essential role of utilizing estimation methods which use information derived from quantiles of both global uncertainty and bitcoin’s returns. Accordingly, apart from results that are based on conditional means, bitcoin has been proven to serve as a hedge against uncertainty, towards the global fiat economy, at extreme ends of the spectrum of global uncertainty and bitcoin’s market, but within the context of short investment horizons. Thus, we can safely say that short horizon, or short term, investment in bitcoin can help investors hedge uncertainty towards global fiat equity markets, particularly when the market is exhibiting bearish or bullish patterns and also when global uncertainty is either high or low.

The interesting results of this study add more useful conclusions to previous studies that concluded that bitcoin can exhibit some hedging characteristics against fiat commodities and equities such as the works of Bouri and Dyhrberg in 2016. However, further studies are essential to examine whether or not the reported results of this study are sensitive enough to the utilization of bitcoin data which is denominated via means of another currency other than the US Dollar. RI / 02

Monday, January 23, 2017

Buruh bangunan KAYA MENDADAK Temukan Harta Karun 2017

Penemuan Harta Karun Oleh Kakek Bersorban di Ciamis 2017

TEMPAT BERBURU MONSTER 2017

Ikan Purba Yang Masih Hidup Di Laut 2017

Misteri Dunia Bawah Laut 2017

Using Keyless Signatures To Promote Immutability of Permissioned Blockchains

The advent of bitcoin introduced the world to a new concept of “immutability” that promotes the transparency and efficiency of financial transactions. Once data is stored, it can never be modified or deleted, on a permissionless blockchain such as that of bitcoin, where anyone can contribute to the process of confirmation of transactions, i.e. mining, and have a countable vote, without having to have any form of identity on the blockchain. However, business applications usually utilize platforms where users are required to create verified identities to be able to confirm transactions and have countable votes; such blockchains represent forms of “permissioned blockchains”.

The immutability of permissioned blockchains is often questionable as end users are not allowed to monitor or have a copy of the blockchain. A group of researchers have recently proposed the use the infrastructure of keyless signatures as an additional mechanism to promote irreversibility and irrefutability of the process of block confirmation, representing a global proof that guarantees long term immutability of transactions on a permissioned blockchain.

Keyless signatures represent an alternative to the PKI, or public key infrastructure. “Keyless” doesn’t imply that there are no cryptographic keys involved in the process of signature creation. Although keys are still utilized throughout the authentication process, verification of signatures is possible without assumption of continued secrecy of the encrypting keys. Due to the fact that keyless signatures are resistant to key compromise which guarantees long term validity of various forms of digital signatures such as those of bitcoin.

Although PKI signatures are often protected via timestamps, the time-stamping process is based on the PKI technology itself, so the problem of key compromise still exists. Along a keyless signatures’ infrastructure, identification of the signer of a transaction relies on asymmetric cryptography, yet the integrity of the digital signature is secured via keyless cryptography; this method is known as one-way collision-free hash functions, which represent forms of public key transformations without the involvement of any private keys.

A Keyless Signatures’ Infrastructure:

A keyless signatures’ infrastructure is implemented practically in the form of multi-signatures i.e. more than one document is signed at a given time. These 3 steps are involved in the signing process:

1- Hashing: The documents involved in the signing process are hashed and the value of the hashes are used to represent documents along the remaining steps of the process.

2- Aggregation: This involves the creation of a global temporary pre-round hash tree to represent all the documents that were involved during a signing round. The duration of the signing rounds is variable, yet the described implementation fixes the duration to one second.

3- Publication: The top hash values that represent the per-round aggregation trees are collectively secured via a perpetual hash tree, which is also known as hash calendar, and the top value of the hash tree is broadcast as a trust anchor.

To implement this protocol on a permissioned blockchain, an appropriate keyless signatures’ infrastructure (KSI) is utilized. This infrastructure is comprised of a group of aggregation servers arranged in layers, that all together create per-round global hash trees. The first layer of aggregation servers, which are known as the gateways, collect transactions’ requests, hash them into a hash tree and then send a request to higher level aggregation servers that includes the top hash value of the hash tree. The server will then await the response from aggregation servers in a higher level layer and then combines the received response with the appropriate hash chains derived from its own hash tree, to formulate and send responses to aggregation servers in lower level layers.

The researchers deployed the keyless signatures’ infrastructure on an experimental persmissioned blockchain and concluded that keyless signatures can promote immutability via ensuring irreversibility and irrefutability of cryptocurrency transactions. The implementation avoids single failure points and exhibited appropriately low and reasonable stable service latency. Keyless signatures provide a time stamping and digital signature service that is secure and can be suitable for a trustless community such as that of a permissioned blockchain. Hash trees and hash calendars render any attempted tampering visible to anyone using the platform, which solves the problem of immutability of all forms of permissioned blockchains.

Cara Mancing Ikan Tuna Raksasa 2017

Elmshorn Man Arrested For Buying Drugs From Dark Web

A 31-year-old was arrested in Elmshorn, Germany for buying narcotics from the dark web.

The Customs Office in Essen intercepted a package containing 500 grams of amphetamines. The parcel belonged to the 31-year-old suspect. The package was delivered to an address in Norderstedt, but law enforcement authorities quickly tracked down the suspect’s location in Elmshorn.

On December 30, police raided the 31-year-old’s apartment where they seized 280 grams of marijuana, 30 grams of hash, as well as small amounts of ecstasy pills, MDMA, and amphetamines.

After authorities detained the suspect, he confessed. The 31-year-old said that he ordered the narcotics for resale purposes.

Since police were unable to keep the suspect detained, the 31-year-old was released shortly after his arrest. However, due to the amount of drugs found in his home, the minimum punishment will be one year in prison.

According to two major drug studies from the Global Drug Survey and the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA), dark web narcotics purchases increased by 2.2 percent from 2015 to 2016. The EMCDDA research exclusively mentioned the rise of dark net markets, such as AlphaBay.

Since bitcoin is not completely anonymous, and law enforcement authorities trace back more and more transactions, Monero came into the picture. According to the study, privacy-focused cryptocurrencies, including Monero, are in high demand on dark net markets. AlphaBay revealed that two percent of the transactions on the site are conducted in Monero.

In the European Drug Report 2016: Trends and Developments, the EMCDDA revealed the most common narcotics purchased from dark net markets.

“They can also operate on the deep web, through darknet markets or cryptomarkets, like AlphaBay or the defunct Silk Road. Cannabis products and MDMA are reported to be the illicit drugs most frequently offered for sale on darknet markets, alongside a range of medicines,” the study reads.

The EMCDDA report says cannabis products have the largest share on dark net markets. The substance is mostly used for recreational and medicinal purposes by customers. Marijuana is legal in the Netherlands and in most regions in the United States.

Viewing all narcotics purchases (clearnet, dark net, streets), the dark net drug trade increased from 4.5 to 6.7 percent, representing a small, but growing fraction. Focusing on cracking down the dark web drug trade seems impractical and inefficient since street deals add up a much bigger portion. German, Austrian, Swedish, Norwegian and US law enforcement authorities are the ones who are pursuing dark net buyers and sellers the most.

The Global Drug Survey reached a similar conclusion as the EMCDDA. According to the research, cannabis products are the most popular on dark web markets.

“Globally almost in 1 in 10 participants (9.3%) reported ever buying drugs off the dark net with those reporting last year dark-net purchase rising from 4.5% to 6.7%. MDMA, cannabis, new or novel substances (including 2C-B and DMT) and LSD are the drugs most commonly bought,” the Global Drug Survey’s study reads.

The EU to Hire Hackers and Ex-Drug Users to Stop Darknet Drug Trafficking

Alexis Goosdeel, chief of The European Monitoring Centre for Drugs and Drug Addiction (EMCDDA), announced a new approach to fighting darknet drug sales. On January 4, Goosdeel spoke to the Belgian newspaper Le Soir about a newly drafted strategy aimed solely at the buying and selling of darknet-traced drugs. And according to Le Soir, the strategy, while not due for implementation any time too soon, looked promising. The EMCDDA reported that they would begin hiring hackers to disrupt the flow and usability of any illicit marketplace.

For those outside the EU member states, EMCDDA’s role is “to provide the European Union and its Member States with factual, objective, reliable and comparable information at European level concerning drugs and drug addiction and the consequences they cause,” one source summarized. The organization’s lengthier aim and mission is readily accessible at the Mission link on the site’s front-page—EMCDDA | Mission. DeepDotWeb reported the group’s studies routinely, especially in situations where fact-checking proved necessary.

The drug-monitoring group kept an eye on the darknet as early as the notorious Silk Road marketplace era. They once, according to one of our authors, announced that the overall safety of drug use in the EU rose upon large-scale darknet marketplace usage. In the same vein and fittingly in the same article, EMCDDA called the darknet a “dark cloud in the horizon.” Given their unsure stance on the darknet back then, the latest announcement rendered very few surprised—save for the “hiring hackers” part.

From one of our articles on the subject titled “Dark Web Use Rising Making Drugs Safer EU Report Says” by American Guerrilla:

The EMCDDA’s new plan, scheduled for 2025, collected 2016 darknet days regarding drug purchases. Of course, this data played an integral role in the new course of action but local drug studies and even third-party studies proved essential as well. Throughout 2016, similar non-profit and health-oriented organizations conducted studies on darknet drug use. The 2016 Global Drug Survey found that 9.3 percent of responses admitted to purchasing drugs through the darknet—an exponentially unexpected increase from prior years.

In the July – September 2016 Drugnet publication, the Commissioner expressed “concern over the online supply of drugs, calling for a ‘more systematic and more sophisticated’ monitoring of internet drug markets.”

Reading beyond the mere “hiring hackers” headline, another interesting bit manifested itself—albeit within only a few sources, as if unimportant. According to Sputnik, EMCDDA planned to hire “former drug offenders” to quicken the process. They hoped said “hackers” could easily “track down websites and disrupt supply chains.”

He made only few details available to the public; or, maybe those details made the entire plan. We will know in 2017.

Mesin Pancing Ikan Super Canggih 2017

Sunday, January 22, 2017

Single Computer DoS – Slow Loris Attack

Usually, hackers use a lot of computers (or toasters) to take down a server by overwhelming it with traffic. However, the same goal can sometimes be achieved with a single computer. In this article, I’m going to analyze my favorite denial of service attack known as Slow Loris attack and python code implementation from github. I found and tested 2 python Slow Loris scripts from the same author – advanced one which is ready for randomizing User Agent headers, proxies, SSL and other good stuff. However, this code is more appropriate to illustrate the idea behind the attack, and works just as well. It can be run on any operating system that supports python.

This article is for academic and entertainment purposes only. Please don’t use it maliciously.

Theory

In a clients-server HTTP connection, end of a HTTP packet is marked with 2 consecutive newline characters ([CRLF]). If those 2 characters never come, sending/receiving of the HTTP packet is not going to end. The idea in Slow Loris attack is to open as many concurrent HTTP requests and keep them alive infinitely (with minimum resources) to deplete the resources in the application layer on the server because it has to wait for every connection.

While most servers such as Apache make use of a timeout to terminate incomplete HTTP requests – the timeout is set to 300 seconds by default and is re-set as soon as the client sends additional data. That’s why the attacker does send some data, but painfully slowly – hence the name.

Slow Loris achieves DoS by starting many concurrent HTTP connections and sending a byte of data every 15 seconds. Of course, timing should be adjusted in relation to timeout on a specific server, but it’s often effective even with 15 seconds timeout. Because attacker’s computer sends only few bytes per 15 seconds per connection, some servers can go down while the attacker uses his internet as if nothing’s going on.

Affected Servers

This attack mostly affects apache webservers because of the fact that apache starts a new thread for each connection. That is the key factor that makes the difference of attack succeeding or not. Unless of course, someone implemented a mitigation for this type of attack.

Today, about 50% of websites are hosted on apache servers. Along with some other servers, it makes it a very useful attack for a hacker to include in his arsenal.

Also, apache webservers can easily be found with Google’s search functionalities, e.g.

Python Implementation

Program gets the target server IP or DNS name as a command line argument. Here’s how it should look like (I set socket_count to 5 to avoid any trouble):

First, it opens a number of HTTP connections equal to socket_count (integer from 20th line) . Then, it starts an infinite while loop that keeps those connections alive by sending a random number (1 to 5000) each 15 seconds (specified in 58th line), resetting the timeout period.

Conclusion

I highly recommend testing your websites because it’s so easy. If it works, it’s going to take a few minutes to cause a DoS. If it doesn’t, try increasing the socket_count as much as your PC can handle. Also, don’t forget to optimize the timeout period. Depending on attacker’s bandwitdth, it may take more than 1 computer to take down some vulnerable sites.

Hopefully, this attack will get more attention and more people will start protecting their servers. Luckily, there are many tutorials that make securing against this type of attack pretty straightforward. RI /01

Three Silk Road Vendors Convicted for Online Drug Distribution

A federal jury in Orlando, Florida, found Julian Villa-Gomez Lemus, a 31-year-old from Visalia, CA, guilty of selling drugs via the darknet. Previously—or very shortly before but within the same week—Julian Villa-Gomez Lemus watched his conspirators plead guilty for the same or very similar crimes. All of the defendants shared a conviction: conspiracy to distribute controlled substances. However, the degree of each charge varied amongst the men.

According to the indictment, Julian Villa-Gomez, Fadhle Muqbel Saeed, and Alfonso Bojorquez-Vazquez involved themselves in said drug dealing conspiracy. The six-count indictment, only recently unsealed, charged the three with conspiracy to distribute several drugs: marijuana, methamphetamine, and hydrocodone. In addition to the conspiracy charges, the indictment accused the men of aiding and abetting each other and those both “known and unknown to the jury.”

The entire case raised questions online—specifically /r/darknetmarkets—based on the number of aliases involved. For instance, Saeed went by darkexpresso, bonappetit, and Damien Darko. The list of associated cases for some of the men took a decent amount of time to read through. Reddit users questioned why the government waited so long to make the arrests.

The indictment itself only accused the group with marijuana, methamphetamine, and hydrocodone distribution. However, the recent announcement by the U.S. Attorney’s Office for the Middle District of Florida mentions those substances, along with additional ones. According to the announcement mentioned above, the group sold cocaine and steroids as well. “The drugs were sent to purchasers throughout the United States and Australia,” the announcement stated.

During the hearing, according to the DEA, the courtroom heard the classic spiel on how to buy from the darknet, how to buy bitcoins, etc. The group, including known and possibly unknown individuals, conducted 1,300 transactions on Silk Road 2. The gross proceeds of those sales amounted to more than $1.9m—all of which must be forfeited.

The indictment revealed that the group sold starting as early as October 2012. Almost every charge in the indictment involved the state where the vendors lived and the state where they faced charges: California and Florida, respectively.

Attorney A. Lee Bentley, III announced that the sentencing hearings would occur on March 23, 2017. The DEA investigated the case and an indictment received necessary signatures on May 11, 2016. These charges carry up to 20 years in a federal prison. The USPIS additionally received credit for aiding the DEA in investigating the men.

People Commit Suicide in India Amid Shortage of Cash, Demand of Bitcoin Goes up

Just months after Indian Prime Minister Narendra Modi’s announcement to demonetize two of the most widely used banknotes in the country, the circulation of cash halved, declining from over 18,000 billion to 8,000 billion rupees. Such drastic change in India’s cash-based economy led to disastrous economic and financial impact.

Within weeks after the demonetization, the general population of India struggled to obtain enough cash to support daily living and finance day-to-day operations. On most salary dates in mid-month and at the end of each month, individuals had to wait more than 24 hours to claim their own money.

On November 17, the Indian government and its central bank cut the daily limit on cash exchanges from 4,500 rupees to 2,000 rupees. As cash became even more scarce and the central bank’s initiative virtually disallowed people from withdrawing cash without creating a bank account, a substantial number of individuals took it to the extreme and committed suicide.

In fact, 33 people deaths have been reported within 30 days after the announcement of demonetization in mid-November. Some individuals committed suicide out of sheer frustration while others died of exhaustion waiting in line to receive cash from banks and ATMs.

Local publications including the Indian Express reported horrifying incidents of deaths stemming from the demonetization of banknotes:

“Four days before his daughter’s wedding, Sukhdev Singh died of a heart attack in Tarn Taran, Punjab, as he was unable to buy groceries and other items due to shortage of new currency notes. A two-year-old died in Sambhalpur, Odisha, after an autorickshaw driver refused to take the family to hospital as they did not have lower denomination notes to pay the fare.”

Yet, the government continued to push the initiative, claiming that it is an important phase of financial development that will eliminate criminals and reduce criminal activities involving money. For the long-term growth of the Indian economy, Prime Minister Modi stated that the demonetization of banknotes was ultimately beneficial for the general population of India.

However, people of India harshly criticized Modi for his ignorance against current financial and economic status of the country. Individuals could not comprehend the Modi administration’s intent in pushing the demonetization regardless of its impact on the Indian economy.

As a result, an increasing number of individuals and businesses have begun to migrate from traditional banking systems and financial services to alternative currencies and assets like bitcoin. Local bitcoin exchanges including Coinsecure, Zebpay and Unocoin saw rapid increase in user base and trading volumes, demonstrating the rising demand of bitcoin within the country.

“Our trade volume in November touched .Rs 120 crore, up by 25% compared to October, and our revenue grew 25% as well,” said Saurabh Agarwal, cofounder of Zebpay.

Unocoin CEO Sathvik Vishwanath also stated that it observed an exponential growth in user base, which increased to 120,000. Its trading volume doubled as well, to 300 bitcoins a day.

“There has been a tremendous increase in awareness about bitcoins this year. Till last year, we had to explain to people what bitcoin was,” sai Vishwanath. RI / 01

Indian Government is Training Policemen to Crackdown Electronic Fraud

Indian government and law enforcement are allocating increased capital in training police officers to crackdown electronic fraud involving online transactions. A facility was launched in the police headquarters in Kasaba Bawada to ensure police officers obtain necessary information and technical expertise to detect electronic fraud.

Sohali Sharma, superintendent of Police, announced:

“In Kolhapur district, new software and machines have been installed in the cyber lab to help in detection of cyber crime. The cyber lab is set up in the main building of police headquarters in Kasaba Bawada area of city.”

Sharma and the rest of his team at the police headquarters admitted that cyber crime is a new form illegal activity which local police and law enforcement aren’t fully aware of. The vast majority of local police officers are yet to obtain clear understanding of cyber crime and other online illicit activities involving money.

Thus, in the upcoming months, policemen in the newly established cyber lab facility will spend time in analyzing various situations involving fraudulent transactions and implementing practical solutions in a simulation-based environment.

“These types of crimes are new to the police force as well. We are conducting series of training sessions for the officers to get acquainted to different types of crimes and how to investigate these crimes,” Sharma added.

He also further emphasized that local law enforcement agencies will begin imposing serious consequences for cybercrime and fraud. Indian police will also crackdown on money laundering operations conducted by criminals using illegal payment channels to send or receive money in an unregulated ecosystem.

Overtime, Sharma believes changes in training courses and introduction of important cyber lab facilities will increase awareness of cyber crime and financial fraud.

“The online transactions and use of new portals for business transactions through computers or smartphones are new to the people. This may give an opportunity to people involved in cybercrime for cheating people. We agree that police are also not aware of this type of crimes but the situation will change soon. Refresher courses and training sessions to upgrade police force for tackling these crimes have been going on and the situation has improved. We are now taking these types of crimes seriously,” Sharma added.

Sharma’s statements suggest that the Indian law enforcement and police will crackdown on various money laundering cases involving online payment methods. Inevitably, Indian police will come across bitcoin transactions in several illicit trading platforms such as darknet marketplaces.

As seen in the Netherlands wherein police cooperate with local prosecutors to charge unregulated bitcoin service providers and exchange operators, it is highly likely to see a similar course of action in India.

As a result, the Indian bitcoin ecosystem may also see tightening of Know Your Customer (KYC) and Anti Money Laundering (AML) policies particularly within the bitcoin and fintech markets. The Indian police also will start requesting increased amounts of information from local bitcoin exchanges to crackdown on fraudulent transactions, which will emerge as a major issue for local exchanges and trading platforms to deal with. RI /01

French Minister Issues Nationwide Warning on Cyberattacks, Major Infrastructure Providers in Trouble

Earlier this week, French Defense Minister Jean-Yves Le Drian issue a nationwide warning on cyberattacks, stating that major civil infrastructure providers including electricity, water, transport and telecommunication firms may face security issues in the near future.

The announcement of Le Drian came after the Ministry of Defense of France reported that it effectively prevented and blocked over 24,000 external attacks in the past year. Le Drian described most of these attacks as sophisticated hacking attempts. He warned important infrastructure providers to be aware of the increasing number of cyber attacks and to be ready to deal with data threats.

“We should not be naive [thinking France could not face a cyber attack]… The number of cyber attacks against my ministry doubles every year. In 2016, about 24,000 external attacks had been blocked by our security services,” Le Drian said in an interview with French weekly Journal du Dimanche.

Le Drian noted that the cyber security market and the number of cybersecurity specialists are increasing at an exponential rate and that industry leaders must use the growth of the cybersecurity market to their advantage.

By 2019, the Ministry of Defense predicts the number of cybersecurity specialists to double, surpassing 2,600. In consideration of the magnitude and intensity of attacks the ministry and other government agencies have faced in the past year, Le Drian emphasized the importance of facilitating the growth of the cybersecurity market and imposing necessary security measures for infrastructure providers.

Particularly for civil infrastructure providers, the imposition and implementation of high-level security measures is vital as they store sensitive personal and financial information of millions of consumers nationwide.

Electricity and water providers facilitate the storage and distribution of essentially the entire French population’s personal data, which can be extremely valuable if hacked, breached and sold to third party institutions that may use that information in illicit criminal activities.

Over the past two years organizations including Duo reported that one in three Americans were affected by security breaches of state-supported service providers like healthcare companies. Thus, the French MInistry believes infrastructure providers must improve security measures and their IT infrastructure with a sense of urgency.

Various security threats including ransomware attacks have proven to cost large-scale institutions hundreds of thousands of dollars when they successfully penetrate IT systems and infect certain databases or servers. Specifically for infrastructure providers that hold data of millions of people, a ransomware lockdown of user data can be fatal and could ultimately cost the government millions of dollars in ransom payments to save user information.

As such, the Ministry of Defense of France believes it is time for both state-supported organizations and commercial corporations to lead major improvements in their infrastructures and security systems to prevent the loss of data in the future.

Saturday, January 21, 2017

Shielded and Unshielded Padlocks 2017

Cybercrime Investigator Says Police Use “Covert Investigators” to Catch Darknet Vendors

The Attorney General at the Central Office for Combatting Cybercrime (ZIT), spoke with two famed ARD journalists about handling darknet crime. Both reporters, Annette Dittert and Daniel Moßbrucker, previously created a documentary on the darknet. While their interview with the ZIT’s Attorney General, Andrew May, covered the same topics, the interview and documentary were separate projects.

Weapons, drugs, and child pornography topics received the most attention. The interviewers asked May how cybercrime (on the darknet) had changed over time. May talked about methods by which darknet dealers learned to utilize to outsmart the law. Another topic discussed involved how law enforcement dealt with the modern forms of encryption and a criminal’s ability to be nearly anonymous.

May explained that he started investigating the darknet four years ago. Back then, he said, mostly “soft drugs” populated the marketplaces. During the four years he worked at the ZIT, investigating the darknet, he saw it develop into something much more diverse. An ecosystem instead of forums and marketplaces. People see the darknet as a quick and easy way to turn a profit in the drug market, he said. In the real world, so to speak, the same people avoided these types of situations.

He explained the process involved in catching the dealers. The sellers too, but Annette Dittert and Daniel Moßbrucker asked specifically about the dealers. May told them that he could not give a complete answer for many reasons—one being operational security. He then went on and explained several instances where the NIT investigators gained access to the vendor profile and conducted business as usual. Buyers assumed, likely for a significant period, of time, that the drugs still came from the original supplier. One-by-one—or in the Chemical Love case, all at once—officers arrested buyers. Investigators performed similar moves when taking down The Love Zone.

The interviewers asked May if the use of modern encryption made the job frustrating. “How do they [ZIT] get these people anyway,” they asked. He explained that technical teams break into a drug dealer’s device. The encryption was impossible to crack through technical investigations. “We use mainly covert investigators who buy drugs to get in touch with dealers and try to lure them into a trap,” he explained.” If this is successful, the authorities can, under certain conditions, take over the account and thus come to other persons who are active in this network,” he added—referring to the darknet.

He explained that ZIT investigators often stopped some cases for safety or other reasons. “We are particularly proud of the fact that we could identify some of the arms traders – because of course, there is a particular danger to arms trafficking,” he said. However, cases against child pornography websites often took a turn for the worse when the suspect or site required the undercover officer to upload pictures of their own to validate their authenticity. “This is, of course, a crime that we are not allowed to commit,” he ended.

At the end of the conversation, the interviewers brought up banning the encryption or tools used to access the darknet. May explained that while the modern technology made law enforcement step their game up, banning said technology or software is not feasible. Plus, he said, the same stuff: drugs, child pornography, and weapons are found on Google—if one looks hard enough.