12/10/2017: Bitcoin hit yet another all-time high on Thursday, passing $5,100 for the first time.

The digital currency hit $5,163 at 9:28am, up by over 6.7% on the day, and is holding steady at the time of writing.

Latest Bitcoin prices, courtesy of Coindesk

Bitcoin’s price has skyrocketed over the past six months, seeing its fastest ever growth since its creation in 2009. Last year the currency saw relatively little movement, hovering between $400 and $800. However, in June this year Bitcoin hit the $3,000 mark, growing faster in a month than it had done in the previous three years.

Despite moving just shy of $5,000 in September, an immediate sell-off saw it fall by almost $700, spooking investors that the bubble may have popped. Further setbacks, including comments by the boss of JPMorgan who claimed Bitcoin was a “fraud” and only useful for “murderers and drug dealers”, chipped away at its value, and a dip to $2,985 in mid-September threatened to undermine the currency.

However, it appears to have once again bounced back, largely helped by reports that the Chinese government is relaxing recently implemented regulations, and news that Goldman Sachs plans to develop ways of helping its clients trade using cryptocurrencies.

Although Bitcoin is designed as a decentralised currency, free from the influence of traditional financial institutions, the actions of the old-guard still appears to play a fundamental role to its success.

Unfortunately, Bitcoin is still facing push back from governments and organisations who are concerned about the anonymity of the platform, and its potential as a revenue stream for criminal activity. The Bitcoin Foundation, a group working to promote the use of Bitcoin in the US, is currently lobbying against increasing regulations in a number of US states.

Russia announced on Tuesday that it would be banning all cryptocurrency exchanges from operating in the country, according to Reuters, preventing any of its citizens from trading Bitcoin legitimately, and sending Bitcoin’s value tumbling by $600.

09/10/2017: AWS, Azure, Google hit by Bitcoin mining hijack

Criminals are reportedly targeting cloud service providers in a new Bitcoin mining scam that hijacks their servers to exploit their computing power.

A recent report by security firm RedLock found that at least two companies have been stung by hackers gaining access to their cloud services hosted by AWS, Azure, and Google Cloud, but instead of leaking data, the criminals used the servers to mine for Bitcoin.

RedLock said it found a number of Kubernetes containers on the three hosting services that were not password protected, leaving them open to the public.

“Upon deeper analysis, the team discovered that hackers were executing a Bitcoin mining command from one of the Kubernetes containers,” the report stated. “The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet.”

Aviva and Gemalto are explicitly named in the report as having been affected, however it suggests that other “large multinational corporations” have also been notified.

It’s fair to assume that any news report referring to a vulnerable cloud service would imply a data leak of some kind, yet in this instance, it appears the hackers were only interested in exploiting the substantial computing power of the servers.

Bitcoin mining has become an incredibly power intensive exercise, and while in the early days you could go it alone, the energy costs required today often force miners to pool their resources together to solve the increasingly complex algorithms.

By design, only 21 million bitcoins can ever be mined, and as a result, the solution process becomes increasingly more difficult, inflating electricity costs at the same time.

RedLock found that administration consoles were unlocked across AWS, Azure and Google Cloud, allowing anyone that stumbled upon them to configure the servers to mine for the cryptocurrency, allowing criminals to recuperate the full value of one bitcoin, worth $4,600 at the time of writing.

IT Pro has contacted Aviva and Gemalto for comment.

“Installing this script on hundreds of websites, essentially means the perpetrators have built a supercomputer which is literally generating money, while the legitimate owners remain unaware,” said Leigh-Anne Galloway, head of cyber security resilience at Positive Technologies.

“It’s a bit like a criminal breaking into a factory when no-one is looking and secretly using company machines for their own means, except in this case it is data capacity being used to mine bitcoins unaware of the owner.”

The problem is becoming a wider issue for the industry as even some websites eager to mine for Bitcoin are beginning to exploit their visitors. Security firm Cloudflare was recently forced to ban some of its customer accounts after it was discovered several sites had started using Java-Script codes that were able to exploit the computing power of visiting PC’s to mine for bitcoin.

“The concept isn’t new and a more distributed CPU mining model is becoming increasingly popular as server farms become less economic – it is fundamental to a lot of altcoins,” said Jacob Beckett, founder of digital product design agency VitaminLondon.

“The trouble lies in lack of user consent and legislation failing to catch up with the technology. If users are educated as to the implications and then forced to opt in before a site starts using additional CPU capacity then the net effect could be positive.”

29/09/2017: The boss of Canada’s largest banking group has rejected claims by JPMorgan’ chief executive Jamie Dimon that Bitcoin is a fraud, although he has suggested that the crypto-currency needs oversight and echoed the stance that employees should avoid the platform entirely.

Speaking on stage at a Reuters event in Toronto, Royal Bank of Canada (RBC) CEO Dave McKay said: “Has Bitcoin misrepresented what it is? No”.

However, he added that he understood Dimon’s concerns around transparency, adding that Bitcoin is providing “a way to avoid detection in moving money in our society and transferring value from one person to another”.

“I think where Jamie is probably coming from is it’s helping evade the supervision of moving money and from that perspective it needs to be monitored.”

Speaking at a conference in New York earlier this month, JPMorgan chief Jamie Dimon said: “If you were in Venezuela or Ecuador or North Korea or a bunch of parts like that, or if you were a drug dealer, a murderer, stuff like that, you are better off doing it in Bitcoin than US dollars. So there may be a market for that, but it’d be a limited market”.

He added that any employees would be fired if they were found to be trading in the cryptocurrency.

RBC’s McKay has taken a softer approach towards his employees, saying that he would “probably ask them to stop”, stopping short of saying that any disciplinary action would be taken.

RBC’s stance towards Bitcoin is not entirely surprising given its commitment to the technology that underpins it. The bank was one of the first financial institutions to make use of blockchain through the open-source consortium Hyperledger, and recently announced plans to rollout the technology for use in its loyalty schemes in 2018.

Cryptocurrencies gained momentum as alternative to traditional, nation-backed currencies following the financial crisis, however banks have remained largely opposed to their use despite their growing popularity among tech enthusiasts and those distrustful of government.

19/09/2017: Hackers could access Bitcoin wallets through SS7 flaw

A vulnerability in the architecture of mobile networks could enable hackers to intercept SMS one-time passwords and access Bitcoin wallets. 

The flaw was discovered by Positive Technologies, which found that hackers would need only a person’s first name, last name, and phone number to relieve them of their cryptocurrency cash. 

By exploiting Signalling System Number 7 (SS7) vulnerabilities to intercept an SMS message with a one-time password, typical of two-factor authentication methods, the researchers were able to discover the email address linked to the wallet, gain control over it, and then access the wallet itself.

Once they had the account password for the wallet, they were easily able to withdraw cryptocurrency.

SS7 was developed in 1975 and is used to exchange data including texts and billing and also to connect one mobile network to another.

PT was one of the first to find problems with the protocol. In spring 2017, the first cases of attacks exploiting SS7 were registered in Germany, in which money was stolen from bank accounts. Cybercriminals intercepted texts with online banking authentication codes sent to customers of Telefonica Germany, a German mobile operator, and used them to carry out unauthorised transactions.

“We work in close coordination with telecom operators to discover threats before hackers do, in order to protect subscribers,” said Dmitry Kurbatov, head of telecommunications security department at Positive Technologies.

“Exploiting SS7 specific features is one of several existing ways to intercept SMS. Unfortunately, it is still impossible to opt out of using SMS for sending one-time passwords. It is the most universal and convenient two-factor authentication technology. All telecom operators should analyse vulnerabilities and systematically improve the subscriber security level.” 

However, Kaspersky Lab’s principal security researcher, David Emm, doesn’t believe this hack weakens the case for two-factor authentication, saying: “If my front door is broken, thereby making it easier for criminals to gain entry, it doesn’t negate the value of front doors.

“It’s to be hoped that the telecoms companies will take incidents and proof-of-concepts such as these as a wake-up call to take action to mitigate the risk of an attacker trying to subvert SS7 in this way.”

A video demonstrating the attack can be found here

13/09/2017: JPMorgan boss says Bitcoin is a fraud

Bitcoin “is a fraud”, “dangerous”, and will “eventually blow up”, according to JPMorgan CEO Jamie Dimon, who added that any employees caught trading in the cryptocurrency would be fired.

Addressing an investors conference in New York, Dimon said: “The currency isn’t going to work. You can’t have a business where people can invent a currency out of thin air and think that people who are buying it are really smart.”

He added that employees would face dismissal “for two reasons: it’s against our rules, and they’re stupid. And both are dangerous.”

His comments, reported by Reuters, come at a time when Bitcoin, which has seen record growth over the past few months resulting in a peak of $5,000, is facing criticism from public figures over its popularity among criminals, particularly as it has been the platform of choice for hackers behind this year’s headline ransomware campaigns.  

“If you were in Venezuela or Ecuador or North Korea or a bunch of parts like that, or if you were a drug dealer, a murderer, stuff like that, you are better off doing it in Bitcoin than US dollars,” said Dimon. “So there may be a market for that, but it’d be a limited market.”

Bitcoin, which is designed to be decentralised and free of influence from financial institutions, has gathered momentum in a post-market crash economy, where citizens are able to bypass traditional banks when paying for goods or transferring money.

Yet its surge in popularity has cast doubts over its future, as many argue that most so-called investors are simply individuals trying to make a quick return, creating significant volatility in the market. There are also concerns, from bodies such as the UK’s Financial Conduct Authority, that the rise in initial coin offerings (ICOs), used to raise money for new internet startups, could be used as a means to defraud potential investors.

“It is worse than tulip bulbs,” said Dimon, referring to the famous ‘Tulip Mania’ craze in the 1600s that saw prices sky rocket, only to dramatically crash, considered to be the first example of a market bubble.

Predicting a similar crash for Bitcoin, he added: “Don’t ask me to short it. It could be at $20,000 before this happens, but it will eventually blow up,” he said. “Honestly, I am just shocked that anyone can’t see it for what it is.”

Although there has yet to be a dramatic crash for Bitcoin, the value of currency fell 4% following Dimon’s comments, trading just below $4,000 at the time of writing.

Latest bitcoin figures courtesy of Coindesk


Read more