Islamic Financial Institution Partners With Startup to Develop Interbank Blockchain Tools

Saudi Arabian developmental institution the Islamic Development Bank Group (IsDB) has partnered with a Tunisian startup to develop interbank blockchain tools, a press release confirmed Nov. 29.

IsDB, which will conduct the project through its private sector subsidiary, the Islamic Corporation for the Development of Private Sector (ICD), wants to improve Islamic financial institutions’ liquidity management and increase overall efficiency.

The institution signed an agreement with Tunis-based iFinTech Solutions, a dedicated outfit which describes itself as an “Investment Advisory Firm focused on alternative financial solutions based on Islamic principles.”

The impetus behind using blockchain for the initiative lies in the relative disadvantage Islamic banks have on the worldwide stage, with institutions restricted from funding options provided by international central banks, Reuters noted Dec. 3.

Ayman Sejiny, CEO of ICD, added in the press release:

“IT will always play an important role for the financial system. We will consistently pursue our strategy of service orientation and help our partners with innovative Sharia compliant FinTech solutions.”

Saudi Arabia has traditionally copied many other jurisdictions in maintaining a risk-averse official stance on cryptocurrencies while championing blockchain.

In September, the country saw its first bank join blockchain consortium R3’s Corda platform, a month after regulators urged consumers not to trade cryptoassets.

The debate around the industry’s compatibility with Islam also continues, Turkey adopting a conservative stance which, as Cointelegraph reported, subsequently proved particularly unpopular with one U.K. mosque.

Last week, an Abu Dhabi-based bank also announced it had completed the “first” suduk (a legal instrument also known as “sharia compliant” bonds) transaction with blockchain.



Source link

Crypto Exchange Binance Adds Compliance Tools from Chainalysis

Binance, the biggest cryptocurrency exchange by trading volume, is working with crypto compliance and investigation software provider Chainalysis to implement a new global compliance solution, the companies announced Wednesday.

As part of the partnership, Chainalysis will provide access to its “Know Your Transaction” compliance software, enabling the exchange to monitor cryptocurrency transactions in real-time, according to a press release. In particular, the tool will look for potentially criminal or otherwise illicit activity.

Binance’s chief financial officer, Wei Zhou, told CoinDesk that he hopes the move will “inspire” the crypto industry to take anti-money laundering and anti-terrorism financing measures seriously.

“The ultimate goal of our partnership with Chainalysis is to create an environment in blockchain where everyone feels safe,” he said, explaining, “We believe the fight against money laundering to be collaborative and pro-active.”

While the firm has already invested in know-your-customer (KYC) and anti-money laundering (AML) measures, and hired compliance professionals, he said:

“Criminals are always looking to loopholes in the system, so we are continuously on the lookout for new technologies and methods to combat money laundering and malicious actors.”

Chainalysis’ system works by using a combination of pattern recognition, proprietary algorithms and different open-source resources to process cryptocurrency services. If suspicious activity is detected during a transaction, the software will generate an alert.

The tool can also help cryptocurrency companies to ease the process of opening bank accounts, due to its compliance with relevant KYC and AML laws, according to the release.

Chainalysis co-founder and COO Jonathan Levin told CoinDesk that cryptocurrency market participants “must develop greater trust in the data and technology underlying our ecosystem” in order for the overall space to advance.

“By working with industry leaders like Binance, we’re able to mold the foundation for credible and robust markets in all jurisdictions,” he said.

Microscope image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.



Source link

Six Tools Used by Hackers to Steal Cryptocurrency: How to Protect Wallets

In the early July, it was reported that Bleeping Computer detected suspicious activity targeted at defrauding 2.3 million Bitcoin wallets, which they found to be under threat of being hacked. The attackers used malware — known as “clipboard hijackers” — which operates in the clipboard and can potentially replace the copied wallet address with one of the attackers.

The threat of hacking attacks of this type has been predicted by Kaspersky Lab as early as November of last year, and they did not take long to become reality. For the time being, this is one of the most widespread types of attacks that is aimed at stealing users’ information or money, with the overall estimated share of attacks to individual accounts and wallets being about 20 percent of the total number of malware attacks. And there’s more. On July 12, Cointelegraph published Kaspersky Lab’s report, which stated that criminals were able to steal more than $9 million in Ethereum (ETH) through social engineering schemes over the past year.

 

Image source: Carbon Black

Briefly about the problem

The already mentioned Bleeping Computer portal, which works on improving computer literacy, writes about the importance of following at least some basic rules in order to ensure a sufficient level of protection:

“Most technical support problems lie not with the computer, but with the fact that the user does not know the ‘basic concepts’ that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, internet and applications.”

The same point of view is shared by many cryptocurrency experts. One of them, Ouriel Ohayon — an investor and entrepreneur — places the emphasis on the personal responsibility of users in a dedicated Hackernoon blog:

“Yes, you are in control of your own assets, but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed  —  without knowing. I am always amazed to see around me how many people, even tech savvy ones, don’t take basic security measures.”

According to Lex Sokolin — the fintech strategy director at Autonomous Research — every year, thousands of people become victims of cloned sites and ordinary phishing, voluntarily sending fraudsters $200 million in cryptocurrency, which is never returned.

What could that tell us? Hackers that are attacking crypto wallets use the main vulnerability in the system — human inattention and arrogance. Let’s see how they do it, and how one can protect their funds.

250 million potential victims

A study conducted by the American company Foley & Lardner showed that 71 percent of large cryptocurrency traders and investors attribute theft of cryptocurrency to the strongest risk that negatively affects the market. 31 percent of respondents rate the hackers’ activity threat to the global cryptocurrency industry as very high.

Foley & Lardner

Image source: Foley & Lardner

Experts from Hackernoon analyzed the data about hacking attacks for 2017, which can be conditionally divided into three large segments:

– Attacks on the blockchains, cryptocurrency exchanges and ICOs;

– Distribution of software for hidden mining;

– Attacks directed at users’ wallets.

Surprisingly, the article “Smart hacking tricks” that was published by Hackernoon didn’t appear to get wide popularity and warnings that seem to be obvious for an ordinary cryptocurrency user must be repeated again and again, as the number of cryptocurrency holders is expected to reach 200 million by 2024, according to RT.

According to research conducted by ING Bank NV and Ipsos — which did not consider East Asia in the study — about nine percent of Europeans and eight percent of U.S. residents own cryptocurrencies, with 25 percent of the population planning to buy digital assets in the near future. Thus, almost a quarter of a billion potential victims could soon fall into the field of hacking activity.

Apps on Google Play and the App Store

Tips e

– Don’t get carried away with installing mobile applications without much need;

-Add Two Factor Authorization-identification to all applications on the smartphone;

-Be sure to check the links to applications on the official site of the project.

Victims of hacking are most often smartphone owners with Android operating system, which does not use Two Factor Authentication (2FA) — this requires not only a password and username, but also something that user has on them, i.e., a piece of information only they could know or have on hand immediately, such as a physical token. The thing is that Google Android’s open operating system makes it more open to viruses, and therefore less safe than the iPhone, according to Forbes. Hackers add applications on behalf of certain cryptocurrency resources to the Google Play Store. When the application is launched, the user enters sensitive data to access their accounts and thereby gives hackers access to it.

One of the most famous targets of a hacking attacks of this type were traders of the American cryptocurrency exchange Poloniex, which downloaded mobile applications posted by hackers on Google Play, pretending to be a mobile gateway for the popular crypto exchange. The Poloniex team didn’t develop applications for Android, and its site doesn’t have links to any mobile apps. According to Lukas Stefanko, a malware analyst at ESET, 5,500 traders had been affected by the malware before the software was removed from Google Play.

Users of iOS devices, in turn, more often download App Store applications with hidden miners. Apple was even forced to tighten the rules for admission of applications to its store in order to somehow suspend the distribution of such software. But this is a completely different story, the damage from which is incomparable with the hacking of wallets, since the miner only slows down the computer operation.

Bots in Slack

Tips:

-Report Slack-bots to block them;

-Ignore bots’ activity;

-Protect the Slack-channel, for example, with Metacert or Webroot security bots, Avira antivirus software or even built-in Google Safe Browsing.

Since mid-2017, Slack bots aimed at stealing cryptocurrencies have become the scourge of the fastest-growing corporate messenger. More often, hackers create a bot that notifies users about problems with their cryptos. The goal is to force a person to click the link and enter a private key. With the same speed with which such bots appear, they are blocked by users. Even though the community usually reacts quickly and the hacker has to retire, the latter manages to make some money.

Steemit @sassal

Image source: Steemit @sassal

The largest successful attack by hackers through Slack is considered to be the Enigma group hack. The attackers used Enigma’s name — which was hosting its presale round — to launch a Slack bot, and ended up defrauding a total of $500,000 in Ethereum from credulous users.

Add-ons for crypto trading

Tips

-Use a separate browser for operations with cryptocurrencies;

-Select an incognito mode;

-Do not download any crypto add-ons;

-Get a separate PC or smartphone just for crypto trading;

-Download an antivirus and install network protection.

Internet browsers offer extensions to customize the user interface for more comfortable work with exchanges and wallets. And the issue is not even that add-ons read everything that you are typing while using the internet, but that extensions are developed on JavaScript, which makes them extremely vulnerable to hacking attacks. The reason is that, in recent times — with the popularity of Web 2.0, Ajax and rich internet applications — JavaScript and its attendant vulnerabilities have become highly prevalent in organizations, especially Indian ones. In addition, many extensions could be used for hidden mining, due to the user’s computing resources.

Authentication by SMS

Tips:

-Turn off call forwarding to make an attacker’s access to your data impossible;

-Give up 2FA via SMS when the password is sent in the text, and use a two-factor identification software solution.

Many users choose to use mobile authentication because they are used to doing it, and the smartphone is always on hand. Positive Technologies, a company that specializes in cybersecurity, has demonstrated how easy it is to intercept an SMS with a password confirmation, transmitted practically worldwide by the Signaling System 7 (SS7) protocol. Specialists were able to hijack the text messages using their own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. A demonstration was carried out using the example of Coinbase accounts, which shocked the users of the exchange. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself, Positive Technologies stated. This proved that any system can be accessed directly via SMS, even if 2FA is used.

Public Wi-Fi

Tips:

-Never perform crypto transactions through public Wi-Fi, even if you are using a VPN;

-Regularly update the firmware of your own router, as hardware manufacturers are constantly releasing updates aimed at protecting against key substitution.

Back in October last year, in the Wi-Fi Protected Access (WPA) protocol — which uses routers — an unrecoverable vulnerability was found. After carrying out an elementary KRACK attack (an attack with the reinstallation of the key) the user’s device reconnects to the same Wi-Fi network of hackers. All the information downloaded or sent through the network by a user is available to attackers, including the private keys from crypto wallets. This problem is especially urgent for public Wi-Fi networks at railway stations, airports, hotels and places where large groups of people visit.

Sites-clones and phishing

Tips:

-Never interact with cryptocurrency-related sites without HTPPS protocol;

-When using Chrome, customize the extension —  for example, Cryptonite — which shows the addresses of submenus;

-When receiving messages from any cryptocurrency-related resources, copy the link to the browser address field and compare it to the address of the original site;

-If something seems suspicious, close the window and delete the letter from your inbox.

These good old hacking methods have been known since the “dotcom revolution,” but it seems that they are still working. In the first case, attackers create full copies of the original sites on domains that are off by just one letter. The goal of such a trick — including the substitution of the address in the browser address field — is to lure a user to the site-clone and force them to enter the account’s password or a secret key. In the second case, they send an email that — by design — identically copies the letters of the official project, but — in fact — aims to force you to click the link and enter your personal data. According to Chainalysis, scammers using this method have already stolen $225 million in cryptocurrency.

Cryptojacking, hidden mining and common sense

The good news is that hackers are gradually losing interest in brutal attacks on wallets because of the growing opposition of cryptocurrency services and the increasing level of literacy of users themselves. The focus of hackers is now on hidden mining.

According to McAfee Labs, in the first quarter of 2018, 2.9 million samples of virus software for hidden mining were registered worldwide. This is up by 625 percent more than in the last quarter of 2017. The method is called “cryptojacking” and it has fascinated hackers with its simplicity in such away that they massively took up its implementation, abandoning the traditional extortion programs.

The bad news is that the activity of hacking has not decrease in the least bit. Experts of the company Carbon Black — which works with cybersecurity — revealed that, as of July 2018, there are approximately 12,000 trading platforms on the dark web selling about 34,000 offers for hackers. The average price for malicious attack software sold on such a platform is about $224.

Carbon Black

Picture source: Carbon Black

But how does it get on our computers? Let’s return to the news with which we started. On June 27, users began leaving comments on Malwarebytes forum about a program called All-Radio 4.27 Portable that was being unknowingly installed on their devices. The situation was complicated by the impossibility of its removal. Though, in its original form, this software seems to be an innocuous and popular content viewer, its version was modified by hackers to be a whole “suitcase” of unpleasant surprises.

Of course, the package contains a hidden miner, but it only slows down the computer. As for the program for monitoring the clipboard, that replaces the addresses when the user copies and pastes the password, and it has been collecting 2,343,286 Bitcoin wallets of potential victims. This is the first time when hackers demonstrated such a huge database of cryptocurrency owners — so far, such programs have contained a very limited set of addresses for substitution.

After replacing the data, the user voluntarily transfers funds to the attacker’s wallet address. The only way to protect the funds against this is by double-checking the entered address when visiting the website, which is not very pleasant, but reliable and could become a useful habit.

After questioning of victims of All-Radio 4.27 Portable, it was discovered that malicious software got on their computers as a result of unreasonable actions. As the experts from Malwarebytes and Bleeping Computer found out, people used cracks of licensed programs and games, as well as Windows activators like KMSpico, for example. Thus, hackers have chosen as victims those who consciously violated copyright and security rules.

Well-known expert on Mac malware Patrick Wardle often writes in his blog that many viruses addressed to ordinary users are infinitely stupid. It’s equally silly to become a victim of such hacking attacks. Therefore, in conclusion, we’d like to remind you of the advice from Bryan Wallace, Google Small Business Advisor:

“Encryption, anti-virus software, and multi-factor identification will only keep your assets safe to a point; they key is preventive measures and simple common sense.”



Source link

Current Monetary Tools ‘Inadequate’, Fed Should Consider Digital Currency

The former Chair of the U.S. Federal Deposit Insurance Corporation (FDIC) said that she thinks the Federal Reserve (Fed) needs to seriously consider issuing a central bank-issued digital currency (CBDC) in a June 8 op-ed published on Yahoo! Finance.

In her op-ed, the former FDIC Chair Sheila Bair noted that “the past 10 years are proof positive that current monetary tools are woefully inadequate to stimulate broad-based economic growth,” adding:

“The super rich have gotten a lot richer, while the middle class has struggled.”

Bair first crosses out cryptocurrencies like Bitcoin (BTC) as a way to improve current monetary tools, noting that “unfortunately for M. Nakamoto [sic, anonymous creator of BTC], bitcoin has failed miserably as a method of payment.”

Bair then goes on to describe a hypothetical digital currency, FedCoin, that would be issued and backed by the Federal Reserve. Since FedCoin would be printed by the Fed, it would solve the problems of bank runs in times of financial stress, as “by definition, it [the Fed] can always make good on financial obligations.” According to Bair, the FedCoin could eliminate the need for checking accounts, and thus the costs of maintaining them, as well as reduce interchange fees charged by banks and credit cards for small firms.

However, Bair notes that a “wholesale shift from bank accounts to CBDC could have severely negative consequences for credit availability given banks’ reliance on deposits to fund loans.”

Explaining further, Bair writes that retailers could be so attracted by the lower cost of using CBDC’s that they could “prompt a different kind of run on banks, as fiat money quickly migrated out of deposit accounts into digital coins.”

Nevertheless, Bair writes that even though this new kind of bank run would be “very bad for the banking system, but also the Fed,” whose currency-issuing monopoly would be threatened, the Fed still “needs to get serious now about evaluating the relative merits of issuing its own digital currency”:

“If it does not stay ahead of this technology, not only could banking be disrupted — but the Fed itself could also be at risk.”

Countries around the world have begun looking into CBDCs as well: at the end of May, the Bank of England issued a working paper on central bank-issued digital currencies, and last week, Thailand’s central bank revealed it was considering issuing its own cryptocurrency.



Source link

Microsoft Unveils New Blockchain Developer Tools for Azure

Microsoft announced the Azure Blockchain Workbench Monday, releasing a new set of tools for developers that work with distributed ledger tech.

The Workbench provides “the scaffolding for an end-to-end blockchain application,” and can be set up “with just a few simple clicks,” according to the announcement. Put more simply, Microsoft is trying to streamline the method by which companies and their development teams can build apps on top of Azure-based blockchains.

“Today, we’re excited to announce the public preview release of Azure Blockchain Workbench, a new offering that can reduce application development time from months to days,” Azure general manager Matthew Kerner wrote in a blog post published Monday.

Kerner added:

“Workbench gets customers started quickly by automating infrastructure setup, so developers can focus on application logic, and business owners can focus on defining and validating their use cases.”

Some of the firm’s existing partners have already taken advantage of the Workbench, Microsoft announced, including Israel’s Bank Hapoalim, food distributor Nestle and “quote-to-cash” software producer Apttus.

Stepping back, the move is just the latest for the technology giant, which has joined several blockchain-focused partnerships in the last few months.

The company is working with Hyperledger, the United Nations, research consortium R3 and Cornell University’s Blockchain Research Group to study different aspects of blockchain technology.

Outside of those group efforts, Microsoft has shown interest in the technology for digital identity purposes, as previously reported.

Microsoft image via Volodymyr Kyrylyuk / Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.



Source link