A library of snippets
xxx
“Any doofus can be a cybercriminal now,” said Sergei A. Pavlovich, a former hacker who served 10 years in prison in his native Belarus for cybercrimes. “The intellectual barrier to entry has gotten extremely low.”
From Secret Chats Show How Cybergang Became a Ransomware Powerhouse – The New York Times:
xxx
Square, Stripe, Amazon, PayPal and Shopify are in an arms race right now, using partnerships and acquisitions to build their defences against the banks and their lending businesses. In a recent (excellent) piece on this here in Forbes, Ron Shevlin recommends that banks fight back against the masses forces of embedded finance by capturing adjacencies, but I wonder if this is really viable.
Paul Stoddart, President of New Payments Platforms at Mastercard, made an interesting presentation at this year’s Payments Canada Summit. He was talking about the future of payments and after a quick world tour looking at the state of implementation of real-time payments, he went on to highlight three trends that will shape payments across the next generation: open banking, digital currency and digital identity. Paul knows what he is talking about, so I was particularly interested in his comments on the need for “inclusive identity”.
Are digital currencies really, as Bank of America Securities said, “crypto kryptonite”?
(their words: I would have gone with “cryptonite”)
BofA Securities points out that there is a huge and valuable prize for private-sector players from outside the banking sector if they can seize a larger piece of the payments’ action—a treasure trove of customer data that is not being fully exploited by the banks.
xxx
In a letter to The Economist this week, Shann Turnbull writes about the Australian welfare card, saying that the government there provides “cost-free debit cards” and that “as a result many people on welfare no longer need a bank account”. While I strongly agree that bank accounts are not necessary for financial inclusion, I am not so sure that the Australian example should be followed. As far as I am aware, in fact, there is no evidence that it is a good solution to the specific problems that Australia faces and research shows that it does not work anyway.
xxx
Smart contracts’ selling points of flexibility and efficiency could be, at the same time, their biggest challenge to institutional adoption. In the same way that DeFi offers multiple avenues for users to take advantage of their yields and value propositions, hackers also rely on that flexibility to conduct attacks. For example, hackers can borrow from one protocol while swapping other tokens in a different protocol and follow this indirect chain of transactions and exploits consecutively.
From Smart Contract Risks and Mitigation in DeFi: A Deep Dive by Outlier Ventures | CoinMarketCap.
xxx
xxx
As for Los Angeles, Mayor Eric Garcetti said the city has taken a different approach: Instead of banning the practice, the city has tried to help small businesses transition to a digital-first model. The program is called LA Optimized, a citywide initiative that helps business owners build their web presence and accept payments online.
From Many businesses may keep the cash-free model they started in the pandemic – Marketplace:
xxx
xxx
“We are a very high volume restaurant,” Phan said. “For a customer to be fluffling around with their wallet, maybe some even trying to give you the precise change … if you can just tap your phone, you’re done, you’re out, and we can attend to the next customer.”
From Many businesses may keep the cash-free model they started in the pandemic – Marketplace:
xxx
Lee Reiners, writing in the Wall Street Journal, says that there are no obvious benefits to cryptocurrencies “beyond the chance to make a quick buck”. He goes to say that “I have yet to identify a single task or process that crypto makes easier, better, cheaper or faster” but I think that this misses the key point that (eg) Bitcoin was never designed to be easier, better, cheaper or faster. It was designed to be censorship-resistant, which is why it is so good for ransomware.
This has turned out to be something of a problem. The FBI reported a 225% increase in total losses from ransomware in the United States in 2020. According to the Cybereason Global Ransomware Study measured how much financial and reputational damage these attacks wreak on businesses and found, rather interestingly, that four-fifths of the organizations who were hit by ransomware and paid up were subsequently hit again (and almost half were hit by the same threat group). With attacks escalating week on week, it’s time for action. But what action?
The Insitute for Security and Technology said, in their “Ransomware Task Force Report” back in January, that cryptocurrency should be more closely regulated and the governments around the world should require exchanges, crypto-kiosks (such as Bitcoin ATMs) and over-the-counter (OTC) operators to comply with Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
Well, yeah. But to try to stop money flowing in and out of ransomware enterprises will be something of a challenge. Right now, the bad guys collect their loot and then switch it out through interesting schemes, such as the “treasure men” dead drops. A treasure man is some who will take your (traceable) Bitcoin and then leave (untraceable) cash hidden somewhere: buried in a park, for example. Once the treasure man has your bitcoins, he or she will then send you the co-ordinates. (The Financial Times reports that the Russian-language Hydra web site offers a wide variety of cash-out options, including treasure troves and iTunes vouchers.)
Nicholas Weaver wrote that “we don’t have a ransomware problem, we have a Bitcoin problem”. And he’s right. But it does make me wonder why. Why, that is, do criminals use non-fungible Bitcoin that can be tracked and traced and monitored to see where it does rather than some other cryptocurrency that offers real anonymity? (Once again demonstrating the impending explicit pricing of privacy, the Sodinokibi payment website last year began charging 10% more for Bitcoin ransoms compared to the more private Monero cryptocurrency and I understand that the Colonial attackers raised this to 20%.)
Ransomware is a scale problem, automated by cryptocurrency, but there are plenty of other crimes and plenty of other criminals who are looking to censorship resistance and privacy to turbocharge their own activities. In Norway, for example, the National CyberCrime Center is trying to pry open Monero (as well as Dash, another crypto asset known for privacy) in connection with the well-document search for the missing wife of one of Norway’s richest men.
What can be done? If we assume that cryptographic innovation will continue to
So what are we going to to?
Society’s response to ransomware is an example of a collective action problem. The public would be better off if everyone cooperated and refused to pay money to ransomware operators. With no incoming ransom income, the ransomware business would be unprofitable, attacks would cease and the collateral damage would stop.
From Ban All Ransomware Payments, in Bitcoin or Otherwise – CoinDesk:
xxx
xxx
Unemployment fraud — of this and other sorts — has become so pervasive that the cost to taxpayers could run into tens of billions of dollars before the pandemic ends. In both California and Washington it was sufficiently rampant that the states temporarily suspended claims just to try to catch up with it all.
From How Identity Thieves Took My Wife for a Ride – The New York Times:
xxx
Snippings