Search This Blog

Showing posts with label Technology. Show all posts

Scammers in Russia Offer Free Bitcoin on a Hacked Government Website

 

The website of the Russian government was recently hacked. The fraudsters started a phoney Bitcoin (BTC) scheme, which they then re-published after being taken down several times. An unnamed gang of hackers began promoting the Free BTC Giveaway scam on the Ryazan administration's website, according to the local Russian news source Izvestia. 

Hackers had disputed the distribution of 0.025 BTC to everyone who installed the specified programme on their device in the aforementioned scam. In addition, the hackers added in the re-post that five lucky winners will each receive an extra $1,000. As of late, all messages, including the second post, have been removed. 

The Russian government has tightened its grip on all crypto-crime in the country. Last month, Russia's Federal Financial Monitoring Service in Moscow, known as Rosfinmonitoring, launched the latest cryptocurrency tracing system. This will deanonymize traders' identities by further analysing their actions and movements. The tracing system in Russia, according to Rosfinmonitoring, is focused on combating money laundering and terrorist funding rackets.

In 2021, the global volume of cryptocurrency-related fraud grew substantially. According to specialists from the IT security firm Zecurion, losses in the first half of this year were an estimated $1.5 billion, which is two to three times more than the sum recorded in the same period last year. According to a study released, the Russian Federation is responsible for 2% of the total — some $30 million, or over 2.2 billion rubles.

The Central Bank of Russia (CBR) said in July that in the first six months of the year, it had discovered 146 financial pyramid schemes. In comparison to the same period in 2020, the number is 1.5 times greater. According to the regulators, consumers with poor financial literacy are frequently duped into investment schemes involving cryptocurrency or crypto mining. According to the CBR, the increase is due to increased activity by "unfair market participants" and increased investment demand in Russia. 

The primary reasons for the increase, according to analysts, are consumers' increasing exposure to digital assets as well as a desire to earn rapid profits in a burgeoning industry with few rules amid instability in traditional financial markets. They also predict crypto fraud to continue to climb this year, with an annual increase of 15% expected.

Ukraine legalized cryptocurrency

The Verkhovna Rada of Ukraine adopted the bill "On virtual assets", which will legalize cryptocurrency and virtual hryvnia.

The bill on its legal use for settlement operations was supported by 276 deputies, six voted against, 71 deputies abstained. The document regulates the circulation of virtual assets in the country, which allows market participants to use banking services, pay taxes on income from "crypto", as well as receive legal protection in courts in case of violation of rights.

According to the Telegram channel of the Rada, the purpose of the law is a comprehensive regulation of relations arising during the circulation and conclusion of transactions with digital currency, as well as ensuring a unified approach to the organization of cryptocurrency trading.

Owners of cryptocurrencies will receive a number of benefits. Due to the fact that there will be a legislative regulation of this area, they will at least be able to protect their fortune in virtual assets if something happens.

They will also be able to legally exchange crypto assets, declare them. This process will be absolutely legal. In addition, it is expected that a whole market of intermediary services will appear for paying for goods with cryptoassets, their storage, exchange. This will expand the possibilities of their use.

The new law will make virtual assets an absolutely legal and familiar phenomenon for the authorities and society.

It should be noted that in September last year, the government of Ukraine stated that the country has the highest level of use of virtual assets by the population in the world.

Earlier, E Hacking News reported that, according to the First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.

El Salvador was the first country in the world to recognize bitcoin. The relevant law entered into force there on September 7. Now it will be possible to pay with cryptocurrency along with dollars.


The Future Comes With Promising Edge Technology, Say Experts

 

The huge amount of data continuously collected via billions of sensors and devices that comprise the IoT can pose a serious threat for organizations that depend on primitive intelligence and analytics tools. Since the beginning, these devices have not been much effective and needed central servers to process data, mostly cloud-based servers (public) which could be far away. Currently, however, for the same price, you can get more computing power, making way for AI-powered, and edge located devices that make their own commands. 

As per the experts, by 2025, 75% of organization-generated data would be created and processed by an edge. From driverless cars capable of processing and analyzing real-time traffic data (without cloud), to factory systems that can process sensor data for future maintenance. This rapid development in the age of smart devices at the edge will provide vast opportunities in businesses and for users. The capability to create automated and store data for analysis linked to the source is most likely to give operational advantage, produce new and effective services, enhance scalability and transfer data away from central servers. 

Along with this, the fast edge development requires that security leaders adhere to discipline even though the distribution of data that seems to be on the horizon. It must be important for the user to understand the relation between edge and IoT (Internet of Things), the edge allows computation to run on device/ local network rather than sending data to be analyzed on public cloud servers or central data centers, which is time-consuming and also costs resources. 

After that, the analyzed data can be sent to its endpoint. Hence, edge computing lowers the bandwidth risks and analyses data within proximity. It is very crucial in IoT as there exist billions of sensors and systems across the world that produce processed data, let it be inter-connected home devices, health wearables, or industrial machinery. "Especially for use cases like healthcare monitoring and safety apps – where milliseconds count – edge computing and cheaper, more powerful AI-powered devices are emerging as perfect partners to process the massive amounts of information generated by connected devices," reports HelpNetSecurity.

SEC: Stay Vigilant Against Cryptocurrency Related Frauds

 

The U.S. Securities and Exchange Commission has released a new alert that fresh illegal schemes are targeting digital assets. 

According to security experts, individuals and organisations must be cautious against crypto-related frauds or other "get rich fast" schemes since social engineering attempts are rising. 

The SEC's Office of Investor Education and Advocacy and Division of Enforcement's Retail Strategy Task Force states in its advisory, "Fraudsters continue to exploit the increasing popularity of digital assets to entice investors into schemes, frequently leading to severe losses." 

Users should be wary of phishing or impersonation schemes that pretend to provide something innovative or cutting edge, according to the regulator. 

The SEC added, "If you are considering a digital asset-related investment, take the time to understand how the investment works and to evaluate its risks. Look for warning signs that it may be a scam." 

The SEC's advisory comes after the authority fined BitConnect, a now-defunct cryptocurrency network, with $2 billion in the alleged fraud. 

The SEC termed the scheme "one of the largest Bitcoin-related Ponzi-like schemes," stating that defendants stole almost $2 billion of investor funds using a platform - a "technology bot" - that promised extravagant profits. The cryptocurrency platform reportedly advertised itself in several countries using testimonial-style YouTube videos and other social media.

As per the SEC, BitConnect ran a pyramid scheme-style referral programme, paid investor withdrawals from incoming investor funds, and "did not trade investors' Bitcoin consistent with its representation". 

Furthermore, according to the US Department of Justice, BitConnect's major U.S. promoter, Glenn Arcaro, pleaded guilty to similar criminal charges last week. Officials say he faces up to 20 years in jail and must refund $24 million to investors gained from the scam. 

Suspicious Signs

According to the Securities and Exchange Commission, suspicious digital asset activities frequently: 
• Are unregistered/unlicensed vendors;
• Demonstrate representations of account values rising; 
• Sounds too good to be true, and it usually is; 
• Promote phoney testimonials since fraudsters frequently pay people to promote a product or service on social media or through video. 

Many security and blockchain researchers attribute these malicious practices and highly complex social engineering tactics or outright misleading advertising, contributing to bad or disastrous crypto investments. 

According to James McQuiggan, the Florida Cyber Alliance's education director and a security awareness advocate for the business KnowBe4, "Cybercriminals will always find emotional lures to exploit users through social engineering. Asking yourself the question, 'Is this too good to be true?' is the first step to determine if the organisation is worthwhile." 

Likewise, Julio Barragan, head of cryptocurrency intelligence at CipherTrace, warned about ongoing schemes in which victims are enticed by a convincing fraudster who sends them direct messages on social media or through a friend's hacked account promising big rewards. 

As per Neil Jones, a cybersecurity evangelist with Egnyte, "Significant change [in the space] will only occur when cryptocurrency platforms become subject to the same standardized IT requirements as traditional investment platforms, and when cryptocurrency exchanges no longer represent a safe haven for payments to ransomware attackers." 

Notwithstanding, Robinson stated, "There is no need for new crypto-specific regulation to handle [these events] since regulators are currently prosecuting these fraudsters under existing laws." According to him, US authorities have penalized over $2.5 billion in fines, primarily for fraud and unregistered securities offerings. 

But authorities like Sen. Elizabeth Warren, D-Mass., continue to push for extensive cryptocurrency regulation. Warren compared many cryptocurrency activities to "shadow banks" that lack standard investor safeguards in an interview with The New York Times on Sunday. 

SEC Chair Gary Gensler highlighted earlier remarks on impending cryptocurrency regulation last week, stating The Financial Times that digital assets must be safe and long-lived within a public policy framework. He also asked the congressional authority to minimize investment risks associated with virtual currencies.

NSA Issues FAQs on Quantum Computing and Post-Quantum Cryptography

 

As concerns regarding quantum computing and post-quantum cryptography are overtaking the forefront of cryptographic discussions, especially in areas associated with national defense, the National Security Agency (NSA) has published a document comprising of the most frequently asked questions about Quantum Computing and Post-Quantum Cryptography, in which the agency studied the probable ramifications for national security in the event of the introduction of a "brave new world" far beyond the traditional computing domain. 

This 8-page report provides a summary of quantum computing, its connection with cryptography, the Commercial National Security Algorithm Suite, Commercial Solutions for Classified (CSfC), and the National Information Assurance Partnership (NIAP), as well as forthcoming techniques and cryptography. 

With the advancements the competition for quantum computing also heats up, with a slew of players vying for quantum dominance via diverse, eccentric scientific inquiry avenues, the NSA document examines the possible security risks raised by the establishment of a “Cryptographically Relevant Quantum Computer” (CRQC). 

"NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist," it stated. 

A CRQC is the emergence of a quantum-based supercomputer strong and sophisticated enough to bypass conventional encryption techniques developed for classical computing. Whereas these strategies are practically uncrackable with existing or even prospective supercomputers, a quantum computer does not abide by the same rules given the nature of the beast, as well as the superposition, asserts readily accessible to its computing unit, the qubit. 

Considering that governments and labs are striving to develop crypto-busting quantum computers, the NSA stated it was developing “quantum-resistant public key” algorithms for private suppliers to the US government to employ, as part of its Post-Quantum Standardization Effort, which has been in operation since 2016. 

The world depends on public cryptography for strong encryption, such as TLS and SSL, which underpins the HTTPS protocol and help to safeguard user browsing data against third-party spying. 

Eric Trexler, VP of global governments at security shop Forcepoint, told The Register: "Progress on quantum computers has been steadily made over the past few years, and while they may not ever replace our standard, classical computing, they are very effective at solving certain problems. This includes public-key asymmetric cryptography, one of the two different types of cryptosystems in use today." 

Consequently, an agency such as the NSA, which guarantees the security of the United States' technological infrastructure, must cope up with both current and future risks - as one would assume, updating organizations as large as an entire country's key government systems requires an incredible amount of time. 

The NSA wrote, in theory, quantum computers can perform some mathematical calculations tenfold quicker than traditional computers. Quantum computers use “qubits” instead of regular bits, which react and interact as per the laws of quantum mechanics. This quantum-physics-based characteristic might allow a reasonably large quantum computer to do precise mathematical calculations that would have been impossible for any conventional computer to execute. 

According to the NSA, "New cryptography can take 20 years or more to be fully deployed to all National Security Systems (NSS)". And as the agency writes in its document, "(...) a CRQC would be capable of undermining the widely deployed public key algorithms used for asymmetric key exchanges and digital signatures. National Security Systems (NSS) — systems that carry classified or otherwise sensitive military or intelligence information — use public-key cryptography as a critical component to protect the confidentiality, integrity, and authenticity of national security information. Without effective mitigation, the impact of adversarial use of a quantum computer could be devastating to NSS and our nation, especially in cases where such information needs to be protected for many decades." 

In its document, the NSA rests the decision of which post-quantum cryptography would be deployed by the United States' national infrastructure solely on the shoulders of the National Institute of Standards and Technologies (NIST), which is "in the process of standardizing quantum-resistant public key in their Post-Quantum Standardization Effort, which started in 2016. This multi-year effort is analyzing a large variety of confidentiality and authentication algorithms for inclusion in future standards," the NSA says.

The largest Internet companies of the Russian Federation signed the charter for the safety of children on the Internet

On Wednesday, September 1, Russian Internet companies, media holdings and telecom operators signed a charter on the safety of children on the Internet. The signing ceremony was attended by Russian President Vladimir Putin.

Within the framework of the charter, an Alliance for the Protection of Children in the Digital Environment was created, the participants of which made a number of voluntary commitments.

"The members of the alliance are the owners of the largest Russian platforms, video hosting sites and search engines. They take increased obligations to independently identify and restrict access to illegal information and content that can harm the health and development of children, as well as to exchange best practices and the latest developments in this area," the Kremlin website says.

Thus, the document was signed by Yandex, Mail.ru Group, Kaspersky Lab, National Media Group, Rostelecom, Megafon, MTS and Vimpelcom.

It is noted that the goal of the alliance is to create a favorable and safe digital environment that would give children the opportunity for creative and professional development, socialization and safe communication in the virtual space.

Evgeny Kaspersky, CEO of Kaspersky Lab, noted that the business already has the technological capabilities for this. According to him, technologies for protecting children "from malicious and poisonous berries on the Internet" have been developed and provided to many regions of Russia.

"We feel our responsibility to make the digital environment convenient for children so that they can learn, communicate and develop," said Anton Shingarev, chairman of the alliance.

Earlier, on May 22, First Deputy Head of the Presidential Administration of the Russian Federation Sergey Kiriyenko supported the idea of business to unite Russian IT companies into an Alliance for the Protection of Children in the Information Space. The initiative was proposed by Mikhail Pribochy, Managing Director of Kaspersky Lab in Russia, CIS and Baltic countries. According to him, the need for it arose in connection with the decline in digital literacy of the Russian population.

Eastern Europe is a Hotspot for Illegal Cryptocurrency Trading

 

According to a new study, Eastern Europe is a hub for illicit cryptocurrency operations. According to Chainalysis data published on Wednesday, Eastern European cryptocurrency addresses contributed $815 million to investment ponzi scams that attract customers with false promises of large returns between June 2020 and July 2021. Ukraine, in particular, provided a large amount of traffic to fraud websites in the region, outnumbering the United States by about 20 million visits.

Eastern Europe is the region that sends the most cryptocurrency to darknet markets. This is attributable in great part to activities at Hydra Market. Hydra is the largest darknet market in the world, although it mainly serves Russian-speaking users in Eastern Europe. 

Finiko, a scam, received half of the money sent to the region. Finiko was a Ponzi scheme established in Russia that collapsed in July 2021, shortly after participants reported being unable to withdraw payments from their accounts. Finiko encouraged customers to invest with Bitcoin or Tether, promising monthly profits of up to 30%, and then established its own cryptocurrency that was sold on various platforms. 

Finiko was led by Kirill Doronin, a popular Instagram influencer who has been linked to numerous Ponzi scams, according to the Moscow Times. Finiko received approximately $1.5 billion in Bitcoin in over 800,000 distinct donations between December 2019 and August 2021.

While Eastern Europe is primarily thought of as a recipient of illicit cryptocurrency funds, the research points out that due to the region's economic instability, it is also home to an increasing number of victims. Scam payments outperformed all kinds of crime in Eastern Europe, as well as every other region analyzed by Chainalysis, despite the constant rise in ransomware assaults. 

Eastern Europe came in second place in terms of ransomware funds received, at $46 million. However, due to overlap in services, some of the $51 million in activity attributed to Western Europe could be credited to Eastern Europe, according to researchers. 

Cryptocurrency scams have also grown in popularity in the United States, which came in third in terms of scam payments after Eastern and Western Europe. Despite this, the firm discovered that fraudsters have amassed tens of millions of dollars in cryptocurrency ransomware payments.

Customers of Russian banks will be recognized by the veins with the help of a new technology

Russian banks are going to introduce customer identification by the pattern of veins on their hands. It is assumed that this method of authentication will help to prevent unauthorized access to the savings of citizens. Meanwhile, experts were skeptical about the initiative. In their opinion, the system has significant disadvantages which can be used by criminals.

It is worth noting that Russian banks already have biometrics that allow them to identify customers by voice and face. "The palm vein pattern will remove barriers to biometric identification for people with hearing and speech problems due to various reasons," the Central Bank explained.

Nikita Durov, Technical director of Check Point Software Technologies in Russia and the CIS, said that with the introduction of the new identification system there are new risks of data substitution by intruders.

"Recently, we have witnessed how attackers used neural networks to replace people's faces in photos and videos. The same thing can happen with the substitution of the vein pattern," added he.

According to Durov, banks should be prepared for potential attacks.

"Scans should be done with the latest modern scanners to avoid mistakes and distortions," Durov added. He stressed that sometimes companies save money and buy cheaper storage and data protection systems that are not able to provide the necessary level of security.

Martin Hron, a leading cyber threat researcher at Avast, said that hackers always try to be one step ahead and look for ways to bypass even the strongest security systems, including biometrics.

The expert clarified that the creation of a fictitious pattern of veins is a matter of time.

Alexey Kuzmin, an expert of the Jet Infosystems company, agreed with the opinion that it is possible to deceive the identification system by scanning blood vessels, but it is much more difficult than systems with voice, face or finger detection.

Hacker Behind $600 Million Crypto Heist Returned Stolen Funds

 

The hacker behind the biggest cryptocurrency heist of all time has finally handed access to the final tranche of stolen funds. 

Poly Network, a platform in the decentralized finance or "DeFi" area, was hacked last month, with the hacker or hackers acquiring almost $600 million in digital tokens. The criminal took advantage of Poly Network's software flaw to move the cash to their own accounts. 

In an unexpected twist, the Poly Network hacker did not flee with the funds. Instead, they initiated contact with the targeted organization, offering to return all funds. Last week, the hacker returned all of the funds virtually, except $33 million in tether, or USDT, a dollar-pegged bitcoin that was locked by its issuers. 

However, there was a problem, more than $200 million in assets were locked up in an account that needed both Poly Network and the hacker to enter passwords. The hacker has been refusing to provide out their password for several days, only stating that they would do it when "everyone is ready." 

Poly Network appealed to the hacker, dubbed "Mr. White Hat," to refund the money. The company guaranteed the anonymous person a $500,000 reward for assisting in identifying a security weakness in its systems, as well as a post as "chief security advisor." 

Poly Network now has access to the final batch of stolen cash. According to a blog post published Monday, hacker Mr. White Hat provided the so-called private key needed to restore control of the remaining assets. 

“At this point, all the user assets that were transferred out during the incident have been fully recovered,” Poly Network stated. 

“We are in the process of returning full asset control to users as swiftly as possible.” 

Last week, the Japanese cryptocurrency exchange Liquid announced that it had been the target of a cyberattack in which hackers obtained $97 million worth of cryptocurrencies. However, in the case of Poly Network, the hacker kept an open dialogue going with their victim, eventually reclaiming the assets they had stolen. 

Security experts believe the attacker recognized it would be impossible to launder the money and cash because all transactions are recorded on the blockchain, the public ledgers that underlie most major digital currencies. 

An unidentified individual claiming to be the hacker stated they were “(quitting) the show” in a message embedded in a digital currency transaction. 

“My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style,” the unidentified person stated. 

“The consensus was reached in a painful and obscure way, but it works. Some people even suspect that the whole story is a PR stunt.” 

Poly Network's team verified that the private key is authentic, according to the organization.

“As of now, Poly Network has regained control of the $610 million (not including the frozen $33 million USDT) in assets that were overall affected in this attack. Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners, and the multiple security agencies for their assistance.”

Hacker Rewarded With $500,000 and a CSA Job by Poly Network

 

Lately, it has been a turbulence-filled time for Poly Networks. The company creates software to handle the exchange between different blockchains for cryptocurrencies and other commodities. 

The company announced last week, by leveraging its security weaknesses, that a fraudster took hundreds of millions of dollars off its network in digital tokens, worth $600 million (roughly Rs 4,462 crores). But the same company has offered a Chief Security Advisor job role plus a sum of $500,000 to the crypto hacker involved in the heist that reaped over $600 million (roughly Rs 4,462 crores) last week. 

The criminal has started handing back digital money – and at least $260m of tokens were repaid after Poly Network encouraged netizens, crypto-exchanges, and miners to disallow the transactions containing the wallet credentials of the criminal. The business claimed that they have maintained communication with the suspect, known as Mr. White Hat. 

It is believed to be the biggest crypto theft ever, overtaking the US$534.8 million in digital coins seized from the Japanese exchange Coincheck during a cyberattack in 2018 and the approximated $450 million bitcoin crypto theft from Tokyo exchange Mt. Gox in 2014. 

"It is important to reiterate that Poly Network has no intention of holding Mr. White Hat legally responsible, as we are confident that Mr. White Hat will promptly return full control of the assets to Poly Network and its users," the organization said. "While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr. White Hat’s vision for Defi and the crypto world, which is in line with Poly Network’s ambitions from the very beginning — to provide interoperability for ledgers in Web 3.0." 

As a bug bounty prize on Ethereum Poly Network awarded him $500,000. However, he stated that he wouldn't accept the money, yet the awarded money was sent to his wallet. Additionally, the firm has advanced one step further and offered him the Chief Security Advisor position in their firm. 

Nevertheless, the business stated it completely acknowledges the intentions of Mr. White Hat to deny the cash and transfer it to people who strive to enhance the technology of Blockchain. “We will still transfer this $500,000 bounty to a wallet address approved by Mr. White Hat so that he can use it for the cause of cybersecurity,” Poly Network added. 

It is not known if the so-called Mr. White Hat will accept the employment offer or not. It doesn't appear probable right now, making judgments on the messages included in Ethereum transactions made between the two parties. He is still yet to give up $238 million to their knowledge, though he says he is not prepared to give the keys back to the wallet that stores the cash. He also stated earlier that Poly Network was targeted for fun and that its programming was fragile. 

“We are counting on more experts like Mr. White Hat to be involved in the future development of Poly Network since we believe that we share the vision to build a secure and robust distributed system,” it said in a statement. “Also, to extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network.”

The Hacker Behind the Biggest Crypto Heist is Refusing to Return the Remaining Funds

 

The Poly Network attack took place two weeks ago, but the narrative is far from finished. Mr. White Hat, an unknown hacker, was able to extract $614 million in cryptocurrencies, according to the Poly Network team. They are now declining to assist and delaying the Poly Network team after returning a portion of the cash. 

The hack is regarded as the largest crypto theft to date, and the Poly Network team appears to have fewer options other than to ask the hacker to restore the stolen funds peacefully. The attacker/ attackers are interacting with the Poly Network team via the Ethereum blockchain's transaction data field. The unknown hacker is known as "Poly Network Exploiter 1," as per blockchain-tracking service Etherscan. 

“Your essays are very convincing while your actions are showing your distrust, what a funny game. You don’t [sic] even think to unlock my USDT account,” Poly Network Exploiter 1 wrote on the Ethereum blockchain. 

The attacker is referencing a USDT account with $33 million in stablecoins. The funds have been frozen by Tether, which irritates the offender. The hacker's conversation suggests that he has no issues with keeping the stolen money for an undetermined period. 

The Poly Network team replied, "We still hope you can provide the key to us this week because thousands of people are eager to get their assets back." 

In the response, Poly Network Exploiter 1 replied, “I am not ready to publish the key in this week [sic]… Here is one thing that you can always trust me: [sic] Holding BTC and ETH is better than trading them.” 

On August 10, the Poly Network was hacked, and the intruder returned $256 million worth of coins the next day. As a gesture of cooperation, the hacker produced a token labeled 'The hacker is ready to surrender' and sent it to the assigned Polygon address. 

The Poly Network team has given a $500,000 bounty for identifying the exploit to make things easier for the attacker. It is willing to pay 160 ETH ($500,000) to the hacker's address, a gesture that the hacker has turned down. The attacker has also been given the opportunity to become a consultant for the DeFi initiative (decentralized finance). 

Mr. White Hat, as the hacker is called by Poly Network, is a reference to ethical hackers that look for flaws and assist organizations to patch them. It's unclear why the hacker is preventing the final part of assets from being accessed. Poly Network is in charge of roughly $330 million in stolen funds, while Tether, a stablecoin operator, has frozen $33 million pending legal action. Because the blockchain is transparent, putting every transaction data out in the open, hackers find it difficult to get away from their crime or encash it, according to Chainalysis. 

The company mentioned in its report, "With the inherent transparency of blockchains and the eyes of an entire industry on you, how could any cryptocurrency hacker expect to escape with a large cache of stolen funds?" 

"In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet." 

It's hard to determine whether the hacker was attempting an ethical assault or committing a heist. The underlying reason, however, does not appear to be a concern for the Poly Network team at this time. 

As the pressure from thousands of victims grows, recovering the stolen funds is a prime concern. The attack serves as a reminder to governments and authorities that cryptocurrency legislation must be taken seriously. There is currently near to zero accountability, posing a significant danger to the future of DeFi. 

“Regardless of their intentions, we’re of the belief that this sort of publicity stunt hurts the perception of the virtual asset economy in the eyes of the public,” said AnChain.AI founder and CEO Victor Fang. 

DeFi-related thefts are on the upsurge, the first seven months of the year represented 54% of overall crypto fraud volume, compared to 3% for the entire year last year, according to CipherTrace.

Google Play is Infested with Fake Crypto Mining Apps

 

Google has deleted eight bogus mobile apps from the Play Store that pretend to be bitcoin cloud-mining apps but are actually designed to trick users into paying for pricey subscription services and engaging in other unlawful acts. Although they may have been removed, Trend Micro researchers discovered that when searching Google Play for the keywords "cloud mining," several problematic applications of the same sort remain. 

“Cloud mining introduces both convenience and cybersecurity risks. Because of the simplicity and agility of cloud computing, it is quick and easy to set up a realistic-looking crypto mining service that is really a scam,” said Ioannis Gasparis, a mobile application security researcher at Lookout, in a report released in July. 

These phoney Android apps target those who want to make money online by persuading them to invest in a cloud-mining company. All eight recently removed apps were found to be infected with one of two malwares: FakeMinerPay and FakeMinerAd. 

“These apps were able to fly under the radar because they don’t actually do anything malicious,” said Ioannis Gasparis. “They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception.”

According to Cifer Fang, a researcher at Trend Micro, these malicious apps merely fool victims into watching adverts, make them pay for subscription services with an average monthly charge of $15, and also encourage them to pay for greater mining capabilities without getting anything in return. 

According to Trend Micro's findings, the apps don't actually mine anything; instead, "fake mining activity on the apps' user interface (UI) is carried out via a local mining simulation module that comprises a counter and certain random operations."

“The app called Daily Bitcoin Rewards – Cloud Based Mining System prompts its users to upgrade their crypto-mining capacity by ‘buying’ their favorite mining machines to earn more coins at a faster rate,” Fang noted. 

Two of the phoney crypto mining apps (Bitcoin [BTC] – Pool Mining Cloud Wallet and Bitcoin 2021), according to Trend Micro's analysis, bombarded their users with adverts with the primary purpose of enticing victims to click.

Roskomnadzor accused Google of blackmail and pressure on the court

Representatives of Roskomnadzor accused the American corporation Google of blackmail after its statement about possible risks for Russia associated with the requirement to unblock the YouTube channel Tsargrad or pay a court penalty. The organization had previously threatened to refuse to remove information banned in the country from search results.

"By threatening the Russian state with stopping the removal of prohibited content from search results, the company seeks to manipulate public opinion and put pressure on the judicial authorities. Google is ready to endanger the lives and health of Internet users in Russia, including children and teenagers, for the sake of its commercial interests," the agency said.

Ekaterina Mizulina, director of Safe Internet League, also called Google's behavior unacceptable. In her opinion, the American corporation would never dare to put pressure on the courts of major European countries, such as Germany and France, because then it would face fines of several billion euros. "These companies work in our market and make huge profits, so they should comply with the current Russian legislation and respect the interests of Russian users and business representatives," she stressed.

Earlier it was reported that Google filed an appeal to the Russian court. The company said that the court penalty, which it faces if it does not unblock the channel Tsargrad entails "significant risks to its ability to operate in Russia" as well as "putting at risk" the implementation of the federal law "On Information": Google may stop removing links to materials blocked in Russia from its search results.

Tsargrad is the first Russian conservative information and analytical TV channel on YouTube. It was blocked in the summer of 2020. Its owner Konstantin Malofeev has been under sanctions by the United States, Canada and the European Union since 2014. In April 2021, a Russian court declared the blocking of the YouTube channel illegal and demanded that access to it be returned.

Cyber Criminals Using a New Darknet Tool to Escape Detection

 

There has been an ongoing war between criminals and authorities in cyberspace for years. Although cryptocurrencies are anonymous in nature, new techniques for tracking funds around the cryptocurrency blockchain have led to the arrest of dozens of cyber-criminals in the previous two years. 

But recently a new website has surfaced on the darknet that allows criminals to assess how "clean" their digital currencies are. 

Dr. Tom Robinson, chief scientist and founder at analysis provider Elliptic, who discovered the website explained, "We're seeing criminals start to fight back against blockchain analytics and this service is a first." 

"It's called Antinalysis and criminals are now able to check their own Bitcoin wallets and see whether any association with criminal activity could be flagged by authorities." 

According to Elliptic, the finding demonstrates how complex cybercrime networks are becoming and how concerned criminals are about being detected. 

"It's a very valuable technique. If your funds are tainted, you can then do more laundering and try to remove that association with a criminal activity until you have clean coins," he said. 

According to Dr. Robinson, this new trend is concerning that could make their work and law enforcement difficult. However, as per the researchers who examined it, the service isn't functioning very well right now. 

"It actually wasn't very good at identifying links to criminal sites. However, it will inevitably improve over time. So I think this is going to be a significant capability for criminals and money launderers in the future." 

Authorities all across the world, including China, the United Arab Emirates, and the United Kingdom, are attempting to address the rising problem of money laundering using cryptocurrencies. Cryptocurrency monitoring has resulted in several high-profile arrests, such as US teenager Graham Ivan Clark, who is presently in prison for plotting one of the largest-ever social media hacks. 

Last year, on July 15, Clark hacked into the accounts of dozens of celebrities, including Kim Kardashian, Elon Musk, Bill Gates, and Joe Biden, on Twitter.

"Everyone is asking me to give back," Mr. Gates stated in a tweet purportedly sent from his account. "You send $1,000, and I send you $2,000 back." After that, Clark and his hacking team tweeted an ad for a cryptocurrency fraud, which resulted in hundreds of transfers from people wanting to profit from the fraudulent giveaway. 

Clark gained more than $100,000 (£72,000) in only a few hours and began the process of transferring the money around to cover his tracks. He is now 18 years old, pleaded guilty, and is currently serving a three-year sentence in a Florida jail. 

The growing usage of so-called privacy coins is another trend that authorities are concerned about. Cryptocurrencies like Monero, for example, provide more secrecy than popular coins like Bitcoin. 

Hackers are now urging victims to pay with these currencies in return for a discount in some extortion incidents. This is a trend that is yet to completely take off, and Kim Grauer, director of research at bitcoin monitoring firm Chainalysis, believes that this technique offers disadvantages for criminals. 

"Privacy coins haven't been adopted to the extent that one may expect. The primary reason is they aren't as liquid as Bitcoin and other cryptocurrencies. Cryptocurrency is only useful if you can buy and sell goods and services or cash out into mainstream money, and that is much more difficult with privacy coins."

Russia has developed a virtual reality helmet for recruitment

Researchers from Samara State University have developed a technology to assess the psychological qualities of a job seeker using a virtual reality helmet. Such an idea will help employers assess the personality of the person when recruiting staff.

It is noted that the tested person gets into a specially created virtual environment, which he perceives as real. At this time, the computer evaluates his physical and emotional state without human assistance.

The cost of such a system, which includes a computer and a VR helmet, will be about 120 thousand rubles ($1,600). The program "Psychodiagnostics in VR" and joysticks that read the micro-movements of fingers are also included. The level of anxiety, the reaction to stress, emotional excitability, as well as the cognitive activity of a person are assessed.

Experts reacted to the initiative ambiguously. Sports psychologist Olga Tiunova noted that for many years there have been attempts to create a psychological portrait of an ideal champion, but so far they have not been crowned with success. Special forces instructor Alexander Lastovina added that "Psychodiagnostics in VR" can be used to test soldiers, but the technology should be verified for effectiveness.

Also, specialists noted that a person is something more than a set of psychological characteristics.

It is interesting to note that earlier Irish scientists recognized that computer games are useful in the fight against a number of mental illnesses: they have a beneficial effect on people with anxiety disorders and depression and may even be more useful than traditional methods of treatment. The researchers concluded that games can be used as an alternative to medical care.

Russian scientists have launched the first quantum network with open access in Moscow

 Russian scientists have launched in Moscow the first quantum network with open access, in which all interested organizations will be able to participate.

"The main advantage of our quantum network is its openness compared to those that were developed earlier. This could radically change the quantum communications market. Both software developers and organizations wishing to connect experimental sections of their infrastructure to implement quantum-protected solutions can participate in this project," said Yuri Kurochkin, head of the quantum communications group at the Russian Quantum Center.

Mr. Kurochkin and his colleagues have launched Russia's first interuniversity quantum network based on an open architecture. Thanks to this, it can be scaled and expanded in any way.

The network is based on the technology of quantum key distribution, as well as comprehensive network protection systems. Existing fiber optic lines are used for key and data transmission, which significantly reduces the cost of operating and expanding the network.

The network is configured in such a way that it is allowed to be used by interested organizations primarily for the development of modern software applications in the field of information security based on the use of quantum keys. In addition, once the network is expanded, scientists plan to study in detail how effectively the procedure for reserving its capacities will work.

Unbreakable quantum communication and cryptography systems began to actively develop in the last ten years. In Russia, the first research networks of this kind appeared in 2014, and in recent years several long-distance and intercity quantum networks have been created, which are used in practice in several branches of major Russian banks.

According to their developers, quantum cryptography and communication systems, in theory, minimize the possibility of "invisible eavesdropping" due to the fact that the laws of quantum mechanics do not allow to copy the states of light particles exchanged by participants in quantum networks. This makes them attractive for the secure exchange of cryptographic keys, which are already used for data encryption in conventional fiber-optic or wireless networks.

DHS Called On Hackers to Join Government During Black Hat Speech



Department of Homeland Security Secretary Alejandro Mayorkas at a conference of Black Hat motivated participants to come forward and share their creativity, ideas, and boldness with the government agencies on defining the future of cybersecurity policy that has not been mapped yet. 

“We need your creativity, your ideas, your boldness, and your willingness to push limits. We need you to help us navigate a path that has not yet been mapped,” Mayorkas said. “What’s at stake here is nothing less than the future of the internet, the future of our economic and national security, and the future of our country.” 

Mayorkas introduced the upcoming program named the Cyber Talent Management System which will redefine hiring requirements for cybersecurity roles in the government agencies and payment will also be adjusted according to the current workforce environment. He motivated the participants to “lead the charge on the inside,” by joining the Cybersecurity and Infrastructure Security Agency and DHS. 

“This initiative…will give us more flexibility to hire the very best cyber talent and ensure we can compete more effectively with the private sector,” he said. 

According to the present statistics, under the Biden administration hiring is a major focus of DHS. Currently, the firm is trying to fill a number of open cybersecurity jobs within the agency and to recruit more diverse talent in cybersecurity. 

Furthermore, Mayorkas said that they are observing the current scenario if young talents are not interested in working with the federal government. However, security specialists have an opportunity to “bridge the gap between the hacker community and the federal government” by collaborating with the agency, he added. He concluded his speech by comparing the current state of cybersecurity with the mid-18th-century struggle between Britain, China, and Russia. 

“We are competing for the future of cyberspace – one in which friends gather, colleagues communicate, businesses sell, consumers buy, dissidents organize, horrific crimes occur, governments hear from their citizens, and information is widely and quickly disseminated,” he said.

Google: Android Apps Must Provide Privacy Information By April 2022

 


Some days back Google has announced that the company is about to launch its Google Play ‘Safety Section’ feature that will provide information regarding the data collected and used by an Android app. Now Google has announced more details about the upcoming feature. 

Under the new policy app developers have to share the details — what information apps collect, how collected data is used, and what privacy/security features the apps utilize. The upcoming feature can be used in the first quarter of 2022, this feature will display on the app itself. 

With the feature, customers will be able to see all security-privacy relating information including what data is shared with third parties, whether an app uses data encryption, follows Google's Families policies, or whether it has been independently audited against global security standards. Following the announcement, Google will also provide the timeline to App developers — when they will be able to submit information, and when customers can see the Safety section, and it has also given the deadline for App developers to provide the info data. 

What is the timeline for App Developers? 

According to Google, the policy will take place in the first week of October 2021, the "App privacy & security" will display on an app's content page on Play Console. Then Developers will be able to attempt a questionnaire on data collection, security features, and the app's privacy policy. However, the whole procedure will complete in April 2022. 

What must be disclosed under this feature? 

• Encryption in transit 
• Deletion mechanism 
• Families policy 
• Independent security review and How data collected 

Some of the data types that app developers must disclose include personal information like user name, phone number, and email address, location data like users' approximate or precise location, financial info like user credit card number and bank account number, Health and fitness information, Storage like files and docs, emails or texts, audio files like sound recordings and music files, calendar information, App performance like crash logs and performance diagnostics, and Identifiers like device id.

Security Expert explained the threat of blocking Samsung Pay in Russia

The work in Russia of the payment system Samsung Pay, which has a market share of 17%, may be banned because of the patent dispute. The court supported the claims of the copyright holder of a patent for an electronic payment system, who accuses the Korean concern of illegal use of technology. The court decided that Samsung Pay really uses the Squin SA technology.

Thus, the court in fact prohibited the use of the service in Russia. In addition, the importation of devices that support Samsung Pay falls under the ban.

"While the patent is valid, Apple Pay and Google Pay services are also under threat of being banned in the event of a legal dispute," adds Alexandra Kurdyumova, senior partner at law firm Versus.legal.

The South Korean company and its representative office in Russia may appeal the court's decision within a month. Maxim Labzin, senior partner of the law firm Intellect, noted that the company has three ways out of this situation: to challenge the court's verdict in a higher instance, to prove that the patent was not new, and to negotiate with the plaintiff.

If they fail to appeal, the company itself will have to block its payment system on the territory of Russia. Or Roskomnadzor will do it.

Sergey Vakulin, a hacker and expert on information and computer security, noted that if Roskomnadzor starts blocking, then all Samsung resources will be banned because the blocking is carried out by DPI and IP addresses blocking.

Experts are sure that contactless payments are popular among Russians, so the restriction is unlikely to be long-term. Most likely, a compromise will be found, in which Samsung users will be able to use contactless payment with a smartphone.

Google Plans to Ban 'Sugar Dating' Apps From September

 

Google is all set to remove ‘Super Dating' applications from the Play Store in order to make the Android app download market a safer place. From September 1, Sugar Dating" apps will no longer be available on play store, according to the company. 

Google is targeting applications that promote financial indemnity in relationships as there is a slew of “Sugar Daddy” type dating apps available. Google's "inappropriate content policy" has been modified and additional limits will be imposed on sexual content, especially forbidding compensated sexual relationships,” (i.e., sugar dating).  

A relationship in which a male provides money or possessions to someone younger than him in exchange for favors is referred to as a "Sugar Daddy" relationship. Previously, this didn't appear to be an issue for Google, but many platforms are rapidly attempting to establish an atmosphere that is more in touch with today's awareness culture. 

But, considering that certain traditional dating apps and social networks are also utilized for paid relationships, the question is how big of an impact it will have on them. Eventually, this update is primarily intended to safeguard young people from privacy and safety concerns while using applications. 

Google is taking these steps at a time when Trump's Fosta-Sesta law from 2018 is being increasingly utilized to target sites that encourage prostitution and online sex work. This legislation makes it simpler to penalize websites that aid in sex trafficking. Operators of sites that allow sex workers to communicate with clients, for example, may face a 25-year jail sentence. 

Although the law has been hardly ever enforced to date and could serve as a barrier, as per 2020 report by a group of sex workers called Hacking/Hustling mentioned that the law has had a "detrimental effect on online workers' economic stability, safety, access to the community, and clinical outcomes," as pressure on online platforms results in the elimination of tools such workers use to stay safe. 

Google's update also seeks to enhance children's safety, particularly their privacy. Advertisers will no longer be able to get advertising IDs from a child-oriented application. These IDs are basically surfing data that advertisers use to tailor their ad campaigns to effectively reach their target market and improve sales. Google, like other digital powerhouses, appears to be moving in the direction of effectively safeguarding young people on platforms and other networks.  

Furthermore, Google's Store Listing and Promotion policy will be updated on September 29, 2021, to ban spam text and images in app titles, icons, and developer names.