Europol: Criminals are still using Bitcoin, but ISIS loves Zcash-Computerfanfield

Europol has found that Bitcoin is still the chosen cryptocurrency of the internet underworld.

The insight comes from Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) report. Among other things, the research claims cybercriminals still favor Bitcoin over other cryptocurrencies – despite its lack of anonymity features .

Europol also notes Bitcoin’s share of the cryptocurrency market has dropped significantly, from over 80 percent to less than 35 percent (it’s worth pointing out Bitcoin currently accounts for 55 percent of the market, according to CoinMarketCap ).

“The abuse of cryptocurrencies by cybercriminals continues to play a pivotal role in the commission, perpetration and monetisation of cybercrime,” the new IOCTA reads. “They remain the primary payment mechanism for the payment of criminal services, a plethora of goods on Darknet markets and for extortion demands, whether as a result of ransomware, DDoS attacks, or other methods.”

The increased acceptance of cryptocurrency has, in turn, earmarked the cryptocurrency industry for attack. Europol notes that hackers are modifying old-school methods like phishing malware to more effectively target users still learning to navigate decentralized tech.

The analysis explores the rise of crypto-jacking , which is being utilized by cybercriminals to raise revenue. Crypto-jacking refers to the infection of websites or devices to mine cryptocurrency, in secret, unauthorized.

Cybercriminals are waging major crypto-jacking campaigns across the internet. Most recently, hackers injected over 200,000 routers with a modified CoinHive script. It should be pointed out that browser-mining (and crypto-jacking) is not specifically illegal .

Europol revealed that by the end of 2018, 2.2 percent of the top 100,000 sites via Alexa had crypto-mining scripts running on them.

Europol predicts shift to anonymous coins

While Bitcoin’s popularity amongst internet baddies is still high, Europol expects that will change.

“We anticipate a more pronounced shift towards more privacy orientated currencies,” the paper declares. “This shift will be exemplified by an increase in extortion demands and ransomware in these currencies.”

In particular, members of terrorist organization ISIS seem to enjoy Zcash. Europol notes that ISIS requested donations in Zcash and Bitcoin, using such cryptocurrency to purchase website domains. Reassuringly, Europol does concede that terrorists did not finance any attacks on European soil with cryptocurrency directly.

All that Europol really suggests is that “investigators should identify and build trust relationships with any cryptocurrency related businesses operating in their jurisdiction, such as exchangers, mining pools or wallet operators.” It further declares that “investigating cryptocurrencies must become a core skill for cybercrime investigators.”

The full report paints a rather nightmarish portrait of a cryptocurrency industry under constant threat from hackers, crooks, terrorists, and other cybernasties.

Sounds right enough to me.

Update 13:46 UTC, 21 September: A Zcash spokesperson has since reached out to Hard Fork to provide a statement.

In particular, they were adamant that there was currently no proof that ISIS had used solely Zcash cryptocurrency to purchase website domains, and the piece has been updated to reflect this.

Australian BitConnect boss hit with asset freeze and travel ban

Australian authorities have frozen the assets of BitConnect promoter John Bigatton, as international investigations into the world’s biggest cryptocurrency Ponzi scheme continue.

As per request by the Australian Securities and Investments Commission (ASIC), the federal court also issued Bigatton with a travel ban, reports the Sydney Morning Herald.

Bigatton is named as a director and shareholder of BitConnect International Plc, incorporated in the United Kingdom. He is also listed as the only representative of BitConnect Australia.

The federal court also froze the assets of a company believed to be linked to Bigatton, JB’s Investment Management. His wife, who has been missing since March , is reportedly the sole director and shareholder of JB’s Investment Management.

While Mrs Bigatton’s disappearance directly coincides with the commencement of investigations into BitConnect, police have made no suggestion her husband was involved.

For those unfamiliar, BitConnect was an investment scam powered by a cryptocurrency, launched in 2017.

Armed with a supposedly effective trading algorithm and aggressive affiliate marketing, the company guaranteed investors monthly returns of up to 40 percent, which would increase alongside the amount of tokens purchased.

At one point, BitConnect’s market cap swelled to over $2.6 billion. Not long after, the team suddenly closed the platform, causing the token price to crash from over $400 to under $20.

Despite related cases finally moving forward in the US, local media reports Bigatton is not listed in any court documents filed in North America thus far.

In August last year, BitConnect India chief Divyesh Darji was arrested at New Delhi airport in relation to his business with the dodgy cryptocurrency.

By October, almost 40 individuals had been named in court documents related to the BitConnect scam, including popular YouTube promoter Trevon James.

PSA: Major EOS bug makes it possible to steal valuable resources directly from users

Here we go again with more EOS troubles : the popular cryptocurrency purportedly suffers from a major vulnerability that makes it possible to steal valuable network resources directly from user accounts – without any authorization.

The good thing is that a team of EOS developers is already rushing to plug the security flaw. The bug allows attackers to insert code to trick the network into incorrectly distributing RAM when transactions take place.

The EOSEssentials team describes the attack:

An ad-hoc solution has been provided. To protect themselves from having RAM effectively stolen from them by interacting with dodgy accounts, users must use a proxy. In this context, a “proxy” is an account with no RAM to steal – so it’s not really a sustainable fix, but rather a band-aid solution.

The EOS ecosystem sees RAM as a finite resource to be distributed among programmers . If it helps, think of it as storage space – the bigger the dApp, the more RAM is required to run it smoothly.

One developer working on the fix is César Rodriguez, who clarified that the “stolen” RAM is effectively stuck, or blocked. While the exploit does allow for RAM to be taken from its rightful owner, it cannot be traded or sold for profit. It can’t be given back, either. In his initial bug report, he noted:

It is important to clarify that in order to be affected by this bug, you must interact with an EOS account loaded with the malicious contract.

“Every account (wallet) can have code, so every transaction could block your RAM,” Rodriguez told Hard Fork. “Just to make it clear, you need to [send] the transaction to the malicious account. It’s not that someone can block your account [by] sending something to you.”

Rodriguez did note that the bug was only discovered after an EOS betting dApp was forced offline. As it was interacting directly with an EOS account loaded with the bad code (paying out winnings), its RAM was slowly being siphoned.

The most concerning part is that the current fix is quite complicated for the uninitiated. For now, users will need to be comfortable with editing code themselves in order to remain safe, at least until an official fix has been implemented.

In any case, things are not looking great for EOS. This mishap marks the latest in a string of security flaws recently discovered in the popular cryptocurrency, which has already paid out close to half a million dollars bug bounties in 2018.

Proposed solutions can be found through the EOSEssentials GitHub . Good luck.

Tags: