When Time magazine announces its “person of the year” for 2013, it could do worse than to follow its two “objects” of 1982’s computer and 1988’s planet earth with the BitCoin.
With stories of hyperinflation to Silk Road, the internet-based currency, the humble BitCoin has had plenty of headlines in 2013 and in the past few days, this has not abated. For example, the Register reported that the soaring price of BitCoin has prompted the owners of the CryptoLocker malware to reduce the levy they impose on victims from 2 BTC to 0.5 BTC as they are making too much money.
The change, spotted by F-Secure, found that those behind the scam are simply following regular business practices ultimately geared at maximising the return from their activities, while the owners also battle with a value of $1,400 per BitCoin. They may also be considering the chances of being tracked more by law enforcement as the amount to be paid rapidly increases, that is if law enforcement are not on to them already.
In other BitCoin news, it was reported that the payment processor for merchants and free online wallet service was the target of a major distributed denial-of-service attack and subsequent theft that saw 1.295 BitCoins stolen, around $1 million. At the old price of $300 per coin, that would have come out at $388.500,
The CEO of the Danish processor BIPS said that the funds were “from the company’s own holdings” and while the theft was not due to any vulnerability in the code of its “hot wallet” and no clients were affected, it does mark a significant loss.
The DDoS attack occurred on 15th November with the theft on 17th November which disabled the site, overloaded managed switches and disconnected the iSCSI connection to the SAN on BIPS servers. In a statement, it said that this was enabled “despite several layers of protection”. It took until the 22nd November to fully restore all services.
Hardly a Bonnie & Clyde or George Nelson case, but the days of holding up the bank with a gun or mobile phone are past us if the valuable currency is traded online. In the case of BIPS, a sophisticated attack and blind-side DDoS was all it took for a cool million to be pocketed. My question is if this is a digital currency can it not be tracked? Then again if it is, surely the criminals will use mules and obfustication to cover their tracks.
In other financial news, it was announced today that the first stage of a health check of the FTSE 350 found that most (56 per cent) say their boards “never” or “rarely” review the information to confirm the legal, ethical and security implications of retaining their key data assets.
It also found that only 19 per cent regularly receive intelligence about who might be targeting the organisation, or what their methods and motives are, from their company’s senior cyber risk executive, and three-quarters do not feature cyber risk on their organisations’ board update. In fact, only 17 per cent feel that their boards have clearly set and understood the appetite for cyber risk , while more than a third of respondents said they were “anxious” or “very anxious” about their company’s ap
proach.
The second stage of the health check is planned for later in 2013, and will involve a cyber diagnostic component.
Is that going to be enough to protect assets, and if a payment processor can be smashed and grabbed, then risk needs to be more recognised before a major attack is attempted and succeeds against one of these firms.