Bitcoin

Ethereum Could Be Worth More Than Bitcoin Very Soon (inc.com) 84

Ethereum is an open software platform based on blockchain technology that enables developers to build and deploy decentralized applications, according to Blockgeeks. It is currently the second most valuable cryptocurrency on the planet, but it could overthrow Bitcoin and become the most valuable cryptocurrency in the near future. Inc.com reports: If you aren't familiar, what Bitcoin does for payments, Ethereum does for anything involving programming and computing. While it utilizes its own version of a blockchain, it is functionally different from Bitcoin. For example, on the Ethereum platform you could host a crowdfunding campaign or any type of "smart contract." Ethereum's goal is to make a decentralized internet. And it has a very good shot at becoming "the new internet," literally. It could one day replace a lot of technology and ways that we host and execute code online. As of the time of writing, Ethereum has a market cap of over $17 billion. Bitcoin's market cap is $34 billion. This makes Ether (the name of Ethereum's token) the second most valuable cryptocurrency in the world. And that number jumped up over $3 billion just yesterday. It's making a major climb and has no end in sight, according to many. The Enterprise Ethereum Alliance is what initially spiked major interest (and shot up the price). Just the other day, 86 new companies joined the alliance.
The Almighty Buck

Bitcoin Price Hits Fresh Record High Above $2,200 (cnbc.com) 172

An anonymous reader writes: Monday marks the seven-year anniversary of Bitcoin Pizza Day -- the moment a programmer named Laszlo Hanyecz spent 10,000 bitcoin on two Papa John's pizzas. More important than the episode being widely recognized as the first transaction using the cryptocurrency is what it tells us about the bitcoin rally that saw it break through the $2,100 mark on Monday. Bitcoin was trading as high as $2,185.89 in the early hours of Monday morning, hitting a fresh record high, after first powering through the $2,000 barrier over the weekend, according to CoinDesk data. Throughout the weekend, the value of cryptocurrency was looming around $2,000.
Botnet

Attackers DDoS WannaCry Kill Switch (venturebeat.com) 73

An anonymous reader quotes VentureBeat: As of late Friday, after many of the deadlines threatening data deletion had passed, few victims had paid ransoms. According to Elliptic Enterprises, only about $94,000 worth of ransoms had been paid via Bitcoin, which works out to less than one in a thousand of the 300,000 victims who were reportedly affected by WannaCry... While not as bad as feared, ransomware (not to mention cybersecurity threats in general) isn't going away. Wired reported that the domain registered by Hutchins has been under intense denial-of-service attacks delivered by an army of IoT devices marshalled, zombie-like, by Mirai.
Movies

Disney Chief Bob Iger Says Hackers Claim To Have Stolen Upcoming Movie (hollywoodreporter.com) 121

An anonymous reader quotes a report from Hollywood Reporter: Walt Disney CEO Bob Iger revealed Monday that hackers claiming to have access to a Disney movie threatened to release it unless the studio paid a ransom. Iger didn't disclose the name of the film, but said Disney is refusing to pay. The studio is working with federal investigators. Iger's comments came during a town hall meeting with ABC employees in New York City, according to multiple sources. The Disney chief said the hackers demanded that a huge sum be paid in Bitcoin. They said they would release five minutes of the film at first, and then in 20-minute chunks until their financial demands are met. While movie piracy has long been a scourge, ransoms appear to be a new twist. UPDATE: According to Deadline, the movie in question appears to be the upcoming film Pirates of the Caribbean: Dead Men Tell No Tales. Disney appears to be working with the FBI and will not pay the ransom.
Security

PCs Connected To the Internet Will Get Infected With WanaDecrypt0r In Minutes (bleepingcomputer.com) 82

An anonymous reader writes: "The Wana Decrypt0r ransomware -- also known as WCry, WannaCry, WannaCrypt, and WanaCrypt0r -- infected a honeypot server made to look like a vulnerable Windows computer six times in the span of 90 minutes, according to an experiment carried out by a French security researcher that goes online by the name of Benkow," reports BleepingComputer. "During one of those infections, Wana Decrypt0r infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware's scanning module, which helps it spread to new victims... Three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches."

The article also highlights the fact that the group behind this threat is possibly made of inexperienced coders, who just stumbled upon a way to weaponize an NSA exploit. Their three previous WanaDecrypt0r campaigns were mundane, and one researcher called their code "utter [expletive]." This is because WanaDecrypt0r is actually made of two main modules, the ransomware itself, and the SMB worm (based on the NSA exploit). While the SMB worm is top-shelf code, the ransomware itself is quite unsophisticated, making a lot of operational errors, including using only 3 Bitcoin wallets to handle payments, instead of one per infected user, as most top-shelf ransomware does. This makes it difficult to tell which victims paid and who didn't, as anyone could claim "x" transaction is theirs, even if they didn't pay.

The Almighty Buck

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments (krebsonsecurity.com) 222

An anonymous reader quotes Krebs On Security: As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam...

It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.

Security

New Ransomware 'Jaff' Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It (theregister.co.uk) 58

An anonymous reader writes: The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed "Jaff". Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky -- like Jaff -- also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes. "This is where the comparison ends, since the code base is different as well as the ransom itself," said Jerome Segura, a security researcher at Malwarebytes. "Jaff asks for an astounding 2 BTC, which is about $3,700 at the time of writing." Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed. And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday, or 13 million in total at the time it wrote up a blog post about the new threat.
Communications

Cyberattack Hits England's National Health Service With Ransom Demands (theguardian.com) 200

Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon. Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. From a report: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. "Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." NPR adds: The problem erupted around 12:30 p.m. local time, the IT worker says, with a number of email servers crashing. Other services soon went down -- and then, the unidentified NHS worker says, "A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen." The attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors, it appears. The report adds: Images that were posted online of the NHS pop-up look nearly identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network -- resorting to an intercom system to relay messages. Telefonica, Spain's largest ISP, has told its employees to shut down their computers.

Update
: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
Bitcoin

ISPs Could Take Down Large Parts of Bitcoin Ecosystem If They Wanted To (bleepingcomputer.com) 72

An anonymous reader writes: A rogue ISP could take down large parts of the Bitcoin ecosystem, according to new research that will be presented in two weeks at the 38th IEEE Symposium on Security and Privacy in San Jose, USA. According to the researchers, there are two types of attack scenarios that could be leveraged via BGP hijacks to cripple the Bitcoin ecosystem: hijacking mining proceeds, causing double-spending errors, and delaying transactions. These two (partition and delay) attacks are possible because most of the entire Bitcoin ecosystem isn't as decentralized as most people think, and it still runs on a small number of ISPs. For example, 13 ISPs host 30% of the entire Bitcoin network, 39 ISPs host 50% of the whole Bitcoin mining power, and 3 ISPs handle 60% of all Bitcoin traffic. Currently, researchers found that around 100 Bitcoin nodes are the victims of BGP hijacks each month.
Piracy

Hacker Leaks 'Orange Is the New Black' Episodes After Failing To Extort Netflix (bleepingcomputer.com) 144

An anonymous reader writes: "A hacker (or hacker group) known as The Dark Overlord (TDO) has leaked the first ten episodes of season 5 of the "Orange Is The New Black" show after two failed blackmail attempts, against Larson Studios and Netflix," reports BleepingComputer. The hacker said he stole hundreds of gigabytes of audio files from Larson Studios last December. "TDO claims the studio initially agreed to pay a ransom of 50 Bitcoin ($67,000) by January 31, and the two parties even signed a contract, albeit TDO signed it using the name 'Adolf Hitler.'" This might have been the reason why the company thought this was a joke and didn't pay the ransom as initially agreed.

At this point, the hacker turned from the studio to Netflix, but the company didn't want to pay either. As a warning, the hacker leaked the first episode of season 5, but half a day later, he leaked 9 more. "According to Netflix's website, season 5 is supposed to have 13 episodes and is scheduled for release in June, this year." The hacker also claims he's in possession of shows and movies from other movie studios and television channels, such as FOX, IFC, NAT GEO, and ABC. Some of the titles include "Celebrity Apprentice," "NCIS Los Angeles," "New Girl," and "XXX The return of Xander Cage".

Bitcoin

Backdoor Could Allow Company To Shut Down 70% of All Bitcoin Mining Operations (bleepingcomputer.com) 102

An anonymous reader writes: "An anonymous security researcher has published details on a vulnerability named "Antbleed," which the author claims is a remote backdoor affecting Bitcoin mining equipment sold by Bitmain, the largest vendor of crypto-currency mining hardware on the market," reports Bleeping Computer. The backdoor code works by reporting mining equipment details to Bitmain servers, who can reply by instructing the customer's equipment to shut down. Supposedly introduced as a crude DRM to control illegal equipment, the company forgot to tell anyone about it, and even ignored a user who reported it last fall. One of the Bitcoin Core developers claims that if such command would ever be sent, it could potentially brick the customer's device for good. Bitmain is today's most popular seller of Bitcoin mining hardware, and its products account for 70% of the entire Bitcoin mining market. If someone hijack's the domain where this backdoor reports, he could be in the position to shut down Bitcoin mining operations all over the world, which are nothing more than the computations that verify Bitcoin transactions, effectively shutting down the entire Bitcoin ecosystem. Fortunately, there's a way to mitigate the backdoor's actions using local hosts files.
Security

Hacking Group Is Charging German Companies $275 For 'DDoS Tests' (bleepingcomputer.com) 29

An anonymous reader writes: "A group calling itself XMR Squad has spent all last week launching DDoS attacks against German businesses and then contacting the same companies to inform them they had to pay $275 for 'testing their DDoS protection systems,' reports Bleeping Computer. Attacks were reported against DHL, Hermes, AldiTalk, Freenet, Snipes.com, the State Bureau of Investigation Lower Saxony, and the website of the state of North Rhine-Westphalia. The attack against DHL Germany was particularly effective as it shut down the company's business customer portal and all APIs, prompting eBay Germany to issue an alert regarding possible issues with packages sent via DHL. While the group advertised on Twitter that their location was in Russia, a German reporter who spoke with the group via telephone said "the caller had a slight accent, but spoke perfect German." Following the attention they got in Germany after the attacks, the group had its website and Twitter account taken down. Many mocked the group for failing to extract any payments from their targets. DDoS extortionists have been particularly active in Germany, among any other countries. Previously, groups named Stealth Ravens and Kadyrovtsy have also extorted German companies, using the same tactics perfected by groups like DD4BC and Armada Collective.
Bitcoin

BitTorrent Inventor Bram Cohen Will Start His Own Cryptocurrency (torrentfreak.com) 104

Bram Cohen, the creator of BitTorrent, has showed deep interest in cryptocurrency in the past, and now it looks like he is going to start his own. From a report: Without going into technical details, Cohen believes that Bitcoin is wasteful. He suggests that a cryptocurrency that pins the mining value on storage space rather than processor time will be superior. In an interview with TorrentFreak's Steal This Show, Cohen revealed that his interest in cryptocurrencies is not merely abstract. It will be his core focus in the near future. "My proposal isn't really to do something to BitCoin. It really has to be a new currency," Cohen says. "I'm going to make a cryptocurrency company. That's my plan." By focusing on a storage based solution, BitTorrent's inventor also hopes to address other Bitcoin flaws, such as the 51% attack. "Sometimes people have this misapprehension that Bitcoin is a democracy. No Bitcoin is not a democracy; it's called a 51% attack for a reason. That's not a majority of the vote, that's not how Bitcoin works."
The Almighty Buck

Bitcoin Exchange Sues Wells Fargo Over Massive Wire Transfer Suspension (bitcoin.com) 79

An anonymous reader quotes this report from the cryptocurrency news site Bitcoin.com: Bitfinex, on Wednesday, filed a lawsuit against Wells Fargo for suspending its outgoing U.S. dollars wire transfers. In addition to "a preliminary and permanent injunction against Wells Fargo," the exchange is seeking compensatory damages in excess of $75,000 and any additional relief the court may deem fair as well as a jury trial for the case... The court document states that Bitfinex is a customer of four Taiwan-based banks but is not itself a customer of Wells Fargo. However, its banks in Taiwan use Wells Fargo as a correspondent bank to process U.S. dollar wire transfers, which is a normal practice in cross-border payments.
"So far, close to US$180M in funds is locked up in Wells Fargo accounts," writes The Merkle, "with no clear path to a resolution in sight." But a Bitfinex representative on social media pointed out that "Funds are not frozen," adding that Wells Fargo is just a correspondent bank, and "They have chosen to block wire transfers between us and our customers which we are challenging in court."

Another post from BFX_Brandon states that "If we allow them to simply flip a switch and disrupt business, then there becomes a precedence in the Bitcoin industry beyond just Bitfinex, so we believe it is the appropriate time to take action."
Privacy

Hacker Group Leaks 'NSA's Top Secret Arsenal of Digital Weapons' (vice.com) 69

Hacker group 'The Shadow Brokers', which last year allegedly released top-secret tools that the National Security Agency had used to break into the networks of foreign governments and other espionage targets, today said it is disappointed with President Donald Trump, and released more such alleged tools. From a report on Motherboard: On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year. "Be considering this our form of protest," the group wrote in a rambling, politically loaded rant published on Medium. Back in August, The Shadow Brokers released a number of exploits stolen from the NSA. Many of these affected hardware firewalls, from companies such as Cisco and Juniper. At the time, the group also dumped another cache allegedly containing more hacking tools, and said they would release the corresponding password to the winner of a bitcoin auction. That fund-raising effort was ultimately unsuccessful, and The Shadow Brokers claimed they were calling the whole thing off in January. But now, anyone can unlock the auction data dump. (Motherboard confirmed that the password did indeed decrypt the original auction file). In a series of tweets, Edward Snowden said, "NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it. 1) https://github.com/x0rz/EQGRP 2) For those who have never heard of the hacker group behind today's leak of NSA's cyberweapons, last year's story."

He adds, "quick review of the ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."
Bitcoin

Kim Dotcom Announces New Bitcoin Venture For Content Uploaders To Earn Money (reuters.com) 38

Infamous New Zealand-based internet mogul Kim Dotcom plans to launch a Bitcoin payments system for users to sell files and video streaming as he fights extradition to the United States for criminal copyright charges. From a report on Reuters: The German-born entrepreneur, who is wanted by U.S. law enforcement on copyright and money laundering allegations related to his now-defunct streaming site Megaupload, announced his new venture called 'Bitcontent' in a video posted on YouTube this week. "You can create a payment for any content that you put on the internet... you can share that with your customers, with the interest community and, boom, you are basically in business and can sell your content," Dotcom said in the video. He added that Bitcontent would eventually allow businesses, such as news organizations, to earn money from their entire websites. He did not provide a launch date. Dotcom did not provide details on how Bitcontent would differ from existing Bitcoin operations or how it would help news organizations make money beyond existing subscription payment options.
Bitcoin

Bitcoin Becomes Legal Payment Option In Japan, Prices Spike (investopedia.com) 77

An anonymous reader quotes a report from Investopedia: A bill to amend Japan's Banking Act has finally come to fruition, recognizing Bitcoin and other cryptocurrencies as legal tender. The bill has far-reaching repercussions for the digital currency world as well as the way that cryptocurrencies can be traded and exchanged. The Banking Act was modified after a long process of debate and dialog which saw proponents of digital currencies arguing on their behalf. Now, after months of discussion, the bill has come into effect as of the beginning of April. Section 3 of the bill has been modified to including wording on virtual currency and is being called the Virtual Currency Act, according to reporting by Brave New Coin. Digital currencies like Bitcoin have finally received definition and recognition as a means of payment by the Japanese government. The Banking Act's Payment Services Act has also moved to define a digital currency as "property of value," meaning that it is usable for payment in the broader marketplace and that it may be bought or sold. At the same time, the Japanese bill distinguishes between digital currencies like Bitcoin and "electronic money." Digital currency, in this case, is not issued by a specific entity and may be used by any accepting individual, while electronic money can be linked to a specific issuer and can only be used by that issuer or persons specified by the issuer. Along with the recognition of Bitcoin and other digital currencies is the stipulation that profits from trading of those currencies may be considered as "income from business activities or miscellaneous income." This makes Bitcoin subject to various taxes, including capital gains tax.
Bitcoin

Venezuelan Developers Are Using Bitcoin, Rare Pepe Trading Cards To Fight Against a Dismal Economy (cryptoinsider.com) 93

According to Crypto Insider, Venezuelan developers have been selling "rare pepes" -- trading cards that contain unique illustrations and photoshops of the character Pepe the Frog. While the trading cards started out as nothing more than a joke, many of them have been traded for thousands of dollars on the Counterparty platform, which is built on top of Bitcoin, and have provided a way for many developers to sustain themselves in Venezuela's poor economy. From the report: The basic idea behind the issuance of rare pepes on top of the Counterparty platform is that it enables scarcity in a digital world. Each rare pepe card is linked to a little bit of bitcoin through a practice known as coin coloring. Whoever owns the private keys associated with the address where the bitcoins that represent a specific rare pepe card is located is the one who owns that particular trading card. Now, a group of developers in Venezuela are building games similar to Hearthstone and Pokemon where the rare pepe trading cards will play an integral role. If you go to rarepepe.party right now, you're mainly presented with a video of what the first game based on the Rare Pepe digital trading cards will look like. The concept is similar to Hearthstone or Magic: The Gathering where players essentially do battle with their opponents via characters on trading cards, which have specific stats and features. In this case, the characters are various rare pepes. With many rare pepes already released (you can view them in the official rare pepe directory), the developers behind Rare Pepe Party are attempting to provide a use case for these new trading cards. While some rare pepe cards already have stats on them, the developer who chatted with Crypto Insider says those stats may not mean much when it's time to play the game. While rare pepes are nothing more than fun and games for much of the developed world, they're a matter of survival in Venezuela. "We're based in Venezuela, and our business has been saved by bitcoin many times," said the developer. The developer claims roughly 80 percent of the offices around the area where Rare Pepe Party is being developed have shut down over the past year. The biggest businesses on their street have also dropped as much as 90 percent of their employees.
Privacy

Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data (vice.com) 122

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.
Bitcoin

Ask Slashdot: How Does One Freely Use Bitcoin In the Land of the Free? 270

New submitter devrtm writes: It appears that Bitcoin, a currency designed with anonymity in mind, can be effectively used almost anywhere in the world, except in a few countries where it is regulated, and in one country where you can only use it if you give up your privacy. That country is the United States. I have accumulated quite a few BTC from the currency's early days where block rewards were still at $50. There was a period of time where one could get a nearly anonymous debit card, or use BTC online with merchants. Nowadays, non-U.S. payment providers no longer issue debit cards to the U.S. residents and the U.S.-based merchants accepting BTC are nearly extinct. The only way to use BTC in the U.S. is to convert it to USD. Unfortunately, that conversion requires giving up your personal information to a U.S.-based BTC payment processor, and there are rumors that signing up for those services raises red flags with certain three letter acronym organizations. I have nothing to hide, but I do value my privacy. Can one freely and anonymously live off of their Bitcoin wallet in the U.S.? I am afraid the answer is no. Does anyone have an experience that proves me wrong? Please share.

Slashdot Top Deals