Insights For Success

Strategy, Innovation, Leadership and Security

Operation Green Heart targets online currency counterfeit buyers

GeneralEdward Kiledjian

Image courtesy of Europol

A massive Europe wide operation took place between November 19 until December 6th, arresting 235 suspects in 13 countries. The operation confiscated 1,500 Euro banknotes, drugs, weapons, computers, phones, bitcoin, etc.

This operation was made possible after a 33-year old counterfeiter was arrested in June 2018 by Austrian police in the city of Leoben. The counterfeiter was producing 10,20 & 50 Euro banknotes and it is believed he had successfully offloaded over 10,000 (worth ~ $500,000 EUR) notes before being arrested. The counterfeit notes were sent out using regular mail, so as not to arouse suspicion.

The counterfeiter is believed to have designed the notes on his own computer. He printed them himself and made them look authentic using (suspected) Chinese made holograms. Depending on the quality of the prints, the price varied from 15-40% of the notes face value.

Aldia.cat also reports that data from an FBI/Europol raid on another Darknet seller specializing in weapons, drugs and fake money also contributed valuable information to Operation Green Heart.

The operation involved raids on 300 dwellings across Europe: 178 in Germany, 28 in France, 20 in Austria and others in Spain (Madrid, Velncia, Las Palmas de Gran Canaria, Tenerife, Barcelona, Sevilla, Granada, etc) , Croatia, Cyprus, Finland, Ireland and the Netherlands.

One of the suspects arrested in Munich still had 14 counterfeit notes with him.

The moral of the story is that good policing can cut through the anonymity of TOR, so criminals beware.

Sources:

DarkPage wants to resurrect Backpages

GeneralEdward Kiledjian

US law enforcement shutdown online classified ads site in April (2018) because they had evidence it was facilitating human trafficking and exploitation. Supporters applauded the authorities for shutting down a marketplace specifically encouraging sex sale, while free speech advocates highlight this as a limitation of free speech (and press) by government.

There is now an attempt to resurrect this service online (by new owners) using the secrecy of the TOR darknet anonymous network (http://s7guxry2lvu3bblf.onion/)

On the internet, many espouse the belief that if something can be done, then it should be done without any regard to the socioeconomic impact.

The site is very basic, with a clumsy interface. Clearly this was a hastily designed and deployed site.

This site is in startup mode, and you will notice that most categories are still empty, but it will be interesting to watch and see what happens. Could the push for open sexual advertising drive users to a TOR site (which typically is only used by more tech-savvy professionals)?



What is Bitcoin?

GeneralEdward Kiledjian

Bitcoin is a decentralized digital currency, without a central bank or single administrator, that can be sent from user to user on the peer-to-peer bitcoin network without the need for intermediaries. Transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. Bitcoin was invented in 2008 by an unknown person or group of people using the name Satoshi Nakamoto, and started in 2009 when its source code was released as open-source software.

Bitcoin is often called the first cryptocurrency, although prior systems existed. Bitcoin is more correctly described as the first decentralized digital currency. It is the largest of its kind in terms of total market value.

Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoin as payment. Bitcoin can also be held as an investment. According to research produced by Cambridge University there were between 2.9 million and 5.8 million unique users using a cryptocurrency wallet, as of 2017, most of them using bitcoin.

What is proof of work?

Proof of work is a system that is used to secure the Bitcoin network. Miners are rewarded with bitcoins for their work in verifying and committing transactions to the blockchain. Proof of work is also used to ensure that new blocks are added to the blockchain in chronological order and not randomly.

In order for a new block to be added to the blockchain, miners must solve a complex mathematical problem. The difficulty of this problem varies depending on the total amount of computing power that is being used to mine Bitcoin. When more miners join the network, the problem's difficulty increases, and vice versa.

Why do environmental groups have a problem with proof of work?

Environmental groups have a problem with proof of work because it requires a lot of energy to power the computers that are used for mining. In fact, according to one estimate, the amount of energy required to mine Bitcoin is more than the annual energy consumption of the country of Ireland.

This has led to concerns that proof of work is not sustainable in the long term and that it could have a negative impact on the environment. However, there are some proposed solutions to this problem, such as using renewable energy to power the computers used for mining or using proof of stake instead of proof of work.

What is proof of stake, and can it solve the environmental problems?

Proof of stake is an alternative to proof of work that is used to secure the Ethereum network. Miners are not rewarded with bitcoins for their work but instead earn a share of the transaction fees that are collected by the network.

This system is seen as more energy efficient than proof of work, as it does not require powerful computers to run the mining process. However, proof of stake is still in the early stages of development, and it is not yet clear if it will be able to scale to the same level as proof of work.

Review of Quip's toothbrush as a service

GeneralEdward Kiledjian

This blog article is not advertising and is not a sponsored post.

Quip is a new entrant in the competitive and packed electric toothbrush space. Unlike many of the larger bulkier electric toothbrushes, Quip is a sleek, shiny and well designed modern looking toothbrush.

Like all modern electronic works of art, it comes in different colours, finishes and materials.

It also has the seal of approval from the American Dental Association Seal of Acceptance. The ADA website explains it as "To this day, dentists and consumers recognize it as the gold standard for evaluating safety and efficacy of dental products."

So what how is the Quip compare? Quip is a simpler toothbrush that delivers the basics: it has a vibrating alert timer (to measure brushing each quadrant) and has gently cleaning vibrations that won't harm your gums.

What does it come with? The basic kit comes with a pre-installed battery, brush head and a slim toothbrush holder (attaches to your mirror with micro suction cups but also doubles as a travel cover). I have had it attached to my bathroom mirror for 30 days, and it hasn't fallen off once. I have traveled with it once, rinsed it with warm water when I got back, and it stuck right back on the mirror.

How do you charge the battery? I have used OralB and Philips electric toothbrushes, and they each come with their charging bases (which are usually bulky and consume valuable counter space). The Quip uses a single AAA battery that can be changed within seconds. Since Quip is a Toothbrush As A Service, when you subscribe to their toothbrush head replacement plan, they also send you a replacement battery every three months. If you travel and run out of power, replace it with a cheap AAA, you can buy anywhere, and you don't have to carry a bulky charger.

How does it compare to a "normal" (non-powered) toothbrush? The Quip is definitely better than a normal plastic toothbrush because it offers gentle vibrations and helps with timing. Additionally, they send replacement heads automatically which means you never have to worry about timing replacements.

How does the Quip compare to other electric toothbrushes? It depends. The truth is that the newer electric toothbrushes that vibrate and rotate seem to deliver an easier and better clean. However, the Quip is less than half the cost, easier to travel with and effective when used as directed (in conjunction with flossing and regular dentist visits).

General recommendations included with the introductory guide are:

  • Use a pea-sized amount of toothpaste

  • Brush gently (don’t push too hard or you will injure your gums)

  • Make sure you brush every tooth from all directions

  • Brush for two minutes (30 seconds per quadrant)

  • Brush your tongue (the back of the brush head has a scraper)

  • Don’t rinse your mouth right after brushing

What are the cons?

  • The Quip is better than a plain non-powered toothbrush, but its performance is significantly worse than the modern sonic toothbrushes.

  • The Quip's bristles are better than a non-powered toothbrush, but they aren't as good as the ones on powered brushes that seem to have better reach into hard to reach crevices.

Conclusion: I like the Quip, but it isn't the most effective electric toothbrush. Not a bad offering but you need to determine what your actual needs are. I hope Quip releases another generation of their product with rotating bristles that uses real sonic pulses.

Continuous authentication is the future

GeneralEdward Kiledjian

User authentication is one of the most important and fundamental building blocks of security. Authentication is built on username, password, token, biometrics or any combination of these. Regardless of the model, authentication is performed when the user starts his/her interaction with the target system.

What do you do if you require a higher level of authentication? What if you need to make sure the user interacting with your system is always whom they say they are. This is where the concept of continuous authentication comes in. We started to see this concept implemented for the mass-market with the Apple Watch and Apple Pay. You authenticate Apple Pay once and as long as the watch stays on your wrist (validated with a pulse), you do not need to re-authenticate. Apple pay can be sure that the person wanting to make a payment is the user that authenticated originally.

Continuous Authentication is a paradigm shift moving authentication from an event to a continuous risk management process.

Dynamic risk-based authentication means the system is continuously monitoring changes to environmental parameters and can decide the trustworthiness of users continually.

The shift to continuous authentication is inevitable. Not only will it make authentication more natural for the user but it will allow security administrators to implement much tighter security models.

As an example, if the user walks away from the computer, the system could notice and freeze the interactive session. Another example is a user working on a PC is tricked and launches malware. The system could be intelligent enough to know that a rogue process is attempting to masquerade as the user and block access.

Continuous authentication is to use the full array of modern technologies and others that have yet to be released. Parameters such as keyboard typing speed and style, how the user swipes on a touchscreen device, how the user moves the mouse, the camera input (from modern day cameras), gait analysis using the accelerometer in a smartphone or smartwatch, etc.

Although continuous authentication will be easy for users, expect it to be very complicated for developers. Expect this to be a burgeoning market in the coming years, something most security professionals have to start thinking about. We expect to start seeing serious mass market products around 2020-2021.