Information Technology

Image: NASA
Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware.

ZDNet Recommends

The best VPNs for 2021
VPNs aren’t essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online. Here are your top choices for best VPNs in 2020 and how to get set up.
Read More

The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers.
The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.
MediaTek, one of the world’s largest semiconductor companies, is also believed to have been impacted; although, security researchers aren’t 100% on its inclusion on their lists just yet.
Cracking the Sunburst subdomain mysteries
The way security researchers compiled these lists was by reverse-engineering the Sunburst (aka Solorigate) malware.
For ZDNet readers learning of the Sunburst malware for the first time, this malware was injected inside updates for the SolarWinds Orion app released between March and June 2020.
The boobytrapped updates planted the Sunburst malware deep inside the internal networks of many companies and government organizations which relied on the Orion app to monitor and keep inventories of internal IT systems.

According to deep-dive reports published last week by Microsoft, FireEye, McAfee, Symantec, Kaspersky, and US Cybersecurity and Infrastructure Security Agency (CISA), on infected systems, the malware would gather information about the victim company’s network, wait 12 to 14 days, and then send the data to a remote command and control server (C&C).
The hackers — believed to be a Russian state-sponsored group — would then analyze the data they received and escalated attacks only on networks that were of interest to their intelligence gathering goals.

Image: Microsoft
Last week, SolarWinds admitted to the hack and said that based on internal telemetry, almost 18,000 of its 300,000 customers downloaded versions of the Orion platform that contained the Sunburst malware.
Initially, it was thought that only SolarWinds would be able to identify and notify all the impacted organizations. However, as security researchers kept analyzing Sunburst’s inner-workings, they also discovered some quirks in the malware’s operations, namely in the way the malware pinged its C&C server.
According to research published last week, Sunburst would send the data it collected from an infected network to a C&C server URL that was unique per victim.
This unique URL was a subdomain for avsvmcloud[.]com and contained four parts, where the first part was a random-looking string. But security researchers said that this string wasn’t actually unique but contained the encoded name of the victim’s local network domain.

Image: Microsoft
Since last week, several security firms and independent researchers have been sifting through historical web traffic and passive DNS data to collect information on traffic going to the avsvmcloud[.]com domain, crack the subdomains and then track down companies that installed a trojanized SolarWinds Orion app — and had the Sunburst malware beaconing from inside their networks back to the attackers’ server (now sinkholed thanks to Microsoft and FireEye).
A growing list of first-stage and second-stage victims
Cybersecurity firms TrueSec and Prevasio, security researcher Dewan Chowdhury, and Chinese security firm QiAnXin are among the several who have now published lists of Sunburst-infected organizations or tools to decode the avsvmcloud[.]com subdomains.

Companies like Cisco and Intel have formally confirmed they got infected in interviews with reporters over the weekend. Both companies have said they found no evidence that the hackers escalated access to deliver second-stage payloads on their systems.
VMWare and Microsoft, whose names were not on these public lists, also confirmed they installed trojanized Orion updates on their internal networks but also specified that they also did not find any evidence of escalation from the attackers.
However, the hackers did escalate their attacks on the networks of some of their targets. In an interview on Friday, FireEye CEO Kevin Mandia, whose company discovered the SolarWinds hack when investigating a breach of its internal systems, said that hackers, despite infecting almost 18,000 networks, only escalated access to around 50 targets, based on FireEye’s visibility.
In a separate report, also published on Friday, Microsoft also said it identified 40 of its own customers that had installed infected Orion apps and where attackers escalated access.
“Escalation” usually happened when the avsvmcloud[.]com C&C server replied to an infected company with a very specific DNS response that contained a special CNAME field.
This special DNS CNAME field contained the location of a second C&C server from where the Sunburst malware would get additional commands and sometimes download other malware.
Currently, the only publicly known company where hackers escalated access is FireEye, whose breach response helped uncover the entire SolarWinds hack.
Making the difference between the two (a simple Sunburst infection and escalation) is crucial for incident responders. In the first case, they might only need to remove the Sunburst malware, while in the second, they might need to review logs to identify what internal systems hackers escalated access to and what data was stolen from their networks.
Several security researchers have told ZDNet today that a large part of the cybersecurity community is now working with content delivery networks, internet service providers, and other internet companies to collect passive DNS data and hunt down traffic to and from the avsvmcloud[.]com domain in order to identify other victims where attackers escalated access.
Below is a table compiled by security firm Truesec with the decoded internal domain names of some of the SolarWinds victims.
Decoded Internal Name
Possible Organization(may be inaccurate)*
Response Address Family
Command
First Seen
mnh.rg-law.ac.il
College of Law and Business,Israel
NetBios
HTTP Backdoor
2020-05-26
ad001.mtk.lo
Mediatek
NetBios
HTTP Backdoor
2020-08-26
Aeria

NetBios
HTTP Backdoor
2020-06-26
Ameri

NetBios
HTTP Backdoor
2020-08-02
ank.com
Ankcom Communications
NetBios
HTTP Backdoor
2020-06-06
azlcyy

NetBios
HTTP Backdoor
2020-08-07
banccentral.com
BancCentral FinancialServices Corp.
NetBios
HTTP Backdoor
2020-07-03
barrie.ca
City of Barrie
NetBios
HTTP Backdoor
2020-05-13
BCC.l

NetBios
HTTP Backdoor
2020-08-22
bhq.lan

NetBios
HTTP Backdoor
2020-08-18
cds.capilanou.
Capilano University
NetBios
HTTP Backdoor
2020-08-27
Centr

NetBios
HTTP Backdoor
2020-06-24
chc.dom

NetBios
HTTP Backdoor
2020-08-04
christieclinic.
Christie Clinic Telehealth
NetBios
HTTP Backdoor
2020-04-22
CIMBM

NetBios
HTTP Backdoor
2020-09-25
CIRCU

NetBios
HTTP Backdoor
2020-05-30
CONSO

NetBios
HTTP Backdoor
2020-06-17
corp.ptci.com
Pioneer TelephoneScholarship Recipients
NetBios
HTTP Backdoor
2020-06-19
corp.stingraydi
Stingray (Media andentertainment)
NetBios
HTTP Backdoor
2020-06-10
corp.stratusnet
Stratus Networks
NetBios
HTTP Backdoor
2020-04-28
cosgroves.local
Cosgroves (Building servicesconsulting)
NetBios
HTTP Backdoor
2020-08-25
COTES
Cotes (Humidity Management)
NetBios
HTTP Backdoor
2020-07-25
csnt.princegeor
City of Prince George
NetBios
HTTP Backdoor
2020-09-18
cys.local
CYS Group (Marketing analytics)
NetBios
HTTP Backdoor
2020-07-10
digitalsense.co
Digital Sense (Cloud Services)
NetBios
HTTP Backdoor
2020-06-24
ehtuh-

NetBios
HTTP Backdoor
2020-05-01
escap.org

NetBios
HTTP Backdoor
2020-07-10
f.gnam

NetBios
HTTP Backdoor
2020-04-04
fhc.local

NetBios
HTTP Backdoor
2020-07-06
fidelitycomm.lo
Fidelity Communications (ISP)
NetBios
HTTP Backdoor
2020-06-02
fisherbartoninc.com
The Fisher Barton Group(Blade Manufacturer)
NetBios
HTTP Backdoor
2020-05-15
fmtn.ad
City of Farmington
NetBios
HTTP Backdoor
2020-07-21
FWO.I

NetBios
HTTP Backdoor
2020-08-05
ggsg-us.cisco
Cisco GGSG
NetBios
HTTP Backdoor
2020-06-24
ghsmain1.ggh.g

NetBios
HTTP Backdoor
2020-06-09
gxw

NetBios
HTTP Backdoor
2020-07-07
htwanmgmt.local

NetBios
HTTP Backdoor
2020-07-22
ieb.go.id

NetBios
HTTP Backdoor
2020-06-12
int.ncahs.net

NetBios
HTTP Backdoor
2020-09-23
internal.jtl.c

NetBios
HTTP Backdoor
2020-05-19
ironform.com
Ironform (metal fabrication)
NetBios
HTTP Backdoor
2020-06-19
isi

NetBios
HTTP Backdoor
2020-07-06
itps.uk.net
Infection Prevention Society (IPS)
NetBios
HTTP Backdoor
2020-08-11
jxxyx.

NetBios
HTTP Backdoor
2020-06-26
kcpl.com
Kansas City Power andLight Company
NetBios
HTTP Backdoor
2020-07-07
keyano.local
Keyano College
NetBios
HTTP Backdoor
2020-06-03
khi0kl

NetBios
HTTP Backdoor
2020-08-26
lhc_2f

NetBios
HTTP Backdoor
2020-04-18
lufkintexas.net
Lufkin (City in Texas)
NetBios
HTTP Backdoor
2020-07-07
magnoliaisd.loc
Magnolia IndependentSchool District
NetBios
HTTP Backdoor
2020-06-01
MOC.l

NetBios
HTTP Backdoor
2020-04-30
moncton.loc
City of Moncton
NetBios
HTTP Backdoor
2020-08-25
mountsinai.hosp
Mount Sinai Hospital
NetBios
HTTP Backdoor
2020-07-02
netdecisions.lo
Netdecisions (IT services)
NetBios
HTTP Backdoor
2020-10-04
newdirections.k

NetBios
HTTP Backdoor
2020-04-21
nswhealth.net
NSW Health
NetBios
HTTP Backdoor
2020-06-12
nzi_9p

NetBios
HTTP Backdoor
2020-08-04
city.kingston.on.ca
City of Kingston,Ontario, Canada
NetBios
HTTP Backdoor
2020-06-15
dufferincounty.on.ca
Dufferin County,Ontario, Canada
NetBios
HTTP Backdoor
2020-07-17
osb.local

NetBios
HTTP Backdoor
2020-04-28
oslerhc.org
William Osler Health System
NetBios
HTTP Backdoor
2020-07-11
pageaz.gov
City of Page
NetBios
HTTP Backdoor
2020-04-19
pcsco.com
Professional Computer Systems
NetBios
HTTP Backdoor
2020-07-23
pkgix_

NetBios
HTTP Backdoor
2020-07-15
pqcorp.com
PQ Corporation
NetBios
HTTP Backdoor
2020-07-02
prod.hamilton.
Hamilton Company
NetBios
HTTP Backdoor
2020-08-19
resprod.com
Res Group (Renewableenergy company)
NetBios
HTTP Backdoor
2020-05-06
RPM.l

NetBios
HTTP Backdoor
2020-05-28
sdch.local
South DavisCommunity Hospital
NetBios
HTTP Backdoor
2020-05-18
servitia.intern

NetBios
HTTP Backdoor
2020-06-16
sfsi.stearnsban
Stearns Bank
NetBios
HTTP Backdoor
2020-08-02
signaturebank.l
Signature Bank
NetBios
HTTP Backdoor
2020-06-25
sm-group.local
SM Group (Distribution)
NetBios
HTTP Backdoor
2020-07-07
te.nz
TE Connectivity (Sensormanufacturer)
NetBios
HTTP Backdoor
2020-05-13
thx8xb

NetBios
HTTP Backdoor
2020-06-16
tx.org

NetBios
HTTP Backdoor
2020-07-15
usd373.org
Newton Public Schools
NetBios
HTTP Backdoor
2020-08-01
uzq

NetBios
HTTP Backdoor
2020-10-02
ville.terrebonn
Ville de Terrebonne
NetBios
HTTP Backdoor
2020-08-02
wrbaustralia.ad
W. R. Berkley Insurance Australia
NetBios
HTTP Backdoor
2020-07-11
ykz

NetBios
HTTP Backdoor
2020-07-11
2iqzth

ImpLink
Enum processes
2020-06-17
3if.2l
3IF (Industrial Internet)
ImpLink
Enum processes
2020-08-20
airquality.org
Sacramento MetropolitanAir Quality Management District
ImpLink
Enum processes
2020-08-09
ansc.gob.pe
GOB  (Digital Platform ofthe Peruvian State)
ImpLink
Enum processes
2020-07-25
bcofsa.com.ar
Banco de Formosa
ImpLink
Enum processes
2020-07-13
bi.corp

ImpLink
Enum processes
2020-12-14
bop.com.pk
The Bank of Punjab
ImpLink
Enum processes
2020-09-18
camcity.local

ImpLink
Enum processes
2020-08-07
cow.local

ImpLink
Enum processes
2020-06-13
deniz.denizbank
DenizBank
ImpLink
Enum processes
2020-11-14
ies.com
IES Communications (Communications technology)
ImpLink
Enum processes
2020-06-11
insead.org
INSEAD Business School
ImpLink
Enum processes
2020-11-07
KS.LO

ImpLink
Enum processes
2020-07-10
mixonhill.com
Mixon Hill (intelligenttransportation systems)
ImpLink
Enum processes
2020-04-29
ni.corp.natins

ImpLink
Enum processes
2020-10-24
phabahamas.org
Public Hospitals Authority,Caribbean
ImpLink
Enum processes
2020-11-05
rbe.sk.ca
Regina Public Schools
ImpLink
Enum processes
2020-08-20
spsd.sk.ca
Saskatoon Public Schools
ImpLink
Enum processes
2020-06-12
yorkton.cofy
Community Options forFamilies & Youth
ImpLink
Enum processes
2020-05-08
.sutmf

Ipx
Update config
2020-06-25
atg.local

No Match
Unknown
2020-05-11
bisco.int
Bisco International(Adhesives and tapes)
No Match
Unknown
2020-04-30
ccscurriculum.c

No Match
Unknown
2020-04-18
e-idsolutions.
IDSolutions (video conferencing)
No Match
Unknown
2020-07-16
ETC1.

No Match
Unknown
2020-08-01
gk5

No Match
Unknown
2020-07-09
grupobazar.loca

No Match
Unknown
2020-06-07
internal.hws.o

No Match
Unknown
2020-05-23
n2k

No Match
Unknown
2020-07-12
publiser.it

No Match
Unknown
2020-07-05
us.deloitte.co
Deloitte
No Match
Unknown
2020-07-08
ush.com

No Match
Unknown
2020-06-15
xijtt-

No Match
Unknown
2020-07-21
xnet.kz
X NET (IT provider in Kazakhstan)
No Match
Unknown
2020-06-09
zu0

No Match
Unknown
2020-08-13
staff.technion.ac.il

N/A
N/A
N/A
digitalreachinc.com

N/A
N/A
N/A
orient-express.com

N/A
N/A
N/A
tr.technion.ac.il

N/A
N/A
N/A
lasers.state.la.us

N/A
N/A
N/A
ABLE.

N/A
N/A
N/A
abmuh_

N/A
N/A
N/A
acmedctr.ad

N/A
N/A
N/A
ad.azarthritis.com

N/A
N/A
N/A
ad.library.ucla.edu

N/A
N/A
N/A
ad.optimizely.

N/A
N/A
N/A
admin.callidusc

N/A
N/A
N/A
aerioncorp.com

N/A
N/A
N/A
agloan.ads

N/A
N/A
N/A
ah.org

N/A
N/A
N/A
AHCCC

N/A
N/A
N/A
allegronet.co.

N/A
N/A
N/A
alm.brand.dk

N/A
N/A
N/A
amalfi.local

N/A
N/A
N/A
americas.phoeni

N/A
N/A
N/A
amr.corp.intel

N/A
N/A
N/A
apu.mn

N/A
N/A
N/A
ARYZT

N/A
N/A
N/A
b9f9hq

N/A
N/A
N/A
BE.AJ

N/A
N/A
N/A
belkin.com

N/A
N/A
N/A
bk.local

N/A
N/A
N/A
bmrn.com

N/A
N/A
N/A
bok.com

N/A
N/A
N/A
btb.az

N/A
N/A
N/A
c4e-internal.c

N/A
N/A
N/A
calsb.org

N/A
N/A
N/A
casino.prv

N/A
N/A
N/A
cda.corp

N/A
N/A
N/A
central.pima.g

N/A
N/A
N/A
cfsi.local

N/A
N/A
N/A
ch.local

N/A
N/A
N/A
ci.dublin.ca.

N/A
N/A
N/A
cisco.com

N/A
N/A
N/A
corp.dvd.com

N/A
N/A
N/A
corp.sana.com

N/A
N/A
N/A
Count

N/A
N/A
N/A
COWI.

N/A
N/A
N/A
coxnet.cox.com

N/A
N/A
N/A
CRIHB

N/A
N/A
N/A
cs.haystax.loc

N/A
N/A
N/A
csa.local

N/A
N/A
N/A
csci-va.com

N/A
N/A
N/A
csqsxh

N/A
N/A
N/A
DCCAT

N/A
N/A
N/A
deltads.ent

N/A
N/A
N/A
detmir-group.r

N/A
N/A
N/A
dhhs-

N/A
N/A
N/A
dmv.state.nv.

N/A
N/A
N/A
dotcomm.org

N/A
N/A
N/A
DPCIT

N/A
N/A
N/A
dskb2x

N/A
N/A
N/A
e9.2pz

N/A
N/A
N/A
ebe.co.roanoke.va.us

N/A
N/A
N/A
ecobank.group

N/A
N/A
N/A
ecocorp.local

N/A
N/A
N/A
epl.com

N/A
N/A
N/A
fremont.lamrc.

N/A
N/A
N/A
FSAR.

N/A
N/A
N/A
ftfcu.corp

N/A
N/A
N/A
gksm.local

N/A
N/A
N/A
gloucesterva.ne

N/A
N/A
N/A
glu.com

N/A
N/A
N/A
gnb.local

N/A
N/A
N/A
gncu.local

N/A
N/A
N/A
gsf.cc

N/A
N/A
N/A
gyldendal.local

N/A
N/A
N/A
helixwater.org

N/A
N/A
N/A
hgvc.com

N/A
N/A
N/A
ia.com

N/A
N/A
N/A
inf.dc.net

N/A
N/A
N/A
ingo.kg

N/A
N/A
N/A
innout.corp

N/A
N/A
N/A
int.lukoil-international.uz

N/A
N/A
N/A
intensive.int

N/A
N/A
N/A
ions.com

N/A
N/A
N/A
its.iastate.ed

N/A
N/A
N/A
jarvis.lab

N/A
N/A
N/A
-jlowd

N/A
N/A
N/A
jn05n8

N/A
N/A
N/A
jxb3eh

N/A
N/A
N/A
k.com

N/A
N/A
N/A
LABEL

N/A
N/A
N/A
milledgeville.l

N/A
N/A
N/A
nacr.com

N/A
N/A
N/A
ncpa.loc

N/A
N/A
N/A
neophotonics.co

N/A
N/A
N/A
net.vestfor.dk

N/A
N/A
N/A
nih.if

N/A
N/A
N/A
nvidia.com

N/A
N/A
N/A
on-pot

N/A
N/A
N/A
ou0yoy

N/A
N/A
N/A
paloverde.local

N/A
N/A
N/A
pl8uw0

N/A
N/A
N/A
q9owtt

N/A
N/A
N/A
rai.com

N/A
N/A
N/A
rccf.ru

N/A
N/A
N/A
repsrv.com

N/A
N/A
N/A
ripta.com

N/A
N/A
N/A
roymerlin.com

N/A
N/A
N/A
rs.local

N/A
N/A
N/A
rst.atlantis-pak.ru

N/A
N/A
N/A
sbywx3

N/A
N/A
N/A
sc.pima.gov

N/A
N/A
N/A
scif.com

N/A
N/A
N/A
SCMRI

N/A
N/A
N/A
scroot.com

N/A
N/A
N/A
seattle.interna

N/A
N/A
N/A
securview.local

N/A
N/A
N/A
SFBAL

N/A
N/A
N/A
SF-Li

N/A
N/A
N/A
siskiyous.edu

N/A
N/A
N/A
sjhsagov.org

N/A
N/A
N/A
Smart

N/A
N/A
N/A
smes.org

N/A
N/A
N/A
sos-ad.state.nv.us

N/A
N/A
N/A
sro.vestfor.dk

N/A
N/A
N/A
superior.local

N/A
N/A
N/A
swd.local

N/A
N/A
N/A
ta.org

N/A
N/A
N/A
taylorfarms.com

N/A
N/A
N/A
thajxq

N/A
N/A
N/A
thoughtspot.int

N/A
N/A
N/A
tsyahr

N/A
N/A
N/A
tv2.local

N/A
N/A
N/A
uis.kent.edu

N/A
N/A
N/A
uncity.dk

N/A
N/A
N/A
uont.com

N/A
N/A
N/A
viam-invenient

N/A
N/A
N/A
vms.ad.varian.com

N/A
N/A
N/A
vsp.com

N/A
N/A
N/A
WASHO

N/A
N/A
N/A
weioffice.com

N/A
N/A
N/A
wfhf1.hewlett.

N/A
N/A
N/A
woodruff-sawyer

N/A
N/A
N/A
HQ.RE-wwgi2xnl

N/A
N/A
N/A
xdxinc.net

N/A
N/A
N/A
y9k.in

N/A
N/A
N/A
zeb.i8

N/A
N/A
N/A
zippertubing.co

N/A
N/A
N/A
undefined

SolarWinds Coverage More

You could be forgiven for wondering whether there’s anything actually legitimate about cryptocurrencies. 

If 2017 was the year that Bitcoin, and other cryptocurrencies such as “Ether,” broke big as mainstream phenomena, 2018 was the year crypto’s risks became commonplace. 
As ZDNet’s Charlie Osborne has related, crackers last year increasingly broke into “wallets,” the software programs that store Bitcoin and other currencies, absconding with funds, and compromised exchanges, where traders of currency meet to place buy and sell orders.
In a sign of the spread of confusion and chaos, one cryptocurrency software startup, Taylor, which has been trying to create improved programs for trading currencies, was entirely cleaned out of its investment backing, all held in virtual currency, by a cracking attack. The craze for “initial coin offerings,” or ICOs — the issuance of novel currencies — ran into serious trouble in 2018 as some efforts collapsed amidst accusations of fraud on the part of the offering parties. 
The chaos caused the price of Bitcoin, which soared at the end of 2017, to plunge in 2018, dropping from a high price for each Bitcoin equivalent to over $19,000 to a low of under $4,000. Bitcoin is the coin of the realm, as they say, and represents over half of all trades by value, so it sets the standard. Other currencies followed the decline. The COVID-19 pandemic really pumped up Bitcoin, whose spot price has rebounded strongly: as of December, 2020, it currently trades for just under $23,000. Nvidia, a computer chip maker, and competitor Advanced Micro Devices, both of whose graphics processing units are the basis of crunching the codes for crypto, saw their publicly-traded stocks buffeted in the past year by the volatility in the crypto market.  
In spite of that chaos and in spite of what seems outright fraud, a lot of activity still happens with cryptocurrencies, billions of it on a daily basis, in fact. There is an estimated $643 billion worth of all cryptocurrencies in circulation, and over $184 billion worth of the things changing hands around the world every day. Crypto potentially has tons of benefits for business: the ability to create trading technologies for conducting transactions unique to a given industry, without the need for a central authority, is one of the biggest promises.   
It makes sense to keep an eye on the action, as the sheer volume of activity means that crypto will find some role in business and society for years to come. The announcement by Facebook that it will introduce its own cryptocurrency, the “Libra,” some time next year, cements the significance of the field. 

What follows is a review of the basics and the leading edge of crypto that you need to know. 
Benefits: What is cryptocurrency?
The best way to think about Bitcoin, and Ether, and other currencies, is as a contract between buyer and seller. They represent tacit agreements to conduct an exchange between counterparties, just as the U.S. dollar and other fiat currencies have always been representations of the implicit promise of governments to uphold transactions. 
The big appeal is that crypto money doesn’t need to be issued by banks, and exchange rates don’t need to be controlled by a central bank. A company can create its own contracts, just like creating a new programming language. As long as counterparties will agree to uphold the contract, a whole system of transactions can be set in motion without having to be ruled by the processes of normal monetary and banking authorities.
It’s often said that Bitcoin is three things all rolled into one:
It’s a store of value, first, in that one can convert fiat currencies — money issued by governments, such as the U.S. dollar — into a corresponding amount of Bitcoin, as well as storing the value of other items by exchanging them for Bitcoin. 
It’s a means of enacting transactions, in that one can present Bitcoin in exchange for goods and services, where it is accepted. 
And thirdly, it’s a record of transactions, given that each Bitcoin comes out of the operation of computers that track the global flow of all transactions in Bitcoin, via the digital ledger software called blockchain. 
See: Coin Dance’s resources for getting started with 
Bitcoin and things like it are dubbed “crypto” because at the heart of the global software system of the blockchain is a cryptographic function that encodes successive transactions as “hashes,” which are codes formed with cryptographic functions that transform the data of successive transactions in such a way that no single computer can reverse the process. It is this transformation, by multiple computer users, that serves as a third set of books to keep two parties to a transaction honest without a central authority. 

The idea that started everything: all the world’s bitcoin transactions recorded one after another in a long chain of interlocking cryptographic hashes. This is the underlying technology that maintains the integrity of crypto-currencies.
Bitcoin.org
Bitcoin alternatives
Although Bitcoin dominates cryptocurrency activity, like any software program, it has strengths and weaknesses; some would prefer a contract between participants that has different attributes from what Bitcoin has. Some don’t like it as a store of value, or a means of transactions, and so alternatives have been proposed. There are now thousands of new currencies, and more keep being made, including another version of Bitcoin, called “Bitcoin Cash”; Ether, introduced in 2014 by a developer Vitaly Dmitriyevich as part of a new distributed application platform; “EOS,” a coin that comes with a new computing protocol, from the Hong Kong-based startup Block.one; “Litecoin,” created by a Google engineer; and “Ripple,” created by startup Ripple Labs, to name just a few of the most prominent. 
See: A tiny tutorial on cryptocurrencies

Each of these has its appeal, the same way one or another programming language attracts followers. According to data gathered by popular news site CoinDesk in its “Crypto-Economics Explorer,” a kind of almanac of crypto, there are only a few currencies whose volume of trading, total value, and interest by developers comes anywhere close to Bitcoin, among them EOS, Ether, and Ripple. Most others have tiny fractions of the market capitalization as measured in dollar-denominated assets placed into them. The various offerings can have different advantages, such as being able to transact faster. 
One big thing to keep in mind is that less-popular currencies will naturally have lower liquidity in cryptocurrency exchanges. As a result, it may be harder to cash out of them when you want to exchange them back for fiat currencies. 
Accepting Bitcoin at some point will be an important decision for many businesses simply because of the sheer volume of fiat currencies placed into these instruments. $260 billion or so worth of dollars and euros and pounds sterling means there is opportunity for a business that accepts payment in crypto to reap some of the money looking to be transacted.
Getting started with wallets
The easiest way to get involved with Bitcoin, Ether or another currency is to get some digital wallet software. The wallet program gives you a unique “public key,” a string of characters, which serves as an address you can give to a counter-party to which they can send you Bitcoin or other money, much the way you would give out an email address. Wallets such as Mycelium and Coinomi are available on mobile devices running Android and iOS. 
There are also desktop programs such as Electrum, and web-based wallets you can use through a browser, such as the one offered for free by a Google-backed, Silicon Valley startup named Blockchain. (Blockchain also has a mobile app version of the wallet.)
Facebook’s forthcoming wallet software, for use with its proposed Libra currency, will be called “Calibra,” the company said. It’s useful to try out some wallets to get a sense of what’s involved before Facebook’s offering lands.
Because you can load these wallets up with tiny amounts of money, you try several of them for a nominal expense and see how you like the user interface. Testing the user interface is an important element in selecting a program given that you want to be very clear about how and when you are placing orders to purchase or sell crypto. 
In the wallet you will see a list of accounts. This starts with an initial public key address, but you can have the program create new public keys if you want to store money received in separate keys. Some wallets, in fact, propose generating multiple addresses as a way to separate and to cloak transactions, a practice that will be useful to anyone wanting to obscure their total record of transactions, given that the global blockchain records transactions by public key address. 

Splash screen for the Coinomi mobile wallet for iOS. The first task will be to create the wallet words that will secure your wallet and then to back them up. 

×
coinomi-wallet-startup.png

Coinomi generation of random wallet words — record them somewhere else so you can always recall them if needed, and don’t show them to anyone! (Unlike this article is doing!)

×
coinomi-wallet-words.png

When you first install a wallet program such as Mycelium or Coinomi, they will ask you to record a unique string of several words whose combination will be used if you ever need to recover a wallet, such as if you lose your phone with the program on it. You should carefully note the words and record them in a safe place, as these words are the only way to recover a wallet, and without them, your wallet account and any money you have in the wallet will be lost. Once you’re through that procedure, you will create a password of your own invention, which is the normal kind of procedure. The password is what you use with the wallet on a day-to-day basis, and is separate from your recovery set of words. 
To receive bitcoin, you give someone your public key or keys, a string of characters you can see in the program. To send money, you enter into the program a public key that someone provides to you. In this way, you can also use multiple wallet programs and transfer funds between them. 
With each transaction, either sending or receiving, a fee is extracted. The fee goes to the global “mining” community, those computer users who form the third party, the blockchain, that participate in verifying all transactions for a given currency. When you send or receive, it takes some time for the amounts to be verified by miners, hence, your wallet may show grayed-out amounts until they are final. This can take up to several minutes for each transaction. 

The public key, which you give to a counter-party, either by reading off the combinations of characters at the top of the screen or by having them scan the barcode. 

×
coinomi-wallet-public-key.png

Given that the spot price for a single Bitcoin is around $23,000 today, your first purchase will show only a fraction of one bitcoin in your wallet, something like “0.001” Bitcoin for a $10 purchase, after fees. Other currencies are cheaper but it still can cost hundreds of dollars for a single coin of any currency. 
Be aware that that software wallets can be hacked. Crackers have used approaches such as sending false notice of software updates, to install malicious code. A wallet can be secured via two-factor authentication, such as a one-time passcode sent to a phone, however, crackers have compromised such authentication by what’s known as “SIM swapping,” getting a phone company to assign your cellular account to them, so that they can intercept such one-time codes. There’s no way to absolutely prevent such attacks, one just has to be vigilant for any sign of things irregular, such as sudden notices of password renewal messages or sudden interruptions in phone service. As explained in the next section, such attacks can be limited or they can be exacerbated by the use of crypto exchanges. 
The world of Bitcoin ATMs
Wallets only allow you to send and receive the crypto-currencies, they are not for converting fiat money into crypto. If you don’t have a counter-party from whom to receive your first Bitcoins or Ether coins, an easy way to get some is to locate one of the several thousand crypto ATMs installed in various cities, which will convert bills of fiat currency into crypto of your choice, depending on what the machine offers. These things often hang out in small shops, such as grocery stores, similar to normal ATMs.

A General Bytes Bitcoin ATM.
A directory of such machines is maintained by CoinATMRdar, with details about the features of the machines and whether a machine is in working order, updated by crowd-sourced reports. Using the machine starts with inserting money just like a slot machine. You then take out your smartphone wallet and bring up the bar code in the app that represents your public key. You hold the screen of the phone up to the machine’s barcode reader for it to be scanned. Within a few seconds, your crypto shows up in the wallet, with a record of the details of the transaction including the fees charge, and lots of technical details about the blockchain process that probably will not be that interesting to you in the beginning. 
Such machines can vary quite a bit, but you can get a sense of the features by checking out the product literature of one popular manufacturer, General Bytes. Most machines are one-way, bills to crypto only, so you can’t cash out of Bitcoin and the rest, although newer machines from General Bytes incorporate that option. 
The cold storage alternative
Because accounts can be compromised, you may want to consider turning to what’s known as “cold storage,” a device that’s not connected to a network. Startups have created physical USB tokens, similar to a thumb drive, such as Trezor and KeepKey that you plug into a computer, and that ingest your crypto assets, acting as a hardware wallet that can be kept physically remote from your day-to-day activities. 
Bear in mind that the companies offering such devices have somewhat vague and incomplete user documentation, which means knowing who is selling you the device and all the details about how it works can involve some extra web searches or Reddit discussions. 

The Denarium gold coin comes pre-loaded with specified amounts of Bitcoin, as a “hard wallet” that’s off the grid, for cold storage of your money. 
Finnish startup Prasos has a somewhat unique take on the whole matter: silver, platinum and gold coins, called “Denarium,” that are shipped by the company with an embedded hologram that counts as the tamper-resistant record of your collected coins. These are one-time devices, as once you rip open the cover of the hologram, if you want to spend it, the physical token loses its crypto value (though it’s still precious metal, for what that’s worth.)
Another curious artifact is the “CryptoSteel,” from British firm Sword Ltd. The $79 steel slab, about the size of a credit card, comes with a set of tiny metal characters. You assemble the wallet words for your digital wallet by placing the type pieces into the grooves in the slab, rather like an old-fashioned type-setter laying out a print newspaper. It’s a durable, simple way to make a record of wallet words that secures your wallet. 
Working with exchanges 
At some point, being strictly peer-to-peer, exchanging Bitcoin and the other money with single individuals, may seem too limiting. You may be ready to check out one of the numerous exchanges that bring together buyers and sellers, places such as Bitstamp, Kraken, and Coinbase. (Bitcoincharts is one starting place to see the selection of exchanges out there.)
These institutions theoretically inject liquidity into the system, by making it possible for counter-parties to come together, although they carry a whole other set of risks as well.  
Connecting from your wallet to an exchange is a matter of setting up an account on the exchange and then copying a unique public key address as the address to use in the wallet as the target for transferring your coins.
You may have to wait up to two months to deposit fiat currencies while your identity is verified by the exchange. This is so the exchange can comply with anti-money laundering and similar rules. For individuals, it’s a matter of standard proof of identification, proof of bank account, and proof of address.  

Example trading screen from exchange Bitstamp. 
Once your account is set up, depositing money with which to buy and sell on the exchange introduces its own wait time. A wire transfer is required to put U.S. dollars and other fiat currencies into your exchange account. It can take 48 hours to submit the paperwork just to get the ball rolling, and another five business days for the wire transfer to actually go through and the funds to show up in your account. 
The exchange method can vary quite a bit. Places such as Bitstamp feature “Buy” and “Sell” buttons for placing trades, much like online trading software. These exchanges support trading in a variety of different coins, not just Bitcoin, and they offer different quotes for both the spot price of a given coin — its value in fiat currency — as well as the fees that will be charged for each transaction.
Also: Want a job in bitcoin or blockchain? These 10 companies have the most openings TechRepublic 
A somewhat different approach is a service called LocalBitcoins. It’s a kind of marketplace of buyers and sellers rather than a true exchange. It lets sellers of currency post listings of what currencies they will sell and for how much. When you go to buy the currency, or if you become a seller, any exchange of fiat currency with the other party is done via a variety of transfer mechanisms that can include Western Union, MoneyGram, or traditional bank transfers, so it expands your options for funding your trades. You can drill down into details about the counter-parties as well, if you want to geek out on the reputations of the other party. 
Taking out funds when you want to cash out to fiat currencies can take a week to two weeks, depending on the internal processes of the exchange you use. It’s especially important to keep in mind these time frames for opening, funding, and cashing out, as they will be a drag to your momentum.
In addition to individual trading, exchanges have been adding capabilities for enterprise accounts. These can include dedicated network connections and co-located server equipment for trade processing. 
How to pick exchanges
There are tons of different exchanges, and picking one will involve a mix of assessing features and assessing operating history. On the first score, exchanges vary by the currencies they support, the prices they list for buying and selling, the volume of trading they offer (a proxy of liquidity), and, for companies, the enterprise features they offer. 
In the latter case, some time spent with the exchanges is required to get a sense of the true security they can offer over time.
Exchanges bring both safety and risk. On the one hand, professionals who manage infrastructure could keep your holdings safer than you would as an individual or a company, because it’s their job. And some exchanges can insure deposits as a practice. 
See: Will blockchain be mainstream by 2025?
One the other hand, it is possible for the virtual currencies of exchanges to be compromised, something that has happened with many exchanges on numerous occasions. Just last month, an exchange named Binance was cleaned out of $41 million worth of Bitcoin because of a massive security breach, echoing attacks in past such as the 2013, $350-million theft that shut down exchange Mt. Gox.
In many cases, exchanges continue to function, despite past problems. The example of Bitfinex, an operation run by Hong Kong-based iFinex Inc., is salutary. The company in the summer of 2016 suffered a loss of over $60 million in customer funds. Bitfinex has also been accused of artificially inflating the price of Bitcoin, and the New York Attorney General obtained a court order in April against parent iFinex enjoining the company against continuing certain actions that may have defrauded customers.
Risks: How to make cryptocurrency safer
Given risks to both individual wallets and exchanges, it’s important to consider best practices to mitigate the disasters that can happen. Those best practices include starting with only nominal amounts in crypto, to gain a convincing history of the quality of both wallet software and trading platforms. Consider experimenting with the offerings over a period of time that may be several months to a year. As a contract, a cryptocurrency, including both Bitcoin and newer offerings, is established via the evidence of stability over time. 
Given that the biggest risks have come from things that are all too common in the software world, such as cracked passwords and backdoor software installs, it’s important to both observe best practices in the maintenance of secrets but also to test out various offerings to establish the quality of programs and platforms.
And perhaps the best thing one can do is to avoid the mindless urge known as “fear of missing out,” or FOMO. A good part of the danger in crypto comes from the continually shifting nature of currencies and technologies. Jumping into anything increases risk. Avoiding rushing into anything crypto that is new simply because it is new will most likely greatly reduce the headaches and the heartache.
The future of crypto: An evolving landscape
Understanding the landscape of crypto is only ever partial, as things continue to evolve. The currencies are evolving, the technology is evolving, and the rule of law is trying to evolve. 
On the currency front, people continue to come up with new coins, especially for the purposes of supposed stability. Startup Tether, Ltd., which is owned by iFinex, promised to back all “Tether” coins in circulation with more hard currency than the dollar value of the coins, over $2 billion in assets. With the A.G.’s action in New York, others are rushing in to propose alternative ways to make such “stable coins,” as they’re called.
Also: Your systems, their profit: How IT rights can be abused for shadow mining of cryptocurrency TechRepublic 
A competitor, Anchor AG, claims the real challenge is to make trading more stable. It proposes to do so by tying its novel currency, the “Anchor” coin, to the total economic production of the world. Anchor is promoting something called the “Monetary Measurement Unit,” or MMU, which the company claims is calculated based on global gross domestic product using a unique, proprietary algorithm. 
That’s all well and good, but as mentioned with Facebook’s Libra, larger parties are getting into the crypto game. The company’s blog post claims Libra will be “stable” because it is “backed by a reserve.” 
A companion white paper offers a lot more detail. The reserve will be created via a private placement of a second class of coin, which is a way to inject initial funds into the reserve. Facebook says this reserve will limit the extent of the fluctuations in Libra, though whether it prevents the wild swings seen with Bitcoin and the rest is an open question.
There are whole other bunch of changes coming with Libra. Facebook’s crypto will come with a whole new programming language, called “Move,” and there will be an association of founding member companies, such as Visa and Mastercard and Vodafone, that will control the mining of new coins, unlike Bitcoin, where anyone with enough computing power can mint new currency.

Bottom line, Facebook’s entry looks to be a seminal event for crypto, and will have an impact on the other coins in circulation and the future directions for existing wallet software and exchanges. With other tech giants besides Facebook offering technology related to crypto, such as Amazon’s blockchain service, and Apple’s “CryptoKit,” there could be a wave of major-party crypto offerings. After all, cryptocurrencies are little more than a digital contract, something big tech should be able to provide to its loyal user base. That could lead to a fractured landscape, or perhaps some organization like Libra’s will unite the various efforts.
See: Amazon Managed Blockchain now generally available
The evolution of the mining community, those computer users who spend compute cycles on maintaining the blockchain, will be another continuing matter in coming years. Recent years have seen the concentration of compute power in the hands of single parties such as AntPool, Bixin, and CoinGeek. Their dominance of the blockchain for currencies feels long in the tooth and ripe for innovation. 
Regulation and taxes
And then there’s regulation. The wave of popularity in 2018 has resulted in a wave of scrutiny. The city of Vancouver, British Columbia, the site of the very first Bitcoin ATM, is considering a ban on crypto ATMs, which police say is an “ideal money-laundering vehicle,” following a raft of theft incidents with the machines. 
China, whose government has banned crypto trading, is reportedly considering outlawing mining activity, which would be a big development, given that China is where the majority of mining takes place. 
And don’t forget taxes. Crypto today is treated as capital gains, which basically means a 15% tax on users’ profits. The U.S. Internal Revenue Service issued long-awaited guidance on crypto in October of 2019. The IRS  has been getting more aggressive this year in going after people about their holdings. If you exchanged Bitcoin, or another crypto currency, into fiat currency, you will have a complex process of calculating a “cost basis” for your holdings. You may want to start with the IRS’s FAQ to know what’s expected of you.
It’s entirely possible that tax rates will change as legislation evolves to reflect the expanding practice of trading in crypto.  
When it comes to crypto, keep an open mind but be careful. This is an immature technology, and an immature marketplace, so keeping your head amidst the chaos is essential. 
Related coverage More

The intrusion into SolarWinds, FireEye, and multiple US Government agencies continues to roil the cybersecurity world. In the past week, a slew of additional details have emerged about the scope of the intrusions with more surely to come. 

SolarWinds Coverage

Security vendors spend all their time talking about security, but not in a way that’s useful right now. As we wrote in our prior blog, no vendor should turn what happened to these companies into a marketing opportunity. Let us repeat for emphasis: no vendor should turn what happened to these companies into a marketing opportunity. Other security vendors should also understand that this is not a time to throw stones at FireEye — a breach like this could happen to any vendor. 
But security vendors do need to have a conversation with customers. Security leaders need answers. 
Security vendors are notoriously close mouthed about attempted intrusions against them as a vendor. Despite a series of intrusions on vendors — RSA and Lockheed Martin, MeDoc, SolarWinds, and FireEye — it is virtually impossible to get a vendor to talk about what they deal with. And as the prior examples demonstrate that vendor intrusions are often a mechanism into their customers as well. Here’s why this matters now: 
If the threat actors went after FireEye — what other security vendors did they go after? 
Does anyone doubt that other security vendors were on the list of potential targets? 
End users should ask the following of their security vendors: 

Does the vendor use SolarWinds? If so, what specific products are in use? 

Does the vendor have any (3rd parties) suppliers, partners, contractors, or outsourcers that use SolarWinds? If so, what specific products and versions are in use? 

If the vendor does use SolarWinds, did they detect any evidence of this activity? If they don’t use SolarWinds have they checked to be thorough? 

For companies that aren’t using SolarWinds — how would those vendors thwart a similar intrusion? Does the vendor have plans to do a red team, purple team, or tabletop exercise to figure that out? 

Some other interesting security vendor questions: 

 The intrusions began in March — if someone reverses signatures, IOCs, and other detection rules, are they going to discover any that were created by a security vendor prior to this being public? 

If the vendor did see this — what is their notification process like for SolarWinds? What is their process for notification in situations like this for their vendors? 

What are the most successful intrusions against them they have experienced? What did they do as a result? What changes were made? 

This is an opportunity for vendors to offer transparency — and demonstrate empathy — by sharing that what happens to them, also happens to their customers, their competitors, and their peers. FireEye has largely received community praise for the openness and transparency exhibited when announcing its breach. Sharing lessons learned, anti-patterns, and changes made as a result will help everyone get better. 
Other vendors should learn this lesson and recognize that this is a community. 
To understand the business and technology trends critical to 2021, download Forrester’s complimentary 2021 Predictions Guide here.      
This post was written by VP, Principal Analyst Jeff Pollard and Principal Analyst Sandy Carielli, and it originally appeared here.  More

As forensic evidence is slowly being unearthed in the aftermath of the SolarWinds supply chain attack, security researchers have discovered a second threat actor that has exploited the SolarWinds software to plant malware on corporate and government networks.
Details about this second threat actor are still scarce, but security researchers don’t believe this second entity is related to the suspected Russian government-backed hackers who breached SolarWinds to insert malware inside its official Orion app.
Also: Best VPNs
The malware used in the original attack, codenamed Sunburst (or Solorigate), was delivered to SolarWinds customers as a boobytrapped update for the Orion app.
On infected networks, the malware would ping its creators and then download a second stage-phase backdoor trojan named Teardrop that allowed attackers to start a hands-on-keyboard session, also known as a human-operated attack.

Image: Microsoft
But in the first few days following the public disclosure of the SolarWinds hack, initial reports mentioned two second-stage payloads.
Reports from Guidepoint, Symantec, and Palo Alto Networks detailed how attackers were also planting a .NET web shell named Supernova.

Security researchers believed attackers were using the Supernova web shell to download, compile, and execute a malicious Powershell script (which some have named CosmicGale).
However, in follow-up analysis from Microsoft’s security teams, it’s been now clarified that the Supernova web shell was not part of the original attack chain.
Companies that find Supernova on their SolarWinds installations need to treat this incident as a separate attack.
According to a post on GitHub by Microsoft security analyst Nick Carr, the Supernova web shell appears to be planted on SolarWinds Orion installations that have been left exposed online and been compromised with exploits similar to a vulnerability tracked as CVE-2019-8917.

This is excellent analysis of a webshell!However, SUPERNOVA & COSMICGALE are unrelated to this intrusion campaign.You should definitely investigate them separately bc they are interesting – but don’t let it distract from the SUNBURST intrusions.Details: https://t.co/6FA6VlABV3
— Nick Carr (@ItsReallyNick) December 17, 2020

The confusion that Supernova was related to the Sunburst+Teardrop attack chain came from the fact that just like Sunburst, Supernova was disguised as a DLL for the Orion app — with Sunburst being hidden inside the SolarWinds.Orion.Core.BusinessLayer.dll file and Supernova inside App_Web_logoimagehandler.ashx.b6031896.dll.
But in an analysis posted late Friday, on December 18, Microsoft said that unlike the Sunburst DLL, the Supernova DLL was not signed with a legitimate SolarWinds digital certificate.
The fact that Supernova was not signed was deemed extremely uncharacteristic for the attackers, who until then showed a very high degree of sophistication and attention to detail in their operation.
This included spending months undetected in SolarWinds’ internal network, adding dummy buffer code to the Orion app in advance disguise the addition of malicious code later, and disguising their malicious code to make it look like SolarWinds devs wrote it themselves.
All of this seemed like too much of a glaring mistake that the initial attackers wouldn’t have done, and, as a result, Microsoft believes that this malware is unrelated to the original SolarWinds supply chain attack.

SolarWinds Coverage More

As everyone from Facebook to Apple is taking a close look at financial services, the International Monetary Fund (IMF) has been wondering what aspects of tech are going to turn finance on its head next. 
Researchers at the IMF, the world’s lender to nations in times of financial crisis, have highlighted why fintech has emerged in the past decade as physical banks have been receding. 

More on privacy

They outline how smartphones, online search and social media have helped drive financial innovation through the use of non-financial data, such as a user’s browser-type, the device being used, a person’s history of online searches, and their purchases. 
SEE: Managing AI and ML in the enterprise 2020: Tech leaders increase project development and implementation (TechRepublic Premium)
“Fintech resolves the dilemma by tapping various non-financial data: the type of browser and hardware used to access the internet, the history of online searches and purchases. Recent research documents that, once powered by artificial intelligence and machine learning, these alternative data sources are often superior than traditional credit assessment methods, and can advance financial inclusion, by, for example, enabling more credit to informal workers and households and firms in rural areas,” said a blog detailing research by IMF staff.
The researchers argue these methods can be superior to traditional credit risk assessments carried out by banks, and help bring credit to people that banks ignore or have no way of assessing for loans, from informal workers to even skilled and well-paid new arrivals to a nation. According to the IMF, there are 1.7 billion unbanked adults in the world. 
Fintech and using alternative information to assess credit worthiness is not a new technique, so the IMF is merely studying the evolution of the market outside traditional banks and its policy implications as companies like Facebook and Amazon begin to know customers’ financial lives more than banks. 

“Communication innovation is driven by the variety of digital platforms in social media, mobile communication, and online shopping that have penetrated much of consumers’ everyday lives, thus increasing their digital footprint and the available data,” researchers Arnoud Boot, Peter Hoffmann, Luc Laeven, and Lev Ratnovski write on the IMF blog. 
“Platforms like Amazon, Facebook or Alibaba incorporate more and more financial services into their ecosystems, enabling the rise of new specialized providers that compete with banks in payments, asset management, and financial information provision.” 
The four researchers recently published an IMF working paper looking at what’s new in financial intermediation and technology. 
The paper doesn’t directly explore the Facebook-backed Libra cryptocurrency initiative, but it’s been weighing on the minds of regulators across the world. 
The ‘stablecoin’ effort — recently rebranded as Diem —may finally launch in January 2021. The Libra coin project, announced in June 2019, was originally planned to be a cryptocurrency coin pegged to several actual currencies, but a scaled back version of the project will see it initially launch as a single digital currency pegged to one currency, as the Financial Times recently reported.  Another plan was to launch multiple Libra coins with each tied to a single currency. 
SEE: Keeping data flowing could soon cost billions, business warned
There have been concerns Libra could threaten monetary sovereignty and stability and too easily allow money laundering. But the Facebook-backed plan has also spurred interest in central bank digital currencies, such as China’s digital Yuan and more recently Japan’s digital Yen. China’s efforts look to facilitate payments as opposed to replacing deposits held at traditional bank accounts. 
The European Central Bank is currently considering the implications of issuing a digital Euro in part as a defensive move against Europeans using physical cash less frequently but also Europeans in the future accessing digital currencies from nations outside the EU. 
“Issuing a digital euro might become necessary to ensure both continued access to central bank money and monetary sovereignty,” Christine Lagarde, president of the ECB, recently wrote. 
“A properly designed digital euro would create synergies with the payments industry and enable the private sector to build new businesses based on digital euro-related services.” More

It’s vital that all countries follow international rules and norms if deploying cyber weapons, but some nation states aren’t being responsible when it comes to how they use cyber powers, some of the UK’s top intelligence and cyber chiefs have warned.
In a rare joint appearance in public at Chatham House, Jeremy Fleming, director of GCHQ, the UK’s intelligence and security organisation, and General Sir Patrick Sanders, commander of UK Strategic Command, which leads on the cyber domain for the military, detailed how cyberspace is becoming an increasingly important area of military operations and international relations.

More on privacy

The discussion involving the two intelligence officials came just weeks after the UK announced the National Cyber Force, a new offensive unit to take on and disrupt activity by cyber criminals and nation-state hacking operations.
SEE: Cyberwar and the future of cybersecurity (free PDF download)
“The domain is changing very quickly and we need now as a nation to be building out from our defensive posture to take advantage of all those benefits that come from technology, but also be able to contest cyberspace,” said Fleming.
“To be a responsible cyber power, we need to defend the digital homeland, we need to be able to disrupt and compete in cyberspace and we need to do that in accordance with international law and internationally agreed norms,” he added.
Cyberattacks and hacking campaigns have become an increasingly common part of how countries attempt to gather intelligence – and the discussion took place just as it was revealed that Russian intelligence services were behind a large hacking campaign that compromised departments across the US government.

“The thing that’s changed for me most is the intensity and the range and the scale. And cyberspace is now not only the most contested domain that we operate in but it’s one where there’s a state of permanent perpetual confrontation,” said Sanders.
“Cyberspace has become a domain of operations. And so we have to, when we’re thinking about military operations, be able to exploit cyberspace, defend ourselves in cyberspace and crucially integrate effects of cyberspace with what we do on land, air and sea – and in space,” he added.
Both intelligence chiefs pointed out that while the use of cyber weapons is increasingly on the agenda for the UK – and they’ve already been deployed – it’s important that they’re used appropriately.
“When we apply force in cyberspace we’re guided by the same principals as when we use kinetic force; military necessity, proportionality, discrimination and humanity,” said Sanders.
“So the idea we’d construct some kind of a cyber weapon of mass destruction… and use that indiscriminately is directly counter to international law… but it’s contrary to our values and it’s counter-productive. We’re trying to establish norms in cyberspace.”
The world has already seen the unintended consequences of what happens when cyber weapons get out of control; May 2017’s WannaCry ransomware attack encrypted networks around the world and was followed just weeks afterwards by NotPetya wiping networks of organisations around the world – both used the same EternalBlue vulnerability that formed part of a leaked NSA hacking tool.
SEE: Ransomware victims aren’t reporting attacks to police. That’s causing a big problem
North Korea was found to have launched WannaCry while the NotPetya attack has been attributed to the Russian military. Both attacks were designed to be self-perpetuating – and both are likely to have spread further out of control than those behind them would’ve liked.
“In those consequences, what we saw were tools that self-proliferated in a way that I am sure the states behind them had not intended. The question is how do we stop that sort of thing happening?,” said Fleming.
“The way in which we think about capability and the way in which we plan operations, the legal and statutory and oversight behind us mean we have a very different starting point to those states that have released those sort of capabilities. I’m aware of no responsible state that is designing tools that are self-proliferating in that way,” he added.
MORE ON CYBERSECURITY More

Over the weekend as the Sydney’s Northern Beaches went back into lockdown over a coronavirus cluster, the Australian government once again called on citizens to use its so-called digital sunscreen.
Last month, the government said the app was recording excellent performance thanks to using an updated Bluetooth protocol dubbed Herald.
“The protocol provides for excellent performance of all encounter logging under all phone conditions and will continue to work on more than 96% of Apple and Android phones,” Health Minister Greg Hunt and Minister for Government Services Stuart Robert said at the time.
The same duo was back at it over the weekend, as the Herald update hit the Apple and Google app stores.
“Recent cases of COVID-19 in our community are a stark reminder the pandemic is not over and Australians must remain vigilant and be COVIDSafe,” Hunt said.
“New South Wales contact tracers are using the COVIDSafe App as one of their tools to search for close contacts during the current Northern Beaches outbreak.
“Our public health official contact tracing teams are world-leading and are ready to manage any cases that may occur, however, the best way to ensure you and your family are protected is to remember to practise good hygiene, physical distancing, get tested, isolate if you need to and download, register and update the COVIDSafe App.”

Must read: Living with COVID-19 creates a privacy dilemma for us all
On Friday during an update on the Northern Beaches cluster, digital venue check-in systems were said to be helping contact tracers track the outbreak. NSW representatives did not mention the COVIDSafe app.
The new release prompted Jim Mussared — who has pointed out technical problems with COVIDSafe from the get go — to state the Digital Transformation Agency (DTA) has not responded to concerns raised before the update was pushed.
“So far we’ve seen a bunch of old bugs re-introduced, plus some new ones. Hope they can fix before the app store freeze,” he wrote on Monday.
“Our analysis found a few reasons why the Herald changes will be less efficient compared to ‘COVIDSafe Classic’. The DTA has refused to respond to any of the requests for evidence for their claims.
For an app that has cost millions to create and just shy of AU$7 million to promote, Mussared gets the government was not above asking for free labour.
“They even attempted to reach out to a few of us privately asking for free help on a different issue (with apparently no sense of irony). We provided (in great detail, including code snippets) and then they still managed to not fix the bug,” he said.
“I raised another serious security issue last night, and so far nobody is replying to their security contact.”

Coronavirus More

The United States Department of Justice (DoJ) unsealed a complaint and arrest warrant on Friday against Zoom’s now-sacked liaison with the Chinese government, Xinjiang Jin.
In his role at Zoom, Jin allegedly responded to requests from Beijing for information on users and meetings. He also allegedly ended meetings discussing topics that China found to be problematic. The DoJ said Jin handed information including names, email addresses, and IP addresses of people outside China that Beijing was interested in.
“As alleged in the complaint, between January 2019 to the present, Jin and others conspired to use Company-1’s systems in the United States to censor the political and religious speech of individuals located in the United States and around the world at the direction and under the control of officials of the PRC government,” the DoJ said.
“Among other actions taken at the direction of the PRC government, Jin and others terminated at least four video meetings hosted on Company-1’s networks commemorating the thirty-first anniversary of the Tiananmen Square massacre, most of which were organised and attended by U.S.-based participants, such as dissidents who had participated in and survived the 1989 protests.”
It is alleged that between May and June, Jin and others infiltrated Zoom meetings to gather evidence and fabricated evidence to get meetings ended and users banned.
“The fabricated evidence falsely asserted that the meetings included discussions of child abuse or exploitation, terrorism, racism or incitements to violence, and sometimes included screenshots of the purported participants’ user profiles featuring, for example, a masked person holding a flag resembling that of the Islamic State terrorist group,” the DoJ said.
“Jin used the complaints as evidence to persuade Company-1 executives based in the United States to terminate meetings and suspend or terminate the user accounts of the meeting hosts.”

The DoJ said Beijing used the information gathered to retaliate against those in the meeting or their China-based family members.
“PRC authorities temporarily detained at least one person who planned to speak during a commemoration meeting. In another case, PRC authorities visited family members of a participant in the meetings and directed them to tell the participant to cease speaking out against the PRC government and rather to support socialism and the CCP,” it said.
According to the complaint [PDF], Jin is charged with one count of conspiracy to commit interstate harassment and another count of unlawful conspiracy to transfer means of identification. If found guilty of both counts, he could face 10 years in prison.
Jin is currently not held in US custody. According to his Most Wanted page, the federal arrest warrant was issued on November 19.
Outing itself as Company-1 in the DoJ’s complaint, Zoom said it has fully cooperated with authorities, sacked Jin for violating company policies, and had other employees on “administrative leave” as it completes an internal investigation.
Zoom said in September last year that it was blocked in China by Beijing officials and the company wanted to get the block removed as soon as possible.
“We had not, at that point in our evolution, been forced to focus on societal or policy concerns,” the company said.
After meeting with Chinese authorities, the company agreed to having an “in-house contact for law enforcement requests”, as well as shifting data on Chinese users out of US data centres and into the Middle Kingdom.
“The plan included measures to comply with real ID and data localization requirements applicable in China, in a manner that is capable of audit and verification, as well as establishing a legal entity in China to meet China’s local legal and regulatory requirements,” Zoom said.
“The plan also references measures that we did not carry out, such as working with a local Chinese partner to develop technology that would analyze the content of meetings hosted in China to identify and report illegal activity and shut down meetings that violate Chinese law.”
The Chinese ban was lifted on 17 November 2019, Zoom said, and while conducting its investigation, it said it believed data was shared with Beijing on less than 10 individuals, and beyond that, neither Jin nor any other employees, have shared data with the Chinese government on users outside of China.
“While the complaint alleges that the former employee obtained Zoom account and user IDs associated with the Xinjiang region of China, our investigation shows that this data was anonymized, and at this time we do not have reason to believe that it was shared with the Chinese government,” it added.
Zoom added it was creating an insider threat program to flag suspicious employee behaviour.
Last week, The New York Times reported Alibaba had developed and promoted facial recognition software that could be used to continue China’s repression of its Uyghur population. The company subsequently removed any references to Uyghurs, said it was not used outside a test environment, and issued a statement saying it had removed any ethnic tag in the software.
The response mirrored that of Huawei earlier in the month when The Washington Post reported Huawei was testing automated “Uyghur alarms” that send alerts to Chinese authorities when Uyghurs are detected via its camera systems.
The Washington Post said a document it saw from Huawei’s website was removed by the company after comment was sought. Huawei reportedly said it was “simply a test” and not a product.
In June, Zoom finally got around to implementing a way to restrict bans by geography. The change followed the company banning a Chinese human-rights activist at the behest of Beijing, before reinstating the account.
Zoom said at the time it should have anticipated needing such a system.
“No company with significant business interests in China is immune from the coercive power of the Chinese Communist Party,” Assistant Attorney General for National Security John Demers said on Friday. 
“The Chinese Communist Party will use those within its reach to sap the tree of liberty, stifling free speech in China, the United States and elsewhere about the Party’s repression of the Chinese people.  For companies with operations in China … this reality may mean executives being coopted to further repressive activity at odds with the values that have allowed that company to flourish here.”
Acting United States Attorney Seth DuCharme, meanwhile, claimed US companies operating in China are forced to make a Faustian bargain with Beijing and have to deal with the insider threat of their own employees in the Middle Kingdom.
Related Coverage More