Hackers have got their hands on $11 billion in stolen cryptocurrency since 2011

Hackers have got their hands on $11 billion in stolen cryptocurrency since 2011

STEPHANIE PALMER-DERRIEN / Wednesday, January 22, 2020


More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed.

For a form of currency that bases itself on safety and security, $11 billion is a pretty significant number. Stored on blockchain technology and protected by encryption keys, cryptocurrencies are supposed to be impossible to counterfeit or copy.

In fact, the currency is so secure that when the co-founder and chief of Canadian exchange QuadringaCX Gerald Cotten died last year, it transpired he was the only one with the digital keys to the digital safe where all the coins were kept.

Since then, there have been questions as to whether or not Cotton actually died at all. Lawyers for Quadringa’s investors have even called for his body to be exhumed in order to settle the matter once and for all.

However, it turns out even crypto coins can be half-inched. According to US bitcoin publication Inside Bitcoins, there have been some 33 hacking incidents, globally, since 2011.

The exchange that fell victim to the first reported crypto hack in 2011 was also on the sharp end of the biggest hack in 2014.

In 2011, Tokyo exchange Mt.Gox was breached, losing about US$17.2 million in bitcoin.

It recovered from the incident, and by 2014, it was the leading exchange in the world, managing about 70% of all bitcoin transactions.

In February 2014, however, it suffered a second attack, losing about US$6.5 billion worth of bitcoin ⁠— or six percent of all bitcoin in existence at the time.

Three years later, Mt.Gox was bankrupt.

The Mt.Gox hack of 2014 is now infamous ⁠— it’s the subject of lengthy deep-dive articles, it’s explored in many tech podcasts and its even the subject of an ebook.

Three additional hacks were recorded in 2014, bringing the total loss to US$6.7 billion, and making the year an almost comical standout on a graph detailing losses over the past eight years.

By contrast, the second most-catastrophic year was 2016, which saw total losses of US$1.6 billion in cryptocurrency.

Interestingly, 2017 saw an increase in the number of hacks, but a dip in the value stolen. It’s perhaps no surprise that there was more criminal interest ⁠— this was the year of the crypto-boom, in which prices reached a peak of US$20,000.

However, the most hacks occurred in 2019, including that of prominent exchange Binance, which lost about US$60.5 million in bitcoin.

Posted in Uncategorized | Leave a comment

Aussie entrepreneur launches “disturbing and unethical” facial recognition tech in Silicon Valley

Aussie entrepreneur launches “disturbing and unethical” facial recognition tech in Silicon Valley

STEPHANIE PALMER-DERRIEN / Wednesday, January 22, 2020

Clearview AI

An Aussie entrepreneur is copping flack online for his contentious and, frankly, dystopian startup designed to identify people and source information about them, from a single image.

According to The New York Times, the technology has already been provided to more than 600 law enforcement agencies, including local police in Florida, the FBI and the Department of Homeland Security.

Founded by Hoan Ton-That, Clearview AI is a secretive Silicon Valley startup that has been reportedly operating in stealth mode for some time.

It’s facial recognition app allows users to take a picture of a person and upload it, to access public photos of that person, and the sites on which they appear (think Facebook and YouTube).

It has a database of about 3 billion images.


Soon anyone will be able to take a picture of you in public and then have your complete identity. What could go wrong? https://www.cnet.com/news/clearview-app-lets-strangers-find-your-name-info-with-snap-of-a-photo-report-says/ …Clearview app lets strangers find your name, info with snap of a photo, report saysIt may not be long before you’ll have to forget about walking down the street anonymously, says a New York Times report.cnet.com5432:46 PM – Jan 22, 2020Twitter Ads info and privacy252 people are talking about this

According to The New York Times article, although law enforcement didn’t 100% understand how the app works, they’ve used it to help solve shoplifting, credit card fraud and even murder cases.

Clearly, there’s a dark side here.


Is this the CEO of Clearview AI? https://twitter.com/CNET/status/1218931492669263873 …

View image on Twitter

CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. https://cnet.co/2G8p7vS 6610:24 PM – Jan 20, 2020Twitter Ads info and privacy37 people are talking about this

Clearview is reportedly also licenced to ‘a handful’ of private companies, and it’s not clear whether the technology is available for use by individuals

The story has also predictably, and rightly, drawn scorn on Twitter, with one user calling it “disturbing and unethical”.

Becca Fouts@BeccaFouts

“This app isn’t available to the public yet, but Clearview thinks it will be in the near future.”

Please think very carefully about the lives you would be putting in danger if this app were to become available to the public. This is a disturbing and unethical use of technology. https://twitter.com/cnet/status/1218931492669263873 …CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. https://cnet.co/2G8p7vS 274:37 AM – Jan 21, 2020Twitter Ads info and privacySee Becca Fouts’s other Tweets

Others expressed serious concern that the technology could put women at risk, and make life easier for all the wrong people.

A memo from Clearview distributed to potential customers purportedly addressed concerns, stressing that the tech is totally legal and not at all creepy.

“An informed legal analysis … establishes that law enforcement agencies’ use of Clearview for its intended purpose is fully consistent with current federal law and state biometric and privacy laws,” the memo said.

So, consider yourself reassured.

Peggy Wolohan von Burkleo@SamhainNight

A lot of women would die. That’s what if. https://twitter.com/CNET/status/1218931492669263873 …CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. https://cnet.co/2G8p7vS 380K4:44 PM – Jan 20, 2020Twitter Ads info and privacy115K people are talking about this

Peggy Wolohan von Burkleo@SamhainNight · Jan 20, 2020

A lot of women would die. That’s what if. https://twitter.com/CNET/status/1218931492669263873 …CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. https://cnet.co/2G8p7vS 

 ‘It’s Still Winter’ Selwyn @SelwynAfterDark

This is like…one of the absolute pinnacles of “you were so focused on whether you could that you never stopped to think about whether you should.” The blatant privacy issues are on the SURFACE LEVEL and somebody was still like LeT’s MaKe A sTaRtUp1042:47 AM – Jan 21, 2020Twitter Ads info and privacySee  ‘It’s Still Winter’ Selwyn ‘s other Tweets

Posted in Uncategorized | Leave a comment

Cousin took a DNA test? Courts could use it to argue you are more likely to commit crimes

Cousin took a DNA test? Courts could use it to argue you are more likely to commit crimes

DNA from relatives could be used in sentencing offenders. MR Yanukit / Shutterstock

Allan McCay, University of Sydney and Christopher Lean, University of Sydney

How similar do you think you are to your second cousin? Or your estranged great aunt?

Would you like to have people assess your behaviour from what your great aunt has done? How would you feel if courts used data gained from them to decide how you are likely to behave in the future?

Scientists are making connections between a person’s DNA and their tendencies for certain kinds of behaviour. At the same time, commercial DNA databases are becoming more common and police are gaining access to them.

When these trends combine, genetic data inferred about offenders from their relatives might one day be used by courts to determine sentences. In the future, the data from your great aunt could be used by a court to determine how severely you are punished for a crime.

DNA databases can be used to identify relatives of criminals

A Florida judge recently approved a warrant to search a genetic genealogy database, GED Match. This American company has approximately 1.3 million users who have uploaded their personal genetic data, with the assumption of privacy, in the hope of discovering their family tree.

The court directly overruled these users’ request for privacy and now the company is obliged to hand over the data.

Read more: If you’ve given your DNA to a DNA database, US police may now have access to it

Police can search through the genetic database to identify people who are likely to be relatives of a person who left DNA at a crime scene. Then, by creating a family tree, police may be able to work out the probable identity of the criminal they are looking for.

This is how the infamous Golden State Killer was identified, many years after his serial killings.

Genealogy databases and sentencing

So far, prosecutors have used DNA evidence to persuade courts that a defendant was present at the scene of a crime and is likely to have committed it. But what if they want to use DNA evidence at sentencing to show the defendant is dangerous, and thus merits a longer sentence?

Genetic information – including from relatives – can be used not just to identify who you are, but to work out your likely behavioural and psychological features. The science is still in its infancy, but many traits are influenced by one’s DNA, including aggression.

This DNA information may well be used in the criminal justice system, in order to predict how a person may behave in the future.

Read more: DNA database sold to help law-enforcement crack cold cases

Let’s assume the prosecution wants to show an offender is dangerous. Some research has suggested males with a low-activity monoamine oxidase A gene (MAOA), who experienced maltreatment when young, are significantly more likely to be impulsive and aggressive than the general population.

So if genetic data inferred from an offender’s relatives in a database suggests they have low-activity MAOA, and there is evidence about the offender’s adverse childhood, an expert witness might argue their likely impulsivity and aggression presents an increased risk of future violence.

This might be used by the prosecution to make the case for a longer sentence. In some jurisdictions and circumstances, the prosecution may have a means of obtaining a sample of DNA directly from the offender. But where this is not legally possible without the offender’s consent, the inference from relatives might fill a gap in the prosecution’s case about how dangerous the offender is.

In short, the prosecution may be able to discover previously private information about offenders, which could be used in creative and concerning ways to argue for more severe punishment.

Reasons to be concerned

The stumble towards using this technology is unsettling on several fronts. It seems to provide luck with a disconcerting role in punishment. Should the way our carers treated us when we were young, and the genetic constitution of relatives (perhaps even those who we have never met), really have a significant role in how we are evaluated and sentenced?

A second issue is privacy. When you contribute your DNA to a genetic genealogy database, are you happy with the thought that your contribution might be used in criminal proceedings against a relative to argue for an extra year to be added to their sentence?

Once the DNA data is submitted, courts, governments, and businesses for generations to come will be able to infer the genetic constitution of your relatives.

Companies that collect genetic data, 23andMe and Ancestry.com, make a profit through selling it to researchers and other companies. The monetisation of this data is already under way, with 23andMe last week announcing they are licensing a drug created using their databases.

Since the Cambridge Analytica scandal there is good reason to worry about the dangers of businesses like these, which collect highly detailed information about the public in order to sell it for a profit.

Next time your family gathers together, you might want to discuss some of these issues. Who do you want to have your genetic data for generations to come? And how do you want it to be used?

Allan McCay, Law Teacher, University of Sydney and Christopher Lean, Postdoctoral research associate, University of Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment

Beware of bushfire scams: how fraudsters take advantage of those in need

Beware of bushfire scams: how fraudsters take advantage of those in need

Australians were also cheated out of A$400,000 last year in charity scams. Dean Lewins/AAP

Cassandra Cross, Queensland University of Technology

There’s been an overwhelming outpouring of love and support around the world for those impacted by the bushfires, from social-media donation drives to music concerts to authors auctioning off their books.

Sadly, but unsurprisingly, we’ve also seen a number of scams directed at those who want to help, as well as victims of the fires.

In recent days, the ACCC set up a hotline dedicated to the reporting of scams associated with the bushfire crisis. The agency notes some 86 scams have been reported since the fires started in September – and counting.

While it’s difficult to believe offenders would seek to profit from other people’s generosity and heartache, this is entirely to be expected.

What types of scams are common

Research has found natural disasters are a catalyst for increased fraud schemes globally. This was the case after Hurricane Katrina in 2005, the 2011 Japanese tsunami and the 2010 earthquake in Haiti, just to name a few.

Read more: How to donate to Australian bushfire relief: give money, watch for scams and think long term

In Australia, the current bushfire crisis has led to the creation of fake fund-raising websites, fraudulent door-knocking donation campaigns and fake calls from banks offering disaster relief funds.

In addition to the ACCC, several other consumer affairs agencies have issued warnings about these schemes.

The ongoing problem of fraud

In 2018, Australians lost over A$489.7 million to fraud. While a large part of this was through investment and romance fraud schemes ($146.5 million), Australians were also cheated out of A$210,000 in charity frauds. This increased to over A$400,000 in 2019.

The key element to fraud is lying for financial gain. Offenders will use whatever means possible to manipulate and deceive people into giving them money. This can involve obtaining money directly from a person, or by convincing victims to provide personal information to get cash through identity theft.

In charity frauds, offenders sometimes use the legitimate name of an organisation or individual to secure donations from victims, or they might use the pretext of a natural disaster or other negative event to obtain cash.

Harnessing the goodwill of strangers

Fraudsters use natural disasters in a variety of ways. They take advantage of our sense of sympathy and desire to help victims struggling through terrible events unfolding before our eyes. They also convey a sense of urgency aimed at convincing people to immediately part with their cash.

Importantly, offenders also exploit the fact people are highly motivated during times of disaster to donate money they ordinarily would not consider giving.

Read more: It’s not about money: we asked catfish why they trick people online

Social media enables offenders to readily advertise their fraudulent schemes. With online fraud, it is often difficult for victims to authenticate email accounts, websites, individuals or organisations soliciting money. Offenders often create fake documentation to support their schemes, as well.

Social media can also be used by fraudsters in disinformation campaigns. As these posts are shared across platforms such as Facebook and Twitter, offenders can generate traction for their “charity” pitch before it is identified as fraud. By this stage, it can be too late.

Victims vulnerable in disaster recovery, too

It’s important to note the risk of fraud is not limited to the time of the actual disaster, or the immediate aftermath.

Many of those who have experienced loss or damage in the bushfires, for instance, face a long road to recovery and could be susceptible to scams at any time.

Research indicates negative life events can make a person more vulnerable to fraud. Those affected by the bushfires may find themselves the victims of fraudulent investment opportunities, romantic relationships and other schemes claiming to help them get their lives back on track.

For example, offenders may offer to assist with the negotiation of mortgage repayments with banks, obviously for a fee (large or small).

Protecting ourselves against fraud

There are steps people can take to protect themselves from scams as the bushfire crisis is unfolding – and into the future.

In the short term, it’s important to think about how we donate financially to those in need. There are many appeals that have been set up by registered charities and organisations (such as the Red Cross, the CFA, and the RFS). These are the safest ways to send money. Remember requests through social media channels and other platforms may not be genuine.

Importantly, the internet is not the only way offenders operate. Fraudsters still use the telephone and even face-to-face communication to collect money.

Read more: From catfish to romance fraud, how to avoid getting caught in any online scam

Only call organisations you have researched to donate money and always ask for identification from those door-knocking for donations. If in doubt, don’t feel pressured to say yes and simply hang up or walk away.

In the longer term, we also need to be aware fraudsters take advantage of people when they are isolated, so it’s important to rally around family members, friends and others who are facing significant losses and feeling alone.

We need to better understand how fraud works and acknowledge anyone can be targeted. We also need to be able to talk about our vulnerabilities more openly in our homes and communities.

Fraud is an ongoing challenge globally. The current Australian bushfire crisis is simply the latest way for fraudsters to target our generosity and cause additional grief.

Cassandra Cross, Senior Research Fellow, Faculty of Law, Cybersecurity Cooperative Research Centre, Queensland University of Technology

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment

The ugly truth: tech companies are tracking and misusing our data, and there’s little we can do

The ugly truth: tech companies are tracking and misusing our data, and there’s little we can do

While leaks and whistleblowers continue to be valuable tools in the fight for data privacy, we can’t rely on them solely to keep big tech companies in check. SHUTTERSTOCK
Suranga Seneviratne, University of Sydney

As survey results pile, it’s becoming clear Australians are sceptical about how their online data is tracked and used. But one question worth asking is: are our fears founded?

The short answer is: yes.

In a survey of 2,000 people completed last year, Privacy Australia found 57.9% of participants weren’t confident companies would take adequate measures to protect their data.

Similar scepticism was noted in results from the 2017 Australian Community Attitudes to Privacy Survey of 1,800 people, which found:

• 79% of participants felt uncomfortable with targeted advertising based on their online activities

• 83% were uncomfortable with social networking companies keeping their information

• 66% believed it was standard practice for mobile apps to collect user information and

• 74% believed it was standard practice for websites to collect user information.

Also in 2017, the Digital Rights in Australia report, prepared by the University of Sydney’s Digital Rights and Governance Project, revealed 62% of 1,600 participants felt they weren’t in control of their online privacy. About 47% were also concerned the government could violate their privacy.

The ugly truth

Lately, a common pattern has emerged every time malpractice is exposed.

The company involved will provide an “opt-out” mechanism for users, or a dashboard to see what personal data is being collected (for example, Google Privacy Checkup), along with an apology.

If we opt-out, does this mean they stop collecting our data? Would they reveal collected data to us? And if we requested to have our data deleted, would they do so?

To be blunt, we don’t know. And as end users there’s not much we can do about it, anyway.

When it comes to personal data, it’s extremely difficult to identify unlawful collections among legitimate collections, because multiple factors need to be considered, including the context in which the data is collected, the methodology used to obtain user consent, and country-specific laws.

Also, it’s almost impossible to know if user data is being misused within company bounds or in business-to-business interactions.

Despite ongoing public outcry to protect online privacy, last year we witnessed the Cambridge Analytica scandal, in which a third party company was able to the gather personal information of millions of Facebook users and use it in political campaigns.

Earlier this year, both Amazon and Apple were reported to be using human annotators to listen to personal conversations, recorded via their respective digital assistants Alexa and Siri.

Read more: What if the companies that profit from your data had to pay you?

More recently, a New York Times article exposed how much fine granular data is acquired and maintained by relatively unknown consumer scoring companies. In one case, a third-party company knew the writer Kashmir Hill used her iPhone to order chicken tikka masala, vegetable samosas, and garlic naan on a Saturday night in April, three years ago.

At this rate, without any action, scepticism towards online privacy will only increase.

History is a teacher

Early this year, we witnessed the bitter end of the Do-Not-Track initiative. This was proposed as a privacy feature where requests made by an internet browser contained a flag, asking remote web servers to not track users. However, there was no legal framework to force web server compliance, so many web servers ended up discarding this flag.

Many companies have made it too difficult to opt-out from data collections, or request the deletion of all data related to an individual.

For example, as a solution to the backlash on human voice command annotation, Apple provided an opt-out mechanism. However, doing this for an Apple device is not straightforward, and the option isn’t prominent in the device settings.

Also, it’s clear tech companies don’t want to have opting-out of tracking as users’ default setting.

It’s worth noting that since Australia doesn’t have social media or internet giants, much of the country’s privacy-related debates are focused on government legislation.

Are regulatory safeguards useful?

But there is some hope left. Some recent events have prompted tech companies to think twice about the undeclared collection of user data.

For example, a US$5 billion fine is on air for Facebook, for its role in the Cambridge Analytica incident, and related practices of sharing user data with third parties. The exposure of this event has forced Facebook to take measures to improve its privacy controls and be forthcoming with users.

Similarly Google was fined EU$50 million under the General Data Protection Regulation by French data regulator CNIL, for lack of transparency and consent in user-targeted ads.

Like Facebook, Google responded by taking measures to improve the privacy of users, by stopping reading our e-mails to provide targeted ads, enhancing its privacy control dashboard, and revealing its vision to keep user data in devices rather than in the cloud.

Read more: Imagine what we could learn if we put a tracker on everyone and everything

No time to be complacent

While it’s clear current regulatory safeguards are having a positive effect on online privacy, there is ongoing debate about whether they are sufficient.

Some have argued about possible loopholes in the European Union’s General Data Protection Regulation, and the fact that some definitions of legitimate use of personal data leave room for interpretation.

Tech giants are multiple steps ahead of regulators, and are in a position to exploit any grey areas in legislation they can find.

We can’t rely on accidental leaks or whistleblowers to hold them accountable.

Respect for user privacy and ethical usage of personal data must come intrinsically from within these companies themselves.

Read more: If you’ve given your DNA to a DNA database, US police may now have access to it The Conversation

Suranga Seneviratne, Lecturer – Security, University of Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment