More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed.
For a form of currency that bases itself on safety and security, $11 billion is a pretty significant number. Stored on blockchain technology and protected by encryption keys, cryptocurrencies are supposed to be impossible to counterfeit or copy.
In fact, the currency is so secure that when the co-founder and chief of Canadian exchange QuadringaCX Gerald Cotten died last year, it transpired he was the only one with the digital keys to the digital safe where all the coins were kept.
Since then, there have been questions as to whether or not Cotton actually died at all. Lawyers for Quadringa’s investors have even called for his body to be exhumed in order to settle the matter once and for all.
However, it turns out even crypto coins can be half-inched. According to US bitcoin publication Inside Bitcoins, there have been some 33 hacking incidents, globally, since 2011.
The exchange that fell victim to the first reported crypto hack in 2011 was also on the sharp end of the biggest hack in 2014.
In 2011, Tokyo exchange Mt.Gox was breached, losing about US$17.2 million in bitcoin.
It recovered from the incident, and by 2014, it was the leading exchange in the world, managing about 70% of all bitcoin transactions.
In February 2014, however, it suffered a second attack, losing about US$6.5 billion worth of bitcoin — or six percent of all bitcoin in existence at the time.
Three years later, Mt.Gox was bankrupt.
The Mt.Gox hack of 2014 is now infamous — it’s the subject of lengthy deep-dive articles, it’s explored in many tech podcasts and its even the subject of an ebook.
Three additional hacks were recorded in 2014, bringing the total loss to US$6.7 billion, and making the year an almost comical standout on a graph detailing losses over the past eight years.
By contrast, the second most-catastrophic year was 2016, which saw total losses of US$1.6 billion in cryptocurrency.
Interestingly, 2017 saw an increase in the number of hacks, but a dip in the value stolen. It’s perhaps no surprise that there was more criminal interest — this was the year of the crypto-boom, in which prices reached a peak of US$20,000.
However, the most hacks occurred in 2019, including that of prominent exchange Binance, which lost about US$60.5 million in bitcoin.
Others expressed serious concern that the technology could put women at risk, and make life easier for all the wrong people.
A memo from Clearview distributed to potential customers purportedly addressed concerns, stressing that the tech is totally legal and not at all creepy.
“An informed legal analysis … establishes that law enforcement agencies’ use of Clearview for its intended purpose is fully consistent with current federal law and state biometric and privacy laws,” the memo said.
How similar do you think you are to your second cousin? Or your estranged great aunt?
Would you like to have people assess your behaviour from what your great aunt has done? How would you feel if courts used data gained from them to decide how you are likely to behave in the future?
Scientists are making connections between a person’s DNA and their tendencies for certain kinds of behaviour. At the same time, commercial DNA databases are becoming more common and police are gaining access to them.
When these trends combine, genetic data inferred about offenders from their relatives might one day be used by courts to determine sentences. In the future, the data from your great aunt could be used by a court to determine how severely you are punished for a crime.
DNA databases can be used to identify relatives of criminals
A Florida judge recently approved a warrant to search a genetic genealogy database, GED Match. This American company has approximately 1.3 million users who have uploaded their personal genetic data, with the assumption of privacy, in the hope of discovering their family tree.
The court directly overruled these users’ request for privacy and now the company is obliged to hand over the data.
Police can search through the genetic database to identify people who are likely to be relatives of a person who left DNA at a crime scene. Then, by creating a family tree, police may be able to work out the probable identity of the criminal they are looking for.
This is how the infamous Golden State Killer was identified, many years after his serial killings.
Genealogy databases and sentencing
So far, prosecutors have used DNA evidence to persuade courts that a defendant was present at the scene of a crime and is likely to have committed it. But what if they want to use DNA evidence at sentencing to show the defendant is dangerous, and thus merits a longer sentence?
Genetic information – including from relatives – can be used not just to identify who you are, but to work out your likely behavioural and psychological features. The science is still in its infancy, but many traits are influenced by one’s DNA, including aggression.
This DNA information may well be used in the criminal justice system, in order to predict how a person may behave in the future.
Let’s assume the prosecution wants to show an offender is dangerous. Some research has suggested males with a low-activity monoamine oxidase A gene (MAOA), who experienced maltreatment when young, are significantly more likely to be impulsive and aggressive than the general population.
So if genetic data inferred from an offender’s relatives in a database suggests they have low-activity MAOA, and there is evidence about the offender’s adverse childhood, an expert witness might argue their likely impulsivity and aggression presents an increased risk of future violence.
This might be used by the prosecution to make the case for a longer sentence. In some jurisdictions and circumstances, the prosecution may have a means of obtaining a sample of DNA directly from the offender. But where this is not legally possible without the offender’s consent, the inference from relatives might fill a gap in the prosecution’s case about how dangerous the offender is.
In short, the prosecution may be able to discover previously private information about offenders, which could be used in creative and concerning ways to argue for more severe punishment.
Reasons to be concerned
The stumble towards using this technology is unsettling on several fronts. It seems to provide luck with a disconcerting role in punishment. Should the way our carers treated us when we were young, and the genetic constitution of relatives (perhaps even those who we have never met), really have a significant role in how we are evaluated and sentenced?
A second issue is privacy. When you contribute your DNA to a genetic genealogy database, are you happy with the thought that your contribution might be used in criminal proceedings against a relative to argue for an extra year to be added to their sentence?
Once the DNA data is submitted, courts, governments, and businesses for generations to come will be able to infer the genetic constitution of your relatives.
Companies that collect genetic data, 23andMe and Ancestry.com, make a profit through selling it to researchers and other companies. The monetisation of this data is already under way, with 23andMe last week announcing they are licensing a drug created using their databases.
Since the Cambridge Analytica scandal there is good reason to worry about the dangers of businesses like these, which collect highly detailed information about the public in order to sell it for a profit.
Next time your family gathers together, you might want to discuss some of these issues. Who do you want to have your genetic data for generations to come? And how do you want it to be used?
There’s been an overwhelming outpouring of love and support around the world for those impacted by the bushfires, from social-media donation drives to music concerts to authors auctioning off their books.
Sadly, but unsurprisingly, we’ve also seen a number of scams directed at those who want to help, as well as victims of the fires.
In recent days, the ACCC set up a hotline dedicated to the reporting of scams associated with the bushfire crisis. The agency notes some 86 scams have been reported since the fires started in September – and counting.
While it’s difficult to believe offenders would seek to profit from other people’s generosity and heartache, this is entirely to be expected.
In 2018, Australians lost over A$489.7 million to fraud. While a large part of this was through investment and romance fraud schemes ($146.5 million), Australians were also cheated out of A$210,000 in charity frauds. This increased to over A$400,000 in 2019.
The key element to fraud is lying for financial gain. Offenders will use whatever means possible to manipulate and deceive people into giving them money. This can involve obtaining money directly from a person, or by convincing victims to provide personal information to get cash through identity theft.
In charity frauds, offenders sometimes use the legitimate name of an organisation or individual to secure donations from victims, or they might use the pretext of a natural disaster or other negative event to obtain cash.
Harnessing the goodwill of strangers
Fraudsters use natural disasters in a variety of ways. They take advantage of our sense of sympathy and desire to help victims struggling through terrible events unfolding before our eyes. They also convey a sense of urgency aimed at convincing people to immediately part with their cash.
Importantly, offenders also exploit the fact people are highly motivated during times of disaster to donate money they ordinarily would not consider giving.
Social media enables offenders to readily advertise their fraudulent schemes. With online fraud, it is often difficult for victims to authenticate email accounts, websites, individuals or organisations soliciting money. Offenders often create fake documentation to support their schemes, as well.
Social media can also be used by fraudsters in disinformation campaigns. As these posts are shared across platforms such as Facebook and Twitter, offenders can generate traction for their “charity” pitch before it is identified as fraud. By this stage, it can be too late.
Victims vulnerable in disaster recovery, too
It’s important to note the risk of fraud is not limited to the time of the actual disaster, or the immediate aftermath.
Many of those who have experienced loss or damage in the bushfires, for instance, face a long road to recovery and could be susceptible to scams at any time.
Research indicates negative life events can make a person more vulnerable to fraud. Those affected by the bushfires may find themselves the victims of fraudulent investment opportunities, romantic relationships and other schemes claiming to help them get their lives back on track.
For example, offenders may offer to assist with the negotiation of mortgage repayments with banks, obviously for a fee (large or small).
Protecting ourselves against fraud
There are steps people can take to protect themselves from scams as the bushfire crisis is unfolding – and into the future.
In the short term, it’s important to think about how we donate financially to those in need. There are many appeals that have been set up by registered charities and organisations (such as the Red Cross, the CFA, and the RFS). These are the safest ways to send money. Remember requests through social media channels and other platforms may not be genuine.
Importantly, the internet is not the only way offenders operate. Fraudsters still use the telephone and even face-to-face communication to collect money.
Only call organisations you have researched to donate money and always ask for identification from those door-knocking for donations. If in doubt, don’t feel pressured to say yes and simply hang up or walk away.
In the longer term, we also need to be aware fraudsters take advantage of people when they are isolated, so it’s important to rally around family members, friends and others who are facing significant losses and feeling alone.
We need to better understand how fraud works and acknowledge anyone can be targeted. We also need to be able to talk about our vulnerabilities more openly in our homes and communities.
Fraud is an ongoing challenge globally. The current Australian bushfire crisis is simply the latest way for fraudsters to target our generosity and cause additional grief.
Lately, a common pattern has emerged every time malpractice is exposed.
The company involved will provide an “opt-out” mechanism for users, or a dashboard to see what personal data is being collected (for example, Google Privacy Checkup), along with an apology.
If we opt-out, does this mean they stop collecting our data? Would they reveal collected data to us? And if we requested to have our data deleted, would they do so?
To be blunt, we don’t know. And as end users there’s not much we can do about it, anyway.
When it comes to personal data, it’s extremely difficult to identify unlawful collections among legitimate collections, because multiple factors need to be considered, including the context in which the data is collected, the methodology used to obtain user consent, and country-specific laws.
Also, it’s almost impossible to know if user data is being misused within company bounds or in business-to-business interactions.
Despite ongoing public outcry to protect online privacy, last year we witnessed the Cambridge Analytica scandal, in which a third party company was able to the gather personal information of millions of Facebook users and use it in political campaigns.
Earlier this year, both Amazon and Apple were reported to be using human annotators to listen to personal conversations, recorded via their respective digital assistants Alexa and Siri.
More recently, a New York Times article exposed how much fine granular data is acquired and maintained by relatively unknown consumer scoring companies. In one case, a third-party company knew the writer Kashmir Hill used her iPhone to order chicken tikka masala, vegetable samosas, and garlic naan on a Saturday night in April, three years ago.
At this rate, without any action, scepticism towards online privacy will only increase.
History is a teacher
Early this year, we witnessed the bitter end of the Do-Not-Track initiative. This was proposed as a privacy feature where requests made by an internet browser contained a flag, asking remote web servers to not track users. However, there was no legal framework to force web server compliance, so many web servers ended up discarding this flag.
Many companies have made it too difficult to opt-out from data collections, or request the deletion of all data related to an individual.
For example, as a solution to the backlash on human voice command annotation, Apple provided an opt-out mechanism. However, doing this for an Apple device is not straightforward, and the option isn’t prominent in the device settings.
It’s worth noting that since Australia doesn’t have social media or internet giants, much of the country’s privacy-related debates are focused on government legislation.
Are regulatory safeguards useful?
But there is some hope left. Some recent events have prompted tech companies to think twice about the undeclared collection of user data.
For example, a US$5 billion fine is on air for Facebook, for its role in the Cambridge Analytica incident, and related practices of sharing user data with third parties. The exposure of this event has forced Facebook to take measures to improve its privacy controls and be forthcoming with users.