Cyber Security training from QA

Rise and Fall of Bitcoin

With the popularity and value of crypto currencies growing, so do the security and anonymity concerns.


Graeme Batsman | 1 February 2018

As with everyone we all regret not doing something, be it not buying shares in Apple or not buying 100 LTC (Litecoins) two years ago. Bitcoin and newer crypto currencies were created as a non-capitalist, de-centralised and likely anti-government establishment alternative to the Pound, Euro or Dollar which is extremely widely accepted and has regulators. The funny thing is Bitcoin is slowly becoming more mainstream and you could argue has become part of a capitalist system!

Two years ago, 1 BTC (Bitcoin) was worth $319 and today (31/01/18) $10130 – an increase of over 3000%. A single share in Microsoft has only just about increased 100% in two years. Recently BTC dropped by about £1000 in a single day, which a share would just never do. Volatile it is, it usually jumps back and there is speculation it could hit $50,000 next year. A bank account from NatWest, Barclays and HSBC is where people normally store their cash, from pounds to hundreds of thousands until now.

To get a bank account with the above you need to show a passport, driving license, proof of address, utility bills and days or weeks later subject to their terms you get a bank account number, sort code, online logins and a physical card. The bank and the state can freeze your cash if they wish. With crypto currency it is very different and without any checks you can create your own local 'bank account' in under a minute.

 

What does it look like?

Bitcoin

 

The public address is as it sounds, people can look it up, see the value and transaction history. The private or secret key is used to transfer money out.

With a conventional bank account, the security of the bank is down to the bank and the security of the account is down to the bank as well as you. With a virtual wallet (account) it is 100% down to you and you are on your own. If you lose it or lose the password (if you set one) you are stuffed.

 

Crypto currency security

NatWest, Barclays & HSBC force you to login with a unique username, password & PIN and they enforce two factor authentication. Out of the box a crypto wallet can be in plain text, protected with a password or passphrase or stored on a special USB stick. Two years ago, what sounded more appealing breaking into someone's bank account at HSBC and stealing say £9,000 or stealing $319? Jump ahead two years and $319 is now worth well over £9,000 and guess what HSBC is not responsible for it.

From an end-users view security concerns do not lie in the 'network' but in the actual wallet. Wallets can be stored on a desktop, laptop, tablet, smartphone, USB stick, piece of paper or online. Simple, if someone can access the wallet, recovery words or the private key they can transfer the money out. Wallets in the electronic format can be password protected but with passwords they can be guessed or key logged. Some of the online wallet stores have been breached. Like with anything it is better to keep it close to your chest.

Phishing usually goes for your email address, bank details or PayPal logins however lately the phisher men are going for wallets due to the sharp increase in value. The bad guys & guys are creating fake sites which ask for online wallet login details or even the private/public key address. A better storage method is a normal or special USB stick which is intended to store wallets. Now to steal the wallet you need to steal the stick or get lucky and hijack the wallet whilst the USB is connected to a computer.

The most secure storage method is a paper wallet which you can see above. You get a public/private key along with QR codes to print off. Though if you lose it, you have lost £x or leaked it to someone else. Best to store such paper wallets in a safe and keep spare copies. Better still you can password protect a paper wallet with BIP38. Storing a paper wallet in a safe raises an interesting and likely unknown question. If the safe is rated to £4,000 and your paper wallet is stolen from it, can you file against the safe manufacturer or the insurance provider?

 

Crypto currency 'anonymity'

Compared to a bank account crypto currencies are more anonymous and that is why the underworld likes them. Unlike a bank account you cannot simply look up an account number and see the total nor past transactions. Anonymity depends on your usage. Anyone can generate an 'account' without providing a name, address, date of birth or any ID by visiting a wallet generator such as https://www.walletgenerator.net or using a local generator. Once generated and empty it is pretty much anonymous since there is no value nor history.

The audit trail begins when you receive money. If you are an average user you will go to an exchange, provide them a name, address, email address, password and proof of address then you can buy currency. To buy it you would select the amount and it would ask you to transfer £x to a bank account and minutes later your wallet now has £x in it. If someone was going to hack or subpoena the exchange your identity would be exposed. They could see who sent you the money.

Slowly you can spend crypto currency in the real world. Some shops (more independents) and even food market stalls accept Bitcoins. Let's imagine your wallet had £1,000 in it and every Friday there was a food market near your office. Instead of paying £5 you could transfer a fraction of a Bitcoin over. If you did this a lot and with different food stands someone could figure out where you eat, what you eat and where you likely work. This is assuming someone knew Bitcoin public address x belonged to food stand(s) x.

 

China

A quarter way through the first month of the year and the Chinese state announced a clampdown on Bitcoin mining in China. Why? Due to the state not being able to control it, the tax rules around crypto currency being a very grey area and because of 'high' power consumption - reports say around 0.2% of the countries power consumption is from miners. Currently China has the highest number of miners and the reasons are simple, 1. The population is 21x that of the United Kingdom and 2. Power (and labour) is cheap.

Enforcing this new law could be tricky since China is about the same size of Europe and with a massive population. It maybe easy to shut down giant mining farms but they could keep moving or split up to evade detection. Money also talks… Even if Bitcoin dropped by 2/3 it would still be profitable to mine them in China or elsewhere (Switzerland or Russia are possibilities). The impact is unlikely to be great and from 3/1 - 10/1 it has only dropped by 3.73%. That said crypto currencies are very unstable generally - with Ripple being branded as amazing, then dropping 38.3% in seven days and then Ethereum jumping 33% in the same time frame.

 

Cyber Security training from QA

QA have uniquely positioned themselves to help solve the Cyber skills gap from our CyberFirst and Cyber Apprenticeship programmes and Cyber Academies to Cyber Challenges, Training and Certifications and Consultancy for Cyber Security.

They offer end-to-end Cyber training and certifications from Cyber Awareness to deep dive Cyber Programmes and solutions; from Cyber Investigations, Cyber Crisis Management, Proactive Security to Offensive Defence. QA only employ world leading Cyber trainers who have the expertise to deliver bespoke Cyber solutions, GCHQ accredited courses and proudly the CyberFirst programme. This is all to support in tackling the UK's National Cyber Security skills shortage.

QA also have state-of-the-art CyberLabs, where companies can simulate real-life Cyber-attacks on their infrastructure, helping them to prevent & combat breaches without risking their own network.

Take a look at QA's CyberLabs

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Graeme Batsman

Graeme Batsman

Cyber Security Trainer

Graeme joined QA in 2017 and has worked in security on and off for 13 years. His last role was as a Senior Technical Security consultant at Capgemini covering public and private sector. From the age of 17 he was running investigations into online scams and phishing. Today his experience is in OSINT and thinking like a hacker to review + tweak settings with a fine tooth comb.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.