Friday Five 4/30
Cryptocurrency laundering, ransomware taskforces, and impromptu tech weeks - catch up on all of the week's infosec news with the Friday Five!
1. US arrests alleged 'Bitcoin Fog' boss, who is accused of laundering millions by Sean Lyngaas
Federal agents have charged an alleged operator of a cryptocurrency-obfuscation service with money laundering after hundreds of millions of dollars of potentially illicit money was run through “Bitcoin Fog” in the past decade. The service worked by separating transmitted bitcoin from its bitcoin address, something which made the transactions anonymous. What piqued the interest of prosecutors was a large amount of money run through ‘Bitcoin Fog’ coming from dark web forums like the Silk Road. The arrest follows on the heels of federal agencies’ recent crackdown on dark web forums in both the US and Europe. Only time will tell if the recent spate of arrests will have a chilling effect on illicit activity on the dark web.
2. Daniel Kaminsky, Internet Security Savior, Dies at 42 by Nicole Perlroth
Daniel Kaminsky, a beloved and accomplished security researcher, passed away this week, leaving the security community devastated. He is perhaps most famous for his recognition and subsequent fixing of a problem with the DNS, which without his intervention, could have been exploited by cybercriminals to revert traffic from any legitimate page to a fraudulent page. Along with his incredible security work, he was known for his generosity and for mentoring countless young hackers and journalists. His passing is a massive loss to the security community on both a professional and personal level and we encourage you to read the many eulogies this week recognizing his life.
3. Ransomware Task Force releases long-awaited recommendations by Joe Uchill
A new ransomware taskforce has released its long-awaited framework. The taskforce was a joint venture drawing on expertise ranging from the government to academia to cyber insurance. The recommendations are expected to influence federal policy. Among the guidance in the report is the suggestion to establish a NIST-type framework to help organizations have a standard and effective way to respond to ransomware attacks. It’s also significant that the report reframes ransomware as a national security issue, which will inevitably lend greater funding and scrutiny to the problem. Organizations and individuals should delve into the report, as it is a great summary of the collective wisdom around how to respond effectively to a ransomware attack.
4. 'Miami Tech Week' Wasn't Planned. But the Hype is Infectious by Arielle Pardes
This fun story details the impromptu and unofficial “Miami Tech Week.” The week started when a principal at a Venture Capital Firm tweeted about a lot of VCs going to Miami to meet during the week. The tweet subsequently went viral and flights from San Francisco to Miami surged to twice their normal fare. Though a one-off event, the various meetups this week point to Miami’s continued emergence as a technology hub. Over the last few years, many entrepreneurs and venture capitalists have moved to Miami, as there is no state income tax, and the mayor has continued to put founder and business-friendly policies into place. For those of us in the tech world, it’s worth keeping an eye on Miami to see if it really does become the next Silicon Valley, or at least something close to it.
5. FBI Shares Email Addresses to Speed Emotet Cleanup by Jeremy Kirk
In an effort to stop the Emotet malware, the FBI has shared 4.3 million stolen emails with the breach notification site Have I Been Pwned. The news is significant because it’s the first time that the FBI has worked with the independent breach notification site to notify potential victims and could signal a new era of private and government partnership. Most security experts recognize that to stop cybercriminals, there needs to be greater collaboration between the public and private sector, so this is positive news. Individuals should check Have I Been Pwned to see if their email has been affected and reset their password accordingly.