Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
People have been trying to create their own currency for ages. JPM Coin, Disney Dollars, the Ithaca Hour, Facebook Libra, and so on. None have ever caught on outside of a small group of users or a small geographic region, with one exception: Cryptocurrency.
Some parts of cryptocurrency look great on paper: It’s totally decentralized, so it’s hard for a government to manipulate its value artificially. It’s only backed by artificial scarcity and people’s belief that it has value. It was touted to be totally anonymous, which made it extremely appealing to those wishing to do financial transactions without the watchful eye of law enforcement. More on that last point in a second…
Some parts of cryptocurrency are truly dreadful: Most cryptocurrencies are “mined” based on something called “proof of work”, which is a huge waste of computing power and is large enough to meaningfully contribute to global warming. Crypto mining is using more power than the country of Thailand. There is a finite amount of any given cryptocurrency, but there can be an infinite number of cryptocurrencies, and they have been popping up faster than disinformation about political campaigns. It’s easy to lose track of the “key” that unlocks your cryptocurrency account, and there is no way to get it back. For any currency to work, it has to be “fungible”, meaning that my crypto has the same value of your crypto and can be used to spend on the exact same things in the exact same way, just like a dollar bill. Now it turns out that the blockchain isn’t quite as anonymous as advertised, so people can have “clean” cryptocurrency or “dirty” cryptocurrency. Dirty cryptocurrency is much harder to spend than clean cryptocurrency, but it’s very debatable on who deems a given cryptocurrency wallet “clean” or “dirty”.
It is my opinion that we may be at the beginning of the end of cryptocurrencies. It was illegal transactions that drove cryptocurrencies into general acceptance, and it was COVID 19 (and people stuck at home with excess cash) that drove some cryptocurrency values into the stratosphere. Today, almost everybody is back to work post COVID-lockdown. More importantly, criminals are finding out that the anonymity of cryptocurrency isn’t what they thought it was.
In order for a cryptocurrency to work (other than the fact that people need to believe that it has value), it needs three things: artificial scarcity (math takes care of this), a distributed ledger that anyone can read to verify what transactions took place, and immutability of the distributed ledger. Let’s focus on that last part: In order for a ledger to be immutable, there has to be some mechanism by which it cannot be altered after a transaction has occurred. This is what makes a “blockchain” so useful. Because of fancy math that encrypted each block of data on the chain, nothing on the entire chain can be altered without it being obvious to anyone that reads it. Each transaction is tied to the one before it and the one after it, and altering any information in the existing chain isn’t possible without being detected. While this allows for a truly decentralized currency to work, it also allows for each transaction to be traced back to the beginning of the cryptocurrency in question. Each electronic wallet for cryptocurrency is tied to an email account, and each email account is tied to a person (if authorities try hard enough to correlate who owns a given email address). Cryptocurrency’s best attribute is also its downfall: every transaction can be validated by anyone, so no centralized bank or government needs to control it in order for it to work. On the flipside, anyone can examine the blockchain and make a map of what cryptocurrency went where. It isn’t easy to do this, but there are now companies that specialize in it, and the arrest of James Zhong and takedown of Welcome to Video are good examples of how far blockchain analysis has come.
So where is the future of cryptocurrency going? Well, it started primarily (but not completely) to help people avoid detection of financial transactions. That has become a thing of the past. I think that cryptocurrency will continue to be an interesting speculative investment for those that are very risk tolerant, but my guess is that we are at the beginning of the end of the era of cryptocurrencies because the anonymity that brought them to stardom was a house of cards that companies like Chainalysis are knocking down.
Until next month, stay safe!
Upcoming Speaking Events
Here is a list of the cities that I will be in for 2023. Please feel free to reach out if you have an event in mind.
May 29th-June 2nd, Las Vegas, NV
June 16th-22nd, Dublin, Ireland
July 17th-18th, Orlando, FL
August 19th-20th, Honolulu, HI
September 1st-3rd, Eau Galle, WI
October 2nd, Brainerd, MN
October 22-24th, New Orleans, LA
This is an extremely interesting story on how Wal-Mart measures the "true" risk that a given cybersecurity vulnerability presents to the organization. It isn't always easy translating a CVSS score to a "what does this mean to my organization" score.
Creating Online Accounts Before Someone Else Does For You
Many people choose to have a minimal online presence thinking it may help keep them safe from becoming a victim of cybercrime. However, with the increased availability of personal information that can be found online, cybercriminals have gotten better at using social engineering and other methods to commit fraud. This can include using information such as addresses, Social Security numbers, and birthdays to impersonate victims and create accounts online, allowing them to steal financial information or money and avoid detection until well after the damage is done.
Banks, water companies, power companies, the IRS and even the post office are all offering to service you through an "online account". It is very important that you set up these accounts as yourself, before a cybercriminal beats you to it and tries to have your mail rerouted to them or your IRS tax refund sent to the wrong account. Turn on multi-factor authentication on these accounts and add a pin number if possible. Freezing your credit can also help prevent fraud. If you have older friends or family members who do not have much experience using the internet, offer to help them set up their own accounts and credit freezes as well.
Some places that you should set up online accounts include:
• phone and internet provider
• cell phone carrier
• bank and retirement accounts
• credit cards
• Social Security Administration