Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
The first time I was ever on the “real” Internet, it was late 1992. The World Wide Web wasn’t really much of a thing back then, but email was. “Chat rooms” where friends could virtually get together in real time were popular.
Downloading things via a modem was commonplace – it was unheard of to have a permanent Internet connection at one’s house. FTP allowed us to easily transfer files from place to place, albeit rather slowly and in a completely insecure manner. Security didn’t matter too much back then, mostly because the Internet was not a place for commerce. It was a place for information sharing, almost exclusively for geeks, by geeks.
As websites such as Ebay and Yahoo and Edmunds popped up, the Internet became much more useful for people other than geeks. It was still, generally speaking, unregulated, decentralized, and mostly self-governing. I loved it. Information on everything from how to fix very esoteric issues with cars to tips/tricks for every hobby imaginable to online banking were available. The “I Love You” email virus of the year 2000 was the first time I remember the whole system coming apart. Email servers were down around the world. Large pieces of the Internet were unavailable for hours. It made headlines on every news outlet. By 2000, the Internet had become important. At the same time, the Internet was fragile. It still felt more like the Wild West to me.
It wasn’t until social media came on the scene as part of the 2008 USA election that the Internet itself appeared to be a key source of information for lots and lots of people. This problem has compounded itself in recent years, now that essentially all of us have smartphones that allow access to the Internet anywhere, anytime. The feeling of the Wild West on the Internet has long since passed. In some ways, the Internet itself is much more mature. It is certainly more available, more reliable and much, much faster. The information on the Internet may be far less accurate than it once was, but the system itself has matured, although issues such as undersea cables and DNS servers that are single points of failure still exist.
Cryptocurrency sprang into existence around 2010, and people started caring about it in 2013 when Bitcoin broke the $1000-per-bitcoin barrier. The idea behind cryptocurrencies is that there is no centralized bank nor government controlling them. There are four things that allow a cryptocurrency to work as currency: 1) A distributed ledger where many people track all transactions and anyone can inspect those transactions. 2) An immutable record of all transactions (the blockchain) so that no one can modify records of what transactions did or did not take place. 3) Artificial scarcity of the cryptocurrency in question (math takes care of this). 4) Enough people need to decide that a given cryptocurrency is OK to use as actual money. Items 1, 2, and 3 are all technical issues, and they have been solved. Item #4 took several years, but we appear to be living in a time where enough people believe in cryptocurrencies that they are genuinely valuable. Right up until the time that people stop believing in them. Then they aren’t valuable anymore.
There is nothing supporting any cryptocurrency outside of people’s belief in it. Even though most governments issue “fiat” money that isn’t backed by anything, when a given government issues currency, belief in that particular government, that country as a whole, and that country’s economy all have large roles in determining the value of a currency. Cryptocurrency doesn’t have any of that. For better or worse, there is no government backing it. To continue to muddy the cryptocurrency waters, while there are a finite number of how much of any cryptocurrency can be produced (for example there will only ever be 21 million bitcoins), there is no limit on how many cryptocurrencies can be produced. People can just make up their own cryptocurrency, and many have.
In order to translate cryptocurrency into regular currency, there needs to be someone willing to give up, for example, US dollars in exchange for Bitcoin. When someone wants to do this on a large scale, it gets difficult because the number of people that have millions of dollars in cash that they are willing to exchange for bitcoin is small. So, decentralized banks (or DeFi) have sprung up that allow people to store their cryptocurrency, to exchange it for other cryptocurrencies, or to exchange it for traditional currency.
There are good and bad aspects to DeFi. On the plus side, they charge far less to their customers than traditional banks do. They break down geographic barriers. They make it easy to perform commerce where existing laws may prevent it. On the other hand, DeFi is completely unregulated. There are no government rules that they are trying to adhere to. Organized crime and even nation-states (primarily North Korea) are actively trying to break into them, and have been very successful in doing so. When a DeFi bank is hacked and their cryptocurrency “private key” is stolen, then all of their money can be moved out of the bank, often never to return.
It's a Wild West way of doing business, similar to the Internet of the 1990’s. This month’s collapse of one of the largest DeFi banks called FTX has shown the fragility of the entire DeFi banking system. Long story short, it appears that FTX did the following:
Invented their own cryptocurrency, called FTT
Sold a tiny fraction of that cryptocurrency at a high price, but kept 98% of FTT for themselves
They then claimed on their balance sheet that the 98% of FTT they kept is worth billions
They used that self-made cryptocurrency as collateral to spend money on lots of other things
An article was published stating that FTX had most of their assets in their own made-up currency. A rival exchange announced that they were selling their holdings of FTT.
People started pulling their money out of FTX
FTX ran out of money
It’s like the “I Love You” virus all over again. An inherently fragile system has been shown to be just that – fragile. Without any regulation, financial services companies often do foolish or dishonest things. Heck, even with regulation financial services companies do foolish or dishonest things. In a DeFi situation, there is no regulation, so it’s much easier to build a “house of cards” like FTX did.
So where does that leave people that have invested in cryptocurrencies? First, your assets are worth less, but you already know that. Second, cryptocurrency exchanges are under siege, both by cybercriminals and by shady leaders that do foolish things. I’d recommend keeping your cryptocurrency in several baskets instead of having everything in one DeFi bank, and that hardware wallets are a very good option, as you can remove your cryptocurrency from the Internet altogether. Third, cryptocurrencies are extremely speculative. People have made lots of money. People have lost lots of money. Be careful.
Until next month, stay safe!
Upcoming Speaking Events
Live events are back in action! Here is a list of the cities that I will be in for 2022/2023. Please feel free to reach out if you have an event in mind.
November 7th-10th, Atlanta, GA
November 28th-Dec 2nd, Key West, FL
December 10th-12th, Portland, OR
December 12th-15th, San Francisco, CA
February 22nd-24th, Ames, IA
March 7th-8th, San Diego, CA
March 13th-15th, Salt Lake City, UT
Very good reading here on new LinkedIn features to help you tell real accounts from fake ones.
Some very helpful advice here on how to use (or not use) IoT devices. They are common attack vectors into companies. They need care/feeding (patching). IoT stands for "Internet of Things". Examples include video cameras, thermostats, fire alarm panels, etc.
Cybersecurity Tip of the Month
How To Stay on Top of Cybersecurity Ahead of the Holidays
It may seem like these are common sense, but you’d be surprised how a simple reminder of cybersecurity best practices can make a big difference and go a long way this Holiday season.
Ditch the gift cards. They’re just too easy to hack and scam. Stick to cold hard cash if your creative juices have run out (or if that’s all they really want).
Make sure you have Multi-Factor Authentication (MFA) on all accounts you care about, especially any financial institutions you use. Any fraud involving your bank accounts, emails, and social media accounts this time of year could really put a damper on your holiday plans and add undue stress.
Consider a gift for your family and friends of a premium plan on a password protector. There are a lot of good choices out there (Dashlane, Lastpass, 1Password, etc.). $60 a year for a family to stay password protected? Now that’s a great gift.
As we near the end of 2022, now is a wonderful time to re-evaluate all passwords, practices, security measures and patches. Both for yourself personally and for your business, determine that you won’t go into 2023 vulnerable to cyber attacks.