home link https://sentinelprotocol.io/
센티넬 프로토콜은 보안 지능형 플랫폼입니다. 합의 알고리즘과 인센티브 보상 시스템이 적용된 블록체인 위에 크라우드 소스 기반 위협 정보 데이터베이스를 구축하는 것을 목표로 합니다. 화이트 해커로 이루어진 센티넬의 보안 전문가들은 현재 사이버 공간을 보안 위협으로부터 안전한 공간으로 만드는 것을 목표로하고 있습니다.
Founder & CEO
Head of Operations
Head of Business
웁살라시큐리티 AML 솔루션, 아세안금융혁신네트워...
웁살라시큐리티 AML 솔루션, 아세안금융혁신네트워크 플랫폼 APIX에 가상자산 업계 최초 등록APIX 플랫폼 내 디지털 뱅크 구축을 위한 프로토 타입 파트너 그룹에 공식 지정된 웁살라시큐리티 자료 제공: 웁사라시큐리티(Uppsala Security)블록체인 기반 사이버 보안 전문 기업인 웁살라 시큐리티는 자사의 가상자산 자금세탁방지 솔루션이 아세안금융혁신네트워크(AFIN)의 플랫폼인 APIX에 최초이자 유일한 암호화폐 자금세탁방지(AML) 및 이상금융거래탐지시스템(FDS) 전용 API로 등록되었다고 15일 밝혔다.APIX는 싱가포르 통화청(MAS), 국제금융공사(IFC), 아세안은행협회(ABA)가 2018년 공동 설립한 비영리단체인 AFIN(ASEAN Financial Innovation Network)의 글로벌 오픈 아키텍처 플랫폼으로, 다국적 핀테크 기업인 Virtusa, Deloitte Consulting, Percipient, Fidor Solutions의 컨소시엄에 의해 개발되었다. AFIN과 APIX의 기술, 개발 및 글로벌 확장 등 전반적인 업무를 지원하는 전략자문위원회(SAC)는 마스터카드, 아마존 웹 서비스 등과 같은 업계 최고의 리더들로 구성되어 있다.APIX는 핀테크와 금융 기관 간의 협업을 위한, 전세계를 아우르는 개방형 API 시장 및 샌드박스 플랫폼으로, 해당 플랫폼에 가입한 기업 사용자는 샌드박스 내에서 클라우드 기반 아키텍처를 통해 서로의 솔루션을 통합하고 테스트할 수 있다. 이를 통해 금융 기업들은 혁신적인 금융 솔루션 및 API를 손 쉽게 검색, 설계 및 구축할 수 있으며, 사용자가 구입한 제품에 대한 리뷰와 피드백을 자유롭게 제시함으로써 비즈니스 문제에 대한 솔루션을 공유하고 인사이트를 나눌 수 있다.현재 APIX에 등록 되어있는 웁살라 시큐리티의 “Digital Asset AML” API는 집단지성 기반의 위협 정보 데이터베이스인 TRDB가 취합된 최신보안 위협정보를 실시간으로 공유하여 스캠, 혐의거래 지갑 주소 및 URL 등에 대한 검증된 화이트리스트 및 블랙리스트 정보를 제공 한다.APIX 플랫폼 내에 유일한 가상자산 자금세탁방지 솔루션으로 등록된 웁살라시큐리티의 API, (APIX 홈페이지 갈무리)웁살라 시큐리티에 따르면 자사의 API는 모든 암호화폐 거래소, 지갑, 및 모든 종류의 암호화폐 트랜젝션 애플리케이션 등, 다양한 고객군의 니즈에 맞게 커스터마이즈 되어 손쉽게 결합될 수 있으며 국제적 표준 표현 규격인 STIX를 사용하여 어떤 소프트웨어와도 호환이 가능하다고 한다.아세안 지역 내/외부에 있는 모든 금융 기관이나 핀테크사는 APIX 플랫폼에 자사의 API 등 솔루션 등록을 지원할 수 있지만, AFIN에서는 신뢰할 수 있는 파트너쉽 공동체를 유지, 보장할 의무가 있기 때문에 최종 심사까지 구조화된 까다로운 승인 절차를 진행한다. 웁살라 시큐리티의 솔루션은 AFIN 승인 조건을 만족시키고, 글로벌 시장에서 기술력이 검증됐다는 점에서 의의가 있다고 웁살라 시큐리티의 관계자는 설명했다.“현재 웁살라 시큐리티는 APIX 플랫폼 내 디지털 뱅크를 구축하기 위한 프로토 타입 파트너 그룹에 공식 지정되어 있고, 해당 프로젝트 내에서 사이버 스크리닝(Cyber Screening) 보안 파트를 담당하는데, 마스터 카드 등 업계 유명 글로벌 핀테크 회사들과 함께 협업할 수 있게 되어 영광으로 생각한다.” 며 “APIX FinTech에서 검증된 레퍼런스와 신뢰도를 바탕으로 글로벌 사이버 보안 전문 기업으로 도약할 수 있도록 역량을 집중할 방침이다.” 라고 패트릭김 대표는 포부를 밝혔다.회사소개웁살라 시큐리티(Uppsala Security)아시아 테크의 중심 싱가포르에 본사를 둔 웁살라 시큐리티는 30여명의 숙련된 보안 전문가로 구성된 블록체인 사이버 보안 회사로, 최초의 블록체인 기반 크라우드 소싱 보안 플랫폼인 ‘센티넬프로토콜(Sentinel Protocol)’을 구축, 서비스하고 있습니다. 조직과 기업의 가상자산 보안에 대한 니즈와 사이버 보안 산업의 글로벌 표준 컴플라이언스를 모두 충족시키는 솔루션을 통해 안전하게 상호 연결된 사용자 경험을 제공하고 있습니다. 한편, 웁살라 시큐리티는 싱가포르에 본사를 두고 있으며, 한국과 일본에 사무실이 있습니다.웁살라시큐리티 AML 솔루션, 아세안금융혁신네트워크 플랫폼에 가상자산 업계 최초 등록 was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 03. 20
Dinner with President Halim...
By: Donovan Tan, Cybersecurity Researcher (Singapore)Nope… there’s no dinner — only a phishing scam. President Halimah urged all Singaporeans to ‘familiarize yourself with tell-tale signs of a phishing email’ — we will show you how.On the 26th of February 2020, President Halimah took to Facebook, warning Singaporeans of an ongoing email phishing campaign which invited recipients to a dinner with herself, PM Lee and Cabinet Ministers. Recipients were asked to download an invitation letter and enter in their email credentials. Of course, there was no such dinner and the cyber-criminals behind this phishing email wanted to steal their victim’s credentials. This warning was eventually published on the front page of the Straits Times Home section (27th Feb 2020), highlighting the importance and pressing, prevalent issue of phishing scams in Singapore.What is Phishing?Phishing is a type of cyber fraud carried out by attackers masquerading as trusted entities. The goal is usually to trick victims into revealing confidential information or to install malware on their devices. Consequences of such attacks include but are not limited to data leaks and identity theft leading to financial losses.Popular channels to carry out such attacks include email and SMS, where phishing site URLs, forged documents or malware download links are spread, and automated phone calls, where attackers claim to be from trusted authorities and subsequently request for your personal information.Why you should care about Phishing.Phishing is common.Even in Singapore. Some of the commonly impersonated organizations in local phishing scams include DBS Bank, DHL and government-related entities. In November 2018, DBS and the Singapore Police Force (SPF) revealed that more than 50 DBS customers had fallen for SMS phishing scams over the previous 2 months¹. Most of these SMS messages inform users of suspicious activity being detected on their accounts, and request users to enter their banking credentials in the phishing link provided. As seen on DBS’s security alerts page, these phishing scams are still ongoing with different variations appearing frequently.Phishing SMS messages targeting DBS customers. (Taken from https://www.channelnewsasia.com/news/singapore/phishing-scam-dbs-posb-customers-fake-sms-police-10957456)More recently, the SPF warned the public in January 2020 about a fake police phishing site that accused victims of viewing and spreading illegal material, proceeding to seemingly lock their browser². The fake site then demanded users enter their credit card details to pay a fine in order to have their browsers unlocked.Phishing Website impersonating SPF (Taken from https://www.channelnewsasia.com/news/singapore/fake-police-website-locked-screen-phishing-12361668)Phishing works.According to Verizon’s 2019 annual Data Breach Investigations Report, phishing had the highest success rate out of all threat vectors and was involved in 32% of reported data breaches³. Phishing is a social engineering attack, and like all such attacks, exploits human emotion and manipulates the human mind. The exploitation of something inherent in all of us is what makes it relatively non-technical to implement yet effective and dangerous. Vulnerabilities in systems can be patched to prevent exploitation, but human emotion cannot. To increase their rate of success, cybercriminals utilize social engineering tactics such as exploiting human greed or creating a false sense of urgency and invoking fear in victims like those seen in the DBS and SPF phishing campaigns.Phishing has costly repercussions.Financial losses could be incurred when personal data such as banking credentials are compromised. Statistics from scamalert.sg reveal that SGD$21.1M has been lost through impersonation scams⁴. With phishing often being an entry point to larger scale data breaches and cyber-attacks⁵, organizations who fall victim could incur heavy losses too. Cybercriminals can obtain access to an organization’s internal systems or email accounts through phishing attacks carried out against employees. This enables them to carry out further attacks such as the Business Email Compromise (BEC) attack. In BEC, cybercriminals use compromised company email accounts to carry out illegitimate requests internally, such as for payment to be made to a vendor but with the provided bank account being the cybercriminal’s⁶.Defending against Phishing attacksWith scammers frequently coming up with new phishing campaigns utilizing different ruses, tactics and channels, how can one protect against phishing attacks?Below are 3 methods to help keep you safe:Use of Anti-Phishing toolsLearn about Phishing and its tell-tale signsKeep calm, think rationally1) Use of Anti-Phishing toolsAn effortless way of protecting yourself against phishing attacks would be to let anti-phishing tools do it for you. These tools might be part of a full endpoint solution or come as a standalone tool like an anti-phishing browser extension. Examples of such tools include Uppsala Security’s UPPward, a web browser extension with capability of warning users when they visit malicious sites.2) Learn about Phishing and its tell-tale signsSadly, anti-phishing tools do not guarantee you complete protection against phishing scams. Ultimately, the most straightforward way of protecting yourself against phishing scams would be familiarizing yourself with common tricks used in phishing campaigns (such as SMS spoofing) and learning how to identify one.SMS SpoofingThrough SMS spoofing, it is possible for attackers to set the organization they are impersonating as the sender’s name in their SMS message.Example of an actual phishing campaign carried out through SMS SpoofingAs seen above, the SMS seemed to have originated from OCBC Bank, however it is actually a fake SMS from a phishing campaign. Members of the public who are not tech-savvy and unaware that such an attack exists might easily fall for phishing scams using it.Although phishing scams might come in variations and through different channels, there are thankfully a couple of generic tell-tale signs across them. Here are some of them:Misspelt/Incorrect URLsA skilled attacker can accurately recreate a legitimate organization’s website, but he will never be able to copy the website’s unique URL.Example of an actual phishing site with incorrect URL seen in one of our investigationsTo overcome this and increase their chances of tricking victims, many attackers employ various deceptive tactics when crafting their phishing URLs. Below are a few of the common tactics used.Keeping these common ploys in mind, you can protect yourself from phishing scams by meticulously examining links provided by the scammer and ensuring it matches with the legitimate URL.Illogical, Unrelated DomainsIn scenarios where one is unfamiliar with the exact URL of the legitimate website being spoofed, one can instead examine the domain of the URL given by the scammer. A tell-tale sign of phishing campaigns are URLs which have domains that sound illogical or are too generic and bear no relation to the impersonated organization’s brand. Examples include these actual phishing websites which targeted Airbnb customers.*These are actual phishing sites collected through our threat intelligence. Please do not visit them.These URLs might seem related to Airbnb at first glance. However, their domains should sound off warning alarms.Suspicious Email Address from Incorrect DomainsWhen it comes to identifying phishing emails, one can look at the domain of the sender’s email address. Most organizations, especially those prominent enough to be targets of phishing campaigns, use email addresses belonging to their own email domains for official correspondence. If the sender’s email address does not belong to the supposed organization’s email domain, it is likely to be a phishing email.Legitimate EmailPhishing Email (Taken from https://www.dbs.com.sg/personal/deposits/security-and-you/default.page)Another point to bear in mind is that an email sender’s name is not unique and can easily be set by a cybercriminal. When verifying the authenticity of an email, we should always refer to the sender’s actual email address and not name. As seen in the phishing email above, the scammer had set the name as ‘DBS iBanking’ to mislead victims. However, by looking at the domain of the sender’s email address, we see that the email is sent from @automail.com and not @dbs.com, hence it should not be trusted.3) Keep Calm, Think RationallyYes, phishing is a social engineering attack and cybercriminals try to exploit your emotions by creating scenarios that invoke greed, fear or urgency. They try to make you think and act irrationally. However, knowing how prevalent phishing scams are today, we should consciously try to keep calm and do the opposite. Most phishing scams targeting the general public adopt a ‘spray-and-pray’ approach — a generic scenario is created and sent out to the masses via different channels. As such, there are often logic gaps in the stories or claims created by attackers.Dinner invitation from the President? I don’t think the President is THAT free to randomly invite citizens for dinner out of the blue…Police demands you pay a fine for distributing illegal content? Why believe it nor worry if you have never done so?Suspicious transactions made by your bank account? Simply log into your official iBanking app and check!At Uppsala Security, we believe that cyber threats can be tackled more effectively through collective, crowdsourced threat intelligence. If you come across any site you suspect to be malicious, inclusive of phishing sites, please report it to us through https://portal.sentinelprotocol.io/create/case.UPPward is free to use and available on Chrome, Brave and Firefox Browsers.Chrome & Brave Extension: https://chrome.google.com/webstore/detail/uppward/okchiedmnincflodifnojcnhnncldcbkFirefox Extension:https://addons.mozilla.org/en-US/firefox/addon/uppward-by-sentinel-protocol/ https://www.channelnewsasia.com/news/singapore/phishing-scam-dbs-posb-customers-fake-sms-police-10957456 https://www.channelnewsasia.com/news/singapore/fake-police-website-locked-screen-phishing-12361668 https://info.phishlabs.com/blog/phishing-number-1-data-breaches-lessons-verizon https://www.scamalert.sg/scam-details/impersonation-scam https://www.proofpoint.com/us/security-awareness/post/phishing-pretexting-and-data-breaches-verizons-2018-dbir https://www.techrepublic.com/article/beware-hackers-are-trying-to-scam-your-company-with-this-attack/?ftag=CMG-01-10aaa1bDinner with President Halimah? Phish’s on the menu. was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 03. 06
마스크 속 숨겨진 검은 의도: 코로나19(COVI...
도노반 탄, 사이버보안 연구원싱가포르와 한국을 기반으로 2018년 1월에 설립된 웁살라시큐리티(Uppsala Security)는 블록체인 기술로 구동되는 최초의 크라우드소싱 보안 위협 플랫폼인 ‘센티넬프로토콜’ (Sentinel Protocol)을 구축했다. 우리의 미션은 사이버 범죄 행위가 발생하는 것을 사전에 막고, 발생한 사건에 대해서는 합리적이고 효과적인 보안 솔루션을 통해 피해를 최대로 경감시키는 것이다. 최근 코로나19가 발생하면서 수술용 마스크에 대한 수요가 급증하고, 일반인들도 수술용 마스크를 대량 구매하게 되면서 전세계적으로 마스크 품귀현상이 나타나게 되었다. 싱가포르의 상황도 크게 다르지 않다. 오프라인 상점이나 약국 등에서도 의료용 마스크를 구매하기 어렵게 된 소비자들은 결국 마스크를 살 수 있는 모든 수단과 방법을 강구하며 온라인 마켓으로 몰리게 됐다.현재로서는 치료법이 존재하지 않는 신종 코로나 바이러스에 대한 불확실성과 마스크의 희소성은 일부 사람들 사이에서 심각한 공포를 유발하였으며, 급기야 상황은 공황상태의 마스크 구매로 이어지게 되었다. 두려움은 종종 인간이 논리적으로 사고하기 보다, 감정에 입각한 비합리적행동을 하게 한다. 사이버 범죄자들은 이런 혼란한 상황을 파악하고 이용하여 사기를 저지르고 사이버 공격을 하는데 능숙하다. 인간의 심리와 감정을 이용한 이러한 공격은 사회공학적 공격(Social Engineering Hacking)으로 널리 알려져 있으며 피싱이나 탈취 등 다양한 형태로서 흔히 일어난다. 현 상황에서 사이버 공격의 예는 수술용 마스크 판매를 광고하는 사기성 온라인 상점들의 설립이라 할 수 있다. 사이버 범죄자들은 고객들에게 마스크를 판매하는 척하며 금전적 이득을 취하지만 어떤 제품도 고객에게 발송하지 않고 결국 ‘먹튀’를 하는 것이다. 자포자기와 두려움 때문에 일반 소비자들의 판단력이 흐려지는 때에 이런 사기성 온라인 마켓의 피해자가 될 가능성은 더욱 커진다. 사우스차이나모닝포스트에서 보도한 바와 같이 이미 이런 사건이 일어나고 있다. 2월 13일 현재, 홍콩 경찰은 마스크를 제공하는 사기성 온라인 상점들에 관한 300건 이상의 보고를 받았고 관련된 12명을 체포하였다. 관련자금은 HKD$1.1M (한화 약 1.7억원)에 이른다. 특히 해당 사건은 사이버 범죄자가 1주일이라는 짧은 기간 동안 천 명 이상의 사람들을 속였다는 점에서 주목할 만하다.시간이 지날수록, 잠재적으로 유사한 사건이 수면으로 드러났다. 지난 며칠 동안, Mothership 과 Goodyfeed와 같은 다양한 지역 콘텐츠 사이트들이 MedicalLex라는 온라인 마스크샵의 합법성에 대한 기사를 조사하여 발표했다. 웁살라시큐리티 팀은 지난 2월 9일(일) 페이스북 광고를 통해 처음 접수한 MedicalLex.에 대해 인지하고 있었으며 우리 나름대로의 조사를 진행해 왔다. MedicalLex를 사기 사이트로 확실하게 분류할 수는 없지만, 우리는 하기와 같은 점들을 발견했다. 1) 진술의 불일치 2) 의심스러운 도메인 및 회사 주소 정보 3) 웹사이트의 허위, 오해의 소지가 있는 정보의 증거 이러한 부분은 MedicalLex를 의심스러운 사이트로 분류하기에 충분한 적기(赤旗)로 판단되기 때문에, 해당 사이트에서 수술용 마스크를 구매하지 않을것을 강력하게 조언한다. MedicalLex에 대한 기사들이 게시될 당시 MedicalLex는 페이스북을 삭제했다. 이들의 홈페이지(www.medicallex[dot]com)는 여전히 운영 중이지만 온라인 샵을 통한 주문은 중단한 것으로 보인다. 하지만 이들은 마스크 구매에 관심 있는 사용자들이 다른 경로로 연락해 올 수 있도록 유도하였다.의심스러운 증거 1: 문장의 불일치첫째로, 우리는 현재는 사라진 MedicalLex Facebook 페이지에서 제공하는 정보의 불일치를 발견했다.스크린샷은 2월 9일(일) 오후 6시 58분(SGT)에 촬영되었다.지난 2월 9일 동시에 촬영된 2장의 스크린샷에서 보듯, MedicalLex 페이스북 페이지에 포스팅된 문장에서 불일치를 발견하였다. 두 내용 모두 스크린샷을 하기 15시간 전에 이루어졌다. 그러나 한 포스팅에서는 그들이 5개의 다른 나라에 창고를 소유하고 있다고 주장하는 반면, 다른 한 포스팅에서는 2개의 나라(미국과 홍콩)에만 창고를 가지고 있다고 적혀있다.의심스러운 증거 2: 의심스러운 도메인 및 회사 주소 정보둘째로, MedicalLex가 제공하는 주소와 도메인이 의심스럽다. 그들의 도메인인 medicallex[dot]com은 불과 며칠 전인 2020년 2월 4일에 등록되었으며, 1년 동안 사용하는 것으로 되어있다. 그들이 제공한 회사 주소인 ‘1155 S Power Rd #114, Mesa, AZ 85206, 미국’에 대한 구글 검색 결과 전혀 다른 회사인 ‘Box-N-Mail로 반환되어 보여진다. 허위 주소와 함께 최근에 생성된, 단기 계약의 도메인은 사기 사이트의 일반적인 특징이다.MedicalLex 도메인에 대한 조회 정보MedicalLex에서 제공한 회사 주소는 다른 회사로 확인의심스러운 증거 3: 웹사이트속 허위, 오해의 소지가 있는 정보의 증거마지막으로, 일견 그들의 웹사이트가 전문적이고 합법적으로 보이지만, 추가 조사를 통해 위조되고 오해의 소지가 있는 정보를 확인할 수 있었다. Mothership의 기사에서 자세히 설명했듯이, 허위 정보의 첫 번째 징후는 MedicalLex가 고객 리뷰를 위해 상품 이미지와 표절된 텍스트를 사용하는 것이다. 이 이미지들은 지적을 받은 후 제거되었다. 그러나 아마존의 Face Mask를 도용한 리뷰들은 여전히 해당 사이트에 존재한다.아마존에 등록되어있는 Face Mask의 리뷰 원본MedicalLex웹사이트에 있는 같은 리뷰잠재적으로 위조되고 오해의 소지가 있는 또 다른 정보는 서비스에 만족한 7만 명의 고객을 보유하고 있다는 MedicalLex의 주장일 것이다. 이는 메디컬렉스의 도메인이 약 2주 전(2월 4일) 등록돼 있어 더욱 믿기 어렵다. 심지어, MedicalLex는 구글의 Trusted Store 프로그램에서 2017년 이후 오랫동안 중단되었던 Trusted Store 마크를 표시했다.MedicalLex는 7만명의 고객만족이 있었다고 주장한다.2017년에 종료된 구글의 Trusted Store 마크를 사용하는 MedicalLex우리는 MedicalLex가 홈페이지에서 수술용 마스크의 재고를 묘사하는 말로 ‘매우 제한적’, ‘높은 수요’, ‘주문 할당량 부족’과 같은 자극적인 단어들을 자주 사용하고 상품판매가 ‘선착순’이라는 점을 강조했다는 것을 알 수 있었다. 마케팅이나 판매 전술일 수도 있지만, 이는 구매를 유도하기 위해 공황 상태를 조장함으로써 소비자들의 두려운 심리 상태를 적극적으로 이용하려는 의도로 보여질 수 있다.피해자의 심리 상태를 이용해 두려움을 유발하는 단어 선택.사이버 범죄자들이 혼란한 상황을 이용해 사기행각을 벌이고, 인간의 감정을 이용하는 데 더욱 능숙해짐에 따라, 일반인들은 점점 더 ‘무엇이 진짜이고 가짜인지’ 구별하기가 어려워지고 있다. 제2의 MedicalLex 와 같은 사기를 막고, 의심스러운 사이트로부터 보호하기 위해서는 신뢰할 수 있는 보안회사에서 제공하는 솔루션을 사용하는 것이 해결책이 될 수 있다. 그 중 하나는 Uppsala Security에 의해 개발된 브라우저 익스텐션인 웁워드(UPPward)이다. 웁워드는 웁살라시큐리티의 개인용 사이버보안 블랙리스트 검색기로서 크롬 브라우저 등의 앱설치(익스텐션)를 통해 사용 가능하다. 웁워드의 사용자는 의심스럽거나 블랙리스트로 판명된 사이트에 방문할 시 아래 스크린샷과 같은 알림 및 경고를 받음으로써 사기의 가능성을 사전에 차단할 수 있다.medicallex[dot]com의 방문을 막는 UPPward 이미지 화면이처럼 UPPWard가 사기성 사이트를 판별해 내는 원리는 웁살라시큐리티의 핵심기술인 위협평판 데이터베이스, 즉 TRDB(Threat Reputation Database)에 있다. TRDB는 해킹, 피싱 사기 등과 관련된 암호화폐 주소뿐 아니라, 불법 URL, 도메인, 이메일 등 전세계의 모든 위협 정보를 크라우드 소싱 형태로 수집하고, 보안 전문가들을 통해 검증된 위협 데이터들을 블록체인 상에 저장하는데 현재(2020년 2월 20일 기준)까지 약 900만개 이상의 지표와 카운트를 보유하고 있다.TRDB의 위협 데이터들은 실시간으로 웁워드에 업데이트되는데, 때문에 웁워드는 사용자가 블랙리스트에 있는 정보와 접촉할 경우 그 위협을 감지하여 즉시 경고해 줄 수 있는 것이다. 이번 코로나19 사태를 통해, 국가 비상상황에서 정부와 지역사회 그리고 전국민이 하나로 뭉쳐, 신속하게 대처하고 예방수칙을 지키는 것이 얼마나 중요한 일인지 우리는 확실히 경험하고 있다. 이는 비단 코로나19에만 해당되는 일이 아니라, 사이버 보안 문제에도 마찬가지이다. 웁살라시큐리티는 집단지성을 통해 모인 위협데이터와 사법기관의 공조가 사이버 위협을 막는데 있어 가장 강력하고 효과적인 방법이라고 믿는다.잠재적으로 사기성 있는 마스크 온라인샵을 포함하여 악의적인 것으로 의심되는 사이트를 발견하면 센티넬포털 사이트 https://portal.sentinelprotocol.io/create/case 혹은 웁워드의 신고하기 기능을 통해서 신고할 수 있다.UPPward는 Chrome, Brave 및 Firefox 브라우저에서 현재 무료로 다운받아 사용할 수 있다.Chrome & Brave Extension: https://chrome.google.com/webstore/detail/uppward/okchiedmnincflodifnojcnhnncldcbkFirefox Extension:https://addons.mozilla.org/en-US/firefox/addon/uppward-by-sentinel-protocol/Uppsala Security: https://uppsalasecurity.com/UPPward: https://uppward.sentinelprotocol.io/Forum: https://forum.sentinelprotocol.io/ https://www.scmp.com/news/hong-kong/law-and-crime/article/3050449/coronavirus-spreads-scammers-cash-hongkongers https://www.mothership.sg/2020/02/medicallex-scam/ https://goodyfeed.com/medicallex/마스크 속 숨겨진 검은 의도: 코로나19(COVID-19) 관련 온라인 사기어떻게 막을 수 있나? was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 02. 20
“Malicious Actors Hiding in...
“Malicious Actors Hiding in the Dark”: An Overview of Money Laundering Techniques Employed by Malicious ActorsBy: Athul Harilal (Security Researcher) and Koh Kai Xuan (Associate Security Analyst)In this article, we highlight the techniques employed by malicious actors to launder illicit funds from point of origin blacklisted wallets to exchanges where malicious actors encash them. In order to do so, we collected approximately 30,000 different malicious actor wallets from our Threat Intelligence database (TRDB) that belong to around 1500 different malicious incidents. For our research, we have used only ethereum wallets belonging to malicious actors as a use case, however money laundering techniques derived from our research is applicable to other cryptocurrencies as well.Types of Malicious Actor Wallets found in our Dataset:We categorized malicious actor wallets into 3 types based on their use.1. Point of origin wallets: Point of origin wallets comprise of initial wallets that malicious actors use to run away with illicit funds extorted from innocent victims or organisations. These wallets are reported by victims themselves through our portal or through public forums that gain attention, which are then validated by our security experts.2. Storage wallets: A storage wallet is one that malicious actors use to store illicit ether collected from one or more point of origin wallets.3. Exchange user wallets: An exchange user wallet is one that malicious actors use to convert illicit ether into fiat cash. These wallets are issued by exchanges themselves to users in order to buy or sell cryptocurrency, and a user could possess more than one of such wallets that belong to different or same exchanges.From our dataset, we observe that close to 60% of the wallets comprises of exchange user wallets, 31% comprises of point of origin wallets and only the remainder 9% are storage wallets.Main Intent of Malicious ActorThe main aim of the malicious actor is to relay the illicit funds from point of origin wallets to exchange user wallets for encashing, in a manner that makes it difficult for cryptocurrency enthusiasts to keep track of their transactions. Using Figure 1 as the reference, let’s observe how malicious actors are able to do so.Fig 1: Illustration of transaction tracking from point of origin wallets.In Fig 1, we have represented a group of point of origin wallets in red circles, exchange user wallets in purple circles and storage wallets in blue circles. We observe 1 direct link between point of origin wallets and exchange user wallet / storage wallet. However, the other storage wallet and exchange user wallet cannot be linked back to point of origin wallets because malicious actors have used some techniques to hide the link. In Fig 1, we represent this by an obfuscation block which receives funds from point of origin wallets and sends this to exchange user wallet or storage wallet, in a manner that makes it difficult for investigators to find a link between them.Money Laundering Techniques ObservedTable 1. Stats of different malicious actor wallets.Upon following the transactions from point of origin wallets up to 8 hops, we found that only 39% of malicious actor’s exchange user wallets and 16% of their storage wallets were contacted, as shown in Table 1 column Links Found. This shows that malicious actors were successful in hiding the link between point of origin wallets and exchange user wallets or storage wallets. How did malicious actors achieve this?1.Point of Origin Wallets: Upon querying point of origin wallets through our Crypto Analysis Risk Assessment Tool (CARA) and Crypto Analysis Transaction Visualization (CATV), we infer that malicious actors employed multiple techniques, as shown in Table 1. Predominantly, we observed 83% of malicious actors employed relaying and mixing of illicit funds over multiple wallets, followed by 40% tumbling the funds through multiple wallets, which made it difficult to find a link between them. In the cryptocurrency ecosystem, there are readily available services such as mixers and tumblers that predominantly cater to such needs. These services function by requesting the user to transfer funds to one or more wallets owned by service and they would send the funds back to another wallet owned by the user, in such a way that makes it difficult to establish a link between the initial and final user wallets, which is illustrated by the obfuscation block in Figure 1.While more sophisticated malicious actors could build similar services with the help of Ethereum blockchain APIs that facilitate creation of multiple wallets and initiate transactions between them through self- developed programs.The mean lifetime of point of origin wallets was 197 days, of which only 13% of malicious actors moved all the illicit funds in a single day, as shown in Table 1. From here, we can infer that malicious actors generally move funds from time to time, in an effort to make it difficult for defenders to keep track of them.2. Exchange User Wallet: While 39% of malicious actor’s exchange user wallets could be traced from point of origin wallets, the remainder 61% could not be traced. As a result, they enjoyed the benefit of portraying as normal users that interact with exchanges. From our dataset, the average lifetime of malicious actor’s exchange user wallets were 233 days, much larger than point of origin wallets. However, 29% of malicious actor’s user wallets had a lifetime spanning only a few minutes, involving a single transaction to the exchange and not reused since then. Hence malicious actors use a combination of exchange user wallets to encash or convert to other cryptocurrency.3. Storage wallets: 16% of malicious actor’s storage wallets had connection with point of origin wallets and the remainder 84% of them were hidden due to the laundering techniques applied. From our dataset, we find that the mean lifetime of these wallets is 208 days, which indicates that malicious actors sometimes store funds away from the point of origin wallets for a significant amount of time before encashing it.Upon querying exchange user wallets and storage wallets through our Crypto Analysis Risk Assessment Tool (CARA), we found that the majority of malicious actors employed relaying and mixing, followed by tumbling to receive illicit funds into their wallets as shown in Table 1. Therefore, we can determine malicious intent in these wallets although it is difficult to find a link between these wallets and point of origin wallets.Concluding WordsMalicious actors usually operate over 6 months to run away and encash illicit funds. In order to do so, they resort predominantly to relaying and mixing, and tumbling of illicit funds over multiple wallets, to hide the link between point of origin wallets and exchange user wallets or storage wallets, which resulted in hiding 61% and 84% of exchange user wallets and storage wallets respectively. Hence, malicious actors are able to reuse the same exchange user wallet or storage wallet for durations greater than 6 months with some measure of confidence.However, although malicious actors are able to hide the link, we can still infer malicious intent in exchange user wallets and storage wallets based on money laundering characteristics observed when they engage in services such as mixers and tumblers, that can aid as a precursor to finding the link between them.Request for Dataset: If you are interested in the dataset, contact us at email@example.com.Reference:“Uppsala Security | TRDB — Sentinel Protocol.” https://www.uppsalasecurity.com/trdb. Accessed 12 Feb. 2020.“How to Submit an Incident Report — Sentinel Protocol — Medium.” 13 Nov. 2018, https://medium.com/sentinel-protocol/how-to-submit-an-incident-report-6b65914d4ad8. Accessed 12 Feb. 2020.“Catching and Stopping Online Security Threats: Our Review ….” 18 Nov. 2018, https://medium.com/sentinel-protocol/catching-and-stopping-online-security-threats-our-review-procedure-9e1b0ec398dc. Accessed 12 Feb. 2020.“Identifying Exchanges Affected by Stolen Upbit ETH — Sentinel ….” 6 Dec. 2019, https://medium.com/sentinel-protocol/identifying-exchanges-affected-by-stolen-upbit-eth-41e6e5db6962. Accessed 12 Feb. 2020.“Uppsala Security | CARA — Sentinel Protocol.” https://www.uppsalasecurity.com/cara. Accessed 12 Feb. 2020.“How CATV Helps Businesses Track Money Laundering and ….” 30 Apr. 2019, https://medium.com/sentinel-protocol/how-catv-helps-businesses-track-money-laundering-and-terrorist-funding-90c45f24a063. Accessed 12 Feb. 2020“Ethereum Mixer. Ether (ETH) Tumbler. — Bitcoin Mixer.” https://bitcoinmix.org/eth. Accessed 12 Feb. 2020.“Web3.py — Web3.py 5.5.0 documentation.” https://web3py.readthedocs.io/en/stable/. Accessed 12 Feb. 2020.“Malicious Actors Hiding in the Dark”: An Overview of Money Laundering Techniques Employed by… was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 02. 19
Mask-ed Intentions: Protect...
By: Donovan Tan, Cybersecurity ResearcherEstablished in January 2018, Uppsala Security, based in Singapore and South Korea, built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology. Our mission is to prevent criminal activities from happening, and mitigate the damages when they do happen, through the provision of affordable and effective security solutions.With the recent outbreak of COVID-19, demand for surgical masks has skyrocketed, which led to a global shortage of surgical masks as the masses scramble to get their hands on them. The situation in Singapore is no different, with masks being hard to come by at most physical shops. Consumers here have headed online in a bid to find masks from any source possible.The scarcity of masks, along with the uncertainty surrounding this new strain of coronavirus still being researched, has inevitably led to fear-induced panic buying among some. Fear often leads to irrationality, causing people to act based on emotions rather than logic. Cybercriminals are adept in identifying and capitalizing on such situations to carry out cyber-attacks and scams. These attacks that exploit human psychology and emotions are known as social engineering attacks and are commonplace today, encompassing various forms such as phishing and extortion.An example of such an attack in this scenario would be the setting up of fraudulent online shops touting surgical masks. Cybercriminals accept payment for but do not send out any masks to customers. They subsequently abscond with the collected money. Due to desperation and fear, individuals are more likely to have their judgment clouded, increasing their chances of falling victim to scam shops. As reported by the South China Morning Post, such incidents are already taking place. As of 13th February, police in Hong Kong received over 300 reports regarding fraudulent online shops offering masks and had proceeded to make 12 related arrests. The money involved amounted to a whopping HKD$1.1M (approx. SGD197k). In a particular case, the cybercriminal had scammed more than a thousand people in a short period of 1 week.Closer to home, potentially similar cases have surfaced too. Over the past few days, various local content sites such as Mothership and Goodyfeed  had investigated into and released articles discussing the legitimacy of an online mask shop called MedicalLex. Our team at Uppsala Security is aware of MedicalLex, which we first chanced upon through a Facebook advertisement on the 9th of February (Sunday) and have too carried out our investigations. Although we are unable to classify with certainty MedicalLex as a scam site, we have found;1) Discrepancies in their statements,2) Suspicious domain and company address information, and3) Evidence of falsified, misleading information on their website.These are sufficient red flags to classify MedicalLex as suspicious, and we strongly advise any person against dealing with them to get their surgical masks. At the time of posting, MedicalLex has taken down their Facebook page. Their website (www.medicallex[dot]com) is still in operation but they seem to have suspended orders through their e-shop. However, they prompted interested users to contact them directly to make alternate arrangements.Red Flag 1: Discrepancies in StatementsFirstly, we have noticed discrepancies in the information provided by the now defunct MedicalLex Facebook page.Screenshots were taken on the 9th of Feb (Sunday) at 6.58 PM.As seen in the 2 screenshots taken above at the same time on the 9th of February, we uncovered discrepancies in the claims made by the MedicalLex Facebook page. Both claims were made 15 hours before the screenshot; however one claims that they own warehouses in 5 different countries, while the other claims they only have warehouses in 2 countries (the US and HK).Red Flag 2: Suspicious domain and company address informationSecondly, the domain of and address provided by MedicalLex are suspicious. Their domain, medicallex[dot]com, was registered only a few days ago on the 4th of February 2020 and for a short period of one year. A Google search on the company address they provided, ‘1155 S Power Rd #114, Mesa, AZ 85206, United States’, returns another company, ‘Box-N-Mail.’ New, short-lived domains coupled with false company addresses are common characteristics of scam sites.Whois Lookup information for MedicalLex’s domain.Company address provided by MedicalLex returns another company.Red Flag 3: Evidence of falsified, misleading information on their websiteLastly, although their website looks professional and legitimate, further investigation revealed falsified and misleading information. As detailed in Mothership’s article, the first sign of falsified information would be MedicalLex’s use of stock images and plagiarised text for customer reviews. These images have since been removed after being called out. However, the plagiarised reviews, which are copied from real reviews of face mask listings on Amazon is still present on the site.Original review for a Face Mask listing on Amazon.Same review on MedicalLex’s website.Another piece of potentially falsified and misleading information would be MedicalLex’s claim that they have 70,000 satisfied customers. This is hard to believe due to MedicalLex’s domain being registered just approximately 2 weeks ago (4th February), as seen earlier. Moreover, MedicalLex also displayed the Trusted Store mark from Google’s Trusted Store program, which had long been discontinued in 2017.MedicalLex claims to have 70,000 happy customers.MedicalLex displaying the Google Trusted Store mark, which had been discontinued in 2017.On MedicalLex’s site, we have noticed their frequent display and choice of words such as ‘very limited’, ‘high demand’ and ‘order quota is running out’ to describe their surgical masks, and that their sales are on ‘first-come, first-serve basis’. Though possibly a marketing or sales tactic, these could also be seen as a deliberate attempt to further exploit consumer’s fears and psychological state by inducing even more panic in bid to drive purchases.Choice of words to exploit victim’s psychological state and induce fear.With cyber criminals getting more adept in running realistic scams and taking advantage of human emotions in times like this, it becomes increasingly difficult for individuals to discern between real and fake. To protect yourself from potentially suspicious sites such as MedicalLex and future scams, third party tools provided by trusted Security Vendors can be utilized. One such tool would be UPPward, a browser extension developed by Uppsala Security. UPPward is powered by crowdsourced threat intelligence verified by our team of Security analysts and helps flag any suspicious or blacklisted site visited by users as seen in the screenshot below.UPPward blocking a user from visiting medicallex[dot]com.Just like how it is important for communities to work as one in the fight against COVID-19, we at Uppsala Security believe that cyber threats can be tackled more effectively through collective, crowdsourced threat intelligence. If you come across any site you suspect to be malicious, inclusive of potentially fraudulent mask shops, please report it to us through https://portal.sentinelprotocol.io/create/case.UPPward is free to use and available on Chrome, Brave and Firefox Browsers.Chrome & Brave Extension: https://chrome.google.com/webstore/detail/uppward/okchiedmnincflodifnojcnhnncldcbkFirefox Extension:https://addons.mozilla.org/en-US/firefox/addon/uppward-by-sentinel-protocol/Uppsala Security: https://uppsalasecurity.com/UPPward: https://uppward.sentinelprotocol.io/Forum: https://forum.sentinelprotocol.io/ https://www.scmp.com/news/hong-kong/law-and-crime/article/3050449/coronavirus-spreads-scammers-cash-hongkongers https://www.mothership.sg/2020/02/medicallex-scam/ https://goodyfeed.com/medicallex/Mask-ed Intentions: Protect yourself from Online scams related to COVID-19 was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 02. 17
CATV now also tracks BTC wa...
After months of research, coding and testing in the Uppsala Security offices, we are excited to announce that the Crypto Analysis Transaction Visualization (CATV) tool is now also available for BTC transactions! Starting today, 7 February, 2020 , users registered for access to the Sentinel Portal can navigate through and track BTC wallet addresses.By adding this new capability to the already existing ETH feature, we are enabling users to operate through the millions of transactions happening daily on both networks. This makes the CATV tool an even more powerful instrument in order to fight against theft, money laundering and terrorist financing and save valuable time during investigations into these type of crimes.Key capabilities of the Crypto Analysis Transaction Visualization (CATV) tool include:1) Scalability — accepts increased volume without impacting presentation;2) Security — features top technical protection while providing secure access;3) User experience — displays a holistic view of tracking transactions with centralized checklists and automated management processes;4) Availability — offers continuous availability throughout the platform.Register for an account here: https://portal.sentinelprotocol.io/signup.Follow the Uppsala Security forum and social accounts for the latest news — Twitter, Telegram, LinkedIn or Facebook.CATV now also tracks BTC wallets! was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 02. 07
The Path to a More Secure D...
Cryptocurrencies are appealing to their users largely due to their anonymity. But that same anonymity makes it easier for bad actors to engage in criminal activity through crypto transactions.Authorities are crafting new regulations to prevent criminal activity facilitated by crypto and to trace transactions if they suspect that crimes have been committed.With that said, there are several vulnerabilities in the current system. In addition to following regulations, firms and individuals must take a proactive approach to avoid getting caught in the crosshairs of regulatory noncompliance and cybercrime.Common-sense precautions combined with cybersecurity tools are the best way to keep your online activities clean, especially when using cryptocurrencies.AML/CFT and KYC in the Crypto WorldOne of the biggest risks for crypto users is receiving digital currencies that have been used for money laundering.Let’s say a bad actor launders money into cryptocurrency tokens using mixers, tumblers, and exchange trading. Those digital funds can traverse through the crypto sphere before ending up in your wallet. You might be unaware of the origin of those coins, but you would still be at risk of being subject to an investigation if law enforcement authorities are paying attention.Authorities have enacted security regulations including anti-money laundering and counter financing of terrorism measures (AML/CFT), as well as requiring know-your-customer (KYC) due diligence from financial institutions, payment processors, and crypto exchanges. The goal is to track and stop the suspicious activity before the tokens land into innocent people’s wallets or get cashed out into fiat.The New FATF “Travel Rule”The Financial Action Task Force (FATF) adopted new standards in June, referred to as the “travel rule.” The travel rule requires crypto exchanges to share customer data with financial institutions receiving transfers of digital currencies. The travel rule was designed to help law enforcement track suspicious activity involving cryptocurrencies and their exchanges.Although the law is well-intentioned, compliance will be a challenge. First, crypto exchanges lack the infrastructure to share customer data with each other. Second, the decentralized nature of blockchain technology, on which cryptocurrencies are based, creates an obstacle towards reaching a consensus on establishing a new transaction tracking and compliance system.Individual Safety MeasuresFollowing due diligence procedures before completing a crypto transaction isn’t just limited to large organizations. Individuals can also take steps to protect themselves from getting into legal entanglements.You should always know who you are transacting with. To stay safe, individuals need to:● Verify the identity of whom they are transacting with● Check if they’ve ever been involved in criminal activity● Maintain detailed records of all transactions in case regulators come callingThese measures are certainly worth taking to reduce your risk, but sometimes they are not enough. Which brings us to the next section.Coin Tracking ToolsThere are tools available to check the legitimacy and even the past criminal activity of a cryptocurrency wallet before you transact with it.Uppsala Security developed the Threat Reputation Database (TRDB), which contains information about the most current cybersecurity threats. The database has whitelists of safe URLs and wallet addresses, in addition to blacklists of malicious URLs, wallets, and recorded phishing scams.Individuals can use UPPward, a tool that can be installed as a Chrome or Firefox browser extension for free, to check wallet addresses against the TRDB before they go through with their transactions.Uppsala Security also aims to get ahead of bad actors with the Crypto Analysis Risk Assessment (CARA) tool, which uses machine learning to distinguish between the cryptocurrency behaviors of law-abiding individuals and malicious actors. Also, the Crypto Analysis Transaction Visualization (CATV) is available to help businesses or individuals track the movement of funds.Cybersecurity on Privacy CoinsPrivacy coins are even more anonymous than Bitcoin and other traditional cryptocurrencies. While the identities of Bitcoin users are anonymous, their financial transactions are public and quite easy to trace.With privacy coins such as Monero, ZCash, and Dash, it’s nearly impossible for authorities to track the flow of these coins. The $534 million heist of Coincheck (a Japanese exchange) was facilitated by privacy coins. In another high-profile case, abductors demanded a $10 million ransom payable in Monero, to release a kidnapping victim.The good news is that criminal activity is becoming more difficult to carry out using privacy coins. Exchanges are either delisting privacy coins, or not allowing people to cash out directly with privacy coins.Digital Security in the 2020sRegulators are trying to fit an emerging industry into existing frameworks, which brings obvious challenges. Adding more regulations may not necessarily help, but rather make compliance even more complicated.The fact of the matter is that the cryptocurrency industry will continue to evolve throughout the 2020s. Bad actors will search for new ways to profit, while law-abiding crypto users must combine vigilance and advanced tools to protect their crypto wallets and avoid legal headaches.At Uppsala Security, we believe the best approach is to develop new cybersecurity tools, using blockchain technology, to stay ahead of these bad actors.The Path to a More Secure Digital Future was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 02. 04
Sentinel Protocol App Avail...
Starting today, January 23, 2020, Sentinel Protocol App will be available for download on the Samsung Blockchain Wallet. It is open to all users who own a mobile Samsung Blockchain Wallet.2020년 1월 23일, 오늘 센티넬 프로토콜 앱이 삼성 블록체인 월렛 디앱에 리스팅 되었습니다.삼성 블록체인 월렛을 사용하시는 분들은 삼성 블록체인 키스토어에서 무료로 앱을 다운받으실 수 있습니다. 이제 센티넬프로토콜 앱으로 암호화폐도 안전하게 거래 하세요!Try it today — https://galaxystore.samsung.com/detail/com.uppsala.sentinelprotocol?session_id=W_8ba1f4d58002096abbbf1d0f3f656ce2#CryptoSecurityAtOneTouchSentinel Protocol App Available On Samsung Blockchain Wallet! was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 01. 23
Sentinel Protocol App avail...
Sentinel Protocol App Available On Samsung Galaxy Store!Starting today, January 23, 2020, Sentinel Protocol App will be available for download on the Samsung Galaxy Store. It is open to all users who own a mobile Samsung Blockchain Wallet, where the Galaxy Store is available.2020년 1월 23일, 오늘 센티넬 프로토콜 앱이 삼성 블록체인 월렛 디앱에 리스팅 되었습니다.삼성 블록체인 월렛을 사용하시는 분들은 삼성 블록체인 키스토어에서 무료로 앱을 다운받으실 수 있습니다. 이제 센티넬프로토콜 앱으로 암호화폐도 안전하게 거래 하세요!Try it today — https://galaxystore.samsung.com/detail/com.uppsala.sentinelprotocol?session_id=W_8ba1f4d58002096abbbf1d0f3f656ce2#CryptoSecurityAtOneTouchSentinel Protocol App available on Samsung Galaxy Store! was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 01. 23
저자: 패트릭 김, 웁살라시큐리 CEO & 창립자2020년을 맞이하며, 저희 웁살라 시큐리티가 지난 한해 동안 전 세계 기업과 정부 기관이 신뢰하는 사이버 보안 파트너가 되기 위해, 큰 진전을 이뤄냈다는 점을 알려드리게 되어 기쁩니다. 저희는 기업과 개인의 디지털 자산 보호에 특화된 사이버 보안 산업의 리더로서 자사 고유의 정체성을 지속적으로 시장에 포지셔닝 해왔습니다. 그리고 2019년 하반기에는 자금세탁방지(AML)와 테러자금조달차단(CFT)에 포커스를 맞춰 컴플라이언스 보안 솔루션을 제공하면서 많은 파트너사와 제휴를 맺었습니다. 저희 보안 기술의 뿌리는 블록체인에서 시작되었지만, 비교적 짧은 기간 동안 많은 진화를 거듭하면서 현재는 FATF 권고안에 준하는 요소 기술을 통해 디지털 자산을 사용하는 개인 및 다양한 금융 산업 기업들을 지원하고 있습니다. 미래에 대한 제 비전 중 하나는 차세대 AML인 Cyber Anti-Money Laundering (‘C-AML’로 명명함)입니다. 사이버 보안의 시각과 기준을 요하는 디지털 자산을 다루는데 있어 자금세탁방지는 곧 사이버 보안의 일부가 될 것입니다. 때문에 저는 디지털 금융 범죄와 AML이 사이버 보안 관점에서 보다 효율적인 방법으로 다뤄져야 한다고 생각합니다. 맥킨지의 한 기사에 따르면 2017년 한 해에만 민간 기업들이 AML를 위해 약 82억 달러를 지출했다고 합니다. 금융 범죄와 사기는 마침내 합병되어 사이버 보안의 시대에 하나가 되었습니다.컨퍼런스에서 만난 글로벌 리더들‘암호화폐’는 2019년 한 해 동안 가장 뜨거운 이슈 중 하나였고, 이 영향력은 향후 10년에도 계속될 것으로 생각합니다. 실제로, 분산화된 금융 기술을 사용하여 사이버 탄력성(Cyber Resilience)을 구축하는 것에 대한 업계의 관심이 증가하고 있으며, 웁살라 시큐리티 도 이에 대응하고 있습니다. 금년도 저희가 가장 심도 있게 다루었던 주제는 AML, CFT 및 투자자 보호였으며, 이는 지난 6월 일본 후쿠오카에서 열린 G20 정상회의의 주요 의제이기도 했습니다.웁살라 시큐리티는 G20개최에 맞춰 동시 열렸던 V20 정상회의에 참석하였습니다. 본 정상회담은 주요 디지털 자산 거래소와 FATF(Financial Action Task Force) 대표들이 모여 가상화폐의 리스크에 대한 공동 대응 방안 및 해결책에 대해 논의하는 자리였습니다. FATF는 암호화폐를 자산으로 인정하고 암호화폐 거래에 대한 가이드라인을 마련하였습니다. 블록체인을 포함한 기술 혁신은 기업과 개인 모두에게 큰 이익을 가져다 주지만, 투자자 보호, AML, CFT에 대한 위험을 경계해야 합니다. 최근, 저희는 호주 멜버른에서 열린 테러 대책 기금에 관한 각료 회의 “No Money For Terror“에 초대되었고, 그 곳에서 암호화폐와 관련된 잠재적 격차를 줄이기 위한 최선의 규제 접근법에 대한 의견을 나눌 수 있었습니다. 암호화폐는 많은 정부 기관과 대기업들로부터 주목을 받고 있지만, 현재 세계 금융 시스템에 큰 위협이 되는 것이 아니라고 생각합니다. 우리는 집단 지성의 힘으로 모두가 함께, 혐의 거래 추적을 위한 노력을 강화할 수 있고, 디지털 자산과 관련된 사이버 범죄들로부터 사용자들을 보호할 수 있습니다.컴플라이언스컴플라이언스는 암호화폐와 관련된 또 다른 큰 쟁점입니다. 은행들은 KYC(고객확인제도) 듀 딜리전스 (due diligence)절차를 더욱 엄격히 하고 있습니다. 자금세탁과 테러 자금 조달의 우려로 은행들은 암호화폐 거래소의 소유 계좌를 철저히 단속하고 있는 상황입니다. 일부 은행은 Bithumb과 같은 국내 대형 거래소에 속한 계좌를 동결시켜 신규 계좌 생성을 무력화시키고 있습니다. 한국은 일일 가상화폐 거래량이 가장 높은 나라 중 하나로, 2020년 7월 한국에서 시행될 특금법은 보다 엄격한 규정안을 제시할 것으로 보입니다. 그리고 이 법안이 국내 컴플라이언스의 핵심을 다루게 될 것입니다.우리의 새로운 파트너십2019년은 저희 웁살라 시큐리티가 의미 있는 비즈니스 파트너십을 달성한 성공적인 해였습니다. 총 7개의 파트너십을 맺었는데, 그 중 리셀러 파트너십 4개, 비즈니스 파트너십 4개가 있습니다.다음 리셀러와 파트너십을 맺었습니다. • 리버츠(Rivertz): 2019년 1월 • 노르마(Norma): 2019년 5월 • 옥타 솔루션(Octa Solutions): 2019년 6월 • 헥슬란트(Hexlant): 2019년 8월 또한 다음과 같은 비즈니스 파트너십을 구축했습니다. • 비즈키(Bizkey): 2019년 3월 • 비트베리(Bitberry): 2019년 3월 • 카이버 네트워크(Kyber Network): 2019년 7월 • 페이 프로토콜(PayProtocol): 2019년 10월 특히 웁살라 시큐리티는 최근 금융기관과 핀테크 기업의 협력을 촉진하는 온라인 글로벌 시장인 API Exchange(APIX) 플랫폼에 가입해 아세안 금융혁신네트워크(AFIN)와 협력하기로 합의했습니다. AFIN은 싱가포르의 통화당국(MAS)과 세계은행 국제금융공사, 아세안은행협회에 의해 설립된 조직입니다.새로운 사이버 보안 제품군이러한 파트너십과 더불어, 웁살라 시큐리티는 사이버 보안과 디지털 자산 보호에 관심이 있는 기업, 조직 및 개인의 확장된 생태계를 위한 새로운 암호화폐 보안 제품군을 출시 하였습니다. FATF 가이드라인을 준수하는 자사의 신제품 솔루션은 글로벌 AML/CFT를 지원하는 데 주력하고 있으며, 앞서 언급하였던 차세대 AML인, Cyber Anti-Money Laundering (C-AML)에 대한 저의 비전을 대변합니다. 자사의 위협 평판 데이터베이스(TRDB)를 기반으로 하여, 4월에 암호화폐 추적 보안 툴인 Crypto Analysis Transaction Visualization (CATV)를 출시하였습니다. CATV 툴은 혐의 거래의 흐름을 분석 및 시각화하여 도난당한 암호화폐를 추적하는 보안 솔루션이며, 5월에 CATV 업데이트 버전(version 2.2.0)을 발표했습니다. 또한 Interactive Cooperation Framework API v2.0(ICF API v2.0)을 런칭했습니다. ICF API는 기업의 금융 소프트웨어 어플리케이션들과 결합하여 최신 보안 위협 정보를 누구나 실시간으로 원활하게 공유하기 위해 개발된 웁살라시큐리티의 API솔루션으로, 세계 어디서나 사용될 수 있도록 사이버 보안위협정보 표준인 ‘STIX’를 따르고 있습니다. 2019년 4분기에는 거래지갑의 행동을 지속적으로 분석, 학습하는 머신러닝 알고리즘을 사용해 아직 알려지지 않은 암호화폐주소의 위험 수준을 점수로 평가하는 암호화폐거래 위험 평가 솔루션 CARA(Crypto Analysis Risk Assessment)를 개발하였습니다. 저는 디지털 자산과 암호화폐에 대한 사이버 보안의 자동화를 추구하는 개인과 기업들 사이에서, 이 솔루션이 갖는 잠재력이 대단히 클 것으로 기대합니다.마지막으로 저희의 저의 암호화폐 거래 위험 평가 리포트” 서비스인 SWAP (Summary Wallet Analytical Profiling)을 소개하게 되어 기쁩니다. SWAP은 자사의 암호화폐 보안 솔루션을 통해 지갑 주소의 거래 흐름과 패턴을 다각도로 심층 분석, 그 결과를 ‘암호화폐 거래 위험 평가 레포트’로 제공하는 서비스입니다. 이를 통해 SWAP 서비스의 기업 고객들은 보안 규제를 준수하면서도, 잠재적 블랙리스트 지갑과 의심스러운 혐의거래 등을 선제적으로 확인하여 기업의 리스크를 효과적으로 관리할 수 있습니다. 또한 준법경영 및 자금세탁 무결성을 검증받은 레포트 내용을 자사 IR보고서 또는 투자유치 등을 위한 레퍼런스로 활용할 수 있습니다.UPPward 정밀 업데이트앞서 언급한 보안 솔루션들을 론칭하는 과정에서 UPPWard 브라우저 익스텐션의 기능도 지속적으로 개선했습니다. 우리는 UPPward 플러그 인의 사용성을 Brave Browser로 확장하게 된 점을 기쁘게 생각합니다. 이제 웁워드는 브레이브, 크롬, 파이어폭스에서 모두 사용하실 수 있습니다. UPPward 익스텐션을 사용하고 계신다면 최신 버전이 맞는지 확인해 주시기 바랍니다. 새해에는 UPPWard 브라우저 익스텐션의 프로 버전을 출시할 것으로 계획하고 있습니다.미래: 모바일로 진화 중현재 웁살라 시큐리티가 우선수위를 두고 주력하는 것은 2020년 1분기까지 CATV 툴에서 비트코인(BTC)의 자금추적이 가능하도록 지원하는 것이며, 앞으로 더 다양한 코인을 지원할 계획입니다. 그리고 나면 EOS와 Kalytn과 같은 프로젝트를 지원하는 것도 가능할 것입니다. 또한, 모바일 기기에서 디지털 결제가 증가함에 따라, 모바일상에서 암호화폐 거래를 하사용자의 가상 자산에 대한 보안의 필요성이 커졌습니다. 따라서 개인 사용자들이 송금전에 암호화폐 지갑주소에 대한 위험성을 미리 검토할 수 있는 디엡(DApp)을 개발 중에 있습니다. 현재 해당 프로젝트는 아직 진행 중에 있으며 2020년 1분기에는 업데이트 된 자세한 내용을 공유할 수 있을 것 같습니다. 또한 우리는 UPPward 브라우저 익스텐션의 탐지 능력을 향상시키기 위한 지속적인 연구를 수행하고 있습니다. 다음 제품 기능인 UPPreward도 플랫폼의 시각적 업데이트와 함께 2020년 1분기 말에 출시될 것으로 예상됩니다. 마지막으로 랜섬웨어, 크립토재킹, 그리고 그 외 잘 알려진 사이버 위협들을 막기 위해 암호화폐 사용자들을 위한, 사이버 보안 강화 프로젝트를 진행하고 있습니다. 새해에는 더욱 놀라운 솔루션들을 발표할 예정이니 기대하셔도 좋습니다. 2020년 새해 복 많이 받으시고 건승하시길 기원합니다.CEO의 편지 was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 01. 14
Letter from the CEO
Patrick Kim, CEO and Founder of Uppsala SecurityAs we welcome 2020, I am happy to share that Uppsala Security has made huge strides towards becoming a trusted cybersecurity partner for businesses and governments around the globe. We have uniquely positioned ourselves to be the leaders in cybersecurity in terms of protecting digital assets for both businesses and individuals.In the second half of 2019, our focus was squarely on Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT). We formed alliances through partnerships while delivering compliant cybersecurity solutions. Although we were born in the blockchain space, we have evolved a lot in a relatively short period of time. Today, we are aligned with the FATF guidelines to support various finance industry players as well as individuals using digital assets.My vision of the future involves the next generation AML, which I coin as Cyber Anti-Money Laundering (C-AML), where AML becomes a part of cybersecurity in digital currency formation that requires a cybersecurity perspective and measurement. I believe that digital financial crime and AML should be addressed under a cybersecurity perspective in more efficient ways. A Mckinsey article reports that in 2017 alone, private companies spent about $8.2 billion USD on AML. Financial crime and fraud finally have merged and become one in the age of cybersecurity.World Leaders at ConferencesCryptocurrencies remained the hottest topic in 2019 and I personally believe this will continue through the next decade. Indeed, there is growing interest in building cyber resilience using decentralized financial technologies — and we are responding. Our work this year was centered around AML, CFT, and investor protections — which were the main agenda items at the G20 summit in Fukuoka, Japan, earlier in June.Coinciding with the G20 was the V20 summit, which Uppsala Security participated in. The summit brought together leading digital asset exchanges and representatives from the Financial Action Task Force (FATF) to develop a coordinated response to address risks from virtual currencies. The FATF standards were recently updated to include virtual currencies. While technological innovations including blockchain delivered huge benefits to both businesses and individuals, we must remain vigilant of risks to investor protection, AML and CFT.Mostly recently, we were invited to ministerial “No Money For Terror“ conference on counter-terrorism funding in Melbourne, Australia! We shared our thoughts on the best regulatory approaches to cover potential gaps related to virtual currencies. We believe that despite receiving attention from many government bodies and corporate giants, cryptocurrencies do not currently pose a major threat to the global financial system. Together, we can step up efforts to go after bad actors, and help users recover from cyber incidents involving digital assets.ComplianceCompliance is another big issue around digital currencies. Banks have been tightening Know Your Customer (KYC) due diligence procedures. Due to increasing concerns about money laundering and terrorism financing, banks have been clamping down on accounts owned by crypto exchanges. Some banks have been freezing accounts belonging to large South Korean exchanges such as Bithumb, causing them to disable the creation of new accounts. A new upcoming bill in July 2020 also proposes tighter compliance regulations in South Korea, where the highest number of virtual currency transactions occur daily. I expect this bill will address the heart of these issues.Our New Partnerships2019 was a banner year for Uppsala Security’s business partnerships. We have established a total of seven partnerships, of which there are four resellers and four business partners.We partnered with the following resellers:Rivertz: January 2019Norma: May 2019Octa Solutions: June 2019Hexlant: August 2019We also established business partnerships with:Bizkey: March 2019Bitberry: March 2019Kyber Network: July 2019PayProtocol: October 2019Most notably, Uppsala Security recently made an agreement to collaborate with the ASEAN Financial Innovation Network (AFIN) by joining their API Exchange (APIX) Platform, an online global marketplace that encourages collaboration between financial institutions and fintech companies. AFIN was established by the Monetary Authority of Singapore, the World Bank’s International Finance Corporation, and the ASEAN Bankers Association.New Cybersecurity Product SuiteIn addition to these partnerships, we rolled out a new crypto security product suite not only for our business partners, but also to a wider ecosystem of companies, organizations, and individuals concerned about cybersecurity and digital asset protection. Our new product suite, which is compliant with the FATF guidelines, is focused on supporting global AML/CFT efforts and supports my vision of the next generation AML, Cyber Anti-Money Laundering (C-AML).With the decentralized Threat Reputation Database (TRDB) being the backbone of our product suite, we launched the Crypto Analysis Transaction Visualization (CATV) tool in April. The CATV tool helps users to visually track down stolen digital assets based on wallet transaction histories and the flows of cryptocurrencies through other wallets. We also released an update to the CATV tool (version 2.2.0) in May.At the same time, we launched the Interactive Cooperation Framework API v2.0 (ICF API v2). This API provides a standardized cybersecurity framework for everyone to use when exchanging the latest security threat information, making threat information exchange as quick and seamless as ever.In Q4 2019, we launched a new machine learning tool that uses pattern recognition to assess risks associated with an unknown crypto address. We call this tool the Crypto Analysis Risk Assessment (CARA) and I am extremely excited about its potential among individuals and businesses that want to further automate cybersecurity around digital assets and cryptocurrencies.Additionally, we are happy to share the availability of our professional service: Summary Wallet Analytical Profiling. Our aim is to deliver customized services to our customers helping them enhance their capabilities for proactively managing risk and regulatory compliance, which is particularly important for being competitive in today’s dynamic age of disruptive technologies. One key benefit of our service is that it helps our clients leverage our curated threat intelligence data to gain analytical insights that enable greater productivity, speed, and improved security towards successfully achieving business goals.UPPward Finetuning UpdatesWhile we were hard at work launching the CATV, ICF API v2, and CARA, we also continued to finetune the UPPward browser extensions. We are happy to extend the availability of the plug in to Brave Browsers. The extension is now available on Brave, Chrome and Firefox. If you are using UPPward extensions, take a few seconds to make sure you are using the latest version. In the new year, we expect to release the pro versions of these UPPward browser extensions.The Future: Going MobileOur next priorities are to provide a wider variety of coin support in our crypto security solutions such as Bitcoin (BTC) support for the CATV tool by the Q1 2020. After that, we may begin to support some upcoming project such as EOS and Klaytn.Beyond that, we noticed an increasing adoption of digital payment utilization on mobile devices. I see this as a need to further protect our users’ virtual assets during their crypto transactions on mobile. Therefore, we are venturing into our first very mobile application that provides the ability to run checks against crypto wallet addresses to review their associated risks. All of this is still in progress and we look forward to sharing more updates in the first quarter of 2020.In a continuous effort, we are conducting ongoing research to enhance detection capabilities of the UPPward browser extensions. Our next product feature, the UPPreward, will also be launched towards the end of Q1 2020 together with some platform visual update.Last but not least, we are also working on a project that provides enhance cybersecurity protection for crypto user to prevent ransomware, crypto-jacking, and other well-known commodity cyber threats. Stay tuned to more surprises in the new year!Letter from the CEO was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 01. 10
What Your Organization Can ...
Part 2: Using Compliant Cybersecurity ToolsIn part 1, we covered an overview of global cybersecurity trends including Singapore’s Cybersecurity Masterplan and obtaining certifications.In this next part, we go into more detail about the tools companies can use today to ensure that they follow the best security practices to protect their valuable assets, sensitive data, and all personal information of their customers and employees.Using FATF-Compliant Cybersecurity ToolsBesides implementing Security-by-Design product development methods and getting their products certified with the CC standards, companies can also use real-time monitoring and reporting tools to ensure they are protected against cyberattacks.As part of the masterplan, companies can develop a more secure operating environment by using tools that exist today that are also compliant with the guidelines set forth by the Financial Action Task Force (FATF), of which Singapore is also a member. Companies transacting with virtual currencies and digital assets need to understand their own AML/CFT risk assessment and conduct due diligence practices consistent with the FATF and Singapore’s compliance with their guidance.The most recent guidelines published in 2019 includes an Interpretive Note to Recommendation 15, which “requires countries to ensure that service providers also assess and mitigate their money laundering and terrorist financing risks and implement the full range of AML/CFT preventive measures under the FATF Recommendations, including customer due diligence, record-keeping, suspicious transaction reporting, and screening all transactions for compliance with targeted financial sanctions, among other measures, just like other entities subject to AML/CFT regulation. This includes coordination with relevant authorities to ensure the compatibility of AML/CFT requirements with Data Protection and Privacy rules and similar provisions”.Existing Cybersecurity Tools for Virtual Asset Service ProvidersWhere virtual assets such as cryptocurrencies are involved, companies — including Virtual Asset Service Providers (VASPs) — must perform wallet risk audits to ensure that wallets associated with their end-users are compliant with AML/CFT laws. Digital asset tracking tools may also be used to discover, track and trace the flow of cryptocurrencies through wallets and fiat gateways. These wallet audits and virtual asset tracking tools need to be a standard part of their risk management procedures. According to the FATF guidelines, VASPs and businesses using these tools also need to assist law enforcement where necessary with their investigations of cybercriminal cases involving hacking incidents, money laundering, and terrorism.Such FATF-compliant tools already exist and are available through Uppsala Security today. Companies can obtain the latest threat information in real time using the Threat Reputation Database (TRDB) based on the blockchain through the Interactive Cooperation Framework API, which uses STIX, an internationally-recognized standardization format. Using the ICF API, cybersecurity companies, governments, and VASPs will be able to secure their digital assets from the latest threats.Data analysis tools from Uppsala Security are also available to help businesses comply with the FATF guidelines and the Cybersecurity Masterplan. The Crypto Analysis Transaction Visualization (CATV) is a forensic tool that tracks digital assets going into and out of a cryptocurrency wallet. This is especially useful for law enforcement in tracing stolen cryptocurrencies and catching hackers before they could cash out through an exchange. The Crypto Analysis Risk Assessment (CARA) is a machine-learning tool that predicts the risk level of a wallet based on past behaviors and transaction activity within both wallets known to be malicious and wallets that have no history of suspicious activity.Together, these tools can help businesses, VASPs, and organizations make the digital space safer for everyone and thus move the ecosystem one step closer to fulfilling the Cybersecurity Masterplan.What Your Organization Can Do To Manage Digital Asset Risk and Compliance Issues was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
20. 01. 08
What Your Organization Can ...
Part 1: New Trends in CybersecurityIn our previous post, we talked about what individuals can do to secure their digital assets and transact safely online.Today, we’ll go over how organizations, including businesses and government agencies, can manage cybersecurity issues surrounding digital assets and critical operations. This is important because businesses are required to maintain compliance with security regulations including those covering anti-money laundering and counter financing of terrorism (AML/CFT).Introduction: New Cybersecurity MasterplanAt the fourth Singapore International Cyber Week (SICW), the Singaporean government announced the Operational Technology Cybersecurity Masterplan aiming to protect the most critical information infrastructures. The masterplan directs equipment manufacturers and service providers to “implement cybersecurity in their developmental phases so that their products and services are built-in with strong cybersecurity measures”.The objectives of this masterplan, developed by the Cyber Security Agency of Singapore (CSA) and industry partners, is to develop a more secure operating technology environment, provide better defense and recovery mechanisms for cyberattacks, and create more awareness about cybersecurity. Under this masterplan, a new OT Cybersecurity Information Sharing and Analysis Centre will be set up to facilitate information sharing among the global threat intelligence hub, according to a Cybersecurity ASEAN press release.Details on actionable to-do items for businesses remain scant at this time, however. While further details will be forthcoming in the next weeks and months, there are some things we can still do to prepare.Obtaining Cybersecurity CertificationInternationally recognized cybersecurity certification can now be issued in Singapore. This January, Singapore attained the status of an international certification authority. Companies can now apply for Common Criteria (CC) certification through the Singapore Common Criteria Scheme (SCCS).The SCCS provides a cost-effective path for businesses to certify their products against the Common Criteria standard, which is adopted internationally by both governments and industries for the evaluation and certification of cybersecurity products.This requires product evaluation to conform to the strict requirements of the CC standards. At the same time, the SCCS will support the growth of the local cybersecurity technology ecosystem, including the product evaluation and certification industry in the region.Implementing Security by DesignPart of the innovation push is implementing Security-by-Design during the product development phase. To ensure that software and hardware products meet Common Criteria certification standards, developers must consider Security-by-Design to ensure products have security built-in right from the start of the product development cycle, rather than seeing security as a piecemeal add-on.In his opening speech at SICW, Dr. Janil Puthucheary, the Senior Minister of State, noted that the personal data of Singaporean citizens was compromised by cyber-attackers as a result of poor security design of network-connected devices. He called for better quality assurance of such products through the stringent CC certification process: “If we can adopt these product evaluation and certification regimes, such as CC, it will give the kind of assurance benchmarked at internationally-recognized standards, to strengthen IT security for our government, Smart Nation as well as the digital economy”.In part 2 of this article, we go into more detail about cybersecurity tools available today that help companies follow best security practices and ensure compliance with new global regulations.What Your Organization Can Do To Manage Digital Asset Risk and Compliance Issues was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 12. 30
The Future of AML: A Holist...
As financial transactions became increasingly digital, banking has become much more convenient for both individuals and businesses.It is now easier than ever to move money from point A to point B, even across borders.Additionally, the birth of digital currencies such as Bitcoin, Ethereum, and other cryptocurrencies known as “alt coins” also made it very easy to make digital transactions while concealing the remitter’s true identity.Perhaps too easy.Indeed, banks and governments around the world have taken notice of the ease of conducting illegal activities using cryptocurrencies, such as money laundering, terrorism financing, theft via exchange hacks, and fraud.The Connection Between Anti-Money Laundering and Cryptocurrency Exchange HacksHere are the key reasons why banks and governments are concerned:Criminals could use cryptocurrencies to conduct scams, (e.g. the plustoken scam), and to launder stolen funds obtained by hacking an exchange.As recently as last month, the Upbit exchange was hacked. $52 million worth of ETH was lost. Uppsala Security is investigating the Upbit incident by using forensic tools to track the stolen coins, helping other exchanges prevent hackers from cashing them out.Of course, banks, payment processors, and other financial institutions are concerned about fighting money laundering. To add to their concerns, criminals are likely using cryptocurrencies for such nefarious purposes.Combating crypto-based money laundering, however, requires a broader cross-functional approach by financial institutions, governmental entities, and law enforcement agencies.The Need for Collaboration Between AML and CybersecurityTo get a full understanding of the crypto-driven money laundering phenomenon and to maintain regulatory compliance, executives must have a high-level understanding of cybersecurity, privacy, and other fields where they may not have expertise.Because of cryptocurrencies, there is an increasing overlap between cybersecurity and anti-money laundering (AML). However, to wage successful AML campaigns, there needs to be open lines of communication between both cybersecurity experts and AML experts.Cybersecurity threats compound the risk of fraud and financial crime, such as money laundering and exchange hacks, within the context of cryptocurrencies. These cybercrimes have become as numerous and costly as ever, whereas “for every dollar of fraud, institutions lose nearly three dollars”. In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on AML controls in 2017 alone.Despite passing new regulations while ratcheting up sanctions against bad actors and their sponsors, governments around the world are finding that the existing regulatory framework is not enough to fully contain such financial crimes.A new regulatory framework is needed to combine AML and cybersecurity into “Cyber-AML” (or C-AML) a new term coined by Patrick Kim, the CEO of Uppsala Security. Kim believes that a cybersecurity perspective is necessary to effectively and efficiently address digital financial crime and anti-money laundering.Financial Crime and Fraud Are Now One and the SameAs we have alluded, the lines between “financial crime” and “fraud” are now blurred to the point where these terms can be interchangeable in the world of C-AML. Cryptocurrencies makes these crimes borderless — and thus more difficult to police.These financial crimes used to be transaction-based. Today, they are more identity-based, where personal information gets exploited. Banks and crypto exchanges are responding with more stringent Know-Your-Customer (KYC) due diligence along with other enforcement rules based on new guidelines set forth by the FATF in 2019. However, the global marketplace demands faster transactions with instant payments. Banks are under constant pressure to maintain a balance between fighting cybercrime while handling authorized transactions instantly to keep their customers happy.Therefore, an integrated cross-functional approach is necessary to control fraud, financial crime, and money laundering while maintaining best cybersecurity practices to ensure compliance with regulations.Data Sharing As a Holistic ApproachBy approaching C-AML with a holistic view of underlying processes, banks can streamline decision-making to support a better customer experience, improve risk management, and reduce costs.In one successful case, a major bank with global reach combined all operations related to financial crime, including fraud and money laundering, into a single global entity functioning as a C-AML department. As a result, the bank obtained a high-level view of customer risk to improve decision-making and reduce operating costs by approximately $100 million.The recipe for success is to use a shared dataset of cybersecurity threats that supports such a holistic approach. If banks, payment processors, and crypto exchanges share the same information and latest intel about the latest cybersecurity threats — not just in the crypto space — but also the broader financial landscape, we can create a more secure digital world for making financial transactions with greater peace of mind for all.The Future of AML: A Holistic Approach To Combat Financial Crime was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 12. 24
Is Cybersecurity For Privac...
Yes. Here’s Why.What Are Privacy Coins?Privacy coins simply are cryptocurrencies that are designed to hide your identity when making transactions. Some of these coins also maintain the anonymity of your wallet addresses and hide the wallet balances.Examples of such privacy coins include Monero, ZCash, and Dash (to name a few), each offering unique technologies and characteristics. Monero, the most popular of the privacy coins, uses technologies such as Ring Signatures to cloak the sender’s identity, stealth addresses to obscure the receiver’s identity, and Ring Confidential Transactions (RingCT) to mask fund amounts. One can say that privacy coins is the digital equivalent of using cash in the real world — untraceable and anonymous.However, the use of privacy coins is a hotly controversial topic.While libertarians are quick to applaud the use of privacy coins as a means of achieving financial freedom from prying eyes of the authorities, governments cast a distrustful eye towards privacy coins fearing that they will be used to facilitate illicit and criminal activities. In fact, governments around the world are increasingly cracking down on money laundering and terrorism financing, and there is no doubt that privacy coins are on their radar.Why Use Privacy Coins?The first thing to understand about privacy coins is that they offer a fundamentally different use case than traditional cryptocurrencies such as Bitcoin and Ethereum. With Bitcoin and other non-privacy cryptocurrencies, the user’s identity may be anonymous, but their financial transactions are public and easily traceable. Governments and law enforcement still can track these transactions on the public blockchain.Privacy coins, on the other hand, these transactions are obfuscated to make it nearly impossible for authorities to track the flow of these coins.The Zerocash white paper makes an argument in favor of privacy coins:“Privacy guarantees are designed to benefit legitimate users who do not want their financial details made public. There is a concern, as always, that decentralized anonymous payments will facilitate the laundering of ill-gotten funds by criminal users… however [privacy coins] barely affect the status quo for criminal users, who already have strong incentives to hide their activity, while it provides notable benefits to legitimate users.”On the other side of the coin (no pun intended), a strong case can be made against them. For the very reason that transactions made with privacy coins cannot be traced by the authorities, privacy coins have been used to facilitate exchange hacks such as the $530 million heist of Coincheck (a Japanese exchange), crypto-jacking, and even ransoms with extortion — just as criminals in Hollywood movies ask for unmarked bills that cannot be traced by law enforcement.AML/CFT Regulations Target Privacy CoinsNot surprisingly, governments are concerned about privacy coins and how they can be used for illegal activity. Indeed, the travel rule posed by the Financial Action Task Force (FATF), which requires exchanges to collect personal information of their users, is one of the latest strikes against privacy coins. However, this may actually push criminals to use privacy coins, whereas they’ve historically used mainly BTC and ETH.Law enforcement officials are not the only ones concerned about privacy coins. In the wake of the Coincheck hack and increased pressure to comply with the FATF guidelines, exchanges have begun de-listing privacy coins, including Monero itself. This takes away one pathway for criminals to cash out illegally-obtained digital assets using privacy coins.Cybersecurity on Privacy Coins Is PossibleWhile around 75% of all cryptocurrency-based illegal activities investigated by the FBI were conducted using BTC, not privacy coins, the FATF travel rule may in fact push criminals to use privacy coins instead. However, with exchanges de-listing privacy coins and governments increasingly aware of their use, it will be more difficult for criminals to hide their money laundering and other illegal activities using privacy coins.Additionally, fiat gateways like Coinbase and Binance US do not allow people to cash out directly with privacy coins. Users would have to convert privacy coins to Bitcoin or a non-privacy cryptocurrency before cashing out.Finally, there has been increasing support and expansion of cryptocurrencies with forensic coin-tracking tools. For example, Uppsala Security has plans to expand the tracking capabilities of the Crypto Analysis Transaction Visualization (CATV) tool to include Bitcoin. The CATV tracks the flow of funds to support AML/CFT enforcement. Plus, with the new Crypto Analysis Risk Assessment (CARA) tool, any wallet that uses privacy coins may be listed as suspicious in the blockchain-based Threat Reputation Database (TRDB) used by law enforcement, governments, organizations, and individual users around the world.Is Cybersecurity For Privacy Coins Possible? was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 12. 18
Blockchain users should wor...
The article was published in The Business Times — http://businesstimes.com.sg/opinion/blockchain-users-should-work-together-to-beat-hackersThe world of blockchain and cryptocurrency is one of excitement and intrigue, as both continue to grow in popularity and value. Yet, is it too good to be true?Reports of scams, hacks, and security threats have become the order of the day. While blockchain’s core technology has earned an excellent reputation for strong security, cryptocurrency assets continue to be stolen on a daily basis. In fact, over US$700 million worth of cryptocurrencies were stolen from crypto exchanges in just the first six months of 2018. Yet, the irony is that hackers and scammers are fair (in a way) — any crypto owner is fair game, be it an individual or an organisation.Many users have thus lost confidence in the security of the crypto market. However, given the scale and acceleration of the issue, what can cryptocurrency users do about it?To answer that, we must first understand the biggest security challenges in blockchain and cryptocurrency. The average cryptocurrency user today faces three major cybersecurity issues — exposure, anonymity, and lack of ownership.The first issue is that ordinary blockchain users are exposed to phishing, malware, fraud and scams far too easily. Hackers and scammers are using a variety of malware to infect and infiltrate computers. From cryptojacking, which enables an attacker to use your computer’s resources to mine cryptocurrencies such as Bitcoin or Monero, to ransomware, which locks a victim out of their device, malware comes in many different forms and can be distributed in lots of different ways. The most successful attack vector thus far has been spear phishing — using spoofed emails to gain unauthorised access to wallets — through socially engineered emails that appear genuine.Secondly, while attackers can easily identify potential victims, the same cannot be said of the reverse. This is because transactions are often done anonymously, with neither party knowing the real identity of the other party — the transaction only goes through by leveraging consensus algorithms. This also means that that there is no way to stop hackers from transferring stolen funds through exchanges, with no way of retrieving stolen cryptos which are already in the full possession of hackers.Finally, the victims of these attacks, who have already suffered loss, are generally solely responsible for resolving the damages. Due to the anonymity of cryptocurrency transactions, and the limited capabilities of crypto exchanges and wallet services in preventing users from transacting crypto funds to malicious addresses, the responsibility of ensuring a safe transaction often falls on the user alone. Furthermore, there currently exists no organisation that provides cybersecurity tools specifically in the area of the protection and recovery of crypto assets.Looking at the three cybersecurity issues, we can attribute the fundamental problem to decentralisation, ie the lack of any centralised control or authority. Without such a body or organisation, the responsibility of solving any security issues lies with every single user, and it’s practically impossible for any individual to come up with a solution for every threat.However, could decentralisation also be the key to tackling today’s growing crypto threats? Blockchain’s distributed peer-to-peer nature could also be used to fight back against hackers.TACKLING THE PITFALLS OF DECENTRALISATION — WITH DECENTRALISATIONIt is essential to relook at our current security ecosystem, as many conventional security practices are inherently too reactive, leaving wallet services and exchanges scrambling to play catchup. While an individual might not be able to solve every issue, having a community of volunteers and advocates that come together to share collective intelligence can create a secure cybersecurity ecosystem.Crowdsourced intelligence is hence the next step to making cyberspace safer. By leveraging the community to stand guard against instances of hacking and attacks, a crowdsourced threat intelligence platform could be created — which will collect, analyse, and validate any information related to malicious activities. This information, once verified, can then be shared with crypto exchanges, custodians, wallet services, and more, thereby protecting users while maintaining the fundamental autonomy of decentralisation and helping to protect the crypto world.With bad actors constantly finding new ways to attack their targets, it is no longer enough to be reactionary, and only plug security holes as they appear. Instead, it is time for blockchain users to be proactive and work together as a community to stay ahead of hackers.The article was published in The Business Times — http://businesstimes.com.sg/opinion/blockchain-users-should-work-together-to-beat-hackersBlockchain users should work together to beat hackers was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 12. 12
Identifying Exchanges Affec...
19. 12. 10
Identifying Exchanges Affec...
19. 12. 06
How to Report Scams, Hackin...
Play IT SafeMaking the digital cyberspace safer doesn’t have to be left to the big cybersecurity corporations. Individuals and small businesses can also play a role in making the Internet a more secure place to do business and exchange information.We are approaching an ideal world where all information about the newest cybersecurity threats can be reported and shared with everyone in real-time. In fact, the quicker crowdsourced threat information is shared amongst us, the Internet would also assuredly become a safer place to transact and do business.However, a few hurdles remain.Many Remain Hesitant to Report Cybersecurity BreachesDue to ongoing stigma, many companies remain reticent to share information about the security breaches they’ve suffered, even when directed to do so by law.A survey by Kaspersky claims that two-thirds of businesses don’t report cybersecurity incidents to regulators. An article suggests that it is out of fear of losing customer confidence or being in violation of regulations. Even the U.S. Department of Homeland Security has a web page where security incidents can be reported, but it is not clear how many organizations, or even whether individuals, self-report when their own defenses get compromised.Only 31% of companies have implemented an incident response strategy to help them respond to security incidents or breaches, according to a Kaspersky Advisory Group who authored a report on The State of Industrial Cybersecurity.Managing Incident Responses for Reported Cybersecurity IncidentsThe best way to manage cybersecurity incidents, and to defend against them, is to make threat identification and information dissemination as seamless and transparent as possible.Organizations need to have a cybersecurity incident response management system in place that enables them to keep track, report, and disseminate information about incidents, intrusion attempts, and breaches.As regulators, companies, and consumers begin to understand that security incidents or hacking attempts are inevitable, the focus will shift to sharing the latest threat information to help others shore up their own defenses against threats-including the newest attack vectors.Why We Should Quickly Inform Others of Suspicious Network ActivityOftentimes, a security breach does not just happen out of the blue. Before a security breach actually happens, there is often some bouts of suspicious network activity in the hours or days leading up to the breach.This is often the case with cryptocurrency exchanges. Suspicious activity by the hackers usually precedes a major exchange hack, but exchanges often miss it. This is because they don’t have a security incident response plan — or more importantly — a tool that automatically detects suspicious activity and alerts their staff of what is happening before the damage is done.Fortunately, there are tools now available today that allow anyone to 1) get real-time alerts of suspicious activity, and 2) immediately report incidents or suspicious activity to a threat intelligence repository that is fully accessible to anyone in the world. Individuals can now submit case reports of incidents and/or suspicious activity using an UPPward browser extension (available for free, supported by Chrome and Firefox) by following these steps.Tools That Help Minimize Exposure to Zero-Day AttacksHackers are always inventing new attack vectors, each more sophisticated than the last. While preventing zero-day attacks may not be possible, we can use a variety of tools that take advantage of crowdsourced intelligence to minimize our exposure to new attack vectors.The backbone of crowdsourced intelligence tools is the Threat Reputation Database (TRDB) created by Uppsala Security. This blockchain-based database pools all the crowdsourced information about the latest threats and attack vectors from around the world. Once the security experts verify the validity of each case submission, each new threat is documented in the TRDB.When new case reports are submitted, a group of security experts called the Sentinels reviews and verifies each case report to make sure the threat is valid and not a false positive. To prevent false positives, Uppsala Security has a two-tiered review system to verify the authenticity of each submission before updating the TRDB for everyone to see.How to Report Scams, Hacking Incidents, and Suspicious Activity Involving Digital Assets was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 11. 25
How to Protect Yourself Fro...
By: Donovan Tan, Cybersecurity ResearcherIn the earlier parts of the series, we shared about the numerous types of mobile malware (Part 1) and their lifecycle (delivery, installation (Part 2), and exploitation (Part3)).Up until this point, you might be seriously questioning the security of mobile devices and why these mobile threat actors are not being stopped. However, the matter of fact is that mobile OS developers like Google ARE putting in the effort to combat such threats. Vulnerability fixes are constantly being rolled out, plugging security loopholes in their systems.Then why do we still see reports of new or modified malware being distributed on the app store? The simple explanation would be the principle of easiest penetration. Many vulnerabilities, both known and unknown, exist in each system and bad actors can exploit any of these vulnerabilities to launch his attack. When mobile OS developers become aware of a vulnerability, they fix it immediately. However, when that happens, malicious actors will simply proceed to find the next vulnerability to exploit, leading to what can be a never-ending cat and mouse game.Despite the presence of constant and evolving threats, however, mobile users can drastically reduce the chance of becoming victim to mobile malware via good cyber hygiene and operational security practices. Below are some tips that will help keep you and your device safe.Download apps only from Official App StoresDownloading cracked or modified applications from third-party stores might be enticing to some. However, due to the absence of stringent security checks, the chance of downloading a trojanized app or malware from these third-party stores is much higher than that of official app stores. Keep yourself safe by only downloading applications from official app stores such as Google Play for Android and Apple App Store for iOS.Do not click on links sent by unknown or suspicious sourcesAs discussed earlier, social engineering and phishing attacks through social media or messenger apps is a common delivery technique used by malicious actors. As our parents warn us: “do not accept candies from strangers”. Likewise, we should never open links, especially suspicious or enticing looking ones, from people we do not know.Religiously install OS updatesOS updates rolled out by mobile OS developers can contain security patches that resolve vulnerabilities and help protect your device against the latest threats. A simple act such as updating your OS can go a long way in ensuring the safety of your device.Understand and check permissions requested by appsWhen installing new applications, it is good practice to check the permissions requested by the app developer. A rule of thumb would be to always compare the promoted functionality of the application against its requested permissions. Is that game application you downloaded requesting for permission to read and write text messages? Or is that currency convertor app you downloaded asking for permission to access your microphone? If applications are requesting critical permissions that, based on the service they provide, make you clueless as to why it would require them, it would be best to deny these permissions, or better still, steer clear of these apps.Interested to join Uppsala Security in security discussions? Speak to us here — https://forum.sentinelprotocol.ioHow to Protect Yourself From Mobile Malware was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 11. 20
How Malware Exploits Your M...
By: Donovan Tan, Cybersecurity ResearcherAccording to research by Check Point, the number of cyberattacks targeting mobile devices has increased by 50% in the first half of 2019 as compared to the previous year, with a notable rise in the number of Android-related malware attacks. So far in the four-part series, we discussed the different types of mobile malware (Part 1) and the delivery and installation (Part 2) phases of their lifecycle. Today, we will talk about the final phase — Malware Exploitation.So, what exactly can mobile malware do to your devices? We will look at two common malware exploitations:Stealing personal informationOverlay attacksPersonally Identifiable Information (PII) & Data ExfiltrationPII and data exfiltration is the main capability of spyware, but are also commonly utilized by other types of malware. PII, as the name suggests, refers to any information that identifies an individual. It includes both sensitive information such as credit card details, medical histories, and national identity numbers (NRIC, Social Security, etc.), and non-sensitive information such as gender or date of birth.A common method to obtain PII from victims in Android would be through abuse of the platform’s Accessibility Services API. This API was intended to help developers create disability-friendly applications using accessibility features and services that run in the background. Among the available features are retrieving texts from other applications. This allows attackers to carry out malicious activities such as intercepting WhatsApp messages.Another method of obtaining PII would be through recording a user’s screen using Android’s MediaProjection API. Due to visual feedback when a user types on the on-screen keyboard, bad actors could easily obtain the victim’s PIN and password by watching recordings of the user keying in their PIN or password.Overlay AttacksOverlay attacks are a common exploit where threat actors create screen overlays above legitimate applications to trick the user into carrying out certain actions. These actions include clicking buttons or entering credentials. Screen overlaying can be likened to a ‘draw-on-top’ feature, which allows certain applications to ‘draw’ over other applications. An example of a widely used screen overlay would be Facebook Messenger’s chat heads.Source: https://www.cnet.com/how-to/use-android-get-chat-heads-by-installing-facebook-messenger/Overlay attacks are commonly utilized by banking trojans as observed in Anubis and Bian Lian; trojans that attempt to gain access to victims’ bank accounts. In such cases, threat actors generate and display a bogus credential harvesting page on top of a legitimate application.Source: https://eybisi.run/Mobile-Malware-Analysis-Tricks-used-in-Anubis/A banking trojan overlay attack at work is demonstrated in the above GIF. When the victim opens the legitimate PayPal application and clicks on ‘Log in’, what seems like a PayPal login page is displayed. However, upon closer inspection, the login page shown is actually a phishing page displayed as a screen overlay, with the intention to capture the user’s credentials.In every campaign using such overlay attacks, threat actors will firstly determine their target organizations and applications. Thereafter, they will create the phishing pages for each target individually to ensure the overlay seems believable. The next question would be how then does the malware know which phishing overlay to show? As explained here (https://eybisi.run/Mobile-Malware-Analysis-Tricks-used-in-Anubis/), malware writers constantly retrieve the list of running processes and application packages, and compares newly started processes to the names of their target apps. Once a match is found, the malware will instantly create an overlay with the corresponding phishing page it retrieves from the C2.— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — https://www.zdnet.com/article/mobile-malware-attacks-are-booming-in-2019-these-are-the-most-common-threats/Interested to join Uppsala Security in security discussions? Speak to us here: https://forum.sentinelprotocol.ioHow Malware Exploits Your Mobile Devices was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 11. 14
How Mobile Malware Gets Del...
By: Donovan Tan, Cybersecurity ResearcherAs connectivity brings more convenience to all of us, we observe an increasing reliance, value, and adoption that makes our mobile devices an attractive target for cybercriminals. In this four-part series, we will explore the various types of mobile malware (Part 1), their lifecycle (delivery, installation (Part 2) and exploitation (Part 3)), and how to protect yourself against them (Part 4).Part 2: How Mobile Malware Gets Delivered and InstalledWith a greater amount of activities being carried out on mobile devices, malicious actors find themselves with broader and numerous attack opportunities. This makes it possible for mobile malware to be delivered through various channels. Despite this, bad actors still face two challenges hampering the successful delivery of their malware.The first would be to bypass the anti-malware detection systems within mobile OSes and official app stores put in place by mobile OS developers. Google Play, the official app store for the most used mobile OS, Android, has machine learning malware detection systems and a team to review apps before and after they are published on the store .The second challenge faced would be to convince users to download the malicious application. Be it through official or unofficial app stores, or direct download links for installer files, malicious actors would need to employ methods to compel users to download the malware.A popular method to overcome these challenges during delivery would be the use of trojan droppers, while a popular channel would be social media and messaging apps. For clarity’s sake, delivery channels refer to mediums used to spread malware (e.g. app stores, emails, messaging apps, etc.), while methods refer to any tactic employed by bad actors in relation to malware delivery. These tactics could involve preparation (e.g. hiding of malware in apps that appear legitimate) up until delivery (e.g. phishing).Trojan-droppersTrojan droppers are seemingly innocent applications that ‘drop’ malicious applications by executing code. The code either decrypts and executes a malicious payload within, or downloads and installs malware from an external server. The use of trojan droppers has become increasingly common among cybercriminals. Anubis and Agent Smith are just some recent examples of successful and widely spread malware that have been found to utilize trojan droppers.Droppers are favoured by threat actors because they overcome the two obstacles mentioned above. Droppers do not explicitly exhibit malicious behaviour, they simply execute instructions to download, decrypt and install programs. Moreover, different droppers carrying the same malicious payload generate different hashes, rendering the use of malware hashes to identify trojan droppers ineffective. These characteristics help to bypass malware detection systems.Besides, droppers can also entice users to download them. These droppers are usually packaged as useful utility apps such as currency convertors, or apps with ever-present demand such as gaming, gambling, or pornography.Dropper apps carrying the Anubis found on the Google Play Store. (Source: Trend Micro)Social Engineering Attacks Using Social Media and Messaging AppsSocial media and messaging apps are a popular malware delivery channel used to carry out social engineering attacks. Victims can be tricked into downloading trojanized applications through psychological manipulation.An example of such malware delivery would be ViperRAT, an advanced persistent threat (APT) that targeted the Israeli Defence Force. It has surveillance capabilities used to collect personally identifiable information (PII) and private content such as stored images and device information. The threat actor behind ViperRAT made use of fake social media profiles passing off as young and attractive women to contact members of the Israeli Defence Force.As seen in the image below, these fake profiles initiated chat and built rapport with their victims, eventually requesting them to install another chat app if they would like to continue chatting. These chat apps, however, would be trojanized versions of legitimate chat apps, containing ViperRAT-related payloads.Social engineering attack via social media used by ViperRAT threat actor. (Source: Dark Caracal Part 1, Kaspersky Security Analyst Summit 2018 by Cooper Quintin (EFF) & Michael Flossman (Lookout)In reality, malicious actors commonly use combinations of different delivery methods and channels to increase the chance of successful malware delivery. In the ViperRAT case, the trojanized chat app functioned as a dropper that installed a secondary application containing malicious surveillance functionalities.Command and Control Servers (C2)After successful delivery, the next step in the mobile malware lifecycle would be the installation of malware in preparation for carrying out the exploit. At this stage, malicious actors commonly make use of Command and Control Servers (C2), and abuse permissions defined by the mobile OSes.Command and Control Servers are used to communicate with compromised devices. The communication can range from a dropper downloading a malicious application from the C2, to the malicious app itself getting resources from and sending data such as personally identifiable information (PII) to the C2.Traditionally, the URL or IP address of the C2 server would be placed within the malware’s codebase.Rotexy C&C URL within its code, 2015. (Source: Kaspersky securelist.com)However, malicious actors today have turned to more novel ways to mask their C2 servers. An example would be how the banking trojan, Anubis, made use of social media including Twitter and Telegram to retrieve the address of their C2 server. Researchers at PhishLabs found links to social media accounts and channels instead of plaintext C2 URLS within Anubis code samples. These social media accounts have been observed to post encoded strings and even Chinese characters converted from these strings, which researchers have identified to be obfuscated C2 URLs. Devices infected with the malware would obtain the encoded strings from these social media accounts, decode them to get the C2 URL, and then proceed to page home to the C2.URL to telegram channel with encoded C2 String found within Anubis code. (Source: PhishLabs)As mentioned by the Sophos team, who also investigated this C2 obfuscation technique used by Anubis, the use of social media accounts to share encoded C2 URLs also gave bad actors the flexibility to push out new C2 URLs to bots.Permissions AbuseThe top two mobile OSes today, Android and iOS, both use permission-based access control. Applications are required to be granted necessary permissions before being allowed to execute certain actions. In the Android framework, permissions are largely related to system features such as accessibility services and accessing personal data. App developers are required to specify what permissions their application needs, with users being asked to approve these permissions before the app runs.This means that during the installation of malware, malicious actors would still need to procure the permissions required by their malware to carry out its exploits. Targets with poor cyber hygiene (operational security habits) who do not make it a habit to check requested permissions before installing apps will likely end up being victims.These actors have used tricks to get victims to accept these permissions. In the case of Anubis, the malware downloaded from the C2 server masquerades as ‘Google Play Protect’ and requests that critical permissions be granted. Users who are not careful would be tricked into believing that this request for permissions is related to an update of the official ‘Google Play Protect’.— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — https://www.geeksforgeeks.org/google-play-protect-how-it-detects-and-removes-malicious-apps/ https://www.android.com/play-protect/ https://securelist.com/mobile-malware-evolution-2018/89689/ https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/ https://blog.lookout.com/viperrat-mobile-apt https://www.youtube.com/watch?v=7X0D2gX1PD0 https://blog.lookout.com/viperrat-mobile-apt https://info.phishlabs.com/blog/bankbot-anubis-threat-upgrade https://info.phishlabs.com/blog/bankbot-anubis-telegram-chinese-c2 https://news.sophos.com/en-us/2019/05/01/how-anubis-uses-telegram-and-chinese-characters-to-phone-home/ https://www.maketecheasier.com/anubis-android-malware-steals-money-from-users/How Mobile Malware Gets Delivered and Installed was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 11. 05
Uppsala Security, OCTA Solu...
Singapore, 31 October 2019 — Uppsala Security signs partnership agreement with PayProtocol, South Korea’s leading blockchain-based payment platform, to provide an anti-money laundering solution called Crypto AML-PRISM, which was jointly launched with OCTA Solution earlier this year. OCTA Solution is a Reg-Tech financial compliance firm based in South Korea.The goal of this business partnership is to build and service a crypto AML solution that complies with the risk-based approach (RBA) recommended by the FATF for crypto vendors, and integrate it into the Paycoin Wallet app, a cryptocurrency payment platform service by PayProtocol.PayProtocol’s key focus has been on accelerating the popularization of cryptocurrency in real payment services. According to PayProtocol, the number of crypto wallet application subscribers in Paycoin surpassed 150,000 as of October 17, 2019. Its users are able to make payments with the Paycoin (PCI) just like real cash in about 10,000 online and offline franchises in South Korea, such as Domino Pizza, KFC, Dal.komm Coffee, and convenience stores.The new Crypto AML solution was a result of collaboration between OCTA Solution’s Anti-Money Laundering solution for existing financial institutions with Uppsala Security’s security technology for cryptocurrency, which enables users to accurately extract and report suspicious transactions. This new AML solution was announced at the RegTech — SupTech showcase of Korea Fintech Week 2019 hosted by the Financial Supervisory Service (FSS) of Korea in May 2019.“Through the business agreement with Uppsala security and OCTA Solution, PayProtocol will be introducing KYC and AML solutions equivalent to the level of traditional financial services’ AML requirements, which also have additional functions covering tracking/extracting/reporting on the suspected crypto transactions,” said Ted Hwang, CEO of Paycoin. He adds, “In addition to securing users’ assets, the company aims to further enhance project reliability by complying with international regulations recommended by the FATF, while laying the foundation for its move toward a global payment platform.”“I am very pleased that the agreement with Paycoin will allow its security technology to be more widely used in real-life economic services, and which enables the expansion of its secure cryptocurrency ecosystem,” said Patrick Kim, CEO of Uppsala Security.“Even though FATF’s recommendations have already been announced, uncertainty has been growing since its special bill haven’t yet been brought out in South Korea. At this time, Paycoin’s proactive decision for introducing the anti-money laundering solution to comply with FATF guidelines is considered a great example of self-regulation and we hope to have a positive impact on other virtual asset service providers who are hesitant to adopt,” said Park Man-sung, CEO of OCTA Solution, an advisory of Korea’s Financial Supervisory Service.About PayProtocolThe Swiss-headquartered company Payprotocol is a reverse project carried out by Korea’s leading integrated payment business company ‘Danal’ and provides a blockchain-based cryptocurrency payment platform service, ‘Paycoin’, which is easy to use at both on- and off-line merchants. PayProtocol is a simple and convenient cryptocurrency payment platform for both e-commerce and retail use. By combining Danal’s 20 years of experience in payments with blockchain technology, PayProtocol aims to mitigate the pain points of traditional payment systems, mainly excessive intermediary processes, high fees, and slow payment schedules.About OCTA SolutionOCTA Solution is a Reg-Tech firm that specializes in financial compliance solutions such as risk-based money laundering prevention (RBA/AML) and multilateral financial information automatic exchange systems (FATCA/CRS). According to enhanced AML regulations expanded to fintech, lenders, and e-finance companies, OCTA Solution has been supplying customized leg-tech solutions to businesses so they can respond to various financial regulations in a cost-effective manner.About Uppsala SecurityUppsala Security built the first crowdsourced Threat Intelligence Platform known as the Sentinel Protocol, which is powered by blockchain technology. Supporting the framework is a team of security analysts and researchers, who aim to deliver a safely interconnected experience with a suite of solutions that meet the crypto security needs of organizations and the compliance standards of the cybersecurity industry. Uppsala Security (https://uppsalasecurity.com) is headquartered in Singapore and has offices in Seoul, South Korea, and Tokyo, Japan. Follow Uppsala Security on Telegram, LinkedIn, Twitter, Facebook and Medium.Uppsala Security, OCTA Solution and PayProtocol Join Hands to Build Crypto AML Solutions was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 10. 31
How Safe is Your Mobile Dev...
By Donovan Tan, Cybersecurity ResearcherPsst… pssst… Half-awake, I reluctantly picked up my mobile phone, hitting the snooze button for the umpteenth time. I was never a morning person, and what’s more, we had a few rounds of drinks the previous night at my best friend’s bachelor party. He was getting hitched to his long-time girlfriend he met through the mobile dating app, Tinde — OH NO! IT’S ALREADY 9:30 AM! Realizing what time it was, I immediately jumped out of bed — I had to be at work by 10 AM for a meeting. I requested a GrabCar to my office in 10 minutes. While in the car, I paid my friend for last night’s drinks using PayNow (Singapore’s widely used peer-to-peer payment service), downloaded and sent a document I prepared for the meeting to my boss through iCloud and Slack, and placed a Food Panda order for a sandwich to be delivered after the meeting — all through my trusty(?) mobile phone.With the advancement of mobile technology, along with the digitalization of economies and businesses, mobile phones today have become a gateway to a host of services integral to our modern life, both at work and play. The value of transactions made using mobile devices through existing and new services has been increasing. With mobile P2P payment systems for fiat and cryptocurrencies (albeit at a slower pace) gaining acceptance within mainstream society, it will only continue to rise.This mobile phenomenon is worldwide and prevalent even in developing countries. In Kenya, mobile phone penetration stood at 80% in 2018, with 83% of these users utilizing revolutionary mobile payment services like MPesa. According to Statista, the number of smartphone users stands at more than 3 billion in 2019 and is forecasted to continue rising by hundreds of millions over the next few years.Undeniably, mobile phones bring more convenience to all of us, but it is precisely this increased reliance, value, and adoption that makes our phones an increasingly attractive target for cybercriminals. According to research done at Check Point, the number of cyberattacks targeting mobile devices has increased by 50% in the first half of 2019 as compared to the previous year, with a notable rise in the number of Android-related malware attacks. In this four-part series, we will be exploring different types of mobile malware (Part 1), their lifecycle (delivery, installation (Part 2), and exploitation (Part 3)), and how to protect yourself against them (Part 4).Part 1: Types of Mobile MalwareMalware is an umbrella term used to describe all malicious software in general. Malware comes in many different forms — spyware, adware, ransomware, trojans, and more. Different pieces of malware might share the same objectives, which, in many cases, involves financial gain. They may even use generic tricks and techniques (screen overlays, recordings, etc.), but what sets them apart would be the approach they use to achieve these objectives. In reality, malware can be packaged as a combination of its various forms. For example, a trojan might have spyware capabilities too. Let’s take a quick look at the more prevalent types of malware affecting the mobile landscape today.SpywareSpyware is a form of malware that can not only be used to secretly monitor a victim’s online cyber activity, but also steals personal information such as messages, passwords, and bank account numbers. Bad actors that might use them include cybercriminals looking to gain illegitimate access to bank accounts, state actors wanting to monitor persons of interest like dissidents, or even spouses trying to stalk their partner through spouse-ware, an increasingly popular variant of spyware.An example of spyware would be Monokle, which was discovered by Lookout, a mobile security company. According to them, Monokle targeted individuals residing in the Caucasus territory and those interested in the Syrian militant group Ahrar Al-Sham. It has capabilities to steal various types of data such as calendar information, passwords through screen recordings, and even record calls and environment audio.Mobile AdwareMobile Adware is malware that intrusively displays unwanted advertisements to generate ad revenue. Though not always malicious, these advertisements are nonetheless disruptive to users. Examples include full-screen advertisements upon starting up an application and layered advertisements as seen below. Source: https://news.sophos.com/en-us/2019/02/21/abusive-mobile-adware-aggressively-touts-more-adware/RansomwareIn ransomware, malicious actors either prevent access to resources within a victim’s mobile device, or threaten their victims with fabricated evidence of their involvement in criminal activity. Thereafter, a demand will be made for ransom to be paid in exchange for returning access to such resources, or in the latter situation, the incriminating evidence to be destroyed. Partly due to its anonymity, the ransom is usually requested to be paid in cryptocurrency, wherein the bad actor will provide his unique cryptocurrency wallet address to the victim. After receiving the ransom, the actor will then need to convert the crypto to fiat through channels including crypto exchanges.In most cases, victims of ransomware are advised to look for alternate solutions and professional help instead of paying the ransom, as there is no guarantee that the threat actor will uphold his side of the deal. However, in cases where victims do pay the ransom, solutions such as Uppsala Security’s Crypto Analysis Transaction Visualization (CATV) tool can be used by law enforcement agencies, victim organizations, or individuals to trace the paid ransom. If carried out in a timely fashion, this will provide the opportunity to freeze the criminal’s funds and recover the ransom when the criminal tries to cash out through crypto exchanges.An example of mobile ransomware would be Rotexy. As seen below, a warning message from an organization identifying themselves as ‘FSB Internet Control’ is displayed by Rotexy. The message accuses the victim of watching prohibited videos and instructs the victim to pay a fine.Ransomware message shown by RotexySource: Kaspersky (https://www.kaspersky.com/blog/rotexy-banker-blocker/24733/)TrojansBroadly speaking, trojans are malware packaged as pieces of legitimate-looking software. Trojans can come with various malware-capabilities hidden within them, resulting in its different forms such as spyware trojans, ransomware trojans, or banking trojans.As we will read in Part 2, most mobile malware comes in the form of trojanized applications released on application stores.Share with us your thoughts on the Uppsala Security Forum — https://forum.sentinelprotocol.io— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — https://www.pewresearch.org/global/2018/10/09/majorities-in-sub-saharan-africa-own-mobile-phones-but-smartphone-adoption-is-modest/ https://www.zdnet.com/article/mobile-malware-attacks-are-booming-in-2019-these-are-the-most-common-threats/ https://blog.lookout.com/monokle https://news.sophos.com/en-us/2019/02/21/abusive-mobile-adware-aggressively-touts-more-adware/ https://www.kaspersky.com/blog/rotexy-banker-blocker/24733/How Safe is Your Mobile Device? was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 10. 30
Uppsala Security joins the ...
Singapore, 24 October 2019 — Uppsala Security announced today that it has joined the API Exchange (APIX) Platform. APIX is the flagship product of the ASEAN Financial Innovation Network (AFIN). AFIN is established by the Monetary Authority of Singapore, the International Finance Corporation and the ASEAN Bankers Association.Established in early 2018, Uppsala Security aims to protect the digital assets of organizations and individuals from hackers, scams, and fraudulent activity. The APIX platform enables potential users to become acquainted with Uppsala Security’s security solutions, giving them a chance to evaluate their use in a cost-effective manner.The integration of Uppsala Security’s Interactive Cooperation Framework (ICF) API allows organizations to make real-time queries of threat intelligence validated by security experts and hosted in our crowdsourced Threat Reputation Database (TRDB). The framework is available in a standardized format enabling governments, enterprises of all sizes and types, and Virtual Asset Service Providers (VASPs) to drastically reduce the time and resources necessary for processes related to anti-money laundering (AML), anti-coin laundering (ACL), and Know Your Customer (KYC) due diligence.“In the last few years, we have observed an ongoing stream of disruption and damages caused by the growth of cyber vulnerabilities and attacks suffered by the finance sector as it merges with new technologies. Our analysis indicates that the core blockchain technology can be used to securely record data exchanges between two different entities. However, DApps and decentralization enable organizations and individuals to make their own security decisions without relying on a central authority, and this introduces security vulnerabilities and threats that need to be addressed,” said John Kirch, SVP of Sales and Business Development at Uppsala Security.Uppsala Security developed and operates Sentinel Protocol, the first crowdsourced threat intelligence platform, that enables its users to proactively detect malicious threats and attacks, analyze and visualize crypto transactions, deter criminal activities, and, mitigate their potential damages through affordable and effective security solutions.“AFIN is pleased to welcome Uppsala in its ever growing community of FinTechs and service providers. Our objective is to speed up the process of digitization in the financial services industry and services like that of Uppsala help provide the safety net important for the industry,” said Manish Diwaan, Managing Director of AFIN.About Uppsala SecurityUppsala Security built the first crowdsourced Threat Intelligence Platform known as the Sentinel Protocol, which is powered by blockchain technology. Supporting the framework is a team of security analysts and researchers, who aim to deliver a safely interconnected experience with a suite of solutions that meet the crypto security needs of organizations and the compliance standards of the cybersecurity industry.Uppsala Security (https://uppsalasecurity.com) is headquartered in Singapore and has offices in Seoul, South Korea, and Tokyo, Japan. Follow Uppsala Security on Telegram, LinkedIn, Twitter, Facebook and Medium.Uppsala Security joins the API Exchange (APIX) Platform was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 10. 24
How to Keep Your Crypto Wal...
Play IT SafeWhen you send cryptocurrencies to (or receive coins from) a destination wallet, do you really know who you are transacting with?Of course I do, you might say.But did you know that you could get in trouble if the aforementioned destination wallet was previously involved in illegal activity?In a scenario where the person you exchanged cryptocurrencies with was involved in a hack or a scam, or even worse, money laundering or terrorism, that very transaction could bring a host of uncomfortable consequences to your financial and personal life.Risks of Transacting With Wallets Involved in Illegal ActivityIf you accept cryptocurrencies from a wallet known to be previously associated with illegal activity, a number of things can potentially happen.1) Forensic investigations could lead back to youEven if you weren’t personally involved with said illegal activity as an accomplice or a beneficiary, law enforcement can trace funds to/from your wallet during their forensic investigation (as in the famous Silk Road case). Law enforcement agencies and tax authorities are now receiving training on how to trace cryptocurrency funds traversing through the blockchain, and it’s only a matter of time before this becomes a standard operating procedure in forensic investigations.2) Obstacles to cashing outBanks, or exchanges with fiat gateways, can also cut off your exit when trying to cash out your cryptocurrencies. These financial institutions are under enormous pressure by government authorities to boost due diligence on all banking customers under new anti-money laundering regulations. Although banks are not in the business of policing financial activity, they do not want to lose billions of dollars in compliance fines if they inadvertently allow money launderers to cash out their cryptocurrencies.3) Reputational damagePlus, if you are a Virtual Asset Service Provider (VASP), you could get “sanctioned” as per the travel rule under new guidelines recently issued by the Financial Action Task Force (FATF). Others may not want to transact with you if your wallet does not have a “clean” history. This bears a reputational risk on your part as others want to protect themselves from inadvertently transacting with wallets with a history of suspicious or illegal activity.What Can You Do to Protect Your Wallet From Reputational Risk?There are two things you need to do to protect your wallet from theft and reputational damage, and everything in between.First, if you are the recipient of cryptocurrency funds, you need to know how to make sure incoming funds are not from wallets associated with hacks, scams, fraud, or illegal activity. This means you must know and investigate their wallet address before you give out your own.Second, you also need to know whether a destination wallet is associated with illegal activity before remitting your funds, lest you be perceived by the authorities as the one who is funding said illegal activity.In practice, this can be difficult or even nearly impossible for you to enforce on your own.Fortunately, however, there are tools available today that involve whitelists of safe wallet addresses and blacklists of addresses known to be involved in illegal or fraudulent activity.These whitelists and blacklists are stored in the Threat Reputation Database (TRDB), and you can use a browser extension to quickly check a wallet address before transacting with it. The UPPward Chrome or Firefox extension will alert you if a wallet address had been previously involved in suspicious or illegal activity, giving you a chance to back out of the transaction.Another tool that just became available as of October 2019, the Crypto Analysis Risk Assessment (CARA) uses machine learning to assess the risk level of a wallet address based on learned cryptocurrency behaviors of people who abide by the law and those who don’t.How to Keep Your Crypto Wallet Clear of Any Illegal Activity was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 10. 16
Play IT Safe with Uppsala S...
“Cybersecurity is much more than a matter of IT.” ― Stephane NappoWith new technologies growing exponentially across the globe, cybersecurity incident epidemics are increasingly likely to happen. As we already know, prevention is better than a cure. Cyberattacks are not only damaging from a financial perspective, but also towards human data and privacy. To make matters worse, with new revolutionary technologies like blockchain making financial transactions immutable, the likelihood of clawing back stolen assets is approaching zero.Plus, cybersecurity now has a human element to it: crowdsourcing. At Uppsala Security, we are aware that this human element is indispensable, no matter how much technology surrounds it. While individuals have gradually assumed increased responsibility for their data and digital assets, they also have a chance to proactively contributing their key insights to protect others from ongoing cyberattacks.Cybersecurity Awareness Month is an internationally-recognized campaign held every October to inform the public of the importance of cybersecurity. The introductory facts above are just the starting point of this campaign, and thus highlight the fact that cybersecurity has become a must. This year, at Uppsala Security, we are going to join the Cybersecurity Awareness Month campaign and focus our efforts on creating educational content to shed more light on the simple steps in ensuring a safer online journey. Our year-round aim is to create technology that makes people feel safe, and this month we will go the extra mile to deliver our message.Own IT. Secure IT. Protect IT. There are now more new technologies racing to market including Artificial Intelligence, Blockchain, Crypto, Internet of Things, Autonomous Vehicles, Electric Vehicles, Collaborative Software, etc. All of these are complementary to the technologies we already have, but also provide new entry points to hackers and cyberattacks. The goal for this 2019 worldwide awareness campaign is to educate individuals on the security best practices they can use to be more secure online while encouraging personal accountability and proactive behaviors.Play IT safe with Uppsala Security. Our product suite is ready. Driven by our mission to prevent criminal activities from happening and to mitigate damages when they do happen, our team has relentlessly developed affordable, effective, and user-friendly products and solutions to secure the online space. Our real-time crowdsourced cybersecurity solutions are working around the clock, while their decentralized characteristics ensure the immutability of threat intelligence data.How we can work together. Cybersecurity is a team sport. Let’s shine the spotlight on it together during the Cybersecurity Awareness Month (1–31 October 2019) and help us bring our message to even broader audiences by sharing the content and products we will release. Anyone wishing to get involved in the campaign — be it individuals, schools, or large organizations — are welcome to join us. This all-inclusive Cybersecurity Awareness campaign is free, easily accessible, and has your best interests in mind.Contact & Follow us:Twitter: https://twitter.com/UPPSentinelTelegram: https://t.me/newofficialsentinelprotocolLinkedIn: https://www.linkedin.com/company/uppsalafoundationE-mail: https://uppsalasecurity.com/supportPlay IT Safe with Uppsala Security was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 10. 09
웁살라시큐리티- 사람들을 안전하게 느끼게 하는 기술
패트릭 김, 웁살라시큐리티의 창립자 & CEO“모두가 세상을 바꾸려고 생각하지만, 아무도 자신을 바꾸려는 생각은 하지 않는다.”— 레오 톨스토이Uppsala Security (이하 웁살라시큐리티)는 이 두가지 이슈, 세상을 바꾸는 것과 우리 자신을 바꾸는 것 모두에 중점을 두고 있다. 하지만 동시에, 우리는 이 두 가지 일을 순차적으로 진행하는 것이 중요하다는 것을 인지하고 있다. 기술적 측면, 혹은 환경적 측면에서 세상에 영향을 미치고자 한다면, 항상 자신을 먼저 가다듬고 명확한 가치와 목표를 유지해야 한다. 지금부터, 센티넬프로토콜은 웁살라시큐리티의 일부가 될 것이다.당신이 아니라 우리다.큰 목표를 이루기 위해서는 더욱 정제된 상황이 요구된다. 우리가 목표로 하는 전세계에 긍정적인 영향을 미치게 하기를 완수하려면, 우리의 정체성을 쇄신하는 것이 필수적이라고 생각한다. 하지만, 커뮤니티에 분명히 전달하고 싶은 점은 우리는 여전히 “우리”라는 것이다. 우리는 여전히 맡겨진 모든 해킹과 혐의 거래의 범죄자를 색출하기 위해 고군분투하는, 예의 같은 팀이다. 센티넬프로토콜은 계속해서 살아있을 것이고, 앞으로도 잘 유지될 것이라는 것을 확실히 해 두고 싶다. 다만, ‘웁살라시큐리티’로의 도약은 우리의 기술이 세계적인 브랜드로, 그리고 전통적인 보안 산업의 영역으로 확장하는데 있어 필수적인 행보라고 생각한다.개인적으로는, 이러한 변화를 통해 해킹과 사기에 대응하는 재능 있는 팀과 함께 제품 개발이라는 이번 프로젝트의 첫번째 장(場)을 마무리하는 느낌이다. 하지만 우리 팀은 보다 큰 미션을 추구하면서 동시에 더 강한 정체성을 갖게 되었다.비즈니스 관점에서, 웁살라시큐리티는 자금세탁과 테러자금조달에 대항하는 전 세계적 대응에 발맞춰 새로운 사이버 보안 솔루션 제품군과 함께 수백만 개의 보안 데이터 항목이 포함된 크라우드 소싱 기반의 데이터 베이스를 확보하게 될 것이다.우리의 정체성을 새롭게 하기로 결정한 데에는 여러가지 이유가 있지만, 가장 중요한 아래 세 가지를 다음과 같이 강조하고자 한다. 1. 당사의 사이버 보안 제품 및 서비스 제품군 채택의 증가 2. 새롭고 보다 사용자 친화적인 웹사이트를 통한 고객 및 파트너 사 들과의 유기적인 상호작용: uppsalasecurity.com. 3. 전통적인 보안 솔루션과 블록체인 기반의 사이버 보안 솔루션 간의 가교역할아래는 우리의 새로운 브랜드 로고이다.우리는 우리의 이전 로고를 좋아했고, 커뮤니티 멤버들 역시 같은 마음이었다는 것을 알고 있다. 그러나 새로운 로고에 대한 열망은 단지 변화 그 자체를 위해서가 아니라, 우리가 계속해서 성장해 가기 위한 필요성에 의해 생겨났다. 이러한 변화는 웁살라시큐리티의 제품군에도 적용될 것이며, 이전의 정체성을 넘어서 확장될 것이다. “Security”의 푸른 육각 점은 센티넬프로토콜에서 비롯되었던 신뢰와 시그널을 고취시켜 더 큰 브랜드로 나아가고자 하는 의미로 해석된다. 하지만 이 새로운 로고 때문에 센티넬프로토콜의 색을 잃고 싶지는 않다. 센티넬프로토콜은 그 자체로 암호화폐/블록체인 시장에서의 파수꾼의 역할을 계속해서 수행할 것이다. 다만, 센티넬프로토콜을 통해 얻은 노하우와 가치 있는 경험들을 바탕으로, 이제 전통적인 사이버 보안 산업으로 우리의 서비스 영역을 확장한다는 사실을 강조하고 싶을 뿐이다.우리의 슬로건: 사람들을 안전하게 느끼게 하는 기술. 우리의 미션 중 하나는 블록체인 기술로 일컬어지는, 그리고 아직도 현존하는 많은 보안 문제로 인해 무법지대(Wild West)로 인식되고 있는 새로운 생태계에 사이버 보안 솔루션을 제공하는 것이다. 하지만, 이 새로운 브랜드는 우리의 기술을 블록체인 시장뿐만 아니라 기존의 전통적인 시장에도 적용될 수 있다는 사실을 보여주면서, 그 동안 머물렀던 안전지대(Comfort Zone)에서 벗어나 더 넓은 세계로 나아가도록 한다. 우리는 어떤 악성 행위자나, 악의적인 조직으로부터 기업과 개인 모두를 보호할 준비가 되어있다.의사소통은 건강한 관계를 유지하는 데 가장 중요한 요소 중 하나이다. 우리는 소통의 힘을 알고 있고, 이것이 2019년 초, 새로운 웹사이트를 만들기 전 웁살라 보안 포럼(Uppsala Security Forum)을 만든 이유이다. 이 곳은 사이버 보안과 관련된 주제에 대해 우리 팀원들이 커뮤니티 멤버들과 공개토론과 담화를 나누는 장소이다.소통을 활성화시키기 위해, 우리는 웹사이트 (uppsalasecurity.com)를 새롭게 리뉴얼 했다. 새로운 홈페이지는 보다 직관적이고 쉽게 탐색할 수 있다. 이 사이트는 보안 솔루션 제품군인 보안위협정보 (Threat Intelligence), 사이버 보안 툴 (Defence Security), 그리고 데이터 분석 툴 (Data Analysis Tools) 대한 심층적인 세부 정보를 제공하며, 사용자는 당사의 제품 브로셔를 다운로드 받을 수 있을 뿐만 아니라 뉴스룸 섹션에서 최신 미디어 기사를 읽을 수 있다.또한 당사는 싱가폴에 본사를 두고 있지만, 세계적으로 유명한 블록체인 허브인 한국에서 비롯되었기 때문에, 웹사이트에 한국어 버전을 지원하기로 했다. 초기 개발 단계부터 한국 커뮤니티와 파트너들의 지속적인 지원과 관심에 깊은 감사를 표한다.우리는 센티넬프로토콜 팀에게 보여준 모든 커뮤니티의 응원과 지원에 감사하고, 우리가 ‘Uppsala Security’ 팀으로 성장해 나가는 새로운 여정에 모두가 계속해서 참여할 수 있도록 초대하고자 한다. 이를 위해, 우리는 웹사이트의 ‘Contact Us’ 페이지를 통해 당신의 피드백을 받고, Uppsala Security Forum에서 우리의 새로운 미션과 목표에 대해 함께 더 많이 토론할 수 있기를 기대한다.웁살라시큐리티- 사람들을 안전하게 느끼게 하는 기술 was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 10. 08
Uppsala Security Unveils Ri...
Singapore, October 7, 2019 — Uppsala Security has unveiled Crypto Analysis Risk Assessment (CARA) — a risk analytic assessment tool that uses their patent-pending machine learning algorithms to learn the behaviour of suspicious wallets and regular wallets in order to evaluate the risk score of a crypto address. Uppsala Security built the first crowdsourced threat intelligence platform which is powered by blockchain technology, with the mission to deter criminal activities from happening or mitigate the damages when they do happen through affordable and effective security solutions.According to the Global Digital Finance initiative, within a decade, the cryptocurrency industry has developed “to a complex ecosystem comprising more than 1,600 types of assets with a total market capitalization of approximately US$300 billion.” The rapidly growing digital currency market has generated new cybersecurity risks. The cybersecurity gap faced by crypto end-users is developing at a rate much faster than the current institutional measures. In view of this, the imperative to take a proactive approach towards strengthening end-user’s cybersecurity defence is crucial to ensure users are safeguarded from cyber threats.Compliant with a Risk-Based Approach (RBA) recommended by the Financial Action Task Force (FATF), CARA protects digital assets by identifying suspicious wallet addresses and determining its risk of exposure to illicit activities. With an estimated 76% of laundered cryptocurrencies washed with a crypto exchange service, there is an urgent need to prevent incidental interactions with fraudulent digital assets, at the point of issuance or redemption, and all transactions in between involving the token. CARA provides Virtual Asset Service Provider (VASP) with the capabilities to distinguish characteristics of a data-empowered sixth sense against hacks, scams, money laundering, terrorist funding, and any other type of malicious activities.“A highly intuitive and easy-to-use tool, CARA empowers the average user to safely evaluate crypto address. With CARA, users can verify the associate risk of a wallet address to which they are transferring their digital assets to,” said Nobel Tan, Chief Technology Officer, Uppsala Security.For an effective cybersecurity defence, CARA is recommended used with Crypto Analysis Transaction Visualization (CATV) tool. Whereas CARA provides a risk based approach to evaluate a crypto address to which cryptocurrencies are to be transferred to, CATV allows users to investigate the historical transaction through visualization while investigating the flow of funds including the source and destination of a specific transaction. Uppsala Security’s CATV is a data visualization tool that allows users to identify, track, and monitor the full transaction journey of crypto tokens — currently for Ethereum, with Bitcoins support by end of the year. It functions as a risk monitoring and evaluation tool by detecting the suspicious activity of cryptocurrencies as all crypto addresses are cross-checked against their Threat Reputation Database (TRDB). It supports international Anti-Money Laundering (AML)/ Counter Terrorist Financing (CTF) standards outlined by Financial Action Task Force (FATF).“As the Digital Asset market evolves, there must be a stronger focus on user capabilities and impact, especially when it comes to users’ security. With the region’s increased vulnerability and evolving landscape, it has become a challenge to keep up with the threats. Uppsala Security is doing so by utilizing our Threat Reputation Database (TRDB), crowdsourcing threat intelligence — which is the backbone of our security positioning. With more than six million indicators and counting, our pool of crowdsourced data is powering our continuous development of reliable machine learning algorithms and ease-to-use cybersecurity solutions. We are confident that this intuitive approach will help any users be more proactive and decisive when it comes to handling cybersecurity for themselves or the organization,” said Tan.About Uppsala SecurityUppsala Security built the first crowdsourced Threat Intelligence Platform known as the Sentinel Protocol, which is powered by blockchain technology. Supporting the framework is a team of security analysts and researchers, who aim to deliver a safely interconnected experience with a suite of solutions that meet the crypto security needs of organizations and the compliance standards of the cybersecurity industry.Uppsala Security (https://uppsalasecurity.com) is headquartered in Singapore and has offices in Seoul, South Korea, and Tokyo, Japan. Follow Uppsala Security on Telegram, LinkedIn, Twitter, Facebook and Medium. Patent pending Crypto Crime Report: Decoding Darknet Markets, Hacks, and ScamsUppsala Security Unveils Risk Assessment Tool to Strengthen Your Cybersecurity Defences was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 10. 07
Written by Patrick Kim, Founder, and CEO of Uppsala Security“Everyone thinks of changing the world, but no one thinks of changing himself.” ― Leo TolstoyAt Uppsala Security, we are focused on doing both. At the same time though, we are aware of the importance of doing these two things sequentially. To make an impact on the world, be it in technology or in our environment, we have to maintain a clear mind and a set of clear values and goals at all times.From this point on, Sentinel Protocol will be a part of Uppsala Security.It’s not you, it’s us.Bigger goals require clearer waters. For us to have the positive impact on the world that we aim for, we believe it is critically important to change our identity. However, we want to reassure our community that we are still us. We are still the same team that fights to expose every hacker and scammer in every case entrusted to us. Let us be clear that Sentinel Protocol will remain alive and well. Our expansion to Uppsala Security is our path to scaling our efforts worldwide and into the traditional security industry.On a personal level, this change closes a productive chapter of making long-lasting connections with talented teams and fighting hacks and scams. However, our team has developed a stronger sense of identity while pursuing a mission bigger than any of us.From a business perspective, Uppsala Security will bring our crowdsourced database with millions of security data entries along with a new suite of cybersecurity solutions to the global fight against money laundering and terrorist financing.There are multiple reasons we decided to refresh our identity, and we would like to highlight the most important three:1. Increase adoption of our cybersecurity suite of products and services.2. Clearer interaction with our audience with a new and more user-friendly website: uppsalasecurity.com.3. Being a bridge between traditional and blockchain-based cybersecurity solutions.We are now unveiling our new brand logo:We loved our previous logo and we know that many community members also felt the same. The desire for a new logo did not arise just for the sake of change, but from a need to continue our growth. This requires expanding beyond our previous identity, just like we would like to do with our product suite. We see this as a metamorphosis towards a larger brand that inspires trust and signals that we once originated from Sentinel Protocol, as can be seen with the blue shaped dot in “security”. With this new logo, we do not want to overshadow Sentinel Protocol — only to highlight the fact that we embrace the know-how and valuable experience gained from that timeframe, and that we are expanding our services to conventional cybersecurity while Sentinel Protocol itself continues to cater to the crypto space.Our tagline: Technology that makes people safe.Part of our mission is to provide cybersecurity solutions to a new ecosystem known as blockchain technology, which is still seen by many as the Wild West. However, our new tagline pushes us from our comfort zone towards wider horizons, showcasing the fact that we look at technology as a whole. Therefore, we are prepared to protect both businesses and individuals from any bad actor or malicious organization.Communication is one of the most important factors in maintaining any healthy relationship. We are already aware of this. This is the reason we built the Uppsala Security Forum at the beginning of 2019, even before building our new website. It is a place dedicated to open discussion with our team members and the rest of the community about any cybersecurity related topic.To further the conversation, we refreshed our website (uppsalasecurity.com). The new site is intuitive and easy to navigate. The site hosts in-depth details about our security solution suite — Threat Intelligence, Defence Security, and Data Analysis Tools, users are also able to download our product brochures and read the latest media articles under Newsroom.Since we originated from South Korea, a global blockchain hub, our website also has a Korean version. We deeply appreciate the continued support from our Korean community and partners since our early development stages.We would like to thank the community for all the support shown to our Sentinel Protocol team, and to invite each and every one of them to continue the journey with us as we expand to the ‘Uppsala Security’ team. Likewise, we are looking forward to receiving your feedback via the Contact Us page on the website and to further discuss our new mission and goals on the Uppsala Security Forum.Uppsala Security―Technology That Makes People Safe was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 09. 19
Hexlant, Lyze, and Sentinel...
Hexlant, Lyze, and Sentinel Protocol: Partnership for Publishing a Joint Blockchain Evaluation ReportSingapore, 10 September, 2019 — Three leading blockchain technology companies, Hexlant, Lyze, and Sentinel Protocol, have signed a business agreement to jointly publish a report on cryptocurrency analysis and evaluation. Based on their expertise in data analysis, they plan to co-author and publish a report containing an objective evaluation of the cryptocurrency market.According to Reuters, global corporate investment in the blockchain sector has more than quintupled from a year ago to $2.4 billion today. The situation is no different in Korea. Large companies and professional investors are increasingly investing in blockchain companies. However, it is hard to find reliable analysis reports on blockchain corporate investment. Due to the nature of cryptocurrency that is highly anonymous, there is always a possibility of data falsification and fabrication. So any public disclosure information provided in good faith by the can be ‘release the status quo’, but it is too difficult for the public to figure the true value and the legal risks of a particular project. Accordingly, these three companies decided to cooperate in publishing a joint Blockchain evaluation report to ensure accurate value analysis and investment. The report will incorporate reviews on anti-money laundering and compliance elements, as well as an objective analysis of blockchain projects around the three axes of off-chain data, on-chain data, and unknown data.“We will use the report to provide an objective investment factor to investors, helping them to assess the value of the listed coins themselves. In particular, we are planning to take the lead in protecting investors by making the effort to verify compliance with cryptocurrency elements such as anti-money laundering,” said Patrick Kim, the CEO of Sentinel Protocol. JongHo Kim, the CEO of Lyze labs, added: “The three companies agreed that the criteria for evaluating cryptocurrency projects should be based on data analysis that cannot be falsified and initiated a joint project. Lyze also plans to actively support databases and related indicators, which are on their own. I’m confident that we can make a great contribution to creating a reasonable and common-sense blockchain investment environment.” “We cannot wait and watch until the standards for analyzing and evaluating blockchain are prepared by overseas institutes. I think it is important for Korea to take a continuous approach to tune in to the level of the market, as blockchain attributes allow anyone to collect and analyze open data from around the world,” said Ro JinWoo, the CEO of Hexlant. He also added that “besides the three companies, we also plan to work with partners who can present evaluation indexes in other aspects to the market.” About Sentinel ProtocolSentinel Protocol is the world’s first crowd-sourced threat intelligence platform utilizing the advantages of decentralization to protect cyberspace with blockchain security. It aims to equip individuals and organizations with cybersecurity solutions that help protect their valuable cryptocurrency assets from malicious threats, attacks, and fraudulent transactions. Sentinel Protocol is headquartered in Singapore and has offices in Seoul, South Korea, and Tokyo, Japan. Follow Sentinel Protocol on Telegram, LinkedIn, Twitter, Facebook, and Medium.About HexlantHexlant is the most experienced Korean blockchain laboratory. Fomer Samsung server and security architect, operation developer, service designer established together Hexlant. Hexlant has been running a blockchain platform that has around 50,000 members since it was founded in February 2018. Hexlant also has supported more than 30 teams all around the world since then. Just in 6 months of its launch, Hexlant’s service ‘Tokenbank’ reached 15 billion won of fundraising, storing more than 120 billion won worth of EOS tokens through its airdrop service. Also, Hexlant provides blockchain education to famous Korean institutions and companies such as FastCampus and SK Planet, publishing Blockchain research reports on Bithum which Korea’s best-known cryptocurrency exchange.About LyzeLyze is a one of Korean rising start-up company that specialized in big data analysis processing. Block detail data for current Bitcoin, Ethereum, and ERC20 cryptocurrency has been crawled from Genesis block point to recent point, indexing all the details of the trend. Accordingly, an on-demand index value can be extracted mechanically.Hexlant, Lyze, and Sentinel Protocol: was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 09. 16
Growing Cybersecurity Threa...
Growing Cybersecurity Threats That Must Be Addressed — and Soon“You cannot protect yourself if you don’t have any visibility.”Certain threats are growing that we cannot see without special tools. If we cannot see them, how can we protect ourselves?The bad news? You can’t.However, the good news is there are ways to expose these threats before they get to you.You Cannot Defend Against What You Cannot SeeEvery time technology advances, new threats, and vulnerabilities emerge. More companies today than ever have been impacted by cyberthreats and still have no idea what hit them. In fact, a survey conducted by Balabit, a security firm, revealed that “a large majority of businesses admitted in the survey that they knew next to nothing about the nature of the security breaches that were plaguing their systems.”We’re not talking about the typical denial-of-service attack, a piece of ransomware scripted by a mischievous teenager, or even a disgruntled employee doing some damage to a company’s sensitive data in an inside job.What we’re talking about is a deeper and more insidious threat: getting your cryptocurrencies mixed up with money laundering and terrorism financing.How does that happen anyway?How Cryptos May Expose You to Legal EntanglementsLet’s say you make crypto transactions with someone or some people. Now imagine some bad actor somehow launders money into cryptocurrency tokens using mixers, tumblers, and exchange trading. The problem is that these tokens may propagate throughout the crypto sphere and reach your wallet, their origin unbeknownst to you.Given that blockchain is fully traceable by anyone, a government or law enforcement agency could trace these tokens to their origin. If money laundering is somehow involved, they will want to trace where all these tokens ended up. Right now, there’s no telling what will happen if law enforcement finds out that you hold tokens that originated from money laundering. With the way the wind is currently blowing, governments around the world are increasingly cracking down and you might inadvertently end up in their crosshairs.Money laundering is an extreme example though. A more common problem will be that if you hold cryptocurrencies, governments will be increasingly suspicious as to whether you are partaking in tax evasion. The IRS recently shocked the world by sending “educational” letters pointedly telling crypto users that they may owe taxes on their gains created by making cryptocurrency transactions.So how can we own crypto and stay on the right side of the law?What You Can Do to Protect YourselfThe most important rule is to know who you do transactions with. If you aren’t sure, there are ways to do some due diligence.One is to verify whether the person you are transacting with is who they say they are. Another is to check whether that person has ever been involved in criminal activities. Finally, keeping good records and documenting every transaction is a way to support your case if a law enforcement agency or tax authority wants to take a deeper look at your cryptocurrency activities.To summarize, here are three keys to protecting yourself from being associated with legal issues around cryptocurrencies:● Know who you deal with● Investigate who you are paying first● Maintain good recordsFortunately, there are some software solutions that make it easy for you to do this.Existing Solutions Available TodayAside from cryptocurrency tax calculators like Bitcoin.tax, there are ways to investigate a cryptocurrency wallet for its legitimacy and any level of involvement with criminal activity before you transact with it. This gives you the peace of mind that you would not be transacting with anyone directly or indirectly involved in criminal activity (and possibly getting in hot water with law enforcement).A set of solutions are being developed by the Uppsala Security within the Sentinel Protocol project, which consists of a large blockchain-based database containing information about the latest threats.The Threat Reputation DatabaseThe aforementioned blockchain-based Threat Reputation Database (TRDB) contains whitelists of safe URLs, wallet addresses, and other indicators, as well as blacklists of malicious URLs, known phishing scams, and cryptocurrency wallets verified to be involved with criminal activity.Imagine that before you transact with a wallet address, you can check this address against the TRDB to see if it has been blacklisted due to illegal activity. If it has, then you simply can decline to proceed with the transaction. If it hasn’t, then you can proceed with peace of mind. A tool developed by Uppsala Security allows you to do exactly that. It is called UPPward, and it can be installed as a Chrome or Firefox browser extension free of charge.The Crypto Analysis Transaction Visualization ToolAnother solution aimed toward law enforcement agencies helps them track digital funds going into and out of a particular wallet of interest. Criminals can no longer cover their tracks using mixers and tumblers because the Crypto Analysis Transaction Visualization (CATV) tool can follow all the “hops” these tokens undertake to reach their final destination all the way from its original source. This can help speed up investigations that previously had gotten bogged down in attempting to catch criminals cashing out stolen cryptocurrencies.The Crypto Analysis Risk Assessment ToolAn upcoming new product is the Crypto Analysis Risk Assessment (CARA) tool. Since no identities are associated with crypto addresses, the CARA will help profile these addresses and assign them risk scores based on learned behaviors of both law-abiding crypto users and cybercriminals. CARA uses machine learning algorithms to gather information about the behavioral patterns of criminals while they make crypto transactions. Therefore, CARA will help other crypto users determine the risk level of transacting with a particular wallet address before actually executing the transaction.With CARA being integrated into Sentinel Protocol, relationships between origin and destination wallet addresses can be mapped out throughout the crypto-verse, providing helpful risk assessment information associated with each wallet address.Growing Cybersecurity Threats That Must Be Addressed — and Soon was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 09. 02
Blockchain Technology to In...
Wouldn’t it be ironic if blockchain technology, upon which Bitcoin runs, would be used by the authorities to catch money launderers and tax dodgers?It does appear we are heading in that direction. 2019 is turning out to be a watershed year for new regulations against money laundering using cryptocurrencies like Bitcoin. The anonymity around cryptocurrencies “is the biggest problem for combating money laundering and countering terrorist financing: the anonymity prevents cryptocurrency transactions from being adequately monitored,” said Dr. Robby Houben of the Policy Department at the University of Antwerp.However, with new regulations down the pike, particularly from the Financial Action Task Force (FATF), cryptocurrencies won’t remain anonymous for much longer.FATF takes the lead against money launderingThe FATF is an independent inter-governmental body that develops and promotes policies to protect the global financial system against money laundering and terrorist financing. Their recommendations are recognized as the global anti-money laundering and counter-terrorist financing standards.In June 2019, FATF made headlines by taking on a leadership role in issuing new regulation guidelines for cryptocurrencies to help governments and financial institutions combat money laundering. Shortly thereafter, members of the 2019 G20 summit in Japan reaffirmed their commitment to “comply with the updated Financial Action Task Force anti-money laundering and countering terrorism financing standards for cryptocurrencies.”One reporter, Aislinn Keely, noted that the new FATF guidelines “include the much-debated ‘travel rule,’ requiring exchanges to collect and transfer customer information during transactions.” If money laundering activities somehow slip through, both banks and exchanges would be held liable as per revised FATF regulations.After getting exposed by crypto, global laws are catching upIn the past, crypto users could mix and tumble their coins to disguise the origin of their digital funds, and transact on exchanges based in most countries around the world without KYC. The laws then were way behind the curve.But, because laws are now catching up, crypto users won’t be able to do this forever. Even well-known tax havens and countries with lax financial laws are cracking down on money laundering. For instance, Malta is stepping up efforts to fight illicit activity including money laundering using cryptocurrencies.Plus, Bitcoin ATMs have a history of being used by money launderers. Several countries, including Spain, are now beginning to crack down on those. According to Bloomberg, owners of Bitcoin ATMs are not required by the strict AML regulations to vet users of the cryptocurrency vending machines.Thailand, a member of the FATF, also plans to amend their Anti-Money Laundering Act to include cryptos. Police Major General Preecha Charoensahayanon, secretary-general of the Anti-Money Laundering Office “told the Bangkok Post he plans to alter the country’s laws to bring cryptos into the AML regime,” according to Coindesk.IRS looking at blockchain technology to catch crypto tax dodgersWhile the FATF spearheads regulatory efforts against money laundering, the U.S. has plans of its own. Through a presentation leaked on Twitter, the IRS confirmed that it plans to train staff to use blockchain technology to track crypto wallets of tax evaders.As of today, it is not clear whether the IRS has actually trained their staff to use blockchain technology to find unreported crypto earnings. Some would argue that the IRS is overworked, understaffed, and stretched too thin to actually follow through with it.However, only last month, the IRS sent letters to cryptocurrency users warning them to pay taxes on their earnings or suffer harsh penalties and legal action.What to expect in the next 5 yearsWith governments around the world ratcheting up efforts to combat money laundering using cryptocurrencies, what is likely to happen is a divergence in the crypto market into two separate markets.The vice president of Bittax, a crypto tax calculation platform, agrees. “Pretty soon, what we are going to get is two separate groups of crypto addresses: clean crypto and black-market crypto. To get into the clean group, you must declare your crypto addresses, account numbers, location information, beneficiary’s name, etc. If you choose not to disclose this information, you will be automatically assigned to the black-market group,” said Or Lokay Cohen of Bittax.The real danger for law-abiding citizens who happen to use crypto is that they could get their digital currencies inadvertently tangled up with those being used in money laundering or illegal activities. To protect yourselves from getting caught up in the black-crypto market, education is essential as well as being proactive in coming forward to share data of malicious attackers. Therefore, there is a strong need for a reporting platform so that victims of inadvertent entanglements with black-market activities.Blockchain can be used against cryptocurrency launderersThe good news, however, is that “blockchains could play a significant role in preventing money laundering by enhancing the transparency of their transactions,” says Yurika Ishii, Ph.D.One such example exists today in South Korea and Singapore — Sentinel Protocol, a platform that has wallet tracking and reporting capabilities along with a blockchain-based database designed to protect all its users from getting their funds mixed up with money launderers and tax evaders. Governments would also be especially interested in the Crypto Analysis Transaction Visualization (CATV) tool because it allows them to trace digital funds coming into or transferring out of a particular wallet.Blockchain Technology to Increase Role Against Money Laundering was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 08. 19
Sentinel Protocol Announces...
Singapore, 7 August, 2019 — We are excited to announce that Sentinel Protocol has a new strategic partnership with Hexlant, a leading Korean blockchain technology, and service laboratory.Hexlant provides a blockchain wallet service that supports the largest variety of blockchain nodes in Korea through its self-developed modular cryptocurrency node.Sentinel Protocol and Hexlant’s collaboration aims to develop new solutions through the integration of Sentinel Protocol’s crypto Anti Money-Laundering/ Combating the Financing of Terrorism (AML/CFT) technology into the Hexlant Node, including the Threat Reputation Database (TRDB), Crypto Analysis Transaction Visualization (CATV) and Crypto Analysis Risk Assessment (CARA)*. Together, Sentinel Protocol and Hexlant will cooperate in expanding the crypto-security market for businesses based on their strategic partnership agreement.“We are pleased to co-establish Sentinel Protocol’s security enhancement service on the Hexlant Node. Hexlant has already established 12 nodes and succeeded in commercializing them in the South Korea market through the subscription-based business model,” said Koo Min-woo, Country Manager of Sentinel Protocol, Korea. He also mentioned: “We plan to provide cooperative security solutions service to 15 existing customers of Hexlant first and continue to expand cooperation between our two companies in the financial business.”“The most important part of blockchain finance is the security of corporate crypto wallets, which will be applied not only to companies but also to investors in the future. We believe that the introduction of Sentinel Protocol`s anti-money laundering technology will enhance transparency in the market, including monitoring suspicious transactions and managing blacklist accounts, said Park In-soo, Chief Security Officer of Hexlant.*Crypto Analysis Risk Assessment (CARA)* CARA is an intuitive solution to classify a crypto address risk level using machine learning algorithms that continuously learn behaviors exhibited by known malicious wallets and normal wallets. This solution complies with a Risk-Based Approach (RBA) recommended by the FATF, and it can help users to proactively determine which transactions are suspected of money laundering and terrorist financing.About Sentinel ProtocolSentinel Protocol (https://sentinelprotocol.io/) is the world’s first crowd-sourced threat intelligence platform utilizing the advantages of decentralization to protect cyberspace with blockchain security. It aims to equip individuals and organizations with cybersecurity solutions that help protect their valuable cryptocurrency assets from malicious threats, attacks, and fraudulent transactions. Sentinel Protocol is headquartered in Singapore and has offices in Seoul, South Korea, and Tokyo, Japan. Follow Sentinel Protocol on Telegram, LinkedIn, Twitter, Facebook, and Medium.About HexlantHexlant (https://www.hexlant.com/) is the most experienced Korean blockchain laboratory. A former Samsung server and security architect, operation developer, and service designer together established Hexlant. Hexlant has been running a blockchain platform with around 50,000 members since it was founded in February 2018. Hexlant also has since supported more than 30 teams all around the world. Just within six months of its launch, Hexlant’s service ‘Tokenbank’ reached 15 billion won of fundraising, storing more than 120 billion won worth of EOS tokens through its airdrop service. Also, Hexlant provides blockchain education to famous Korean institutions and companies such as FastCampus and SK Planet, along with publishing Blockchain research reports on Bithumb, one of Korea’s best-known cryptocurrency exchanges.Sentinel Protocol Announces a Strategic Partnership with Hexlant was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 08. 07
How Decentralized Cybersecu...
How Decentralized Cybersecurity Can Support Governments in Fight Against Terrorism and Money LaunderingThings have been getting heated in the cryptocurrency space lately. On the week of July 16, U.S. Treasury Secretary Steven Mnuchin called Facebook’s planned cryptocurrency, Libra, a “national security issue”, thinking that it can be used to facilitate illegal activities such as drug dealing and terrorism.However, we don’t believe cryptocurrencies are doomed and that cooler heads will eventually prevail. First, let’s take a look at how cryptocurrencies are being used by criminals, and how anti-money laundering (AML) and counter-terrorism financing (CTF) laws have been expanded to include digital currencies. Then, we’ll discuss how blockchain’s traceability and decentralization can actually help combat (rather than facilitate) illegal activity.How Money Launderers and Terrorists Use Digital CurrenciesCriminals use mixers and tumblers to split up, scramble, and reassemble their crypto funds into different wallets and exchanges, where they repeatedly trade with several altcoins. They do this to obfuscate the origin of their digital funds and cover their tracks.Many cryptocurrency exchanges are unregulated without any KYC, making cryptocurrencies attractive to criminals. Some of these unregulated exchanges in jurisdictions with lax KYC/AML laws can be used even without mixers or tumblers. In fact, these unregulated exchanges receive 36 times more Bitcoin from money launderers than regulated exchanges.However, many criminals don’t understand that blockchains and their immutability make it easy to trace the origin and destination of their digital funds. Some have already gotten caught by law enforcement agencies, who actively monitor darknets (e.g. Silk Road) and peer-to-peer markets (e.g. Local Bitcoins) to catch people breaking the law using crypto transactions.The Latest on AML and CTF RegulationsIndeed, governments around the world are increasingly cracking down on cryptocurrencies. Every country has reacted in a different manner. Some have outright banned crypto. Others have levied strict AML laws on any crypto exchanges or custodial services. Increasingly fewer jurisdictions remain lax.Some exchanges and custodial services recently realized they can’t battle governments forever on this. Last September, ShapeShift decided to begin KYC despite loud protests from its customer base. Even last month, Binance announced their decision to restrict service to U.S. customers, and to create a separate and fully regulated exchange for the U.S. market.On June 2019, the Financial Action Task Force (FATF) outlined new regulatory standards involving virtual assets saying that crypto payment providers must be subject to the same KYC/AML/CTF rules as conventional banks. The EU has also issued a directive requiring that crypto exchanges and custodial services be subject to the same identity verification and suspicious activity reporting requirements as traditional institutions.So where does blockchain come in? Blockchain actually possesses the one thing that regulators really want: the ability to trace funds to perpetrators of illegal activity.The Importance of Traceability to Fight Money LaunderingWhat many people, including both regulators and criminals, don’t realize is that blockchain can actually help catch money launderers more than it can facilitate them. Despite what privacy fanatics say, Bitcoin is not anonymous. It runs on a fully traceable distributed ledger that can be used as a publicly viewable verification system for financial transactions.Blockchain also provides the transparency that allows financial institutions and regulators to exchange information with each other in real-time on the same network. Under the traditional regulatory model, violations often go undiscovered. Blockchain, on the other hand, provides regulators with a huge database of potential violations regarding the financial activity.So what’s special about blockchain that allows anyone to trace funds across the digital space down to each perpetrator? The answer is decentralization.How Decentralization Enables Us to Trace Illegal ActivityUnder the traditional system, data is stored in fragmented silo-based systems where banks remain reticent to share information with others. In the case of KYC, the race is on to stay ahead of terrorism and financial crime. Therefore, the costs of compliance (and fines for noncompliance) continue to escalate under the traditional system.Adopting blockchain to fight money laundering on an international scale will require the cooperation of all governments and large financial institutions, but this is not as difficult as it sounds. Rather than facilitating money laundering, decentralization actually offers useful AML capabilities to law enforcement officials, who are starting to use blockchain-based tools to trace financial activity using cryptocurrencies back to their perpetrators.Having financial data and transactions on a single decentralized platform would reduce noncompliance risk due to delayed or inaccurate reporting. A software program can piece all the ledger’s data together to track the original sources of transactions. In fact, this is already available: Uppsala Security’s Sentinel Protocol platform offers the Crypto Analysis Transaction Visualization (CATV) tool based on a decentralized Threat Reputation Database (TRDB), designed to help law enforcement agencies track the origin and destination of digital funds.Using instantaneous exchange of information among financial institutions and regulators, suspicious activity can be flagged, allowing for proactive actions against money laundering thus saving the global economy trillions of dollars.How Decentralized Cybersecurity Can Support Governments in Fight Against Terrorism and Money… was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 08. 07
Sentinel Protocol Announces...
Singapore, 25 July 2019 — Sentinel Protocol, a crowdsourced threat intelligence platform built on blockchain technology, announces a new reseller agreement with CyberSSS, a leader in vulnerability management, web application scanning, and mobile application testing.With a common goal of providing accessible cybersecurity protection to individuals and entities worldwide, both Sentinel Protocol and CyberSSS are committed to offering joint cybersecurity solutions through shared expertise and vision.CyberSSS has agreed to appoint Sentinel Protocol as a direct and official reseller of the software; and under the terms of the agreement, Sentinel Protocol will market and resell CyberSSS products in selected territories,Sentinel Protocol’s crypto protection product suite is aligned with traditional industry standards of security solutions. The benefits of crowdsourced threat intelligence have proven to be critical in markets around the world as hackers have become more increasingly sophisticated with their cyberattacks. These products are aimed to protect digital assets belonging to organizations and end-users from malicious threats, money laundering, and involvement with terrorist financing.“We are most pleased to welcome CyberSSS as our Strategic Partner as there are significant synergies in partnering with CyberSSS, and we are delighted to offer our users a solid portfolio of security solutions with significant value-add,” said John Kirch, Senior Vice President WW Sales at Sentinel Protocol. “The backbone of our products, the Threat Reputation Database (TRDB), was built on a crowdsourced structure: combined effort, valuing each report and indicator that was entrusted to us. As we are aware of the impact that joining forces can have, we are very happy to strengthen our capabilities for providing our users with high-quality cyber solutions.”“First of all, we would like to thank Sentinel Protocol for their support and trust” said Sunisa Srinual, President at CyberSSS. “We value every one of our partnerships and Sentinel will certainly open new doors in the market with our combined capabilities and expertise”. CyberSSS Platform has been designed from the ground up to make it easier for companies like Sentinel to extend their product and service offerings to their clients.”.About Cyber SSSCyberSSS is a leader in vulnerability management, web application scanning, and mobile application testing, transforming how organizations manage vulnerabilities. The company was founded in 2016 by government cyber intelligence experts in Canada and Asia and is recognized today as one of the most innovative and exciting cybersecurity companies in the industry. Having its headquarters in Bangkok, Thailand, CyberSSS also provides a cognitive, on-demand, automated platform that integrates best-of-class scanners and security tools.About Sentinel ProtocolSentinel Protocol is the world’s first crowd-sourced threat intelligence platform utilizing the advantages of decentralization to protect cyberspace with blockchain security. It aims to equip individuals and organizations with cybersecurity solutions that help protect their valuable cryptocurrency assets from malicious threats, attacks, and fraudulent transactions. Sentinel Protocol is headquartered in Singapore and has offices in Seoul, South Korea, and Tokyo, Japan. Follow Sentinel Protocol on Telegram, LinkedIn, Twitter, Facebook, and Medium.Sentinel Protocol Announces a Strategic Partnership with CyberSSS was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 07. 25
Kyber Network and Sentinel ...
Singapore, 24 July 2019 — We are happy to announce that Sentinel Protocol is now accessible through KyberSwap, as well as any other platform tapping into Kyber’s on-chain liquidity protocol such as Enjin, MyEtherWallet, imToken, and many more.Aside from the listing, Kyber Network and Sentinel Protocol are teaming up to bring security awareness to the crypto user community. Now available on KyberSwap, users can download Sentinel Protocol’s browser extension solution, UPPward Network Protection, a search engine for secure cryptocurrency transactions and safer Internet browsing, providing real-time alerts upon surfing a malicious website. The plugin, available for free on Chrome and Firefox, is also a platform to report security incidents and any suspicious network activity to Sentinel Protocol’s security experts. This reporting tool, which sits on the Sentinel Portal, allows UPPward users to play an active role in protecting the community by reporting malicious activity and checking on the verification process on their case submissions.The UPP/ETH and UPP/ ERC20 trading pairs are now live. Trading is available here: https://kyberswap.com/swap/eth-uppAbout Kyber NetworkKyber Network is an on-chain liquidity protocol that allows decentralized token swaps to be integrated into any application, enabling value exchange to be performed seamlessly between all parties in the ecosystem.About KyberSwapKyberSwap, Kyber’s in-house swapping service, is one of the fastest and easiest ways to buy and sell tokens in a fully decentralized manner. On both web and mobile platforms, users can swap tokens through a simple process that requires no deposits, order books, or wrapping.About Sentinel ProtocolSentinel Protocol is the world’s first crowdsourced threat intelligence platform built on the blockchain. It collects and analyzes real-time hacks, scams, and fraud for improved security of digital assets. The ecosystem discourages malicious behavior by preventing the use of stolen digital assets. Sentinel Protocol aims to equip individuals and organizations with cybersecurity solutions that help protect their valuable cryptocurrency holdings from malicious threats, attacks, and fraudulent activity.Kyber Network and Sentinel Protocol Partners to Protect the Crypto Community was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 07. 24
Why Smart Cities Need Decen...
Author: Lynnette Chow, Head of MarketingSmart Cities are getting smarter. But are they getting more secure?At the Smart Nation Summit 2019, Singapore’s Prime Minister Lee Hsien Loong said the Smart Nation Initiative is integral to Singapore’s next phase of nation building.This initiative was first launched in 2014, with the goal to digitize Singapore’s policy processes and urban environment. It has already seen enormous success, having given rise to administrative reorganization and increased state-citizen engagement.And this isn’t just happening in Singapore.Smart Cities around the globe are on the rise, as people and objects become increasingly interconnected. Such trends bring out higher productivity, economic improvements, lower costs, and improved lifestyle changes for many people.However, hidden dangers lurk.The Dangers of HyperconnectivityIn a world where everything is digitally connected, unbeknownst to us, our data floats in the cloud between the Internet we are familiar with and the hidden dark web.In fact, data privacy has been among the hottest topics since huge data security breaches impacted Facebook and Google users, as well as in the healthcare and financial industries. These repetitive data breaches reflect the lack of technical cybersecurity, companies’ lack of regard for their users’ data, and the increasing sophistication of hackers.In the last 3–5 years, we have witnessed an alarming increase of hacks and fraudulent activities occurring in Asia as well as worldwide. Apart from increasing attractiveness to hackers for exploitation, this can be partly attributed to the sudden proliferation of cloud computing infrastructure.The Best Weapon Against Security Threats to Smart CitiesThe key to combating security threats to Smart Cities is innovation. We need to innovate to identify key cybersecurity vulnerabilities and how our opponents are exploiting them. This can only work if we can stay ahead of the hackers, and one way to do that is to lower barriers to sharing intel on cybersecurity threats. Many companies are hesitant or even reticent to share security data, and it will take work in overcoming those objections.This is where crowdsourced threat intelligence comes in. Imagine a world where companies and individuals freely report and share the latest security threats. Because of access to that information anytime from anywhere, everyone would be able to counteract those threats before their identities, digital assets, and even smart cities get compromised by bad actors.The need for such a go-to threat intelligence database and reporting platform for fraud victims is higher as it’s ever been, due to security threats becoming increasingly sophisticated amid a severe shortage of cybersecurity professionals.“Across the science and technology field, there is an urgent need to produce and attract high quality tech talents into the thriving ASEAN tech scene. This talent gap is in line with the observed shortage of skilled cybersecurity professionals,” said Lee Hsien Loong, the Prime Minister of Singapore at the 2019 Smart Nation Summit.Staying Connected While Maintaining Digital SecurityWith a growing population connected to social media and online banking, retaining privacy becomes key. Any online activity has a security layer that is always invisible to consumers. That security layer must remain boundless and there must be no single point of failure for sophisticated hackers to exploit.All online activity should be traceable as to deter bad actors, and blockchain technology is one of the strongest solutions. A blockchain ledger would allow any transaction to be stored in a way that it can neither be altered nor tampered with. This allows any transaction to be traced by anyone, with the knowledge that all data stored on the blockchain are accurate.Data integrity and traceability is especially important for the following use cases if the Smart City digital economy is to thrive and be reproduced around the world:Cross border paymentsExchange digital trade documentationReduce inefficiencies, operating costs, and fraudExperimenting with digital banksBeyond these points, blockchain technology can be used to crowdsource security intelligence and safely share threat data with both companies and individuals. Immediate access to the latest crowdsourced data via a blockchain-based platform enables everyone to stay up to date on the latest threats, further deterring malicious activity.Key TakeawaysAs our cities and countries lurch forward into the digitization age, it is up to us to beware the risks that hyperconnectivity may bring and also take responsibility for our own online security.However, it also pays to listen to how tech is evolving. We could keep an eye on how technology is advancing, but that doesn’t mean we should stop the continuing innovation of our modern digital society. In fact, innovation — along with decentralization — is one of our best weapons against security threats that constantly evolve by the day. We need to attract high-caliber tech talent into cybersecurity and allocate a budget for threat intelligence.The greater the incentive is to crowdsource security intelligence onto an accessible blockchain-based platform; the more eager companies will be to join forces into something bigger than ourselves in terms of digital security. On the individual level, consumers would feel safer while making digital transactions, further re-establishing trust in businesses within our digital economy.Why Smart Cities Need Decentralized Security was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 07. 22
Libra Coin: 페이스북 암호화폐는 과연 얼...
페이스북 사용자 여러분, 참고하십시오! 페이스북이 리브라재단(Libra Foundation)을 통해 개발하고 있는 지불 준비금 연동 방식의 스테이블코인인 암호화폐 Libra (이하 리브라)가 성공적으로 사용자들을 끌어 모은다면 글로벌 금융시스템에 지대한 영향을 미치게 되고 개인의 결제 방법에도 큰 영향을 끼칠 것으로 보인다. 비자카드, 마스터카드, 페이팔, 이베이, 스포티파이 등 강력한 투자자들이 후원하는 이 새로운 암호화폐는 미국 달러나 유로화 같은 안정적인 기축통화가 될 가능성이 높다. 2020년 출시 예정인 페이스북의 자회사인 Calibra (이하 칼리브라)는 리브라 코인을 중심으로, 칼리브라 암호화폐 지갑을 포함해 여러 제품과 서비스를 개발할 것이다. 사람들은 국경을 넘어 최소한의 수수료로 즉각적으로 환전을 하고, 칼리브라의 지갑을 통해 온라인으로 상품과 서비스를 구매할 수 있을 것이다.리브라는 컨소시엄의 지원으로 허가된 블록체인에서 운영될 것이다. 리브라의 컨소시엄 구성원들이 블록체인 원장을 통제함으로써 리브라 금융 시스템이 지속적으로 Facebook과 밀접하게 연계될 수 있는 것이다. 하지만 이것이 전통적인 블록체인세계가 갖고 있는 분권화의 어려움을 해결해주는 것은 아니다.글로벌 금융시스템에 미칠 잠재적 영향리브라가 금융 시스템에 미치는 영향은 이 프로젝트의 후원자들이 리브라에 대해 언급한 것만큼 클 것이라고 해도 무방하다. 때문에 금융 감독당국, 은행, 그리고 정부 관계자들은 이 새로운 개발에 대해 주의 깊게 지켜보고 있고 비트코인을 포함한 다른 어떠한 암호화폐도 페이스북 리브라의 발표만큼 그들에게 큰 영향을 주지는 못한 것이 사실이다. 누구와 대화를 나누느냐에 따라 사람들이 리브라에 대해 흥분하거나 우려하는 이유는 페이스북이 전세계에 24억 명의 사용자를 가지고 있다는 점 때문일 것이다. 사용자 중 17억 명이 은행 계좌를 가지고 있지 않기 때문에, 리브라는 송금을 하는데 매력적인 수단이 된다. 하지만 해외송금이 즉각적이고 송금수수료가 거의 무료가 될지라도, 여전히 이 토큰들을 명목화폐(fiat)로 바꾸고자 하는 필요는 존재한다. 은행들은 이처럼 리브라를 현금으로 변환하는데 수수료를 부과할 수 있고, 실제로도 그렇게 할 것이다. 이것은 엄격한 고객신원확인(KYC) 및 자금세탁방지(AML) 규정준수로 알려진 전통적인 은행 시스템이 제공하는 보안 단계를 필요로 하게 된다. 그렇다 하더라도, 규제 불확실성을 이유로 많은 은행들은 리브라에 대해 조심스럽게 접근하고 있다. KYC/AML에 관한 규제와 테러자금조달차단(CFT)에 대한 대응은 은행 및 정부 관계자들에게 가장 우선사항이기 때문이다.Facebook 개인 정보 추적 기록을 안전하게 사용한다는 것에 대한 보장이 없다리브라는 막대한 투자자들의 지지를 받고 있지만, 사용의 안정성에 대해서는 장담할 수 없는데, 이는 지금까지의 어떠한 암호화폐 프로젝트도 마찬가지다. 리브라에 대해 가장 먼저 이해해야 할 것은 리브라는 운영측면에서 비트코인 처럼 분권화되어 있지 않다는 점이다. 위에서 언급한 바와 같이, 리브라는 수십 명의 회원들로 구성된 컨소시엄이 관리하는 허가된 블록체인에서 운영되며, 그 중 하나는 페이스북이다. 두번째로 이해해야 할 것은 리브라가 중앙 금융 당국의 규제하에 있다는 점에서 대중의 불신이 생길 수 있다는 것이다. 프라이버시 이슈가 있는 페이스북의 추적 기록은 이러한 불신을 악화시킬 뿐이다. 칼리브라의 디지털 지갑은 페이스북에 내장될 것인데, 이는 사용자들이 리브라를 사용하는 한 페이스북을 반드시 신뢰해야 한다는 것을 의미한다. 하지만 현재 91%의 사용자들이 자신의 디지털 자산을 취급하는 페이스북을 신뢰하지 않는다고 응답한 바 있다. 그렇다 해도, 여기서 중요한 질문은 다음과 같다. 사용자의 어떤 정보를 투자자나 이해당사자에게 공유할 것인가? 이러한 측면은 무시되어서는 안되며, 가입하기 전 사용자에게 명확히 공지할 필요가 있다.모든 디지털 자산을 다룰 때 사이버 보안을 우선순위로 논해야 하는 이유마침내 Libra가 출시되었을 때, 우리 모두가 스스로에게 물어야 할 질문은 다음과 같다. “우리의 자산을 페이스북에 맡기는 것을 신뢰할 수 있는가?” 이 글을 작성하는 현재 시점으로부터 불과 1년이 채 되지 않은 2018년 9월 25일, 페이스북은 적어도 5천만개의 사용자 계정이 해킹을 당하는 심각한 피해를 입었다. 사용자 데이터 보호에 대한 낮은 보안상태를 고려해 봤을 때, 그다지 긍정적으로 보이진 않는다. 따라서, 이는 해킹, 사기, 돈세탁으로부터 개인을 보호하기 위한 강력한 사이버 보안이 필수적이라는 것을 역설한다. 칼리브라는 최초 가입시, 정부가 발급하는 사진 ID를 요구하는 KYC 부정행위 방지 절차를 이용자에게 안내하고, 해킹을 당해 코인을 탈취당할 경우 환불하겠다고 약속하지만, 칼리브라는 사용자의 개인키를 모두 관리하게 될 것이다. 하지만 우리가 지난 2년 동안 여러 번 언급했듯, 디지털 자산을 안전하게 보호하는 가장 좋은 방법은 키를 직접 관리하는 것이다.페이스북은 오픈 소스이기 때문에 개발자들로 하여금 리브라를 중심으로 자체 앱을 만들 수 있도록 허용한다. 하지만 이는 음지의 프로그래머들이 사용자의 개인 정보를 훔쳐내, 어렵게 번 디지털 자산을 사기칠 수 있도록 기회를 주는 것과 같다.또한, 블록체인의 특성에서 알 수 있듯, 어떤 거래도 돌이킬 수 없다. 칼리브라는 우리에게 해킹 당하거나 탈취당한 토큰에 대해 보상을 제공하겠다고 안심시키지만, 그보다는 어떠한 악의적인 행위도 애초에 일어나지 않도록 막는 것이 주안점이 되어야 한다. 그것이 바로 사이버 보안 솔루션이 도입되어야 하는 지점이며, 이는 단순히 사람들의 디지털 자산을 보호하는 것뿐만 아니라 사용자의 신뢰를 강화시킨다.결론: ICF와 통합될 수 있는 Libra Wallet리브라 프로젝트가 성공하기 위해서는 해킹 방지 안전장치와 적절한 KYC 프로세스가 마련되어야 한다. 사람들이 리브라와 같은 디지털 화폐를 안전하게 사용할 때, 페이스북은 신뢰를 회복할 수 있고, 또한 블록체인 기술 뿐 아니라 더 많은 암호화폐의 채택으로 이어질 수 있다. 전세계적으로 사용되는 칼리브라 지갑과 같은 제품은 국제적으로 표준화된 사이버 보안 프레임워크와 결합하여 사용자의 디지털 자산에 대한 보호를 강화해야 하는데, Sentinel Protocol의 ICF API 2.0이 바로 그 역할을 수행할 수 있다. ICF API는 혐의 거래에 대한 위협을 사전에 판별함으로써 사기와 스캠을 사전에 방지할 수 있으며, 어떤 암호화폐 지갑과도 결합·호환이 가능하다. 또한 설사 자금 도난이 일어나더라도, Libra Foundation은 해당 탈취를 되돌릴 수 있고, 모든 사용자에게 잃어버린 자금을 보상을 할 수 있을 것이다.Libra Coin: 페이스북 암호화폐는 과연 얼마나 안전할 것인가? was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 07. 16
Libra Coin: How Secure Will...
Heads up, Facebook users!Libra, a new reserve-backed cryptocurrency being developed by Facebook through the Libra Foundation, is going to have a profound impact on the global financial system down to how individuals use their money.Backed by powerful investors including Visa, MasterCard, PayPal, eBay, and Spotify, the new Facebook-backed cryptocurrency will be a stablecoin whose value will be pegged to stable currencies like the U.S. Dollar or the Euro. Slated for a 2020 launch, Facebook’s subsidiary, Calibra, will develop products and services around the Libra cryptocurrency, including the Calibra digital wallet.People would be able to use Libra to exchange money instantaneously with minimal fees, even across borders, and to buy products and services online by spending out of their Calibra wallet.Libra will run on a permissioned blockchain with a consortium of support. Members of the Libra consortium will be able to control the blockchain ledger, thus keeping the Libra financial system closely tied to Facebook. This doesn’t necessarily solve the decentralization challenge of the traditional blockchain space.Potential Impact on Global Financial SystemIt is probably safe to say that Libra’s impact on the Financial System would be as big as how the project’s backers had previously described. Therefore, financial regulators, banks, and government officials are alarmed about this new development. No other cryptocurrency, even Bitcoin, was able to have the kind of effect on them as Facebook’s Libra announcement has.The reason people are either excited or worried, depending on who you talk to, is that Facebook has 2.4 billion users worldwide. Out of their users, 1.7 billion don’t have bank accounts, making Libra extremely attractive for remittances. But even though international money transfers will be instant and almost free, there still will be a need to convert these tokens into fiat. Banks can, and probably will, impose fees upon these Libra-to-fiat conversions. This adds a layer of security offered by the traditional banking system known for strict Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.Even so, many banks are approaching Libra cautiously, citing regulatory uncertainty. Regulations around KYC/AML) and Countering the Financing of Terrorism (CFT) are on the forefront of the minds of bankers and government officials.No Guarantee on Safe Use With Facebook’s Track Record on PrivacyAlthough Libra is backed by huge investors, there is no guarantee that it will be safe to use, which is the case with any cryptocurrency project to date.The first thing to understand about Libra is that it is not decentralized like Bitcoin. As mentioned above, it runs on a permissioned blockchain managed by a consortium of a couple dozen members, one of whom is Facebook.The second thing to understand is there’s already plenty of public distrust to go around with central financial authorities. Facebook’s track record with privacy issues only exacerbates this distrust. Calibra’s digital wallet will be embedded in Facebook, meaning users will have to trust Facebook while using Libra — a hard sell today with 91% of users saying they do not trust Facebook to handle their digital money.Having said that, an important question to ask is: What user information will be shared with investors or stakeholders? This aspect should not be neglected, and needs to be made clear to users before they sign up.Why Cybersecurity Needs to be a Priority for All Digital AssetsWhen Libra finally does come out, the question we all need to be asking ourselves is:“Can we trust Facebook with our money?”As recently as less than a year ago at the time of writing, Facebook suffered a major hack resulting in at least 50 million accounts being compromised on September 25, 2018. Taking Facebook’s lack of user data protection into consideration, it’s not looking very good. This highlights the need for strong cybersecurity in terms of protecting yourselves against hacks, scams, and money laundering.Even though Calibra will take users through a KYC anti-fraud process requiring government-issued photo IDs when they first sign up, and they promise to refund them in case they get hacked and lose their coins, Calibra will manage all the private keys for their users. As we’ve said multiple times in the past two years, the best way to secure your digital assets is to manage the keys yourself.Facebook does allow developers to build their own apps around Libra since it is open source, but that opens the door for shady programmers to scam people out of their hard-earned digital cash along with stealing their personal information.Additionally, as we know from the blockchain space, any transaction is irreversible. Although Calibra reassures us that they will offer reimbursements for hacked or stolen tokens, the main focus should be preventing any malicious activity from happening in the first place. That is where cybersecurity solutions come in. Not only does this protect people’s digital assets, but also consolidates trust.Conclusion: Libra Wallets Can Be Integrated With the ICFFor the Libra project to succeed, there needs to be anti-hacking safeguards and proper KYC processes in place. When people feel secure in using digital currencies such as Libra, Facebook could regain their trust and also lead to higher adoption in cryptocurrencies as well as blockchain technology.Being used globally, products such as the Calibra digital wallet needs to integrate a standardized cybersecurity framework to increase protection of users’ digital assets, which is where the Sentinel Protocol ICF API 2.0 comes into play. The ICF API can be integrated with any cryptocurrency wallet in order to prevent fraudulent transactions, and even if an exploit somehow slips through, the Libra Foundation would be able to reverse the exploit and reimburse any user who lost their coins.Libra Coin: How Secure Will the Facebook Cryptocurrency Really Be? was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 07. 10
Crypto Exchange Meetup 2019...
Exploring Solutions to FATF Guidelines Impacting Virtual Asset Service ProvidersSouth Korea, July 3, 2019 — On June 24, FATF finally released its new regulatory framework for countries regulating cryptocurrency businesses operating in their jurisdictions. According to the new framework, countries within the developed world of finance are required to strictly regulate Virtual Asset Service Providers (VASPs). However, many are concerned about the FATF’s proposal for mandatory screening of all wire transfers against financial sanction lists, and are also wondering how their countries will react to these revisions. Sentinel Protocol, a blockchain-based global security solutions provider, will be present at that the Crypto Exchange Meetup 2019, which will take place with financial regulatory compliance firms. Sentinel Protocol is co-hosting the meetup with Octa solution and Norma under the theme of “FATF’s recommendation and crypto exchanges’ response strategies against the guidelines” at Workflex in Seoul, South Korea on July 4.Octa Solution launched its first cryptocurrency AML solution ‘crypto AML-PRISM’ for the exchanges at the RegTech — SupTech showcase of Korea Fintech Week 2019 hosted by the Financial Supervisory Service (FSS) of Korea last May. The AML-PRISM is a risk-based anti-money laundering solution supplied to traditional financial institutions. It detects and prevents transactions with suspected involvement of money laundering by integrating Sentinel Protocol’s crypto wallet tracking and analysis system and blacklisted wallet address data. Norma, a business leader in wireless and IoT security, plans to provide local exchanges with security consultancy services through its ISMS (Information Security Management System) certification consulting expertise. As one of Sentinel Protocol’s resellers, they also will supply Sentinel Protocol’s solutions including the Crypto Analysis Transaction Visualization (CATV) and Threat Reputation Database (TRDB) to take proactive action to comply with enhanced AML regulations.“By adding each firm’s specialty, based on our core technology — the Threat Reputation Database (TRDB) — we will continue to provide Crypto AML compliance solutions to VASPs, including cryptocurrency exchanges in Korea. We will ensure that their businesses operate in a safe and reliable manner while complying with FATF regulations,” said Min-woo Ku, Korea Country Manager of Sentinel Protocol.Park Man-sung, CEO of Octa Solution said, “We understand the local exchanges’ needs and concerns through recent consultations with them regarding the introduction of anti-money laundering solutions, and we will present the solution at the event.”“This meeting will be a place for security and regulatory compliance experts to explore and exchange solutions for FATF guidelines and have in-depth discussions about up-to-date security technologies,” said Jung Hyun-chul, CEO of Norma. Executives and employees from about 25 major local exchanges and blockchain-based enterprises will attend the event. After the event, discount promotions for Crypto AML solutions and free security consulting opportunities will be offered to those who responded to the survey during the event.About Norma Norma, a wireless network security solution company, was established in 2011 with the vision that “everyone should be able to use networks conveniently and safely.” It has since expanded its technical skills specializing in wireless network security to various IoT fields such as CCTV, Smart Home, connected cars, and healthcare. Norma has recently developed solutions that secure cryptocurrency transactions based on its technological prowess and is thus further expanding its business scope. Meanwhile, Norma’s technological prowess was verified through credible references centered on businesses and public organizations, including the Defense Ministry, the Korea Hydro & Nuclear Power Co., and the National Police Agency. About Octa Solution Octa Solution is a Regtech firm that specializes in financial compliance solutions such as risk-based money laundering prevention (RBA/AML) and multilateral financial information automatic exchange systems (FATCA/CRS). According to enhanced AML regulations expanded to fintech, lenders, and e-finance companies, Octa Solution has been supplying customized leg-tech solutions to businesses so they can respond to various financial regulations in a cost-effective manner.About Sentinel Protocol Sentinel Protocol is the world’s first crowd-sourced threat intelligence platform utilizing the advantages of decentralization to protect cyberspace with blockchain security. It aims to equip individuals and organizations with cybersecurity solutions that help protect their valuable cryptocurrency assets from malicious threats, attacks, and fraudulent transactions. Sentinel Protocol is headquartered in Singapore and has offices in Seoul, South Korea and Tokyo, Japan. Follow Sentinel Protocol on Telegram, LinkedIn, Twitter, Facebook and Medium.Crypto Exchange Meetup 2019 Co-hosted by Sentinel-Protocol, Norma, and Octa Solution was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 07. 04
A New Cybersecurity Strateg...
Hackers have always stayed one step ahead of us. No matter which security measures we use, they always find a way through and wreak havoc.Every time there’s a new attack, we plug it with a software patch, and rinse repeat. This results in a never-ending whack-a-mole game where hackers always have the advantage. The problem with this is that it’s purely reactive. It hasn’t worked.We need a more proactive strategy.Only recently do we have a line of products that enable us to proactively crowdsource and use threat intelligence to finally defeat the hackers for once and all. Most importantly, the foundation that underpins this new strategy is decentralization.How Does Cybersecurity Benefit From Decentralization?Decentralization boosts cybersecurity in three ways:Elimination of single points of failureDecentralization of data storageTraceability of unalterable recordsElimination of Single Points of FailureCentralized databases suffer from one critical vulnerability: being a single point of failure. If a hacker successfully attacks a centralized database, it can be rendered inaccessible. Regardless of any security measures, a centralized entity remains a single point of failure that can be compromised anytime.Using distributed ledger technologies, namely blockchain, eliminates these single points of failure. By having copies of a database in different places, a malicious actor can neither take it down using a DDoS attack or alter any data on the blockchain.This has huge implications for IoT security. IoT devices are most vulnerable when they exchange data amongst themselves. Blockchain can protect data exchanges between IoT devices, while decentralization allows them to make their own security decisions without relying on a central authority.Decentralization of Data StorageThe value of data has been increasing over time. Therefore, it is critical to protect sensitive data to maintain a competitive edge and to comply with privacy laws like the GDPR.By storing repositories of data in different places instead of just one place, decentralized data storage makes it difficult for hackers to conduct successful attacks. By granting permission to third-parties to access this data using cryptography, companies can protect their intellectual property and the privacy of their own customers.Easier to Trace Digital ActivityPlacing immutable, timestamped, and digitally signed data on the blockchain makes it easy to trace all transactions and associated digital activity. While personal information can and should be kept off the blockchain, any digital activity recorded on the blockchain can be traced back to its originators with the assurance that the data is authentic and tamper-proof.The ability to trace transactions on the blockchain gave birth to products such as the CATV tool that supports investigations on crypto exchange hacks, money laundering, and terrorist financing using digital funds.Decentralization: A Challenge For Cybersecurity Solutions?Although there have been huge collateral losses due to exchange hacks and phishing scams targeted towards crypto users, we are confident that decentralization will ultimately strengthen the cybersecurity ecosystem in the long term.The important thing to understand about “decentralization” is that there is a spectrum between total centralization and pure decentralization. Many factors determine whether a platform is truly decentralized or, more likely, lies somewhere in between. These include validation, governance, and consensus algorithms, among other things.The future is slowly tilting in favor of decentralization via crowdsourcing and real-time transparent solutions. At Sentinel Protocol, we have begun to move in that direction with the creation of the Threat Reputation Database (TRDB), the backbone of our cybersecurity solutions.Centralized vs. Decentralized Exchanges: Which Is Safer to Use and Why?This is debatable. Both have their pros and cons. Obviously centralized exchanges are vulnerable to getting their hot wallets hacked, resulting in enormous losses. The biggest known hack occurred on Mt. Gox where over 850,000 BTC was lost. In 2019, centralized exchanges are under increasing pressure from governments around the world to comply with KYC/AML laws.Decentralized exchanges (DEX) eliminates all single points of failure and is more censorship resistant. However, this does not make centralization obsolete. There are still scenarios where centralization provides advantages: such as speed, lower costs, and KYC/AML compliance. Plus, DEX are not perfect when it comes to security. As with Bancor, smart contracts can be vulnerable to underflows, overflows, and reentrancy attacks and therefore need auditing.DEX also have not proven themselves yet. We are still a long way from achieving the liquidity, scalability, and functionality needed for mass adoption of DEX. Another show-stopper for many crypto users is that there are no fiat gateways on DEX. Fiat conversions require KYC, which also requires centralization. Even though a DEX cannot be hacked, its individual users are still at risk of being hacked or transacting (whether intentionally or unintentionally) with illegally-obtained funds due to the absence of KYC procedures. This is where products like the UPPward Network Protection come into play.ConclusionDespite numerous security challenges in the cryptocurrency space, the future is bright for the cybersecurity industry with the increasing use of blockchain.Sentinel Protocol is leading the way into a more secure future with a new cybersecurity product line including the TRDB, CATV for regulatory bodies, ICF API for businesses, and UPPward Network Protection for individual Internet users.People would thus be able to transact more safely without getting into legal trouble or losing their digital assets.A New Cybersecurity Strategy to Beat Hackers at their Own Game: Decentralization was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 06. 19
Development of a Tracker So...
Development of a Tracker Solution for Cryptocurrencies — It all happened when I was tracking down an Ethereum thief!Interview with Patrick Kim, CEO, and Founder of Uppsala Security (Sentinel Protocol) by Park, Geun-Mo, Coindesk Korea reporter.This is an English translation of the original article published in Coindesk Korea, which can be found here: https://www.coindeskkorea.com/tracingstolenetherendsinsolution/Cisco, Palo Alto Networks, Fortinet, F5 Networks, and Darktrace… the world’s leading network security companies everyone is familiar with. What should I do to work for these firms? The general answer is that you need to study very hard in high school, go to a prestigious university, study hard, learn English, major in computer engineering, get a degree, and acquire related IT certifications.Well, this is not the case for Patrick. He is a high school graduate. He studied on his own. He worked as an architectural engineer at the Cisco Singapore branch. Since then, he worked in various global security companies. He spent a decade as a security expert outside of South Korea. The is the story of Patrick Kim, CEO, and Founder of Uppsala Security, who established Sentinel Protocol, a blockchain-based security platform. Prior to founding Uppsala Security last year, Patrick Kim was a security expert working abroad for 11 years, starting at Cisco in 2007.Patrick Kim, CEO of Uppsala Security. Interviewed by Park Geun-MoUnlike other articles, this one does not start with a modifier such as “the world’s best security expert”, which is not the case with Patrick. I’ve gotten my currency wallet hacked, and to think I’m a security expert! Gosh! That’s when Patrick realized the need for a professional security company in the field of blockchain. He dived straight in.Patrick Kim, whom I met at the Uppsala Security office in Samseong-dong, Gangnam-gu, Seoul on March 13, was compassionate and full of determination. Upon his first look at me, Patrick said: “Let me tell you the goal of Uppsala Security.” And then…!“SAVE THE WORLD.”That was what he suggested, which stunned me. What is this? The Avengers? Why?Patrick Kim said a bit shyly, but with confidence: “I have been working as a security expert for over a decade outside of South Korea. As I was looking into the latest IT tech, I ran into the world of blockchain around November 2012. I mined Bitcoin and Ethereum. I also traded on numerous exchanges. Then it happened. I, a security expert, was hacked! I lost 7,218 ether in May 2016. The hacker went after the little known vulnerability within Ethereum. I informed the Ethereum Foundation, but I was ignored. I was told to disregard it as a minor issue. The birth of Uppsala Security was because I did not want this to happen to others who use blockchain and cryptocurrencies.”Patrick Kim’s website — Security 7218, focused on analyzing the cause of his hack.The process was not simple. Patrick Kim created a website called ‘Security 7218’, named after the amount of tokens he lost. Security 7218 found two security vulnerabilities in Ethereum. It was explained in great detail through articles and even a demonstration video. Still, he did not get any help from the Ethereum Foundation, neither did he manage to recover his lost ETH.From then on, he decided to pursue the hackers — resulting in the development of the Crypto Analysis Transaction Visualization (CATV) tool, a cryptocurrency tracker solution that supports ERC20 and ETH. This is an independent technology created by Sentinel Protocol.“Back then, I used an Ethereum explorer called ‘etherscan’ to track the paths of cryptocurrencies. Nonetheless, the hacker repeatedly split and merged the cryptocurrencies using numerous wallets to keep them from getting tracked. This is what we call ‘mixing with tumblers’. After snatching my ETH, the hacker split and merged the ether more than 1,000 times. Eventually, parts of the stolen ether were confirmed to have been liquidated in a foreign exchange. I sent a protest against it, but of course, I wasn’t compensated.”Patrick Kim tracking his stolen Ethereum using CATV, by Sentinel ProtocolAfter leaving Patrick’s wallet, the ETH was ‘mixed and tumbled’ 1177 times for over two years and three months (from May 12, 2016, to August 28, 2018). The stolen ether entered the wallets owned by exchanges, namely Poloniex, Bittrex, BTC-e, Quadriga, and ShapeShift. The deal was done, however, there was absolutely no way to find out whether they were liquidated or hidden somewhere else.It was such a toil to manually track on etherscan! Feeling the pain, he focused on the development of a tracker solution. This is how CATV was born. Through this system, one wallet’s address was all it took to visualize all the links connected to that particular wallet.Patrick soon turned to something else. He explained that the process for hackers to liquidate their loot is getting more complicated as of recently. Regulatory authorities are demanding reinforced personal identification procedures (Know Your Customer) while enforcing anti-money laundering and anti-coin laundering laws worldwide. However, hackers are still able to bypass these restrictions. More liquidation is taking place at anonymous exchanges such as ShapeShift or decentralized exchanges (DEX), where peer-to-peer trades occur. As such, tracking has become more difficult.Let’s take a closer look.The security solutions of Sentinel Protocol are divided into four major categories:· Threat Reputation Database (TRDB)· UPPward (Network Protection)· Interactive Cooperation Framework (ICF)· Crypto Analysis Transaction Visualization (CATV)Sentinel Protocol’s Threat Reputation Database (TRDB).Experts Verify Upon Any Report Submission: TRDBThe TRDB is the core function of Sentinel Protocol. It collects and manages all kinds of security threat information (including URLs, domains, IDs, wallet addresses, e-mails, Twitter addresses, etc.). The TRDB basically consists of blacklists and whitelists. Access is blocked when something is blacklisted and whitelisted only after it has been verified to be safe.The TRDB is currently being recorded on the EOS blockchain for management. CEO Patrick Kim explained that, since security threat information is necessary for anyone, the optimal platform for management is the EOS blockchain. He added that he was also satisfied because the collected information could not be modified at random, thus making the information more reliable.“Generally, every major security vendor collects threat information for their own consumption. The collected threat information reflects the vendor’s security level. Hence, the collected threat information is often not shared with other companies. As a company, we strongly feel that security threat information, especially related to cryptocurrencies, should be available to the community so this information provides real security value. In addition, the most important thing in the security domain is data reliability. If any threat information record is forged arbitrarily by anyone, then there is no trust in the entire database as well as the information itself. So, I combined the TRDB with blockchain.”Sentinel Protocol explains the TRDB mechanism.Threat information collected by Sentinel Protocol over the past year amounted to 1,316,762 cases. It is clear that threats are increasing by the day. Sentinel Protocol’s TRDB allows anyone and everyone to submit suspicious activity or incidents. A group of about 20 external security experts, called The Sentinels, and about 30 internal security experts all verify the submitted report and record the case as threat information. It is an autonomous method of participation. Patrick described it as “crowdsourcing.”“Once submitted, the case is registered into the TRDB for security experts to verify it. The reward system, which is still in the beta phase, aims to compensate both informers and verifiers. We plan to introduce this during the third quarter of this year.”Installation of UPPward is available at the Google Chrome and Mozilla Firefox web stores.UPPward — Network Protection for Individual UsersUPPward, developed by Sentinel Protocol, is a cryptocurrency scam and fraud protection solution for individual users. It is simple to use. The solution can be installed as a browser extension for Chrome and Firefox. When transacting cryptocurrencies using the browser, the wallet address is cross-checked with information archived in the TRDB. If the address is registered as a scam wallet or as a wallet previously involved in suspicious activity, the user receives a warning message. Phishing websites or malicious social accounts on Twitter are also registered as threats.For example, the TRDB blacklist has over 60 social accounts impersonating Vitalik Buterin. When the user encounters any social or wallet address on the blacklist, UPPward sounds an alarm.Collected social account information by Sentinel Protocol purporting to be Vitalik Buterin.Interactive Cooperation Framework (ICF) is for enterprise users. ICF interconnects the TRDB with the CATV using APIs so external users can use these functions for free.“Information in the TRDB is useful for finance companies, cryptocurrency exchanges, wallet developers, and payment solution developers. By leveraging the TRDB, it is possible to prevent users from transferring their cryptocurrencies to scam addresses or phishing websites from exchange wallets. The same goes for wallet developers and payment solution developers. Finance companies are also becoming interested. Since cryptocurrency exchanges are businesses, they are bound to make transactions with financial institutions. In this process, financial companies should confirm that their trading counterparts are transacting safely to comply with anti-money laundering regulations. The ICF allows all stakeholders to use the TRDB, CATV, and other Sentinel Protocol solutions.”Crypto Analysis Transaction Visualization (CATV) tool as shown by Sentinel Protocol.Tada! All coin transfer paths starting with a single wallet address…… and the CATV. In his most powerful, self-confident voice, Patrick explained as he demonstrates the solution, “we are the only place with these technological features.” It was absolutely amazing. The CATV allows you to see, at a glance, all wallets and transactions connected to a single wallet address.Image shows the Ethereum raised by PureBit transferred to other exchanges.Let’s take a look at the PureBit’s hack case in the CATV tool. On November 5, 2018, PureBit was at the center of a dine-and-dash controversy for its KRW 2.6 billion investment towards building a mining exchange. PureBit’s Ethereum wallet address used for fundraising was ‘0x7DF1BD58e8Fd49803E43987787adFecB4A0A086C’. Upon entering the address in the CATV tool, all transactions around this wallet address popped up on a graph. There was a total of 231 transactions. About 615 ETH had been moved to Upbit’s wallet six times in a little over one month (from November 5 to December 9). Likewise, transfers to Gate.io and Cashierest also occurred. The 7070 BTC stolen from the Binance hack on May 5 was also trackable.CATV tracking 7070 BTC stolen from the crypto exchange, Binance.“With the CATV, you can see wallet addresses or transactions that were previously difficult to track. Hackers, in particular, have recently been ‘mixing with Tumblers’ — a technique used to wash stolen coins thousands of times to avoid getting tracked by the judicial authorities. Tracking became impossible. But the CATV tracks even those and shows all these transactions graphically. At present, however, only tokens based on Ethereum such as ERC-20 are trackable. We are preparing to support Bitcoin, EOS, Ripple, and Litecoin this year.”The CATV does not just track your wallet address. It is a vain attempt when you don’t know whom the wallet belongs to. To counter this, Sentinel Protocol analyzes wallet addresses of all domestic and foreign cryptocurrency exchanges. Sentinel Protocol explained that it has identified more than 1 million wallet addresses of domestic exchanges and more than 18 million wallet addresses of foreign exchanges.“This is what I did not understand while developing CATV. Exchanges won’t give any hint as to their wallet information. The hot wallet’s wallet address, as much as it is open to the public, has not been granted upon request due to security matters. So, we found each and everyone on our own. Later on, of course, we also developed a technique to automatically identify exchange wallets and collect their information.”Patrick Kim explained that the wallet information collected from the CATV is also being recorded on the EOS blockchain. In particular, as with the TRDB, information on the exchange wallet was created by the Structured Threat Information eXpression (STIX), an industry security standard. It is easy to utilize the collected information.Seeing all these mesmerizing solutions, I wondered what Uppsala Security’s profit model was. What do you get for all of this? The look on Patrick’s face clouded a bit.“I actually have a lot of worries about the revenue model. There are already a couple of other cryptocurrency trackers around. Of course, they don’t have what we have: the easy and graphically comprehensible technologies. There is a tracker company called Chainalysis. But the solution they provided there is pricey and difficult to use. Only the giants can use them, not individuals.I think this kind of solution should be made available for individuals as well. Nobody takes responsibility for hacks, whether it’s blockchain or cryptocurrency. The solutions we provide are free for individuals with no limits. UPPward is an extension for web browsers and available for installation free of charge. Instead, I am thinking B2B will be our main model for profit. Our B2B customers are currency exchanges, wallet developers, financial institutions, and government agencies.”Industry officials say that the Chainalysis tracker solution, most widely used in and outside Korea, costs about KRW 100 million annually.With Patrick’s mention of government agencies, one thing came to my mind: a request from the Supreme Prosecutors’ Office to cooperate with the development of the cryptocurrency address inquiry system was publicly disclosed last March. With Sentinel Protocol’s TRDB and CATV, this can be used immediately without further development.“I met the FSS staff earlier this year. They told me there is an increasing number of cyber crimes involving cryptocurrencies. The existing tracker systems are inconvenient and do not work properly. So, we showed the CATV tool we developed. They were amazed and asked why a solution like this came out so late. The wallet address inquiry system, as requested by the Supreme Prosecutors’ Office to the Korea Blockchain Association, is similar in function to the CATV we developed. We are ready to cooperate with law enforcers anytime.”Uppsala Security team members from the Singapore HQUppsala Security, the operator of Sentinel Protocol, provides a strong feeling of security. The organizational structure naturally makes it so. Most of the team members, including CEO, Patrick Kim, Head of Operations Narong Chong (Palo Alto Networks, F5 Networks), Head of Business Brian Yang (Dell EMC), Chief Evangelist John Kirch (DarkTrace), and Head of Security Officer Nobel Tan (FireEye, F5 Networks) are experts who spent most of their careers in security companies.“Like me, our team comprises members are from global security companies. So, our products and operations are exactly the same as those from existing security companies. It’s why we can keep chanting the slogan, ‘save the world’. We will continue to do our best to develop the best security solutions by bringing the best security experts together. Save the world!”Development of a Tracker Solution for Cryptocurrencies — It all happened when I was tracking down… was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 06. 05
The new ‘Crypto-AML Solutio...
The new ‘Crypto-AML Solution’ has been launched via collaboration between Sentinel Protocol and OCTA SolutionSouth Korea, 4 June 2019 —A new and unprecedented Anti Money Laundering (AML) solution was announced at the RegTech — SupTech showcase of Korea Fintech Week 2019 hosted by the Financial Supervisory Service (FSS) of Korea. This solution was developed as a result of a collaboration between Sentinel Protocol, the security leader in the cryptocurrency market, and OCTA Solution, a professional financial regulatory service provider.In the current market, where South Korean financial regulators request much stricter compliance at domestic crypto exchanges equivalent to existing AML policies at banks due to the Financial Action Task Force (FATF) mutual evaluations for the upcoming month of July, the launch of this new ‘Crypto-AML solution’ aimed for these exchanges is timely and relevant.Based in Seoul, South Korea, OCTA Solution specializes in providing financial compliance solutions including Reg-Tech, Sup-Tech, and Fintech. The company dominates about 30% — 40% of the AML market in South Korea’s financial sector. A local crypto exchange, Coin One, is also one of their clients.In their collaboration with Sentinel Protocol, OCTA Solution took their solution one step further by integrating Sentinel Protocol’s core security technologies including the Interactive Cooperation Framework (ICF) API 2.0 and Crypto Analysis Transaction Visualization (CATV) tool.Crypto exchanges using this ’Crypto-AML solution’ will be able to experience innovative AML features beyond KYC checks and TMS, a transaction monitoring system in AML, including the following:1. ICF API — Provides users with a way to search for blacklisted crypto wallet addresses and to alert them of suspicious transactions from wallet addresses that have been verified to be malicious. However, if users continue to transact with blacklisted addresses, their addresses will also be classified as suspicious accounts. The system tracks past transactions by these user accounts and if they also frequently transact with blacklisted accounts, it automatically reports them to the Korea Financial Intelligence Unit (KoFIU).2. CATV — Makes it possible to trace and analyze suspected digital asset (crypto) transactions. By using a visual flow representation of transactions to and from a particular crypto wallet address, investigations concerning stolen assets or laundered funds can be accelerated. The ability to speed up such investigations and to take appropriate action quickly helps thwart malicious actors from taking possession of stolen assets or utilizing laundered funds.Through these key functions, transactions involving money laundering can be accurately verified and reported, thus dramatically improving crypto transaction safety.“We started our project to protect victims of hacks, cyber scams, and fraud in crypto transactions. Now, we are able to provide more enhanced AML solutions by integrating with existing financial compliance Reg-Tech solutions. We are planning to keep developing and introducing customized solutions that fit the Korean market situation,” said Patrick Kim, CEO, and Founder of Sentinel Protocol.Watch the video clip of the announcement made by Man Sung Park, CEO of OCTA Solution, during his presentation at Korea Fintech Week 2019. https://www.youtube.com/watch?v=A2zqF7GX9jQThe new ‘Crypto-AML Solution’ has been launched via collaboration between Sentinel Protocol and… was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 06. 04
Sentinel Protocol Signs Res...
South Korea, 31 May 2019 — Sentinel Protocol, a crowdsourced threat intelligence platform built on blockchain technology, announced an agreement with Norma, a South Korean company that specializes in wireless networks and IoT security.Together, their business capabilities will cover the wireless and IoT security fields, as well as the crypto wallet and exchange security businesses. Norma plans to supply Sentinel Protocol’s blockchain-based security solutions to domestic crypto exchanges and blockchain enterprises in South Korea.By establishing compliance through Norma’s ISMS certification consulting expertise and introducing Sentinel Protocol’s cybersecurity solutions, local crypto exchanges will be able to proactively respond to various security threats they face daily.Sentinel Protocol’s crypto protection solution suite encompassing the Threat Reputation Database (TRDB) and Crypto Analysis Transaction Visualization (CATV) aims to protect crypto assets belonging to organizations and end users from malicious threats. The crypto protection suite also currently supplies their cybersecurity solutions to exchanges and wallet companies while cooperating with financial regulators and law enforcement agencies.“We have been conducting security checks and certification consulting services for exchanges where hacks happen due to weak security,” said Jung Hyun-chul, CEO of Norma. “With this reseller partnership, we expect a great synergy effect by adding Norma’s security know-how to Sentinel Protocol’s security technology. In the long run, we hope it can safely contribute to the healthy growth of the blockchain ecosystem.”Additionally, Koo Min-woo, Sentinel Protocol’s Country Manager of Korea said, “since establishing our local office, we have been forthcoming in our efforts to ride the latest blockchain trends by working with the top few cryptocurrency exchanges and wallet providers in the local market. I look forward to our partnership with Norma, as it brings exciting times ahead. We strive to deliver blockchain-based solutions to a wider audience so we can effectively fight security threats.”About NormaNorma, a wireless network security solution company, was established in 2011 with the vision that “everyone should be able to use networks conveniently and safely.” It has since expanded its technical skills specializing in wireless network security to various IoT fields such as CCTV, Smart Home, connected cars, and healthcare. Norma has recently developed solutions that secure cryptocurrency transactions based on its technological prowess and is thus further expanding its business scope. Meanwhile, Norma’s technological prowess was verified through credible references centered on businesses and public organizations, including the Defense Ministry, the Korea Hydro & Nuclear Power Co., and the National Police Agency.About Sentinel ProtocolSentinel Protocol is the world’s first crowd-sourced threat intelligence platform utilizing the advantages of decentralization to protect cyberspace with blockchain security. It aims to equip individuals and organizations with cybersecurity solutions that help protect their valuable cryptocurrency assets from malicious threats, attacks, and fraudulent transactions. Sentinel Protocol is headquartered in Singapore and has offices in Seoul, South Korea and Tokyo, Japan. Follow Sentinel Protocol on Telegram, LinkedIn, Twitter, Facebook and Medium.Sentinel Protocol Signs Reseller Agreement with Norma was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 05. 31
센티넬프로토콜, 노르마와 리셀러 파트너십 계약 체결
한국, 2019년 5월 30일 — 무선 네트워크 및 IoT 보안 전문 기업 노르마(대표 정현철)는 블록체인 기반 글로벌 보안솔루션 전문업체인 센티넬프로토콜과 리셀러 파트너 계약을 맺었다고 밝혔다.노르마가 보유한 무선 및 IoT보안분야의 비지니스 역량과 전자지갑 개발과 거래소 보안 사업 경험을 바탕으로 국내 가상화폐 거래소 및 블록체인 기반 사업을 추진하는 엔터프라이즈에게 센티넬프로토콜의 블록체인 기반 보안솔루션들을 공급할 계획이다.노르마의 ISMS(정보보호관리체계) 인증/컨설팅 전문역량을 통해 컴플라이언스를 수립하고, 센티넬프로토콜의 암호화폐 관련 해킹/스캠/피싱 사기 방지 보안 솔루션을 추가 도입함으로써 국내 가상화폐 거래소들이 매 순간 겪고 있는 다양한 보안위협들에 대한 선제 대응이 가능해질 전망이다.센티넬프로토콜은 가상화폐 거래 시 발생 가능한 보안위협요소를 사전차단 및 사후 대응할 수 있도록 위협평판데이터베이스 (TRDB)와 가상화폐 분석/추적 가시성 대시보드 Crypto Analysis Transaction Visualization (CATV) 와 같은 솔루션들을 보유하고 있으며, 현재 국내외 가상화폐 거래소, 지갑회사, 금융감독 및 사법기관들에 관련 솔루션을 공급 및 공조하고 있는 글로벌 보안 플랫폼 사업자이다.노르마의 정현철 대표는 “거래소 보안이 취약하고 실제로도 해킹 사고가 빈번하게 발생해 거래소를 대상으로 보안 점검 및 인증 컨설팅 서비스를 수행하고 있다”며 “이번 계약을 통해 노르마의 보안 노하우에 센티넬 프로토콜의 솔루션이 더해져 거래소를 안전하게 이용할 수 있게 되고, 나아가 블록체인 생태계의 건강한 성장에도 기여할 수 있게 되길 바란다”고 밝혔다.더불어, 센티넬프로토콜의 구민우 한국지사장은 “국내 지사 설립 후 1년여의 시간 동안 블록체인 산업을 둘러싼 한국 내 다양한 기류를 감지하고 이를 국내 사업전략에 활용하기 위한 노력을 해 왔다. 이를 통해 얻은 경험과 노르마의 전통적 보안사업의 깊은 이해를 기반으로 블록체인 기반의 생경한 보안위협에 대한 대응 솔루션을 대중 화할 계획이다.”라고 언급했다.노르마(Norma) 정보무선 네트워크 보안 솔루션 기업 노르마는 ‘모두가 네트워크를 편리하고 안전하게 사용할 수 있어야 한다’는 이념 아래 2011년 설립됐다. 무선 네트워크 보안 전문 기술력을 CCTV, 스마트홈, 커넥티드카, 헬스케어 등 다양한 IoT 분야로 넓혔고 최근에는 그 동안의 기술력을 바탕으로 암호화폐 거래를 보안하는 솔루션을 개발, 비즈니스 범위를 더욱 확대하고 있다. 한편 노르마의 기술력은 국방부, 한국수력원자력, 경찰청 등 기업 및 공공기관 중심의 공신력 있는 레퍼런스를 통해 검증되었다.센티넬프로토콜 (Sentinel Protocol) 정보Sentinel Protocol은 분권화 및 집단 지성의 장점을 활용한 세계 최초의 블록체인 기반의 보안위협 정보 공유 플랫폼이다. 개인과 조직에 대한 악의적인 위협, 공격 및 사기로부터 소중한 암호화폐 자산을 보호하는 사이버 보안 솔루션을 제공하는 것을 목표로 하고 있다. 센티넬프로토콜의 본사는 싱가폴에 위치하고 있으며, 한국의 서울과 일본 도쿄에도 오피스를 두고 있다. Telegram, LinkedIn, Twitter, Facebook 그리고 Medium 에서 센티넬프로토콜을 팔로우 해주세요.센티넬프로토콜, 노르마와 리셀러 파트너십 계약 체결 was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 05. 30
Cybersecurity Crucial to Bl...
Consensus 2019: Growing Number of People Now Own Bitcoin“2% of the world’s population owns a bitcoin address,” said Alex Gordon-Brander, the CEO of OmegaOne during a panel discussion at Consensus 2019. With a growing number of people owning Bitcoin, the future is bright for cryptocurrency and blockchain technology.At Consensus 2019, we had more influencers this year talking about integrating blockchain with finance, healthcare, national security, and economics.Cybersecurity, however, is still a major hurdle that we must overcome before we can scale blockchain technology.First, how do you know whether your favorite cryptocurrency exchange is secure? Harpal Sandhu, CEO of Mint Exchange, added to the aforementioned panel discussion: “to secure our digital assets, stability and reliability are key.”Increasing Reliability and Security Using Blockchain TechnologyAs we have seen with cryptocurrency exchanges such as the most recent hack on Binance, applications that run on blockchain technology are not necessarily secure.Banks are understandably hesitant to move to blockchain due to these vulnerabilities. However, blockchain technology itself is highly secure. The problem is we cannot apply and scale blockchain using traditional security practices such as firewalls and VPNs.We should demand better security practices from crypto exchanges. The future is bright for blockchain, but hacks continue to stain the reputation of cryptos. Whether you are a trader, or investor, it is up to you to challenge these exchanges to shore themselves up with a crypto security suite that reliably protects your digital assets.The good news is there’s a cybersecurity solution for blockchain-based applications. Sentinel Protocol created a Threat Reputation Database (TRDB) containing whitelists and blacklists of crowdsourced threat intelligence. Organizations can use the TRDB to plug security vulnerabilities in their applications. Individuals can access the TRDB through an UPPward browser extension to protect their digital assets.UPPward extension also offers the Crypto Address Highlight Feature, which highlights blacklisted crypto addresses in red.There is No Security in ObscurityMany companies assume that their networks would be secure if their vulnerabilities were kept a secret from the outside world. This security through obscurity.It may have worked for a little while, but not today. Hackers are more sophisticated and always ahead of the game. It’s not enough to hide vulnerabilities because they can brute force their way in or deduce certain vulnerabilities based on how systems are commonly structured.A better tactic would be to go on the offensive by collecting information about new attack vectors hackers use. With a go-to source of threat intel, anyone could stay ahead of cyber attacks by isolating their vulnerabilities and protect themselves from new threats.We can also standardize the global exchange of threat intelligence with cybersecurity companies, governments, and other businesses. The snowball effect of seamless threat information exchange can stop most threats in their tracks before they do any damage.According to a recent press release, that is the objective of the Interactive Cooperation Framework (ICF). The second version of the ICF API uses STIX, an internationally-recognized cybersecurity language and serialization format, which eliminates the need to check security regulations before acting on new threat intelligence.Security is Not StaticEmail phishing and links to malware is quite common and increasingly targeted towards company executives. If someone is not careful, they could allow a major hack to happen within their organization.According to a Business Times article, a study conducted by PwC showed that 42 percent of businesses surveyed were compromised by phishing attacks in 2017.With the advent of Industry 4.0 revolution, IoT makes security even more complex and consequently, more vulnerable. There are needs to be new technologies that create resilient security based on trust — and this is where the decentralization of blockchain comes in.Using a decentralized database containing the latest security threats, we can finally stay ahead of hackers. A new product, the Crypto Analysis Transaction Visualisation (CATV) tool, would be useful for companies transacting using blockchain. The CATV, which acts as a forensic tool, helps anyone “follow the money” to see where cryptocurrency transactions come from and are sent to, making it difficult for hackers to cover their tracks. This tool allows financial organizations, government bodies investigate security breaches, money laundering, and movements of stolen digital assets.The Way Forward: New Synergy Between Blockchain and CybersecurityBlockchain could potentially improve cybersecurity not only due to decentralization, but also its consensus mechanisms, prevention of data tampering, auditability, encryption, and elimination of single points of failure.This results in a synergistic effect where immutability provides assurance of data integrity, traceability (with the CATV tool), and operational resilience with no single points of failure.As per Deloitte’s Blockchain & Cyber Security report, “If an attacker is able to gain access to the blockchain network, they are more likely to gain access to the data, hence authentication and authorization controls need to be implemented, as is the case with other technologies.”Integrating cybersecurity with blockchain can and likely will result in stronger protection of intellectual property, personal information, health records, financial data, and digital assets.Interested to hear more from us? Follow us on social — Twitter, Telegram, LinkedIn, Facebook or join in the daily security chats on the Uppsala Security forum.Cybersecurity Crucial to Blockchain Adoption was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 05. 28
CATV를 이용한 기업의 자금세탁 방지 및 테러자...
Věra Jourová는 유럽연합집행위원회(European Commission)의 최근 언론 발표에서 “검은 돈(Dirty Money)은 조직 범죄와 테러의 생명줄”이라고 언급했다. Jourová는 유럽연합집행위원회의 소비자 및 양성평등 집행위원이다. 현재 전세계 많은 국가들이 돈세탁과 테러자금에 대항하는 문제를 중요한 외교정책 이슈로 꼽으며 끊임없이 투쟁하고 있다.혁신에는 언제나 단점이 있기 마련이다. 불이 항상 선의의 목적으로 사용되지 않았던 것처럼, 인터넷 역시 악의적인 활동의 수단으로 여전히 이용되고 있다. 블록체인이나 암호화폐와 같은 혁신적인 기술은 과거에는 경험하지 못한 숙제를 가져오기도 한다. 현금과는 달리 디지털 자산은 상대적으로 추적이 용이한 편이지만 동시에 맹점이 있다. 디지털 거래는 더 이상 개인들이 직접 집을 나서 그들의 현금을 물리적으로 타인에게 노출시킬 필요가 없다. 이처럼 디지털 자산은 물리적인 형태가 없기 때문에 신고되지 않은 체로 세관을 쉽게 통과할 수 있고 언제 어디서든 이체가 가능하여 ‘멈출 수 없는 돈’ (unstoppable money) 이라는 타이틀을 갖고 있다.Crypto Analysis Transaction Visualization (CATV) 툴은 Sentinel Protocol에 서 출시한 가장 최신의 보안 솔루션이다. 이제 이 새로운 CATV 툴의 기능이 암호화폐 규제 업계의 판도를 바꿀 것이다.1. 돈세탁 추적 현재 데이터 수집 측면에서 CATV 툴을 능가할 수 있는 제품은 없다. 이 툴은 Sentinel Protocol의 제품군의 핵심인 위협평판데이터베이스(TRDB)에 직접 접근할 수 있기 때문에, 기업, 조직 및 심지어 암호화폐를 취급하는 최종 사용자들로부터 사이버 범죄자나 돈세탁과 연루된 자금과 부주의하게 거래가 이루어지는 것을 방지할 수 있다. 2. 테러자금조달 차단 CATV툴은 특정 지갑이 어떻게 자금을 조달 받고 어디에 자금을 송금시키는지에 대해 확인 가능한, 모니터링 기능을 제공함으로써, 테러리스트 자금 수사건에 있어 핵심적인 조사 수단이 될 수 있다. 단순히 암호화폐 지갑 주소를 검색하는 것만으로, 전체 거래 내역을 한눈에 도식화한 그림으로 확인할 수 있다. 이 시각화 도구를 사용함으로써 이제 도난당한 자금을 단 몇 초 만에 자동 추적할 수 있고, 나아가 테러자금조달을 막을 수도 있는 것이다 . 이처럼 CATV의 사용은 국제 AML 규정 준수에 도움이 될 뿐 아니라, 실제 세상에 긍정적인 영향을 미친다. 지금 바로 CATV 베타버전에 등록하여, 얼리 어답터로서 스스로 암호화폐 거래추적을 시작해 보길 바란다.References: http://europa.eu/rapid/press-release_IP-19-781_en.htmCATV를 이용한 기업의 자금세탁 방지 및 테러자금 추적 was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 05. 09
센티넬 프로토콜, 업계표준(STIX) 지원하는 새...
한국, 2019년 5월 8일 — Sentinel Protocol 이 Interactive Cooperation Framework API (ICF API) 2.0의 출시를 발표했다.최근 IDC 보고서는 아시아/태평양 지역(일본 제외)의 블록체인 솔루션과 관련된 지출이 2022년까지 24억 달러에 이를 것이라고 밝혔다. ICF API 2.0은 이처럼 보안 솔루션에 대해 증가하는 다양한 조직의 수요를 반영하고 있다. 한층 강화된 프레임워크는 이제 사이버 보안 회사에 필수적인 업계표준을 제공할 수 있게 되었다. 가장 중요한 것은 세부 입력 변수가 검색 쿼리의 필터링을 가능하게 한다는 점이다. 쿼리 프로세스에 추가된 필터(최대 10개 필드)는 블랙리스트 주소, 암호 화폐 지갑주소, 위협 범주, 위협 하위 유형, 위협 ID 등에 대한 검색의 범위를 넓힌다.ICF API 2.0은 국제적으로 널리 인정받는 표준 형식인 STIX*를 사용한다. 이렇게 인증된 프레임워크를 사용하게 되면, 사이버 보안 기업, 정부 및 기타 사업체는 보안 규정에 대한 추가 점검을 하지 않아도 되는 이점을 가진다. 또한, 암호화폐 거래소와 기업 고객들은 API 1.0과 2.0두 가지 버전을 각 조직의 니즈에 맞게 선택하여 커스터마이징 할 수 있는 유연성을 갖게 되었다.Sentinel Protocol의 기술 책임자인 노벨 탄은 “ICF API 1.0버전은 주로 암호화폐 거래소를 대상으로 하여 지갑 주소의 악성 여부를 판별하는 것이 특징이었다면, ICF API 2.0은 전통적인 사이버 보안 업계의 주요 고객사인 일반 기업과 정부 기관이 사용하는데 최적화된, 업그레이드된 솔루션이라고 할 수 있다. ICA API 2.0의 표준화된 프레임워크를 통해 보안 규정에 대한 검사를 신속하게 수행할 수 있다”고 말했다.*STIX는 사이버 보안 언어로서, 사이버 보안 위협 정보를 교환하기 위해 고안된 일련의 정보의 집합체이다센티넬프로토콜 (Sentinel Protocol) 정보Sentinel Protocol은 세계 최초의 크라우드 소싱 위협정보 데이터베이스(TRDB) 플랫폼으로, 블록체인의 분권화 및 집단 지성을 활용한 보안기술을 통해 사이버세계를 보호하고 있습니다. 또한 개인과 조직에게 사이버 보안 솔루션을 제시함으로써 악의적인 위협과 공격 및 사기거래로부터 소중한 암호화폐자산을 보호하는 것을 목표로 합니다. Sentinel Protocol의 본사는 싱가폴에 위치하고 있으며, 한국의 서울과 일본 도쿄에도 오피스를 두고 있습니다. Telegram, LinkedIn, Twitter, Facebook 및 Medium에서 Sentinel Protocol 팔로우 해서 최신 소식을 확인해보세요.센티넬 프로토콜, 업계표준(STIX) 지원하는 새로운 ICF API 2.0 출시 was originally published in Sentinel Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.
19. 05. 08