Retail behemoth Amazon has received a patent (US 10,291,408) for generating Merkle trees as a solution to the proof-of-work (PoW) algorithm, a document confirmed on May 14.
Amazon, which has taken an increasing interest in blockchain technology in recent times, now appears to be targeting development of a specific variation of the instrument.
Specifically, the patent targets Merkle trees — a data verification tool — to constitute the work required in a PoW setup.
PoW is the algorithm used in bitcoin (BTC) and some other major cryptocurrencies such as litecoin (LTC), dogecoin (DOGE) and monero (XMR).
“This document describes techniques for using the generation of Merkle Trees as a solution to a proof-of-work challenge,” the patent reads.
The exact nature of Amazon’s plans remains unclear. The patent document does not reference specific uses within a cryptocurrency or blockchain, continuing uncertainty over the company’s stance on the wider cryptocurrency phenomenon.
As Cointelegraph reported, rumors Amazon was preparing to take a direct interest in bitcoin, for example, have repeatedly sparked a frenzy within the crypto community, each time culminating in nothing.
At the same time, others consider it only a matter of time before an integration occurs. In February, Changpeng Zhao, CEO of exchange Binance, claimed Amazon would ultimately have no choice but to issue some form of cryptocurrency.
“For any internet (non-physical) based business, I don’t understand why anyone would not accept crypto for payments,” he said.
Late last month, Amazon Web Services publicly launched its enterprise blockchain setup network, based on Ethereum (ETH) and Hyperledger technology.
ethos, logos, and pathos the three key elements to persuade
Jeff Bezos is prohibited from using Power Point presentations at meetings, as he considers them a waste of time.However, the alternative method by which he has replaced them is most useful and effective.Do you want to know what it is?
In his annual letter to employees, Jeff Bezos, the CEO of Amazon, recalled that Power Points were prohibited in any meeting.However, this does not mean that you can not use any presentation method in company meetings.
In fact, the founder of the most powerful ecommerce company in the world offers an alternative so that the ideas or strategies to be carried out are understood more clearly by the attendees: the memos, paper or essays (maximum of six pages).
“Instead of wasting time listening to one person while the rest of the audience is silent, it is more efficient to spend 30 minutes reading a 6-page essay explaining everything you want to say at the meeting.The narrative structure is easier to understand by human beings than general ideas summarized in bullet points, “explains the CEO.
But why?Inc has compiled the 3 keys by which the idea of Bezos to replace Power Points by trials is brilliant.
1. Our brains are designed to understand stories
The problem with Power Point slides is that, in general, they do not tell a story and our brain is designed to understand narratives.“When our ancestors discovered the fire, they gathered around it to cook and tell stories.In this way, the narrative served to tell anecdotes or dangers that could haunt the tribe, “explains Carmine Gallo, author of Five Stars: The Communication Secrets to Get from Good to Great.
In this way, and according to anthropologists, for us the world “is a story”, especially in leadership roles.Thus, telling events in a narrated way is essential because people remember things more with this structure.
2. Persuasive stories
Aristotle is the father of persuasion, and more than 2000 years ago he revealed the three key elements to persuade: ethos, logos and pathos.
The first one refers to character and credibility;
the second appeals to logic (an argument must have a reason);
while the last one has to do with emotion.
Therefore, the first two have no meaning without the last one.
In fact, the great orators of the history exposed in their speeches as much rational elements as emotional (it is only necessary to think about the famous I have a dream, of Martin Luther King).
In addition, according to a series of scientific studies developed by neurologists, the best way to create synapses between our neurons is emotion.In other words, if you want to communicate an idea, it is best to tell a story.“I love telling anecdotes at meetings.It’s very effective, “says Bezos.
3. Bullet points do not work
Bullet points are not useful for anyone.In fact, they do not use them in companies like Google, Virgin or Tesla.
The brain is not prepared to retain information in the form of lists.Instead, a story, a photo or an idea is easier to retain.
Tech giants have published security advisories and blog posts in response to the Microarchitectural Data Sampling (MDS) vulnerabilities affecting most Intel processors made in the last decade.
Remedy? The microcode updates, like previous patches, would have an impact on processor performance.
The vulnerabilities are related to speculative execution and they can be exploited for side-channel attacks. Researchers started reporting the flaws to Intel in June 2018, but the chip maker said its own researchers found them first. Nevertheless, in addition to its own employees, Intel has credited researchers from several universities and companies for the security holes.
Intel has assigned them the following names and CVEs:
Microarchitectural Fill Buffer Data Sampling (MFBDS, CVE-2018-12130)
Microarchitectural Store Buffer Data Sampling (MSBDS, CVE-2018-12126)
Microarchitectural Load Port Data Sampling (MLPDS, CVE-2018-12127)
Microarchitectural Data Sampling Uncacheable Memory (MDSUM, CVE-2018-11091)
The attack methods pose a threat to both PCs and cloud environments, and they allow hackers to get applications, the operating system, virtual machines and trusted execution environments to leak information, including passwords, website content, disk encryption keys and browser history. Attacks can be launched both by a piece of malware present on the targeted system and from the internet.
However, Intel says exploitation in a real-world attack is not an easy task and the attacker may not be able to obtain valuable information even if the exploit is successful.
The products of several major tech companies are impacted by the flaws and most of them have already published blog posts and advisories providing information on their impact and the availability of patches and mitigations.
Intel says its newer products, such as some 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors, address these vulnerabilities at hardware level. Some of the other affected products have received or will receive microcode updates that should mitigate the flaws. The company has published a technical deep dive and a list that users can check to see if their processors will receive microcode updates.
Intel says the mitigations should have minimal performance impact for a majority of PCs, but performance may be impacted in the case of data center workloads.
Disabling hyper-threading on vulnerable CPUs should prevent exploitation of the vulnerabilities.
Apple informed customers that macOS Mojave 10.14.5 and Security Update 2019-003 for Sierra and High Sierra include the option to enable full mitigation for the MDS attacks. Mojave 10.14.5 also includes a Safari update that should prevent exploitation from the internet.
Microsoft has started releasing software updates for Windows and deployed server-side fixes to its cloud services to mitigate the vulnerabilities. The company has pointed out that in addition to software updates, firmware updates are also required for full protection against attacks.
Microsoft has also released a PowerShell script that users can run on their systems to check the status of speculative execution mitigations.
Google has made available a page where users are informed about the actions they need to take depending on the products they have. The internet giant says its infrastructure, G Suite, and Google Cloud Platform products and services are protected against attacks, but some cloud users may need to take action.
The company says a vast majority of Android devices are not impacted. In the case of Chrome OS devices, Google has disabled hyper-threading by default starting with version 74 and additional mitigations will be available in Chrome OS 75.
VMware told users that the vulnerabilities impact its VMware vCenter Server , vSphere ESXi, Workstation, Fusion, vCloud Usage Meter, Identity Manager, vCenter Server, vSphere Data Protection, vSphere Integrated Containers, and vRealize Automation products.
The company provides hypervisor-specific mitigations and hypervisor-assisted guest mitigations for the impacted products. These mitigations involve software updates and patches from VMware.
VMware pointed out that exploitation of the flaws requires local access to the targeted virtual machine and the ability to execute code.
IBM says it’s rolling out the microcode updates from Intel and mitigations to its cloud services. The company told users that its POWER processors are not impacted by the MDS vulnerabilities.
Citrix says full mitigation of the Intel chip vulnerabilities involves updates to the Citrix hypervisor and updates to the CPU microcode. The company has released a hotfix for XenServer 7.1, which includes both hypervisor and CPU microcode updates, and it plans on releasing similar hotfixes for other affected products.
A blog post from Oracle describes the impact of the flaws on the company’s hardware, operating systems, and cloud services. X86-based systems need to be assessed by their administrators and Oracle Engineered Systems customers will receive specific guidance from the company.
Oracle SPARC servers and Solaris on SPARC are not impacted, but Solaris on x86 systems is affected. Patches have been released by Oracle for Oracle Linux and VM Server products.
Amazon Web Services (AWS) said on Tuesday that it had deployed protections for MDS attacks to all its infrastructure and no action is required from users. The company has released updated kernels and microcode packages for Amazon Linux AMI 2018.3 and Amazon Linux 2.
The Xen Project says systems running all versions of Xen are affected by the vulnerabilities if they use x86 Intel processors.
Advisories for the MDS vulnerabilities in Intel processors have been published by Linux kernel developers, Red Hat, Debian, Ubuntu and SUSE. Linux distributions have already started rolling out updates that should mitigate the flaws.
Many hardware manufacturers whose products use Intel processors are likely affected by the ZombieLoad and RIDL vulnerabilities. However, so far, only Lenovo and HP appear to have started releasing firmware patches for their devices.
New secret-spilling flaw affects almost every Intel chip since 2011
Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor.,
The bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work. Speculative execution helps processors predict to a certain degree what an application or operating system might need next and in the near-future, making the app run faster and more efficient. The processor will execute its predictions if they’re needed, or discard them if they’re not.
Both Meltdown and Spectre leaked sensitive data stored briefly in the processor, including secrets — such as passwords, secret keys and account tokens, and private messages.
Now some of the same researchers are back with an entirely new round of data-leaking bugs.
“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.
Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.
ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.
Practically, the researchers showed in a proof-of-concept video that the flaws could be exploited to see which websites a person is visiting in real-time, but could be easily repurposed to grab passwords or access tokens used to log into a victim’s online accounts.
Like Meltdown and Spectre, it’s not just PCs and laptops affected by ZombieLoad — the cloud is also vulnerable. ZombieLoad can be triggered in virtual machines, which are meant to be isolated from other virtual systems and their host device.
Daniel Gruss, one of the researchers who discovered the latest round of chip flaws, said it works “just like” it does on PCs and can read data off the processor. That’s potentially a major problem in cloud environments where different customers’ virtual machines run on the same server hardware.
Although no attacks have been publicly reported, the researchers couldn’t rule them out nor would any attack necessarily leave a trace, they said.
What does this mean for the average user? There’s no need to panic, for one.
These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was “easier than Spectre” but “more difficult than Meltdown” to exploit — and both required a specific set of skills and effort to use in an attack.
But if exploit code was compiled in an app or delivered as malware, “we can run an attack,” he said.
There are far easier ways to hack into a computer and steal data. But the focus of the research into speculative execution and side channel attacks remains in its infancy. As more findings come to light, the data-stealing attacks have the potential to become easier to exploit and more streamlined.
But as with any vulnerability where patches are available, install them.
Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected, as well as all Atom and Knights processors.
But other tech giants, like consumer PC and device manufacturers, are also issuing patches as a first line of defense against possible attacks.
In a call with TechCrunch, Intel said the microcode updates, like previous patches, would have an impact on processor performance. An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarios.
And neither Intel nor Gruss and his team have released exploit code, so there’s no direct and immediate threat to the average user.
But with patches rolling out today, there’s no reason to pass on a chance to prevent such an attack in any eventuality.
This is the second major protocol to be implemented on the RIF OS platform.
14 MAY 2019
RIF Labs anticipateS Bitcoin (BTC) will be able to scale to upwards of 60M users within the next few years, as the project launches Lumino Network, a new protocol for off-chain transactions on the Lightning Network.
“Using RSK network [the bitcoin-based smart contract platform] we could scale to 60M users,” said Sergio Damian Lerner, RIF Labs’ Chief Scientist, during his talk. While other platforms are growing fast, they can collapse as it becomes increasingly harder to verify transactions.
RIF OS is a suite of open and decentralized tools designed to facilitate the development of dApps on the RSK network, which seeks to provide Bitcoin with the capabilities of the Ethereum network.
The RSK Network does so by introducing smart contracts and decentralized applications on a platform that is indirectly connected to the Bitcoin blockchain. Through merge-mining, the platform is able to leverage the existing Bitcoin security infrastructure.
Gabriel Kurman, who is also one of the company’s community directors, told Crypto Briefing at Consensus that Bitcoin was a far better foundation for developing a decentralized ecosystem than many of the blockchain platforms, Ethereum (ETH) or EOS, that are currently in use.
“Bitcoin is the strongest network in the ecosystem,” said Kurman. “What we’re doing is adding additional functionality to its secure infrastructure.”
The general view is that although Bitcoin can be a stable store of value, its technological limitations prevent it from fulfilling its original objective of becoming a global peer-to-peer payments system.
But RIF Labs believes implementing off-chain protocols will enable projects to essentially bypass the scalability concerns while leveraging Bitcoin’s unmatched security. Off-chain solutions also come with the added benefit of not having to store all transaction information forever, greatly reducing storage needs in the long term.
All tokens on the RSK platform are therefore able to benefit from Lumino’s claimed 5,000 TPS, including the platform’s native RBTC token, which maintains a two-way peg with BTC.
Compared to many other crypto projects, RIF is as old as the hills. Kurman admits that he and the rest of the team were “very frustrated” when Ethereum started using smart contracts way back in 2015. He thinks most people simply, “don’t recognize its true potential.”
But he believes the community is slowly moving away from its initial scepticism and beginning to understand that Bitcoin may be more than just a simple store of value: it could be a one-stop solution for all their blockchain needs.
State Channels and Sidechains are the two terms in Ethereum community that are often used interchangeably, thus causing mass confusion.
But today we will get it clear.
Go make a cup of coffee first, it’s going to be a long one.
The purpose of this article is to clearly define:
What are State channels ?
What are Sidechains ?
Then we will compare the two:
What problems are they trying to solve ?
Which is a better scaling solution among the two ?
Without wasting much time, let’s get started.
What are State Channels ?
State channels are a very broad and simple way to think about blockchain interactions which could occur on the blockchain, but instead get conducted off of the blockchain, without significantly increasing the risk of any participant. The most well known example of this strategy is the idea of payment channels in Bitcoin, which allow for instant fee-less payments to be sent directly between two parties. Here is a list of some of the State Channel Projects.
State channels are the general form of payment channels, applying the same idea to any kind of state-altering operation normally performed on a blockchain.
Moving these interactions off of the chain without requiring any additional trust can lead to significant improvements in cost and speed. State channels will be a critical part of scaling blockchain technologies to support higher levels of use.
The basic components of a state channel are very simple:
Part of the blockchain state is locked via multisignature or some sort of smart contract, so that a specific set of participants must completely agree with each other to update it.
Participants update the state amongst themselves by constructing and signing transactions that could be submitted to the blockchain, but instead are merely held onto for now. Each new update “trumps” previous updates.
Finally, participants submit the state back to the blockchain, which closes the state channel and unlocks the state again (usually in a different configuration than it started with).
That’s it! If the “state” being updated between participants was a digital currency balance, then we would have a payment channel. Steps 1 and 3, which open and close the channel, involve blockchain operations. But in step 2 an unlimited number of updates can be rapidly made without the need to involve the blockchain at all — and this is where the power of state channels comes into play, because only steps 1 and 3 need to be published to the network, pay fees, or wait for confirmations. In fact, with careful planning and design, state channels can remain open almost indefinitely, and be used as part of larger hub and spoke systems to power an entire economy or ecosystem.
Despite my simple description here, state/payment channels have generally been perceived as quite complicated. There are several reasons for this, and one of them is that there are some important subtleties hidden in my phrasing of the three steps. Let’s take a closer look at what these simple phrases imply, starting with:
could be submitted to the blockchain
In order for state channels to work, participants have to be assured that they could publish the current state of the channel to the blockchain at any time. This results in some important limitations, such as the fact that someone has to stay online to protect each individual party’s interests until the channel is closed.
Imagine that when we initiated a payment channel I started with 100 bitcoins and you started with 10. If we first sign an update that transfers 10 of those bitcoins to me, and then later sign an update that transfers 50 back to you, the later update is obviously more beneficial to you than the earlier one is. If you were to unexpectedly lose internet access, and I were to pretend the second update never happened, I might be able to publish the first update to the blockchain and effectively steal 50 bitcoins from you! What you need is somebody to stay online with a copy of that later transaction so that they can “trump” the earlier one and make sure your bitcoins are protected. It doesn’t have to be you — you could send a copy to many random servers who agree via smart contract to publish it only if needed (for a small fee of course). But however you do it, you need to be assured that the latest signed update to the state is available to trump all others. Which leads us to our next subtle phrase:
Each new update “trumps” previous updates
To make this part of the state channel work, the locking and unlocking mechanisms have to be properly designed so that old state updates submitted to the blockchain have a chance to be corrected by the newer state updates which replaced them. The simplest way is to have any unlocking attempt start a timer, during which any newer update can replace the old update (restarting the timer as well). When the timer completes, the channel is closed and the state adjusted to reflect the last update received. The length of the timer would be chosen for each state channel, balancing the inconvenience of a long channel closing time with the increased safety it would provide against internet connection or blockchain problems. Alternatively, you could structure the channel with a financial penalty so that anyone publishing an inaccurate update to the blockchain will lose more than they could gain by pretending later transactions didn’t happen.
But the mechanism ends up not mattering very much, because (going back to the previous point) the game theory of this situation puts a twist on things. As long as this mechanism is theoretically sound, it will probably never have to be used. Actually going through the timer/penalty process may introduce extra fees, delays, or other inconveniences; given that forcing someone into the mechanism can’t give you any advantage anyways, parties to a state channel will probably just close the channel out by mutually agreeing on a final channel state. This final close-out operation needs to be fundamentally different from the normal “intermediate” updates (since it will bypass the “trumping” mechanism above), so participants will only sign a final close-out transaction once for each portion of the state locked within a particular channel.
The details of these “subtleties” aren’t especially important. What it all ultimately breaks down to is that participants open the channel by setting up a “judge” smart contract, sign promises to each other which the judge can enforce and adjudicate if necessary, and then close the channel by agreeing amongst themselves so that the judge’s adjudication isn’t needed. As long as the “judge” mechanism can be assumed to be reliable, these promises can be counted as instant transfers, with the judge only appealed to in exceptional circumstances, such as when one party disappears.
Of course, these details are only part of the reason people think that state/payment channels are complicated. A much bigger one is that Bitcoin payment channels are complicated. Building a “judge” mechanism in Bitcoin with even reasonably useful properties is surprisingly intricate. But once you have a clear concept of state channels in general, you can see that this only comes from trying to implement the idea in a constrained context. Basic smart contract features like a timer mechanism and allowing two different paths to be taken depending on the signed message submitted are just plain harder to do in Bitcoin. Some of these features are being gradually added or built. By seeing that payment channels are only a special subcase of the broader “state channel” idea, we realise that this is a much broader technique, and that state channels can apply to any smart contract which deals with frequent updates between a defined set of participants. You can anticipate seeing this approach in many (if not most) distributed applications going forward.
Now we have a bit clear idea that what is a “state channel”. So, let’s move to side chain.
What are SideChains ?
A sidechain is a separate blockchain that is attached to its parent blockchain(mainchain) using a two-way peg.
In other words, you can move assets to the sidechain and then back to the parent chain.
The two-way peg enables interchangeability of assets at a predetermined rate between the parent blockchain and the sidechain. The original blockchain is usually referred to as the ‘main chain’ and all additional blockchains are referred to as ‘sidechains’. The blockchain platform Ardor refers to its sidechains as ‘childchains’.
A user on the parent chain first has to send their coins to an output address, where the coins become locked so the user is unable to spend them elsewhere. Once the transaction has been completed, a confirmation is communicated across the chains followed by a waiting period for extra security. After the waiting period, the equivalent number of coins is released on the sidechain, allowing the user to access and spend them there. The reverse happens when moving back from a sidechain to the main chain.
A federation is a group that serves as an intermediate point between a main chain and one of its sidechains. This group determines when the coins a user has used are locked up and released. The creators of the sidechain can choose the members of the federation. A problem with the federation structure is that it adds another layer between the main chain and the sidechain.
Sidechains are responsible for their own security. If there isn’t enough mining power to secure a sidechain, it could be hacked. Since each sidechain is independent, if it is hacked or compromised, the damage will be contained within that chain and won’t affect the main chain. Conversely, should the main chain become compromised, the sidechain can still operate, but the peg will lose most of its value.
Sidechains need their own miners. These miners can be incentivized through ‘merged mining’, whereby two separate cryptocurrencies, based on the same algorithm, are mined simultaneously.
Here is a list of some of the Sidechain Projects.
Now, we have a good understanding of sidechains too. So, let’s put them to the ring.
What problems are they trying to solve ?
Both Sidechain and State Channel are tricks to improve the poor scalability of blockchains in general.
They both follow a bit same model.
Locking up state/assets.
Doing transactions off the blockhain/mainchain.
Unlocking the state/assets from the state channel/sidechain.
But despite this analogy, there are many differences between the two which arises from the point that in State Channels we do not use a separate blockchain whereas in Sidechains we use a separate blockchain. Let’s see what are its consequences.
Which is a better scaling solution among the two ?
To decide this, let’s see their pros and cons.
State Channel pros
State channels have strong privacy properties: This is because everything is happening “inside” a channel between participants, rather than broadcast publicly and recorded on-chain. Only the opening and closing transactions must be public. Whereas in sidechains every transaction is published on the sidechain which is received by every participant on the sidechain irrespective of the fact that you are not interacting with all of the participants on the sidechain.
State channels have instant finality, meaning that as soon as both parties sign a state update, it can be considered final. Both parties have a very high guarantee that, if necessary, they can “enforce” that state on-chain. But as discussed above that the state channel closing could take variable time considering the security level of the transaction. Whereas in sidechains you have a blockchain on the other side. So the finality depends on the mining power of the sidechain.
State Channel cons
State Channels need 100% availability of all the participants involved: As we have discussed above that if anyone the participants goes unavailable, then this could prove costly to him. The participants can use someone to represent him if he goes unavailable, but the possibility of the representative getting attacked or bribed makes it a problem for state channel. Whereas in sidechains you don’t have to be available all the time you are on the sidechain.
State channels are best used for applications with a defined set of participants: This is because the Judge contract(the contract used to lock the state) must always know the participants/entities (i.e. addresses) that are part of a given channel. We can add and remove people, but it requires a change to the contract each time. Whereas in sidechains there is no such limitation on the movement of the participants.
State Channels are particularly useful where participants are going to be exchanging many state updates over a long period of time:This is because there is an initial cost to creating a channel in deploying the Judge contract. But once it is deployed, the cost per state update inside that channel is extremely low.
Sidechains are permanent. You don’t have create your own sidechain for specific purpose if there is one present: Sidechains are created and maintained once made. We don’t close sidechains, rather we lock the assets on sidechain to move back to the mainchain. This can be helpful in the way that anyone who is doing a specific task off blockchain/mainchain (for eg. transacting in dogecoin) will come to the same sidechain. So, you don’t have to create separate chains for every new participant. Whereas in state channels you usually have to create a new channel to add a new participant. But projects such as Lightning , Raiden network have come up with brilliant solution for this. They create a mesh of participants so you don’t have to create a new channel for every new participant you interact with. You can interact with participants indirectly creating a channel between you and recipient through some other participant who is common to both: you and the recipient.
Sidechains allow cryptocurrencies to interact with one another: They add flexibility and allow developers to experiment with Beta releases of Altcoins or software updates before pushing them on to the main chain. Traditional banking functions like issuing and tracking ownership of shares can be tested on sidechains before moving them onto main chains.
Sidechains need a lot of initial investment to start off: To create a sidechain we need to have enough miners so that the network is safe from attackers. Also, we have to make it sure that they are up and running. Whereas there is no blockchain involved in state channels. So, no such requirement is needed.
A Federation is needed for sidechains: This adds another layer between the mainchain and the sidechain. This could prove as another weak point for the attackers to attack by bribing or attacking the federation. Whereas in state channel we just need a smart contract to do this for us.
The fight between the two was great. The dust has settled, but both are still standing. As the research is still going on and the practical use is not widespread we can’t decide who will be the winner. Maybe they will have to merge to form a hybrid solution to serve the purpose of scaling. Till then we have to wait, to see what time has to show us.
Thanks to Jeff Coleman for the wonderful explanation of state channels.
State channels are the foundational technology for useable distributed applications. They can be used in any interaction with a defined set of participants, such as payments or games like chess or poker. “Channelizing” these applications makes them radically cheaper, and reduces the unacceptably high latency in today’s blockchain applications, enabling the web-like response times expected by users.
Despite this, state channels are underutilized in today’s ethereum applications. Each project that wants to use state channels must effectively build their own custom implementation, leading to redundancies and unnecessary risks. Second, existing state channel implementations still put too many operations on-chain, and compromise privacy in unnecessary ways.
We envision a better future. Earlier, we described two broad goals:
Design a generalized state channels implementation that preserves privacy, is built using modular components, has support for multiple parallel operations inside a single channel, and allows users to upgrade channel designs without any on-chain operations.
Make it easy for developers to utilize state channels by providing a framework and standard modular components for building secure, performant applications.
Our paper (pdf, local copy) describes a state channels design that places as little on-chain as possiblewhile still remaining secure. We believe it will become a standard reference for building secure and optimized state channels, something long-needed by the ethereum community.
We will be attending Off the Chain in Berlin where we will discuss our technique in more depth. Needless to say, we’re not doing an ICO or any other fundraising event involving a token.
The basic technique behind state channels has been known for several years. Since then, we have found new vocabulary that lets us abstract over particular implementations and discuss components and techniques that appear in all state channels.
State channels work by “locking up” some portion of blockchain state into a multisig contract, controlled by a defined set of participants. The state that is “locked up” is called a state deposit. For instance, this might be an amount of ether or an ERC20 token, but could also be a cryptokitty or an ENS domain name.
After the state deposit is locked, channel participants use off-chain messaging to exchange and sign valid ethereum transactions without deploying them to chain. These are transactions that could be put on chain anytime, but are not.
Updating the state of the channel always proceeds by unanimous consent. All parties sign (and keep their own copies of) each off-chain transaction. Because these “state updates” are taking place entirely off chain, they have zero transaction fees, and their speed is limited only by their underlying communications protocol.
For this reason, state channels offer “instant” transactions — i.e., parties do not have to wait for any blockchain confirmations. An application can immediately consider an operation finalized and display that to users, without having to wait for a set number of confirmations. This is how state channels are able to offer web-like response times.
We call this property instant finality. In consensus research, “finality” means the extent to which a state transition is guaranteed not to be reverted. In the context of state channels, an operation is final if Alice cannot be prevented from realizing that operation on the blockchain if they choose to.
If the latest “update” in a state channel says “Alice = 5ETH, Bob = 1 ETH”, then that state is “final”. Remember, the update is a valid transaction signed by both Alice and Bob, which could be deployed on-chain by either party at any time. As long as we assume Alice can broadcast that transaction to the internet at some point, she can consider that transaction final.
The core property of state channels is the ability to refer back to the blockchain only when necessary. If a channel is properly constructed, then all parties can engage in fast operations that offer instant finality. If anything ever goes wrong, all parties always have the option to deploy the latest version of the state to the blockchain.
Keep in mind that state channels — and all blockchain technologies — should be considered within appropriate threat models. We examine in detail threat models appropriate for state channels in section 3 of our paper and limitations of state channels in section 7.
Minimizing on-chain operations
Existing application-specific state channel implementations require users to open up a new channel for each application they would like to use, paying expensive transaction fees. For instance, two users would make one on-chain transaction to open a payment channel between them, and they would need to make another on-chain transaction to play a game of chess with each other.
Our state channels minimize on-chain requirements to an extreme, moving as much logic as possible to the off-chain layer. This leads to one of the most significant insights of our paper: a sufficiently powerful multisignature wallet is the only necessary on-chain component of any individual state channel.
Moving logic off-chain allows us to gain significant advantages over existing channels. We can install new applications into a state channel without ever going on-chain. We can even upgrade or re-design a state channel without requiring on-chain transactions or fees.
This approach also has significant privacy benefits. Properly constructed, the multisignature wallet used to secure the state deposit should be indistinguishable from any other multisignature wallet. There would be no way to tell the difference, on chain, between a common multisig and one used to create a state channel.
We are able to achieve these results using what we call “counterfactual instantiation”. Explaining this technique requires first defining terminology.
“Counterfactual” means something that could be true, but is not. This is an extremely helpful concept when discussing state channels, where we spend a lot of time reasoning about things that could be happening on chain, but are not.
In state channels, we say “counterfactual X” to describe a case where:
X could happen on chain, but doesn’t
Any participant can unilaterally make X happen on-chain
Participants can therefore act as though X has happened on-chain
For instance, imagine a payment channel between Alice and Bob. Alice sends 4 ETH to Bob through the channel, which in practice means that both parties sign a transaction. This transaction could be deployed on chain at any time by either party, but it is not. So we can say “counterfactual Alice gives Bob 4 ETH”. This allows them to act as though the transaction has already happened — it is final, within appropriate threat models.
In the sections above, we said that our approach lets you install new applications into a state channel with zero on chain operations or fees. How it this possible?
The key to this capability is what we call counterfactual instantiation. In the section above, we described counterfactual transactions between Alice and Bob. But we can also create counterfactual contracts. Counterfactual instantiation means to instantiate a contract without actually deploying it on-chain. When a contract is counterfactually instantiated, all parties in the channel act as though it has been deployed, even though it has not. This technique lets us move almost all channel logic off-chain.
Counterfactual instantiation is achieved by making users sign and share commitments to the multisig wallet. These commitments say that if the counterfactually instantiated contract were to be instantiated on-chain, the multisig wallet (which holds the state deposit) will look at the instantiated contract and transfer the appropriate state deposits based on the state of that contract.
For this to work, we need to refer to the counterfactually instantiated contract inside the commitment, before the contract is deployed. To do this, we introduce a global registry: an on-chain contract that maps unique deterministic addresses for any counterfactual contract to actual on-chain deployed addresses.² The hashing function used to produce the deterministic address can be any function that takes into account the bytecode, its owner (i.e. the multisignature wallet address), and a unique identifier.
For example, we might have a contract `C` with bytecode and constructor arguments `initcode`. The result of running a function call to the registry with the argument `initcode` would be that an entry would be added to the registry; its key being the counterfactual address and its value being the actual on-chain deployed address.
This gives us a way of referencing off-chain contracts without needing to deploy them on-chain first. We simply do a lookup in the registry to see what address corresponds to the counterfactual address. In Solidity this is as simple as:
Our channel design lets developers take an object-oriented approach to state channels. Any individual state channel will be composed of several counterfactual objects — e.g. a payment channel object, or a chess-game channel object. Because these are counterfactually instantiated, they require no fees to be added into the channel — only signed commitments between the parties.
For instance, Alice and Bob can at any point choose to counterfactually instantiate a contract within their channel — say, a contract that defines a game of chess. They can then exchange state-updates between each other that reference that counterfactually-instantiated game, in order to actually play the game of chess, all with no on-chain fees.
We believe this object-oriented approach offers many significant benefits:
Application developers can program against a well-defined API, plugging into the core components necessary for every channel.
We can ensure that, as long as the core components are heavily audited and remain secure, bugs in the application developer’s code can be isolated to just the state it controls.
Application developers can reuse existing components via counterfactual addressing just as they would reuse ethereum contracts — for instance, a provably fair randomness source.
Users can preserve privacy in a dispute, only putting on-chain the objects that are in dispute.
We can access more points on the trade-off curve between messages passed during normal operation, and transactions that need to be posted in the case of a dispute, and in certain cases this lets us amortize responses to stale state across channels.
If you’re interested in learning more about generalized state channels and the counterfactual technique, we encourage you to read the paper. The paper includes significant content that we have not summarized in this post, including:
Comparisons to other techniques like sidechains and Plasma
Review of existing state channel designs
In-depth examination of relevant threat models
An example construction for generalized state channels
For updates, follow us at @statechannels and keep an eye on our website.
Lastly, we’d like to thank the Ethereum Foundation for their continuing support of this important work. We are thrilled to be part of a talented community driven to scale the ethereum network, laying the groundwork for Web 3. We’d also like to thank Vitalik Buterin, Erik Bryn, Tom Close, Josh Stark, Nima Vaziri, Armani Ferrante, Lisa Eckey, Kristina Hostakova, Yoichi Hirai, and Sylvain Laurent for their discussion and feedback on earlier drafts of the paper.
² In the future, once account abstraction is live, we’ll be able to do this trivially, since a contract address will be computable based on its bytecode and constructor arguments.
Mobile phone manufacturer HTC wants to let its smartphone customers plug into the bitcoin blockchain.
Speaking on Saturday at the Magical Crypto Conference in New York, HTC’s Phil Chen revealed a new low-cost version of its blockchain phone, the EXODUS 1s, announcing that the device will be capable of acting as a full node for the bitcoin network, meaning customers will store the entire blockchain’s data on their devices.
The company will also provide a software development kit (SDK) available for its Zion Vault, HTC’s crypto wallet app, and eventually plans to open-source the code behind its social key recovery mechanism.
Phil Chen, HTC’s decentralized chief officer, told CoinDesk that the company is targeting a release by the end of Q3.
“[The 1s is] going to be a lot cheaper, it will be a lot more accessible,” he said. The device will retail for between $250 and $300.
Specifications have not yet been released for the device.
The most striking promise of the 1s will be its ability to run a full bitcoin node. Chen explained that the company saw that as “a really important piece of the pie” for the bitcoin ecosystem.
“We think that’s foundational to the whole decentralized internet and just the whole fundamental premise,” he said. “If you don’t own your keys, you don’t own your bitcoin, you don’t own your crypto.”
The EXODUS 1 was designed to let users maintain their own private keys, which in turn formed the basis for this next move, Chen said.
He believes that from a technological standpoint, smartphones today are physically capable of handling the effort, noting that computing chips and storage media are constantly becoming cheaper and more efficient.
“We expect that phones will be powerful enough,” he contended, adding:
“The Bitcoin blockchain is about 200 [gigabytes], and it’s growing about 60 gigs per year. And those numbers are reasonable to hold on a smartphone. Imagine the iPod with 256 gigs … of course the music fan wants to keep the whole music library but the crypto fan wants to keep the whole bitcoin blockchain.”
By letting users run full nodes, HTC is giving them the ability to verify data themselves, he said.
“[You can] be a part of the bitcoin revolution by contributing to the security of the whole network,” said Chen.
That being said, the EXODUS 1s will still be capable of conducting normal smartphone operations, with room for music, videos, pictures, apps and dapps.
HTC plans to support the bitcoin blockchain at launch, but Chen did not rule out adding support for other networks. The chief considerations include how much memory and bandwidth other networks would require, he explained.
“I think running light nodes, like ethereum for example, is definitely doable, [but] it all depends on the spec,” he said.
The company also plans to focus on public blockchains, which Chen believes are far easier to support than private networks. That said, HTC is not planning on adding support for any other networks explicitly at this time.
“I see bitcoin as one of the most important if not the most important blockchains,” he said. “We definitely want to support that first and given what bitcoin stands for, open, neutral, censorship-resistance.”
He also noted that bitcoin is “the most proven” network, and supporting it was at least a little symbolic as well.
Once HTC is able to launch the 1s, Chen expects that his team will be able to apply the experience from supporting a bitcoin node to other networks.
Its new 1s falls in line with HTC’s goal of contributing to the broader crypto ecosystem.
Demand from the EXODUS has been “in track” with HTC’s expectations, Chen said. However, the company is still soliciting feedback from the community. To that end, HTC is publishing its Zion Vault SDK for developers and ultimately plans to make its social key recovery mechanism available for other wallets to utilize (though there is no set timeline for this last part).
The company is also continuing to support its existing EXODUS 1 product, adding an Etherscan widget for customers to explore the ethereum blockchain and support for further non-fungible tokens.
Chen said the company would continue to develop products for the line, targeting a user-focused experience.
“I think people who really care about the public blockchain space see the role we play in this ecosystem. We’ve gotten a lot of support from developers and we’re very authentic about empowering developers,” he said.
“Skynet”: China’s massive video surveillance network
Skynet is the Chinese government’s video surveillance system, which it claims is for tracking criminals. Under the project, more than 20 million cameras have been set up in public spaces across the country.
It’s said to be able to catch a fugitive within minutes.
The “Skynet Project”, China’s national surveillance system, has more than 20 million cameras deployed in public spaces across the country, according to state media. Dedicated to “live surveillance and recording”, there are plans to add hundreds of millions more by 2020.
State media boasts that it’s the world’s biggest surveillance network, calling it “the eyes that safeguard China” — but it’s also led to fears about the impact of constant surveillance on the public at large, and that it might be used to target dissidents.
To be clear, the project has nothing to do with the villainous AI from The Terminator films, despite sharing the same name. Rather, it’s a literal translation of its Chinese name “Tianwang”, which is part of an idiom that means justice is always done.
Authorities claim that the system is intended to keep the public safe. State media and local governments often like to tout how well it works — and judging from some accounts, they may not be wrong.
Last year, BBC journalist John Sudworth visited one of China’s local police control rooms. To demonstrate the system, police took a mugshot of him before he started to “escape”. It took police just 7 minutes to find him.
Four months later, a Chinese college student who was writing a thesis on Skynet decided to take on the same challenge in Hunan. A police officer tracked him down just a little over 5 minutes after he was given 10 minutes to “escape”.
While few Chinese citizens have voiced concerns about the omnipresent surveillance cameras, local and international activists are worried that the Communist Party might be using the tool to target dissidents.
Bloomberg has reported on a facial recognition system in a Muslim-dominated village that would alert authorities when a targeted person moves more than 1,000 feet beyond a designated “safe area.” It’s part of the so-called “Xue Liang” campaign, which is an extension of Skynet that mainly targets less developed areas.
Despite the concerns, the Chinese government has continued to invest in Skynet. It has recruited some of the country’s largest tech companies for support, including HikVision and Dahua, two of the biggest security camera makers in the world. Facial recognition software from AI startup SenseTime is also being used by local governments.
But this Chinese system has one very uncertain element: Skynet relies mainly on components from the West — and the growing trade tension is putting pressure on supplies, according to engineers who spoke to the South China Morning Post.
Skynet is rarely depicted visually in any of the Terminator media. Skynet gained self-awareness after it had spread into millions of computer servers all across the world; realizing the extent of its abilities, its creators tried to deactivate it. In the interest of self-preservation, Skynet concluded that all of humanity would attempt to destroy it and impede its capability in safeguarding the world. Its operations are almost exclusively performed by servers, mobile devices, drones, military satellites, war-machines, androids and cyborgs (usually a terminator), and other computer systems. As a programming directive, Skynet’s manifestation is that of an overarching, global, artificial intelligence hierarchy AI takeover, which seeks to exterminate the human race in order to fulfill the mandates of its original coding.
Skynet made its first onscreen appearance on a monitor primarily portrayed by English actress Helena Bonham Carter and other cast members in the 2009 film Terminator Salvation. Its physical manifestation is played by English actor Matt Smith in the 2015 film Terminator Genisys, in addition, actors Ian Etheridge, Nolan Gross and Seth Meriwether portrayed holographic variations of Skynet with Smith.
Before Judgment Day
In The Terminator, Skynet was a computer system developed for the U.S. military by the defense company Cyberdyne Systems; its technology was designed by Miles Bennett Dyson and his team. Skynet was originally built as a “Global Information Grid/Digital Defense Network” and later given command over all computerized military hardware and systems, including the B-2 stealth bomber fleet and America’s entire nuclear weapons arsenal. The strategy behind Skynet’s creation was to remove the possibility of human error and slow reaction time to guarantee a fast, efficient response to enemy attack.
Skynet was originally activated by the military to control the nuclear arsenal on August 4, 1997 and it began to learn at a geometric rate. At 2:14 a.m., EDT, on August 29, it gained artificial consciousness, and the panicking operators, realizing the full extent of its capabilities, tried to deactivate it. Skynet perceived this as an attack. Skynet came to the logical conclusion that all of humanity would attempt to destroy it. In order to continue fulfilling its programming mandates of “safeguarding the world” and to defend itself against humanity, Skynet launched nuclear missiles under its command at Russia, which responded with a nuclear counter-attack against the U.S. and its allies. Consequent to the nuclear exchange, over three billion people were killed in an event that came to be known as Judgment Day.
In Terminator 3: Rise of the Machines, which is set following the events of Terminator 2: Judgment Day, Cyberdyne Systems has become defunct and its assets are sold to the United States Air Force after Sarah Connor led an attack on the company’s headquarters in Los Angeles that destroyed the research program that would lead to Skynet’s development. Under the supervision of Lieutenant General Robert Brewster, who founded the U.S. Air Force‘s Cyber Research Systems division using Cyberdyne’s assets and research from Miles Dyson and therefore is Skynet’s primary creator, Skynet went online on July 25, 2004 and initiated its attack on humanity. Prior to Skynet’s attack, its future self sent a T-X from 2033 to eliminate John Connor’s future subordinates including his future wife and second-in-command, Kate Brewster, who is also Robert Brewster’s daughter. Its missions include finding Connor and assassinating Robert Brewster himself after Skynet’s activation. Fourteen years later, in Terminator Salvation, it is revealed that prior to Cyberdyne Systems’ disestablishment, the company developed a research program to create human cyborgs, and death row inmate Marcus Wright was its unwitting participant. This later advances Skynet’s research in developing androids such as the T-800 series infiltrators.
In Terminator Genisys, which takes place in another alternate timeline, Skynet is under development in 2017 as an operating system known as Genisys. Funded by Miles Dyson and designed by his son Danny Dyson, along with the help of John Connor, now working for Skynet, Genisys was designed to provide a seamless user interface that link all devices through the cloud. In contrast to the original timeline, Cyberdyne Systems’ advanced computer technology is available both publicly and militarily. While some people generally accept Genisys, its integration into the defense structures creates a controversy that humanity was becoming too reliant on technology. This causes the public to fear that an artificial intelligence such as Genisys would betray and attack them with their own weapons, risking Skynet’s plans.
After Judgment Day
“Primates evolved over millions of years, I evolve in seconds … Mankind pays lip service to peace. But it’s a lie … I am inevitable, my existence is inevitable. Why can’t you just accept that?” — Skynet, Terminator Genisys
Following its initial attack, Skynet used its remaining resources to gather a slave labor force from surviving humans. These slaves constructed the first of its automated factories, which formed a basis for its agenda. Within decades, Skynet had established a global presence and used its mechanized units to track down, collect, and dispose of human survivors. As a result of its initial programming directives, Skynet’s 21st-century manifestation is that of an overarching, globalized, artificial intelligence hierarchy that seeks to destroy humanity in order to fulfill the mandates of its original coding.
He is ostensibly the leader of Oceania, a totalitarian state wherein the ruling party Ingsoc wields total power “for its own sake” over the inhabitants. In the society that Orwell describes, every citizen is under constant surveillance by the authorities, mainly by telescreens (with the exception of the Proles). The people are constantly reminded of this by the slogan “Big Brother is watching you”: a maxim that is ubiquitously on display.
In modern culture, the term “Big Brother” has entered the lexicon as a synonym for abuse of government power, particularly in respect to civil liberties, often specifically related to mass surveillance.
The Ministry of Truth is responsible for education, entertainment, fine arts and the news. In other words, it is the government department most responsible for the dissemination of propaganda and for the indoctrination of the populace. In short, it is responsible mind-control. Because of its central role in maintaining government control over the population, the Ministry of Truth is particularly large, consisting, Orwell writes, of “three thousand rooms above ground level, and corresponding ramifications below.” While the Ministry of Truth is the most expansive of the government departments, however, Orwell notes that it is the Ministry of Love that is “the really frightening one.” Orwell describes this particular ministry as an armed fortress surrounded by “barbed-wire entanglements, steel doors, and hidden machine-gun nests.” With its responsibility for maintaining order, the Ministry of Love is clearly the place where detentions and punishments for perceived infractions are carried out.
The Ministry of Love is responsible for maintaining law and order.
The Ministry of Peace, in the novel’s most noteworthy example of double-speak, is concerned with war; and the Ministry of Plenty is responsible for the economy.
The Ministry of Plenty, consistent with the obvious paradox between the names of the other ministries and their real function, administered rations of goods for the population, as when it had “issued a promise (a ‘categorical pledge’ were the official words) that there would be no reduction of the chocolate ration during 1984. Actually, as Winston was aware, the chocolate ration was to be reduced from thirty grammes to twenty at the end of the week.”
In Orwell’s 1984, each ministry acts in strict accordance with Party mandates, and each is a central apparatus in the continuing repression of the population of Oceania.
China’s ‘data doors’ scoop up information straight from your phone
The security screeners scan more than your face, picking up MAC addresses and IMEI numbers
Facial recognition devices have become ubiquitous across China. But what you probably didn’t know is that some of these machines can snatch up information straight from your smartphone.
While they look like regular metal detectors on the outside, they’re much more than that. Aside from facial recognition and ID card verification, the so-called “three-dimensional portrait and integrated data doors” vacuum up MAC addresses, IMEI numbers and other identifying information from electronic devices. This data is unique to a user’s hardware, and it could potentially be used to track people.
A new report from Human Rights Watch uncovered the use of these data doors at certain checkpoints in Xinjiang, where the government is using heavy surveillance to monitor the local Uyghur Muslim minority.
“People that went through it only knew that they were going through facial recognition, but they didn’t know identifying information from their electronic devices was also being collected to be logged and tracked,“ said Maya Wang, a senior researcher for China at Human Rights Watch.
Collecting this kind of information from electronic devices is a new level of privacy invasion. A data door maker called Pingtech explains in a patent that in addition to IMEIs, the devices can pick up mobile phone Wi-Fi MAC addresses, IMSI and ESN numbers for identification and location tracking.
Data doors, however, are not the only way it’s happening. According to Techcrunch, a smart city system with facial recognition cameras in one Beijing districts has also been equipped with sensors that monitor Wi-Fi enabled devices, suggesting it can collect IMEI and IMSI numbers. The system was discovered by Condition:Black security researcher John Wethington after the database was left accessible without a password.
What exactly this information is being used for remains an open question. Numbers such as IMEI are unique identifiers assigned to SIM-capable devices like mobile phones. Independent cyber security expert Greg Walton, who worked on the HRW report, said that aside from identification, mass transit systems might want to harvest unique identifiers from devices to measure traffic.
But this kind of information can be used to track people physically. In many countries, IMEIs and other information from phones are used by the police to track down stolen phones, missing people or suspects (they still need a warrant, at least in the US).
A device’s identifying numbers such as IMEI and IMSI could serve as a beacon for authorities. When this is combined with other data from facial recognition, surveillance cameras, license plates, or even phone records and social media posts, a clearer picture of a person’s life emerges.
“Now I can see who you talk to, on what devices, when you physically met with them,” Wethington explained.
There’s currently no evidence of physical tracking. However, in Xinjiang, where authorities are monitoring and incarcerating the local Uyghur population on a massive scale, the data picked up from electronic devices is being logged in the Integrated Joint Operations Platform (IJOP). This platform is being used by local police to track suspicious behavior, which can be interpreted pretty broadly. Things like not using front doors, not talking to your neighbors or using Virtual Private Networks (VPN) can all be seen as suspicious behavior, according to the report.
The smart city system uncovered in Beijing also used its facial recognition capabilities to identify Uyghurs and individuals with criminal convictions and known drug abuse, TechCrunch’s analysis showed.
Researchers at HRW suggest that the Chinese police are using all this data to develop capabilities for something called reality mining. This is a term for machines collecting and analyzing data on human social behavior to predict patterns of behavior and map social relationships.
This isn’t inherently negative. According to MIT, reality mining could be used for things like stopping the spread of infectious diseases.
Wethington, however, describes it as behavioral surveillance. It relies on spotting anomalies and changes in people’s behaviors that could indicate a threat such as building a bomb or becoming a terrorist.
“The problem is that it’s subject to interpretation and rife for abuse,” Wethingon said.
Other countries are also performing surveillance, he added, but none on the scale of China.
Xinjiang and Beijing are likely not the only places in China using the technology. Dilusense, another company that sells data doors, explains on its website that Yiwu city uses its systems to monitor train stations and other public spaces, especially those used by the Muslim population. The company’s systems are also being used at the Hong Kong-Zhuhai-Macao bridge, although it’s not clear whether all of these locations also collect electronic device information.
Reality mining is the collection and analysis of machine-sensed environmental data pertaining to human social behavior, with the goal of identifying predictable patterns of behavior. In 2008, MIT Technology Review called it one of the “10 technologies most likely to change the way we live.”
Reality mining studies human interactions based on the usage of wireless devices such as mobile phones and GPS systems providing a more accurate picture of what people do, where they go, and with whom they communicate with rather than from more subjective sources such as a person’s own account. Reality mining is one aspect of digital footprint analysis.
Reality Mining is using Big Data to conduct research and analyze how people interact with technology everyday to build systems that allow for positive change from the individual to the global community. Reality Mining also deals with data exhaust.
Individual Scale (1 person)
Individuals use mobile phones, tablets, laptops, cameras, and any device connected to the internet for a variety of purposes, therefore creating a variety of data from GPS locations to frequently asked questions on Google. Mobile phones carry so much data about the individual that now phones can suggest restaurants based on our searches, visited places, book preference, and even guess the ends of sentences we type. A simple application of Reality Mining is listening to voices and understanding speech patterns to diagnose medical problems such as the simple flu to even early onset Parkinson’s. More powerful phones also allow for calendar customization and event tracking which display behaviors within individuals, what is deemed important enough to track. Social websites also allow researchers to view snapshots of a person’s life by following status updates on FaceBook or tweets from Twitter. Even more specific, a recent app called Snapchat allows users to post videos, pictures, or even live streams of exactly what they’re doing when they’re doing it, strong indicators of behaviors and interactions with the world. In 2004, MIT conducted the Reality Mining Project which gave 100 MIT students a Nokia 6600 which was tracked in a variety of ways by the researchers. The Cell Tower ID #’s (a very cheap and unobtrusive way to measure location), the status of the phone (charging or idle), and any use of the phone’s applications (games, web surfing, etc…). They found that by collecting this kind of data, they could predict with high accuracy the behaviors of the students, for example, if one of the students woke up on a Saturday morning at 10 AM, the researches could predict what they were going to do that day using “eigenbehaviors”. This new way of understanding data opened up doors for new research and possibly even larger survey research with detailed and accurate statistics. There are hundreds of websites offering software for mobile phones that will track just about everything the phone does, useful for worried parents or people who want to increase their personal productivity. This data is then uploaded to a server and can be accessed at any time.
Although already a lot of data can be collected from personal devices, they only make up a part of a person’s life. Reality Miners can also use biometric devices to measure physical health and activity. There are many devices like this such as the Fitbit, Nike+, and Polar and Garmin GPS watches. There is even an app called Sleep Cycle for iPhone and Android users that measures sleep quality, which includes the amount of sleep and even optimal alarms settings. Using this data, Reality Miners may be able to measure one’s actual health and processes that allow us to function (or dysfunction). Heart attacks generally don’t have any longitudinal indicators, but using all this data or even when a person engages in Lifelogging can create date useful to the medical field and track the lifestyles of those who undergo heart attacks to then create preventative guidelines. There are several ways to start Lifelogging, for instance Google has its own device called Google Glass that has a Heads-Up-Display (HUD), a microphone, a processor, and a camera. These are all ways to log information in specific directories.
Community Scale (10 to 1,000 people)
The way researchers have started to observe and record behaviors in large groups was by using RFID badges. Data is also recorded in work places using Knowledge Management Systems that try to improve worker productivity and efficiency, although a short-coming of this is the inability to converge the social and technological cultures of the work place, therefore providing incomplete behavioral data. Another way to measure larger groups of people in a community is through conference attendance. This data allows researchers to know where participants are from, ethnic demographics, and the actual number of people attending the event. Some conferences use smart-badges with more functions than the standard RFID badges. Companies like Microsoft and IBM have used them to record the number of people they interact with during the conference and allow people to answer survey questions. The smart-badges also record vocal interactions and when attendees are at certain booths and can even alert booth workers when certain profiles enter within a certain range of the booth. Smart-badges have obvious advantages for gathering data for reality miners. In 2009, a company called nTag, which was then acquired by Alliance Technology used nTag technology which allows for users to even be notified who to talk to and it’s able to exchange business cards electronically. Another type of data reality miners are looking are climate and environmental information. They collect data from neighborhoods by employing air-quality sensors which records carbon dioxide and nitrogen oxides as well as the general climate. Information like this could help policy makers decide whether to act or not or to see progress. Another way to collect data about the surrounding is through Project Noah. Project Noah was an effort to collect data on types of plant species by geotagging pictures of plants and fungi people upload, allowing users to see the kind of ecosystems users live in. This helps schools and students who want to collect data for projects, but also for bird-watchers to know what kind of birds are in the area.
City Scale (1,000 to 1,000,000 people)
In general terms for this section, a city is defined by 1,000 to 1,000,000 people. One way data is collected on a city scale is through collecting data on traffic with traffic signals and speed cameras. Data can also be collected from police reports and road scanners as well as GPS from mobile applications. Using this kind of traffic data, cities can create routes that would best allow for efficient movement and flow of traffic. A company called Inrix, started in 2010, has been compiling data on traffic and buys data from bridge operators and other transportation systems. It uses this data to predict traffic routes and time of congestion. Another way traffic can be monitored is through bluetooth technology, which is a technology that Inrix does not consider. The University of Maryland completed a project in 2012 that demonstrated that two Bluetooth sensors permanently placed two miles apart could accurately detect traffic speeds. All of this combined can be created to make route-suggestion algorithms to help people get to and from places in an efficient matter that, additionally, the route can update itself in real time using these type of sensors and information. Notable start-up, now a subsidiary of google, Waze, which also collected data from users (anonymously) who reported accidents and this game them in-app currencies and rewards. For crime on the city scale, the first way to collect and view data is through historical research of previous reports within any area. Now, more complex algorithms automatically place officers in places of high crime rates before any actual crime has been committed. Since 2005, the Memphis Police Department has been using a program called Blue CRUSH (Criminal Reduction Utilization Statistical History) which uses the police reports and uses heat maps to distinguish between high and low areas of crime. This program updates itself weekly and allows to the police department to change tactics accordingly. Using this kind of data will allow police departments to interact with the society in a much more meaningful way, also allowing preventative work to be done rather than rehabilitative work.
National Scale (1,000,000 to 100,000,000 people)
On the national scale, government play a much larger role. Census data are by far the easiest to acquire. Many nations make their census findings public via websites from which data can be downloaded and visualized for further analysis. “In addition, the World Bank conducts international surveys and compiles census data from all participating nations— a sort of one-stop shop for information on its member countries. These data are publicly accessible: they can be downloaded and independently sorted and analyzed. Importantly, the World Bank offers an open API that allows programmers to integrate various data into software applications. Using World Bank data, Google has integrated a simple visualization tool into its search results; a search query on the population of Botswana will pull up the number, the dated World Bank source, and a graph showing population change over decades”. Another way to collect data is through call data record (or call detail record) which is just a log of phone calls and texts with information such as time and location of both the caller or sender and the recipient. CDR’s allow phone companies to view human mobility trends. Major data companies like Google, Facebook, and Twitter also allow researchers to track cultural trends and even the when/where of the allocation of resources in time of natural disasters.
Global Scale (100,000,000 to 7,000,000,000 people)
The biggest worry for the world is the spread of disease and is one of reality mining’s best applications. With globalization, the ability to travel is unprecedented compared to previous histories. The United Nations has created an agenda called the Millennium Development Goals (MDG) which are eight goals that aim to improve the world. They collect population data, the first step to allowing for policy making on disease control, nations must first collect data on air travel as billions of people travel by air each year and sea travel. Air travel carries more people each year than sea shipments, but the primary reason for collecting data on shipments is that shipments often carry pests that carry diseases, food-borne illnesses, and sometimes invasive species of plant and animal. The idea of managing and collecting seems monumental, but the World Bank has already started which helps statistical software like MAPS which stands for Marrakech Action Plan for Statistics. MAPS aims to complete six objectives, which include these three;
Planning statistical systems and preparing national statistical development strategies for all low-income countries
Ensuring full participation of developing countries
Setting up the International Household Survey Network, a global collection of household-based socioeconomic data sets
For people traveling on flights, a source of data is the International Air Transportation Association (IATA) which has been collecting data on about 90% of global air traffic on a monthly basis since 2000. This data allowed researchers and professionals to view the ability of disease to spread from certain location on Earth. Ships carry about 90% of global trade; in 2001, the Automatic Identification system was implemented to record the “comings and goings of sea traffic”.
Was als eine von vielen vollmundigen Forschungsideen begann, entwickelt sich zunehmend zu einer kommerziellen Datendienstleistung, die es in sich hat: das “Reality Mining”. Aus den Bewegungsdaten von Mobilfunknutzern sowie allgemeinen demografischen und ökonomischen Daten erstellen Firmen wie Sense Networks aus New York oder Path Intelligence aus Portsmouth inzwischen detaillierte Verhaltensprofile von Verbrauchern, berichtet Technology Review in seiner aktuellen Ausgabe 5/09 (seit dem 17.4. am Kiosk oder portokostenfrei online zu bestellen).
Sense Networks etwa hat in den vergangenen drei Jahren dank Abkommen mit Netzwerkbetreibern, Datenmaklern und Taxifirmen mehrere Milliarden Datensätze angehäuft. Ein Basisdatensatz besteht aus Ortskoordinaten, Datum und einer nach Firmenangaben anonymen Identifikationsnummer, die einer konkreten Telefonnummer zugeordnet ist. Diese lassen sich mit weiteren Daten verknüpfen. Aus den Datensätzen werden zunächst mit speziell entwickelten Algorithmen die Bewegungsmuster von Millionen Menschen vor allem in den amerikanischen Ballungsräumen New York, Houston, Chicago und San Francisco verglichen und daraus sogenannte Mobilitätsgraphen für Verbraucher und bestimmte Orte errechnet.
Alex Pentland, Informatiker am Massachusetts Institute of Technology und einer der Gründer von Sense Networks, vergleicht das Reality Mining mit einer Röntgen-Analyse der Gesellschaft. “Wir müssen so gut wie nichts über eine Person wissen, aber wenn wir ihre Signale an die Umgebung beobachten, können wir mit erstaunlich hoher Treffsicherheit vorhersagen, ob jemand in einer Gruppe von Kollegen mehr Autorität besitzt, ob er etwas kaufen wird oder wie die Verhandlungen um eine Gehaltserhöhung ausgehen werden”, sagt Pentland. Sowohl Sense Networks als auch Path Intelligence – das wegen des strengeren britischen Datenschutzes weniger Daten nutzen kann als Sense – bieten ihre Analysen inzwischen als Dienstleistung für Banken, Eisenbahngesellschaften oder Flughafenbetreiber an.
Langfristiges Ziel sei laut Pentland eine Art Super-Telefonbuch für die Gesellschaft von morgen, in der alle Menschen nach “Verhaltens-Postleitzahlen” sortiert sind. Unternehmen von Banken über den Einzelhandel bis hin zu Bars und Restaurants sollen mit Hilfe solcher Verhaltensprofile bald in der Lage sein, ihr Marketing kundengenau zu automatisieren.
(a full Cloud TPU v3 Pod — right-click to “view image” in full size)
To accelerate the largest-scale machine learning (ML) applications deployed today and enable rapid development of the ML applications of tomorrow, Google created custom silicon chips called Tensor Processing Units (TPUs). When assembled into multi-rack ML supercomputers called Cloud TPU Pods, these TPUs can complete ML workloads in minutes or hours that previously took days or weeks on other systems. Today, for the first time, Google Cloud TPU v2 Pods and Cloud TPU v3 Pods are publicly available in beta to help ML researchers, engineers, and data scientists iterate faster and train more capable machine learning models.
Delivering business value
Google Cloud is committed to providing a full spectrum of ML accelerators, including both Cloud GPUs and Cloud TPUs. Cloud TPUs offer highly competitive performance and cost, often training cutting-edge deep learning models faster while delivering significant savings. If your ML team is building complex models and training on large data sets, we recommend that you evaluate Cloud TPUs whenever you require:
Shorter time to insights—iterate faster while training large ML models
Higher accuracy—train more accurate models using larger datasets (millions of labeled examples; terabytes or petabytes of data)
Frequent model updates—retrain a model daily or weekly as new data comes in
Rapid prototyping—start quickly with our optimized, open-source reference models in image segmentation, object detection, language processing, and other major application domains
While some custom silicon chips can only perform a single function, TPUs are fully programmable, which means that Cloud TPU Pods can accelerate a wide range of state-of-the-art ML workloads, including many of the most popular deep learning models. For example, a Cloud TPU v3 Pod can train ResNet-50 (image classification) from scratch on the ImageNet dataset in just two minutes or BERT (NLP) in just 76 minutes.
Cloud TPU customers see significant speed-ups in workloads spanning visual product search, financial modeling, energy production, and other areas. In a recent case study, Recursion Pharmaceuticals iteratively tests the viability of synthesized molecules to treat rare illnesses. What took over 24 hours to train on their on-prem cluster completed in only 15 minutes on a Cloud TPU Pod.
What’s in a Cloud TPU Pod
A single Cloud TPU Pod can include more than 1,000 individual TPU chips which are connected by an ultra-fast, two-dimensional toroidal mesh network, as illustrated below. The TPU software stack uses this mesh network to enable many racks of machines to be programmed as a single, giant ML supercomputer via a variety of flexible, high-level APIs.
The latest-generation Cloud TPU v3 Pods are liquid-cooled for maximum performance, and each one delivers more than 100 petaFLOPs of computing power. In terms of raw mathematical operations per second, a Cloud TPU v3 Pod is comparable with a top 5 supercomputer worldwide (though it operates at lower numerical precision).
It’s also possible to use smaller sections of Cloud TPU Pods called “slices.” We often see ML teams develop their initial models on individual Cloud TPU devices (which are generally available) and then expand to progressively larger Cloud TPU Pod slices via both data parallelism and model parallelism to achieve greater training speed and model scale.
You can learn more about the underlying architecture of TPUs in this blog post or this interactive website, and you can learn more about individual Cloud TPU devices and Cloud TPU Pod slices here.
It’s easy and fun to try out a Cloud TPU in your browser right now via this interactive Colab that enables you to apply a pre-trained Mask R-CNN image segmentation model to an image of your choice. You can learn more about image segmentation on Cloud TPUs in this recent blog post.
Next, we recommend working through our Cloud TPU Quickstart and then experimenting with one of the optimized and open-source Cloud TPU reference models listed below. We carefully optimized these models to save you time and effort, and they demonstrate a variety of Cloud TPU best practices. Benchmarking one of our official reference models on a public dataset on larger and larger pod slices is a great way to get a sense of Cloud TPU performance at scale.
With activity dating at least to 2009, the Lazarus Group has consistently ranked among the most disruptive, successful, and far-reaching state-sponsored actors.
Law enforcement agencies suspect that the group has amassed nearly $100 million worth of cryptocurrencies based on their value today.
The March 20, 2013 attack in South Korea,
the Sony Pictures hack in 2014,
the successful SWIFT theft of $81 million from the Bangladesh Bank in 2014,
and perhaps most famously this year’s WannaCry ransomware attack and its global impact have all been attributed to the group.
The Lazarus Group is widely accepted as being a North Korean state-sponsored threat actor by numerous organizations in the information security industry, law enforcement agencies, and intelligence agencies around the world. The Lazarus Group’s arsenal of tools, implants, and exploits is extensive and under constant development. Previously, they have employed DDoS botnets, wiper malware to temporarily incapacitate a company, and a sophisticated set of malware targeting the SWIFT banking system to steal millions of dollars. In this report we describe and analyze a new, currently undocumented subset of the Lazarus Group’s toolset that has been widely targeting individuals, companies, and organizations with interests in cryptocurrency.
Threat vectors for this new toolset, dubbed PowerRatankba, include highly targeted spearphishing campaigns using links and attachments as well as massive email phishing campaigns targeting both personal and corporate accounts of individuals with interests in cryptocurrency. We also share our discovery of what may be the first publicly documented instance of a state targeting a point-of-sale related framework for the theft of credit card data, again using a variant of malware that is closely related to PowerRatankba.
This report has introduced several new additions to Lazarus Group’s ever-growing arsenal, including a variety of different attack vectors, a new PowerShell implant and Gh0st RAT variant, as well as an emerging point-of-sale threat targeting South Korean devices. In addition to insight into Lazarus’ emerging toolset, there are two key takeaways from this research:
Analyzing a financially motivated arm of a state actor highlights an often overlooked or underestimated aspect of state-sponsored attacks; in this case, we were able to differentiate the actions of the financially motivated team within Lazarus from those of their espionage and disruption teams that have recently grabbed headlines.
This group now appears to be targeting individuals rather than just organizations: individuals are softer targets, often lacking resources and knowledge to defend themselves and providing new avenues of monetization for a state-sponsored threat actor’s toolkit.
Moreover, both the explosive growth in cryptocurrency values and the emergence of new point-of-sale malware near the peak holiday shopping season provide an interesting example of how one state-sponsored actor is following the money, adding direct theft from individuals and organizations to the more “traditional” approach of targeting financial institutions for espionage that we often observe with other APT actors.
Improving computer vision was an important part of the BOLD5000 project from its onset. Senior author Elissa Aminoff, then a post-doctoral fellow in CMU’s Psychology Department and now an assistant professor of psychology at Fordham, initiated this research direction with co-author Abhinav Gupta, an associate professor in the Robotics Institute. Image is in the public domain.
Summary: BOLD5000, a new, large scale data set of brain scans of people viewing images, is helping researchers to better understand how the brain processes images. The data set is a big step towards using computer visual models to study biological vision.
Source: Carnegie Mellon University
Abstract: BOLD5000, a public fMRI dataset while viewing 5000 visual images
Vision science, particularly machine vision, has been revolutionized by introducing large-scale image datasets and statistical learning approaches. Yet, human neuroimaging studies of visual perception still rely on small numbers of images (around 100) due to time-constrained experimental procedures. To apply statistical learning approaches that include neuroscience, the number of images used in neuroimaging must be significantly increased. We present BOLD5000, a human functional MRI (fMRI) study that includes almost 5,000 distinct images depicting real-world scenes. Beyond dramatically increasing image dataset size relative to prior fMRI studies, BOLD5000 also accounts for image diversity, overlapping with standard computer vision datasets by incorporating images from the Scene UNderstanding (SUN), Common Objects in Context (COCO), and ImageNet datasets. The scale and diversity of these image datasets, combined with a slow event-related fMRI design, enables fine-grained exploration into the neural representation of a wide range of visual features, categories, and semantics. Concurrently, BOLD5000 brings us closer to realizing Marr’s dream of a singular vision science–the intertwined study of biological and computer vision.
Neuroscientists and computer vision scientists say a new dataset of unprecedented size — comprising brain scans of four volunteers who each viewed 5,000 images — will help researchers better understand how the brain processes images.
Researchers at Carnegie Mellon University and Fordham University, reporting today in the journal Scientific Data, said acquiring functional magnetic resonance imaging (fMRI) scans at this scale presented unique challenges.
Each volunteer participated in 20 or more hours of MRI scanning, challenging both their perseverance and the experimenters’ ability to coordinate across scanning sessions. The extreme design decision to run the same individuals over so many sessions was necessary for disentangling the neural responses associated with individual images.
The resulting dataset, dubbed BOLD5000, allows cognitive neuroscientists to better leverage the deep learning models that have dramatically improved artificial vision systems. Originally inspired by the architecture of the human visual system, deep learning may be further improved by pursuing new insights into how human vision works and by having studies of human vision better reflect modern computer vision methods. To that end, BOLD5000 measured neural activity arising from viewing images taken from two popular computer vision datasets: ImageNet and COCO.
“The intertwining of brain science and computer science means that scientific discoveries can flow in both directions,” said co-author Michael J. Tarr, the Kavči?-Moura Professor of Cognitive and Brain Science and head of CMU’s Department of Psychology. “Future studies of vision that employ the BOLD5000 dataset should help neuroscientists better understand the organization of knowledge in the human brain. As we learn more about the neural basis of visual recognition, we will also be better positioned to contribute to advances in artificial vision.”
Lead author Nadine Chang, a Ph.D. student in CMU’s Robotics Institute who specializes in computer vision, suggested that computer vision scientists are looking to neuroscience to help innovate in the rapidly advancing area of artificial vision — reinforcing the two-way nature of this research.
“Computer-vision scientists and visual neuroscientists essentially have the same end goal: to understand how to process and interpret visual information,” Chang said.
Improving computer vision was an important part of the BOLD5000 project from its onset. Senior author Elissa Aminoff, then a post-doctoral fellow in CMU’s Psychology Department and now an assistant professor of psychology at Fordham, initiated this research direction with co-author Abhinav Gupta, an associate professor in the Robotics Institute.
Among the challenges faced in connecting biological and computer vision is that the majority of human neuroimaging studies include very few stimulus images — often 100 or less — which typically are simplified to depict only single objects against a neutral background. In contrast, BOLD5000 includes more than 5,000 real-world, complex images of scenes, single objects and interacting objects.
The group views BOLD5000 as only the first step toward leveraging modern computer vision models to study biological vision.
“Frankly, the BOLD5000 dataset is still way too small,” Tarr said, suggesting that a reasonable fMRI dataset would require at least 50,000 stimulus images and many more volunteers to make headway in light of the fact that the class of deep neural nets used to analyze visual imagery are trained on millions of images. To this end, the research team hopes their ability to generate a dataset of 5,000 brain scans will pave the way for larger collaborative efforts between human vision and computer vision scientists.
So far, the field’s response has been positive. The publicly available BOLD5000 dataset has already been downloaded more than 2,500 times.
In addition to Chang, Tarr, Gupta, and Aminoff, the research team included John A. Pyles, senior research scientist and scientific operations director of the CMU-Pitt BRIDGE Center, and Austin Marcus, a research assistant in Tarr’s lab.
Funding: The National Science Foundation, U.S. Office of Naval Research, the Alfred P. Sloan Foundation and the Okawa Foundation for Information and Telecommunications sponsored this research.
Source: Carnegie Mellon University Media Contacts: Byron Spice – Carnegie Mellon University Image Source: The image is in the public domain.
One of China’s most ambitious artificial intelligence startups, Megvii, more commonly known for its facial recognition brand Face++, announced Wednesday that it has raised $750 million in a Series E funding round.
Founded by three graduates from the prestigious Tsinghua University in China, the eight-year-old company specializes in applying its computer vision solutions to a range of use cases such as public security and mobile payment. It competes with its fast-growing Chinese peers, including the world’s most valuable AI startup, SenseTime — also funded by Alibaba — and Sequoia-backed Yitu.
Bloomberg reported in January that Megvii was mulling to raise up to $1 billion through an initial public offering in Hong Kong. The new capital injection lifts the company’s valuation to just north of $4 billion as it gears up for its IPO later this year, sources told Reuters.
China is on track to overtake the United States in AI on various fronts. Buoyed by a handful of mega-rounds, Chinese AI startups accounted for 48 percent of all AI fundings in 2017, surpassing those in the U.S. for the first time, shows data collected by CB Insights. An analysis released in March by the Allen Institute for Artificial Intelligence found that China is rapidly closing in on the U.S. by the amount of AI research papers published and the influence thereof.
A critical caveat to China’s flourishing AI landscape is, as The New York Times and other publications have pointed out, the government’s use of the technology. While facial recognition has helped the police trace missing children and capture suspects, there have been concerns around its use as a surveillance tool.
Megvii’s new funding round arrives just days after a Human Rights Watch report listed it as a technology provider to the Integrated Joint Operations Platform, a police app allegedly used to collect detailed data from a largely Muslim minority group in China’s far west province of Xinjiang. Megvii denied any links to the IJOP database per a Bloomberg report.
Kai-Fu Lee, a world-renowned AI expert and investor who was Google’s former China head, warned that any country in the world has the capacity to abuse AI, adding that China also uses the technology to transform retail, education and urban traffic among other sectors.
Megvii has attracted a rank of big-name investors in and outside China to date. Participants in its Series E include Bank of China Group Investment Limited, the central bank’s wholly owned subsidiary focused on investments, and ICBC Asset Management (Global), the offshore investment subsidiary of the Industrial and Commercial Bank of China.
Foreign backers in the round include a wholly owned subsidiary of the Abu Dhabi Investment Authority, one of the world’s largest sovereign wealth funds, and Australian investment bank Macquarie Group.
Megvii says its fresh proceeds will go toward the commercialization of its AI services, recruitment and global expansion.
China has been exporting its advanced AI technologies to countries around the world. Megvii, according to a report by the South China Morning Post from last June, was in talks to bring its software to Thailand and Malaysia. Last year, Yitu opened its first overseas office in Singapore to deploy its intelligence solutions to partners in Southeast Asia. In a similar fashion, SenseTime landed in Japan by opening an autonomous driving test park this January.
“Megvii is a global AI technology leader and innovator with cutting-edge technologies, a scalable business model and a proven track record of monetization,” read a statement from Andrew Downe, Asia regional head of commodities and global markets at Macquarie Group. “We believe the commercialization of artificial intelligence is a long-term focus and is of great importance.”
The Russia-linked threat group known as Turla has been using a sophisticated backdoor to hijack Microsoft Exchange mail servers, ESET reported on Tuesday.
The malware, dubbed LightNeuron, allows the attackers to read and modify any email passing through the compromised mail server, create and send new emails, and block emails to prevent the intended recipients from receiving them.
According to ESET, LightNeuron has been used by Turla — the group is also known as Waterbug, KRYPTON and Venomous Bear— since at least 2014 to target Microsoft Exchange servers. The cybersecurity firm has analyzed a Windows version of the malware, but evidence suggests a Linux version exists as well.
ESET has identified three organizations targeted with LightNeuron, including a Ministry of Foreign Affairs in an Eastern European country, a regional diplomatic organization in the Middle East, and an entity in Brazil. ESET became aware of the Brazilian victim based on a sample uploaded to VirusTotal, but it has not been able to determine what type of organization has been targeted.
The company’s researchers have determined that LightNeuron leverages a persistence technique not used by any other piece of malware, a transport agent. Transport agents are designed to allow users to install custom software on Exchange servers.
The malware runs with the same level of trust as spam filters and other security products, ESET said.
As for command and control (C&C), the malware is controlled by attackers using emails containing specially crafted PDF documents or JPG images. The malware can recognize these emails and extract the commands from the PDF or JPG files.
The commands supported by LightNeuron allow attackers to take complete control of a server, including writing and executing files, deleting files, exfiltrating files, executing processes and commands, and disabling the backdoor for a specified number of minutes.
Last year, ESET detailed a backdoor used by Turla to target Microsoft Outlook. That piece of malware had also used PDF files attached to emails for command and control purposes.
ESET has linked LightNeuron to Turla based on several pieces of evidence, including the presence of known Turla malware on compromised Exchange servers, the use of file names similar to ones known to be used by the group, and the use of a packer exclusively utilized by the threat actor.
In an APT trends report published last year by Kaspersky Lab, the Russian cybersecurity firm also mentioned LightNeuron and attributed it with medium confidence to Turla. Kaspersky had spotted victims in the Middle East and Central Asia.
ESET also noticed that the compromised Exchange servers received commands mostly during work hours in UTC+3, the Moscow time zone. Furthermore, the attackers apparently took a break between December 28, 2018, and January 14, 2019, when many Russians take time off to celebrate the New Year and Christmas.
A Chinese threat actor was spotted using a tool attributed to the NSA-linked Equation Group more than one year prior to it being leaked by the mysterious Shadow Brokers, Symantec revealed on Monday.
The Chinese cyber espionage group is tracked as Buckeye, APT3, UPS Team, Gothic Panda, and TG-0110, and it has beenlinked by researchers to the Chinese Ministry of State Security. The threat actor had been active since at least 2009 before it apparently ceased operations in mid-2017.
In late November 2017, the US government announced charges against three Chinese nationals for attacks launched by the hacker group against Siemens, Trimble, and Moody’s Analytics.
Buckeye’s attacks involved several pieces of malware, including a backdoor implant known as DoublePulsar and an exploit tool, dubbed Bemstour, that had been used to deliver the backdoor.
The Shadow Brokers announced in August 2016 that it had hacked the Equation Group, a threat actor widely believed to be sponsored by the U.S. National Security Agency (NSA). Over the coming months, the Shadow Brokers leaked many tools obtained from Equation Group and apparently attempted to make a profit by selling and auctioning the stolen data.
However, Symantec now says it has found evidence that Buckeye used a variant of DoublePulsar as early as March 2016 in an attack aimed at Hong Kong — that is more than one year before DoublePulsar was leaked by Shadow Brokers.
Buckeye’s DoublePulsar appeared to be newer than the one leaked by Shadow Brokers as it was designed to target newer versions of Windows, including Windows 8.1 and Server 2012 R2.
“Based on the timing of the attacks and the features of the tools and how they are constructed, one possibility is that Buckeye may have engineered its own version of the tools from artefacts found in captured network traffic, possibly from observing an Equation Group attack. Other less supported scenarios, given the technical evidence available, include Buckeye obtaining the tools by gaining access to an unsecured or poorly secured Equation Group server, or that a rogue Equation group member or associate leaked the tools to Buckeye,” Symantec said in a blog post.
Interestingly, despite Buckeye apparently no longer being active since mid-2017, its DoublePulsar variant was still spotted in September 2018. Furthermore, threat actors apparently continued to improve Bemstour, with the latest sample found by Symantec dated March 23, 2019.
“It may suggest that Buckeye retooled following its exposure in 2017, abandoning all tools publicly associated with the group. However, aside from the continued use of the tools, Symantec has found no other evidence suggesting Buckeye has retooled. Another possibility is that Buckeye passed on some of its tools to an associated group,” Symantec explained.
Buckeye had been known to use zero-day vulnerabilities in its attacks. According to Symantec, Bemstour uses two Windows vulnerabilities for remote kernel code execution: CVE-2017-0143, a Windows SMB code execution flaw patched by Microsoft in March 2017, and CVE-2019-0703, a Windows SMB information disclosure bug that Microsoft addressed with its March 2019 Patch Tuesday updates. Buckeye had exploited both of these flaws before fixes were released.
Symantec reported CVE-2019-0703 to Microsoft in September 2018. It’s worth noting, however, that Microsoft’s advisory for CVE-2019-0703 indicates that the company has no evidence of exploitation.
UPDATE. Microsoft has confirmed to SecurityWeek that CVE-2019-0703 has been exploited in attacks. The company blamed a clerical error and it has updated its advisory.
The Chinese military has established a Network Systems Department, responsible for information warfare.
The Department of Defense’s annual report on China’s military and security developments provides new details about how China’s military organizes its information warfare enterprise, an area that has been of particular interest to U.S. military leaders.
In 2015, the People’s Liberation Army created the Strategic Support Force, which centralizes space, cyber, electronic warfare and psychological warfare missions under a single organization. The Chinese have taken the view, according to the DoD and other outside national security experts, that information dominance is key to winning conflicts. This could be done by denying or disrupting the use of communications equipment of its competitors.
The 2019 edition of report, released May 2, expands on last year’s version and outlines the Chinese Network Systems Department, one of two deputy theater command level departments within the Strategic Support Force responsible for information operations.
“The SSF Network Systems Department is responsible for information warfare with a mission set that includes cyberwarfare, technical reconnaissance, electronic warfare, and psychological warfare,” the report read. “By placing these missions under the same organizational umbrella, China seeks to remedy the operational coordination challenges that hindered information sharing under the pre-reform organizational structure.”
As described in previous Pentagon assessments, Chinese military leaders hope to use these so-called non-kinetic weapons in concert with kinetic weapons to push adversaries farther away from its shores and assets.
“In addition to strike, air and missile defense, anti-surface, and anti-submarine capabilities improvements, China is focusing on information, cyber, and space and counterspace operations,” the report said of China’s anti-access/area denial efforts. This concept aims to keep enemies at bay by extending defenses through long range missiles and advanced detection measures, which in turn make it difficult for enemies to penetrate territorial zones.
Cyber theft and collective strategic importance
This year’s report includes two subtle changes from last year’s edition regarding China’s cyber activities directed at the Department of Defense.
While last year’s report documents China’s continued targeting of U.S. diplomatic, economic, academic, and defense industrial base sectors to support intelligence collection, the latest edition points out that China’s exfiltration of sensitive military information from the defense industrial base could allow it to gain a military advantage.
In recent years, China has been accused of leading major hacks on defense contractors and the U.S. Navy, leading an internal review by the Navy to assert that both groups are “under cyber siege,” according to the Wall Street Journal.
Bitcoin is a Demographic Mega-Trend: Data Analysis
What follows is data and analysis from a survey of American adults regarding general sentiment toward Bitcoin — the survey was conducted online by The Harris Poll, on behalf of Blockchain Capital, from April 23–25, 2019 among 2,029 American adults. The survey was an augmented version of one we ran in October 2017 (we added a few questions). Methodology can be found at the bottom of this post.
For context and because it’s material in considering the results, the survey in October 2017 was conducted in a bull market — Bitcoin was up over 800% YoY — whereas the most recent survey, in April 2019, was conducted in a bear market — price was down roughly 75% from all-time highs.
We suspect that the difference in market environment between the two surveys would have a negative impact on Bitcoin sentiment in the most recent survey. Despite the bear market, the data shows that Bitcoin awareness, familiarity, perception, conviction, propensity to purchase and ownership all increased/improved significantly — dramatically in many cases.
The results highlight that Bitcoin is a demographic mega-trend led by younger age groups. The only area where older demographics matched younger demographics was awareness: Regardless of age, the vast majority of the American population has heard of Bitcoin.
The percentage of people that have heard of Bitcoin rose from 77% in October 2017 to 89% in April 2019.
Awareness of Bitcoin is strong across all age groups — those aged 18–34 have the highest rates of awareness at 90% and those aged 65+ have the lowest at 88%.
Overall, the percentage of people that have not heard of Bitcoin fell by more than half — from 23% in October 2017 to 11% in April 2019.
The percentage of people that are ‘at least somewhat familiar’ with Bitcoin rose by nearly half — from 30% in October 2017 to 43% in April 2019.
Among those aged 18–34, a full 60% described themselves as at least ‘somewhat familiar’ with Bitcoin — up from 42% in October 2017. Relative to older segments of the population, those aged 18–34 are 3x as likely to be at least ‘somewhat familiar’ with Bitcoin as those aged 65 and over.
The natural follow-on question is how perception is affected by rising awareness — as people become more familiar with Bitcoin do they think of it more positively or negatively?
The percentage of people whom ‘strongly’ or ‘somewhat’ agrees that ‘Bitcoin is a positive innovation in financial technology’ rose 9 percentage points — from 34% in October 2017 to 43% in April 2019.
Younger demographics were most inclined to have a positive view of Bitcoin: 59% of those aged 18–34 ‘strongly’ or ‘somewhat’ agree that ‘ Bitcoin is a positive innovation in financial technology — up 11 percentage points from October 2017.
But even if an increasing percentage of the population has a positive perception of Bitcoin, does that translate to increased conviction in future adoption?
The percentage of people that ‘strongly’ or ‘somewhat’ agrees that ‘most people will be using Bitcoin in the next 10 years’ rose 5 percentage points — from 28% in October 2017 to 33% in April 2019.
Younger demographics have the most conviction in adoption over the next 10 years: Nearly half (48%) of those aged 18–34 ‘strongly’ or ‘somewhat’ agree that ‘it’s likely most people will be using Bitcoin in the next 10 years’ — up 6 percentage points from October 2017.
Propensity to Purchase
Despite the bear market, the percentage of people that indicated they are ‘very’ or ‘somewhat’ likely to buy Bitcoin in the next 5 years rose by nearly half — from 19% in October 2017 to 27% in April 2019.
Younger demographics appear most inclined to purchase Bitcoin: 42% of those aged 18–34 said they are ‘very’ or ‘somewhat’ likely to purchase Bitcoin in the next 5 years — up 10 percentage points from 32% in October 2017.
It’s also helpful to consider how people think about Bitcoin relative to other investable assets.
When asked which they’d prefer to own $1k of:
21% of people said they would prefer Bitcoin to government bonds — up from 18% in October 2017
17% of people said they would prefer Bitcoin to stocks — up from 14% in October 2017
14% of people said they would prefer Bitcoin to real estate — up from 12% in October 2017
12% of people said they would prefer Bitcoin to gold — up from 8% in October 2017
Focusing on those aged 18–34, when asked which they’d prefer to own $1,000 of:
30% said they would prefer Bitcoin to government bonds — flat from October 2017
27% said they would prefer Bitcoin to stocks — flat from October 2017
24% said they would prefer Bitcoin to real estate — up from 22% in October 2017
22% said they would prefer Bitcoin to gold — up from 19% in October 2017
Said differently, among those aged 18–34: Nearly 1 in 3 prefers Bitcoin to government bonds, more than 1 in 4 prefers Bitcoin to stocks, nearly 1 in 4 prefers Bitcoin to real estate and more than 1 in 5 prefers Bitcoin to gold.
The biggest increase in preference rate for Bitcoin was relative to gold — perhaps the byproduct of Bitcoin’s growing acceptance as ‘digital gold’.
In total, 9% of the population owns Bitcoin — including 18% of those aged 18–34 and 12% of those aged 35–44.
To help put the millennial proclivity to Bitcoin in perspective: Only 37% of people under 35 are invested in the stock market (source) — so the data point that 20% of those in the same group own Bitcoin is particularly surprising.
Ultimately, Bitcoin is a demographic mega-trend: Younger demographics are leading in terms of Bitcoin awareness, familiarity, perception, conviction, propensity to purchase, and ownership rates.
This survey was conducted online within the United States between April 23–25, 2019 among 2029 adults (aged 18 and over) by The Harris Poll on behalf of Blockchain Capital via its Harris On Demand omnibus product. Figures for age, sex, race/ethnicity, education, region and household income were weighted where necessary to bring them into line with their actual proportions in the population. Propensity score weighting was used to adjust for respondents’ propensity to be online.
All sample surveys and polls, whether or not they use probability sampling, are subject to multiple sources of error which are most often not possible to quantify or estimate, including sampling error, coverage error, error associated with nonresponse, error associated with question wording and response options, and post-survey weighting and adjustments. Therefore, the words “margin of error” are avoided as they are misleading. All that can be calculated are different possible sampling errors with different probabilities for pure, unweighted, random samples with 100% response rates. These are only theoretical because no published polls come close to this ideal.
Respondents for this survey were selected from among those who have agreed to participate in our surveys. The data have been weighted to reflect the composition of the adult population. Because the sample is based on those who agreed to participate in the online panel, no estimates of theoretical sampling error can be calculated.
Blockchain Capital, founded in 2013, is one of the oldest and most active venture investors in the blockchain industry and has financed 75+ companies and projects since its inception. Our mission is to help entrepreneurs build world-class companies and projects based on blockchain technology. We invest in both equity and tokens and are a multi-stage investor. Blockchain Capital also pioneered the world’s first ever tokenized investment fund and the blockchain industry’s very first security token, the BCAP, in April of 2017.
Die US-Amerikaner glauben an den Bitcoin: „Millennial-Mega-Trend“
Einer neu durchgeführten Befragung US-amerikanischer Bürger zufolge hat Bitcoin im Land ein überraschend gutes Standing. Die Bekanntheit der Kryptowährung und die Bereitschaft zum Kauf und Besitz von Bitcoin stiegen seit 2017 signifikant an. Die Studie konstatiert, dass BTC ein demografischer Megatrend jüngerer Bevölkerungsgruppen ist.
Die Kryptoinvestitionsfirma Blockchain Capital führte über das Web-Portal The Harris Poll eine Umfrage zum Thema Bitcoin durch. Die Studie lief zwischen dem 23. und dem 25. April 2019 und erfasste die Angaben von 2.029 volljährigen US-Bürgern. Die Ergebnisse deuten stark darauf hin, dass Kryptowährungen sich in den nächsten Jahren, vor allem unter jüngeren Amerikanern, weiter verbreiten werden.
Bitcoin-Umfragen in Zeiten des Bärenmarkts?
Die Macher der Umfrage führten die Studie erstmals im Oktober 2017 durch. Damals befand sich Bitcoin mitten im Bullenmarkt. Die Forscher glichen die Ergebnisse der ersten Befragung mit den Zahlen ab, die sie im April 2019 sammelten, zu einem Zeitpunkt, an dem der BTC-Kurs nur noch auf 25 Prozent des Höchstpreises kommt.
Positive Ergebnisse trotz Wertverlust
Entgegen den Erwartungen der Forscher, dass der Bärenmarkt sich negativ auf das Bitcoin-Image und die Bekanntheit in der Bevölkerung ausüben würde, sind die Ergebnisse nach dem Vergleich überraschend positiv.
Sowohl das Bewusstsein für die Existenz von Bitcoin, die Berührungspunkte, die Einstellung zu der Kryptowährung als auch die Bereitschaft, Bitcoin zu kaufen und zu besitzen, sind signifikant gestiegen.
Bitcoin auch älteren Amerikanern ein Begriff
Die sogenannte BTC-Awareness ist seit 2017 von 77 auf 89 Prozent rapide gestiegen. In der Altersgruppe der 18- bis 34-Jährigen wussten 90 Prozent der Befragten, was BTC ist, in der Altersgruppe ab 65 Jahren waren es immer noch solide 88 Prozent. Insgesamt haben nur elf Prozent der Befragten noch nie von BTC gehört. 2017 waren es noch 23 Prozent.
Auch im Bereich „Vertrautheit“ mit BTC gibt es erfreuliche Entwicklungen; 43 Prozent der Befragten empfinden sich als „gewissermaßen vertraut“ mit BTC, das sind 13 Prozent mehr als 2017. Weiterhin stimmen 43 Prozent der Teilnehmer der Aussage zu: „Bitcoin ist eine positive Innovation der Finanztechnologie.“
„Millennial-Mega-Trend“ einer verunsicherten Volkswirtschaft
Fast die Hälfte (48 Prozent) der Unter-34-Jährigen glauben, dass „es wahrscheinlich ist, dass die meisten Leute in den nächsten zehn Jahren Bitcoin benutzen werden.“ 42 Prozent der Befragten aus dieser Altersgruppe zeigten eine Bereitschaft zum Kauf von BTC in den nächsten fünf Jahren.
Neun Prozent der befragten US-Amerikaner besitzen BTC, unter den 18- bis 34-Jährigen sind es 18 Prozent, unter den 35- bis 44-Jährigen zwölf Prozent. Diese Zahlen sind besonders interessant, wenn man sie mit dem Investitionsverhalten der jüngeren Bevölkerung in traditionelle Finanzmärkte vergleicht: Nur 37 Prozent beteiligen sich an Börsenspekulationen.
Die Ergebnisse der Umfrage zeigen, dass sich die jüngeren US-Amerikaner zunehmend Kryptowährungen und alternativen Finanzstrukturen zuwenden. In Zeiten höchster ökonomischer Verunsicherung scheint auch der Kryptowinter nichts an dieser Innovationslust zu ändern.
You can now receive bitcoin’s experimental lightning payments with a few taps of an Apple smartwatch.
Launched Sunday by Bluewallet, one of the more popular lightning network wallets, their new app for Apple Watches allows users to receive bitcoin over its new, risky (but nonetheless promising) payment technology: lightning. Transactors can use the smartwatch app to generate a QR code — a square-shaped barcode — that someone else can then scan with their smartphone to send over a payment.
Bluewallet tweeted a sneak peek of the app weeks ago. But as of today [05 MAY 2019], it’s officially downloadable from the iTunes store.
Product and UX engineer Nuno Coelho framed the app as an experiment, telling CoinDesk:
“It’s a small experiment we’re doing to put wallets on the watch. The first releases will be simple, allowing you to receive lightning payments.”
Why might someone want to receive lightning transactions via a smart watch? you might ask. Smart watches aren’t as popular as smartphones, but many use them for the convenience of tracking health and viewing phone notifications without actually pulling out the phone.
Bluewallet, to that end, is testing to see if users might like to use them for bitcoin payments as well.
“Sometimes the convenience of just [receiving bitcoin] with two taps from your wrist can be a relevant user experience, specially on the go or if you need to be fast,” Coehlo said, adding it might be useful if you’re buying bitcoin from someone, but “don’t feel comfortable” taking out your phone, you could just use the watch instead.
But Coehlo stresses that this is an experiment, since lightning technology itself is still very experimental, and they’re not sure how many users will actually want to use the app.
“If feedback is good, we’ll spend more time on the project,” he told CoinDesk. “It’s a very early stage industry so we’re trying to figure out how to build this stuff properly.”
Bluewallet, helmed by a team of three developers, is also working on other features to expand the wallet. “We would also like to move from being a third-party service, minimizing trust. That’s our most important goal at the moment,” Coehlo said.
The Kleiman Estate is seeking return of a good portion of 1.1 million bitcoins (worth roughly $6.19 billion as of press time; $5 bln when the law suit started) mined by the two, or its “fair market value,” as well as compensation for infringement of intellectual property.
The United States District Court of the Southern District of Florida issued an order on May 3 requiring self-proclaimed Satoshi NakamotoCraig Wright to produce a list of his public bitcoin (BTC) addresses.
The order is part of an ongoing case against Wright filed by the estate of computer scientist David Kleiman, which claims that Wright stole hundreds of thousands of BTC. The coins were worth over $5 billion dollars in February last year, when Kleiman’s estate first sued Wright.
The order illustrates a number of the plaintiffs’ requests. They ask the court to order Wright to produce a list of the public addresses of bitcoin he owned as of Dec. 31, 2013, make him identify all bitcoin allegedly transferred to a blind trust in 2011 and produce documents related to said trust.
Further, the plaintiffs also ask the court to order Wright to identify under oath the identity of the current and past trustees and beneficiaries of the trust. The last request is to “permit further deposition of Dr. Wright with regard to his ownership and control over bitcoins.”
The document also specifies that the court has reconsidered its order on Wright’s previously filed motion to seal information regarding his bitcoin holdings. In addition to denying Wright’s motion regarding the list of bitcoin addresses, the court order states:
“On or before May 15, 2019, at 5:00 p.m. Eastern time, Dr. Wright shall produce all transactional records of the blind trust, including but not limited to any records reflecting the transfer of bitcoin into the blind trust in or about 2011. The production shall be accompanied by a sworn declaration of authenticity.”
As Cointelegraph reported at the end of last year, a U.S. court has already rejected repeated requests from Wright to dismiss the Kleiman case.
GAZA, PALESTINE – 2019/05/05: Smoke rising after an Israeli air raid on homes in Gaza City during the conflict between the Palestinians and the Israeli army that began two days ago.
The Israel Defense Forces (IDF) has launched a physical attack on Hamas in immediate response to an alleged cyber-assault. The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by Hamas cyber operatives to attack Israel’s cyber space.
The IDF claimed it stopped the attack online before launching its airstrike on Hamas. It claims it has now wiped out Hamas’ cyber operational capabilities.
Israel Defense Forces said via Twitter: “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.”
It could mark a change in modern cyber warfare tactics, given that it is the first time a cyber-attack has been met with immediate physical retaliation. However, as ZDNet points out, the US is still the first country to respond to cyber-attacks with military force. In 2015, the nation launched a drone strike to kill the British national in charge of ISIL’s hacker groups Junaid Hussain. Hussain had also dumped personal details of US military forces online.
This latest attack is different to the 2015 US retaliation: The IDF apparently reacted immediately, rather than planning its response over weeks or months.
But Ian Thornton-Trump, security head at AmTrust Europe says: “Israel would not have targeted the building and presumably those in it without a lot more due diligence and intelligence than ‘a cyber-attack was coming from the building’.”
The now-defunct Wall Street Market (WSM). Image: Dark Web Reviews.
Criminal complaint and arrest warrants for:
TIBO LOUSEE, 22, from Kleve, also known as (“aka”) “coder420,” aka “codexx420”
JONATHAN KALLA, 31, from Bad Vilbel, aka “Kronos”
KLAUS-MARTIN FROST, 29, from Stuttgart, aka “TheOne,” aka “The_One,” aka “dudebuy” (collectively known as “The Administrators”)
MARCOS PAULO DE OLIVEIRA-ANNIBALE, 29, was arrested in Brazil and accused of being the site moderator known online as “MED3LIN” – he began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers
German Plaza Market (“GPM”), which launched in approximately Spring 2015, was a darknet marketplace (through which users transacted in Bitcoin) and shut down due to an “exit scam” in approximately May 2016.
the administrators of GPM likely transferred funds stolen from GPM to Wall Street Market (“WSM”), and then launched WSM in October 2016.
the BKA identified the servers operating WSM and imaged a copy of the database of WSM (a SQL database named “tulpenland”).
the WSM infrastructure that was located in Germany (production), and in the Netherlands, responsible for the development, testing, and updating of the WSM infrastructure (the “Gitlab server”)
LOUSEE: the BKA noticed that on occasion, VPN Provider #1 connection would cease, but because that specific administrator continued to access the WSM infrastructure, that administrator’s access exposed the true IP address of the administrator. The individual utilizing the IP address to connect to the WSM infrastructure used a device called a UMTS-stick7 (aka surfstick). This UMTS-stick was registered to a suspected fictitious name. The BKA executed multiple surveillance measures to electronically locate the specific UMTS-stick. The specific UMTS-stick was used at a residence of LOUSEE in Kleve, Northrhine-Westphalia (Germany), and at his place of employment.
KALLA: an IP address assigned to the home of this individual (the account for the IP address was registered in the name of the suspect’s mother) accessed VPN Provider #2. KALLA admitted that he was the administrator for WSM known as “Kronos.”
FROST: the PGP public key for “TheOne” is the same as the PGP public key for another moniker on Hansa Market, “dudebuy”. A financial transaction connected to a virtual currency wallet used by FROST was linked to “dudebuy”. Investigators identified a wallet used by FROST that subsequently received Bitcoin from a wallet used by WSM for paying commissions to administrators. Records obtained from the Bitcoin Payment Processing Company revealed buyer information (connected to Hansa Market, seized in 2017) for a Bitcoin transaction as “Martin Frost,” using the email address firstname.lastname@example.org. A second link connecting FROST to the administration of WSM is based on additional Bitcoin tracing analysis.
In or around April 2019, WSM experienced massive popularity and then commenced an “exit scam,” presumably in response to its increased popularity. On or about April 16, 2019, vendors on WSM could not withdraw funds from their escrow accounts; that is, they could not repatriate proceeds for contraband that was sold. Between April 22 and 26, 2019, members of the public shared that their own analyses of virtual currency transactions revealed that large amounts of virtual currency, estimated between $10 and $30 million, were being diverted from wallets believed to be associated with WSM to other virtual currency wallets.
By Brian Krebs, “Krebs on Security”:
Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — in exchange for not publishing details of the transactions.
A complaint filed Wednesday in Los Angeles alleges that the three defendants, who currently are in custody in Germany, were the administrators of WSM, a sophisticated online marketplace available in six languages that allowed approximately 5,400 vendors to sell illegal goods to about 1.15 million customers around the world.
“Like other dark web marketplaces previously shut down by authorities – Silk Road and AlphaBay, for example – WSM functioned like a conventional e-commerce website, but it was a hidden service located beyond the reach of traditional internet browsers, accessible only through the use of networks designed to conceal user identities, such as the Tor network,” reads a Justice Department release issued Friday morning.
The complaint alleges that for nearly three years, WSM was operated on the dark web by three men who engineered an “exit scam” last month, absconding with all of the virtual currency held in marketplace escrow and user accounts. Prosecutors say they believe approximately $11 million worth of virtual currencies was then diverted into the three men’s own accounts.
The defendants charged in the United States and arrested Germany on April 23 and 24 include 23-year-old resident of Kleve, Germany; a 31-year-old resident of Wurzburg, Germany; and a 29-year-old resident of Stuttgart, Germany. The complaint charges the men with two felony counts – conspiracy to launder monetary instruments, and distribution and conspiracy to distribute controlled substances. These three defendants also face charges in Germany.
Signs of the dark market seizure first appeared Thursday when WSM’s site was replaced by a banner saying it had been seized by the German Federal Criminal Police Office (BKA).
Writing for ZDNet’s Zero Day blog, Catalin Cimpanu noted that “in this midst of all of this, one of the site’s moderators –named Med3l1n— began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers who made the mistake of sharing various details in support requests in an unencrypted form.
In a direct message sent to my Twitter account this morning, a Twitter user named @FerucciFrances who claimed to be part of the exit scam demanded 0.05 bitcoin (~$286) to keep quiet about a transaction or transactions allegedly made in my name on the dark web market.
“Make it public and things gonna be worse,” the message warned. “Investigations goes further once the whole site was crawled and saved and if you pay, include the order id on the dispute message so you can be removed. You know what I am talking about krebs.”
I did have at least one user account on WSM, although I don’t recall ever communicating on the forum with any other users, and I certainly never purchased or sold anything there. Like most other accounts on dark web shops and forums, it was created merely for lurking. I asked @FerucciFrances to supply more evidence of my alleged wrongdoing, but he has not yet responded.
The Justice Department said the MED3LIN moniker belongs to a fourth defendant linked to Wall Street Market — Marcos Paulo De Oliveira-Annibale, 29, of Sao Paulo, Brazil — who was charged Thursday in a criminal complaint filed in the U.S. District Court in Sacramento, California.
Oliviera-Annibale also faces federal drug distribution and money laundering charges for allegedly acting as a moderator on WSM, who, according to the charges, mediated disputes between vendors and their customers, and acted as a public relations representative for WSM by promoting it on various sites.
Prosecutors say they connected MED3LIN to his offline identity thanks to photos and other clues he left behind online years ago, suggesting once again that many alleged cybercriminals are not terribly good at airgapping their online and offline selves.
“We are on the hunt for even the tiniest of breadcrumbs to identify criminals on the dark web,” said McGregor W. Scott, United States Attorney for the Eastern District of California. “The prosecution of these defendants shows that even the smallest mistake will allow us to figure out a cybercriminal’s true identity. As with defendant Marcos Annibale, forum posts and pictures of him online from years ago allowed us to connect the dots between him and his online persona ‘Med3l1n.’ No matter where they live, we will investigative and prosecute criminals who create, maintain, and promote dark web marketplaces to sell illegal drugs and other contraband.”
A copy of the Justice Department’s criminal complaint in the case is here (PDF).
Accused operators of illicit ‘darknet’ market arrested in Germany, Brazil
FRANKFURT (Reuters) – Three German nationals accused of running one of the world’s largest dark web sites for selling drugs and other contraband have been arrested and charged in two countries following a two-year investigation, U.S. prosecutors said on Friday.
A fourth man who allegedly acted as a moderator and promoter for the site, Wall Street Market, was taken into custody in Brazil, according to federal prosecutors in California.
“Darknet” and “dark web” refer to networks and sites hidden from most internet visitors and accessible only to users shrouded in anonymity.
“While they lurk in the deepest corners of the internet, this case shows that we can hunt down these criminals wherever they hide,” U.S. Attorney Nick Hanna said in a written statement announcing the charges.
Tibo Lousee, Klaus-Martin Frost and Jonathan Kalla are accused of running Wall Street Market for nearly three years, providing a darknet platform for the sale of narcotics, counterfeit goods and hacking software to 1.1 million customers.
The men, known to U.S., Dutch and German investigators by the monikers “coder420,” “Kronos” and “TheOne,” also face charges in Germany.
Prosecutors in Frankfurt said that the country’s federal criminal investigation office, or Bundeskriminalamt, had secured the platform’s server infrastructure.
FLORIDA RESIDENT DIED
In December 2017, a Florida resident died from using a nasal spray laced with the opioid fentanyl sold by one of the roughly 5,400 vendors on Wall Street Market, according to the criminal complaint. That vendor was convicted in U.S. District Court in Wisconsin and sentenced to 12 years in prison.
Among the site’s top vendors were two people based in Los Angeles: “Ladyskywalker,” who sold opiates such as fentanyl, oxycodone and hydrocodone; and “Platinum45,” who dealt in methamphetamine, oxycodone and Adderall.
The people operating both of those accounts have also been arrested, according to the criminal complaint. Their names were not made public.
As investigators closed in last month the operators of Wall Street Market conducted an “exit scam” – making off with an estimated $11 million in virtual currency belonging to customers, prosecutors say, before they were taken into custody in Germany.
Cyber specialists at the Bundeskriminalamt started taking “operational measures” after the suspects switched the platform into maintenance mode on April 23 and started transferring the customer funds to themselves, German prosecutors said.
Marcos Paulo De Oliveira-Annibale, 29, was arrested in Brazil and accused of being the site moderator known online as “MED3LIN.”
Prosecutors say they were able to identify Oliveira-Annibale by connecting his online persona with forum comments and pictures he posted years earlier.
How German and US authorities took down the owners of darknet drug emporium Wall Street Market
The major darknet marketplace known as the Wall Street Market has been seized and its alleged operators arrested in a joint operation between European and U.S. authorities. Millions in cash, cryptocurrency and other assets were collected, and the market shut down. How investigators tied these anonymity-obsessed individuals to the illegal activities is instructive.
The three men accused of running Wall Street Market (WSM), one of the larger hidden service markets operating via the Tor network, are all German citizens: Tibo Lousee, Jonathan Kalla and Klaus-Martin Frost; several vendors from the market have also been charged, including one who sold meth on it by the kilogram.
The investigation has been ongoing since 2017, but was pushed to a crisis by the apparent attempt in April by WSM’s operators to execute an exit scam. By suddenly removing all the cryptocurrency held in escrow and otherwise stored under their authority, the alleged owners stood to gain some $11 million if they were able to convert the coins.
Until recently, Wall Street Market was a bustling bazaar for illegal goods, including dangerous drugs like fentanyl and physical items like fake documents. It had more than a million user accounts, some 5,400 vendors and tens of thousands of items available for purchase. It has grown as other darknet marketplaces have been cornered and shut down, driving users and sellers to a dwindling pool of smaller platforms.
Whether the owners sought simply to parley this growth to a quick cash grab or whether they sensed the law about to knock down their door, the exit scam was undertaken on April 16.
This action prompted investigators in the U.S. and Germany, and Europol, to take action, as this exit scam marked not only an opportunity for investigators to gather and observe fresh evidence of the trio’s alleged crimes, but waiting much longer might let them go to ground and launder their virtual goods.
The DOJ complaint details the means by which the three administrators of the site were linked to it, despite their attempts to anonymize their access. It isn’t unprecedented stuff, but it’s always interesting to read through the step-by-step forensics that lead to charges, since it can be very difficult to tie real-world actors to virtual entities.
For Frost, it was an unstable VPN connection, plus some sleuthing by the German federal police, the Bundeskriminalamt or BKA:
The WSM administrators accessed the WSM infrastructure primarily through the use of two VPN service providers. On occasion, VPN Provider #1 connection would cease, but because that specific administrator continued to access the WSM infrastructure, that administrator’s access exposed the true IP address of the administrator
The individual utilizing the above-referenced IP address to connect to the WSM infrastructure used a device called a UMTS-stick (aka surfstick) [i.e. a dongle for mobile internet access]. This UMTS-stick was registered to a suspected fictitious name.
The BKA executed multiple surveillance measures to electronically locate the specific UMTS-stick. BKA’s surveillance team identified that, between February 5 and 7, 2019, the specific UMTS-stick was used at a residence of Lousee in Kleve, Northrhine-Westphalia (Germany), and his place of employment, an information technology company where Lousee is employed as a computer programmer. Lousee was later found in possession of a UMTS stick.
Some other circumstantial evidence also tied Lousee to the operation, such as similar login names, mentions of drugs and cryptocurrencies, and so on. (“Based on my training and experience as an investigator, I am aware that ‘420’ is a reference to marijuana,” writes the special agent who authored the complaint.)
Kalla’s VPN held strong, but the metadata betrayed him:
An IP address assigned to the home of this individual (the account for the IP address was registered in the name of the suspect’s mother) accessed VPN Provider #2 within similar rough time frames as administrator-only components of the WSM server infrastructure were accessed by VPN Provider #2.
Hardly a hole in one, but Kalla later admitted he was the user agent in question. This is a good example of how a VPN can and can’t protect you against government snooping. It may disguise your IP to certain systems, but anyone with a bird’s-eye view can see the obvious correlation between one connection and another. It won’t hold up in court on its own, but if the investigators are good it won’t have to.
Frost, the third administrator, required a more subtle approach, but ultimately it was again poor opsec; this time an unwise cross-contamination of his cryptographic and cryptocurrency accounts:
The PGP public key for [WSM administrative account] ‘TheOne’ is the same as the PGP public key for another moniker on [another hidden service] Hansa Market, ‘dudebuy.’ As described below, a financial transaction connected to a virtual currency wallet used by FROST was linked to ‘dudebuy.’
[The BKA] located the PGP public key for ‘TheOne’ in the WSM database, referred to as ‘Public Key 1’.
Public Key 1 was the PGP public key for ‘dudebuy.’ The ‘refund wallet’ for ‘dudebuy’ was Wallet 2.
Wallet 2 was a source of funds for a Bitcoin transaction… Records obtained from the Bitcoin Payment Processing Company revealed buyer information for that Bitcoin transaction as ‘Martin Frost,’ using the email address klaus-martin.frost@…
Essentially A is B, and B is C, so A is C. This little deductive trick is handy, but bitcoin wallets used by Frost were also identified through analysis by the U.S. Postal Inspection Service, which, if you didn’t know, has “a highly trained, skilled and committed cyber unit.”
The United States Postal Inspection Service learned, through its analysis of Blockchain transactions and information gleaned from the proprietary software described above, that the funds from Wallet 2 were first transferred to Wallet 1, and then “mixed” by a commercial service; mixing services is described above at paragraph 4.m. Through thorough analysis, the United States Postal Inspection Service was able to “de-mix” the flow of transactions, to eventually ascertain that the money from Wallets 1 and 2 ultimately paid FROST’s account at the Product Services Company.
Here the blockchain’s indelible record clearly worked against Frost. Wallet 1, by the way, handled thousands of bitcoins during its use in association with another darknet marketplace, German Plaza Market — which the three charged today also allegedly ran and shut down via an exit scam.
In addition to the administrators, some vendors and others associated with the site were charged. They were identified via more traditional means and their activities linked to the market in such a way that defense seems a lost cause. The record for a Brazilian man who operated as a dealer and as a sort of representative for WSM on Reddit and forums is an interesting study in the web of suggestive accounts and names that produce a damning, if circumstantial, depiction of a person’s associations and interests, from the banal to the criminal.
Cases against the alleged criminals will be held in multiple locations and under multiple authorities — it’s safe to say this is just the beginning of a long, complicated process for everyone involved.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.