In an AIBC Europe 2021 panel, two of the leading voices in emerging tech discuss how cyber-attacks are compromising company operations and what can be done to avoid this
While technology has provided us with many great opportunities, it has also made us vulnerable to cyber-attacks that jeopardise company operations. A company stakeholder has never faced as many criminal dangers on a daily basis as they do today. In this panel discussion moderated by Yahya Mohamed Mao, speakers Steven Walbroehl and Kate Baucherel dig deep into the reality of cybercrime.
Since Baucherel is a cybercrime fiction author, the discussion during AIBC Europe, focuses on both fact and fiction titled ‘The reality of cybercrime fact versus fiction.’
The panel discussion takes off with a focus on blockchain. Steven Walbroehl is the Chief Security Officer and Co-Founder of Halborn which is a company focused on cybersecurity for blockchain. Walbroehl confirms that yes, blockchain can still be hacked. “You would usually rely on a bank to hold this sort of protection for you but in this case, you become the bank where you have the private key and the private key can be lost.” Since 2017, hackers have gotten away with over $2 billion in bitcoin by exploiting blockchains’ inherent vulnerabilities.
Walbroehl explains that just like in any normal traditional application you can have code flaws that are introduced into the smart contracts or the programs, which can eventually get hacked. On a blockchain network, smart contracts are computer programs that are housed and executed. Each smart contract is made up of code that specifies specified criteria that, when satisfied, cause certain events to occur.
“One line of code would be in the wrong spot and all of a sudden millions of dollars of liquidity would be extracted.” Smart contracts allow several parties to reach a shared result in an accurate, timely, and tamper-proof manner by running on a decentralised blockchain rather than a centralised server.
On August 10th, 2021, Poly Network was hacked by an unknown white-hat hacker, resulting in the transfer of about $610 million in digital crypto assets valued at the time to hacker-controlled addresses. Over the next 15 days, all assets were eventually restored to Poly Network. In terms of the value of stolen assets at the time, this was the largest security incident in DeFi’s history.
Kate explains how all of these vulnerabilities are still novel and brings up the example of the decentralised autonomous organisation and the DAO hack which took place back in 2015. Its purpose is to codify an organization’s rules and decision-making apparatus, obviating the necessity for documents and people in governance and resulting in a decentralised control structure.
While The DAO was an early iteration of DAO governance, decentralized autonomous models continue to have a significant influence in blockchain-related applications, particularly among decentralized finance (DeFi) platforms. Computer specialists feared that a flaw in The DAO’s wallet smart contracts would allow them to be drained. While engineers worked to solve the problem, an attacker took advantage of the flaw and began draining funds from The DAO.
Steven goes on to say that as an investor, awareness is one of the most important aspects and this would open your eyes to what you’re going in for. He further explains that more compliance should be put forward when it comes to tokens. Anyone can create a token, give it any name, and market it out as an original. This is already being done due to the lack of compliance control.
When opposed to its centralised competitors, the decentralized structure of platforms like Uniswap offers several advantages, including open and free token listings, which provide a much more frictionless and cost-effective way to begin new companies. Because this procedure is available to everyone, scammers will frequently detect a new valid token ready to be listed and make a listing that looks extremely similar to the original one.
Scammers can trick users into buying fraudulent tokens, steal the profits, and leave victims holding worthless tokens with no redress by using pre-existing brands and communities anticipating the genuine launch.
In the Bitcoin community, there is a lurking fear of quantum computing. Is it possible that it will decrypt cryptocurrency and the encryption that protects them? This is a question that Steven gets asked frequently. He goes on to say that this can easily be avoidable as password hashing algorithms like PBKDF2, bcrypt, and scrypt are designed to be slow and are intended for use with passwords.
Algorithms for cryptographic hashing are quick. In most cases, speed is advantageous, but not in this case. The attacker’s work is made much more difficult by slowing down the method. Password hashes also include a salt value to make each hash unique, preventing an attacker from attacking many hashes at once. Educating employees will also help raise awareness thus reducing human error. You are now the bank therefore it goes without saying that you have to educate yourself further.
“Do your own research, there’s a lot of resources online that you can read for it. Study the protocol you’re getting into and never take financial advice from a friend” Steven goes on to say. DeFi is giving you the ability to use this technology in the future’s “banks,” which will, of course, be code-based. The traditional banking sector is facing long-term change. Unless banks figure out how to compete in a world where code can help them do what they’ve been doing for the past 200 years.
Kate explains her fictional book, which went through cybersecurity professionals as they check it over before publishing which is based on a cyber attack on a bank. She says that writing fiction in a way that people understood helps in the education process. She also adds an element of ransomware manipulation. Ransomware, more than any other type of cybercrime, is meant to prey on human nature.
The ransom demand can elicit a wide range of feelings, from fear and anxiety to wrath, embarrassment, and even guilt, as anybody who has been the victim of an attack knows. Cybercriminals are competent at deploying strategies to pressurise or influence individuals, and they are changing these in their efforts to extort higher amounts from more victims, motivated by the potential of financial benefit.
While strong security is required for anyone who wants to keep digital assets, insurance is also assisting investors in reducing risk sys steven.
When you consider the volatility of the cryptocurrency environment, insurance for cryptocurrencies becomes critical. Massive thefts of online wallets and exchanges have occurred from the growing value of bitcoin and other cryptocurrencies. The outcome of all of these attacks is a vulnerable environment that the mainstream financial sector either overlooks or refuses to acknowledge.
For their closing remarks, Steven says “Fiat is the government’s money, gold is God’s money while Bitcoin is the people’s money” and this is where Kate goes on to say that “Cybersecurity brigade begins with you. So develop those good habits.”
Watch full discussion here:
AIBC returns to the United Arab Emirates:
Drawing the leading figures of the emerging tech world to the Middle Eastern metropoles for cutting edge technology, the 2022 AIBC UAE expo plans to unite the policy-makers, developers, C-suite executives, and legal experts of the burgeoning AI and Blockchain sectors. Through three days of educational panels, inspiring keynote speeches, workshops, and networking events, the expo seeks to create the foundation that the Industrial Revolution 4.0 can be built upon. Join us from the 20th to 23rd March 2022, in UAE.