As allied forces begin the air campaign against Islamic State forces in Iraq and Syria, there are concerns in the US that IS could turn to cryptocurrencies to bolster their already substantial funding base. Reports have stated that ISIS already generates upward of US$3 million per day from oil revenues, kidnap for ransom, taxation, theft, and pillaging, and these funds could be added to through the use of cryptocurrencies such as bitcoin. The US military is studying these types of currencies to determine if they can be traced and to see how they could be used by groups such as ISIS. A US Defense official stated that ‘We’re trying to do our best to understand the true scope of the threat that we are dealing with. …We have to fully understand all of the components and functions of the adversary across the globe—not just in Syria and Iraq—and the manner in which those adversaries raise, hide and move money.’
But if ISIS are using bitcoins, they’ll find themselves in a difficult financial position as the value of the cryptocurrency has fallen to its lowest level for almost a year, having lost 18% of its face value over the weekend. Since December 2013, when it reached the highest value of US$1,100 per unit, it has decreased to US$290 per unit, illustrating how volatile an investment it can be.
Sticking with finance, it’s been reported that the banking sector is facing a rising threat from cyber crime. With millions of attacks every year some have gone as far as saying the sector is engaged in ‘an arms race’ against cyber crime. British losses from Internet and telephone banking fraud rose 59% to £35.9 million in the first six months of 2014. Apparently the fastest growing area of attack is ‘vishing’, whereby fraudsters posing as a bank or credit card security team call to report a problem with your account and ask you to phone the emergency number on your bank card. The clever part is when you hang up, they stay on the line and generate a fake dial tone and instead of calling the bank you connect to the criminals.
Australians have this week been targeted by a phishing campaign that’s seen crypto-ransomware installed on their computers. Once downloaded, the software encrypts the files on the computer and directs the user to purchase decryption software—using bitcoin—in order to restore access. The malicious software was embedded in email attachments said to be from Australia Post or Telstra and was reported to have knocked ABCNews24’s broadcast off air for 30 minutes on Tuesday morning.
Ready to assist with any companies suffering at the hands of cyber crime is ex-US Homeland Security Secretary Tom Ridge, who has launched a new cyber crime insurance product. Citing data from ICPC’s International Fellow Jim Lewis at the launch, Ridge stated that 3,000 US companies were hacked in 2013 alone and that the cost to the global economy from cyber crime totals more than US$445 billion annually.
The list of threats to be aware of and protect against grew exponentially after a computer code that can turn almost any device that connects via a USB into a cyber-attack platform was shared extensively online. Details of the BadUSB flaw were released at the Black Hat computer security conference in August by Karsten Nohl and Jakob Lell. Their work revealed how to exploit flaws in the software that helps devices connect to computers via USB. The biggest problem they discovered lurks in the onboard software, known as firmware, found on these devices. Think carefully next time you’re plugging in your phone, external hard drive,USB disco ball, USB hamster wheel, and duck-shaped vacuum cleaner; it could contain all sorts of nasties!
Tobias Feakin is a senior analyst at ASPI and director of ASPI’s International Cyber Policy Centre. Image courtesy of Flickr user Duncan Rawlinson.