Saturday, May 21, 2022

Providing both the tools and rules that enabled an authorized user to “win” millions of dollars could make the lawsuits a bit confusing.

https://www.bloomberg.com/news/features/2022-05-19/crypto-platform-hack-rocks-blockchain-community

The Math Prodigy Whose Hack Upended DeFi Won’t Give Back His Millions

An 18-year-old graduate student exploited a weakness in Indexed Finance’s code and opened a legal conundrum that’s still rocking the blockchain community. Then he disappeared.

Medjedovic hasn’t officially responded to either suit; he told me he doesn’t even have a lawyer in Ontario. But in our email exchanges, he argued that he’d executed a perfectly legal series of trades. Nothing he did “involves getting access to a system I was not allowed access into,” he said. “I did not steal anyone’s private keys. I interacted with the smart contract according to its very own publicly available rules. The people who lost internet tokens in this trade were other people seeking to use the smart contract to their own advantage and taking on risky trading positions that they, apparently, did not fully understand.” Medjedovic added that he’d taken on “substantial risk” in pursuing this strategy. If he’d failed he would have lost “a pretty large chunk of my portfolio.”

The case raises several tricky questions about how people should be allowed to interact with code on the blockchain. For instance, the plaintiffs allege that Medjedovic made a “false representation” by manipulating the value of the tokens in the pools. But did Medjedovic do this, or did the algorithm? Barry Sookman, a lawyer in Toronto specializing in information technology, says it’s a distinction without a difference: “Individuals are responsible for the activities of technologies they control.”

And if Medjedovic was engaged in deception, who was being deceived? That’s one basis on which Andrew Lin, a Dallas-based lawyer who advises Medjedovic but isn’t formally involved in the Ontario cases, rejects the false representation argument. “It’s unclear who he made a misrepresentation to,” Lin says. “He set forth lines of code. The code itself is neither true nor false.”





Always useful to know who is playing for the other side.

https://www.databreaches.net/major-cyber-organizations-of-the-russian-intelligence-services/

Major Cyber Organizations of the Russian Intelligence Services

The Office of Information Security Securing One HHS and Health Sector Security Coordination Center (HC3) have released slides from:

Major Cyber Organizations of the Russian Intelligence Services (pdf, 27 pp) TLP: WHITE, ID# 202205191300 May 19, 2022

• Russian Intelligence Services’ Structure

• Russian Intelligence Services’ Mandates





Is this something a small country (or a US state) could cheerfully ignore?

https://www.cpomagazine.com/cyber-security/could-a-cyber-attack-overthrow-a-government-conti-ransomware-group-now-threatening-to-topple-costa-rican-government-if-ransom-not-paid/

Could a Cyber Attack Overthrow a Government? Conti Ransomware Group Now Threatening To Topple Costa Rican Government if Ransom Not Paid

The spate of ransomware attacks on critical infrastructure companies in 2021 was seen as a major escalation by cyber criminal groups. The Conti ransomware gang appears to be attempting to skip several steps by threatening to overthrow the government of Costa Rica, having established a presence throughout its national agencies.

The threat is almost certainly hollow, but it showcases the boldness with which major ransomware groups are operating even after international law enforcement operations took out previous line-crossers REvil and DarkSide among others.





You can provide all the Privacy and Security features you advertise as long as you don’t really provide all those Privacy and Security features. Encryption is Okay as long as we get copies of the plaintext.

https://www.cpomagazine.com/data-privacy/vpn-providers-ordered-by-indian-government-to-hold-all-customer-data-for-five-years-hand-over-to-government-upon-request/

VPN Providers Ordered by Indian Government To Hold All Customer Data for Five Years, Hand Over to Government Upon Request

Virtual private networks (VPN) sell themselves on their ability to anonymize traffic and protect user identities from any prying eyes. A new order from the Indian government could essentially undermine the business of VPN providers in the country, requiring the personal information of all users to be collected and this profile of customer data to be held for up to five years.

The country’s Computer Emergency Response Team (CERT-In), an office of the Ministry of Electronics and Information Technology tasked with taking point on cybersecurity threats, would also require VPN providers to grant it access to this customer data upon request.





Rethinking war. Why would anyone think that nothing would change?

https://breakingdefense.com/2022/05/ukraine-shows-that-city-hopping-is-the-new-era-of-defensive-warfare/

Ukraine shows that city hopping is the ‘new era’ of defensive warfare

The future of land warfare may not be hordes of missile raining down on an opposing force, crushing it and giving the attacker the advantage. Instead, the war in Ukraine may demonstrate that the advantage has swung to the defender, who can strike from hiding using tactical weapons in part because of the power of drone surveillance.

Maj. Gen. Scott Winter, commander of Australia’s 1st Division, told the more than 2,000 attendees at AUSA’s Pacific Land Warfare Conference that land warfare now increasingly resembles the island hopping strategy America followed in the Pacific during World War II. Drones create what he called “massive no-man’s lands,” stretching thousands of kilometers. Major attacking forces then get struck by smaller units hiding in urban areas, and suffering losses and disruptions to their crucial supply lines as they move between cities, tracked all the way by unmanned cameras in the sky.



No comments: