CWT, one of the biggest travel companies in the U.S., this week paid $4.5 million in bitcoin to hackers who infiltrated the firm’s computer system, stealing sensitive corporate data. It is unclear whether customer information was also compromised.
Reuters reported that the bitcoin wallet owned by the cyber thieves received 414 BTC on July 28 as payment for the ransom. At current prices, the ransom would be worth more than $4.8 million.
According to the report, the attackers infected CWT’s computer network with a ransomware called Ragnar Locker, which encrypted the entire system, making it accessible only to the hackers.
The criminals claimed to have disabled 30,000 computers, but the company later said this figure was exaggerated, while confirming the cyber-attack which forced it to shut down its systems.
“We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased,” Reuters quoted CWT as saying.
“While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveller information has been compromised.”
In their ransom note, the hackers claimed to have stolen two terabytes of CWT data, including billing files, financial reports, security documents and personal data belonging to employees, such as email addresses and salary information.
They also claimed to have “information about your clients such as AXA Equitable, Abbot Laboratories, AIG, Amazon, Boston Scientific, Facebook, J&J, SONOCO, Estee Lauder and many others,” according to a tweet by Jameswt, the cybersecurity expert who discovered the CWT breach.
Per the Reuters report, the company said it had immediately informed U.S. law enforcement and European data protection authorities.
The hackers initially demanded $10 million worth of bitcoin to restore CWT’s files and delete all the stolen data, but the firm, severely hit by the new coronavirus, could only settle for $4.5 million.
CWT, formerly known as Carlson Wagonlit Travel, is the fifth largest travel firm in the U.S. The company, which says it provides services to 33% of companies on the S&P 500 stock index, posted revenues of $1.5 billion in 2019.
Ransomware attacks are reportedly costing businesses billions of dollars each year, in blackmail payments.
What do you think about CWT paying the $4.5 million ransom? Let us know in the comments section below.
The post Big Travel Firm CWT Pays $4.5 Million Bitcoin Ransom to Hackers appeared first on Bitcoin News.
Author: By TeamMMG
From a Teenage Dream to a $38B Blockchain – India Crypto News
It would seem that five years is a relatively short time for an information technology company, but Ethereum has made colossal progress during this time, growing from its own initial coin offering project to the largest blockchain platform, running about 2,000 decentralized applications. Today, the market capitalization of its native cryptocurrency, Ether (ETH), is worth $38 billion — larger than Ford Motor Company and the popular app Snapchat. Not only that, but the value of Ether has seen a 121-fold increase over the period of the network’s existence.
While the whole team is preparing for the transition to the proof-of-stake consensus algorithm ahead of the upcoming Berlin upgrade, Cointelegraph recalls the striking changes that have occurred to the platform over the five years since its launch, and the failures that have only toughened its resolve.
Ethereum was invented by Vitalik Buterin, a Canadian programmer of Russian descent. It was 2013, and Buterin was just an 18-year-old teenager, but his idea found a lively response in the global blockchain community. Later, Gavin Wood, a British computer programmer, proved the possibility of creating the system invented by Buterin and described the basic principles of its operation in the Ethereum “Yellow Paper.” Together with the first members of the Ethereum team, they launched a crowdsale and raised $18 million for the project’s development.
The first version of the Ethereum cryptocurrency protocol, called Frontier, was launched on July 30, 2015. But the security level the system boasted back then was far from what Ethereum is today. The launch of Frontier marked an important milestone in the history of the network, after which the developers immediately started working with smart contracts and creating DApps on the real blockchain.
The first existing historical record of Ether’s price is from Aug. 7, 2015, when ETH was added to the Kraken crypto exchange at $2.77 per coin. Over its first three days of trading, its price dropped to a demeaning $0.68, most likely under the influence of rapid sales by early investors.
In the second half of the year, droves of crypto enthusiasts rushed to learn what they could about Ethereum. A particularly significant contribution to its popularization was made by the DEVCON-1 developer conference, which was held from Nov. 9 to 13. The event sparked intense discussions on the development of Ethereum, with the participation of representatives from IBM, Microsoft and UBS.
At the beginning of 2016, the price of Ether rose rapidly, fueled by news of the upcoming launch of a network protocol with a more stable version: Homestead. As a result, ETH reached its first serious high of $15 per coin on March 13, with the platform’s market cap exceeding the boastful $1 billion mark. On March 14, Homestead went live, which made its blockchain officially secure through new protocols and network changes (EIP-2, EIP-7 and EIP-8), making future updates possible.
More specifically, the network protection became based on mining, which was planned only for the initial stage of development with subsequent transition to PoS with a hybrid model at an intermediate stage. At the same time, exuberant requirements for video memory acted as protection against the use of ASIC miners.
The next event, which brought the price of Ether to its highest value that year — $21 — was the widespread media coverage of the dizzying success of The DAO project, which raised more than 12 million ETH ($150 million at the time ) in May. The DAO — an acronym for decentralized autonomous organization — was one of the pioneers of the upcoming ICO era and chose Ethereum as its launchpad to raise investments.
However, on June 16, using a vulnerability in The DAO’s code, unknown hackers stole about $60 million in ETH from the project. News of the attack sliced the price of ETH in half to $11. Buterin offered to return the stolen funds by conducting a hard fork to restore the network to its pre-attack state. Following a controversial hard fork held on July 20, the network split into two: Ethereum and Ethereum Classic.
On Sept. 22, Ethereum suffered another blow: The network was subjected to a distributed denial-of-service attack, significantly slowing its operations. The news became an impetus for the beginning of a local downtrend in the curbed price, which began consolidating in the $7–$9 range by the end of the year. Two unplanned hard forks were then carried out to improve the resilience of the network and rectify the consequences of the DDoS attack.
Ether’s price experienced a meteoric rise at the start of 2017 as the cryptocurrency was added to the eToro platform on Feb. 23. Around the same time, the number of unconfirmed transactions on the Bitcoin network had reached 200,000, causing an increasing number of crypto investors and miners to opt for Ether as an alternative investment. On May 6, the price of ETH set a new bar of $95 per coin.
The popularity of Ethereum grew rapidly in the crypto community and among DApp developers. The initial coin offering hype also contributed to the increased demand for Ether, as thousands of projects opted to fundraise in ETH. By Sept. 1, the price of Ethereum had almost reached a whopping $400, but news of China banning ICOs and crypto trading quickly slashed it to nearly $220.
The price gradually recovered by mid-October after the release of the Byzantium network upgrade, which took place on Sept. 18. Along with the growth of the ICO bubble, in which Ether was still the main means of payment, ETH reached nearly $800 by the end of the year.
The beginning of 2018 turned out to be even more successful for Ethereum than the previous one. On Jan. 13, the price of Ether reached its all-time high of around $1,400. But the ICO rush, which had triggered the rapid growth of Ethereum’s price in 2017, came to an end. Throughout 2018, its echoes played a cruel joke on Ether as thousands of ICO projects sold their savings, meaning that ETH dropped even faster than the rest of the market.
In early September, news of the Constantinople hard fork — expected in November — slowed the drop in the price and injected positive sentiment into the community. However, the network upgrade was delayed. Influenced by inter-bearish sentiments on the crypto market and pending updates, the price fell to $85, dropping from the second-largest to the third-largest cryptocurrency by market capitalization behind XRP.
Many aspects spiraled out of the control of developers over the year as they were actively engaged in conducting technical work on the network. Meanwhile, the community lost count of the number of upgrades carried out. In January, the technical roadmap gained clarity as difficult engineering problems were solved and the Ethereum development community continued to grow.
DeFi became the largest sector within Ethereum, and the market saw early signs of growth in gaming and decentralized autonomous organizations. At the beginning of 2019, the only DeFi protocol with significant funds was MakerDAO, which had a total of 1.86 million ETH ($260.4 million at the time). The playing field became much more diverse by the end of the year when new participants rushed into the industry.
On Feb. 28, the Constantinople hard fork took place on the Ethereum network, which prepared it for the transition to the Casper PoS protocol and the abolition of the previous mining model. However, the eighth upgrade, called Istanbul — which initially had been scheduled for Dec. 4 — was delayed and activated on the Ethereum mainnet on Dec. 8.
Among the main objectives of Istanbul were ensuring the compatibility of the Ethereum blockchain with the anonymous Zcash (ZEC) cryptocurrency and increasing the scalability of the network through SNARKs and STARKs zero-knowledge-proof protocols. In addition, the update made it difficult to carry out denial-of-service attacks on the network due to the change in the cost of gas needed for launching operating codes.
The progress of Ethereum 2.0 laid the foundation for the world’s largest corporations to start using the Ethereum blockchain. In July, Samsung released a software kit for Ethereum developers, six months after it was revealed that the development of its new phone included a built-in Ethereum wallet. Another large partnership involved internet browser Opera, which had launched an Ethereum-supported Android wallet at the end of 2018 and announced a built-in Ethereum wallet for iOS users in early 2019.
Meanwhile, Microsoft continued its involvement with the Ethereum ecosystem. In May, the company released the Azure Blockchain Development Kit to support Ethereum development. In October, it backed a tokenized incentive system from the Enterprise Ethereum Alliance for use within enterprise consortiums. And in November, it launched Azure Blockchain Tokens, a service that lets enterprises issue their own tokens on Ethereum.
In the first half of 2020, Ethereum — famous for its numerous conferences and meetups — was forced to postpone all activity due to the coronavirus pandemic. Nevertheless, the team managed to make significant progress in solving the scalability issue, with the launch of the final Ethereum 2.0 testnet scheduled for Aug. 4.
The developers hope that once the upgrade is complete, the Ethereum network will become faster, cheaper and more scalable without compromising decentralization and network flexibility. Meanwhile, the blockchain network continues to grow, as activity in the decentralized finance market has increased significantly.
According to Dapp.com, the daily volume of value transferred via DeFi applications reached an all-time high of $1.8 billion on July 2. During the second quarter, a record $4.9 billion was moved through DeFi applications — a 67% growth when compared with the previous quarter — while the number of active users of Ethereum applications reached 1,258,527, an increase of 97%.
Japan’s Dormant BTC Trading Accounts Wake up as Bitcoin Price Rallies
Japan’s “dormant” crypto accounts are starting to see activity as Bitcoin breached a critical price resistance level this week. According to the Japanese crypto exchange Coincheck, their trading volume this week has risen by two to three times in comparison to the previous one.
Speaking to a selected number of the Japanese outlets, Yusuke Otsuka, the co-founder of Coincheck explained that existing users who hadn’t traded for a while became active again this week: “Some of our users already have accounts so the initial velocity is high.”
If users already have accounts, they don’t have to take time to go through Know Your Customer check to open new accounts and can resume buying cryptocurrencies immediately. In contrast, those new to the trading platform had to wait for their account to become approved, so there was a time lag before they could start trading. “This time is different”, Otsuka emphasized.
According to Coincheck, the volume of the direct sale this week was twice as big as seen during the previous one, while the demand for the exchange service increased threefold. Otsuka also believes this is correlated with the Japanese Coivd-19 stimulus payments. In April, the Japanese government began distributing 100,000 yen payments — about $930 — to every household.
Moreover, Oki Matsumoto, CEO of Monex Group, a parent company of Coincheck points out the possibility that those who missed buying gold are now interested in Bitcoin. The gold price has surged recently, breaking previous highs while Bitcoin just started breaking the resistance at the beginning of this week.
Matsumoto also commented on the recent development of central bank digital currencies:
“I think David Marcus made a mistake. He should have said it was Facebook Token. Because they said it was ‘the future currency,’ the U.S. government criticized it heavily”.
Matsumoto added that “the role of Libra might be just to open Pandora’s Box and that was it”. Meanwhile, the United States is behind the competition precisely because “they crushed Libra by themselves and could no longer say they would start developing CBDC”, Matsumoto analyzed.
Some industry insiders are worried about American reluctance to move forward with CBDC. Takaya Nakamura, an executive from Japanese crypto exchange Fisco recently claimed that Japan’s role should be to urge the United States to take CBDCs more seriously.
Author: Published 1 day ago
Florida teen arrested as mastermind of Twitter hack
MIAMI, Fla. — A Florida teen was identified Friday as the mastermind of a scheme earlier this month that commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $100,000 in Bitcoin. Two other men were also charged in the case.
Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as an adult. He faces 30 felony charges, according to a news release.
Two men accused of benefiting from the hack — Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando — were charged separately in California federal court.
In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation.
Court papers in the California cases say Fazeli and Sheppard brokered the sale of Twitter accounts stolen by a hacker who identified himself as “Kirk” and said he could “reset, swap and control any Twitter account at will” in exchange for cybercurrency payments, claiming to be a Twitter employee.
The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.
Twitter has said the hacker gained access to a company dashboard that manages accounts by using social engineering and spear-phishing smartphones to obtain credentials from “a small number” of Twitter employees “to gain access to our internal systems.” Spear-phishing uses email or other messaging to deceive people into sharing access credentials.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” U.S. Attorney David L. Anderson for the Northern District of California said in a news release.
The evidence suggests, however, that those responsible did a poor job indeed of covering their tracks. The court documents released Friday show how federal agents tracked down the hackers through Bitcoin transactions and by obtaining records of their online chats.
Although the case was investigated by the FBI and the U.S. Department of Justice, Hillsborough State Attorney Andrew Warren said his office is prosecuting Clark in state court because Florida law allows minors to be charged as adults in financial fraud cases when appropriate. He called Clark the leader of the hacking scam.
“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Warren said.
Security experts were not surprised that the alleged mastermind is a 17-year-old, given the relatively amateurish nature of both the operation and how participants discussed it with New York Times reporters afterward.
“This is a great case study showing how technology democratizes the ability to commit serious criminal acts,” said Jake Williams, founder of the cybersecurity firm Rendition Infosec. “There wasn’t a ton of development that went into this attack.”
Williams said the hackers were “extremely sloppy” in how they moved the Bitcoin around. It did not appear they used any services that make cryptocurrency difficult to trace by “tumbling” transactions of multiple users, a technique akin to money laundering, he said.
He also said he was conflicted about whether Clark should be charged as an adult.
“He definitely deserves to pay (for jumping on the opportunity) but potentially serving decades in prison doesn’t seem like justice in this case,” Williams said.
The hack targeted 130 accounts with tweets being sent from 45 accounts, obtained access to the direct message inboxes of 36, and downloaded Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.
Court papers suggest Fazeli and Sheppard got involved in the scheme after Clark dangled the possibility of obtaining so-called OG Twitter handles, short account names that due to their brevity are highly prized and considered status symbols in a certain milieu. They said Sheppard purchased @anxious and Fazeli wanted @foreign.
Internal Revenue Service investigators in Washington, D.C., identified two of the defendants by analyzing Bitcoin transactions on the blockchain — the universal ledger that records Bitcoin transactions — that they had sought to make anonymous, federal prosecutors said.
Marcus Hutchins, the 26-year-old British cybersecurity expert credited with helping stop the WannaCry computer virus in 2017, said the skill set involved in the actual hack was nothing special.
“I think people underestimate the level of experience needed to pull off these kinds of hacks. They may sound extremely sophisticated, but the techniques can be replicated by teens,” added Hutchins, who pleaded guilty last year to creating malware designed to steal banking information and just completed a year’s supervised release.
British cybersecurity analyst Graham Cluley said his guess was that the targeted Twitter employees got a message to call what they thought was an authorized help desk and were persuaded by the hacker to provide their credentials. It’s also possible the hackers got a call from the company’s legitimate help line by spoofing the number, he said.
Fazeli’s father said Friday he hasn’t been able to talk to his son since Thursday.
“I’m 100 percent sure my son is innocent,” Mohamad Fazeli said. “He’s a very good person, very honest, very smart and loyal.”
“We are as shocked as everybody else,” he said by phone. “I’m sure this is a mix up.”
Attempts to reach relatives of the other two weren’t immediately successful. Hillsborough County court records didn’t list an attorney for Clark, and federal court records didn’t list attorneys for Sheppard or Fazeli.
Story by David Fischer and Frank Bajak.
Decentralized exchange volumes surged to $4.3 billion in July, breaking monthly record
Data collected by The Block shows that the total volume for decentralized exchanges hit $4.3B billion in July, surpassing the previous record in June.
The volume surge represents a 174% increase over the $1.5 billion performance in June. July represents the first time on record that DEX volumes have risen past the $4 billion mark.
Automated market maker protocols Uniswap and Curve represented the bulk of July’s activity. Uniswap led the pack with 41% of the volume, followed by Curve with 24% of the volume.
At least part of the month’s busy traffic may be attributed to the late July surge in the price of ether, the native cryptocurrency of Ethereum. But it’s also a result of steadily growing activity in the decentralized finance, or DeFi space.
[Read The Block’s five-year data breakdown, published on Ethereum’s fifth launch anniversary.]
© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Author: Michael McSweeney