May 15, 2017

Saturday night last week and a doorstep survey commissioned by the ministry that we cannot refuse, for the lucky households picked to represent the internet habits of Singaporeans.

Halfway through, I found out my appointed surveyor was a survivor of mental illness, hands trembling recovering and weaning off those happy pills prescribed, hoping to find his way back into the workforce and society, after losing his civil service job—a fact that tightened my resolve to complete that survey for which he would only be paid for the successful submission of.

Was I to know for my innocuous answers that the world would be gripped by a malware attack of global scale, just a bare week later, my answers would not have been much different, including the half-truths thrown in to appear cool, normal and Singaporean. No desire on my part to draw any unnecessary attention after providing that i/c number.

Question: Would I be embracing IoT (Internet of Things) into my life routine in the near future?

No, thank you.

Question: Would I not want the luxury of turning on the a.c. and lights from my phone before I reach home?

No, thank you.

For would I not be on the same happy pills that my surveyor is popping? Enfeebled and enslaved by the drug doctor, in this case – the machine, only to tremble on the side effects of the drugs, and on the day it all fails, might I feel suicidal?

The Low Blow Ransom Act

So we are reading about this audacious malware hack committed by some low-lifes, the worst-ever recorded of its kind, using none other than tools developed by the NSA, stolen and distributed to the public. Low-life indeed to prey on the weak and vulnerable such as UK hospitals, German railways and Chinese schools, endangering and possibly costing lives with surgical procedures unable to be performed.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art
Source: Zerohedge

Crime does not pay, or does it?

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art2.1

Should anyone with the talent to come forth to work on the side of the law not be labelled “high-risk” as well? It does not go down well in such times when the trust in governments just about anywhere has sunk to pitiful lows as it is speculated that an arsenal of stolen NSA tools are being distributed for free since last month by some folks who are angry with Donald Trump, known as the Shadow Brokers.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art2.2
Source: RT News

We should not be congratulating ourselves if we are unscathed, because in March this year, Wikileaks revealed that the CIA has also lost parts of its arsenal of iPhone hacking weapons, which respectable newspapers are not supposed to report about.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art3
Source: 9to5mac 


It Will Only Get Maddeningly Expensive

What should we be concerned about besides updating those patches for Windows?

It looks like the Cost of policing and insuring the vast volumes data we have will be Going UP, as the “digital universe” reaches 180 zettabytes (180,000,000,000,000,000,000,000 bytes) annually by 2025.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art4

There is no way markets are prepared for this, if we stop for a moment to think that the central bank of Bangladesh lost US$101 mio to cyber criminals just last year, just a fraction of the 1 bio that was targeted, and $63 mio is still unrecovered despite the electronic trail that we have come to assume as the superior means.

And More Bitcoins Needed!

Hackers always demand payment in Bitcoin. Why?

Are the transactions untraceable?

In a way, yes, if the “bad guy” “tumbles” the single transaction into multiple addresses and so forth, obscuring the trail till it becomes a situation described as possessing a $20 bill that was stolen before you received it.

Bitcoin prices saw a record rally of some 21% this week against the USD, closing at US$ 1,820 per coin and beating every other asset class hands down for all the 15 million Bitcoins in existence with Bitcoin protocol limiting the total number of Bitcoins ever possible to 21 million.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art5
Source: Bloomberg

For the central banks so eager to abolish cash notes like we have witnessed last year, out of Europe for their EUR 500 note and India for the 500 and 1000 rupee bills, all in the grand name of crime-fighting, they are embracing the Bitcoin in their bid for a push towards fintech, blissfully aware that it has become the preferred currency of choice for cyber criminals, with 1153 Bitcoin ATMs in the world, last counted this month.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art6
Source: Statista

Singapore can even boast of a home-grown Bitcoin futures and options exchange, Coinut, besides the 2 Bitcoin ATMs that cyber criminals should steer clear of, because ATMs, errr, typically have the usual surveillance cameras.

Now, is there a correlation between Bitcoin prices and ransoms?

Has there been a surge in demand for cyber-ransom “money” a.k.a. the Bitcoin, this week that is the result of the global outage we are witnessing this weekend?

Singapore is largely safe, except for 2 universities affected, or perhaps criminals do not make it a habit to target EM nations as yet, if we note that the affected countries are not exactly in the “cash-strapped” categories because it would be interesting if they went after Venezuela, for example, experiencing social unrest with food shortages and escalating poverty, not for their lack of resources (with the largest known oil reserves in the world) but for their failing currency and 700% inflation rate which actually gives them a perfect excuse for adopting the Bitcoin, if they like, excusing my poor taste.

Yes, Bitcoin is legal in nearly 60 countries, airlines are accepting the Bitcoin, criminals are making big bucks, going by the estimate of $30 mio the previous CryptoLocker ransomware virus made back in 2013, so let’s wait till they allow them to buy houses with Bitcoin.

Our Trade Ideas from 2015 and 2017

In our 2015 post, Cyber Security: Annie, Are You ok?, we did say that cyber crime pays a lot more than cyber security. How much does a company invest in the cost centre of cyber security when the benefits are unseen? Or when the costs are difficult to estimate at best?

And what do accounting standards recommend for “ransom”? “Misc. expenses”?

Sadly, near all the stocks on our radar have not seen the highs they made in 2015, proving that good things only happen in private equity space and by the time they IPO, there is no meat left, despite our 2017 prediction that the hacks and cyber-attacks are going to get worse this year.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art7

We would have been better off if we had just bought and sat on Bitcoin when it was just US$300 per coin then which works out to just 500% in investment returns.

And the hedge for companies? BUY the central bank and government-endorsed BITCOIN!

Yes. Not just to pay ransoms but to insure against the future forthcoming cyberattacks which will drive up demand for “ransom money”. And we already know about the CIA fiasco through Wikileaks which means Apple phones could be next.

There are business opportunities aplenty, too, except that it is just too hard. The world needs a cyber army at this rate, friendly hacking to test protection levels to keep corporations vigilant. Yet it is nothing but a tall order for law-bidding Singaporeans who are just not brought up or educated to think as deviously as hackers who hack as a career, or so I hear, proper hacking set-ups with 24h helpdesks and who knows, even a treasury department? For once, some criminally insane people could have some use?

As to recruiting hackers, it is a criminal offence to hack so how are we to recruit any hackers except for inexperienced ones?

We said back in 2015, “cyber security experts are just about as valuable to society as doctors, architects and accountants, in that order of importance to my eccentric mind. Doctor fails, 1 patient dies. Architect fails, building collapses and hundreds die. Accountants and auditors fail and thousands will lose their jobs. Cyber security expert fails and millions will lose their passwords, bank account details and more.” Cyber security expert = hacker working on the side of the good.

Yes, we hear and read a lot about fintech, but there is her less glamorous sister called fin-hack. As a “white-hat hacker” revealed last year on CNBC, hacking is easier than before now that there is social media with a plethora of personal information, and if “a criminal gets access to bank account information, they can simply log in online and drain your savings”, with plenty of information on databases they can buy and use for identity theft. The game gets easier in this internet age with mobile payments and banking. As for victims, we are all just sitting ducks, making the case of “malware ransom” look childish and cheap.

It is profitable and few get caught. Back in 2015, some traders netted a cool $100 mio before they were caught because the hackers boasted about their feats.

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art8
Source: Marketwatch

Think of those who got away? Like the chaps who hacked the Thai ATMs last year, resulting in them spitting out cash. That rings a bell of suspicion on the price action of USDJPY too!

And think of the talented “surf dude” who managed to stop the spread of the malware virus this weekend and how he would have slipped through the cracks of Singapore’s education system, putting off university to work part time, play games and surf, to forget about being recruited to work in our prestigious cybersecurity agency?

Thoughts-on-Ransomware,-Malware,-Fin-Hack-and-Bitcoin-art9
Source: The Daily Mail

No thank you, Infocom survey, if you manage to pick my comments up, I am not ready to embrace more technology in my life at the moment but I may buy some Bitcoins.