E-Brochure info@us-council.com
US Council
  • Home
  • Services
    • Security Testing Services
    • Mobile Phones
    • Proactive Services
    • Incident Response
    • Forensics
    • Test Frameworks
    • Compliance Audit
  • Products
    • US-DR-Suite
    • US-Forensic Field Kit
  • Training
    • Cybersecurity Professional
    • Ethical Hacking & Prevention
    • Network Penetration Testing
          Expert
    • Network Security Expert
    • Digital Forensics Expert
    • Mobile Forensics Expert
    • Wireless Security Expert
    • Certifications
    • Certificate Verification
    • Webinar
  • About Us
  • News
  • Contact Us
  • News

New 'Crypto Dusting' Attack Gives Cash, Takes Reputation

9 January 2019 Curtis Franklin Jr.
New 'Crypto Dusting' Attack Gives Cash, Takes Reputation

This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.

A fraction of a bitcoin anonymously dropped into your cyberwallet may seem like a bit of good fortune, but opinions can change rapidly when you're labeled a likely criminal. That's the situaton companies and individuals are finding themselves in when they're the victims of "crypto-dusting" - one of the newer, and more challenging, hacks involving popular cryptocurrency.

The anonymous bitcoins were coming from BestMixer.io, a cybercurrency "mixer" often used to anonymize cybercurrency transactions to improve privacy or hide criminal activity. If you look inside the transaction record, says Dave Jevans, CEO of CipherTrace and chairman of the Anti-Phishing Working Group, you find a plan-text message that's a welcome from the BestMixer team.

But this "gift" comes with a price: "You have engaged in a transaction with a known money-laundering service, so it will raise the risk on your accounts for any exchange that has implemented anti-money laundering protocols," he says.

In addition, creating hundreds of thousands of newly tainted accounts could provide a smokescreen for the illegitimate transactions regulatory algorithms are supposed to catch. As for choosing their victims, Jevans says the methodology is simple: "They're just putting it in your crypto wallet. When they do a run, they look at the last 75,000 addresses and send to them. When you open up your wallet, it's there."

"It's logical, but I think it's shortsighted," says Mounir Hahad, head of Juniper Threat Labs at Juniper Networks. "The whole notion of 'tainted' is specific to the way the algorithms are deployed today." And, he points out, those algorithms can change.

While they're changing, there are some specific steps that consumers and companies can take to protect themselves. "On the consumer side, when you receive money like this — a small amount from an unknown source — the best thing to do is go in and block it from being sent," Jevans says. "If you ever spend it, it will wreak havoc with your privacy."

Larger organizations and enterprises have a somewhat more complicated task. "They'll need to work with their vendors on anti-money laundering and be able to cipher out the mixer coin that came from crypto duster attacks," he says.

Fortunately, this is an attack method that may have a short lifespan, according to Hahad. It should be relatively easy to tweak the anti-money laundering algorithms used by regulators and law enforcement to ignore the tiny fractional transactions that are part of the attack.

"This is not something that regular folks should be worried about — it's for regulators and law enforcement," he explains. "It will make their lives more difficult for a while, but as soon as they can patch their algorithms they'll be back in business."

  • Security Testing Services
  • Mobile Phones
  • Proactive Services
  • Incident Response
  • Forensics
  • Test Frameworks
  • Compliance Audit

Popular Posts

  • Cybersecurity in the Biden Administration: Experts Weigh In
  • Worst Malware and Threat Actors of 2018
  • Destructive Cyberattacks Spiked in Q3
  • A Cybersecurity Weak Link: Linux and IoT
  • A False Sense of Security
  • 4 Traits of a Cyber-Resilient Culture
  • Managing Data the Way We Manage Money
  • New Apache Struts Vulnerability Leaves Major Websites Exposed
Our Services
  • Security Testing Services
  • Mobile Phones
  • Proactive Services
  • Incident Response
  • Forensics
  • Test Frameworks
  • Compliance Audit
Quick Links
  • Certifications
  • Certificate Verification
  • About Us
  • News
  • Contact Us
Follow Us
2022 US Council. All rights reserved.