There’s no way around it. Cybersecurity is a never-ending process for both financial institutions and individual consumers. As soon as a new security protocol is released cybercriminal hackers find some way around it.
Take bitcoin and other digital currencies for example. If, like me, you know very little about “cryptocurrencies,” here’s a brief definition: “a decentralized digital currency that allows goods and services to be exchanged very efficiently.” And their use is growing both as a way of exchanging value and as an investable asset class. Bitcoin currency is currently valued at around $9 billion and there are other players looking to cash in as well, such as BitConnect, BlackCoin, Ubiq, and Zcash. There’s even a bitcoin ETF (Symbol: GBTC) that has more than $160 million in assets, and growing.
Bitcoin uses a digital ledger that creates a record known as a blockchain viewable by anyone in the bitcoin network of all verified transactions. This open source record doesn’t reside on a single server, nor is it able to be controlled by a single individual, making it virtually impossible (at least so far) to alter transaction information. And this is an important feature since virtual currency transactions are permanent. There are no digital do-overs.
Not surprisingly, cybercriminals have figured a way to circumvent this safeguard by taking over and emptying the accounts of participants in this digital asset class. And as is often the case, the simplest approach can be the most effective.
In a two-step process, these digital thieves are first stealing their victim’s mobile phone numbers by getting carriers to switch the number to a device under the hacker’s control. Then they’ll reset the passwords on accounts that use the phone number as part of the security protocol. According to the Federal Trade Commission the incidence of phone number hijacks has been growing dramatically—from 1,038 cases reported in January 2013 to 2,658 in January 2016.
The losses can be substantial. One investor who told his story to the New York Times said after his mobile phone number was stolen his virtual currency wallet was looted to the tune of about $150,000. Another said that everyone he knows who trades in cryptocurrencies has had their phone number stolen. And even if the criminals don’t drain their victim’s accounts, they can still hold them for ransom.
People who talk about cryptocurrencies on social media are easily identified by hackers as potential targets. As more and more of our financial lives take place in the digital realm, security and protection of our assets has become even more crucial. We can’t trust that the financial institutions, retailers, and internet and telephone providers we do business with will keep us safe from cybercriminals. We also have to protect ourselves. Start by avoiding talking about your investments and other financial matters on Facebook, Twitter and very other social medium. And businesses in the financial space need to be sure they have a cyberattack response plan ready.
Luckily just as criminal hackers never let up on trying to break in to locked systems, creative programmers and entrepreneurs are working just as diligently to keep them out. At the 2nd Annual Blockchain Conference last month in Washington a company called IDBox showed off a telephone application that will allow people to use their fingerprints for blockchain identification to make or receive payments, make deposits or carry out other transactions. That should help, at least until the hackers figure out how to steal fingerprints.