Blockchain & cyber security Algeria Version 1.1, conference Keynote ISCA2018 ISCA

1. Blockchain &
Cyber Security
Algeria 28 Mar 2018
Jorge Sebastiao, CISSP
CTO Eco-system
Huawei
http://linkedin.com/in/sebastiao/
Twitter: @4jorge

2. Disclaimer & Copyright
• Please note that this presentation is for informational, knowledge sharing and educational purposes only. Any
comments or statements made herein do not necessarily reflect the views of Huawei. The information is intended
for the recipient's use only and should not be cited, reproduced or distributed to any third party without the prior
consent of the authors. Although great care is taken to ensure accuracy of information neither the author, nor
Huawei can be held responsible for any decision made on the basis of the information cited.
• The content of this presentation is based on information gathered in good faith from both primary and
secondary sources and is believed to be correct at the time of publication. The author can however provide no
guarantee regarding the accuracy of this content and therefore accepts no liability whatsoever for any actions
taken that subsequently prove incorrect.
• The practices listed in the document are provided as is and as guidance and the author and Huawei do not claim
that these comprise the only practices to be followed. The readers are urged to make informed decisions in their
usage.
• The information presented in this presentation is not intended to be, and should not be construed as, an offer to
sell any products or services or a solicitation of an offer to buy any products or services . Any such offer or sale will
be made pursuant to, and the information presented at this meeting is qualified in its entirety by, authorized
offering documents and related disclosure schedules or similar disclosure documentation.
• All logos and brand names belong to their respective owners and we do not claim any relationship or association,
implied or otherwise, with them.
• Use of any materials by virtue of relationships and associations, if any, are mentioned explicitly.
• Author has taken care to attribute all sources for external materials used in this presentation, and any oversight is
regretted. If you, as owner, or as viewer, find any reason to dispute the use of these materials kindly communicate
the same to author.
• Any omissions, in terms of attribution, may be due to an error of author and not intentional.

3. Are you ready Crypto
Cyber Security Challenges?
1. Complex Attacks
2. Maturity Technology
3. Wallet & Exchanges
4. Malware
5. Vulnerabilities
6. Social Engineering
7. Best practices

4. Hackers Focus where the money is

5. MtGox- Fake Bitcoins attack
2011
•Hacker created fake Bitcoins (BTC)
•Price online from $17.50-$. in 30min
•2 million fake BTC manipulating
trading DB
•Compromised administrator account
•Assigned $1M fake cash to account
•Thief got away 2000 authentic BTC

6. Tracing Bitcoin – Bigdata

7. Everything is connected…

8. 3000 Bitcoin Miners Exposed
1. SSH
2. Telenet
3. Default Passwords

9. CodeFork Malware Miner
1. Filess Malware
2. Monero Miner
3. APT

10. Hidden Miners
PirateBay & CBS's Showtime
caught mining crypto-coins
in viewers' web browser

11. CryptoJacking everywhere
•Browser
• Plants
• Super Computers
• Cars
• Mobiles

12. FCC Threats Miners emissions
•LTE
•S4
•T-Mobile
•Interference

13. North Korea War Chest
1. Bitcoin
2. War Chest
3. South Korea Exchange Attacks

14. $150M Raised DAO Attack $60M

15. Hackers are looking for your
Coins
Intense Scan for
• Coins
• Wallets
• Miners

16. Bug in Pariti Multi-Sig Wallet
Frozen
$400M
Ethereum

17. Bitcoins Lost Forever

18. Crypto Exchanges Hacked
1. Aug 2016 – Bitfinex - $61.8M
2. Jul 2016 – Kraken - $???
3. Jul 2016 – itBit – Attempt
4. May 2016: Gatecoin - $2M
5. May 2016: SimpleFX – Email
6. Apr 2016: Shapeshift - $230K
7. Apr 2016: Yaykuy- Hacked Offline
8. Mar 2016: BitQuick – Customer Data
9. Mar 2016: Cointrader- All Data
10. Jan 2016: Cryptsy-13K-BTC Offline
11. Dec 2017 NiceHash $64M Social Engineering
12. Jan 2018: Black Wallet $400K
13. Feb 2018: Bitgrail $217M

19. Zaif Japan Bitcoin at $0USD

20. Mobile as your Identity
1. SS7 Vunerabilities
2. Intercept / Impersonate Calls
3. Intercept / Impersonate SMS
4. Reset Accounts Gmail…
5. Erase Cloud Storage
6. Erase Devices

21. Hacking Wallet Video

22. Smart Contracts Vulnerable
34,000 Smart Contracts Vulnerable

23. Cold Storage Wallets Vulnerability

24. Cold Wallet MitM Attack

25. St-Petersburg Blogger Robbed $425K

26. 0 Day Exploits - Guaranteed

27. Hiding Bitcoin Transactions

28. NSA is tracking Bitcoin

29. Social Engineering Attacks

30. Exchanges Phishing

31. Social engineering
UK dealer charged in US over
multimillion-dollar fake Bitcoin
site scam
Fake trading platform for the
cryptocurrency Bitcoin
$5M in Mauritius, Morocco

32. SCAM Influencers

33. Fixing Blockchain Smart Contracts
Best Practices
Audits
Governance
Legislation

34. Crypto Countermeasures
1. Securing your email account
2. Securing your social media
3. Enabling 2-factor authentication,
biometrics
4. Vulnerability Management
5. Threat Management
6. Security Awareness Training
7. Incident Response Drills

35. Apply - A6 - Process
Business
Risk
Maturity

36. Proper Security Metrics &
Countermeasures

37. Questions
Jorge Sebastiao, CISSP
CTO Eco-system
Huawei
http://linkedin.com/in/sebastiao/
Twitter: @4jorge