Tag Archive for China

Is China Trying to Kill Bitcoin

Is China Trying to Kill BitcoinCryptocurrency Bitcoin has been on quite a roller-coaster ride the past weeks. From an all time high of $4,950.72 to $3,537.79 during the first 14 days of September 2017 in four days. That is a loss of nearly $1,413.00 which is over 9 shares of Apple (AAPL) or nearly 19 shares of Microsoft (MSFT). Not only am I skeptical about the value of Bitcoin at these levels, but apparently the Chinese government also is skeptical about cryptocurrencies.

CNET reports that the People’s Bank of China, the central bank of China banned initial coin offerings where bitcoin entrepreneurs and speculators raise funds by launching new digital tokens. ICO’s allowed blockchain startups to raise nearly $2 billion from investors worldwide in 2017. There was no mention of cryptocurrencies such as Bitcoin or its rival Ethereum, but the announcement sent stocks sliding anyway.

CNET says PBC ruled that ICOs are a form of “unauthorized and illegal public financing … (which) seriously disrupted economic and financial order” in China. To that end, the country has banned all sales and currency conversions involving digital tokens, and prohibited all financial institutions and non-bank payment organizations from offering any services to ICOs.

The American Banker speculates that the Chinese government may be trying to kill Bitcoin. In a recent article they lay out the case for Chinese regulators putting an end to cybercurrencies.

They point out that the Communist government of China is known for its strict capital controls and sweeping regulatory judgments. This attitude has spilled over to its relationship with cryptocurrencies.

Some observers are quick to point out that China has a long history of using the “Great Firewall of China” to block Western web sites, from Facebook to YouTube to WhatsApp and even VPN’s.

According to AB, the Chinese regulators have instructed all domestic cryptocurrency exchanges to shut down this month, effectively choking off one of the largest markets for the commercial buying and selling of bitcoin and other digital assets.

Further, cryptocurrency exchanges in China must work closely with authorities as they wind down their operations. AB says four major Chinese exchanges—Huobi, ViaBTC, OKCoin and BTC China, at one time the world’s largest by trading volume—have already announced their shutdown.

The moment could be a pivotal one in the evolution of financial services. It could easily be misread both by traditional bankers who could be disrupted and fintech entertainers who see a profit in disrupting the status quo. Bitcoin skeptics such as JPMorgan Chase’s CEO Jamie Dimon who called bitcoin a “fraud” that would soon “blow up.” American Banker believes Mr. Dimon has grown annoyed at the cryptocurrency’s staying power even though his firm is experimenting with blockchain technology—and filed a patent in late 2013 for a bitcoin-style digital payment system.

Next on the chopping block could be bitcoin miners. Bitcoin miners use tremendous amounts of computing power to verify and record transactions on the bitcoin network. In return, they receive new bitcoins which are minted at a predetermined rate. Some 80% of the world’s bitcoin mining takes place in China, the article claims the bottom could fall out of the business if miners have no way to turn their digital gains into fiat currency.

China is doing this “just to show their power,” Oleg Seydak, CEO of the marketplace lender Blackmoon Financial told AB. “They will temporarily close all of these companies, introduce strong regulations and keep the industry and the sector under their control.”

This approach makes sense if Chinese leaders do not want to be seen as falling behind in a new and growing market. In 2016, China accounted for the majority of global bitcoin trading activity. But with the government clamping down, China’s share has dropped to less than 15% of global volume. Japan now holds the top spot, with the  U.S. and South Korea close behind.

Sasha Ivanov, CEO of Waves, a blockchain platform believes the Chinese ICO ban is a positive development for the industry. Mr. Ivanov told AB that most ICOs were nothing but scams. He says Chinese regulators “finally lost patience, as more and more companies tried to raise millions for nothing.” China, he said, “has a reputation of being a harsh regulator that makes abrupt decisions,” but he feels confident that ICOs will be allowed by Chinese authorities once they have put in place an adequate regulatory framework.

“Fundamentally it all comes back to control, and right now the party’s all about control, especially around the 19th” Communist Party Congress, Bill Bishop, head of The Sinocism China Newsletter told CNBC.

Paul Triolo, practice head, geo-technology, at Eurasia Group, told CNBC, “the cyrptocurrency problem has gotten exponentially more difficult for them to get their head around and regulate.”

“Definitely bitcoin and cryptocurrencies’ free [reign] is over. But the issue of how this will affect the blockchain industry is still unknown,” Mr. Triolo said. “China doesn’t want to be left out of that. They’ll probably still end up allowing some parts of blockchain to survive. The financial piece of bitcoin and the blockchain industry is what they’re after.”

rb-

Seems to me that China wants to reign in cryptocurrencies rather than kill them off. The free-wheeling de-centralized nature of bitcoin makes the centrally controlled Chinese beureartes nervous. However they will probably adapt bitoin to meet their internal needs which is counter to the stated goals of bitcoin.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Can Toshiba Stay in Business?

Can Toshiba Stay in Business?Updated 06-22-2017 – As predicted below, the NYT reports that the Japanese government formed a coalition including the US venture capital firm Bain Capital to buy Toshiba’s microchip division. Estimates are the deal is worth approx. $20 Billion.

Toshiba is being driven to sell off its crown jewel, its microchip business, to stabilize the international giant. The New York Times reports that the stalwart of Japan’s postwar rise as a global industrial giant warned that its has doubts over whether it could stay in business. In a filing in Japan, Toshiba said it wrote off more than $6 billion connected to Westinghouse Electric’s troubled nuclear reactor projects in the United States, had created “substantial uncertainty” over its ability to continue as a going concern.

ToshibaThe Toshiba microchip division is the number two global provider of NAND flash memory. NAND flash memory is a type of non-volatile storage technology that does not need power to retain data. Flash memory is electronic (solid-state) non-volatile computer storage medium that can be electrically erased and reprogrammed.

Toshiba originally invented flash memory in the early 1980s from EEPROM (electrically erasable programmable read-only memory). They introduced it to the market in 1984. Called flash memory, after the flash on a camera, the chips have become an essential building blocks of the modern electronics industry.

WestinghouseThe two main types of flash memory are named after the NAND and NOR logic gates. The individual flash memory cells have internal characteristics similar to those of the corresponding gates.

Where EPROMs had to be completely erased before being rewritten, NAND-type flash memory may be written and read in blocks (or pages) which are generally smaller than the entire device. NOR-type flash allows a single machine word (byte) to be written—an erased location—read independently.

NAND flash memoryThe NAND type operates primarily in memory cards, USB flash drives, some solid-state drives, and similar products for general storage and transfer of data. NAND or NOR flash memory is also often used to store configuration data in many digital products, a task previously made possible by EEPROM or battery-powered static RAM. One key disadvantage of flash memory is that it can only endure a relatively small number of write cycles in a specific block.

Toshiba manufactures its NAND Flash Memories at its Yokkaichi Operations to maintain quality.

Samsung Electronics Co. (005930) is the biggest maker of flash memory chips, followed by Toshiba, SK Hynix and U.S.-based Micron Technology (MU).

many as 12 companies have approached Toshiba with proposalsA sale of Toshiba’s chip business, while offering the business a lifeline, would take away its most successful business — and, more broadly, would represent a shift of a major technology away from Japan, depending on the buyer. The Toshiba sale is still in its early stages, and the NYT say as many as 12 companies have approached Toshiba with proposals. Reports are that Toshiba is asking bidders to value its operations at about $17.6 billion (2 trillion yen), and make at least a 50 percent investment.

One of the better-known suitors is Hon Hai Precision Industry, also known as Foxconn. Foxconn is the assembler of Apple (AAPL) iPhones and is world’s largest contract electronics maker. Foxconn is based in Taiwan but performs most of its manufacturing in mainland China. According to the article Foxconn could pay billions to buy the business.

offered $27 billionSources told Japanese public broadcaster NHK the first round of the Toshiba auction drew 10 offers. Toshiba has narrowed the field of bidders for its chip unit to four: U.S. chipmaker Broadcom (AVGO), a private equity firm Silver Lake Partners which reportedly offered $18 billion; SK Hynix; Western Digital (WDC); and Foxconn (2354), reports say Foxconn offered $27 billion.

Apple is considering teaming up with its supplier Foxconn to bid for Toshiba semiconductor business, Japan’s NHK reported. Apple is considering investing at least several billion dollars to take a stake of more than 20 percent as part of a plan that would have Toshiba keep a partial holding so the business remains under U.S. and Japanese control, NHK reported.

The authors point out Toshiba’s situation is a remarkable turnabout for Japan, a country that once controlled the majority of microchip markets. In the past Japanese companies have banded together to rescue flailing domestic rivals and not let them fold or be acquired by foreigners.

BankersThe article speculates that the Japanese government may cobble together a “team Japan” offer, but the response from potential participants — who would have to explain the spending to shareholders — has been tepid. “It is fundamentally unthinkable that the Industry Ministry would intervene and take some kind of action,” Hiroshige Seko, the industry minister, said at a news conference, further dampening expectations.

Mark Newman, an analyst at Sanford C. Bernstein, argued in a report that Toshiba’s memory business remained valuable enough that selling it amounted to “selling the crown jewels to pay next month’s rent.”

Apple teaming up with its supplier Foxconn to bid for ToshibaJapanese politicians and industry leaders have voiced concerns over Chinese investors’ buying advanced chip production technology; semiconductors and memory are a major priority of China’s industrial policy. That could hinder any deal with Foxconn, said Mr. Newman, of Sanford C. Bernstein.

The worry is that Foxconn “would build huge fabs in China,” Mr. Bernstein said, referring to semiconductor fabrication plants. “The jobs would move to China from Japan, and furthermore China would go after market share at the expense of crushing industry economics, so the U.S., Taiwan, Korea, Japan all get hurt substantially by this arrangement.” Foxconn has been successful in attracting subsidies from the Chinese government to build large-scale production facilities in China.

The article speculates that Foxconn could take the Toshiba technology and manufacture it more cheaply in China. Such a move could drive down pricing for memory, a boon for Apple and low-cost Chinese smartphone makers. But it would also propel China forward in its long push to become internationally competitive in semiconductors. Mr. Newman has warned that competition in NAND chips could heat up next year, creating the possibility of oversupply and putting more pressure on Toshiba’s ability to put in effect next-generation technologies.

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Bad Passwords Crippled the Web

Bad Passwords Crippled the WebFollowers of the Bach Seat know that passwords suck and now default passwords really suck. In fact default passwords seem to be a key part of the massive DDOS attack disabled large parts of the Internet on October 21, 2016. The cyberattack targeted Internet traffic company DYN. DYN provides DNS services for many high-profile sites. Some of the sites effected by the attack on Dyn included; Amazon (AMZN), Business Insider, New York Times, Reddit and Twitter (TWTR).

Chinese electronics company Hangzhou Xiongmai webcamsSecurity researcher Brian Krebs, whose site, krebsonsecurity.com, was one of the first sites hit by a massive 620 GB/s DDoS attack, has reported the Mirai botnet was at the center of the attack on his site. CIO.com reports  ‘Mirai’ can break into a wide range of Internet of Things (IoT) devices from CCTV cameras to DVRs to home networking equipment turning them into ‘bots’. CIO reports a single Chinese vendor, Hangzhou Xiongmai Technology made many of the devices used in the Mirai attacks.

Level 3 Communications says there are nearly half a million Mirai-powered bots worldwide. To amass an IoT botnet, a Mirai bot herder scans a broad range of IP addresses, trying login to devices using a list of default usernames and passwords that are baked into Mirai code, according to US-CERT. The Mirai zombie devices are largely security cameras, DVRs and home routers. Mr. Krebs identified some of the specific devices.

Mirai Passwords

UsernamePasswordFunction
admin123456
root123456ACTi IP camera
adminpassword
admin1password
rootpassword
admin12345
root12345
guest12345
admin1234
root1234
administrator1234
888888888888
666666666666Dahua IP camera
admin(none)
admin1111Xerox printers, etc.
admin1111111Samsung IP camera
admin54321
admin7ujMko0adminDahua IP camera
adminadmin
adminadmin1234
adminmeinsmMobotix network camera
adminpass
adminsmcadminSMC router
Administratoradmin
guestguest
motherfucker
root(none)Viviotek IP camera
root00000000Panasonic printers
root1111
root54321Packet8 VoIP phone
root666666Dahua DVR
root7ujMko0adminDahua IP camera
root7ujMko0vizxvDahua IP camera
root888888Dahua DVR
rootadminIPX-DDK network camera
rootankoAnko Products DVR
rootdefault
rootdreamboxDreambox TV receiver
roothi3518HiSilicon IP Camera
rootikwbToshiba network camera
rootjuantechGuangzhou Juan Optical
rootjvbzdHiSilicon IP Camera
rootklv123HiSilicon IP Camera
rootklv1234HiSilicon IP Camera
rootpass
rootrealtekRealtek router
rootroot
rootsystemIQinVision camera, etc.
rootuser
rootvizxvDahua camera
rootxc3511H.264 - Chinese DVR
rootxmhdipcSenzhen Anran security camera
rootzlxx.EV ZLX two way speaker
rootZte521ZTE router
serviceservice
supervisorsupervisorVideoIQ
supportsupport
techtech
ubntubntUbiquiti AirOS Router
useruser

US-CERT says the purported author of Mirai claims to have 380,000 IoT devices are under its control. Some estimate the botnet has generated greater than 1Tbps DDoS attacks.

DDoS attacksWhen Mirai botnets are called upon to carry out DDoS attacks, they can draw on a range of tools including ACK, DNS, GRE, SYN, UDP and Simple Text Oriented Message Protocol (STOMP) floods, says Josh Shaul, vice president of web security for Akamai.

rb-

Followers of Bach Seat already know that many of the default passwords used by Mirai are among the worst and should have been changed already. They include:

  • Password
  • 123456
  • 12345
  • 1234

While reports say Chinese vendor, XiongMai Technologies equipment was widely exploited, other notable tech firms are included. The Mirai zombie army includes equipment from Xerox (XRX), Toshiba (TOSBF), Samsung (005930), Panasonic (6752) and ZTE (763).

I wrote about security cameras being compromised as part of botnets back in July here.

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Mobile Apps Leaking Your Info

Mobile Apps Leaking Your InfoJust in time for Blackhat, San Francisco based Appthority released its Q2 2015 Enterprise Mobile Threat Report. The big headline from the Appthority report is that enterprise mobile apps are sending personal identifiable information (PII) and other sensitive information all over the world often without the enterprise’s knowledge.

AppthorityFierceMobileIT says that the Appthority Enterprise Mobile Threat Team (EMTT) collected and analyzed security and risky behaviors in three million apps and found that the top iOS apps sent data to 92 different countries, while the top Android apps sent data to 63 different countries.

The report found another threat to all data. Appthority’s all-in-one App Risk Management service shows that 100% of enterprises they surveyed have zombie apps in their environments. Zombie apps are apps that have been revoked by the app stores and are no longer getting security updates. Zombie apps can give attackers a conduit into the enterprise.

App StoreThe report estimates that 5.2% of the Apple (AAPL) iOS apps on employee devices in an enterprise are dead apps, and 37.3% are stale Apps. On Google (GOOG) Android devices,  3.9% are dead apps and 31.8% are stale apps.

One threat from zombie apps, Appthority cites is that malicious third parties could use a man-in-the-middle attack to hijack the update mechanism for these apps to install new malware on user devices.

Despite the threats, app stores run by Apple, Google, and Microsoft (MSFT) are under no regulatory obligation to tell users of revoked apps — either for copyright infringements or serious security/privacy concerns discovered after release — the report points out. Domingo Guerra, president and co-founder of Appthority classified this as a stealthy risk; “The ongoing threat of zombie apps and stale apps continues to be an ‘under the radar’ threat to the enterprise“.

programmersA third risk to the firm’s data comes from their own programmers. The venture capital backed Appthority claims over-taxed enterprise app development teams are increasingly relying on third-party libraries and software development kits. Vulnerabilities in the third-party packages can put enterprise data at risk when they get baked into a corporate app.

The company, told CSO that few mobile devices have security applications installed. In particular, only 4 percent of Android devices in use within enterprises had on-device scanning solutions.

Rb-
Firms that depend on mobile solutions as part of a Bring Your Own Device (BYOD) effort need to look after their apps as well as connectivity and hardware and data and governance and reimbursements. Bring your own device hardly seems like a cost saver to me.

I have said this repeatedly, it seems like costs are just being moved around. From spending on a PC in the office that is very less likely to be lost and that can be controlled to a bunch of new enterprise applications like EMM, mobile anti-malware to app monitoring.

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Anthem Data Theft Hits BCBSM Users

Anthem Data Theft Hits BCBSM UsersThe recent cyber-attack on the Anthem Insurance company in Indianapolis, allegedly pulled off by Chinese hackers which I covered here has expanded to Michigan. Emily Lawler at MLive is reporting that Michigan residents are caught up in the national health insurance hack.

BCBSMThe Anthem health insurance company compromised data includes an estimated 80 million people, of which 636,075 Blue Cross Blue Shield of Michigan users. According to the article, some of the compromised information could have come from BCBSM customers. A BCBSM spokesperson told MLive there was a “strong possibility” some BCBSM customer data had been caught up in the hack.

BCBSM is an affiliate of the compromised company, so the Michigan firm shared critical customer information with Anthem. The affiliation allowed the attackers to gain access to Michigan BCBSM users. Ms. Lawler cites information from Anthem’s initial investigation, which found that compromised Michigan personally identifiable information (PII) that could have been compromised includes names, dates of birth, social security numbers, addresses, phone numbers, email addresses and employment information.

CyberwarReassuringly (snark) BCBSM and Michigan’s Department of Insurance and Financial Services have been monitoring the hack and its potential effect on Michiganders. BCBSM External Affairs Manager Stephanie Beres told MLive numbers from Anthem say 636,075 Michigan residents are impacted. That includes 410,990 Anthem members,and 225,745 customers of Blue Cross Blue Shield, Ms. Beres said.

rb-

Anthem is sending letters to those impacted their oopsie who will offer two years of free credit monitoring and identity theft repair. According to Anthem’s website AllClear ID will provide the credit monitoring services. Those who think they may be affected are encouraged to visit a website Anthem has set up to distribute information about the hack, www.anthemfacts.com.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.