Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

New 'Crypto Dusting' Attack Gives Cash, Takes Reputation

This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.

A fraction of a bitcoin anonymously dropped into your cyberwallet may seem like a bit of good fortune, but opinions can change rapidly when you're labeled a likely criminal. That's the situaton companies and individuals are finding themselves in when they're the victims of "crypto-dusting" - one of the newer, and more challenging, hacks involving popular cryptocurrency.

The anonymous bitcoins were coming from BestMixer.io, a cybercurrency "mixer" often used to anonymize cybercurrency transactions to improve privacy or hide criminal activity. If you look inside the transaction record, says Dave Jevans, CEO of CipherTrace and chairman of the Anti-Phishing Working Group, you find a plan-text message that's a welcome from the BestMixer team.

But this "gift" comes with a price: "You have engaged in a transaction with a known money-laundering service, so it will raise the risk on your accounts for any exchange that has implemented anti-money laundering protocols," he says.

In addition, creating hundreds of thousands of newly tainted accounts could provide a smokescreen for the illegitimate transactions regulatory algorithms are supposed to catch. As for choosing their victims, Jevans says the methodology is simple: "They're just putting it in your crypto wallet. When they do a run, they look at the last 75,000 addresses and send to them. When you open up your wallet, it's there."

"It's logical, but I think it's shortsighted," says Mounir Hahad, head of Juniper Threat Labs at Juniper Networks. "The whole notion of 'tainted' is specific to the way the algorithms are deployed today." And, he points out, those algorithms can change.

While they're changing, there are some specific steps that consumers and companies can take to protect themselves. "On the consumer side, when you receive money like this — a small amount from an unknown source — the best thing to do is go in and block it from being sent," Jevans says. "If you ever spend it, it will wreak havoc with your privacy."

Larger organizations and enterprises have a somewhat more complicated task. "They'll need to work with their vendors on anti-money laundering and be able to cipher out the mixer coin that came from crypto duster attacks," he says.

Fortunately, this is an attack method that may have a short lifespan, according to Hahad. It should be relatively easy to tweak the anti-money laundering algorithms used by regulators and law enforcement to ignore the tiny fractional transactions that are part of the attack.

"This is not something that regular folks should be worried about — it's for regulators and law enforcement," he explains. "It will make their lives more difficult for a while, but as soon as they can patch their algorithms they'll be back in business."

Related content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7964
PUBLISHED: 2020-01-24
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).
CVE-2020-5224
PUBLISHED: 2020-01-24
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the sess...
CVE-2020-7052
PUBLISHED: 2020-01-24
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
CVE-2014-4172
PUBLISHED: 2020-01-24
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service paramet...
CVE-2013-1597
PUBLISHED: 2020-01-24
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.