Cloud

New 'Crypto Dusting' Attack Gives Cash, Takes Reputation

This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.

A fraction of a bitcoin anonymously dropped into your cyberwallet may seem like a bit of good fortune, but opinions can change rapidly when you're labeled a likely criminal. That's the situaton companies and individuals are finding themselves in when they're the victims of "crypto-dusting" - one of the newer, and more challenging, hacks involving popular cryptocurrency.

The anonymous bitcoins were coming from BestMixer.io, a cybercurrency "mixer" often used to anonymize cybercurrency transactions to improve privacy or hide criminal activity. If you look inside the transaction record, says Dave Jevans, CEO of CipherTrace and chairman of the Anti-Phishing Working Group, you find a plan-text message that's a welcome from the BestMixer team.

But this "gift" comes with a price: "You have engaged in a transaction with a known money-laundering service, so it will raise the risk on your accounts for any exchange that has implemented anti-money laundering protocols," he says.

In addition, creating hundreds of thousands of newly tainted accounts could provide a smokescreen for the illegitimate transactions regulatory algorithms are supposed to catch. As for choosing their victims, Jevans says the methodology is simple: "They're just putting it in your crypto wallet. When they do a run, they look at the last 75,000 addresses and send to them. When you open up your wallet, it's there."

"It's logical, but I think it's shortsighted," says Mounir Hahad, head of Juniper Threat Labs at Juniper Networks. "The whole notion of 'tainted' is specific to the way the algorithms are deployed today." And, he points out, those algorithms can change.

While they're changing, there are some specific steps that consumers and companies can take to protect themselves. "On the consumer side, when you receive money like this — a small amount from an unknown source — the best thing to do is go in and block it from being sent," Jevans says. "If you ever spend it, it will wreak havoc with your privacy."

Larger organizations and enterprises have a somewhat more complicated task. "They'll need to work with their vendors on anti-money laundering and be able to cipher out the mixer coin that came from crypto duster attacks," he says.

Fortunately, this is an attack method that may have a short lifespan, according to Hahad. It should be relatively easy to tweak the anti-money laundering algorithms used by regulators and law enforcement to ignore the tiny fractional transactions that are part of the attack.

"This is not something that regular folks should be worried about — it's for regulators and law enforcement," he explains. "It will make their lives more difficult for a while, but as soon as they can patch their algorithms they'll be back in business."

Related content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.