Libra v Transnational Organized Cybercrime and Keeping Customers Safe

On July 18, 2019, Facebook formalized the launch of its new blockchain, the Libra Association.

“The goal of the Libra Blockchain is to serve as a solid foundation for financial services, including a new global currency, which could meet the daily financial needs of billions of people. Through the process of evaluating existing options, we decided to build a new blockchain based on these three requirements: Able to scale to billions of accounts, which requires high transaction throughput, low latency, and an efficient, high-capacity storage system. Highly secure, to ensure safety of funds and financial data. Flexible, so it can power the Libra ecosystem’s governance as well as future innovation in financial services.”

If you have made it this far, you are wondering, why CyChain has an interest in Libra’s rollout? Remember the 2016 elections? The Russian trolls, bot armies and fake social media accounts were so well organized they were largely undetected until it was too late. Now imagine trying to fight that type of organized influence and applying risk and fraud scoring tactics to digital currency with an ambitious targeted user base of billions.
Nicholas Thompson and Issie Lapowsky quoted a report by New Knowledge that focused on influence operations and impact in their Wired article in late 2018.
The report by New Knowledge is based on a review of 10.4 million tweets, 1,100 YouTube videos, 116,000 Instagram posts, and 61,500 unique Facebook posts published from 2015 through 2017. This is not a complete data set of Russian influence operations, but it’s still the largest such analysis to take place outside of the companies themselves. And it shows that the Russians weren’t just running a bland content farm, churning out propaganda in broken English. The operation was deeply sophisticated, and at times, downright funny. As the report’s authors note: “The IRA was fluent in American trolling culture.”

Libra v Cybercrime

Transnational organized cybercrime is successful because it operates like a well oiled business. Every group and its members play a specific role in carrying out the ultimate goal, financial gain. Simply put, cybercrime groups have succeeded in targeting Facebook, Instagram, Twitter and Whatsapp to launder money and steal funds from victims. This is not because these platforms are not capable of the challenge, it’s because the challenge involves monitoring billions of profiles around the clock. The platforms also can’t be responsible for users falling to scams that are too good to be true. The platforms over the last year have made tremendous strides in combatting malicious adds and phishing links targeting digital currency users.

Is Libra ready for the digital currency challenge? The sheer amount of potential fraud exposure if billions of users are connected to one platform will be unprecedented.

Cybercriminals typically focus on the return on time (ROT) v the return on investment (ROI). Digital Currency attackers know their greatest chance of winning is targeting customers and not blockchain vulnerabilities . Yes, hackers have been successful in removing digital currency funds due to vulnerabilities but attackers largely target the users. The most secure blockchain protocol seen to date will not prevent users from falling to human error and sending funds to scammers.

The most reputable cybercrime forums require a “vouching” process with usually two members putting their identity on the line to allow you access to the forum. Once on the forum, if you are not contributing and unable to speak the “language”, you are eventually banned and assumed to be law enforcement or a waste of breath. Top cybercrime forums that specialize in identity services or carding offer “fullz”, typically sale the latest and greatest from data breaches.

With mass adoption a goal of the digital currency community, cybercriminals may shift to offering more “fullz” of compromised digital currency accounts with full KYC verification. Will the rollout of a platform that plans to reach billions create new trends and targets for cybercriminals focused on digital currency?
Obviously no organization can bat 100 % in preventing fraud. Most tech organizations do a great job and their job force is top tier (especially Libra’s leadership and their partners).

Libra may have one of the largest fraud and risk challenges tech platforms have ever seen, simply because of its goal to reach billions. More customers equals more potential for fraud. Whatever Libra has dedicated to KYC review, investigations, security and customer protection, it should significantly enhance that number. Digital Currency is 24/7 and a midnight skeleton crew in an operations center will not be able to meet the fraud challenges targeting user base of billions. A proactive approach through timely customer service is necessary to defeat attackers and assist customers in panic mode.

Libra v Social Media Scams

Dr. Mike McGuire reveled social media-enabled cybercrime is generating $3.25B in global revenue each year. Let’s just say that an estimated one billion in loss in digital currency in 2018 is not in that figure. We are looking at over four BILLION in fraud connected to social media platforms. While obviously this figure is not just Facebook and digital currency, it shows how rampant fraud is on social media platforms. If you are in search of influencer accounts, just navigate with your TOR browser and you can find forums that list influencer accounts for sale that were previously hacked for a few hundred dollars.

Vishing, Phishing, and dishing are tactics cybercriminals will take and use to target potential Libra users. Influencers and digital currency veterans are targeted daily. If not specifically, it’s to trick their followers into sending money via Bitcoin or other digital currencies. In a lot of cases, these conversations are moved to Whatsapp, because it messaging offers end to end encryption and can be registered via VOIP service.

We also can’t forget about Telegram. During the initial coin offering (ICO) hype of 2017, Telegram was a beacon of hope for cybercriminals in compromising ICO groups or creating fake groups and requesting investor funds to be sent to an address controlled by criminals.

What about all of the digital currency influencers changing their names to ****not giving away “***” currency? How crazy is that? Social media scams were so bad that influencers started changing their names so their followers would not send funds to scammers. While a bull market is argued to be here by some, or coming upon us, the increase in scams will rise with price.

So what? What do all of these social media scams have to do with Libra? It’s not connected to Facebook right? Any company that has a goal of pushing massive adoption to billons face very complicated security challenges. Before rolling out a platform that can scale with billions of users, it must be ready to protect its customer data and fight fraud on their behalf.

Now, combine influence propaganda and cybercriminals targeting Libra’s potential user base and you have just encountered the largest security challenge tech has seen.

Libra v Privacy

The most interesting statement regarding the privacy aspect is the rollout of a
“pseudonymous blockchain that allows users to hold one or more addresses that are not linked to their real-world identity.”

It is unclear what exactly it means by pseudonymous in comparison to an anonymous digital currency such as shielded Z-Cash or Monero, besides not connecting transactions to users. The argument for privacy based coins make sense when users and companies are concerned they could be targeted for wealth or where they send their money. In some parts of the world where the banks and governments are not trusted, a pseudonymous or anonymous blockchain is necessary.

Z-Cash is dominating the privacy space with zero knowledge proofs and has a dedicated team of cryptographers with years of experience. It’s also favored by large U.S. exchanges because it is viewed as more regulator friendly than other privacy coins. While it makes sense for Libra to rollout a so called pseudonymous blockchain, how will they compete with other privacy protocols and teams with more more experience protecting its digital currency user base?
It’s unclear the impact Libra will have on digital currency technology and mass adoption.

It is clear that Libra must take overreaching steps to protect its customers while executing its mission to empower financial access to billions of users across the globe.

CyChain is a Digital Currency Risk and Advisory firm. You can contact us here: www.cychain.net.