Category Archives: ICO

SEC Charges Shopin Founder with fraud over unregistered $42M ICO

Shopin founder charged by SEC for running $42 million scam cryptocurrency ICO

The US Securities and Exchange Commission (SEC) has charged the founder of Shopin, Eran Eyal, for allegedly running $42 million scam ICO.

The Securities and Exchange Commission today charged a digital-asset entrepreneur and his company with defrauding investors in an initial coin offering (ICO) that raised more than $42 million from hundreds of investors.” reads the press release published by SEC.

Eran Eyal, the founder of UnitedData, trading as Shopin, is accused of having operated an unregistered ICO without any project and documentation.

Eyal launched an Initial Coin Offerings (ICOs) to raise funding to create universal shopper profiles, maintained on the blockchain, that would track customer purchase histories across online retailers and recommend products based on the collected data. The problem is that SEC believes that Shopin never created a functional platform.

Unfortunately, fraudulent ICOs are not a rarity over the years the media reported several cases of exit scams. 

“As alleged in the SEC’s complaint, Shopin never created a functional platform. The complaint further alleges that Eyal and Shopin repeatedly lied to investors in connection with its offering, including misrepresentations about purported partnerships with certain well-known retailers and about the involvement of a prominent entrepreneur in the digital-asset space.” continues the SEC’s compliant. “The SEC also alleges that Eyal misappropriated investor funds for his personal use, including at least $500,000 used for rent, shopping, entertainment expenses, and a dating service.”

According to the SEC’s compliant Eyal misappropriated investor funds, at least $500,000, for his personal use, including a dating service.

“As alleged in today’s action, the SEC seeks to hold Eyal and Shopin responsible for scamming innocent investors with false claims about relationships and contracts they had secured in support of a blockchain-based universal shopper profile,” said Marc P. Berger, Director of the SEC’s New York Regional Office. “Retail investors considering an investment in a digital asset that meets the definition of a security must be afforded the same truthful disclosures as in any traditional securities offering.”

Investors in the Shopin ICO who believe they may be a victim should contact the SEC at its TCR page

Eyal also pled guilty to criminal charges brought by the New York Attorney General’s office, the man pled guilty to operating three different securities fraud schemes, including the Shopin ICO.

According to CoinDesk, roughly $450,000 in an undisclosed cryptocurrency will be turned over to the New York State Attorney General’s office as part of the plea agreement. Eyal will also step down from his role as CEO of Shopin and he will pay $125,000 in restitution and $475,000 in judgments to investors in Springleap, one of his previous enterprises.

On August 2018, Attorney General Barbara Underwood charged the man with stealing $600k from the investors of Springleap global crowdsourcing company.

Pierluigi Paganini

(SecurityAffairs – Shopin, ICO)

The post SEC Charges Shopin Founder with fraud over unregistered $42M ICO appeared first on Security Affairs.

Network Security Observability & Visibility: Why they are not the same

Guest article by Sean Everson, Chief Technology Officer at Certes Networks

In today’s increasingly complex cyber landscape, it is now more important than ever for organisations to be able to analyse contextual data in order to make informed decisions regarding their network security policy. This is not possible without network observability. Organisations can now see inside the whole network architecture to explore problems as they happen. Observability is a property of the network system and should not be confused with visibility which provides limited metrics for troubleshooting.

With observability, organisations can make the whole state of the network observable and those limitations no longer exist. Observability provides the contextual data operators need to analyse and gain new and deeper insights into the network. This enables teams to proactively make more informed decisions to improve network performance and to strengthen their overall security posture because context is now available to troubleshoot incidents and make policy changes in real-time.

Unfortunately, observability is often miscommunicated and misunderstood, as visibility is repackaged by some vendors and sold as observability, when the two are not the same. Visibility and monitoring have an important role to play but observability is different. Visibility and the metrics it provides limits troubleshooting, whereas observability provides rich contextual data to gain deeper insights and understanding based on the raw data collected from the network or system.

With research showing that the average lifecycle of a data breach is 279 days, it is clear that organisations are slowly putting observability into practice and adopting ‘observability as a culture’. In the case of some well-known breaches, however, the timescales were much longer than that. The Marriott International breach, which was discovered in November 2018, saw hackers freely access the network since 2014. During this time, no unusual activity was detected and no alerts of the hacker’s access were raised.

Additionally, in the British Airways data breach in 2018, data was compromised over a two-week period, affecting 500,000 customers. This resulted in the Information Commissioner's Office (ICO) announcing that it intended to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).

These two examples alone demonstrate how essential it is for organisations to begin to value the ability to understand their systems and behaviour by making their network observable.

Understanding Observability
Simply defined, observability is a measure of how well something is working internally, concluded from what occurs externally. Observability is creating applications with the idea that someone is going to observe them with the aim of strengthening and making system access decisions. The right combination of contextual data can be used to gain a deeper understanding of network policy deployment and every application that tries to communicate across the network. With an observability capability, attackers will therefore have a hard time attempting to make lateral ‘east-west’ movements or remaining hidden in the data centre or across the WAN. In turn, observability can provide a global view of the network environment and visual proof that the security strategy is effective and working.

Unfortunately, it’s not uncommon for infiltrations to go undetected in networks for days, weeks or months. This means infiltrations are going undetected for longer and networks systems are more increasingly vulnerable. To effectively do this, all roles need to see inside the entire architecture. And, when this capability is built in, it is observability that enables greater insight into the overall reliability, impact and success of systems, their workload and their behaviour.

Conclusion
Research shows that companies who are able to detect and contain a breach in less than 200 days spend £1 million less on the total cost of a breach. That’s a figure no organisation can - or should - ignore. Organisations need a cyber security solution that can be measured and traced. Observability provides the contextual data so organisations can take measurable steps towards controlling system access of the network environment. With this type of observable analysis, organisations can gain deeper insights into how to enhance their security policy and detect unwanted access as it occurs.



Sean Everson, Certes Networks CTO

Cyber Security Roundup for July 2019

July was a month of mega data privacy fines. The UK Information Commissioners Office (ICO) announced it intended to fine British Airways £183 million for last September's data breach, where half a million BA customer personal records were compromised. The ICO also announced a £100 million fine for US-based Marriot Hotels after the Hotel chain said 339 million guest personal data records had been compromised by hackers. Those fines were dwarfed on the other side of the pond, with Facebook agreeing to pay a US Federal Trade Commission (FTC) fine of $5 billion dollars, to put the Cambridge Analytica privacy scandal to bed. And Equifax paid $700 million to FTC to settle their 2017 data breach, which involved the loss of at least 147 million personal records. Big numbers indeed, we are seeing the big stick of the GDPR kicking in within the UK, and the FTC flexing some serious privacy rights protection punishment muscles in the US. All 'food for thought' when performing cybersecurity risk assessments.

Through a Freedom of Information request, the UK Financial Conduct Authority (FCA) disclosure a sharp rise of over 1000% in cyber-incidents within UK financial sector in 2018. In my view, this rise was fueled by the mandatory data breach reporting requirement of the GDPR, given it came into force in May 2018. I also think the finance sector was reluctant to report security weakness pre-GDPR, over fears of damaging their customer trust. Would you trust and use a bank if you knew its customers were regularly hit by fraud?

Eurofins Scientific, the UK's largest forensic services provider, which was taken down by a mass ransomware attack last month, paid the cybercrooks ransom according to the BBC News. It wasn't disclosed how much Eurofins paid, but it is highly concerning when large ransoms are paid, as it fuels further ransomware attacks.

A man was arrested on suspicion of carrying out a cyberattack against Lancaster University. The UK National Crime Agency said university had been compromised and "a very small number" of student records, phone numbers and ID documents were accessed. In contrast, the FBI arrested a 33 old software engineer from Seattle, she is alleged to have taken advantage of a misconfigured web application firewall to steal a massive 106 million personal records from Capital One. A stark reminder of the danger of misconfiguring and mismanaging IT security components.

The Huawei international political rhetoric and bun fighting has gone into retreat. UK MPs said there were no technological grounds for a complete Huawei banwhile Huawei said they were 'confident' the UK will choose to include it within 5G infrastructure. Even the White House said it would start to relax the United States Huawei ban. It seems something behind the scenes has changed, this reversal in direction is more likely to be financially motivated than security motivated in my rather cynical view.

A typical busy month for security patch releases, Microsoft, Adobe and Cisco all releasing the expected barrage of security updates for their products. There was security updates released by Apple as well, however, Google researchers announced six iPhone vulnerabilities, including one that remains unpatched.

BLOG
NEWS
VULNERABILITIES AND SECURITY UPDATES
HUAWEI NEWS AND THREAT INTELLIGENCE