GEOPOLITICA DEL MONDO MODERNO

Category archive

Tech & Cyber

“Bitcoin Forensics e Intelligence sulla Blockchain”. Un saggio per investigatori, ma non solo.

BOOKREPORTER/Tech & Cyber di

Nell’era dell’intelligenza artificiale, dell’internet delle cose e del 5G che stanno cambiando e cambieranno la nostra vita di tutti i giorni, forse fino a stravolgerla del tutto, non tutti sappiamo esattamente cosa siano le criptovalute o come utilizzare la blockchain. 

Il libro “Bitcoin Forensics e Intelligence sulla Blockchain. Aspetti giuridici, economici, fiscali ed investigativi delle criptovalute“, edito dal Capitolo Italiano dell’IISFA – Information Systems Forensics Association Italian Chapter, ed acquistabile anche tramite questo link,  ce lo spiega, rivolgendosi sicuramente ad un pubblico che abbia almeno una conoscenza di base degli argomenti oggetto di trattazione, magari sorretta anche solo da un semplice desiderio di approfondimento.

L’insegnamento di base di questo libro, secondo chi scrive, è che non occorre in nessun modo essere degli ingegneri informatici per comprendere il funzionamento delle criptovalute e della blockchain, ma sicuramente occorre volerle davvero studiare approfonditamente per carpirne al meglio il funzionamento e gli usi possibili, che non sono necessariamente illeciti o oscuri.

Altra premessa fondamentale per avvicinarsi alla lettura di questo libro – che pur trattando di argomenti complessi è scritto con uno stile scorrevole e fluente – è conoscere il background culturale e professionale degli autori.
Scritto “a otto mani”, il testo è stato infatti redatto da Giovanni Reccia, Fabio Pascucci e Marco Stella – Ufficiali superiori del Corpo della Guardia di Finanza, impegnati in una lunga carriera, dall’Alpi a Sicilia, in cui si intrecciano impegni operativi, gravosi incarichi di Stato Maggiore, passione per la legalità – e dal dottore di ricerca Paolo Dal Checco, docente e consulente tecnico d’ufficio e di parte, con un retroterra scientifico e didattico di tutto riguardo, esperto di OSINT e di tecnologie applicate alla sicurezza, che approfondisce nella sua attività di informatico forense.

Per capire a fondo il dossier criptovalute occorre infatti affiancare a delle approfondite conoscenze giuridiche – che tengano conto anche dei più recenti orientamenti giurisprudenziali nazionali e sovranazionali – delle indubbie capacità e conoscenze tecniche e scientifiche.

Differentemente non si può capire perché i  famosi bitcoin (e le altre meno note criptovalute come Monero, Ethereum, Ripple, Litecoin) lambiscano un confine sostanzialmente rischioso per chi decide, in buona fede, di affidarsi ad intermediari per investire in un nuovo business, e costituiscano invece un porto sicuro per chi è dedito al malaffare, al money laundering, alle speculazioni ed all’occultamento di beni e capitali.
Come nascono i bitcoin? Sapete che c’è differenza tra Bitcoin (con la “b” maiuscola) e bitcoin (con la “b” minuscola)? Chi li “fabbrica”? Chi o cosa ne certifica il valore e la validità? Lo scoprirete e lo capirete in questo libro.

Da non sottovalutare anche il tema della blockchain che, come tutte le cose virtuali, si presta ad usi leciti – con risvolti davvero utili nel settore pubblico ed in quello privato – ed anche illeciti, perché consente operazioni il cui tracciamento, se non impossibile, rimane comunque molto difficile.
Un groviglio in cui – quasi come in un thriller science fiction – numerose operazioni finanziarie barely legal – o per niente legal – si incrociano con monete emesse da enti differenti dalle banche centrali,  con un sistema certificatore costituito “da blocchi”, e con il profondo abisso del dark web.

E qui interviene l’aspetto investigativo dell’intera tematica.
Chi conosce a fondo una tecnologia sa perfettamente quanto a fondo gli utenti della stessa possano spingersi, in termini leciti o illeciti. Chi investiga un crimine sa bene quanto abietto possa a volte divenire il comportamento umano.
E così, alla tecnologia si affiancano il pericolo dell’evasione fiscale e del riciclaggio: il possesso di criptovalute è infatti di non facile inquadramento da un punto di vista fiscale e tributario (e questo libro consente anche un veloce ripasso della disciplina normativa su imposte dirette ed indirette, senza trascurare anche di citare alcune brillanti operazioni delle Fiamme Gialle in questo particolare contesto).

Lo studio dei bitcoin e della blockchain consente anche di svolgere delle vere e proprie attività di intelligence a tavolino. Le tecniche di social network analysis infatti, consentono di studiare i flussi delle operazioni compiute con questi nuovi strumenti che – mediante l’impiego di apposite tecniche di visualizzazione dei dati – consentono agli investigatori di giungere al bandolo della matassa.
Esistono tecniche di clustering e tagging messe in campo per contrastare il cybercrime, che vengono illustrate attentamente nel testo.
Qui, bisogna ammetterlo, la lettura si complica un po’, ma chi ha una base culturale ampia – non necessariamente investigativa – può capire l’obiettivo della pubblicazione.
Pensate ai virus ransomware, ai flussi di denaro che generano, alle organizzazioni criminali che li gestiscono, alle minacce alla sicurezza – pubblica e privata – che viene perpetrata in modo sempre più capillare ed organizzato e con tecniche sempre più sofisticate. E’ il cybercrime, appunto.

Ciò che un uomo può inventare, un altro può scoprire

Il pericolo proveniente dalla rete  è ormai oggetto dell’attenzione di varie organizzazioni internazionali – securitarie e non – e tutti i servizi di informazione e sicurezza e le Forze di Polizia del mondo (più Interpol ed Europol) si sono attrezzati e  si migliorano ogni giorno per combattere questa guerra che si svolge su un fronte totalmente liquido e incontrollabile, oltre il quale si cela una minaccia che il più delle volte risulta essere indefinita e asimmetrica.

Poi ci sono i risvolti giuridici e forensi. Aspetti tipici delle aule di tribunale. Si possono sequestrare i bitcoin? Si possono dissequestrare? E’ possibile approcciarsi a questo mondo in maniera lecita e coerentemente corretta con la nostra legislazione penale e tributaria? Quali sono gli errori che commettono gli investigatori nel ricercare la prova o l’indizio di un crimine in questo ambito? Quali sono gli errori che commettono i difensori che debbano prestare la propria opera per dimostrare la legittimità di un’azione in questo settore?

A questo e ad altri numerosi quesiti troveranno risposta i lettori di questo libro. Scritto – lo ripetiamo – per un lettore attento e per un pubblico naturalmente selezionato sulla scorta della sua base culturale, scientifica o giuridica, ma anche per chi voglia compiere il primo passo per affacciarsi in questo mondo, tutto da approfondire e da scoprire.

Ad ogni tipologia di lettore, comunque, non sfuggirà una cosa: quello cyber è un mondo in cui, anche se ci si sa muovere, si lasciano tracce. Sempre.

Nel bene e nel male.

Domenico Martinelli

 

Articolo comparso anche sulla rivista scientifica euNOMIKA a questo link

Tra GDPR e rischi della rete. Il 24 maggio verrà presentato a Viterbo un libro sulla nuova normativa in materia di privacy.

 VITERBO: Tutti, ma proprio tutti, ormai, abbiamo sentito parlare del GDPR, ossia della General Data Protection Regulation. Chi non ha sentito parlare di questo acronimo, però, ha sicuramente percepito che “qualcosa” è cambiato. La privacy stessa, il suo concetto intrinseco, ontologico, ed il suo modo di manifestarsi, sono cambiati. Continue reading “Tra GDPR e rischi della rete. Il 24 maggio verrà presentato a Viterbo un libro sulla nuova normativa in materia di privacy.” »

Focus on Estonia: chapter 2

Tech & Cyber di

As we mentioned in our previous and first article on Estonia, we are now going to concentrate on its evolution in the EU institutions context. Let’s start from something easy to be told. Better: let’s start from something very difficult and technical, but very easy to be explained to readers. Let’s talk about eu-LISA. We mentioned this agency in some of our previous articles last year, speaking about the specularity between UN Agencies and EU ones. eu-Lisa is special, and has no twins in the UN context.

downloadIts acronym refers literally to eu (of course, Europe), L(iberty), I (“I” or “J” mean the same: is the first letter for Justice), S(ecurity), A(gency). The extended name is European Agency for the operational management of large-scale IT Systems in the area of freedom, security and justice.

The Agency is settled in Tallinn, the pretty Estonia’s capital, since 2012, and provides technological support for EU Member States and Institutions, managing the large-scale integrated IT systems whose aims are to maintain internal security in the Schengen countries, to enable Schengen countries to exchange visa data and to determine which EU country is responsible for examining a particular asylum application, according to the well known Dublin system.

The Agency is also in charge to test new technologies to put in place a modern and secure border management system in the EU. For example, it was tasked to put in place and start the testing and follow-up phases of the “Smart Borders” project, the operational step of the “Smart Borders package” drawn by the European Commission, and discussed by the Council of the European Union, in its Justice and Home Affairs modality. This “package” will institute – only after an agreed and well-concluded co-legislation process – an Entry-Exit System (EES) and an European Travel Information and Authorisation System (ETIAS). Both of them are supposed to start in 2020. The first one will ensure border security tracing all the movements of third countries citizens through the external borders of the Union in both directions. Of course, monitoring the flow of tourists and travellers, the system should check visas, passports, ID documents, verifying if any of the checked persons are criminals, terrorists, or involved in some way in illegal immigration or, worst, in migrant smuggling. This EES should in effects prevent and deter crimes related to immigration, terrorism, and human trafficking. In addition, it should automatically alert the law enforcement agencies about the so called “overstayers”, people who exceeded the maximum period of their stay within the EU borders, according to their visa.

The ETIAS will be very similar to the American ESTA, and is instituting a sort of reservation for achieving a permission to travel to Europe. The entrance of this system in the EU legislation environment is meaning that the Schengen Border Code must be changed. But, of course, it will increase the prevention and the prosecution of crimes involving borders and internal security. That’s sure: people suspected to be criminals or terrorists will not be allowed to enter the Union.download (1)

We think that eu-LISA presence in Estonia is a source of pride for this evoluted, smart and resolute country.

The Agency has a management board that meets twice a year and in which all Member States are equally represented, and uses some advisory groups, made of technicians and experts in both the IT and JHA issues. It manages the 3 main JHA systems and databases: the Schengen Information System, the Visa Information System and the Eurodac (whose main task is to collect and examine the fingerprints of people asking for asylum in the EU).

Of course, the Agency studies the way to make Europe safer, from a technical point of view, but has no legislative or cogent powers. It cooperates with single Member States and all the European Institutions – in the JHA area – aging as a high specialized and very qualified consultant and advisor.

 

The Agency is also part of the network of the JHA Agency which, once a year, organize a joint meeting of their key representatives, in order to exchange methodological information, best practices and training. The network chair is rotational and is chosen from all the agencies Directors for one year. The agency which holds the presidency of the network is also in charge to host the meeting in the country in which is settled in. All the Agencies, after the meeting, approve and disseminate a document containing their joint conclusions, whose aim is to make their policies and actions more coherent, deconflicted, and better linked.

eu-Lisa and Tallinn were in charge of this in 2015. Another reason to look to Estonia as a key partner and actor in the EU, which is increasing its role in the european security framework.

Our next step will be a focus on the upcoming Estonian Presidency of the Council of the EU.     

 images

Moscow and the extradition of blogger Alexander Lapshin

Moscow has made a statement on the extradition of blogger Alexander Lapshin, who holds Russian citizenship, to Azerbaijan. “According to the available information, the Supreme Court of Belarus, having considered the case in a closed session on Feb. 7, dismissed the complaint of the citizen of Russia and Israel Alexander Lapshin against the decision of the General Prosecutor’s Office of the Republic of Belarus on his extradition to Azerbaijan. The Russian side expresses disappointment with this decision,” reads a message on the website of Russia’s Ministry of Foreign Affairs. “We intend to continue taking all the necessary measures to protect the rights and legitimate interests of the Russian citizen to quickly return him to his family,” the message said.

Civil pact on nuclear power signed by India and Japan

BreakingNews @en/Tech & Cyber di

Prime Minister Shinzo Abe on Friday signed a civilian nuclear cooperation pact with visiting Indian leader Narendra Modi as he pushed to promote exports of Japanese nuclear technology to keep the teetering economy afloat. The basis of the treaty was agreed on last December, before his three-day visit to Japan. The treaty will allow Japan to transfer nuclear technology-related components and help build reactors in India, where countries like China and France are eyeing opportunities for similar investments.

Behind DYN attack: Mirai malware

Tech & Cyber di

Dyn, Inc. is an Internet management company, offering products to monitor, control, optimize online infrastructure, and a domain registration services and email products that, on october 21st, was attacked with a distributed denial of service and, as a consequence, sites as Twitter, Reddit, Github, Amazon, Netflix, Spotify, Runescape became unreachable.

The double attack took place in the same day agains the company’s DNS infrastructure:

  • First Attack: began around 11:10 UTC against the Managed DNS platform in the Asia Pacific, South America, Eastern Europe, and US-West regions that presented in a way typically associated with a DDoS attack. Mitigation efforts were fully deployed by 13:20 UTC; the attack subsided shortly after:
  • Second Attack: it began at 15:50 UTC and was different from the first. The company managed to cope with the attack at 17:30 UTC, but it really finished in the evening, around 20:30 UTC.

It’s now clear that it was an IOT botnet attack with an open source software called Mirai.

Mirai serves as the basis of an ongoing DDoS-for-hire ‘booter’/‘stresser’ service which allows attackers to launch multiple DDoS attacks.

Nowadays the original Mirai botnet has been modified by users all around the world and high concentrations of Mirai nodes have been observed in China, Hong Kong, Macau, Vietnam, Taiwan, South Korea, Thailand, Indonesia, Brazil, and Spain.

Using thousands of devices all around the world (thanks to Internet of things technologies), with an estimated load of 1.2 terabits per second, the attack is the largest DDOS ever.

U.S. authorities investigations haven’t identified the authors yet, even if Anonymous and New World Hackers claimed responsibility for the attack.

G7 and Japan cyberstrategy

Innovation/Tech & Cyber di

During the last meeting held in Japan last may, G7’s head of state adopted a joint declaration about cybersecurity issues.

Representatives of the biggest 7 economies in the world stated that Internet is a key driver for global economy: openness, interoperability, reliability and security are the cornerstones of this vision, as well as the free flow of informations and protection of human rights on line.

How G7 countries are going to empower their principle declaration?

Firstly, cooperation between all the actors responsible for cybersecurity: governments. business, research and society as a whole.

Secondly, international law: according to the G7 governments it is applicable, including the United Nations Charter, in cyberspace. Furthermore, cyber activities could amount to the use of force or an armed attack within the meaning of the United Nations Charter and customary international law.

A new UN Group of Governamentals Experts (GGE), is expected to discuss more how existing international law can be applied to cyberspace.

Finally, G7 encourage more states to join the Budapest Conventionon Cybercrime and support the work done by the G7 Roma – Lyon Group’s high-tech Crime subgroup.

Even though cybersecurity is one the most important issue in the international agenda, G7 declaration sounds quite predictable without introducing any important innovation in policies.

 

JAPAN CYBERSECURITY STRATEGY

What’s the framework of the country, the third economy in the world?

As most of the cybersecurity strategies, Japan adopted a white paper. The first edition was released in 2013, while a second one in september, 2015.

The Japan Cybersecurity basic act focus on govenerment led and non government actors.

Japan Cert and National Center of Incindent REadiness and Strategy for Cybersecurity are the responsible for developing national cybersecurity policy and ensuing the security of different public sector organizations, to put forward proposals as well the Basic Cybersecurity act.

Public – private partnership is another pillar of this strategy.

Surprisingly, for a country like japan, there are weak points, too, according to a Deloitte’s Asia Pacific Defence outlook 2016.

Japan is an aging country, and its population is quite unaware of the risks of cybercrime: the system as whole is weak because people don’t behave properly in the net.

There few efforts to promote domestic expertise on cyber issues.

Cooperation is a problem, too, because admitting of being attacked a behavior socially unaccepted: frauds or cyberattack are hidden to the community.

Island mentality is another element: japanese believe no threats can hit them because they live on an island protected by the sea. Obviously, it’s not the case when we talk about cyber attacks.

To sum up, Japan is an high-value target for its economic and technology power, and its policies and its approach toward cyber issues doesn’t seem fitting.

 

Leonardo Pizzuti

 

Simulated war, French Army acquires a global license for SWORD

BreakingNews @en/Europe/Tech & Cyber di

Automated war game simulating battles, but with realistic applications. It’s the case of SWORD, the flagship constructive simulation software created by MASA, an innovative company leader in the field of artificial intelligence, which global license has been acquired by French Army. SWORD enables simulated units to act large-scale exercises in the most realistic way possible, while minimizing the combined operating costs and animation effort.

Preparing military staff for action is made much more efficient by training in a realistic operational environment, with joint forces and allies, in a variety of different battlefield scenarios. It means an immediate solution to SOULT (the simulation program for Combined Forces and Ground Logistics Units’ Operations), for the operational preparation of Combined Forces at division, brigade, and battle group command posts. According to Colonel Philippe Dutroncy, (Network Operations Development Service, Land Forces Command), «SOULT will allow the French Army to achieve the following objectives: systematize simulation training as a way to prepare for a wide number of operational engagements, streamline simulation tools deployed in the forces and at training centers, continue expanding the use of simulation for capability preparation or for support on operations.

The flexibility of employment and evolution of SWORD effectively allows us to foresee its use in all types of operational preparation for command posts, but also in training specialist areas (Engineering, Intelligence, Logistics, or CBRN – Chemical, Biological, Radiological, Nuclear), the testing of future military doctrines, the preparation of operations, and for post-operation analysis and conclusions». The military deployment of SWORD is the culmination of a process that responds optimally to the needs expressed by the Armed Forces, which fragmentation has made it necessary to have flexible training tools that let us work effectively with reduced staff numbers and simulate a large variety of situations. The Centre of  Expertise for Information validation and SIMulation (CEISIM), which oversees simulation and digitalization within the French Armed Forces,  will now be tasked to manage the deployment of SOULT and its assimilation by the Army.

Colonel Claude Chary, Commander of CEISIM, adds: «The testing of SWORD, led in conjunction with the military engineering school, conforms perfectly with our policy of deploying simulation solutions whose purpose is to support the decentralized operational preparation of Land Forces. Compatible with the interoperability framework of the French Land Forces, SOULT connects seamlessly with current and future operational information and communication systems».

Viviana Passalacqua

 

Operation “Pangea VIII”. EU against counterfeit medicines.

The Hague: – “Our” European security agency Europol has provided its support to an Interpol operation aimed at dismantling a criminal network involved in the trafficking of counterfeit drugs, through online illegal pharmacies.
“Pangea VIII” is the name of the operation, which ended with the arrest of 156 suspects worldwide, and with the seizure of potentially harmful medicines, worth a total of $ 81 million.
The whole operation involved 115 countries and provided impetus to 429 different criminal cases. 550 were the ads for online sales network and well-removed from the 2,414 sites blacked out.
For the occasion, the European Agency – since its foundation involved in the security of the continent on the strategic plan, and even at the operational one – has seconded its experts at the Interpol HQ in Lyon, France.
Specifically, Interpol specialists and representatives of Europol have shared all the data in their possession, including those from the database held by the Haguean agency, finding numerous matches, useful for investigations.  They also provided valuable legal support to the BKA, the Austrian Federal Police, as well as the Customs Agency and the Health of that country beyond the Alps.

In addition to the discovery of a huge warehouse of counterfeit drugs in Indonesia, the various police forces involved focused on the e-mail accounts, on the domains registerers and on all those involved in delivering of goods and in electronic payments.
Among the drugs seized, they stood out  – obviously – those for erectile dysfunctions, for blood pressure and certain anticancer drugs. Many drugs were expired, or badly preserved and one of the tasks of the organization was right to alter the dates of maturity or the amount of active ingredient present in the contents.

236 was the number of involved police forces and agencies, and of course many of them were European ones.

To be noted is the fundamental and substantial support provided by some private companies and e-commerce giants such as Google, Mastercard, American Express and PayPal.
Another hit scored by the international police cooperation. Even and especially European.

European Agencies and ATM Security.

skimmer_800_800On June 10th, Europol and ATM Security Team reiterated their collaboration in contrasting the so-called “payment crimes”, during one of the three annual meetings of the Team, held to Europol Headquarters in The Hague. “Security team” means EAST, the European ATM Security Team, a European non-profit organization, whose task is to collect and disseminate information to and from installe  rs and bank ATM networks (ATM = Automated Teller Machine).

Europol Centre against Cybercrime (EC3) has signed a memorandum of understanding (MoU) with EAST, in order to further strengthen cooperation in the fight against all forms of crime linked to ATM cards and credit cards, including virtual fraud, i.e. those that are committed in the absence of normal magnetic supports, by malware or other hi-tech techinques, or by physical attacks to ATMs themselves.

The MoU will allow to exchange data and strategic information, between the Agency and the EAST, meaning that one of the three annual meetings of the tastierino-400x300same team will be always held at the Europol headquarters in The Hague, just as has happened for the first time in the abovementioned cisrcumstance.

Beyond the statements made by leaders of the two organizations, Europol has recognized the seriousness of the physical or virtual attacks to ATM systems, and has prepared a document containing guidelines about the threat. The document (the drafting was coordinated by the EAST) will be disclosed in the coming days and is an example of a coordinated response between security agencies and the world of finance banking, aimed to contrast the emerging and increasingly worrying growth of some criminal phenomena such as, for example, the “skimming”.

For non-experts, we point out that “skimmers” are devices that can read the magnetic strip of debit cards and credit cards, directly into the ATM slots. Obviously, the very high nanotechnology of these “readers”, is associated with the use of illegally concealed cameras, positioned in such a way to spy on the finger movements of the money pickers, recording the numbers that form the PIN sequence.Un momento della prima della firma del protocoloo d'intesa

Domenico Martinelli
× Contattaci!
Vai a Inizio