With the hacks and Bitcoin for ransome, who's to be blamed?

[CryptSafe]

Recently, there have been series of data and financial hack by hackers from exchanges and kyc verification firms entrusted with customers data, information and funds. The most recent is that of the 1billion Chinese data hack and hacker demanding for 10 btc as ransome.
I strongly believe that information and data of citizens are to be treated with utmost care because it's a private affairs so must be accorded due respect but when the third party entrusted with such information can't show any credibility and reliable feature in playing their role what happens?
It is unfortunate that data information of clients can't be protected with utmost care as a result of breached security measures.
Now I ask though it sounds funny but to be realistic, this is the reality. Who is to be blamed for funds hacks, data leak/hack? Is it the government, security agencies or the kyc firms or the sole organization that demands all customers must under a kyc verification process. Your genuine opinions are all welcomed.

https://www.washingtonpost.com/business/2022/07/06/china-hack-police/

[1714291164]

1714291164

[1714291164]

1714291164

[1714291164]

1714291164

[1714291164]

1714291164

[1714291164]

1714291164

[1714291164]

1714291164

[bitmover]

It is unfortunate that data information of clients can't be protected with utmost care as a result of breached security measures.

There are no clients here. They are citizens.

People are forced to give their data to Chinese government, who cannot even provide the minimum security to handle that data.

Chinese state is a Surveillance state. Data from about 1 billion citizens was leaked.


https://techcrunch.com/2022/07/07/china-leak-police-database/

News of the alleged breach has gone largely unreported in mainland China where restrictions on speech and expression are tightly controlled, and internet access is censored and strictly restricted.

The breach, if authentic, raises questions about the vast scale of China’s surveillance state, the largest and most expansive in the world, and Beijing’s ability to keep that data secure.
,....

It comes at a time when China is stepping up protection for personal data. Last September, China passed the Personal Information Protection Law, its first comprehensive privacy and data protection legislation, seen widely as China’s equivalent of Europe’s GDPR privacy rules. The law restricts how businesses can collect personal data and is expected to have a sweeping effect on the ad businesses of the country’s biggest tech giants, but allows broad exceptions for government agencies and departments that make up China’s vast surveillance capabilities.

In China there is a law to protect citizens of misuse of user data  by private companies, but there are exceptions for government agencies.

[kryptqnick]

As bitmover pointed out, China itself doesn't care about privacy, so I don't think this data should be "treated with utmost care": it should not be gathered and stored in the first place. And while the government of China can't be blamed for the hack itself, it should not have gathered the info about their citizens. Who knows, maybe the data was leaked precisely to show how much China as a state knows of its citizens. So I think better privacy laws, not more KYC requirements, could be a part of the solution. And using surveillance not to monitor regular citizens and what they say about the Communist party, but to look for real criminals.

[naira]

Data leakage from China is unavoidable, even if it is considered a normal action for the government itself to allow access to personal data where it is permitted. I think the government here doesn't care about the safety of its citizens.

Back to the public access that is so easy to provide data without ever thinking that what they provide, is an action that drags the data into the publication area. Because the police give free space to be traded, the pretas proudly explain what is sold to the public on the basis of ignorance of people who provide data for free. Based on the article you shared, the victims still don't realize that their data is being sold.

[Lucius]

Why open a thread like this when there is a topic where you could have asked your question about the specific event -> https://bitcointalk.org/index.php?topic=5405252.0

Bitcoin is completely irrelevant in this story, as it has been countless times before, because ransomware has been around since 1989 and has never been exclusively linked to Bitcoin. Hackers who ask for a ransom in Bitcoin are not very intelligent, because the anonymity they obviously want to achieve is actually the way they will be caught sooner or later.

[jackg]

There's no reason kyc data should be stored online, there's no reason most personal records should be stored online either.

If you have a central library of all the information stored in ways they can't be easily exported (such as: paper or microfiche) by people who don't care about the privacy of the data they need to protect then they'll find it time consuming to export and publicise even a few records (and will probably be easier to find).

[Husires]

Prevention is better than cure Perhaps it is best to try to reduce your access to the Internet and provide as little data as possible.
We can first blame users for providing their data to neglected third parties, and then to the state for not protecting customer data, and finally to the platforms for being interested in profit in exchange for privacy.
But do not forget that any system can be hacked, so if you want to maintain privacy, do not share your data.

[hd49728]

Prevention is better than cure Perhaps it is best to try to reduce your access to the Internet and provide as little data as possible.
We can first blame users for providing their data to neglected third parties, and then to the state for not protecting customer data, and finally to the platforms for being interested in profit in exchange for privacy.
But do not forget that any system can be hacked, so if you want to maintain privacy, do not share your data.

Users are responsible for what they do. Where they visit, what link they click on, what platform (legit or not) on which they use email to register, enter account password and more.

If users are carefully with what they do and have basic knowledge about security, privacy they will have good practice that keeps them safe from hacks.

Exchanges or antivirus softwares can not protect you from all threats. Like if you jump into a massive mud, how do they exit completely clean?

There's no reason kyc data should be stored online, there's no reason most personal records should be stored online either.

Store it online and let it exposed to more risk. Between online and offline, I think there are more online risk than offline risk.

[franky1]

Chinese state is a Surveillance state. Data from about 1 billion citizens was leaked.

The breach, if authentic, raises questions about the vast scale of China’s surveillance state, the largest and most expansive in the world, and Beijing’s ability to keep that data secure.

seems you fell for it...

china is not a surveilance state. you been watching too much fox news..

there are more CCTV camera's per populus in london than there is any other country in the world, including china
also police do not have records on 70% of the population..

shanghei does not spy on the hundreds of millions of chinese in villages dotted around the country.
(you need to learn that not everyone is in shanghei under camera monitoring, using digital cash... majority stil use paper cash. (yes paper cash still exists go to any travel agents and exchange yoour dollars for YUAN, i promise they wont ask you to register to be a CNY citizen just to use cash))

this whole gimmich is a clickbait campaign.. intended to make china look bad by making people assume the worse.

oh and 23kb per person of 1bill population(the assumed 23TB collection). is not much data per person.. heck its not even a 'mugshot' in SD photo format. let alone bank records criminal records and medical records of everyone.


take it from another approach..
if some lame hacker said he had record details of 230million americans stolen from a ohio police station containing all bank, criminal and medical records.. would you believe it.. .. no you would not

even if you cast aside the surveilance state myth that that a ohio police station had everyone on file.. just the limited amount of bytes per person shows the information is not as full as advertised

[Leviathan.007]

There are many hackers and scammers who use bitcoin because of the privacy they can get from it but also there are other hackers who don't sue bitcoin and other cryptocurrencies for their activities and this cannot be all on bitcoin and other cryptocurrencies because years ago because bitcoin the hackers were doing their own activities and using or not using bitcoin didn't change anything about them and crime they do, also the only one to be blames is the person who was the victim of them because of lack of knowledge, not bitcoin, even if they regulate everything and ask for KYC from everyone still we cannot be sure to say the hacker can be tracked by the governments.

[Hydrogen]

Who is to be blamed for funds hacks, data leak/hack?

Statistics claim the majority of electronic data breaches are inside jobs. Disgruntled ex employees or current employees.

A good percentage of ransomware attacks involving crypto are state sanctioned attacks credited to north korea. Electronic attacks planned and executed by nations are difficult to defend against. In the past we have also seen the united states and israel credited with carrying out stuxnet attacks on irans uranium fuel centrifuges.

There is an arms race of electronic vulnerabilities being collected and stockpiled by countries who have zero day attacks stored in vaults. There are many undocumented and unknown exploits to software applications and operating systems used by millions worldwide. There is simply no defense for it. Being patched up to date, won't defend an undocumented vuln that was never released to the public.

Of course governments, intelligence agencies, the corporate sector and approved security practices also factor in. Government and intelligence want backdoors built into everything. The private sector wants monitoring so they can earn extra profits selling end user meta data to the highest bidder. The electronic world is opaque with the inner workings of software and devices being a mystery. If people want things to change, they could push for greater transparency and broadscale adoption of open source code to avoid exploitation and abuse. But I don't think people would recognize the importance.

[BIT-BENDER]

OP can I ask you this, did all the vices you mentioned begin with Bitcoin? If not then why are you even asking such a question, even before I learnt about Bitcoin I always known that Hack existed and so does ransom, placing Bitcoin as the spear head agent of crimes is crazy, Bitcoin Is a commodity and can falls in anyone hands and if the holder uses it for a wrong purpose then they should be caught and booked

[Dunamisx]

Who is to be blamed for funds hacks, data leak/hack?

None is to be blame, if you ask me i will tell you that more times over again with the reason being that if you're in their place you could do worse, things would have been well administered to if done appropriately, why using an exchange that could place you on the lane of loosing your privacy, data and coins by their policy and politics, or probably got hacked all of a sudden without remedy left.

[usekevin]

The blame is not related to the bitcoin,the ransome using the bitcoin as the medium for transaction.Because same ransome used the usd for the transaction,So it’s essential to blame the usd .No,because it’s just the currency of one country.Likewise we can’t blame the bitcoin for the same.The sources of the crime is ransome and terrorist activities and not bitcoin.

[JohnBitCo]

The blame is not related to the bitcoin,the ransome using the bitcoin as the medium for transaction.Because same ransome used the usd for the transaction,So it’s essential to blame the usd .No,because it’s just the currency of one country.Likewise we can’t blame the bitcoin for the same.The sources of the crime is ransome and terrorist activities and not bitcoin.

For ransomware attacks, we cannot blame the medium (currency) to be responsible for these attacks. I know bitcoin is a digital currency and it is easy to get money in bitcoin in a ransomware attack but this does not mean that before bitcoins, there were no ransomware attacks.
The criminals or hackers are the ones who are actually the ones who do these unethical activities and it does not matter if they use bitcoin or fiat currencies.

[Kakmakr]

There are multiple layers to security and there are differences between a LAN and a WAN. Why are companies storing all the KYC data on their WAN and not on external storage that are being archived and not connected to the WAN. 

They can process "new" applicants data online.....and once that is completed, they can shift that data to offline storage to reduce the chances that hackers could get access to that data.

So the blame should be with the people responsible to safeguard it. 

[NotATether]

Now I ask though it sounds funny but to be realistic, this is the reality. Who is to be blamed for funds hacks, data leak/hack? Is it the government, security agencies or the kyc firms or the sole organization that demands all customers must under a kyc verification process. Your genuine opinions are all welcomed.

Neither. It's the AV and operating system companies' faults for not building hacker-proof systems in the first place.

This might sound incredulous to most of you at first, but I have already stated that security as we know it must switch from being a mere defensive wall (aka. brick wall or barricade around the computer) to an outright offensive militia that disables hackers' invading PCs and servers, or maybe even a "Corps-as-a-Service" if you are daring enough to implement that.

You simply cannot expect every company in the world to have enough wall to withstand the penetrations caused by the shells of the hackers' devices (guns).

[CryptSafe]

Who is to be blamed for funds hacks, data leak/hack?

Statistics claim the majority of electronic data breaches are inside jobs. Disgruntled ex employees or current employees.

A good percentage of ransomware attacks involving crypto are state sanctioned attacks credited to north korea. Electronic attacks planned and executed by nations are difficult to defend against. In the past we have also seen the united states and israel credited with carrying out stuxnet attacks on irans uranium fuel centrifuges.

There is an arms race of electronic vulnerabilities being collected and stockpiled by countries who have zero day attacks stored in vaults. There are many undocumented and unknown exploits to software applications and operating systems used by millions worldwide. There is simply no defense for it. Being patched up to date, won't defend an undocumented vuln that was never released to the public.

Of course governments, intelligence agencies, the corporate sector and approved security practices also factor in. Government and intelligence want backdoors built into everything. The private sector wants monitoring so they can earn extra profits selling end user meta data to the highest bidder. The electronic world is opaque with the inner workings of software and devices being a mystery. If people want things to change, they could push for greater transparency and broadscale adoption of open source code to avoid exploitation and abuse. But I don't think people would recognize the importance.

Do you really think so that disgruntled employees can be able to mutter up such gots to that extent of doing such? It's unfortunate that such occurrence can be tracked to employees of organizations if they do such. I think if such should occurr as a means of negligence from their employer, the should seek other means for a redress instead of taking such wicked and drastic measures against their employer and organisation.

No doubt as you have stated that organization want to make profits by letting government in through the back door seems this is most likely a point and spot for such but it's disturbing after luring customers into kyc verification and also involving in such act betraying the trust of your customers on you. It's quite unfortunate.

[romero121]

Finally people make a statement, understanding the pseudonym feature of bitcoin hackers have taken control ove the system requesting ransom. Here everything gets connected to bitcoin in no time, but the truth is that the system have got security issue and the same is being used to breach into the network and request ransom. People need to understand what is really happening when a ransom attack is done than indicating bitcoin as the reason.

[hatshepsut93]

It's a complex issue with no simple answer. There should be a robust digital identity systems instead of everyone uploading photos of their passports to every website that asks them to. And governments should be adopting privacy-protecting laws. And companies should be punished for these customer data breaches, so that they would be more incentivized to invest in their security. Also, companies who illegaly obtain hacked data and use it should also face consequences.