Episode 166 – The Myth of Anonymity in Bitcoin, Cloud 911, and Self Governing on Compliance

Topic 1:  Shredding the Myth of Anonymity in Bitcoin 

 

Wired recently published a long, detailed story of how law enforcement agencies around the world collaborated to bring down the largest child abuse sex network in history. One key element in this take-down is the “trick” of turning bitcoin from an anonymous tool into a perfect record of evidence.

This story truly is the modern equivalent of the Al Capone story. Once agents have access to a few crypto wallets, they can then use the public Bitcoin blockchain data to identify every transaction, and every buyer or seller. All of this data is unique, unalterable, and publicly accessible.

A few key points: 

Bitcoin has been used extensively by criminals on the promise that it’s anonymous and untraceable.

Bitcoin exchanges are “permanent, unchangeable, and entirely public” in nature. Once one Bitcoin transaction is connected to a specific legitimate account, an entire web of related transactions can be built.

https://www.wired.com/story/tracers-in-the-dark-welcome-to-video-crypto-anonymity-myth/

Somewhat related story: Man gets life in prison for traveling to Vietnam to sexually abuse children.

https://www.wistv.com/2022/05/16/man-gets-life-prison-traveling-vietnam-sexually-abuse-children-doj-says/

 

Topic 2: 911 Needs to Move to the Cloud. What’s taking so long?

 

“Modern” 911 systems are actually old, outdated, and far more complex than they would be if you rebuilt the system from the ground up.

But rebuilding all that infrastructure takes time and costs money. Plus, if you get it wrong, people die.

https://www.protocol.com/enterprise/emergency-911-cloud-contact-center

 

Topic 3: CISA Addresses Self-Attestation for IT Service Security

It would be impossible to have government agencies test and verify everything they are charged with regulating. But, as we saw with Boeing’s 737 Max, there are real consequences for letting companies regulate themselves.

The Computer Information Security Agency just released “guidance” around security services sold to government agencies. Basically, they want companies to declare (and eventually document) their compliance with security frameworks such as CMMC.

Note that the National Institute for Standards and Technology released similar guidance as well, in addition to being the home of CMMC and other standards.

See: https://www.nextgov.com/cybersecurity/2022/05/nists-supply-chain-security-guidance-tells-agencies-look-fedramp-first/366564/ 

Quote from the NIST report: “The external system service providers discussed in this publication include cloud service providers.”

See: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf 

https://www.nextgov.com/cybersecurity/2022/05/federal-ciso-recommendations-acquisition-council-software-procurement/367351/ 

 

Vendor Memo: Gozynta 

Did you know that the average MSP spends 10 hours manually inputting accounting data each week?

That time is 120 prospect calls, a month’s worth of the Business of Tech, or building an entire lego death star.

Gozynta Mobius can make your life easier through accounting automation.    

Automatic sync of invoices, expenses and inventory from ConnectWise Manage into QuickBooks Online in just a single click of a button.

With onboarding, direct support, and regular feature releases, Gozynta is a family owned company dedicated to making software suck a little less each day. Visit us at gozynta.com

 

🙂

 

Liked it? Take a second to support Dave Sobel on Patreon!

Leave a Reply