The Hutch Report

The Digitisation of Fraud

By | Cryptocurrency, Law, Money, Technology

Whether we speak about the new economy; the old economy or any economy, fraud is still fraud. It is the wrongful or criminal deception intended to result in financial or personal gain. Yet even though there has been a large amount of publicity surrounding some very high profile cases of fraud nothing seems to change. Auditors and accounting professionals seem to remain impotent when it comes to fraud detection.

The truth is, the audit of traditional financial statements were never designed to detect fraud. The audit is simply a process of checking a company’s math and application of accounting rules. This is probably why it has been so prevalent in large corporations in spite of the fact that they have an army of accountants from the largest auditing firms scouring their books yet no cases of deception to show for it.

According to the findings in the “Report to the Nations on Occupational Fraud and Abuse” study released by the Association of Certified Fraud Examiners in 2014, the higher-ranking the fraudster was, the greater the losses. In addition, financial fraud is more difficult to uncover because the perpetrators have less of an emotional connection to what they are doing than they do for other types of crime. The fact that they are not actually touching money as opposed to fudging documents, they feel less guilty of committing a crime.

There seems to be less leniency towards drug dealers and petty criminals as opposed to, say bankers, but the truth is financial fraud has destroyed just as many or more lives through the theft of millions taken from shareholders and pensions plans.

The report estimated that the typical organisation loses five percent of its revenues each year to fraud. That would work out to a global impact of $3.7 trillion, however, it is also believed that there are so many more cases that are not discovered.

So now we find ourselves living in a digital world with the increasing development of the Internet and our dependence on it. We have seen the introduction of the blockchain with which has come the proliferation of a number of crypto-currencies chief among those being Bitcoin.

With the advent of a new technology that has the capacity to disrupt our financial system, it is not surprising that with it comes a new breed of criminals. Cybercrime is already costing the U.S. economy as much as $120 billion a year and as much as $1 trillion globally, according to a study released in 2013 by McAfee and the Centre for Strategic and International Studies. Seeing that it is so difficult to regulate Bitcoin, it has been the tool of choice for these cybercriminals.

It is not surprising to see so many come out and chastise this new technology, especially those with a weak understanding of its merits. Equally not surprising is the large number of financial industry participants at the forfront of these critisisms. Ironically it is those same participants who have already been responsible for billions of dollars of fraud in our financial system.

The truth is, it doesn’t matter what the weapon is. If you kill somebody using a gun, knife, poison or your own hand, the end result is that they are still dead. If you steal money from someones purse, removed the funds from their bank accounts, knowingly overcharged them for services never rendered or expropriated funds via Bitcoin, the result is the same.

Liberty Reserve was founded in Costa Rica by Arthur Budovsky. Through his website it was possible for anyone to transfer money with very little regulation. The only required details were name, e-mail address, and birthday. Liberty Reserve never actually handled the funds, as it converted the fiat deposits into Liberty Reserve Dollars or Liberty Reserve Euros, whose values were pegged to the value of the US dollar and euro respectively. This made it ideal for funneling criminal funds. The authorities eventually closed in on Budovsky’soperation and shut it down. In January 2016, Budovsky pleaded guilty to money laundering and admitted that he had secretly moved at least $122 million.

When it comes to Bitcoin, the case that is cited the most is that of the Silk Road bust. In the Silk Road case the federal government had seized more than $33 million worth of bitcoin from the computers of the site’s alleged founder, Ross William Ulbricht. It is believed that the operation generated roughly $1.2 billion in sales over three years. Tracing that money and recouperating it would be deemed as next to impossible.

We can compare these two “digital” cases with that of Enron. Enron Corp. was essentially an energy trading company that reached dramatic heights, only to face a dramatic collapse. The story ended with the bankruptcy of one of America’s largest corporations. Enron’s collapse affected the lives of thousands of employees and shook Wall Street to its core. At Enron’s peak, its shares were worth $90.75, but after the company declared bankruptcy on December 2, 2001, they plummeted to $0.67 by January 2002. Enron shareholders filed a $40 billion lawsuit although only ended up receiving limited returns from the lawsuits, despite losing billions in pensions and stock prices. This was the largest bankruptcy in US history until Worldcom a few years later.

The means and methods were different in these cases but the results were the same. Fraud is fraud.

The Hutch Report

The Blockchain & Smart Contracts – Are They Legal?

By | Business, Cryptocurrency, Law, Technology

Earlier this year there was a lot of press about whether or not Donald Trump asked FBI Director James Comey not to fire Michael Flynn, who was forced to resign in February. According to James Comey’s testimony before congress Trump said, “I hope you can see your way clear to letting this go, to letting Flynn go. He is a good guy. I hope you can let this go.”

One of the keys to that statement from a legal point of view lies in that word “hope.” It is a common word, employable as both a noun and a verb, and it boasts an extraordinary breadth. We may say, “I hope to catch the 6:42 a.m.,” or “I hope the kids don’t catch a cold.”  So where do the hopes that Comey cited, in his own words and in his reports of others’ speech, belong?

This example is not meant to refer to contractual law, but it is intended to present the important part that language plays in law, and lawyers can be very clever about how they use their words and frame their sentences. So what does this have to do with smart contracts and the blockchain? Probably everything because the law is made of words and the interpretation of those words.   Coders and Lawyers don’t speak the same language so if a certain language is coded into a smart contract that is not coherent with legalise, that contract could be tested.

So what is a smart contract?

Smart contract is a term used to describe computer program code that is capable of facilitating, executing, and enforcing the negotiation or performance of an agreement (i.e. contract) using blockchain technology. The entire process is automated can act as a complement, or substitute, for legal contracts, where the terms of the smart contract are recorded in a computer language as a set of instructions.

As explained by Ethereum Founder, Vitalik Buterin, at the DC Blockchain Summit 2016:

Suppose you rent an apartment from me. You can do this through the blockchain by paying in cryptocurrency. You get a receipt which is held in our virtual contract; I give you the digital entry key which comes to you by a specified date. If the key doesn’t come on time, the blockchain releases a refund. If I send the key before the rental date, the function holds it releasing both the fee and key to you and me respectively when the date arrives. The system works on the If-Then premise and is witnessed by hundreds of people, so you can expect a faultless delivery. If I give you the key, I’m sure to be paid. If you send a certain amount in bitcoins, you receive the key. The document is automatically cancelled after the time, and the code cannot be interfered by either of us without the other knowing, since all participants are simultaneously alerted.

A Smart Contract Example

Here is the code for a basic smart contract that was written on the Ethereum blockchain. Contracts can be encoded on any blockchain, but Ethereum is mostly used since it gives unlimited processing capability.

On March 10, 2017, Yale Law School put together a panel for a discussion on the Blockchain: Smart Contracts which included Scott O’Malia, Chief Executive Officer, International Swaps and Derivatives Association who explained that these contracts are all fine when everything is working but when there is a conflict that arises then you need to fall back on traditional legal documents, which are based on many different legal statutes.

Buterin proposed some ideas that appeared in an FT Alphaville article:

Buterin envisages the use cases as follows:

  • Using smart contracts for events that are potentially highly subjective
  • Arbitration in decentralized crowdsourcing and on-demand economy applications
  • Storage or distribution of funds (eg. one use case is a will where you do not want to force the recipient to set up a private key or learn about ethereum unless they actually need to)
  • As an emergency backstop measure to get funds out of a smart contract if they are stuck for a long time

Scott O’Malia took issue with Buterin’s idea that any conflicts that arose could be arbitrated by decentralized crowdsourcing. O’Malia said, “Too much has gone into all of this to really just turn it over to a coder’s dream world.” “There are established standards and codes.”

There is an assumption that the blockchain and smart contracts will replace many legal participants but this is, for the moment, far from the truth. There are already governing bodies, including that of O’Malia’s, that are already looking at solving the problems of how to take legal agreements and turning them into executable code and what the standards around that will be, which documents do you work with first, how to establish common domain standards, protocols etc. The legal community sees the value in smart contracts as being a tool to capture evidence, however they are seen as being valuable for executing only certain points and forms of contracts and therefore limited in their scope.

The idea that programmers and coders will essentially plug a bunch of these smart contracts into the blockchain and do away with a large part of the legal system is not very realistic. A current problem is the fact that contracts and all legal documents are written by people. Computer code is also written by people. It becomes a technological problem when you don’t have a lawyer who has the ability to code, or vice versa. Therefore it will be necessary for lawyers to learn how to code or coders to be trained as lawyers. There is no current effort to accomplish this.

The blockchain is a decentralized entity. It doesn’t recognize borders. How would a smart contract between geographical locations, that abide by different legal systems, be managed? It will take time to fix these things.

There are still very clear advantages to smart contracts. When something needs to be verified you have the cost of verification. This requires an audit which requires resources and can be very costly. The blockchain has the ability to track attributes and data integrity at a very low cost.

In spite of all these issues, the hype cycle often assumes that technology will radically change things overnight, yet they rarely do. Software has bugs and needs to adapt, and although that is not a reason to not adopt the technology it does often take more time than anybody expects. The first email was sent in 1971 and needed 25 years before there was widespread adoption. Now it is an afterthought.

Laws are complex and probably many times more complex than they need to be yet that is how the system has evolved. Technologies like the blockchain and cryptography will hopefully help to simplify many parts of it yet it is hard to imagine how this industry can be easily disrupted.

At the first sign of trouble the place you are most likely to run to is the lawyer’s office!

The Hutch Report

10 Ways Governments Could Stop Cryptocurrencies

By | Cryptocurrency, Economics, Law, Money

Governments do not react well to threats to their center of control. As of November 2017 there are roughly 1340 cryptocurrencies with a market capitalisation of roughly $450 Billion (when we first published this piece in June it was $114 Billion) of which Bitcoin makes up about 62%. So, it is no surprise that governments are becoming more vocal and putting together tasks forces on how to deal with it.

The bankers seem to be even more worried. They don’t take kindly to non centralised competitors moving in on their turf. After all, they wield an enormous amount of influence and make staggering amounts of profits.

As cryptocurrencies are now gaining more exposure and interest among the general public, bankers are now becoming more fond of government regulators. It is the hope of the bankers that the government will try and regulate the cryptocurrencies out of existence should they become too menacing.

“Virtual currency, where it’s called a bitcoin vs. a U.S. dollar, that’s going to be stopped,” said Dimon. “No government will ever support a virtual currency that goes around borders and doesn’t have the same controls. It’s not going to happen.” — JP Morgan CEO Jamie Dimon


So, should the US government, or any other government attempt to take on Bitcoin, Monero, Steemit or any of the large number of cryptocurrencies, what could they actually do?

“Virtual currency, where it’s called a bitcoin vs. a U.S. dollar, that’s going to be stopped,” said Dimon. “No government will ever support a virtual currency that goes around borders and doesn’t have the same controls. It’s not going to happen.” — JP Morgan CEO Jamie Dimon


So, should the US government, or any other government attempt to take on Bitcoin, Monero, Steemit or any of the large number of cryptocurrencies, what could they actually do?

  1. Any cryptocurrency is at risk of being made illegal by any government. Owning and operating a money transmitter service in the U.S. is “illegal” unless it is registered with State agencies. This is also true if one uses Bitcoin or any other cryptocurrency to exchange for fiat currency. Bitcoin is not immune from State or Federal laws regulating the flow of money, and agents can track bitcoin transfers over the blockchain.
  2. Regulation to date has been minimal, but history tells us that governments rarely preference light regulation — it just takes them a while to catch up with technology. There are a large number of issues that any government could regulate when it comes to cryptocurrency use among the public. In 2013, the U.S. Senate held the first hearings on Bitcoin. In that same year, FinCEN released the first announcement by any government agency related to the technology. The IRS was also the first tax agency in the world to clarify the tax treatment of Bitcoin and other digital currencies. Additionally, BitLicense in New York was the first licensing regime in the world directed at digital currencies.
  3. Cryptocurrencies do work with an exchange rate, therefore, governments could manipulate the exchange rate of bitcoin, ethereum or other. This is by no means unfamiliar territory for most.
  4. It’s not difficult to imagine the US or the European Union coming up with a new definition for cryptocurrencies as, say, an investment, with all net gains taxed at 30 per cent. For example, the U.S. tax authority, the IRS, has classified cryptocurrencies as “property” for the purpose of federal taxation, whereas the Treasury Department’s FinCEN has classified cryptocurrencies as “value” for the purpose of AML/CFT (Anti-Money Laundering and Countering Financing of Terrorism Act) obligations.Other jurisdictions have taken a different approach, avoiding a formal classification and focusing instead on the nature or type of transaction being conducted.
  5. Governments could exploit the transparency of the blockchain and punish people for holding cryptocurrencies at all. This has been seen in the past as in the case of Gold.
  6. The NSA or some other entity with both the budget and experience create a VLSI (Very Large Scale Integration) project to both develop and deploy an ASIC (application-specific integrated circuit) design that would result in a 51% attack.
  7. International regulation could be developed that significantly inhibits one’s ability to exchange Bitcoins, or other, for local currencies. Essentially forcing the cryptocurrencies underground like a drug cartel thereby adding to de-legitimisation.
  8. It is possible for a mathematician to gain government support in finding a way to break ECDSA (Elliptic Curve Digital Signature Algorithm or ECDSA is a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners). However, it is very unlikely that this would happen.
  9. The media alongside a covert multi-government effort could conduct several propaganda campaigns to sway public opinion that the cryptocurrencies are either a massive scam or somehow bad. This has already been seen in the example of IMF, government and banking representatives conditioning the public to equate cryptocurrencies with fraud, terrorism financing, money laundering etc.
  10. Regulations could be adopted to monitor and control the crypto exchanges. A government has the purchasing power to buy up large quantities, drive the price up then sell and collapse it, thereby massively increasing volatility. These market fluctuations could be aggravated by a covert government programme of destructive funding and public disinformation. This would make doing business in any cryptocurrency more difficult.

The Treasury Inspector General for Tax Administration commissioned a report last year to study their options. The overall objective of the review was to evaluate the IRS’s strategy for addressing income produced through virtual currencies. It included the following recommendations:

  • IRS management needs to develop an overall strategy to address taxpayer use of virtual currencies as property and as currency.
  • The Deputy Commissioner for Services and Enforcement should request the Large Business and International Division, the Small Business/Self-Employed Division, and Criminal Investigation to develop a coordinated virtual currency strategy that includes outcome goals, a description of how the agency intends to achieve those goals, and an action plan with a timeline for implementation. In addition, the strategy should use the tools available to the IRS and identify how the IRS is going to meet its BSA, criminal investigation, and tax enforcement obligations as related to virtual currencies as well as identify how actions will be monitored and the methodologies used to measure the actions taken.
  • The Deputy Commissioner for Services and Enforcement should take action to provide updated guidance to reflect the documentation requirements and tax treatments needed for the various uses of virtual currencies.
  • The Deputy Commissioner for Services and Enforcement should revise third-party information reporting documents to identify the amounts of virtual currency used in taxable transactions.

So the US IRS is now on the prowl, as I imagine many other international government bodies. Nobody should forget that Bitcoin and all cryptocurrencies are still an experiment. Nobody really knows how this will play out in the future. Stay tuned!

If you enjoyed reading this post, please recommend and share it to help others find it!

The Hutch Report

Artificial Intelligence Gone Mad

By | Law, Science, Technology

It was around 10pm last night when I heard a knock at my door.  I could suddenly see the police lights flashing through the window as I got up to answer it. As I opened the door I began to get that sick feeling in my stomach like something had gone terribly wrong.

“Are you the owner of a rhenium based robot that anwers to the name of Kurt?”, the police officer asked. “Yes I am,” I answered.  “Is there a problem?”

The police officer explained, “apparently your robot lost control and went on a rampage over by Valley Mills Mall.” “There are currently 15 dead and 35 serious injuries.” “We were able to disarm and neutralise it before it was able to do any additional damage.”

I was in shock. I knew what this meant but I just couldn’t believe it. I had been working with that robot for 5 years and never had any problems at all. “I don’t understand, how could this have happened?”

The officer continued, “we have reason to believe that your robot was hacked by a Libyan technology terrorist organization.” “Would you please come with us, we are placing you under arrest.”

He proceeded to read me my rights, “as an owner of a rhenium based singularity cast robot, you are under full responsiblitiy for any malfunctions that may cause due harm to any citizen of said municipalty and will be held in contempt for any damages that said robot should inflect. All security flaws and infiltrations are under your responsiblity should they happen to be breached.” I collapsed at their feet, my life was ruined.

It got me to wondering as I contemplated this scenario. What will robots actually be like in a world of advanced artificial intelligence? The race is on and some think we may imagine a similar scenario much sooner than later.

Robots are getting “smarter” and in some cases, with more human-like qualities such as facial recognition features, all of which is helping propel their popularity and usability. IDC estimates that in 2020, worldwide spending on robotics will be at $188 billion. Robots today are mostly in the manufacturing industry, but the consumer and healthcare sectors are up-and-coming in their robotics adoption, according to IDC.

Robots will soon be cleaning our homes, performing surgery and even building skyscrapers. But a top security firm claims that robots – including those currently on the market – could attack humans, burgle homes and wreak havoc on a factory floor. Researchers claim that robots could ‘poison family members and pets by mixing toxic substances with food or drinks’.

It all sounds a bit fartetched and belonging in an episode of the Xfiles yet new research is showing that robots and their control software are full of critical and painfully obvious security flaws that make them easily hackable and take control of a robot’s movements and operations for spying or causing physical damage – and even posing a danger to humans.

Even today, robots integrated with home automation systems could unlock and open doors and deactivate home alarms and even if robots are not integrated, they could still interact with voice assistants, such as Alexa or Siri, which integrate with home automation and alarm systems. “If the robot can talk or allow an attacker to talk through its speaker, it could tell voice-activated assistants to unlock doors and disable home security.

A number of organizations already make use of smart robotic technology and according to IOActive researcher’s Lucas Apa, “It’s very difficult to distinguish between a robot that’s been hacked” and one that’s not, he says. According to IOActive, once a robot has been hacked it is very difficult to restore the robot back to its original state. The customer would therefore be stuck with a hacked robot.

Dan Baily, founder and CEO of Lab Mouse Security says that a serious concern today is way in which a robot associates itself with its owner, and what happens when that owner hands it over to another owner or user. This could pose security and privacy risks. If you happen to have a robot with a previous owner it is unclear how you could be protected if the previous owner still had access to the robot.

The following list provides a number of way that a robot could be hacked and infiltrated:

  1. Microphones and cameras: Microphones and cameras can be used for spying and surveillance, enabling an attacker to listen to conversations, identify people through face recognition, and even record videos.
  2. Network connectivity: Some robot services are vulnerable to attack from home, corporate, industrial networks or the Internet.
  3. External services interaction: The robot owner’s social networks, application stores, and cloud systems could be exposed by a hacked robot.
  4. Remote control applications: Mobile applications or microcomputer boards can be used to send malicious commands to robots.
  5. Modular extensibility: When a robot allows installation of applications, it can also allow installation of custom malware.
  6. Safety features: Human safety protections and collision avoidance detection mechanisms can be disabled by hacking the robot’s control services, such as autonomous cars.
  7. Main software: When a robot’s firmware integrity is not verified, it is possible to replace the robot’s core software and change its behavior in a malicious way by installing malware or ransomware.
  8. Autonomous robots: A hacked autonomous robot can move around as long as its battery continues to provide power.
  9. Known operating systems: Many robots use the same operating systems as computers, many of the same attacks and vulnerabilities in those operating systems apply to the robots as well.
  10. Network advertisement: It is common for robots to advertise their presence on a network using known discovery protocols.
  11. Fast installation/deployment: Many vendors do not highlight the importance of changing the administrator’s password in their documentation, a user may not change it during fast deployment. This means that any services protected by this password can be hacked easily.
  12. Backups: Configuration files and other information may be backed up on the robot vendor’s cloud or the administrator’s computer.
  13. Connection ports everywhere: Physical connectivity ports lacking restriction or protection, could allow anyone to connect external devices to the robots.

Ray Kurzweil, the famed American author, computer scientist, inventor and futurist, predicts that by 2045 computers will be a billion times more powerful than all of the human brains on Earth. Bill Gates calls him “the best person I know at predicting the future of artificial intelligence.”

Kurzweil believes that once the computers can read their own instructions, well… gaining domination over the rest of the universe will surely be easy pickings. One can imagine what this will mean for the development of robots. However, he doesn’t seem to worry about reprecussions of his own forecasts or being enslaved by a master robot race. He believes technology will make us better, smarter, and fitter,  unless of course a robot of his own making liquidates him first!