Friday, March 1, 2019

Gerald Cotten and the ultimate in security

This is an old story, but worth repeating.

It's the story of digital asset (i.e. cryptocurrency) exchange Quadriga CX and its CEO, Gerald Cotten.

Cotten was always conscious about security -- the laptop, email addresses and messaging system he used to run the 5-year-old business were encrypted....He took sole responsibility for the handling of funds and coins and the banking and accounting side of the business and, to avoid being hacked, moved the "majority" of digital coins into cold storage.

In some ways, this is the perfect security setup. Noted security expert Benjamin Franklin has been known to observe that three can keep a secret if two are dead. After all, when two people know a secret, social engineering techniques can be used to pry the secret from one of them.

Assume, for example, that the nuclear launch codes are only known by Donald Trump and Mike Pence. Even though Jared Kushner does not know the codes, he could social engineer Pence by angrily calling him and saying, "The President needs the nuclear codes NOW!" If Pence agrees to provide them, security is broken.

So Cotten's approach to security is understandable, and in fact it could even be classified as perfect.

Too perfect.

Because, you see, Cotten died late last year.

The problem is, [Cotten's widow Jennifer] Robertson said she can’t find his passwords or any business records for the company. Experts brought in to try to hack into Cotten’s other computers and mobile phone met with only "limited success" and attempts to circumvent an encrypted USB key have been foiled....

"After Gerry’s death, Quadriga’s inventory of cryptocurrency has become unavailable and some of it may be lost," Robertson said, adding that the company’s access to currency has been "severely compromised" and the firm has been unable to negotiate bank drafts provided by different payment processors.

This inability to access "about C$190 million ($145 million) in Bitcoin, Litecoin, Ether and other digital tokens" not only impacts the company, but also its customers.

But hey, the system's secure!
blog comments powered by Disqus