“Beware Of Security Issues With Ledgers” 13 Blockchain Insider Tips With Kara Coppa, Cofounder of BLAKFX
“Most of the blockchain ledgers rely on mining and by removing the miners, we can facilitate true peer-to-peer or person-to-person exchange thus eliminating any middle-man. And, we can still realize the many benefits of a distributed model without the need for miners — such as making it secure, faster and cost-effective.”
I had the pleasure to interview Kara Coppa, the cofounder and COO of BLAKFX
What is your “backstory”?
Security has always been my forte. From my first job securing the network in my parent’s family business to protecting the most sensitive communications of world leaders and human rights activists, security has been at the core of my contribution to society. My formal training and education started twenty years ago as a college student. I completed undergrad and graduate degrees in the security of information systems followed by a number of industry certifications. After completing my degrees, I worked for a telecom startup and pioneered managed security services, but still yearned to make a bigger impact to society and that’s when I landed a job in information assurance and compliance as a government contractor for the United States Department of Defense.
I worked in a highly secure military installation where I barely saw the light of day in a SCIF (sensitive compartmented information facility) environment. I secured and monitored the network backbone operations center to support warfighter communications, thousands of global military users and the Blue Force Tracking System — a GPS-enabled capability that provides military commanders and forces with location information to eliminate friendly fire. I improved organizational readiness with the implementation of formalized incident response plans and procedures. I also pioneered the first intrusion prevention system (IPS) for the military base and transitioned the backbone protection to a proactive, cutting-edge solution. It was an incredible opportunity, to say the least, and a rewarding experience to contribute towards protecting the communication networks that supported our troops overseas. It was really an eye-opener into the importance of security and how real the threat of cyber-espionage really was and continues to be and thus inspired me to continue to think bigger when it came to security.
During that time, I was also working on a community service project for the state of NJ and co-founded United Alert, an emergency alerting and secure communication system, which became the official emergency alerting network for the state of NJ. I worked closely with the New Jersey Office of Emergency Management, the New Jersey Office of Homeland Security and Preparedness and the Regional Operations Intelligence Center to train staff and roll out the system as NJ-Alert in 2009. The service was donated to the state of New Jersey and other national and international government entities in an effort to raise awareness and protect lives and property.
After working for the military for a few years, I decided to move on to a Wall Street financial services firm, Pershing, LLC, a BNY Mellon company, where I managed the integration of the global information security program for mergers and acquisitions. I was instrumental in building a security threat management program to improve and automate threat detection and response while reducing operational costs and resources and received an award for my outstanding achievement in 2009. I became an ambassador for the information security team and provided security awareness training sessions across all business units and acceleration programs for the entire parent company BNY Mellon. I was accepted into the firm’s Women’s Initiative Network (WIN) mentoring program in 2011 and invited by the COO to participate as one of twenty people in the firm’s first Innovation Think Tank Program in 2012.
After five years in the financial industry, I co-founded Wickr, which quickly became the most secure messenger in the world to protect intellectual property and sensitive communications of world leaders, government agencies and human rights activists. I not only co-authored many of the United States patents for Wickr’s underlying security technology, but I had to wear many hats as a startup entrepreneur. I created and managed the day to day operations including the development and integration of policies and procedures, financial analysis and projections, budgeting, resource allocation, training, administration, risk management and information security. I’ve since moved on from Wickr and after a brief stint in cyber resiliency and defense for national security-related projects, I was drawn back to the innovational freedom of startups and co-founded BLAKFX.
Can you tell me about the most interesting projects you are working on now?
I’ve recently created some fresh patent-pending security technology and co-founded a security tech company called BLAKFX. Cryptocurrency theft is the biggest problem in the industry and so our mission is to create the most secure cryptocurrency in the world, but also make a massive contribution to this revolutionary blockchain technology and make our security available to all the rest of the cryptos out there. We want to bring confidence to the crypto market and so we’re making our cutting-edge technology available as a platform or security service. By providing protection in this new market we will in turn support innovation and growth.
Our goal is to unleash the power of humanity and empower individuals so they are free to create ideas that could potentially enhance the lives of millions of people and make the world a better place. Blockchain began with a currency and inspired the creation of many more altcoins. It has since progressed into tokenization and there are assets being digitized like real-estate and yachts to name a few and they too need to be protected. With our solution, tokenized assets and crypto coins will have a trusted ecosystem in which they can flourish and enhance their businesses by launching on our secure platform to exchange in an environment that is free of interception and theft.
None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story about that?
My parents. I was fortunate to grow up in a household supported by an entrepreneur. At a young age, I learned invaluable lessons in business and economics — the true value of a dollar, how each customer’s satisfaction is critical to your success and how small businesses contribute to the greater economy.
I’ll never forget my first responsibilities were polishing the brass and sweeping the floors and I was shocked…and thought…i’m the bosses daughter…this is so degrading! But I was paid to do it and so I learned quickly there is no shame in work to make an honest living and you have to know first hand what it takes in all aspects of the business to create a successful business.
I eventually gained exposure to management and the importance of building a trusted team. Before I even graduated high school, I learned how important it is to value the input of your teammates, trust and empower them. If you want someone to work hard for you, you have to lead by example, not be afraid to get dirty and dig into the trenches with them.
Kindness is also key, whether you’re making a customer happy so they’ll come back or your working with a co-worker on a solution it’s important to always remember to be kind. Plus my dad used to always say “always be nice to others when you’re going up the ladder for someday you may meet them on the way down”.
What are the 5 things that most excite you about blockchain and crypto? Why?
1. Cryptocurrencies empower people with the opportunity to create in ways that were never possible before. ICOs are a novel type of crowd-funding to support innovative projects.
2. Tokenized assets are very exciting — people can participate and partake in ownership of things that were not achievable before such as high-end real-estate and luxury yachts.
3. They improve and streamline many industries such as airport and airline operations in the way they process flight data.
4. They remove the need for trust in one entity being a decentralized network — The concept of decentralization is trust-less such that power and trust are distributed.
5. And last, they are definitely an attractive and very lucrative means of alternative investments.
What are the 5 things worry you about blockchain and crypto? Why?
1. Security Misconceptions — the biggest heist in history occurred last year when $530M worth of NEM crypto coins stolen from Japan’s Coincheck. The general public thinks blockchain and cryptos are secure, when in fact blockchain, for example, is completely transparent by design. And, the cryptos that do attempt security are not experts in security and so they don’t provide complete solutions. In addition, their solutions are not transparent to the users. Investors shouldn’t need to be security experts and understand the underlying technical principles of cryptocurrency, security and the concepts of public and private keys and multi-factor authentication and why it’s important to use cold storage, multiple keys and an air-gapped (offline) system to increase their protection. Traditional investments are protected with security measures required to be instituted by banks that are held accountable with regulation and backed by national deposit insurances such as the FDIC to maintain stability and public confidence in financial systems. Many traditional investors and the general public are standing on the sidelines waiting for regulations and maturity of the crypto market to get to this level of service and with the right technological advancement, it can be achieved sooner than later.
2. Mining Issues — For the blockchains and coins that require mining, the issues I take are two-fold. The first is that mining unnecessarily adds a great deal to the pollution of our planet. According to digiconomist.net, to mine 1 bitcoin, it requires the same amount of energy that can power 26.41 U.S. households. The energy consumption for mining coins is off the charts with a carbon footprint per transaction of 382.9kg of CO2.
The second issue is that millions of anonymous and unverified miners pose a potential security threat to the integrity of the entire system. The concept of decentralized mining is trust-less such that power and trust are distributed, but with the ability to generate mining profits in the millions, this technology has become a massive target for theft. It will be difficult for such a system to prevail when its core purpose is jeopardized and the community is left to entrust cybercriminals to process their crypto assets.
February 2018, a Monero miner hack made the headlines, “Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers” The mining process was legitimate, but the profits were illegal. The miners were actually cybercriminals that hacked 500,000 computers around the world and used them to execute the work. They infected computers with malware, installed the Monero mining software on them, and with enough machines and computing power, they netted millions of dollars in illegal mining profits. Overusing the hardware of the compromised machines also left some computers physically damaged beyond repair, and it raises another question, what else did the hackers steal or do to those computers?
3. Security issues with wallets — A wallet can only be considered secure if it can properly manage private keys. This is why private keys are a huge target and the protection of them via wallet security and human behavior are so critical. There are many successful hacks including brute force, interception, and impersonation that take place every day. There aren’t any solutions out there that are using complex encryption techniques that use multi-cipher and multi-layered algorithms protecting every key and transaction.
4. Security issues with ledgers — most of the blockchain ledgers rely on mining and while I’ve already mentioned the issue with mining it should also be noted that by removing the miners, we can facilitate true peer-to-peer or person-to-person exchange thus eliminating any middle-man. And, we can still realize the many benefits of a distributed model without the need for miners — such as making it secure, faster and cost-effective.
5. Security issues with the exchanges — Centralized exchanges store private keys on a server and never change them. That’s like leaving the key to your safety deposit box with the bank teller! Don’t you think its better off in your own hands and can you imagine how much safer it would be if you changed the locks after every time you opened it?
To further drive the points home here are some sample cryptocurrency thefts if you’re interested…
Software Vulnerability — In 2016, a vulnerability in the smart contracts software code allowed a hacker to steal $50 million of Ethereum cryptocurrency.
Stolen login credentials — $460 Million stolen in the Mt. Gox compromise in which 850,000 bitcoins were siphoned from the exchange. Login credentials were stolen from an auditors computer and used to login into the exchange and steal the coins.
Phishing — $79.6 Million stolen from blockchain<dot>info crypto wallet — hackers post fraudulent advertisements listed on Google got users to log into fictitious sites.
Software Vulnerability — The Coincheck hack was the biggest heist in history with $530 Million of NEM crypto coins stolen. While the full details have never been released there have been some mentions of a hot wallet compromise which can likely be attributed to a software vulnerability that was hacked to gain access to currency stored online and web accessible.
Cybercriminal Miners — In February 2018, a Monero miner hack made the headlines, “Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers” The mining process was legitimate, but the profits were illegal. The miners were actually cybercriminals that hacked 500,000 computers around the world and used them to execute the work. They infected computers with malware, installed the Monero mining software on them, and with enough machines and computing power, they netted millions of dollars in illegal mining profits. Overusing the hardware of the compromised machines also left some computers physically damaged beyond repair, and it raises another question, what else did the hackers steal or do to those computers? The concept of decentralized mining is trust-less such that power and trust are distributed, but with the ability to generate mining profits in the millions, this technology has become a massive target for theft. It will be difficult for such a system to prevail when its core purpose is jeopardized and the community is left to entrust cybercriminals to process their crypto assets.
Mining Vulnerability — Zencash network was attacked via the 51% attack. The attacker reorganized the blockchain multiple times reversing blocks and double spending massive transactions resulting in the theft of $550,000.
How have you used your success to bring goodness to the world? Can you share a story?
I created a lot of security technologies and patents that protect lives, property and empower people. The first was United Alert which was an emergency alerting system donated to the world in an effort to help protect lives and property. The second was Wickr, which was created to help protect human rights activists in hostile environments. I co-founded the company and launched the most secure messenger in the world. We gave this product to the world for free with the idea that it could be used to protect privacy, defend against cyber-espionage and protect intellectual property and trade secrets. The third is my new venture, BLAKCoin. Our mission is to create the most secure crypto environment in the world to protect all cryptos against theft and the negative impacts it brings to society. Our universal wallet will enable access to the world economy for the 3 billion people in the world that are currently unbanked or underbanked.
What 3 things would you advise someone who wanted to emulate your career? Can you share an example for each idea?
1. Education — First and foremost, you should consider advanced education in security so you can gain an overarching understanding of the big picture as well as the intersection between security, technology, and business. This gave me a strong foundation on which I was able to build advanced knowledge. After that, you need to figure out what part of security you’re really drawn to and get some hands-on experience dabbling in it. Once you’ve found your niche, it’s important to complement your degree(s) with a specialty and get certified, especially because the content is so technical. Whether it was creating new solutions or going for the next promotion, the combination of education, certification, and hands-on experience were an integral part of my success.
2. Passion — Next is passion. Security is an industry that is constantly evolving. People resist change, but change seems like the only constant in this field. If you are not passionate about change and innovation then it will be hard to keep up with the constant flow of information and updates that make the field so exciting. You need to eat, breathe and dream about this stuff. Security is a lifestyle and it needs to be part of you and your every day.
3. Resilience — Security is a moving target and you have to be able to adapt. I remember back when I was in college and realized for the first time that this technology field was dominated by men. There were times when the workload was so inundating and I felt so alone that I got discouraged and thought I could never make it in this industry. That made me want to give up at times, but my interest in security and what it could do for the digital world was such a driving force it kept me afloat and forced me to adapt to my environment. In my free time, I was always reading up on security blogs and interested in learning about the latest technology products released and how their security features worked. It made me realize I have to power through these challenges and the workload and continue because eventually I will get paid to do something that I really love to do and would do in my free time anyway.
Some of the biggest names in Business, VC funding, Sports, and Entertainment read this column. Is there a person in the world, or in the US whom you would love to have a private breakfast or lunch with, and why?
I’ve been fortunate to have visited Dubai a couple of times. I was so inspired by what I saw and experienced that I would have to say if there was a person in the world that I could share a meal with, it would have to be HH Sheik Mohammed Bin Rashid Al Maktoum — the Vice President and Prime Minister of the UAE and ruler of Dubai.
Aside from our common love and passion for Arabian horses, his profound and progressive vision for Dubai is unlike anything I’ve ever seen. In just 46 years, Dubai has transformed from a city of fisherman & pearl divers to a global phenomenon. They have built with impressive and unique architecture the tallest building in the world — Burj Khalifa tower, the biggest mall in the world — Mall of Dubai and the very famous man-made island — Palm Island, just to name a few. From their business centered city to becoming the first smart city in the world, the rate of adoption of modern technologies including blockchain is incredible. Dubai is set to become the first city in the world to have their entire government running on blockchain by 2020.