For last-minute shoppers, tech toys hold a special appeal. They’re crowdpleasers, and generally available with two-day shipping—or faster—from any number of online retailers. Stapling on internet connectivity also might make these flashy kids gadgets sound all the more appealing; it’s not just a teddy bear, it’s a machine learning teddy bear. On the other hand: don't. This is not a screed against technology generally, or even tech as it relates to kids; there are plenty of responsible, safe ways for children to navigate and benefit from the internet. Instead, it’s an important reminder that toys with an online connection are at their core just another IoT device, often replete with the same ills and vulnerabilities. Plus, they have the added horror of occasionally pointing a microphone or camera at your child.

“Generally, people may not make that leap" that an internet toy is just another part of the IoT landscape, says Tod Beardsley, research director at security firm Rapid7. But hackers who target poorly secured internet-connected devices don’t distinguish between, say, a generic webcam and a Wi-Fi action figure. “A lot of the infrastructure looks like regular old Linux or Android. An attacker doesn’t care; inside it’s just a computer,” Beardsley says.

Hacker Heaven

That makes internet-connected toys prime candidates to join a so-called botnet, an army of zombie machines used by hackers to launch denial-of service-attacks against websites, servers, or other pieces of internet infrastructure. Remember that afternoon last fall when the internet shut down for the better part of an afternoon across the US? A botnet made that possible.

“These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities—including speech recognition and GPS options,” the agency wrote. “These features could put the privacy and safety of children at risk.”

That's not just hypothetical alarmism. When Mattel rolled out its talking, Wi-Fi enabled Hello Barbie doll in 2015, the product proved easily hackable; an attacker could have stolen anything from passwords to actual snippets of conversation before the toy giant rolled out fixes. More recently, the Norwegian Consumer Council found that it was trivial to track kid-focused smartwatches from multiple companies, and even use them to communicate with children who wear them.

The list goes on, including real-world consequences. In March, a line of IoT teddy bears called CloudPets left two million messages recorded by the fluffy buddies exposed in an online database, where anyone could have listened to them—not to mention sifted through 800,000 emails and passwords that were exposed as well. The list goes on, but you get the point.

Not every internet-connected toy is insecure, just like not every home webcam falls prey to hackers. But the IoT industry in general has a long way to go in terms of overall security, and toys as a subcategory are no exception. Besides, hackers aren’t even your biggest concern—more often than not, the companies themselves are.

Privacy First

Last year, several advocacy groups jointly filed a complaint with the Federal Trade Commission against two specific products made by Genesis Toys, My Friend Cayla and i-Que Intelligence Robot, alleging that they “unfairly and deceptively collect, use, and share audio files of children's voices without providing adequate notice or obtaining verified parental consent.” The toys have already been banned in Germany, and stripped from the shelves of Target and Toys R Us. (You can still find them on Amazon, albeit in limited quantity as of this post.) Genesis Toys did not respond to a request for comment.

“Companies that are selling internet-connected toys are not just profiting from selling the device,” says David Monahan, campaign manager for Campaign for a Commercial-Free Childhood, a group dedicated to ending child-targeted marketing. “They’re profiting by collecting and monetizing a lot of sensitive information from kids.”

While the Children’s Online Privacy Protection Rule, known as “COPPA,” puts limits on that sort of data-harvesting, it mostly ensures that parents have to give consent before data collection happens. In the frenzy of setting up a Christmas gift, it’s easy to tap ‘yes’ without realizing exactly what it is you’ve agreed to.

"Internet connected toys are a privacy nightmare," says Marc Rotenberg, president of the nonprofit Electronic Privacy Information Center. "Maybe Santa gets to know who’s been naughty and who’s been nice. But not toy companies."

Make It Work

If you are going to give an internet-connected device—or already bought one and can’t find the receipt to return it—the most important thing you can do is to understand exactly how it works, what it collects, and what it does with that information.

“If you look at the privacy policy and feel like you’d need a lawyer to understand it, that’s a red flag,” says Monahan.

That diligence extends to securing the device, as well. “Internet toys tend to be replete with default user names and passwords,” says Beardsley, which makes hacking them, well, child’s play. Take the time to customize the device setup, creating a unique password, and also figure out if and how the manufacturer pushes software updates, which often contain critical security patches.

Be aware, too, of how these toys function. “Anything that has an input sensor, like a camera or a microphone, has to be on in order to work as advertised,” says Beardsley. In the same way that an Amazon Echo or Google Home listens constantly—but only sends data back to a server after hearing a ‘wake word’—a toy that uses a camera to detect colors, say, is likely always watching. And it may not be clear under what circumstances it communicates what it sees and hears over the internet, or what it stores.

In fact, that Echo comparison proves apt for other reasons. Those devices raise privacy hackles as well, but least when you interact with Alexa or Google Assistant, you understand the risks. “As adults, we make decisions around making transactions online, we know what kind of information we’re putting out there that might be vulnerable,” says Monahan. “Kids don’t really understand that. They can’t make a conscious choice about sharing that information.”

Those potential issues even led Mattel to cancel a highly touted upcoming product. Its Aristotle AI assistant was designed as a sort of Echo for the stroller set, until the company nixed it in October over privacy concerns.

And at that point, what more do you need? When even the toy companies are having second thoughts, it's well past time to pull the plug on connected gifts.

Do you follow Bitcoin? At the start of December, the price of the cryptocurrency rocketed up to over $19,000 per coin. Early investors with nerves of steel now have portfolios worth thousands, if not millions of dollars. But the question on everyone’s lips is this: is it too late for me to invest in Bitcoin?

The price of an individual Bitcoin plowed through previous records, almost hitting the magical $20,000 level for the first time. At this point, buying a whole Bitcoin is simply beyond the means of most people. But that doesn’t mean you shouldn’t bother at all. Consider the following.

Limited Supply

The Bitcoin total supply limit is 21 million coins. Of those 21 million coins, some four million are already considered irretrievably lost (thrown away, willfully destroyed, held on encrypted drives with lost passwords, and so on).

Bitcoin creator Satoshi Nakamoto is mooted to have mined 1 million Bitcoin (a cool $19 billion at the recent $19,000 high) before publicizing the blockchain. There are also several people known to hold huge amounts of Bitcoin, and I’m sure more than a few governments have substantial holdings too.

According to career investor Ronnie Moas, there are probably “between 3-5 million Bitcoin” in actual circulation. That number does increase incrementally as miners “release” more Bitcoin. But that is still only 12.5 coins per block, and the vast majority now go to mining pools.

Bitcoin is a scarce resource, then. Another factor of consideration is the sheer number of users. Between Q3 2014 and Q3 2017, the number of Blockchain wallet users rose from 1.9 million to 14.7 million. And given the enormous leaps observed in December, it is fair to say that the overall number of Bitcoin users will have risen further.

All in all, it means more users competing for less Bitcoin — and we all know what that means for prices.

More Investors Incoming

The number of people investing Bitcoin is rising too.

Exact numbers are extremely difficult to arrive at, though. Some estimates peg the number of users to the number of wallets. Using the bitinfocharts website, we can break down Bitcoin distribution by wallet address.

Check out the table below. We can see that there are around 13.7 million wallets holding less than 0.001 BTC, and two holding between 100,000 to 1,000,000 (they actually hold 127k and 119k, and are the wallets for two crypto-exchanges). That aside, this table tells us that there are nearly 25 million active wallets.

A more recent University of Cambridge study [PDF] estimates that there are between 2.9 to 5.8 million active cryptocurrency users, with the vast majority using Bitcoin. The study also estimates there to be between 5.8 million and 11.5 million “active” wallets.

The biggest change, however, is the recent introduction of Wall Street to the Bitcoin trading environment. The Chicago Board Options Exchange (CBOE) added Bitcoin futures to their trading options on Sunday, December 10. The price immediately soared by over 25 percent, causing a temporary trading halt, as well as crashing the CBOE website due to demand (a mini-DDoS of sorts).

The combination of Bitcoin and Wall Street trading will introduce a significant number of individuals to cryptocurrencies.

SMS Bitcoin

But it isn’t just Wall Street that has climbed aboard the Bitcoin hype-train. There are a number of blockchain startups that will bring banking facilities to the previously unbanked. These services will bring credit opportunities to those otherwise unable to obtain financing solutions. Furthermore, several startups are attempting to sell and trade Bitcoin via SMS. While only 30 percent of the world have consistent access to the internet, SMS is ubiquitous in almost every country.

The SMS Bitcoin services are targeting the African continent as a major untapped Bitcoin marketplace. Residents of countries with repressive governments or societal unrest also present opportunities for Bitcoin (and other cryptocurrencies) to protect wealth.

Stability

Bitcoin is infamously volatile. The price volatility is a major contributor to Bitcoin and other cryptos’ derision as a serious investment. While the introduction of Bitcoin futures to the CBOE caused an immediate 25 percent price spike, there is hope that the influence of Wall Street trading will have a calming effect on the overall price volatility of Bitcoin. In turn, this will allow other cryptocurrencies (commonly referred to as altcoins) to gain traction.

Financial Predictions

What will the Bitcoin price be in one year? $20K? $50K? Even more than that? It all depends on what you read. Here are five Bitcoin price predictions from a range of individuals.

• Saxo Bank: $60,000 in 2018, before crashing back to $1,000 before 2019
• John McAfee: $1,000,000 by 2020
• James Altucher: $1,000,000 by 2020
• Winklevoss twins: $152,000, unspecified date
• Masterluc: (legendary crypto-trader) $40,000-$110,000 by 2019

Quite the range of predictions, but one thing is sure: Bitcoin will continue to rise for at least another year, if not two. As with all investments, knowing when to bow out is part of the problem. And the whales (those holding a significant amount of Bitcoin) always have the drop on the rest of populace.

As it stands, Bitcoin is already a top-30 world currency, with a current market capitalization of over $250 billion. It is widely expected to surpass the $1 trillion mark before 2020. A vast increase, but this would move the Bitcoin price toward the Winklevoss twins’ per-coin estimate.

Overall Awareness

Overall Awareness ties into the “more investors incoming” section but needs a few words of its own. The hype surrounding Bitcoin makes it feel like everyone is at it. Your grandma, the postman, your dentist — everyone. In fact, nothing could be further from the truth. Check out this absolutely non-scientific graph.

Bitcoin is generating an enormous amount of interest and has a huge market capitalization, but global adoption rates are still below 1 percent of the population. That’s right. And even 1 percent estimates are shaky. Consider the University of Cambridge study we looked at earlier. Even at the maximum estimate of 11 million active wallets, that’s only roughly 0.14 percent of the global population.

We are still at the tip of the global awareness and uptake iceberg. At most, we are just entering the “public awareness” phase. Public awareness increases, mania and FUD skyrocket, and greed and delusion set in. The Bitcoin price will continue to rise dramatically throughout this time until something spooks the market — and the capitulation begins.

So, Should I Invest?

I’m not a financial organization. Nor am I in any way qualified to give investment advice. I invest in and trade small amounts of Bitcoin and other altcoins.

My advice is simple: do your research, do not believe everything you read, and do not invest money you cannot afford to lose.

New phishing email scam targets Hotmail users using IRS as bait. 

The Internal Revenue Service warned taxpayers and tax professionals of a new email scam targeting Hotmail users that is being used to steal personal and financial information.

The phishing email subject line reads: “Internal Revenue Service Email No. XXXX | We’re processing your request soon | TXXXXXX-XXXXXXXX”. The email leads taxpayers to sign in to a fake Microsoft page and then asks for personal and financial information.

The IRS has received over 900 complaints about this new phishing scheme that seems to exclusively target Hotmail users. The suspect websites associated with this scam have been shut down, but taxpayers should be on the lookout for similar schemes.

Individuals who receive unsolicited emails claiming to be from the IRS should forward it to phishing@irs.gov and then delete it. It is important to keep in mind the IRS generally does not initiate contact with taxpayers by email to request personal or financial information. For more information, visit the “Tax Scams and Consumer Alerts” page on IRS.gov.

The IRS reminds tax professionals to be aware of phishing emails, free offers and other common tricks by scammers. Tax professionals who have data breaches should contact the IRS immediately through their Stakeholder Liaison. See Data Theft Information for Tax Professionals.

"What people think is, ‘My phone is slow, I need to replace it.’ And that causes a lot of perfectly good phones to get replaced."

The South Korea Cryptocurrency Exchange Youbit has gone bankrupt after suffering a major cyber attack for the second time this year.

The South Korea Cryptocurrency Exchange Youbit shuts down after suffering a major cyber attack for the second time this year. The company announced bankrupt on Tuesday after being hacked for the second time in the last eight months, the company declared it had lost 17 percent of its assets in the last attack.

This is the first time that a cryptocurrency exchange based in South Korean has gone bankrupt.

Eight months ago hackers stole nearly 4,000 bitcoin (5.5 billion won ($5 million) at the time of the hack) that accounted for nearly 40 percent of the Youbit exchange’s total assets.

The company blamed North Korea for the attack.

“We will close all trades, suspend all deposits or withdrawals and take steps for bankruptcy,” reads the statement issued by the company after the last attack.

In order to minimize the economic impact of the customers, all the clients will have their cryptocurrency assets marked down by 25 percent, in this way Youbit wants to cover the losses selling the remaining assets and using insurance.

The South Korean market for virtual currencies has become one of the most active,  considering that whose trades account for some 20 percent of global Bitcoin transactions. More than one million South Koreans already invested in Bitcoin.

Analysts observed that the demand is very high, for this reason, prices for the unit are around 20 percent higher than in the US.

While global bitcoin prices continue to increase, threat actors are focusing their interests on the virtual currencies.

Recently security experts from Secureworks revealed the Lazarus APT group launched a spearphishing campaign against a London cryptocurrency company.