Issue 82, January 2017
bullet Cyber Security
bullet Interview with Prof. Dr. Michael Backes, Director of the Center for IT-Security, Privacy, and Accountability (CISPA)
bullet VMRay Threat Analysis and Detection
bullet Volksverschlüsselung - Usable Encryption for Everybody
bullet Protonet SOUL: A Cloud-Based Social Project Management Platform
Cyber Security
Over the past year, we have seen a significant increase in cyber threats, from botnets and ransomware, to high-profile leaks and massive data breaches. These threats are not disappearing. In 2017 we are likely to see new types of cyberattacks that will exploit vulnerabilities which had never been considered before.

Cyber criminals and other threat actors are making use of improved technologies and strategies. There is also a lack of knowledge and awareness of the importance of protecting against threats, such as malware, ransomware, and Internet of Things hacks. Special malware attacks like the Mirai botnet, which was largely made up of Internet of Things devices should be a serious concern. A failure to take action against such threats before they become a reality is likely to result in the intrusion of private data and sizable financial losses.

According to the German cyber security company VMRay, traditional security tools have become ineffective. For this reason, many companies are investing in the latest innovative software technologies for protection. VMRay develops automated threat analysis systems to protect financial, aerospace, defense and government sector organizations from malware threats. Protonet, a German hard- and software company has specialized in developing a private cloud server. Furthermore, companies are investing in cyber insurance policies as well educating themselves about information security professionalism by joining associations like TeleTrusT, one of the largest competence networks for IT security in Europe.

Consumers using smart devices need to be aware that what makes the Internet of Things vulnerable to hacks is the lack of standards for the software on which most smart devices operate. There is currently no policy for the production of such devices which could, for example, force users to reset passwords periodically to protect themselves from hacking attempts. To learn more about Internet of Things hacking, please read our first GCRI Blog entry, What Makes Smart Devices So Vulnerable?

Prof. Dr. Michael Backes was featured as the leading German researcher under the age of 40 by the German edition of the Financial Times in 2010. He has been ranked among the 30 most important IT people in Germany since 2010 by the newspaper, Computerwoche. Prof. Dr. Backes has won numerous awards and was the first German researcher to receive the Massachusetts Institute of Technology TR35 award in 2009, naming him one the world's top innovators under the age of 35. He has also been named one of Germany's "Digital Minds" by the German Computer Science Foundation and by the German Federal Ministry of Education and Research (BMBF).

Prof. Dr. Backes is the director of CISPA and leads the Information Security and Cryptography group. He is a professor at Saarland University and a Max Planck Fellow at the Max Planck Institute for Software Systems. Prof. Dr. Backes's research covers various aspects of IT security and privacy. A major current research project of his, imPACT, focuses on privacy, accountability, compliance, and trust for a secure Internet of the Future.

In this interview with the GCRI, Prof. Dr. Backes discusses malware, one of today's most common cybercrimes and how large organizations need to better protect themselves. He describes the German data protection law and what still needs to improve in terms of increasing individual privacy and data protection. Prof. Dr. Backes also highlights the main goals of the CISPA-Stanford Center for Cybersecurity. To read the full interview, click here.
Source & Image: Saarland University

Whether the threat is from hacktivists, cybercrime gangs or state-sponsored actors, traditional security tools can be rendered ineffective. For over a decade, a controlled, automated environment known as a 'sandbox' has been used to automatically analyze suspicious and potentially malicious files before they are allowed inside an organization and on users' desktops. Automated threat analysis is now a critical component of cybersecurity given the ever-growing volume and sophistication of malware.

Ten years ago, Carsten Willems as a masters student at the University of Mannheim, developed one of the first effective automatic analysis methods, known as a 'malware sandbox.' His academic work was commercialized into an enterprise security solution, which was sold to commercial enterprises and government agencies around the world. Willems then completed his Ph.D. at the Ruhr-Universität Bochum, where he collaborated with Ralf Hund on researching the next generation of automated analysis technology. This academic work became the basis of VMRay, which they co-founded in 2013. VMRay has a unique approach to automated threat analysis. It avoids being detected and bypassed by malware, and can manage the flood of malware enterprises.

VMRay released its first product in 2015 and its customers include some of the world's largest and most sophisticated organizations. These organizations, whether they are financial, aerospace, defense or government, are typically 'high value targets' for state-sponsored hackers. In addition to dealing with customers' threats, VMRay also needs to protect and defend against custom-written stealth malware written specifically to target their systems. This malware is exceedingly difficult to detect, since traditional tools require signatures from security researchers in order to identify, detect, and protect against a threat. With custom malware, there are no signatures. However, VMRay's dynamic automated analysis can provide security teams the information they need to identify and react to these attacks.

VMRay recently joined the German Accelerator program and is leveraging the program's resources to establish a U.S. presence for sales, marketing, and customer support. The U.S. represents more than half of the global market, so proximity to the majority of VMRay's customers and prospects is important. To learn more about VMRay, visit their website at
Source & Image: VMRay


People are increasingly sending highly sensitive information via email. End-to-end encryption ensures that only the sender and the recipient of an encrypted message will be able to read the message in plain text. However, most encryption solutions are too complicated for the majority of people. The Fraunhofer Institute for Secure Information Technology's (SIT) Volksverschlüsselung software is able to simplify email encryption so that even IT laypeople can easily create and use cryptographic keys.

Fraunhofer SIT and Deutsche Telekom are offering Volksverschlüsselung to private users free of charge. Users need to register with a Telekom account. They can also register and identify themselves via the online function of the new German ID cards, if the ID cards are activated and the appropriate reading device is used. Additional information, including the software, can be found here.

The Volksverschlüsselung software is user-friendly. In a nutshell, the software generates cryptographic key pairs and installs them in the right places on a user's computer. It ensures that the keys will be provided to installed mail tools, browsers, and other applications like Microsoft Outlook and Thunderbird. The user's private information remains private and never leaves the user's environment.

Volkverschlüsselung's transparent, central infrastructure provides various services for retrieving, reviewing, and revoking keys. The infrastructure is similar to that of a phone book, in which everyone can look up and retrieve a user's public key in order to send an encrypted email to a friend.

Fraunhofer SIT is in the process of working on additional features for the Volksverschlüsselung software, such as the secure transfer of keys from desktop computers to mobile devices and new online registration possibilities.

Source & Image: Fraunhofer Institute for Secure Information Technology (SIT)

Innovation Future Developments in FinTech and Blockchain Technology
FinTech companies competing in traditional areas of banking, such as financial advising and credit financing, present new challenges to traditional providers and regulators of financial services. A good example of financial services provided by FinTech companies is payments and securities settlement, particularly in connection with blockchain technology, viewed by many as a disruptive market force.

Various industries are enthusiastic about the blockchain technology, which is the technology behind the cryptocurrency Bitcoin. The term blockchain refers to financial transactions which are grouped into "blocks." These blocks are chained together through a cryptographic procedure that is believed to be unforgeable and tamper-proof. Furthermore, blockchain technology has the potential to simplify complex intermediation processes for payment and settlement activities.

As a central bank, the Bundesbank acts as an operator and overseer of central settlement systems and as a catalyst for the future development of payment and settlement systems. Despite the high performance systems already in existence, the Bundesbank still considers and carefully monitors future developments of these infrastructures. This is why the Bundesbank and the Deutsche Börse are conducting a study of securities settlement based on blockchain technology.

The Bundesbank and Deutsche Börse are both highly interested in blockchain technology, and they are equipped with complementary expertise in the field of payments and securities processing. Securities settlement has improved considerably in recent years. However, the settlement landscape remains complex and is characterised partially by convoluted processes that cause cumbersome reconciliation efforts. Blockchain-based settlement may provide a chance to reduce the necessary reconciliations. In addition, the ongoing projects that make use of blockchain technology in finance may increase the efficiency of processes by improving the communication between various market participants and infrastructures.
Source: Deutsche Bundesbank

BionaticProtonet SOUL: A Cloud-Based Social Project Management Platform
Cloud computing has significantly advanced the way we store and share data, enhancing communication and collaborative endeavors in science, industry, government and other areas. These processes are generating terabytes of data, yet we often have no idea where this data is located, how many copies exist, and who has access to it.

Protonet, a hard- and software company, has found a way to address this challenge by enabling organizations, including non-IT experts, to run their business operations more effectively on a private cloud server.

Protonet SOUL is project management and collaboration software integrated into Protonet Private Cloud Servers and streamlines all business communications, file sharing, as well as task and time management. Protonet's Private Cloud Servers allow groups to maintain security compliance by running cloud-enabled applications on their own servers, keeping their data within their firewall. Users can choose from a range of pre-installed applications, which are offered together with Protonet SOUL and the small, energy-efficient servers can be placed on everyone's desktop.

Protonet was founded in 2012 by Ali Jelveh and Christopher Blum. In 2014, Protonet used a crowdfunding campaign to raise one million dollars in just 89 minutes. Seedmatch and the LEAD Awards chose Protonet as the 2014 startup of the year. As a result, Protonet partnered with investors who are experienced industry experts in the digital economy, advertising, and server industry. Protonet is headquartered in Hamburg, Germany with offices in the San Francisco Bay Area.

For more information about Protonet SOUL, please visit and watch this video.
Source & Image: Protonet, Inc.