Daily Archives: October 1, 2025

SWIFT and 30 banks will go Blockchain and become a mainstream part of global finance

Posted on by

Blockchains are still synonymous with the wild world of cryptocurrencies, but on Monday, 30 banks and SWIFT – the world’s most important cross-border payment service – made them an utterly mainstream part of the global financial system.

SWIFT – aka the Society for Worldwide Interbank Financial Telecommunication – provides a messaging service that financial institutions use to move money around the world. The service is widely used but is slow because, as explained by ANZ Bank, SWIFT “doesn’t actually move the money.”

“This means the instruction to pay and the movement of funds happen separately, often requiring a complex network of accounts and correspondent banks to enable a payment to be processed. This disconnect can slow payments down and lead to a lack of visibility for both sender and recipient.”

It can also mean cross-border payments take a couple of days to complete.

SWIFT’s problems are well known and financial services types see the service as sound – but also sand in the gears of global trade.

Blockchain enthusiasts who saw cryptocurrency transactions rapidly rippling across distributed ledgers, therefore wondered if their preferred technology could improve the speed of cross-border cash transfers. Many startups, some with support from sensible central banks, have explored this idea, usually by proposing “stablecoins” – digital currencies pegged to the value of a fiat currency – which would be exchanged on a blockchain to provide faster settlements than SWIFT can achieve.

China has similar ideas: One application for its Digital Yuan is enabling rapid cross-border transactions in the Middle Kingdom’s currency, and not the US Dollar that is often used to move money around the world. If China could use its digital currency to control a slice of global trade, it could weaken Western institutions like SWIFT.

Almost everyone contemplating using a blockchain to move money around the world imagines either supplanting SWIFT, or stealing a lot of its business.

It’s therefore unsurprising that on Monday SWIFT announced its intention to “add a blockchain-based shared ledger to its technology infrastructure, a pivotal step for global finance that promises to make instant, always-on cross-border transactions possible at unprecedented scale.”

SWIFT will also build tools to integrate its existing payment systems, and its new blockchain.

“It is envisaged that the ledger – a secure, real-time log of transactions between financial institutions – will record, sequence and validate transactions and enforce rules through smart contracts,” SWIFT’s announcement explains. “It will be built for interoperability, both with existing and emerging networks, while maintaining the trust, resilience and compliance synonymous with Swift and critical to the secure functioning of global finance.”

34 financial institutions from 16 countries have signed up to design the ledger, with help from Ethereum outfit Consensys.

SWIFT didn’t predict when this ledger will go live, which is probably sensible as projects of this magnitude can easily go pear-shaped and previous attempts at using blockchains for high-volume mission critical systems have gone badly.

But for now, an entity that has for decades played an important role in the global economy has decided it needs to rebuild itself on blockchain.

In some ways that’s unremarkable because very few people need to care about the technology plumbing their banks employ. SWIFT adopting Blockchain, however, will likely bring tokenized assets much closer to the mainstream.

Source: Blockchain just became a mainstream part of global finance • The Register

USAF admits SharePoint privacy issue; reports of breach, shutdown of SharePoint, Teams and PowerBI

Posted on by

The US Air Force confirmed it’s investigating a “privacy-related issue” amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.

“The Department of the Air Force is aware of a privacy-related issue,” an Air Force spokesperson told The Register on Wednesday, while declining to answer specific questions about the alleged digital intrusion.

Sign in to sound off

Register for The Register’s Forums here.

The Air Force’s confirmation follows what looks like a breach notification, shared with The Register and on social media, that purports to come from the Air Force Personnel Center Directorate of Technology and Information.

“This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions,” the notice says. “As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information.”

Two other Microsoft services, Teams and Power BI dashboards, will also allegedly be blocked because both access SharePoint, the alert continued, adding that restoration may take up to two weeks.

It’s unclear what services, if any, are offline right now. A DAF spokesperson said that the military branch “cannot confirm” that SharePoint and Teams have been disabled. Another person we spoke to on the phone claimed that they were “using it right now” when asked about SharePoint on Tuesday.

A Microsoft spokesperson told The Register that Redmond “has nothing to share at this time,” and declined to answer our specific questions including if the Air Force security snafu is related to July’s SharePoint fiasco.

Chinese government spies, data thieves, and at least one ransomware gang exploited a couple of SharePoint vulnerabilities over the summer, allowing them to hijack on-premises SharePoint servers belonging to more than 400 organizations and remotely execute code.

[…]

Source: Air Force admits SharePoint privacy issue; reports of breach • The Register

Academic research finds economic, technical and operational harms from Italy’s Piracy Shield

Posted on by

Walled Culture first wrote about Piracy Shield, Italy’s automated system for tackling alleged copyright infringement in the streaming sector, two years ago. Since then, we have written about the serious problems that soon emerged. But instead of fixing those issues, the government body that runs the scheme, Italy’s AGCOM (the Italian Authority for Communications Guarantees), has extended it. The problems may be evident, but they have not been systematically studied, until now: a peer-reviewed study from a group of (mostly Italian) researchers has just been published as a preprint (found via TorrentFreak). It’s particularly welcome as perhaps the first rigorous analysis of Piracy Shield and its flaws.

[…]

one of the major concerns about the system is the lack of transparency: AGCOM does not publish a list of IP addresses or domain names that are subject to its blocking. That not only makes it extremely difficult to correct mistakes, it also – conveniently – hides those mistakes, as well as the scope and impact of Piracy Shield. To get around this lack of transparency, the researchers had to resort to a dataset leaked on GitHub, which contained 10,918 IPv4 addresses and 42,664 domain names (more precisely, the latter were “fully qualified domain names” – FQDN) that had been blocked. As good academics, the researchers naturally verified the dataset as best they could:

While this dataset may not be exhaustive … it nonetheless provides a conservative lower-bound estimate of the platform’s blocking activity, which serves as the foundation for the subsequent analyses.

Much of the paper is devoted to the detailed methodology. One important result is that many of the blocked IP addresses belonged to leased IP address space. As the researchers explain:

This suggests that illegal streamers may attempt to exploit leased address space more intensively, even if just indirectly, by obtaining them by hosting companies that leases them, leading to more potential collateral damages for new lessees.

This particular collateral damage arises from the fact that even after the leased IP address is released by those who are using it for allegedly unauthorised streaming, it is still blocked on the Piracy Shield system. That means whoever is allocated that leased IP address subsequently is blocked by AGCOM, but are probably unaware of that fact, because of the opaque nature of the blocking process. More generally, collateral damage arose from the wrongful blocking of a wide range of completely legitimate sites:

During our classification process, we observed a wide range of website types across these collaterally affected domains, including personal branding pages, company profiles, and websites for hotels and restaurants. One notable case involves 19 Albanian websites hosted on a single IP address assigned to WIIT Cloud. These sites are still unreachable from Italy.

Italian sites were also hit, including a car mechanic, several retail shops, an accountant, a telehealth missionary program – and a nunnery. More amusingly, the researchers write:

we found a case of collateral damage involving a Google IP. Closer inspection revealed the IP was used by Telecom Italia to serve a blocking page for FQDNs filtered by Piracy Shield. Although later removed from the blocklist, this case suggests that collateral damage may have affected the blocking infrastructure itself.

The academics summarise their work as follows:

Our results on the collateral damages of IP and FQDN blocking highlight a worrisome scenario, with hundreds of legitimate websites unknowingly affected by blocking, unknown operators experiencing service disruption, and illegal streamers continuing to evade enforcement by exploiting the abundance of address space online, leaving behind unusable and polluted address ranges. Still, our findings represent a conservative lower-bound estimate.

It distinguished three ways in which Piracy Shield is harmful. Economically, because it disrupts legitimate businesses; technically, because it blocks shared infrastructure such as content delivery networks, while “polluting the IP address space” for future, unsuspecting users; and operationally, because it imposes a “growing, uncompensated burden on Italian ISPs forced to implement an expanding list of permanent blocks.” The paper concludes with some practical suggestions for improving a system that is clearly not fit for purpose, and poses a threat to national security, as discussed previously on Walled Culture. The researchers suggest that:

widespread and difficult-to-predict collateral damage suggests that IP-level blocking is an indiscriminate tool with consequences that outweigh its benefits and should not be used.

Instead, they point out that there are other legal pathways that can be pursued, since many of the allegedly infringing streams originate within the EU. If FQDN blocking is used, it should be regarded as “a last resort in tightly constrained time windows, i.e., only for the duration of the live event.” Crucially, more transparency is needed from AGCOM:

To mitigate damages, resource owners must be immediately notified when their assets are blocked, and a clear, fast unblocking mechanism must be in place.

This is an important piece of work, because it places criticisms of Piracy Shield on a firm footing, with rigorous analysis of the facts. However, AGCOM is unlike to pay attention, since it is in the process of expanding Piracy Shield to apply to vast swathes of online streaming: amendments to the relevant law mean that automatic blocks can now be applied to film premieres, and even run-of-the-mill TV shows. Based on its past behaviour, the copyright industry may well push to extend Piracy Shield to static Web material too, on the basis that the blocking infrastructure is already in place, so why not use it for every kind of material?

Source: Academic research finds economic, technical and operational harms from Italy’s Piracy Shield – Walled Culture