Tag: hack

$611m stolen in cryptocurrency hack

By Emma Mayer for Newsweek

Poly Network, a protocol for swapping cryptocurrency, including bitcoin, announced on Tuesday that it was hacked, resulting in the loss of $611-million. The hack is suspected to be the largest fraud in “decentralised finance,” or DeFi, in history.

The network tweeted the news and urged exchanges to block all of the funds that were taken.

“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” it tweeted, providing three addresses that it says the assets have been transferred to.

Poly Network swaps tokens across different blockchains, including Etereum and Ontology, as well as the blockchain for bitcoin. It was formed by an alliance between the teams behind multiple blockchain platforms, namely Neo, Ontology and Switcheo, according to The Block.

According to Cryptonews, $273 million in assets was taken in Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in U.S. Dollar Coin (USDC) tokens on the Polygon network.

“We will take legal actions and we urge the hackers to return the assets,” Poly Network tweeted in a thread.

Some believe this attack is the largest hack ever seen in the cryptocurrency space.

Since the attack, Tether, a form of stablecoin, managed to freeze roughly $33-million in tokens.

“We are aware of the poly.network exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can,” tweeted Changpeng Zhao, CEO of Binance, a cryptocurrency exchange.

The hack, according to The Block, forced O3, a trading pool that uses Poly Network to trade tokens among different blockchains, to suspend its cross-chain functionality.

Researchers suspect that the cause of the hack was a cryptography issue, which is rare in other instances of hacking. The attack on Poly Network may have been similar to the Anyswap exploit, an attack in July that saw $7.9-million stolen when a hacker reversed the private key.

A report from Reuters said that the DeFi sector of cybercrime registered losses of $474-million from January to July of this year.

“Just eight months into 2021 and DeFi hacks, thefts and frauds have already surpassed the total DeFi crimes from 2020,” Dave Jevans, CipherTrace’s chief executive officer, told Reuters. “This means regulators around the globe are paying closer attention to DeFi specifically.”

Many DeFi applications run on the Ethereum blockchain, and the industry is seeing both an expansion and improved security infrastructure. Jevans said that expansion was sure to attract more crime.

“It shouldn’t come as a surprise that as the DeFi ecosystem expands, so are DeFi crimes,” he said.

Newsweek reached out to CipherTrace for additional comment but did not hear back before publication.

 

By Terence Zimwara for Bitcoin.com

According to local media, leading South African financial institution FNB is denying allegations of a banking relationship with the recently collapsed crypto investment company, Africrypt. FNB also insists it did not enable the investment company’s transactions which helped Africrypt’s two directors disappear with billions of dollars in investor funds.

Disappearance of investor funds
The financial institution’s denial comes nearly two months after Africrypt abruptly stopped operating. At that time, the crypto investment firm’s management claimed Africrypt’s trading system had been breached. This breach compromised client accounts, wallets, and nodes, thus forcing Africrypt to freeze all accounts, the directors claimed.

However, shortly after the so-called breach, Africrypt directors Ameer Cajee and his brother Raees Cajee are alleged to have “transferred the crypto investment’s pooled funds from its South African account(s) through bitcoin on the blockchain in April 2021.” South African media reports estimate that as much as $3.6 billion in investor funds cannot be accounted for.

Meanwhile, in his response to a media inquiry, FNB spokesperson Nadiah Maharaj refused to acknowledge the existence of any relationship between FNB and Africypt. According to a media report, Maharaj, who cites client confidentiality restrictions, stated:

FNB once again confirms that it does not have a banking relationship with Africrypt. Due to client confidentiality, FNB cannot provide any information on specific bank accounts.

Use of crypto mixers
An investigation by local media suggests that after successfully siphoning investors’ funds, the Cajee brothers fled to the United Kingdom. These findings are also corroborated by another investigation by Hanekom Attorneys, a law firm that has been retained by victims of the Africrypt fraud. In addition to these findings, the law firm’s investigations further reveal that Africrypt directors had used mixers in an attempt to obfuscate the flow of the funds.

While the case has now been reported to the Hawks (South Africa’s elite police unit), the founder of the law firm, Darren Hanekom, is quoted in the report as suggesting Africrypt’s accounts with FNB have already been “drained” and that “the entirety of investors’ funds” may have been subjected to the mixing service.

 

By Bradley Prior for MyBroadband

HaveIBeenPwned has added a large data breach – involving popular writing website Wattpad – to its database of data breaches.

In June 2020, Wattpad – a website that allows users to publish their own literary content and critique the work of others – suffered a large data breach which exposed almost 270 million user records.

This data was reportedly sold to a private purchaser for $100,000, and has since reportedly been published to a public hacking forum – where it was shared broadly.

The data exposed in this breach includes names, usernames, email addresses, IP addresses, passwords, genders, and birth dates, HaveIBeenPwned said.

According to the post on the hacker website, included in the database are 145 million passwords hashed with bcrypt, and another 44-million hashed with SHA256.

“We are aware of reports that some user data has been accessed without authorisation. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants,” said Wattpad director of PR and communications Kiel Hume.

“From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed.”

Hume said Wattpad is committed to maintaining the trust of its users “to ensure the safety and security of the Wattpad community”.

How to check if you are affected

HaveIBeenPwned allows you to check if your data was affected by data breaches including the recent breach of Wattpad.

To do this, users need to navigate to HaveIBeenPwned’s homepage and enter their email address into the search bar.

Check your email address here.

By Petrus Malherbe for Netwerk24

Instead of information about the eight commercial harbours it runs, the National Ports Authority’s (NPA) website now ostensibly contains information about gambling games in Indonesia, Netwerk24 reported. The National Ports Authority is a division of Transnet.

According to information on ICANN Lookup, Transnet registered transnetnationalportsauthority.net in 2007. The registration was managed by American company Network Solutions.

But its security certificate expired in April last year, which made it vulnerable to attacks by hackers thereafter.

The domain name, while still registered, is no longer being reported as being active. Its status is known as “client transfer prohibited”, meaning that the domain cannot be transferred without Transnet’s permission.

Ironically, the status is meant to help prevent an inactive domain name from being hacked by another entity.

Web pages are regularly hacked, with visitors directed to malevolent websites. A website with a security certificate that is in tact is, however, more resistant to these attacks.

The hacking of the NPA site seems limited to that particular website. The website for Transnet Port Terminals and its main page, transnet.net is, for example, still operational.

Even though the NPA’s page expired in April last year, Transnet still uses it on the port authority’s official Twitter page. This page appears to still be active – the last entry was on 23 January.

Transnet was approached for comment about the apparent takeover of one of its websites, but has not yet responded.

By Roger Bambino for Tech JaJa

Dr. Bright Gameli Mawudor heads the Cyber Security Service Team at Internet Solutions. He recently bumped into some MultiChoice credentials on the open Internet as he was giving a live demo at a conference.

Dr Gameli is also the co-founder of AfricaHackOn and was giving a speech at a recent MyBroadband CyberSec Conference, where he revealed that the DStv hack was more less accidental and uncovered a text file full of MultiChoice credentials on a misconfigured web server in the middle of a live demo.

He told MyBroadband that he was demonstrating a technique known as Google Dorking. This involves using Google’s highly technical search operators to find information people didn’t imagine would be found on the open Internet. To put this in context, many people put a lot of information on the internet including ripped media series for download on Internet-connected servers, which Google eventually crawls and indexes.

As he was trying to demonstrate how easy it was to find credentials for streaming services like Netflix and Hulu with a Google search, Mawudor thought he could do the same for DStv.

“Nobody knew what happened, I took it off quickly. I didn’t want anybody to see. Later I went to analyse the details,” Mawudor said.

Being an ethical hacker, Mawudor chose not to misuse the information he found as it would have done tremendous amount of damage to DStv’s business.

“I would have been able to use those credentials to log into the monitoring of live [sports] matches that were going on, [or] into the VPN and into the internal network,” he said.

He would have used this data to shut down systems, or changed live broadcasts if he so wished. While advising companies in regards to security Mawudor said:

“Organisations need to go beyond occasional penetration testing and do vulnerability management — frequently doing an assessment of all your systems, networks, and appliances to make sure they always screened for the latest vulnerabilities.”

WhatsApp is hacked

Source: BBC

WhatsApp has confirmed that a security flaw in the app let attackers install spy software on their targets’ smartphones.

That has left many of its 1.5-billion users wondering how safe the “simple and secure” messaging app really is.

On Wednesday, chip-maker Intel confirmed that new problems discovered with some of its processors could reveal secret information to attacks.

How trustworthy are apps and devices?

Was WhatsApp’s encryption broken? No. Messages on WhatsApp are end-to-end encrypted, meaning they are scrambled when they leave the sender’s device. The messages can be decrypted by the recipient’s device only.

That means law enforcement, service providers and cyber-criminals cannot read any messages they intercept as they travel across the internet.

However, there are some caveats.

Messages can be read before they are encrypted or after they are decrypted. That means any spyware dropped on the phone by an attacker could read the messages.

What is encryption?
On Tuesday, news site Bloomberg published an opinion article calling WhatsApp’s encryption “pointless”, given the security breach.

However, that viewpoint has been widely ridiculed by cyber-security experts.

“I don’t think it’s helpful to say end-to-end encryption is pointless just because a vulnerability is occasionally found,” said Dr Jessica Barker from the cyber-security company Cygenta.

“Encryption is a good thing that does offer us protection in most cases.”

Cyber-security is often a game of cat and mouse.

End-to-end encryption makes it much harder for attackers to read messages, even if they do eventually find a way to access some of them.

What about back-ups?
WhatsApp gives the option to back up chats to Google Drive or iCloud but those back-up copies are not protected by the end-to-end encryption.

An attacker could access old chats if they broke into a cloud storage account.

How to stay safe on WhatsApp
WhatsApp discovers ‘targeted’ surveillance attack
Of course, even if users decide not to back up chats, the people they message may still upload a copy to their cloud storage.

Should people stop using WhatsApp?
Ultimately, any app could contain a security vulnerability that leaves a phone open to attackers.

WhatsApp is owned by Facebook, which typically issues software fixes quickly.

Of course, even large companies can make mistakes and Facebook has had its share of data and privacy breaches over the years.

There is no guarantee a rival chat app would not experience a similar security lapse.

At least, following the disclosure of this flaw, WhatsApp is slightly more secure than it was a week ago.

Signal is an open-source project
Some rival chat apps are open-source projects, which means anybody can look at the code powering the app and suggest improvements.

“Open-source software has its value in that it be can tested more widely but it doesn’t necessarily mean it’s more secure,” said Dr Barker.

“Vulnerabilities can still be found with any tech, so it’s not the answer to our prayers.”

And if someone did decide to switch to a rival chat app, they would still have to convince their contacts to do the same. A chat app without friends is not much use.

Is any device ever safe?
In theory, any device or service could be hacked. In fact, security researchers often joyfully pile in on companies that claim their products are “unhackable”.

They quickly discover vulnerabilities and the embarrassed companies retract their claims.

If people are worried data may be stolen from their computer, one option is to “air gap” the device: disconnect it from the internet entirely.

That stops remote hackers accessing the machine – but even an air gap would not stop an attacker with physical access to the device.

Dr Barker stressed the importance of installing software updates for apps and operating systems.

“WhatsApp pushed out an update and consumers might not have realised that security fixes are often included in updates,” she told BBC News.

WhatsApp did not help the cause, however, by describing the latest update as adding “full-size stickers”, and not mentioning the security breach.

“People need to be made aware that updates are really important. The quicker we can update our apps, the more secure we are,” said Dr Barker.

As always, there are simple security steps to remember:

  • Install app and operating system security updates
  • Use a different password for every app or service
  • Where possible, enable two-step authentication to stop attackers logging in to accounts
  • Be careful about what apps you download
  • Do not click links in emails or messages you are not expecting

By Cheryl Kahla for The South African

The National Cyber Security Centre (NCSC), a UK cyber security watchdog, recently released their list of the most-used passwords on the Internet.

A quick look at the most common passwords is enough to know that a lot of work still needs to be done to educate computer users about cybersecurity.

The most common password was ‘123456’ which was beat out by ‘123456789’, ‘qwerty’, ‘password’ and ‘1111111’.

While these common passwords are incredibly problematic, the most pervasive problem for home internet users was a combination of these easily guessed passwords, and the fact they were being re-used across multiple sites.

Re-using passwords on multiple platforms
Password re-use is problematic as a security breach on one site could compromise a users security on every other site the password is in use.

NCSC technical director Ian Levy explains:

“We understand that cybersecurity can feel daunting to a lot of people, but the National Cyber Security Centre has published lots of easily applicable advice to make you much less vulnerable.

He added that re-using a password is a major risk which can be avoided because “nobody should protect sensitive data with something that can be guessed”.

Favourite celebrities
Sports teams and first names are another common choices for passwords with ‘Ashley’ the most common name used as a password and ‘Liverpool’ the most common premier league football team name used as a password. ‘Blink182’ was the most common band.

“Using hard-to-guess passwords is a strong first step, and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password,” added Levy.

There are several password management tools available that can generate unique passwords and store them in a central place for users who want to take their online security to the next level.

By Jack More for Mashable 

They wouldn’t have numbered it if it was the only one.

On 16 January, security research Troy Hunt uploaded a massive cache of leaked e-mails and passwords to his invaluable website have i been pwned.

The 87GB dataset, dubbed “Collection #1,” was admittedly years old, and had been passed around by hackers for some time now. Still, the sheer scale of it — containing over 772-million email addresses — turned heads. Hold onto your digital butts, because as Krebs on Security reports, you ain’t seen nothing yet.

According to Krebs, the Collection #1 data breach is, unsurprisingly, part of a much larger collection of stolen online credentials being sold online. And, taken as a whole, it dwarfs Collection #1’s size.

Just how big are we talking? According to the hacker allegedly selling access to the data who communicated with Krebs over Telegram, the entire data set of email addresses and passwords comes close to 1TB. Brian Krebs, the infosec journalist behind Krebs on Security, tweeted a screenshot purportedly depicting a page listing the data for sale.

In addition to the 87GB Collection #1, there’s a 526GB Collection #2, a 37GB Collection #3, a 178GB Collection #4, a 42GB Collection #5, and two other folders totaling an additional 126GB worth of credentials.

The seller told Krebs that, in total, they had close to 4TB of so-called password packages. Yeah, that’s a lot. According to the image above, the “Price for access lifetime” is only a cool $45 (R630).

So your email, along with one or more passwords to various throwaway online accounts you’ve used and discarded over the years, is likely being traded on the dark web. What does this mean for you?

Well, if you’re smart about your online security, probably not too much immediately. Assuming you use unique passwords for each account online — and you definitely should — any of your passwords contained in the dataset would only gain a hacker access to one specific online service. Like, say, your old Tumblr account. And, if you use two-factor authentication, you’re likely in the clear.

However, all this goes out the window if a hacker gets access to your main email account and can initiate password resets. And if the email account in question just so happens to share a password with your now-defunct Neopets account or whatever? You might legit be in trouble. Consider getting a password manager, and make sure your email has a unique password and 2FA.

And then go about your normal online business, comfortable in the knowledge that your personal data is being sold to hackers for the low, low price of $45 (R630).

To see whether your email address has been breached, visit have i been pwned.

By Jack Morse for Mashable 

A million hacked Facebook accounts isn’t cool. You know what’s even less cool? Fifty million hacked Facebook accounts.

A Friday morning press release from our connect-people-at-any-cost friends in Menlo Park detailed a potentially horrifying situation for the billions of people who use the social media service: Their accounts might have been hacked. Well, at least 50 million of them were “directly affected,” anyway.

The so-called “security update” is light on specifics, but what it does include is extremely troubling.

“We did see this attack being used at a fairly large scale.”

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” reads the statement. “[It’s] clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”

That’s right, almost 50 million accounts were vulnerable to this attack. As for how many were actually exploited?

“Fifty million accounts were directly affected,” explained Facebook VP of product management Guy Rosen on a Friday morning press call, “and we know the vulnerability was used against them.”

“We did see this attack being used at a fairly large scale,” added Rosen. “The attackers could use the account as if they are the account holder.”

The statement itself didn’t provide much additional insight.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” continues the statement. “We also don’t know who’s behind these attacks or where they’re based.”

Facebook says it’s fixed the vulnerability, and that 90 million people may suddenly find themselves logged out of their accounts or various Facebooks apps as a result.

The disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.

So, yeah, this is big.

“Security is an arms race,” Facebook CEO Mark Zuckerberg dryly noted on the press call.

Facebook is working with law enforcement, and, at least for now, says you don’t need to change your password. But maybe go ahead and log out of your account, everywhere, just to be safe.

“[If] anyone wants to take the precautionary action of logging out of Facebook, they should visit the ‘Security and Login’ section in settings,” advises the warning. “It lists the places people are logged into Facebook with a one-click option to log out of them all.”

So yeah, click through that link and log out of your account on all webpages and apps at once. After that, maybe think long and hard about whether it’s even worth logging back in.

By C.R. for The Economist 

It is not a message any frequent flyer looks forward to receiving. On 7 September, British Airways (BA) said it had emailed over 380 000 customers who had booked flights with the carrier between 21 August and 5 September admitting that their credit-card details had been stolen by hackers.

BA’s embattled chief executive, Alex Cruz, attributed the breach to a “malicious, fairly sophisticated attack” on its website. The airline thinks the hackers obtained names, street and e-mail addresses, and credit-card numbers, expiry dates and security codes—more than enough information to steal money from bank and credit-card accounts.

Mr Cruz has promised compensation for any customers financially affected by the hack.

The airline has not released the full details of what happened, and is still investigating the breach. But it has admitted that it was only data used in transactions in that 15-day period, not saved credit-card data on customer accounts, that was stolen.

Cyber-security experts say that hack sounds like it breached the system that managed customer payments, unlike previous attacks on other big companies where saved data was stolen.

Whatever the cause of the attack, aviation analysts think BA is likely to be hit hard by fines from regulators. Under the EU’s new General Data Protection Regulation, which came into force in May, BA could face a fine of up to 4% of its revenues if it is determined that it did not do enough to protect customer information.

That would be around £500m ($650m). If regulators decide that the penalty should be levied on the entire revenues of IAG, BA’s parent, that number could swell to as much as €1bn ($1.16bn). After adding the cost of compensating customers affected by the breach, it is no wonder that the group’s shares dropped in value by 2% on the morning the news became public.

But analysts are wary about saying that the hack will affect BA or IAG’s longer term performance.

BA has been hit by a serious of complaints about falling standards of service on its flight and by a computer crash that stranded 75,000 of its passengers last May. Mr Cruz has been crucified in the media for both public-relations meltdowns. Yet neither issue has really affected demand for BA flights.

So why do BA passengers keep coming back to the airline, in spite of it losing their credit-card data, checked-in baggage and taking away free nosh onboard? The answer is that they have little choice.

New airlines simply cannot take market share away from BA at Heathrow. As long as it uses each take-off and landing slot it is allocated 80% of the time, it can keep it for the next season. As a result, the share of slots at Heathrow owned by BA’s parent has risen from 36% in 1999 to 54%. It has also been gobbling up slots at Gatwick from defunct airlines such as Monarch, to make sure Norwegian, a disruptive long-haul low-cost competitor, cannot get their hands on them.

However much the airline’s computer systems go wrong or it cuts back its level of service onboard, new competitors cannot push it off the runway. Another IT disaster will not change that.

  • 1
  • 2

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top