now browsing by tag


#Hacker Steals $13.5 Million From #Bancor #Cryptocurrency #Exchange

In a statement published hours ago, Israeli-based cryptocurrency exchange Bancor fessed up to a security incident following which a hacker made off with roughly $13.5 million worth of cryptocurrency.

The hack took place yesterday, July 9, at 00:00 UTC, according to Bancor, after an unknown intruder(s) gained access to one of the company’s wallets.

This was a big deal because Bancor doesn’t run as a classic exchange platform, but uses a complex mechanism based on smart contracts running on the Ethereum platform to move funds at a quicker pace than classic exchange platforms.

The compromised wallet also granted the attacker access to updating the smart contracts responsible for converting user funds.

Bancor says the hacker used this access to withdraw 24,984 Ether (ETH) coins (~$12.5 million) from Bancor smart contracts and sent the Ether to his own private wallet.

Similarly, he also withdrew 229,356,645 Pundi X (NPXS) coins, worth another $1 million.

Security feature prevents theft of another $10 million

The hacker also withdrew 3,200,000 Bancor tokens (BNT) (worth around $10 million), which Bancor had issued last year as part of its ICO that raised over $150 million, but Bancor says a security feature in Bancor tokens allowed it to freeze the funds and prevent the hacker from cashing it out at other exchanges.

“It is not possible to freeze the ETH and any other stolen tokens,” Bancor says. “However, we are working together with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for their thief to liquidate them.”

Bancor said the hacker didn’t compromise any user wallets. The theft appears to have affected only Bancor’s reserves, which the company held to facilitate the cryptocurrency exchange process.

Bancor did not reveal how the hack took place but promised more updates in the following days via its website and its Twitter account. Bancor’s platform is currently down and undergoing maintenance work.

Last year, a security researcher criticized the Bancor platform for using smart contracts that contained several security flaws.

Below is Bancor’s initial statement regarding yesterday’s security breach.

Source: https://www.bleepingcomputer.com/news/security/hacker-steals-135-million-from-bancor-cryptocurrency-exchange/


The post #Hacker Steals $13.5 Million From #Bancor #Cryptocurrency #Exchange appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker gets #woman’s #nude pics, #threatens to #post them #online

A woman said her email account was hacked. She told Lee County Sheriff’s Office that she is not being threatened by an unknown suspect with her own photographs.

The woman believed the person found her email address on Facebook.

“Revenge porn is a form of harassment. It’s a form of abuse,” Elizete Velado said. Velado is an attorney at Goldberg and Noone in Downtown Fort Myers.

Velado’s firm is not involved with this particular case. However, she told 4 In Your Corner revenge porn has been a problem for years.

“It’s really important for people to remember it’s not the victim’s fault when someone breaks into their computer,” Velado said. “Breaking into your computer is like breaking into your home,” she added.

The victim told investigators she was bombarded with messages. The unknown person wanted her to pay up. She told the deputy that the person would post the nude pictures of her.

Hackers like the one in this case have stayed slightly ahead of the laws.

“It’s very difficult for the law to keep up with emerging technology and sexual cyber stalking takes many forms,” Velado added.

Florida has laws against sexual cyber stalking. It allows victims to get compensated.

Arrests are few and far between because hackers hide behind IP addresses and proxy servers.

Velado hopes future laws will bring about justice.

“It’s great that we finally got national attention on this. It is an issue that needs to be dealt with. The people that are doing this need to be held accountable,” Velado said.

The woman in this case plans to press charges if and when the suspect is found. She submitted screenshots of the messages to investigators.


The post Hacker gets #woman’s #nude pics, #threatens to #post them #online appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Did #Atlanta’s #hacker get in through #City Council #software?

 – The Atlanta City Council President Thursday ordered a review of the Atlanta City Council database to determine exactly how hackers got in. Hackers continue to hold the city data hostage and demand a ransom to get it back.

Last week, members of Mayor Keisha Lance Bottom’s team informed Atlanta City Council members “a high likelihood that the incursion came through the City Council side of the building, through some software used by the Atlanta City Council called the Legislative Management System.”

The president of council and members have been told that.

Atlanta City Council President Felicia Moore said there has been no definitive word that the databases that citizens see working when regular meetings are held is the actual source where the hackers got in. Moore is asking questions about it.

“When I first heard of it, I have been doing my due diligence to ask our staff to give me any information that may be even remotely related to that. But in terms of a determination, no one has given me any firm determination,” said Moore. “Well, there are some offices that are operating. There are some that are not, and that’s across the city.”

The company involved with the software, it’s called Accela. FOX 5 News has obtained some communications between city officials and that company, in which early February there was a report of an urgent security incident in which they detected perhaps some company familiar with malware or using malware had gotten into or attempted to get into the city council computers.

That’s among the information Felicia Moore has in these emails and that’s part of her review.

FOX 5’s Morse Diggs spoke with an executive with the company, Jonathan Knight, who said he was unaware of those communications but the company is cooperating fully with the city and any law enforcement that wants to talk with them


The post Did #Atlanta’s #hacker get in through #City Council #software? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker #stole £10k from #jazz #charity

Source: National Cyber Security News

A jazz centre, headed up by Westcliff musician Digby Fairweather, was targeted by an online fraudster, it has been revealed.

Hackers accessed an account belonging to the Southend-based Jazz Centre UK and stole £10,000.

Fortunately, the charity had its money refunded by the bank, but Mr Fairweather said people must be vigilant to rising cyber crime.

He said: “The Jazz Centre UK online account had two payees set up at the time for small sums. Someone hacked into the account and moved £4,950 twice in a day into these accounts. He then rang both firms saying he was from the jazz centre and the sums had been transferred by mistake and that we owed the money to someone else.

“He asked them to pay it back and then gave them his own account number.”

Mr Fairweather added: “It was virtually all the Jazz centre UK funds but after an inquiry it was the fault of the bank and all the money was refunded – apart from £216.

“It made us very wary of online banking. It could have left us in a great deal of trouble.”

The incident, which happened in October, came to light after it was raised in Parliament by Southend West MP Sir David Amess.

Read More….


View full post on National Cyber Security Ventures

Hacker #tricks official #Vatican News site into #declaring #God an #onion

Source: National Cyber Security News

A Belgian security researcher has discovered a vulnerability on the website of Vatican News — the official news publication of the Holy See — that could allow anyone to publish their own fake news.

The vulnerability was discovered by independent researcher Inti De Ceukelaire. Proving his work, he tweeted a picture of Vatican News falsely stating that Pope Francis had declared God to be an onion.

De Ceukelaire (who we’ve previously profiled) has been behind some high profile discoveries. In September, he disclosed ways to access corporate messaging apps like Slack and Yammer by exploiting publicly-accessible help-desks and bug trackers.

Last February, De Ceukelaire earned notoriety after he redirected several links in Donald Trump’s old tweets to content that would otherwise be embarrassing for the now-occupant of 1600 Pennsylvania Avenue. He did this by identifying websites Trump had tweeted out whose domain names had been allowed to expire. He then re-registered them under his own name.

Keeping with the Trump theme, he used publicly accessible online information to find the contact details of Melania Trump. He used this to invite FLOTUS to his home town.

In the case of Vatican News, De Ceukelaire encountered an unpatched cross site scripting (XSS) vulnerability, and exploited it to inject the blatantly fake news.

Read More….


View full post on National Cyber Security Ventures

Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says

Source: National Cyber Security – Produced By Gregory Evans

After eight months of maintaining his innocence in a massive data breach at Yahoo, Karim Baratov feels like he’s now, his lawyer says, doing the right thing by pleading guilty to charges stemming from his role as a hacker.

Baratov, who is from Hamilton, is scheduled for sentencing in February, after pleading guilty, in a U.S. court on Tuesday, to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft.

“He’s feeling like he’s doing the right thing … he’s happy that he’s doing the right thing, he’s happy that he’s opening up, and he’s not holding back,” said Amedeo DiCarlo, one of Baratov’s lawyers. “I think that’s what the justice system expects of him.”

Authorities say the hack affected at least a half billion user accounts, and was directed by two Russian intelligence agents. U.S. law enforcement officials call the 22-year-old Baratov a “hacker-for-hire” and say he was paid by members of Russia’s Federal Security Service to access more than 80 accounts.

DiCarlo wouldn’t say if Baratov turned over information on the two Russians linked to the case, but did say he has been “very forthcoming with his information” and “very transparent.”

“He told them everything they needed to know,” DiCarlo said.

Another one of his attorneys, Andrew Mancilla, echoed that sentiment outside of court after the guilty plea was made. “He’s been transparent and forthright with the government since he got here,” Mancilla said.

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.

Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it’s not clear whether they will ever step foot in an American courtroom since there’s no extradition treaty with Russia.

Yahoo user accounts began being compromised at least as early as 2014. Prosecutors say Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo.

After Baratov’s arrest, his parents said that their son was a “scapegoat.” DiCarlo said they are now finally seeing some sense of closure.

“It’s a big strain on everybody — it’s kind of like you’re biting your fingernails, waiting for the result. Now, here is a final result in their opinion … they see an end in the future.”

Baratov’s sentencing is set to happen in February, and the threshold for how much jail time he could face ranges from zero to 20 years, DiCarlo said — though he would not disclose what sentence the defence will submit as appropriate. It’s also not clear if Baratov would serve a sentence in Canada or the United States.

“We’ve got our ranges to work with, and that’s where the lawyering takes place,” DiCarlo said.

The post Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker #demands #money, #threatens #terrorist #claims

Source: National Cyber Security – Produced By Gregory Evans

A 72-year-old Plymouth man’s computer was hacked by someone who threatened to report him as a terrorist sympathizer unless he paid money, a police report said.

The victim told police he received several telephone calls Nov. 21 after his computer was hacked. He said the caller demanded $300 for three years of computer protection or $2,000 for lifetime coverage.

The caller became aggressive, the report said, threatening to contact the U.S. president and the CIA to accuse the victim of supporting a terrorist network.

The victim notified police and no money was lost.

Suspicious visitor

A 51-year-old Plymouth man notified police after he was twice awakened by someone pounding on his door and leaving behind a smashed pumpkin on his driveway and a plant dumped on the windshield of his Ford Fusion, a report said.

The man said the knocking occurred about 2:30 a.m. Nov. 23 and then an hour later. He called police both times, but the prankster had fled when officers arrived.

The incident occurred in the 1000 block of Quail Circle. The windshield of the Ford Fusion sustained some damage when the plant was dumped on it.

Drunken crash

Plymouth Township police arrested a 36-year-old Westland man after he crashed his 2013 Ford Econoline into a building at 14937 Northville Road, a report said.

Police cited the man for operating while impaired and his vehicle was impounded.

The crash happened just before midnight Nov. 21, near Northville Road and Five Mile, the report said. The driver was bleeding from the head and mouth and was taken to St. Mary Mercy Hospital for treatment, the report said.

The suspect told police another vehicle cut him off and caused him to crash into the building after he left a bar, the report said. Police got a search warrant to have the man’s blood drawn to test for blood-alcohol level.

Vehicle larceny

A 43-year-old Canton woman called police after her purse was stolen by someone who smashed out her car window while she was parked at Applied Fitness Solutions on Ann Arbor Road in Plymouth, a report said.

She said the incident happened between 6:45 p.m. and 8 p.m. Nov. 9. She said she had tried to hide her purse under the back of the passenger seat, but apparently it was still visible.

She said she locked the doors, but the intruder broke out the rear passenger window. She told police the purse contained credit cards, $30 in cash and her driver’s license.

Home break-in?

A 34-year-old man told Plymouth Township police $500 was stolen from his bedroom closet while he was out of town, a report said.

He told police he returned Nov. 12 to his home in the 2300 block of Hackberry to find that five $100 bills had been stolen from his closet. He said he locked the house before he left.

He told police the money had been given to him as a family gift.

The post Hacker #demands #money, #threatens #terrorist #claims appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Prague #appeals court allows #Russian #hacker extradition to #US

Source: National Cyber Security – Produced By Gregory Evans

A Prague appeals court on Friday upheld a lower court ruling that a Russian man who faces charges of hacking computers at American companies can be extradited to the United States.

Czech authorities arrested Yevgeniy Nikulin in Prague in cooperation with the FBI in October last year. He is accused by U.S. prosecutors of penetrating computers at Silicon Valley firms including LinkedIn and Dropbox in 2012.

Moscow also wants him extradited on a separate charge of internet theft in 2009.

Prague’s Municipal Court ruled in May that both extradition requests meet the necessary legal conditions.

Nikulin appealed his extradition to both countries but later withdrew an appeal against his extradition to Russia.

Following the ruling by Prague’s High Court, it is now up to the justice minister to approve or dismiss the extradition. It is not clear when a decision can be expected.

Nikulin’s defense attorney said he was “surprised, astonished and disappointed.”

“I don’t share the legal opinion of the High Court and I will take the steps I can to reverse it,” Martin Sadilek said.

State Prosecutor Marcela Kratochvilova welcomed the ruling.

“There are no reasons to prevent extradition,” she said.

Nikulin denied he was a hacker and claimed he’s a car lover. He ran a popular Instagram account devoted to sports cars and socialized with the children of the Kremlin’s elite, including the daughter of Russian Defense Minister Sergei Shoigu.

Sadilek suggested again Friday that the case was politically motivated. He had previously said U.S. authorities appeared to be using Nikulin as a pawn in the investigation into alleged Russian hacking in the U.S. election.

Nikulin previously claimed he was twice approached by U.S. authorities while in detention, in the absence of his previous lawyer. He said they urged him to falsely testify that he cooperated in the hacking attack on the Democratic National Committee ordered by Russian authorities. He said U.S. authorities would, in exchange, give him money and a life in the United States, which he refused.

The U.S. has accused Russia of coordinating the theft and disclosure of emails from the Democratic National Committee and other institutions and individuals in the U.S. to influence the outcome of the 2016 presidential election. Russia has vigorously denied that.

There is no indication that Nikulin’s case is connected to the DNC hacking accusation.

Judge Karel Semik said Friday what what Nikulin is accused of is a normal criminal act and not a politically motivated criminal activity. Semik stressed it is not a task for the Czech court to decide whether he’s guilty but whether the extradition request meets all necessary legal conditions.

The hearing took place in the presence of heavily armed police officers. Nikulin was transported from a nearby prison to the court room via an underground tunnel.

Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


The post Prague #appeals court allows #Russian #hacker extradition to #US appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity on the #plant floor: #fighting the #Hacker Machine #Interface

Source: National Cyber Security – Produced By Gregory Evans

SCADA systems and cybersecurity: it remains a challenge and according to ample research even one of the major restraining elements in SCADA market growth.

While being a multi-faceted challenge, one of the many means through which attackers infiltrate SCADA systems is the Human Machine Interface (HMI).

With HMI/SCADA software being in fully evolution in the age of Industry 4.0 and Industrial IoT, exploiting vulnerabilities in the software still happens a lot.

Security expert Trend Micro looked at the state of SCADA HMI vulnerabilities and had its Zero Day Initiative Team investigate all the publicly disclosed vulnerabilities with regards to SCADA software that were fixed from 2015 and 2016. The result: a report and recommendations. An overview and some additional thoughts.

The Hacker Machine Interface: focus on patching

The majority of found SCADA software vulnerabilities are preventable using secure development practices Trend Micro states.

The major areas where SCADA software vulnerabilities occur as you can see in the graphic below are, respectively:

  • Memory corruption.
  • Credential management.
  • Lack of authentication/authorization and insecure defaults.
  • Code injection.
  • A big chunk of other areas.

The press release, revealing the findings and serving as an announcement of the report “Hacker Machine Interface: The State of SCADA HMI Vulnerabilities”, also states that the average time it takes a SCADA/HMI vendor to release a patch once a bug has been disclosed can go up to 150 days.

Patching is a significant challenge for multiple reasons. The mentioned 150 days is approximately 30 days longer than it takes highly deployed software from the likes of Microsoft or Adobe, yet far less than enterprise applications from firms such as HPE or IBM, Trend Micro says.

However, knowing that SCADA systems are a bit everywhere and certainly in critical infrastructure, making them of course interesting for the ‘bad guys’ there is certainly room for improvement in the area of patching. As per usual we need to emphasize that 150 days is an average. So, when you’re in the market for HMI/SCADA software it might be a good idea to look at the security and patching practices of the various vendors out there.

Among the many concerns with regards to the security of SCADA systems, according to Trend Micro’s Fritz Sands the weak link really is the human machine interface software part and patching comes in again.

According to Sands most HMI systems still run on old Windows operating systems whereby there are no more security upgrades for the several versions of the Windows OS. Quoting Sands from a November 2017 article, entitled ‘Dated Windows software the weak link for SCADA systems‘, “Windows is a sphere where hackers feel very comfortable. Instead of needing a complex tool set to attack SCADA controllers, they have 20 years of hacking skills used against Windows, SQL server, browsers and Adobe products.”

Top SCADA/HMI security issues according to the Hacker Machine Interface report

On top of the fact that in the age of Industrial IoT everything is increasingly connected and we shifted away from the isolated HMI and SCADA system that runs on a trusted network whereby end-to-end security by design has simply become a must, as well as many other security issues (from the inevitable human factor and insider attacks to the traditional challenge of removable media and the ever more sophisticated ways hackers use beyond old tactics such as phishing and malware) solving the old Windows version security issue seems like a no-brainer. Certainly as the stakes, scale and indeed complexity of cybercrime expand.

Back to the announcement of Trend Micro and some of the preventable SCADA/HMI issues the company found.

Below is an overview as mentioned in the announcement of the “Hacker Machine Interface: The State of SCADA HMI Vulnerabilities”. We added some quotes from the report which you can download in PDF here.

  • Memory corruption problems, which account for about 20 percent of all identified vulnerabilities, mainly represent traditional code security issues with the likes of stack- and heap-based buffer overflows and out-of-bounds read/write vulnerabilities.
  • Credential management challenges, accounting for a pretty impressive 19 percent of all vulnerabilities range from not protecting credentials enough and storing passwords in a recoverable format to the use of hard-coded passwords.
  • The category of vulnerabilities in the area of lack of authentication/authorization and of insecure defaults accounts for close to a quarter of all found SCADA vulnerabilities (23 percent to be precise). One of the issues: missing encryption. Another one: unsafe ActiveX controls marked safe for scripting.
  • The issues with regards to code injection are relatively minor in comparison with the others, accounting for 9 percent of all identified vulnerabilities. But of course, although perfect security is close to impossible, that is still far too much, certainly given the mission-critical role of SCADA and the fact that on top of the more common injection types there are also domain-specific injections as Trend Micro states.

Security strategies and security by design as the stakes get higher

Mentioning the crucial types of information such as a facility’s layout and critical thresholds SCADA system hackers can obtain (on top of the in the world of IoT not unknown phenomenon of getting device settings for future attacks) and threats such as the Stuxnet attack on an Iranian nuclear plant and Ukranian power grid attacks to provide an idea of the scope of potential damages, Trend Micro invites you to check out the various vulnerability types, cases of vulnerably SCADA Human Machine Interfaces and the much needed advice in its paper “Hacker Machine Interface: The State of SCADA HMI Vulnerabilities”.

By the way: needless to say that in times of ongoing digitization and digitalization, organized cybercrime, state-sponsored attacks and ‘cyber’ as a real weapon in warfare, cybersecurity cannot be an afterthought.

Not in SCADA/HMI software, not in SCADA systems, not in industrial transformation, not in critical infrastructure, not in Industry 4.0 and not in digital transformation or IoT projects overall.

Security by design and security strategies need to be included from the very start of any project, not just because of the risks but also because of the fact that calling in your cybersecurity folks too late is a slowing factor in digital transformation to begin with and, the other way around, security is a digital transformation accelerator.

In a SCADA/HMI security context the call to do more in the words of Trend Micro’s ‘ The State of SCADA HMI Vulnerabilities: “despite the obvious risks of obtaining unauthorized access to critical systems, the industry behind the development of SCADA systems, specifically HMI vendors, tend to focus more on equipment manufacture and less on securing the software designed to control them”.

The post Cybersecurity on the #plant floor: #fighting the #Hacker Machine #Interface appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Utah #charity’s #funds #wiped out by #hacker

Source: National Cyber Security – Produced By Gregory Evans

Utah Association for Intellectual Disabilities said Wednesday a hacker had locked them out of most of their systems and drained their bank accounts. This comes right as the group was gearing up for holiday giving season.

UAID gives Christmas gifts to adults who are intellectually disabled, often don’t have family, and stay in assisted living facilities.

The group only meets once a month and was getting together to plan their holiday strategy for buying and distributing gifts. The group serves around 1,200 – 1,400 people ever holiday season. Although Vice President Laura Henderson said they noticed no new email applications for help had come in since October 22nd.

“As we investigating the email issue, I opened the bank statements and started seeing things that just weren’t right,” said Henderson.

After speaking with their bank the group noticed around $5,000 from multiple accounts had been transferred, or stolen from their accounts. According to records the hackers used a series of apps and services to get the money out.

The transfers started small around October 22nd, but went into the thousands by the 25th.

It wasn’t just the money the hackers messed with. They also took over their PayPal, opened new accounts, and locked them out of their email and website. Even when they tried to change the passwords the hackers regained access a short time later.

Co-Founder Katherine Scott said she devastated because so many rely on their gifts, and often don’t get anything else for Christmas. With email accounts compromised they don’t know who needs services this year.

“That’s one of the things that’s making us real sad this year is we don’t know who needs help,” said Scott.

Doug Lind has been a recipient of gifts for the last six years, and said for many it’s the one thing that brightens up their holidays. He couldn’t believe the news.

“You have to be really low to do something like that to people who don’t have that much,” said Lind.

The groups is now scrambling for donations of money and clothes for those they serve. Because their email and website has been compromised they are asking everyone to call their new number at 385-887-4145.

The post Utah #charity’s #funds #wiped out by #hacker appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures