If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password for a crypto wallet containing approximately $3 million in bitcoins. With a lot of skill and a little luck, researchers discovered a flaw in the way an older version of the RoboForm password manager generates passwords that allowed them to pinpoint the missing login and access the buried treasure.
Police in Western countries are using a new tactic to pursue cybercriminals who remain physically out of reach of US authorities: trolling. Recent takedowns of ransomware groups like LockBit go beyond traditional disruption of online infrastructure and include messages on seized websites aimed at messing with the minds of criminal hackers. Experts say these troll tactics help sow distrust among cybercriminals, who already have ample reason to distrust each other.
A University of Minnesota graduate student has been charged under the Espionage Act for photographing a shipyard in Virginia where the U.S. Navy assembles nuclear submarines and other ships whose components are classified. However, what makes the case novel is that he allegedly took the photographs with a drone, making his prosecution likely the first of its kind in the United States.
It was a big week for cops taking down botnets (as you’ll read more about below). This week, the United States announced that it had taken down what could be the “largest botnet ever created,” according to FBI Director Christopher Wray. The botnet, called 911 S5, included some 19 million hijacked IP addresses worldwide, which authorities say were used to carry out billions of dollars in Covid-19 aid fraud, make bomb threats, trafficking in child sexual abuse material and more.
But that is not all. Each week, we round up security news that we ourselves don’t cover in depth. Click on the headlines to read the full stories and stay safe.
Last year, more than half a million Internet routers were disabled in a malware attack carried out by an unknown threat actor targeting a US Internet service provider. Launched in late October, the attack, one of the largest ever committed against the sector, it allegedly disrupted the Internet in several Midwestern states. The attack was first revealed this week by security firm Black Lotus Labs, which did not identify the specific company affected. However, Ars Technica reports that the incident appears to have affected an ISP called Windstream, which provides internet service to 18 Midwestern and Southern US states.
Black Lotus Labs researchers say the attacker used commercially available Chalubo malware to gain access to the routers, and that its firmware was eventually overwritten, effectively bricking the devices. The outage sparked a flood of complaints on a forum about damaged routers. “Routers now just sit there with a solid red light on the front,” said one user. wrote on the DSLReports forum. “They won’t even respond to a RESET.”
The Biden administration allegedly fabricated the conclusion of a report released in early May that found the United States did not have “complete information to verify” whether Israel had used American-made weapons in contravention of international humanitarian law, according to a whistleblower. Stacy Gilbert, a senior civil-military expert who resigned from the US State Department this week in protest. Gilbert says the State Department experts who compiled the report clearly implicated Israel in limiting the amount of food and medical supplies that could reach Gaza; However, the report was reportedly removed from the experts’ hands and then “edited at a higher level.”
The report consisted of a mandatory national security assessment that, if Israel had been found to have violated humanitarian law, would have forced the United States to suspend its arms sales. At the time of the report’s release, critics of the administration’s Gaza policy accused the White House of willfully ignoring the conduct of Israeli forces attempting to disrupt food deliveries to the famine-stricken Palestinian territory. Gilbert is the second US official to publicly resign this week in protest of US involvement in the attacks.
An international coalition of law enforcement agencies, cybersecurity companies and other organizations announced this week the disruption of large swaths of the global botnet ecosystem. Branded “Final operation”, the effort focused on malware “droppers,” or malicious software that is used to infiltrate a machine so that it can be used to more easily infect a machine with additional malware. Droppers targeted by Operation Endgame include IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. according to europol, which says authorities seized more than 100 servers and 2,000 websites allegedly linked to cybercriminal activities. Law enforcement also arrested four “high value” people; Germany added another eight people to its most wanted list. One of the “main suspects,” according to Europol, amassed a cryptocurrency fortune valued at €69 million ($74 million) by renting infrastructure for ransomware attacks. And the action isn’t over: the Operation Endgame website indicates that there will be a new announcement in the coming days.
Meta says it has shut down an AI-powered network comprising hundreds of fake Facebook and Instagram accounts linked to an Israeli business intelligence company. The company, Stoic, is accused of accepting contracts to spread inauthentic pro-Israel content across the platforms in order to manipulate the political opinions of American users. Meta stated that Stoic’s influence operation was still in its “audience building” phase, “before they could engage authentic communities.”