All posts in “hacking”

Cryptocurrency exchange puts $250,000 bounty on hackers

The hunter has become the hunted and so on.
The hunter has become the hunted and so on.


Binance is done playing nice. 

The cryptocurrency exchange was the target of an attempted hack last week, and although the company claims that the attackers were largely unsuccessful in their efforts, they nevertheless still made someone at the exchange mad. So mad, in fact, that on Sunday, Binance announced the equivalent of a $250,000 bounty on the hackers. 

“To ensure a safe crypto community, we can’t simply play defense,” read the statement. “We need to actively prevent any instances of hacking before they occur, as well as follow through after-the-fact.”

That follow through just so happens to come in the form of a fat cryptocurrency reward, and is all but guaranteed to kick off a mad digital vigilante rush. 

“The first person to supply substantial information and evidence that leads to the legal arrest of the hackers, in any jurisdiction, will receive the equivalent of $250,000 USD in BNB [Binance Coin],” continued the modern day version of a wanted poster. 

Binance appears to relish being on the offensive — a fact emphasized by the company’s CEO, Changpeng Zhao.

“As in a football match, you can’t just play defense,” he tweeted

Regardless of how this particular case gets resolved, it doesn’t look like the idea of exchanges putting bounties on hackers is going away any time soon. In fact, it’s probably going to pick up steam. 

“Binance has currently allocated the equivalent of $10,000,000 USD in crypto reserves for future bounty awards against any illegal hacking attempts on Binance,” noted the same announcement. “We have also invited other exchanges and crypto businesses to join our initiative.”

So all you would-be cryptocurrency exchange hackers out there, consider yourselves warned.

[embedded content]

Someone hacked a Tesla cloud account to mine cryptocurrency


Image: Justin Sullivan/Getty Images

There’s digital gold in them thar computers, and hackers are digging their way in.

Tesla is hailed as a cutting-edge company known for setting the agenda in its field, but when it comes to being the victim of malicious hackers hijacking its computer resources to mine cryptocurrency, it turns out it’s just like everyone else. 

According to cloud security company RedLock, Tesla has joined the growing list of companies that have been subjected to what experts call cryptojacking — a practice involving the theft of computer processing power to mine cryptocurrencies like bitcoin or Monero.

Hackers reportedly took control of Tesla’s (non-password protected) Kubernetes console — something that helps to administer a Google-designed “managed environment for deploying containerized applications” — and installed and ran crypto-mining software.

The report leaves some big questions unanswered, such as what mining software was used and what cryptocurrency was being mined. In the past, Coinhive has made a lot of news for mining Monero — the preferred cryptocurrency of criminals as it is seen to offer more anonymity than Bitcoin — on unsuspecting victims’ computers. Just recently, Salon announced it would mine Monero on some visitors’ computers.

Interestingly, whoever was behind the Tesla hack went to great pains to cover their tracks. According to RedLock, “the hackers had most likely configured the mining software to keep the [CPU] usage low to evade detection.” Unexplained spiking CPU usage is often seen as a red flag for potential cryptojacking. 

What’s more, the attackers also “hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network (CDN) service.”

Basically, whoever was behind this really didn’t want to get caught (surprise), and had some great tricks up their sleeve to evade detection. Perhaps they just really wanted to combine their love of Tesla and hodling bitcoin?

RedLock reported its discoveries to Tesla, which quickly worked to rectify the situation. It also paid out a small bug bounty to the company, reports Fortune

“We maintain a bug bounty program to encourage this type of research,” a company spokesperson explained to the publication.

While the security team at Tesla (with RedLock’s help) was eventually able to lock this down, there is one type of cryptocurrency mining no amount of security hygiene will be able to stop — using power from the Supercharger network to run a mining rig

But oh well, you have to start somewhere. 

[embedded content]

Cybersecurity researchers say Olympics hacker aimed to embarrass

Ya burnt.
Ya burnt.

Image: Matthias Hangst/Getty Images

The hot new trend in Winter Olympics fashion? Making the host country look like a chump. 

Following reports that Olympic organizers had their servers hacked during the opening ceremony, security researchers have dug into the malware responsible and come to an interesting conclusion: Embarrassment was the name of the game. 

According to Talos, “Cisco’s industry-leading threat intelligence team,” the attack that knocked Olympic press center TVs offline and forced the temporary shutdown of the Pyeongchang 2018 website was tailored to be destructive. 

In other words, unlike the ransomware that swept the globe last year, there was no clear financial motive. And it doesn’t look like the attackers were after information, either. 

“The purpose of this malware is to perform destruction of the host, leave the computer system offline, and wipe remote data,” explained report authors Warren Mercer and Paul Rascagneres. “Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony.”

The researchers at Talos dubbed the malware “Olympic Destroyer,” just in case anyone was unclear about their conclusions. 

Deleting that data.

Deleting that data.

Image: Talos

Importantly, there is no foolproof way to know with 100 percent certainty what motivated the hackers. However, a plot to muck things up isn’t that farfetched. After all, there is at least one powerful actor that could conceivably have such a motive. 

Russia was banned from officially competing in this year’s Winter Olympics by the International Olympic Committee, and hasn’t taken that reality well. The Washington Post reported today that Russian foreign minister Sergei Lavrov claimed the reason for the ban — state-sponsored doping — was invented by the United States because the U.S. “can’t beat us fairly.”

So, yeah, clearly someone is upset — and Russia has been known to wield its powerful hacking skills in a variety of unsavory ways

Does that mean Russia perpetrated the hack? At this point, it’s too early to say. However, if an attack during the opening ceremony is any indication of what’s to come, we may just end up with plenty more opportunities to find out. 

Https%3a%2f%2fblueprint api uploaders%2fdistribution thumb%2fimage%2f84484%2f4e01c3d4 79b9 46fe adaf 6776164bdd41

Olympic organizers hit with hack during opening ceremony


Image: Ian MacNicol/Getty Images

International unity be damned.

The 2018 Winter Olympics opening ceremony was an opportunity for athletes around the world to proudly wave their nation’s flag and welcome the start of a time-honored tradition of peaceful competition. Oh, and it was also a chance for another highly skilled subset of the planet’s population to strut their stuff — specifically, hackers. 

According to the South Korean news agency Yonhap News, servers belonging to Olympic organizers were hacked during this year’s Feb. 9 opening ceremony. As a result, the TVs at the main press center are said to have malfunctioned. 

What’s more, in response to the attack, organizers briefly shut down their own servers — temporarily knocking the Pyeongchang 2018 website offline in the process. 

At present, not much is known about the individual or individuals behind the attack. However, that the Olympics and related organizations are a prime target for hackers is nothing new. In 2016, the World Anti-Doping Agency admitted to being the victim of a hack, saying that Russian hackers had stolen confidential medical data pertaining to athletes.  

Not a hack in sight.

Not a hack in sight.

Image: Jamie Squire/Getty Images

On top of that, officials have long suspected that this year’s games were going to present a unique cybersecurity challenge. In January, for example, security firm McAfee disclosed the existence of a hacking campaign targeting Olympic-affiliated organizations and noted that more was likely to come. 

“With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes,” the company explained in its report. “In similar past cases, the victims were targeted for their passwords and financial information. In this case the adversary is targeting the organizations involved in the Winter Olympics by using several techniques to make it more tempting to open the weaponized document.”

In other words, the opening ceremony hack might just be the first of many we’ll see over the course of this year’s Olympic Games. Here’s hoping that malfunctioning televisions are the worst thing that comes of it. 

Https%3a%2f%2fblueprint api uploaders%2fdistribution thumb%2fimage%2f84484%2f4e01c3d4 79b9 46fe adaf 6776164bdd41

Apple thinks you should really chill about that iBoot leak

Just chilllllll out already mannnnnn.
Just chilllllll out already mannnnnn.

Image: Stephen Lam/Getty Images

Everyone, take a deep breath. It’s going to be OK. 

Yes, a piece of Apple’s iOS source code was posted to GitHub this week, but it turns out that when it comes to the security of your iPhone the iBoot leak might just be much ado about nothing. 

This, of course, is Apple’s official line — but it turns out that the three-quarters of a trillion-dollar company may be doing more than covering its own ass. It might just be, surprise, telling the truth. 


“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” the company insisted in a statement to Mashable. 

And that’s more or less the thinking of security researcher Patrick Wardle, who you may remember from his work exposing the super creepy Fruitfly malware. When asked about the possible impact of this leak on iOS security, he explained why we can all probably rest easy. 

“Having access to source code shouldn’t make a system less secure (e.g. Linux is open source and very secure),” he noted over Twitter direct message. “[Real] hackers don’t need access to source code — they can reverse a binary and find bugs.”

Now, this doesn’t mean that there won’t be any security effects of the leak, just likely not ones that will shake your personal iPhone to its core.  



Image: Scott Olson/Getty Images

“[This] does make it way easier for pretty much anybody to look for bugs now,” observed Wardle, “and since iOS bugs are so valuable — it may be unlikely that if somebody finds a bug they will report it to [Apple], vs sell it for wayyy more $$$.”

Of course, some skepticism of Apple’s everything is fine claim is definitely warranted. As security researcher and penetration tester Dan Tentler pointed out over email, “ask yourself this: would [Apple] release a press statement saying the sky is falling and that this [iBoot] leak will allow people to break into [iPhones] easier?”

Point taken. And we can assume there will be some ramifications, but explosive ones? Hard to say. 

“Apple saying it’s old, yah that’s true,” noted Wardle, “but a lot of that code is likely still used in iOS 11. So if you find a bug in the leaked [source] code, it may still be applicable today.”

In the end, while the leak of the iBoot source code obviously isn’t a good look for Apple, according to Wardle it doesn’t presage a security apocalypse for the average iPhone owner. He assured us that the “sky isn’t falling” and that access to source code does not automatically equal exploits. 

So, like we said, you can take a deep breath. And, once you’ve done that (and updated your phone to the latest operating system), go back to worrying about Spectre and Meltdown

[embedded content]