If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.
Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.
A graduate student at the University of Minnesota has been charged under the Espionage Act for photographing a shipyard in Virginia where the US Navy assembles nuclear submarines and other vessels whose components are classified. What makes the case novel, however, is that he allegedly took the photos with a drone, making his prosecution likely the first of its kind in the US.
It was a significant week for law enforcement efforts against botnets. This week, the US disclosed the disruption of what may be the “largest bot harassment ever,” according to FBI director Christopher Wray. The botnet, identified as 911 S5, encompassed roughly 19 million compromised IP addresses worldwide. Authorities have linked these IP addresses to crimes involving billions of dollars in Covid-19 relief fraud, bomb threats, trade in child sexual abuse material, among other illegal activities.
We also bring weekly updates on security news that we didn’t explore thoroughly on our own. Follow the full stories through the provided headlines, and stay vigilant.
Last year, an attack using malware disabled over half a million internet routers. This attack, orchestrated by an undisclosed actor against a US internet service provider, unfolded in late October and is among the largest of its kind in this sector. Black Lotus Labs disclosed the incident this week without naming the specific company; however, Ars Technica suggests the incident affected Windstream, a company delivering internet across various states in the Midwest and South of the US.
According to researchers at Black Lotus Labs, the attackers utilized Chalubo, a commonly available malware, to infiltrate the routers. This breach eventually led to the firmware being overwritten, rendering the routers inoperative—a situation described on a forum by numerous complaints. One user mentioned, “The routers now just sit there with a steady red light on the front. They won’t even respond to a RESET.”
The Biden administration is accused of manipulating the findings of a recent report, according to statements from Stacy Gilbert, a former senior civil-military expert at the US State Department who resigned her position this week. Gilbert disclosed that although the internal report originally found Israel may have restricted essential supplies such as food and medical aid to Gaza, this conclusion was altered in the final release after upper-level edits. The report, necessary for national security assessment purposes, could have led to a halt in US arms sales to Israel if violations of humanitarian laws were confirmed.
Following the publication, critics of the administration’s stance on Gaza criticized the White House for overlooking the actions of Israeli forces that allegedly interfered with the distribution of aid to the beleaguered Palestinian area. Gilbert is now the second official to quit in objection to the U.S. position on the situation in Gaza within the same week. See more details here.
This week also brought news from an international coalition, including law enforcement and cybersecurity entities, which declared a significant strike against global botnet operations through “Operation Endgame.” This global initiative focused on malware types that facilitate further infections, such as IcedID and Trickbot, with Europol reporting the takedown of over 100 servers and the arrest of individuals connected to this cyber threat. Read Europol’s report here.
Moreover, Meta has recently dismantled a network of fake accounts on Facebook and Instagram, operated by an Israeli firm named Stoic. This firm allegedly engaged in spreading misleading pro-Israel narratives as part of a contracted influence campaign targeting North American political sentiments. Despite being in early phases, the operation was stopped before it could effectively engage with genuine user communities.
By Tess Owen
By Reece Rogers
By Will Knight
By Kim Zetter