Cybersecurity Highlights: Instagram Data Breach, Bitcoin Mixer Seizure, and More

We have compiled the most significant cybersecurity news of the week.

$700 Million Seized from Helix Bitcoin Mixer Creator

Larry Dean Harmon, operator of the cryptocurrency mixer Helix, was found guilty of conspiracy to launder over $311 million in bitcoins, according to the U.S. Department of Justice.

Court documents reveal that from 2014 to 2017, the service processed at least 354,468 BTC, primarily from drug traffickers. Harmon developed an interface for direct integration of the mixer into darknet marketplaces and promoted it through his search engine Grams. 

Authorities tracked tens of millions of dollars obtained through criminal means. On August 18, 2021, Harmon pleaded guilty.

On November 15, 2024, he was sentenced to three years in prison followed by three years of supervision. Authorities seized funds equivalent to the $311 million loss. Additionally, cryptocurrencies, real estate, and other assets worth over $400 million were confiscated for the state.

Pegasus Developer Exposed Corporate Secrets

A U.S. federal court released three documents concerning classified information about the Pegasus spyware. The decision followed a lawsuit by WhatsApp against the app’s developer, the Israeli company NSO Group, reports TechCrunch. 

The declassified information includes testimonies from NSO Group employees during legal proceedings, their corporate correspondence, and internal company documents. 

It was revealed that the developer created a set of special hacking tools against targets using WhatsApp to access data on their phones. 

It also emerged that in recent years, NSO cut off 10 government clients from accessing Pegasus, citing abuse of its service. 

Legal proceedings between the companies have been ongoing since 2019, concerning unauthorized access to WhatsApp servers by NSO and attacks on individual messenger users. The plaintiff is currently seeking a summary judgment.

Hackers Claim Theft of Data from 500 Million Instagram Users

On November 10, Cybernews researchers discovered a purported data leak of nearly 500 million Instagram users for sale on a darknet marketplace, representing a quarter of the app’s total audience.

If the threat actor is telling the truth, data from a quarter of all Instagram users is available on a cybercriminal forum.#instagram #hack #DataSecurity #cybercrime #CyberSecurity https://t.co/dpjrpftjpD

— Cybernews (@CyberNews) November 12, 2024

To preview the dump, the hacker shared a sample of over 100 records. The collected data includes:

• name, username, and user ID;
• email address;
• biography;
• external URL;
• number of followers and followings;
• location;
• account creation date and category.

Cybernews verified the sample and noted the authenticity of the profiles presented. However, the email addresses had not appeared in previous leaks. This could suggest the data is either new or fake, experts noted.

The data collection was implemented through the API, but details of the process are undisclosed. Meta did not comment on the incident.

Hamster Kombat Game Used as Bait for Telegram Account Theft

F.A.C.C.T. analysts discovered web panels for creating phishing pages to hijack accounts of Russian-speaking users on Telegram and WhatsApp. 

Кража аккаунтов в Telegram и WhatsApp через фишинговые сайты может приносить злоумышленнику ежемесячный доход до 2.5 млн рублей.https://t.co/2t2oxaMrax pic.twitter.com/NSF8TFPNlZ

— F.A.C.C.T. (@F_A_C_C_T_) November 12, 2024

In addition to standard tricks with cash prizes and access to private channels, attackers lure victims with the “opportunity to withdraw funds” from the game Hamster Kombat and advertising a fake neural network “Undress Your Friend.” In all cases, users are required to enter confidential data on phishing sites.

After account hijacking, criminals can access information from chats, send links to malicious pages, or request financial assistance from contact lists and linked channels.

According to experts, using just one panel in the first half of 2024, at least 900 resources were created for account theft, and a participant in such a criminal scheme earns up to 2.5 million rubles per month.

US Air National Guardsman Sentenced to 15 Years for Pentagon Document Leak

Massachusetts Air National Guard member Jack Teixeira received a 15-year prison sentence for leaking classified Pentagon and U.S. intelligence information, reports NBC News.

#BREAKING: Judge sentences Jack Teixeira to 15 years (180 months) in federal prison for leaking classified military documents.

Federal prosecutors were asking for 17 years. Jack’s lawyers requested 11 years. @NBC10Boston pic.twitter.com/9MRarV67Up

— Eli Rosenberg NBC10 Boston (@EliNBCBoston) November 12, 2024

Teixeira had been in custody since April 2023. In March 2024, he pleaded guilty to six counts of willful retention and transmission of information related to national defense under the Espionage Act.

Before sentencing, the defendant apologized for his actions.

Additionally, U.S. authorities charged Connor Riley Muke and John Erin Binns—alleged hackers of more than 165 organizations using the cloud storage company Snowflake. Besides hacking computer systems and stealing information, they are accused of extorting at least 36 BTC ($2.5 million at the time of the transaction) from three victims, writes Bleeping Computer.

Among the victims is telecommunications giant AT&T, from which the defendants stole “approximately 50 billion records of customer calls and text messages.” According to the indictment, the hackers received a ransom from the company in cryptocurrency and then laundered it, including through conversion to Monero. 

Muke and Binns face up to 60 years in prison each and asset forfeiture on all charges. 

iPhone Introduces Auto-Reboot Feature for Data Protection

In the latest iOS 18.1 update, Apple added an auto-reboot feature for iPhones after extended periods of inactivity to re-encrypt data and complicate its extraction, according to several researchers.

The reboot transitions unused devices from the “After First Unlock” state to the “Before First Unlock” state, making them harder to hack with forensic tools.

This also maximally complicates data extraction, as even the operating system can no longer access it using encryption keys stored in memory.

Apple has not officially confirmed the new feature. Law enforcement in Michigan first discovered it when suspects’ iPhones began rebooting while in custody, as reported by 404 Media.

Also on ForkLog:

• SFS called for stricter AI regulation.
• Bitfinex hacker sentenced to five years in prison.
• UK created an “AI Granny” to combat phone scammers.
• Trader lost $25.8 million due to address error.
• FBI searched Polymarket CEO and seized phone.
• Offender admitted to laundering $73 million from crypto scam.
• South Korean YouTuber sold scam coins worth $232 million.
• In Thailand, a Ukrainian was forced to transfer 250,000 USDT.
• DeltaPrime confirmed theft of ARB and AVAX worth ~$4.8 million.
• Bitcoin Fog mixer operator sentenced to 12.5 years in prison.

Weekend Reading Suggestions

Together with the company “SHARD,” we explore the theory and practice of digital asset seizure.