Detector for rogue Wi‑Fi access points, France approves remote surveillance, and other cybersecurity news

We round up the week’s most important cybersecurity news.

Microsoft denies data breach affecting 30 million user accounts

Anonymous Sudan, in its Telegram channel, claimed a supposed successful breach of Microsoft. However the tech giant, in a comment to Bleeping Computer, denied the incident.

According to the hackers, they managed to steal credentials for 30 million user accounts, including email addresses and passwords. The dump is being offered for sale for $50,000. As proof, they provided a sample containing the credentials of 100 individuals.

Microsoft said that they currently have no evidence of a breach or compromise of customers. They rejected the claims by Anonymous Sudan and the authenticity of the samples provided.

Hacker puts 34 million Indonesian passports up for sale

The notorious hacker Bjorka claimed the leak of passport data for 34 million Indonesian citizens and put them up for sale for $10,000. This according to Deutsche Welle.

As proof, the hacker provided information on 1 million passports, including numbers and expiry dates, full names, dates of birth and the sex of the holders.

Indonesian authorities had not yet acknowledged the authenticity of the leak. However several local researchers asserted the legitimacy of the disclosed information.

France allows remote surveillance

The French National Assembly approved a law allowing law enforcement officers, with court authorization, to remotely activate cameras, microphones and GPS on phones without the knowledge of those concerned. This, according to Le Monde.

Such remote surveillance could be used for up to six months and only in serious cases where the suspect faces up to five years in prison. The law would not cover journalists, lawyers and other “sensitive” professions.

For final approval, the document must pass Senate review.

Researcher develops tool to detect rogue Wi‑Fi access points

Trustwave security expert Tom Nivs presented the Snappy tool, which helps identify rogue Wi‑Fi access points.

Attackers often deploy rogue networks in popular public spaces, disguising them as legitimate networks to intercept data from a user’s device.

Snappy, in real time, analyzes factors such as signal strength, BSSID, supported rates, channel, hardware model and geographic location.

Across 802.11 wireless access points, these parameters vary, but for a given Wi‑Fi network they remain constant. The algorithm combines these elements and hashes them with SHA-256 to create a unique signature for each access point that could be used to generate matches and mismatches.

Snappy is available for download on Github and can be installed on any device running Linux.

Russia conducts exercises, disconnects from the international Internet

In the night from July 4 to July 5, Roskomnadzor, together with telecom operators, conducted exercises during which the Runet was disconnected from the international Internet. This, according to RBC.

Under the relevant law, such checks of the “resilience of Russia’s infrastructure to external attacks” should be conducted at least once a year.

Representatives did not provide details, but said the exercises were successful.

The head of the State Duma Committee for Information Policy, IT and Communications, Alexander Khinshtein noted, that Russia “does not intend to move to strict traffic gating.” However, according to him, the country must prepare for the possibility that it could be cut off from backbone links from external sources.

Also on ForkLog:

• BarnBridge DAO advised to cease operations due to an SEC investigation.
• Unknown hacked Aptos’ Twitter to promote a fake airdrop.
• U.S. authorities returned Bitfinex assets seized after a $314,000 hack.
• Multichain paused operations amid possible hack.
• Media: The FBI conducted a raid on Jesse Powell’s home.
• Number of attacks on crypto projects rose by 63%.
• In the quarter, the crypto industry lost more than $313 million due to malicious activity.
• In the United Kingdom, lawmakers backed a bill to confiscate digital assets.
• Two Canadian teenagers were arrested after stealing $4.2 million in cryptocurrencies.
• Media: Australian regulator conducted raids at the local Binance office.
• Developers proposed an Ethereum standard to combat thefts in DeFi projects.
• Russia requested assistance in seizing cryptocurrencies from foreign states.
• TON developers introduced a feature for exchanging encrypted messages.
• Huobi had data leaks for two years of user data.
• AzukiDAO will require the project founder to return 20,000 ETH.
• Experts described “an attack on $34 billion” as the new Poly Network exploit.
• Report: the crypto industry’s losses from hacks and scams totaled $655 million over six months.

What to read this weekend?

In a special feature, we examine cybersecurity news touched on at the St. Petersburg International Economic Forum.