We have compiled the week1s most important cybersecurity news.
- Access to Binance s law-enforcement portal put up for sale.
- The GTA VI hacker from Lapsus$ was sentenced to lifelong hospitalization.
- A number of AI models trained on materials depicting violence against children.
- The FBI reported seizures of BlackCat ransomware servers.
Access to Binance’s law-enforcement portal put up for sale
The hacker going by Miembro is selling access to the Binance law-enforcement portal, through which authorities can obtain information about transactions and customer profiles of the cryptocurrency exchange.
The lot price is $10 000 in Bitcoin or Monero. The seller has already encountered a temporary problem with the crypto mixer address to which he receives the funds.
Although the amount of data provided remains unclear, emails, phone numbers, wallet identifiers and users’ transactions are potentially at risk of exposure.
Security researchers from Hudson Rock noted that the Binance panel is hosted on Kodex Global platform.
They hypothesized that the hacker gained access to the latter by compromising at least three computers belonging to staff at the Taiwanese Bureau of Investigation, the Ugandan Police, and the Philippine National Police’s Cybercrime Group.
Hacker Sells Access to Binance’s Law Enforcement Portal, Cryptocurrency Holders at Risk.
Details inside: https://t.co/f4avLWOVvK pic.twitter.com/urIJB5hXBH
— Hudson Rock (@RockHudsonRock) December 19, 2023
Binance has not commented on the leak yet.
The GTA VI hacker from Lapsus$ sentenced to lifelong hospitalization
Judges sentenced 18-year-old Arion Kurtaj of Oxford, who orchestrated cyberattacks on Uber, Nvidia and Rockstar Games, to lifelong hospitalization. The teenager has been diagnosed with atypical autism, reports BBC.
In September 2022, after the Nvidia breach and the BT/EE breach, he was under police guard in a Travelodge hotel. Despite confiscation of his laptop, the offender managed to hack Rockstar Games’ servers using an Amazon Fire Stick, a television and a mobile phone. He stole the source code and videos from the in-development Grand Theft Auto VI. He was arrested again that same month.
While in custody, Kurtaj repeatedly used violence, inflicted bodily harm and property damage. A mental health assessment during the trial found that if released, he intends to continue cybercriminal activity.
The sentence states that the teenager will spend his life in a specialised hospital, unless doctors deem that he no longer poses a danger.
His 17-year-old co-defendant, also involved in the Nvidia and BT/EE breaches, received a year and a half of rehabilitation for minors, including strict supervision and a ban on VPN use.
The search for the remaining members of Lapsus$ continues.
Several AI models trained on materials depicting violence against children
One of the most popular AI tools for text-to-image transformation, Stable Diffusion, was trained on a large amount of illegal material depicting violence against children. This is stated in a Stanford Internet Observatory study.
Researchers found that the LAION-5B training data set used by this program contains more than 3,000 suspicious images. The actual volumes could be much higher.
Researchers noted the danger of indiscriminate data collection from the internet for the purpose of training generative AI.
LAION’s leadership was aware of the possible inclusion of such content in its data sets as early as 2021, as evidenced by their chats on the official Discord server.
FBI reports seizure of BlackCat ransomware servers
After a sudden offline outage of the BlackCat (ALPHV) ransomware servers, the FBI reports, linked to Justice Department.
Authorities monitored the group for months via their own confidential source. In addition to login credentials for the partner backend panel, he obtained keys to decrypt the files.
The tool has helped almost 500 victims recover their files for free. Overall, the hackers demanded $68 million from victims.
The ALPHV (BlackCat) group has operated since 2021, having rebranded from the notorious ransomware groups DarkSide and BlackMatter. It has affected over 1,000 companies worldwide. The total losses from the hackers7 activities amount to around $300 million.
Founders of crypto projects were victims of SIM-swapping
Founders of Rug Radio and Manifold Trading were attacked through SIM-swapping.
On December 21, Rug Radio founder Faroh reported the incident, noting that his phone number was not linked to X.
??? GOT SIM SWAPPED.
Phone number is NOT associated to Twitter BUT PLEASE BE CAREFUL.
MY PHONE NUMBER IS COMPROMISED, TRUST NOTHING COMING FROM ME. ???
— Farokh (@farokh) December 21, 2023
On December 22, hackers seized the X account of Manifold Trading and its co-founder Chen Chang. On the hacked page, attackers posted phishing links to sites to steal crypto. Chang said that all sensitive fund-related information remains safe.
In the crypto community, founders were advised to drop SIM cards from mobile operators Verizon and AT&T due to the ease of number porting.
Everyone is getting sim swapped. Its easily preventable by NOT using Verizon, AT&T or any other normal carrier
There are literally ANTI SIM SWAP services set up that you can get service from. You can literally have Verizon service, while going through a middle man that protects…
— borovik.eth (@3orovik) December 21, 2023
Around 70% of Iran’s gas stations offline due to cyberattack
On December 18, around 70% of Iranian gas stations halted operations due to “software problems,” local media report, local media.
Only 1,650 of nearly 33,000 stations across the country were able to serve customers.
The attack was claimed by the Israeli-linked hacking group Gonjeshke Darande, also known as Predatory Sparrow. They described it as a response to “Iran’s aggression and its allies in the region.”
(1/2) As in our previous operations, this cyberattack was conducted in a controlled manner while taking measures to limit potential damage to emergency services. pic.twitter.com/vkgpGat85J
— Gonjeshke Darande (@darandegonjeshk) December 18, 2023
The hackers also added that the attack was “controlled” — allegedly Iran’s emergency services learned of it in advance.
Ukrainian hackers paralyse cloud service for Russian state corporations
On December 20, Ukrainian IT Army caused a disruption to the Russian cloud service Bitrix24, used by many state-run corporations.
According to the hackers, around 40% of the company2s users in the CIS region experienced issues accessing the CRM system and other services.
«This means that sponsors of the war like Rosneft have enormous problems in handling customers. It amounts to tens or even hundreds of millions of dollars in losses for the enemy’s economy, but it depends on how long we keep them like this»,
As of writing, problems on the Bitrix24 side persist.
Also on ForkLog:
- Crypto holders lost $58 million due to phishing airdrops.
- German police shut down the darknet marketplace Kingdom Market.
- Ethereum MEV project began censoring sanctioned transactions.
- Tether confirmed cooperation with law enforcement. Some alleged Ethereum wallets of the Finiko pyramid have already been blocked.
- A US court approved the confiscation of 69 370 BTC from the Silk Road darknet market.
- Ledger disclosed losses to users from the recent breach.
- In Russia, they created the neural network “Comrade Major” for doxxing authors of Telegram channels.
- A US court returned charges against the founder of five crypto scam projects.
- OKX developers patched a vulnerability in the iOS app.
- The Zilliqa network fixed a glitch.
- Kazakhstan and the UAE will jointly curb illicit use of cryptocurrencies.
- The founder of Bitzlato appealed for release from custody.
- NFT Trader lost around $3 million due to a hack.
What to read this weekend?
We explain why trading platforms impose bans on crypto-mixers and how to avoid blocks.