Spam Targeting Toncoin Holders, Signal Concerns, and Other Cybersecurity Events

We have compiled the most significant cybersecurity news of the week.

Media Report Spam-NFT Attacks on TON Holders

For two weeks, attackers have been sending mass spam-NFTs to Toncoin (TON) holders. This was reported by the Telegram channel “Durov’s Code”.

Some fraudulent tokens are sent under the guise of airdrops as part of Open League competitions. They contain links to phishing sites or QR codes. Authorizing and conducting transactions through them results in the loss of all funds in the wallet.

Other NFTs appear as duplicates of anonymous numbers. Attempting to send them to any address results in an additional deduction of 1 TON to the attacker’s account, besides the commission. The NFT then returns to the wallet.

“Durov’s Code” suggested sending scam-NFTs to a zero address or to spam.ton. To avoid losing funds on commissions, unnecessary tokens can be hidden using the functionality in the Tonkeeper wallet or marketplaces like Getgems.

Tool Emerges to Determine Telegram Users’ Location Worldwide

Researcher Ivan Glinkin created the tool Close-Circuit Telegram Vision (CCTV), which shows the approximate physical location of Telegram users worldwide if they have the “People Nearby” feature enabled. This was reported by 404 Media.

CCTV uses the Telegram API associated with the Find People Nearby feature, taking custom latitude and longitude as input data. 

According to a Telegram press service comment, the coordinates displayed by the CCTV tool are not the user’s real location, as “data on the server is approximated to 800 meters.” They also reminded that the “People Nearby” feature is disabled by default in the messenger.

Dell Announces Data Breach Potentially Affecting 49 Million Customers

Computer manufacturer Dell sent notifications to customers about a data breach resulting from a hack of the purchase information portal. This was reported by Bleeping Computer.

Compromised information includes:

• name;
• physical address;
• information about Dell equipment and order details, including service tag, product description, order date, and relevant warranty information.

The company emphasized that the attacker did not gain access to financial or payment data, email addresses, or phone numbers. Dell is cooperating with law enforcement and third-party experts to investigate the incident. The number of affected users is not disclosed.

Initial information about the alleged breach appeared on BreachForums in late April. According to the seller known as Menelik, the hacked purchase database from 2017 to 2024 contained information on 49 million customers.

In a comment to Bleeping Computer, the hacker stated that they accessed the Dell portal for partners, resellers, and retailers by registering several accounts under fictitious company names.

At the time of writing, the forum post has been deleted, which may indicate that the database was acquired by other attackers. 

Dorsey, Musk, Buterin, and Durov Discuss Alleged Signal-US Government Ties

City Journal accused the Signal messenger of ties with the US State Department. According to the media, the technology underlying the application was partially funded by a $3 million grant from the government-sponsored Open Technology Fund. 

The current chair of the Signal Foundation board, Katherine Maher, previously oversaw digital initiatives related to the Arab Spring, fought misinformation on Wikipedia, and advocated for online censorship and bans. 

Signal Foundation President Meredith Whittaker previously held a senior position at Google and organized internal leftist campaigns that led to a 2018 strike and subsequent policy changes on sexual harassment and hiring a diversity director.

The article was commented on by several notable figures, including entrepreneurs Jack Dorsey, Elon Musk, and Ethereum co-founder Vitalik Buterin. All expressed concern and unease.

Things like this are worrying.

Freedom of speech is a sacred principle, not a cudgel to be selectively used against enemies.

Freedom of speech is for reds. It’s for blues. It’s for Canadians. It’s for Palestinians. It’s for the rich and the poor. For the old and the young.

The… pic.twitter.com/GD4L6UVURj

— vitalik.eth (@VitalikButerin) May 8, 2024

Telegram founder Pavel Durov stated that all major US messengers use a unified encryption protocol, are not protected from government interference, and often leak private correspondence to American courts or media.

In response, Meredith Whittaker pointed to vulnerabilities in Telegram itself and mentioned Durov’s “behind-the-scenes” cooperation with authorities.

Telegram is notoriously insecure and routinely cooperates with govs behind the scenes while talking a big game about speech and privacy. Even their limited opt-in (roll their own) encryption is sus. The more you know ?

— Meredith Whittaker (@mer__edith) May 9, 2024

EU to Establish Unified Body for Telegram Oversight

The Belgian Institute for Postal Services and Telecommunications (BIPT) will become the supervisory body responsible for Telegram’s operations in the EU. This was reported by the newspaper De Standaart. 

BIPT will moderate illegal content in the messenger under the Digital Services Act, which came into force in February. 

The agency will handle complaints from European users about detected illegal content if the Telegram administration does not respond to a similar request.

Fraudulent Online Store Network Stole Credit Card Data from 850,000 People

A large network of 75,000 fake online stores called BogusBazaar has been stealing credit card data from users since 2021. This was reported by Security Research Labs.

The scheme was run by cybercriminals from China. The obtained bank card information was subsequently resold by them on the dark web, allowing other attackers to make unauthorized online purchases.

The number of victims exceeded 850,000 people. The majority of victims are concentrated in the US and Western Europe.

Over three years, BogusBazaar allegedly processed fake purchases totaling about $50 million.

Also on ForkLog:

• The Zilliqa team restored blockchain operations after disruptions.
• A hacker returned 51 ETH to a user from the stolen $68 million.
• An Odessa resident lost $32,000 due to a fake deal on Binance.
• Ripple joined the DeRec Alliance asset recovery initiative.
• Binance helped arrest a suspect in ZKasino fraud.
• Creators of a fake Blockchain.com site received prison sentences.
• The identity of the LockBit ransomware program administrator was established.
• The Poloniex hacker moved funds for the first time.
• The CEO of zkSNACKs explained the reasons for closing CoinJoin.
• Cred executives were charged with $783 million fraud.
• Paolo Ardoino denied a user data leak from Bitfinex.
• Vinnik pleaded guilty to conspiracy to launder money through BTC-e.

Weekend Reading Suggestions

We explore the European AI regulation and why it has been criticized in terms of technological development and human rights compliance.