Security
Headlines
HeadlinesLatestCVEs

Headline

Binance Hackers Minted $569M in Crypto—Then It Got Complicated

Plus: The US warns of a mysterious military contractor breach, a “poisoned” version of the Tor Browser is tracking Chinese users, and more.

Wired
#ios#android#mac#microsoft#git#backdoor

As A Swatting spree spreads across the US, in which false reports of active shooters send police charging into schools, WIRED investigated more than 90 of the incidents and found potential connections between many of them. “In speaking to a number of people who experienced it, I can tell you that the anxiety and fear—it was real to them for 15 minutes,” Amanda Klinger, director of programs and cofounder of the Educator’s School Safety Network, told WIRED. “There’s a period of time in these incidents where people are literally running for their lives, law enforcement is responding with their weapons, and people think it’s the real thing.”

Even after extensive sanctions meant to isolate Russia from the global economy amidst its ongoing war with Ukraine, investigators around the world are working to curb the ongoing influx of capital to Russian military and paramilitary groups. Former Uber executive Joe Sullivan was convicted this week of obstructing a Federal Trade Commission investigation and failure to report a felony, a development that is being watched closely by the tech industry because it is likely the first time a corporate executive has faced criminal charges related to a data breach. The Biden administration’s new executive order addressing privacy seems like more of a Band-Aid than a panacea, as it attempts to reassure Europeans that their data is safe when stored in the US, despite government surveillance.

Meanwhile, Meta released findings on more than 400 malicious Android and iOS apps that it says were harvesting Facebook credentials to take over users’ accounts. And we took a look at the toll of living your life online, the potential erosion of privacy that comes with consistent social media posting, and the ways it can impact your sense of self.

Plus, there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

Another day, another massive hack in the cryptocurrency industry. But this one is strange.

Binance revealed Friday that unidentified hackers managed to exploit a flaw in the company’s BNB Chain crypto token, allowing them to mint 2 million of the company’s decentralized tokens worth a total of $569 million. That money wasn’t actually stolen from Binance, in other words, but rather fabricated out of thin air thanks to a flaw in the security of Binance’s cryptocurrency. But the hack nonetheless seemed poised to flood the market with BNB and thus reduce its value for legitimate owners, while allowing the hackers to walk away with half a billion dollars.

Unfortunately for those hackers, even they didn’t seem prepared for their sudden windfall. Cryptocurrency-tracing firm Elliptic found that they quickly traded away some fraction of their tokens for a variety of other cryptocurrencies. That allowed them to obtain about $53 million in Ethereum-based tokens. But other cryptocurrencies that they traded their BNB for, like Tether and USDC, are more centrally controlled, allowing the funds to be frozen. Binance, meanwhile, managed to temporarily shut down its BNB blockchain to prevent the hackers’ newly mined currency from moving further. “So we have a very sophisticated exploit, managing to mint yourself $569 million,” says Elliptic research lead Thibaud Madelin. “But what followed was a complete shambles, to be honest.”

In the end, Elliptic believes the hackers kept hold of less than 10 percent of their loot—not bad for a day’s work but little more than a blip in the wild world of digital money.

A joint advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, and the NSA warned that the network of an unnamed military agency or contractor had been breached by a so-called “advanced persistent threat” hacker group, an industry code phrase for state-sponsored hackers. According to the alert, the spies maintained their access inside the network for around 10 months, penetrating a Microsoft Exchange server where they installed a commonly used backdoor known as China Chopper. The hackers also used a tool called Impacket to move from machine to machine and another tool called CovalentStealer to siphon data from their targets. As is often the case with government alerts, the advisory didn’t attribute the breach to any particular country’s government, nor even a known hacker group. The eagle-eyed (or vulture-eyed) Register spotted that the advisory initially included a box at the top suggesting organizations “protect against Russian-state sponsored malicious cyber activity,” which was later deleted. But others, like cybersecurity firm AttackIQ, point to Chinese calling cards in the intrusion.

Since early this year, hackers have been distributing a tainted version of the Tor Browser that collects personal data about Chinese users including form data they submit, browsing history, location data, and computer name, according to security firm Kaspersky. The Tor Browser is meant to be an anonymity-focused tool that is often used in countries like China where users are seeking to circumvent government-imposed internet restrictions, tracking, and censorship. Kaspersky found that the attackers advertised the malicious app by including a link to download it in a video posted to a popular Chinese-language YouTube channel. The video has more than 64,000 views. The installer for the malicious browser includes a compromised version of Tor that siphons victim data and sends it to attackers.

Isabela Fernandes, executive director of the nonprofit Tor Project, told CyberScoop that there is now a patch available. “Basically this ‘poisoned’ Tor Browser modifies the update URL so it cannot be updated normally. What we did was to add a redirect so we are responding to the modified URL, this way people will update. Now their URL is a working update URL.”

As part of its push to crack down on robocalling, the US Federal Communications Commission said this week that it is taking seven voice over IP services off of its trusted carriers list unless they add legally required robocall protections. The move would essentially block the services from being able to complete calls in the US. “Fines alone aren’t enough,” the FCC wrote in its announcement. “Providers that don’t follow our rules and make it easy to scam consumers will now face swift consequences.”

Wired: Latest News

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity