Hackers stole more than $90M from Japan's Liquid crypto

Hackers stole more than $90M from Japan’s Liquid crypto Exchange

Plus: A Census Bureau hacker hacked by Apple, an Apple informant and other top security news.

Earlier this week, T-Mobile confirmed a data breach that affects at least 48 million people, a number that could still rise as the company continues its investigation. The data set contains particularly sensitive information like social security numbers, driver’s license details, and reportedly even the unique IMEI numbers associated with each smartphone. Not only that, but the vast majority of victims in the breach so far aren’t even T-Mobile customers; they’re instead former or prospective customers who at some point applied for credit with the carrier. Although a class action lawsuit has been filed, the arbitration clause in T-Mobile’s customer agreements could be an obstacle to the path towards restitution.

Also, we looked at ThroughTek Kalay’s worrisome flaws. This software development kit is used to create video internet-of–things platforms that power tens and millions. This includes baby monitors and security cameras. Researchers showed how attackers could use the flaws to watch video feeds in real time or shut them down with denial-of-service attacks. ThroughTek issued an update for 2018 with ways to prevent the attack but no instructions as to how customers should use them.

After a 2017 Google Docs trojan, Google made changes to Workspace. This suite of cloud-based productivity tools was formerly called G Suite. But a security researcher has demonstrated that it’s still very possible for a dedicated hacker to abuse the system.

Hundreds of civil rights organizations are outraged at Apple’s proposed controversial system, which would use iPhones in part to find child abuse materials. China has long been a propaganda powerhouse and has lately turned its attention to the BBC, attacking various lines of reporting that run counter to the country’s interests. And we made a quick guide for how to send disappearing messages in the most popular chat apps.

There’s even more! Every week, we bring you all of the latest security news that WIRED hasn’t covered in detail. To read all the stories click on the headlines. Stay safe.

This month has been an exciting one for crypto theft. Last week it was Poly Network, which saw a hacker abscond with over $610 million in various digital coins before ultimately returning most of it. It’s now Liquid’s turn. According to Japanese cryptocurrency exchange, its “warm” wallets (those that are connected to the internet) were compromised by hackers who stole approximately $97 million in bitcoin, ethereum and other coins. Although Liquid claimed that it had moved assets to cold wallets in response, the damage was already done.

Elliot Carter operates a site called WashingtonTunnels.com, which really delivers on its name. The DC Underground Atlas provides a comprehensive look into the subterranean passageways of Washington, DC. You might expect that this attracts a steady stream rather than large traffic spikes. That is, until a few days before rioters stormed the US Capitol building. Carter said that he noticed a spike in traffic from all over the country around that time. Many of these visitors were coming from anonymous message boards and sites named after militias or firearms. Suspicious! Carter reported the activity to the FBI, and a few days later this happened.

Unfortunately, hackers compromised US Census Bureau’s January 2020 data in a way that was both preventable and embarrassing. Good news is, at the very least, that hackers did not get any actual census results. Citrix, a software company that had published a proof-of-concept for the flaw on GitHub a few weeks before they were discovered by hackers, allowed them to gain access to server systems. The Office of the Inspector general provided a timeline. Although the Census Bureau firewall stopped the attackers communicating with their command-and-control server within a few days, it took the agency several weeks to fully mitigate the intrusion.

Apple takes a notoriously hard line against leaks, deploying a team of investigators to minimize the spilling of corporate secrets and minimizing the fallout. According to Motherboard, they have also recruited at least one person from the Apple community who trades in illegal Apple hardware and documents. According to the informant, he approached Apple rather than vice versa, and ended up severing their friendship. This article is worth reading to gain insight into Apple’s anti leak squad as well as the people that they attempt to track down.

More Great WIRED Stories

Publited Sat, 21 August 2021 at 13:13.12 +0000

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.