If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.
Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.
A graduate student at the University of Minnesota has been charged under the Espionage Act for photographing a shipyard in Virginia where the US Navy assembles nuclear submarines and other vessels whose components are classified. What makes the case novel, however, is that he allegedly took the photos with a drone, making his prosecution likely the first of its kind in the US.
It was a big week for cops taking down botnets (as you’ll read more about below). This week, the US announced that it had disrupted what may be the “largest botnet ever,” according to FBI director Christopher Wray. The botnet, called 911 S5, included some 19 million hijacked IP addresses around the world, which authorities say were used to carry out billions of dollars in Covid-19 relief fraud, make bomb threats, traffic in child sexual abuse material, and more.
But that’s not all. Each week, we round up the security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
More than a half-million internet routers were disabled last year in a malware attack carried out by an unknown threat actor targeting a US internet service provider. Launched in late October, the attack—one of the largest ever against the sector—reportedly disrupted internet across several Midwestern states. The attack was first disclosed this week by the security firm Black Lotus Labs, which did not identify the specific company affected. However, Ars Technica reports that the incident appears to have impacted a ISP called Windstream, which provides internet service to 18 states in the US Midwest and South.
Black Lotus Labs researchers say the attacker used off-the-shelf Chalubo malware to gain access to the routers, and that their firmware was eventually overwritten, effectively bricking the devices. The disruption resulted in a flood of complaints on a forum about the damaged routers. “The routers now just sit there with a steady red light on the front,” a user wrote on the DSLReports forum. “They won’t even respond to a RESET.”
The Biden administration allegedly fabricated the conclusion of a report released in early May which found the United States did not have “complete information to verify” whether US-made weapons had been used by Israel in contravention of international humanitarian law, according to a whistleblower, Stacy Gilbert, a senior civil-military expert who resigned in protest this week from the US State Department. Gilbert says the State Department experts who compiled the report clearly implicated Israel in limiting the amount of food and medical supplies able to reach Gaza; however, the report was reportedly taken out of the experts’ hands and then “edited at a higher level.”
The report consisted of a mandatory national security assessment that, had Israel been found in violation of humanitarian law, would have obligated the US to discontinue its arms sales. At the time of the report’s publishing, critics of the administration’s Gaza policy accused the White House of willfully ignoring the conduct of Israeli forces attempting to disrupt food deliveries to the famine-stricken Palestinian territory. Gilbert is the second US official to publicly resign this week in protest over the US’s involvement in the attacks.
An international coalition of law enforcement agencies, cybersecurity firms, and other organizations announced this week the disruption of large swathes of the global botnet ecosystem. Branded “Operation Endgame,” the effort targeted malware “droppers,” or malicious software that’s used to infiltrate a machine so it can be used to infect a machine with additional malware more easily. The droppers Operation Endgame targeted include IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, according to Europol, which says authorities seized more than 100 servers and 2,000 websites allegedly linked to cybercriminal activity. Law enforcement also arrested four “high-value” individuals; Germany added eight others to its most-wanted list. One of the “main suspects,” according to Europol, amassed a cryptocurrency fortune worth 69 million euros ($74 million) by renting out infrastructure for ransomware attacks. And the action isn’t over: The Operation Endgame website indicates a new announcement coming in the next several days.
Meta says it has shut down an AI-driven network comprising hundreds of fake Facebook and Instagram accounts linked to an Israeli business intelligence firm. The company, Stoic, is accused of accepting contracts to propagate inauthentic pro-Israel content across the platforms for the purpose of manipulating North American users’ political views. Meta claimed Stoic’s influence operation was still in its “audience building” phase, “before they were able to gain engagement among authentic communities.”
