Team of 'White Hat' Hackers Sought to Slow Down Solana Attack

Anonymous claims Chinese website defacement, 72 sites and accounts discovered to be PRC propaganda effort, UK parliament shuts down TikTok account, Thoma Bravo to take Ping private, much more

Aug 4

person using black and gray laptop computer — Photo by Kanchanara on Unsplash

The official Solana Status Twitter account said that an investigation into the exploit that resulted in a loss of $4.5 million in SOL currency was due to private key information inadvertently transmitted to an application monitoring service and not a compromise of the Solana protocol or cryptography.

The account said that the exploit was isolated to one wallet on Solana, and the hardware wallets used by Slope remain secure. Some Phantom wallets were also drained of their SOL and tokens in the attack. However, it appears that those wallets’ holders had previously interacted with a Slope wallet.

Slope released its own statement just before the Solana Status thread. It acknowledges that Slope wallets were included in the hack but did not explicitly detail what happened, nor has the firm taken responsibility for the attacks.

During the hack, a team of five to ten“white hat” vigilante hackers used the developer’s script to spam what Solana co-founder Anatoly Yakovenko has described as “malformed” transactions to the hackers’ accounts, with some evidence that the vigilantes slowed down the hacker. (Andrew Hayward / Decrypt and Andrew Hayward / Decrypt)

Solana Status @SolanaStatus

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2

Slope @slope_finance

Slope statement regarding the breach situation:

Slope - Official StatementDear Slope Community, Here is what we know at this juncture regarding the breaches to our user base: A cohort of Slope wallets were compromised in the breach We have some hypotheses as to the nature of the breach, but nothing is yet firm We feel the community’s pain, and we were not immune....docs.google.com

Coin Bureau (guy.eth) @coinbureau

So the $SOL wallet hack had nothing to do with the network, but compromised private keys created, imported, or used in the Slope mobile wallet It also impacted Phantom users who had imported wallets from Slope. Credit to the Solana devs for their work in finding the root cause.

Zach Herbert 🇺🇸 @zachherbert

It looks like the Solana hack is caused by Slope wallet sending the user's seed in plaintext to the company's server. This is why open source is so important. Code needs to be auditable, users need the freedom to build the app from source code.

foobar @0xfoobar

MITM logs from @MoonRankNFT show the mnemonic being passed to Slope servers over POST requests. Wallet name purely coincidental https://t.co/qL9C49ipvV

Hackers claiming to be affiliated with the collective Anonymous defaced a Chinese government website, the site of China's Heilongjiang Society Scientific Community Federations, in retaliation for alleged cyberattacks on several Taiwanese government websites.

The hackers defaced the website replacing its content with a message supporting House Speaker Nancy Pelosi’s visit to the country. “This hack is a retaliation of the DDoS attacks on the presidential website,” the defacement said. Although the attacks on the Taiwanese sites were originally attributed to China, researchers at the SANS Institute said, “These are uncoordinated, random, moral-less attacks against websites that Chinese hacktivists use to get their message across.” (Lorenzo Franceschi-Bicchierai / Motherboard)

Researchers at Mandiant say they discovered that 72 news sites and several social media accounts that claim to be independent have links to a Chinese public relations firm are part of a propaganda effort intended to “disseminate content strategically aligned with the political interests of the People’s Republic of China.”

Some sites have allegedly published fabricated content, including a fake letter from a U.S. senator, and are focused on political enemies of the Chinese government, the Xinjiang region, and criticism of the U.S.

In one instance, a Twitter account linked to the campaign posted a fabricated letter purporting to come from the office of US Senator Marco Rubio, the Republican from Florida. It was addressed to Adrian Zenz, a prominent critic of the Chinese government’s systematic imprisonment of Uyghurs in Xinjiang. The letter falsely claimed that Zenz received financial support from Rubio and right-wing political operative Steve Bannon. (William Turton / Bloomberg)

The UK parliament closed its TikTok account just one week after it was launched after a group of MPs and peers placed under sanctions by China raised concerns that the regime in Beijing used the social media app as spyware.

Senior parliamentarians, including former Conservative party leader Sir Iain Duncan Smith and Tom Tugendhat, chair of the Foreign Affairs select committee, wrote to the speakers of the House of Commons and Lords late last month, just after the account went live, warning them of “considerable” data security risks because of TikTok’s Chinese-owner ByteDance. The parliamentarians were part of a cohort of politicians, academics, and lawyers hit with sanctions by China last year for their criticism of internment camps in Xinjiang. (Jasmine Cameron-Chileshe and Cristina Criddle / Financial Times)

Albert Pedersen, currently a student at Skive College in Midtjylland, Denmark, discovered that Cloudflare’s email routing service had a bug allowing users to read or manipulate other users’ emails.

The vulnerability, which Cloudflare has confirmed but was never exploited, involved a flaw in the program’s zone ownership verification system, making it possible for a hacker to reconfigure email routing and forwarding for email domains that they didn’t own. Cloudflare’s bug bounty program awarded him $6,000 for his efforts. (Lucas Ropek / Gizmodo)

Related: The Register, Albert Pederson, HackerOne

The Ukrainian cyber police (SSU) shut down a massive bot farm of 1,000,000 bots in Kyiv, Kharkiv, and Vinnytsia that spread disinformation on social networks to discredit information from the official Ukrainian state sources, destabilize the social and political situation in the country and create internal strife.

Given the messages' nature, the disinformation machine operators are believed to be members of the Russian special services. SSU's investigation led to the criminal group's leader, a Russian "political expert" who in the past lived in Kyiv. The operators used 200 proxy servers that spoofed the actual IP addresses and evaded detection of fraudulent activity and blocking by the social media platforms. SSU says the bot farm developed and deployed custom software to remotely manage the pseudonymous social media accounts, coordinating them to push the required propaganda messages. (Bill Toulas / Bleeping Computer)

Related: SSU.gov.ua

Researchers from the Computer Security and Industrial Cryptography group at KU Leuven discovered a new and powerful attack that used a single traditional computer to completely break a post-quantum computing encryption algorithm put forward by the National Institute of Standards and Technology (NIST).

The new attack breaks SIKE, short for Supersingular Isogeny Key Encapsulation. The researchers developed a technique that uses complex mathematics and a single traditional PC to recover the encryption keys protecting the SIKE-protected transactions. The entire process requires only about an hour. The feat makes the researchers, Wouter Castryck and Thomas Decru, eligible for a $50,000 reward from NIST. SIKE is the second NIST-designated post-quantum cryptograph candidate to be invalidated this year. (Dan Goodin / Ars Technica)

Related: Reddit - cybersecurity, KU Leuven

A report from the Center for Democracy and Technology finds that 89% of teachers have said that their schools will continue using student-monitoring software, up five percentage points from last year, highlighting concerns that the products may also be used to criminalize students who seek reproductive health resources on school-issued devices.

The report reveals that forty-four percent of teachers reported that at least one student at their school had been contacted by law enforcement due to behaviors flagged by the monitoring software. And thirty-seven percent of teachers who say their school uses activity monitoring outside of regular hours report that such alerts are directed to “a third party focused on public safety,” such as local police department and immigration enforcement. (Pia Ceres / Wired)

Evan Greer @evan_greer

Huge yikes in this story about school surveillance: schools sent teens home with chrome books pre-loaded with Gaggle spyware. Teens plugged their phones into their laptops to charge them. Gaggle sent administrators alerts when teens texted each other nudes

Kids Are Back in Classrooms and Laptops Are Still Spying on ThemAs the post-Roe era underscores the risks of digital surveillance, a new survey shows that teens face increased monitoring from teachers—and police.wired.com

Jolynn Dellinger @MindingPrivacy

The pervasive, privacy invasive surveillance of students will have far reaching consequences for these kids’ autonomous decision making, identity, intellectual freedom and security. Kids Are Back in Classrooms and Laptops Are Still Spying on Them

Smart App Control (SAC), a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several file types threat actors have recently adopted to infect targets with malware in phishing attacks.

"Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros," David Weston, Microsoft's VP for Enterprise and OS Security, said on Twitter. When blocking a dangerous file using SAC, the system will open a foreground dialog with the following message: "Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous." (Sergiu Gatlan / Bleeping Computer)

Related: Neowin, gHacks, Wired

David Weston (DWIZZZLE) @dwizzzleMSFT

Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros.

Selena @selenalarson

Threat actors are already adapting to life in a post-macro world. With @dansomware, I took a look at campaigned threats in our data to see what actors are using now. Spoiler: ISO, LNK, RAR are the new hotness https://t.co/Yfh5L1p8Te

A hacktivist collective that calls itself Guacamaya posted more than two terabytes of hacked emails and files from a host of mining companies in Central and South America in a move to apparently expose environmental damage in the region.

The group posted the files from five public and private mining companies and two public agencies responsible for environmental oversight, one in Colombia and the other in Guatemala. The files were posted to Enlace Hacktivista, a site for documenting hacker history and sharing educational resources that provides space “for hackers to publish their hacks, leaks, and communiques.”

The files come from ENAMI, an Ecuadorian state mining company; the Agencia Nacional de Hidrocarburos (ANH) in Colombia; New Granada Energy Corporation in Colombia; Quiborax, a mining company in Chile; Oryx, an oil company in Venezuela; Tejucana, a Brazilian mining company; and Guatemala’s Ministerio De Ambiente y Recursos Naturales. Transparency advocate website DDoSecrets posted the files. (AJ Vicens / Cyberscoop)

Related: Distributed Email of Secrets

Corin Faife @corintxt

👀 New #DDoSecrets leak - released early hours of this morning - claims to publish 2TB of emails from LatAm mining and fossil fuel companies ddosecrets.substack.com/p/extractivist…

The nominee to be the first U.S. ambassador at large for cyberspace and digital policy, Nate Fick, said during his Senate Foreign Relations Committee confirmation hearing one of his top priorities would be to “assert the State Department’s rightful place in the interagency process on topics of cybersecurity and digital policy.”

His comments follow recent negotiations between State and the Defense Department over cyber authorities in which both sides have been maneuvering for more control over cyber operations. The State Department should also play a more significant role in pursuing and managing partnerships with other countries to “finance the deployment of secure infrastructure,” Fick said in an apparent reference to Chinese companies such as Huawei. (Suzanne Smalley / Cyberscoop)

Kim Wyman, the senior election security advisor for the Cybersecurity and Infrastructure Security Agency (CISA), said during a Senate Judiciary Committee hearing that the level of digital targeting and physical threats directed toward election workers has reached the highest point in her 30-year career.

Wyman said CISA has a list of five things they are working on to help protect election workers, explaining that the agency will continue to share “actionable information” with election officials about threats and risks to election infrastructure alongside intelligence agencies and law enforcement. (Jonathan Greig / The Record)

Related: StateScoop

Private equity firm Thoma Bravo announced it is buying enterprise identity management company Ping for $2.8 billion and will take it private.

Thoma Bravo will be paying $28.50 per share in an all-cash transaction, which is 63% over Ping Identity’s closing share price on August 2, 2022. (Ingrid Lunden / TechCrunch)

Metacurity