Metacurity

Share this post
Team of 'White Hat' Hackers Sought to Slow Down Solana Attack
metacurity.substack.com

Team of 'White Hat' Hackers Sought to Slow Down Solana Attack

Anonymous claims Chinese website defacement, 72 sites and accounts discovered to be PRC propaganda effort, UK parliament shuts down TikTok account, Thoma Bravo to take Ping private, much more

Cynthia Brumfield
Aug 4
1
Share this post
Team of 'White Hat' Hackers Sought to Slow Down Solana Attack
metacurity.substack.com

person using black and gray laptop computer
Photo by Kanchanara on Unsplash

The official Solana Status Twitter account said that an investigation into the exploit that resulted in a loss of $4.5 million in SOL currency was due to private key information inadvertently transmitted to an application monitoring service and not a compromise of the Solana protocol or cryptography.

The account said that the exploit was isolated to one wallet on Solana, and the hardware wallets used by Slope remain secure. Some Phantom wallets were also drained of their SOL and tokens in the attack. However, it appears that those wallets’ holders had previously interacted with a Slope wallet.

Slope released its own statement just before the Solana Status thread. It acknowledges that Slope wallets were included in the hack but did not explicitly detail what happened, nor has the firm taken responsibility for the attacks.

During the hack, a team of five to ten“white hat” vigilante hackers used the developer’s script to spam what Solana co-founder Anatoly Yakovenko has described as “malformed” transactions to the hackers’ accounts, with some evidence that the vigilantes slowed down the hacker. (Andrew Hayward / Decrypt and Andrew Hayward / Decrypt)

Related: Crypto Briefing, Cointelegraph.com, CryptoSlate, The Daily Hodl, The Register - Security, Input, Marketwatch, The New Stack, Barron's, The Block, Blockworks, CryptoPotato, NDTV Gadgets360.com, Bloomberg, Wall Street Journal

Twitter avatar for @SolanaStatusSolana Status @SolanaStatus
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2

August 3rd 2022

1,356 Retweets3,248 Likes
Twitter avatar for @slope_financeSlope @slope_finance
Slope statement regarding the breach situation:
Slope - Official StatementDear Slope Community, Here is what we know at this juncture regarding the breaches to our user base: A cohort of Slope wallets were compromised in the breach We have some hypotheses as to the nature of the breach, but nothing is yet firm We feel the community’s pain, and we were not immune....docs.google.com

August 3rd 2022

209 Retweets423 Likes
Twitter avatar for @coinbureauCoin Bureau (guy.eth) @coinbureau
So the $SOL wallet hack had nothing to do with the network, but compromised private keys created, imported, or used in the Slope mobile wallet It also impacted Phantom users who had imported wallets from Slope. Credit to the Solana devs for their work in finding the root cause.

August 4th 2022

125 Retweets719 Likes
Twitter avatar for @zachherbertZach Herbert 🇺🇸 @zachherbert
It looks like the Solana hack is caused by Slope wallet sending the user's seed in plaintext to the company's server. This is why open source is so important. Code needs to be auditable, users need the freedom to build the app from source code.

foobar @0xfoobar

MITM logs from @MoonRankNFT show the mnemonic being passed to Slope servers over POST requests. Wallet name purely coincidental https://t.co/qL9C49ipvV

August 3rd 2022

5 Retweets28 Likes

Hackers claiming to be affiliated with the collective Anonymous defaced a Chinese government website, the site of China's Heilongjiang Society Scientific Community Federations, in retaliation for alleged cyberattacks on several Taiwanese government websites.

The hackers defaced the website replacing its content with a message supporting House Speaker Nancy Pelosi’s visit to the country.  “This hack is a retaliation of the DDoS attacks on the presidential website,” the defacement said. Although the attacks on the Taiwanese sites were originally attributed to China, researchers at the SANS Institute said, “These are uncoordinated, random, moral-less attacks against websites that Chinese hacktivists use to get their message across.” (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: Al Arabiya, Japan Today, Hong Kong Free Press HKFP, Insider Paper, Financial Times, Cyberscoop, Digital Journal, ABC.net.au, Reuters

Researchers at Mandiant say they discovered that 72 news sites and several social media accounts that claim to be independent have links to a Chinese public relations firm are part of a propaganda effort intended to “disseminate content strategically aligned with the political interests of the People’s Republic of China.”

Some sites have allegedly published fabricated content, including a fake letter from a U.S. senator, and are focused on political enemies of the Chinese government, the Xinjiang region, and criticism of the U.S.

In one instance, a Twitter account linked to the campaign posted a fabricated letter purporting to come from the office of US Senator Marco Rubio, the Republican from Florida. It was addressed to Adrian Zenz, a prominent critic of the Chinese government’s systematic imprisonment of Uyghurs in Xinjiang. The letter falsely claimed that Zenz received financial support from Rubio and right-wing political operative Steve Bannon. (William Turton / Bloomberg)

Related: Cybersecurity 202, Washington Times, Mandiant

The UK parliament closed its TikTok account just one week after it was launched after a group of MPs and peers placed under sanctions by China raised concerns that the regime in Beijing used the social media app as spyware.

Senior parliamentarians, including former Conservative party leader Sir Iain Duncan Smith and Tom Tugendhat, chair of the Foreign Affairs select committee, wrote to the speakers of the House of Commons and Lords late last month, just after the account went live, warning them of “considerable” data security risks because of TikTok’s Chinese-owner ByteDance. The parliamentarians were part of a cohort of politicians, academics, and lawyers hit with sanctions by China last year for their criticism of internment camps in Xinjiang. (Jasmine Cameron-Chileshe and Cristina Criddle / Financial Times)

Related: Sky News, The Guardian, Politico, South China Morning Post, The Register

Albert Pedersen, currently a student at Skive College in Midtjylland, Denmark, discovered that Cloudflare’s email routing service had a bug allowing users to read or manipulate other users’ emails.

The vulnerability, which Cloudflare has confirmed but was never exploited, involved a flaw in the program’s zone ownership verification system, making it possible for a hacker to reconfigure email routing and forwarding for email domains that they didn’t own. Cloudflare’s bug bounty program awarded him $6,000 for his efforts. (Lucas Ropek / Gizmodo)

Related: The Register, Albert Pederson, HackerOne

The Ukrainian cyber police (SSU) shut down a massive bot farm of 1,000,000 bots in Kyiv, Kharkiv, and Vinnytsia that spread disinformation on social networks to discredit information from the official Ukrainian state sources, destabilize the social and political situation in the country and create internal strife.

Given the messages' nature, the disinformation machine operators are believed to be members of the Russian special services. SSU's investigation led to the criminal group's leader, a Russian "political expert" who in the past lived in Kyiv. The operators used 200 proxy servers that spoofed the actual IP addresses and evaded detection of fraudulent activity and blocking by the social media platforms. SSU says the bot farm developed and deployed custom software to remotely manage the pseudonymous social media accounts, coordinating them to push the required propaganda messages. (Bill Toulas / Bleeping Computer)

Related: SSU.gov.ua

Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Researchers from the Computer Security and Industrial Cryptography group at KU Leuven discovered a new and powerful attack that used a single traditional computer to completely break a post-quantum computing encryption algorithm put forward by the National Institute of Standards and Technology (NIST).

The new attack breaks SIKE, short for Supersingular Isogeny Key Encapsulation. The researchers developed a technique that uses complex mathematics and a single traditional PC to recover the encryption keys protecting the SIKE-protected transactions. The entire process requires only about an hour. The feat makes the researchers, Wouter Castryck and Thomas Decru, eligible for a $50,000 reward from NIST. SIKE is the second NIST-designated post-quantum cryptograph candidate to be invalidated this year. (Dan Goodin / Ars Technica)

Related: Reddit - cybersecurity, KU Leuven

A report from the Center for Democracy and Technology finds that 89% of teachers have said that their schools will continue using student-monitoring software, up five percentage points from last year, highlighting concerns that the products may also be used to criminalize students who seek reproductive health resources on school-issued devices.

The report reveals that forty-four percent of teachers reported that at least one student at their school had been contacted by law enforcement due to behaviors flagged by the monitoring software. And thirty-seven percent of teachers who say their school uses activity monitoring outside of regular hours report that such alerts are directed to “a third party focused on public safety,” such as local police department and immigration enforcement. (Pia Ceres / Wired)

Related: Center for Democracy and Technology

Twitter avatar for @evan_greerEvan Greer @evan_greer
Huge yikes in this story about school surveillance: schools sent teens home with chrome books pre-loaded with Gaggle spyware. Teens plugged their phones into their laptops to charge them. Gaggle sent administrators alerts when teens texted each other nudes
Kids Are Back in Classrooms and Laptops Are Still Spying on ThemAs the post-Roe era underscores the risks of digital surveillance, a new survey shows that teens face increased monitoring from teachers—and police.wired.com

August 3rd 2022

2,281 Retweets4,878 Likes
Twitter avatar for @MindingPrivacyJolynn Dellinger @MindingPrivacy
The pervasive, privacy invasive surveillance of students will have far reaching consequences for these kids’ autonomous decision making, identity, intellectual freedom and security. Kids Are Back in Classrooms and Laptops Are Still Spying on Them
Kids Are Back in Classrooms and Laptops Are Still Spying on ThemAs the post-Roe era underscores the risks of digital surveillance, a new survey shows that teens face increased monitoring from teachers—and police.wired.com

August 3rd 2022

Smart App Control (SAC), a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several file types threat actors have recently adopted to infect targets with malware in phishing attacks.

"Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros," David Weston, Microsoft's VP for Enterprise and OS Security, said on Twitter. When blocking a dangerous file using SAC, the system will open a foreground dialog with the following message: "Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous." (Sergiu Gatlan / Bleeping Computer)

Related: Neowin, gHacks, Wired

Twitter avatar for @dwizzzleMSFTDavid Weston (DWIZZZLE) @dwizzzleMSFT
Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros.

Selena @selenalarson

Threat actors are already adapting to life in a post-macro world. With @dansomware, I took a look at campaigned threats in our data to see what actors are using now. Spoiler: ISO, LNK, RAR are the new hotness https://t.co/Yfh5L1p8Te

August 2nd 2022

15 Retweets67 Likes

A hacktivist collective that calls itself Guacamaya posted more than two terabytes of hacked emails and files from a host of mining companies in Central and South America in a move to apparently expose environmental damage in the region.

The group posted the files from five public and private mining companies and two public agencies responsible for environmental oversight, one in Colombia and the other in Guatemala. The files were posted to Enlace Hacktivista, a site for documenting hacker history and sharing educational resources that provides space “for hackers to publish their hacks, leaks, and communiques.”

The files come from ENAMI, an Ecuadorian state mining company; the Agencia Nacional de Hidrocarburos (ANH) in Colombia; New Granada Energy Corporation in Colombia; Quiborax, a mining company in Chile; Oryx, an oil company in Venezuela; Tejucana, a Brazilian mining company; and Guatemala’s Ministerio De Ambiente y Recursos Naturales. Transparency advocate website DDoSecrets posted the files. (AJ Vicens / Cyberscoop)

Related: Distributed Email of Secrets

Twitter avatar for @corintxtCorin Faife @corintxt
👀 New #DDoSecrets leak - released early hours of this morning - claims to publish 2TB of emails from LatAm mining and fossil fuel companies
ddosecrets.substack.com/p/extractivist…
Image

August 3rd 2022

80 Retweets131 Likes

The nominee to be the first U.S. ambassador at large for cyberspace and digital policy, Nate Fick, said during his Senate Foreign Relations Committee confirmation hearing one of his top priorities would be to “assert the State Department’s rightful place in the interagency process on topics of cybersecurity and digital policy.”

His comments follow recent negotiations between State and the Defense Department over cyber authorities in which both sides have been maneuvering for more control over cyber operations. The State Department should also play a more significant role in pursuing and managing partnerships with other countries to “finance the deployment of secure infrastructure,” Fick said in an apparent reference to Chinese companies such as Huawei. (Suzanne Smalley / Cyberscoop)

Related: Angus King, Government Technology, Foreign.Senate.Gov

Kim Wyman, the senior election security advisor for the Cybersecurity and Infrastructure Security Agency (CISA), said during a Senate Judiciary Committee hearing that the level of digital targeting and physical threats directed toward election workers has reached the highest point in her 30-year career. 

Wyman said CISA has a list of five things they are working on to help protect election workers, explaining that the agency will continue to share “actionable information” with election officials about threats and risks to election infrastructure alongside intelligence agencies and law enforcement. (Jonathan Greig / The Record)

Related: StateScoop

Private equity firm Thoma Bravo announced it is buying enterprise identity management company Ping for $2.8 billion and will take it private.

Thoma Bravo will be paying $28.50 per share in an all-cash transaction, which is 63% over Ping Identity’s closing share price on August 2, 2022. (Ingrid Lunden / TechCrunch)

Related: Investor's Business Daily, AiThority, VC Deals – P.E. Hub, Barron's, MSSP Alert, Motley Fool, Ingrid Lunden – TechCrunch, DataBreachToday.com, SiliconANGLE, BNN Bloomberg, Security Week, Help Net Security, Reuters, CSO Online, Pitchbook, Marketwatch, Wall Street Journal, PR Newswire

Share this post
Team of 'White Hat' Hackers Sought to Slow Down Solana Attack
metacurity.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing