14 DAY TRIAL // We’re giving you the chance to catch up on some reading in case you haven’t been online much over the past week or in case you might have missed some of the more important infosec stories.
Bitcoin has made a lot of headlines over the past period, particularly after it started pushing towards the $1,000 (€750) mark. Bitcoin has become associated with scams, crime, hacks, and even malware.
Researchers from Trusteer have come across a variant of the Citadel malware that’s designed to take screenshots when victims visit Bitcoin or other payment platform websites. Some cybercriminals are content with using Bitcoin, while others say it’s too volatile.
In Germany, police have arrested a couple of individuals suspected of using a botnet to generate Bitcoins. They’re said to have made over €700,000 ($954,000).
When it comes to Bitcoin-related scams, we have a couple of interesting stories. First, Chinese authorities have arrested the scammers running the GBL trading platform.
Secondly, the underground marketplace known as Sheep, the one that replaced Silk Road, was shut down after someone stole a large amount of Bitcoins. The site’s owners have accused a vendor, but many believe they might have been running a scam right from the start.
Bitcoin Talk has been once again targeted by cybercriminals. They’ve launched a DDOS attack against the website and changed its DNS records by leveraging a vulnerability in the systems of the AnonymousSpeech.com registrar. Users have been advised to change their passwords since the information might have been compromised.
As far as Android is concerned, the most interesting story is the one regarding the Class 0 (Flash SMS) message vulnerability. After security researcher Bogdan Alecu presented his findings at the DefCamp security conference, showing how a remote attacker can reboot Google Nexus devices by sending Flash SMS messages, Google made an interesting move.
The search engine giant decided to remove an app, HushSMS, from Google Play. The application in question was developed by Alecu in collaboration with German developer Michael Mueller. It had been on the Play website for almost two years before Google decided that it violated policies.
In related news, experts have identified a vulnerability in Android 4.3 that can be exploited to remove all device locks. The attack is carried out with the aid of rogue apps.
HushSMS isn’t the only app removed by Google from the Play store. The Balloon Pop 2 game has also been removed, but this time for a good reason. Experts found that the app was actually harvesting WhatsApp private conversations and putting them up for sale on a website.
Meanwhile, the FTC has reached a settlement with the developers of the Brightest Flashlight app. The company has promised to stop misleading customers about what information is collected and how it’s used.
Hacktivist operations have also made a number of headlines over the past week. Operations have been announced in countries such as Tunisia, Angola, Turkey, Honduras, Venezuela, and Ukraine.
A Turkish hacktivist known as Maxney has breached the website of Vodafone Iceland. The details of over 70,000 users have been leaked, and several subdomains have been defaced.
Also in the hacktivism section, Singapore is charging more and more individuals for the recent Anonymous attacks against government websites. Five individuals have been charged for the attacks against the websites of the prime minister, the president, and the Ang Mo Kio Town Council.
In the case against the PayPal 14 group, most of the suspects have pleaded guilty to misdemeanor and felony charges. However, if they don’t misbehave until the sentencing that’s scheduled to take place in a year from now, the felony charges will be dropped and they’ll get probation.
The 38-year-old accused of taking part in the Anonymous cyberattack against the website of Koch Industries got two years probation, and he’ll have to pay $183,000 (€135,000) in restitution. That’s apparently what you get for taking part in a DDOS attack for one minute.
Russian authorities have finally issued a statement regarding the arrest of Paunch, the developer of the BlackHole and Cool exploit kits. Russian IT security firm Group-IB, which contributed to the investigation, even released a couple of pictures of the suspect. Check out Paunch sitting in front of his Porsche Cayenne.
Here are some other interesting stories, in case you’ve missed them:
Video overview of the DefCamp security conference
RBS website disrupted by DDOS attack
FBI used malware to track down Iranian man who made bomb threats
Microsoft and law enforcement agencies disrupt ZeroAccess botnet
JPMorgan Chase hacked, details of 465,000 customers stolen
Experts find 2 million passwords on hacker server
Malware uses inaudible audio signals to transmit data
Syrian Electronic Army targets Time because of Assad’s description in the Person of the Year poll