The Startup That Transformed the Hack-for-Hire Industry

For those seeking some engaging weekend reads, WIRED has a variety of articles. A senior reporter has revealed the intriguing story behind the teenage hackers responsible for the 2016 Mirai botnet. Another contributor discusses the 1947 “discovery” of aliens in Roswell, New Mexico, and finally, an in-depth article explores how communities are solving cold cases using AI and face recognition technology.

Moreover, there’s a roundup of security and privacy stories that weren’t covered extensively, providing readers with the opportunity to delve deeper into these topics and stay informed.

NSO Group and Hacking Team have faced repeated controversy for selling digital intrusion and cyberespionage services. However, less well-known is the Indian startup Appin, which operated from New Delhi and enabled global customers to conduct large-scale hacking activities, targeting whistleblowers, activists, corporate competitors, lawyers, and celebrities. A comprehensive investigation by Reuters, involving former Appin staff and hacking victims, uncovered extensive evidence of the company’s activities, including internal documents and case files from law enforcement investigations. The investigation revealed how Appin and its alumni-founded copycat companies sold hacking services to the highest bidders through an online portal named My Commando, with victims ranging from Russian oligarchs to members of Native American tribes.

In a recent report, Reuters detailed the activities of the ransomware group Scattered Spider, which has inflicted significant damage on organizations, including approximately $100 million in losses for MGM Casinos. The report also suggested that some members of the group may be located in the West, within reach of US law enforcement. However, the report raised concerns about the capacity of law enforcement to combat such cybercriminal activities, as well as the reluctance of victims to cooperate in investigations.

Denmark’s SektorCERT issued a warning after hackers exploited a bug in the firewall appliances of 22 Danish power utilities, marking the largest cyberattack on the Danish power grid. The report indicated that the intrusions were attributed to the group Sandworm and its connection to Russia’s GRU military intelligence agency. Fortunately, the hackers were expelled from the networks before causing any disruption to the utilities’ customers.

Last month, WIRED featured the efforts of a whitehat hacker startup, Unciphered, in unlocking cryptocurrency wallets. It was then revealed that the company identified a flaw in a random number generator widely used in cryptocurrency wallets created before 2016, potentially exposing up to $1 billion to theft. This discovery stemmed from the company’s attempt to unlock a client’s wallet containing $600,000 in crypto, ultimately uncovering a vulnerability in the open-source code, BitcoinJS, which could leave numerous wallets susceptible to hacking. Interestingly, the creator of this flawed code is none other than Stefan Thomas, the owner of $250 million in bitcoin locked on a thumb drive.

Source link

Leave a Comment