An anonymous reader quotes a report from Wired: Phone spear phishing" attacks have been on the rise since a bitcoin scam took over the social media platform in July. When law enforcement arrested three alleged young hackers in the US and the UK last month, the story of the worst-known hack of Twitter's systems seemed to have drawn to a tidy close. But in fact, the technique that allowed hackers to take control of the accounts of Joe Biden, Jeff Bezos, Elon Musk, and dozens of others is still in use against a broad array of victims, in a series of attacks that began well before Twitter's blowup, and in recent weeks has escalated into a full-blown crime wave.

But Twitter is hardly the only recent target of "phone spear phishing," also sometimes known as "vishing," for "voice phishing," a form of social engineering. In just the past month since the Twitter hack unfolded, dozens of companies -- including banks, cryptocurrency exchanges, and web hosting firms -- have been targeted with the same hacking playbook, according to three investigators in a cybersecurity industry group that's been working with victims and law enforcement to track the attacks. As in the Twitter hack, employees of those targets have received phone calls from hackers posing as IT staff to trick them into giving up their passwords to internal tools. Then the attackers have sold that access to others who have typically used it to target high-net-worth users of the company's services -- most often aiming to steal large amounts of cryptocurrency, but also sometimes targeting non-crypto accounts on traditional financial services. "Simultaneous with the Twitter hack and in the days that followed, we saw this big increase in this type of phishing, fanning out and targeting a bunch of different industries," says Allison Nixon, who serves as chief research officer at cybersecurity firm Unit 221b and assisted the FBI in its investigation into the Twitter hack. "I've seen some unsettling stuff in the past couple of weeks, companies getting broken into that you wouldn't think are soft targets. And it's happening repeatedly, like the companies can't keep them out."

While the perpetrators don't appear to be state-sponsored hackers or foreign cybercrime organizations, it may be only a matter of time until they're adopted by these foreign groups who contract out the phone calls to English-speaking phone phishers.

A few quintillion possible decryption keys stand between a man and his cryptocurrency. From a report: In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys -- and wanted Stay's help getting his $300,000 back. It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in. In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.

[...] "If we find the password successfully, I will thank you," The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he'd still be turning quite the profit. "It's the most fun I've had in ages. Every morning I was excited to get to work and wrestle with the problem," says Stay, who today is the chief technology officer of the blockchain software development firm Pyrofex. "The zip cipher was designed decades ago by an amateur cryptographer -- the fact that it has held up so well is remarkable." But while some zip files can be cracked easily with off-the-shelf tools, The Guy wasn't so lucky. That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions -- like the one used in The Guy's case -- use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It's one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.

Richard Stallman gave a new interview to the site Cointelegraph, which asked him his feelings about cryptocurrencies. "I'm not against them," Stallman answers "I'm not campaigning to eliminate them, I just don't particularly want to use them."

Cointelegraph then asks Stallman how he feels about tests underway for the Chinese government's own central bank digital currency: Richard Stallman: "Digital payment systems are fundamentally dangerous if they are not engineered to ensure privacy. China is the enemy of privacy. China shows what totalitarian surveillance is like. I consider that hell on earth. That's part of why I haven't used cryptocurrencies that are issued by the community. If the cryptocurrency is issued by a government, it would surveille people just the way credit cards do and PayPal does, and all those other systems meaning completely unacceptable."
Stallman later says "I don't do any kind of digital payments, and the reason is the systems that exist do not respect the user's privacy, and that includes Bitcoin. Every Bitcoin transaction is published." But when Cointelegraph asks about various Bitcoin modifications designed for privacy, Stallman answers "I am not convinced about them." Richard Stallman: In any case, the GNU project has developed something much better, which is GNU Taler. GNU Taler is not a cryptocurrency. It is not a currency at all. It is a payment system designed to be used for anonymous payments to businesses to buy something. It is anonymous through a blind signature for the payer. However, the payee has to identify itself for every purchase in order to get money out of the system. So the idea is you can use your bank account to get Taler Tokens, and you can spend them and the payee won't be able to tell who you are.

It won't be able to tell that you got the token from a particular bank account at a particular time, even though you did so. To convert your payment into money in its own bank, the store (the payee) will have to identify itself. So this gives privacy in a much more reliable way than cryptocurrencies do, and it blocks the idea of using this system to enable tax evasion.

GNU Taler recently had an exciting milestone. A few months ago the eurozone banking system became interested in supporting Taler payments, and just recently they succeeded using a test setup in obtaining Taler tokens with one bank account and paying them to another bank account through the Taler system. Now, it's not something that anybody can use but it will be, and that will be really exciting.
And in response to a question about Facebook's "Libra" digital currency project, Stallman says he hasn't study the details "because the most important thing about it I already know. It's connected with Facebook, and Facebook means surveillance.

"I urge people to join me in absolutely refusing to use Facebook or rather be used by Facebook. Because Facebook doesn't have users. Facebook has used. So don't be a sucker, don't be used by Facebook."

The operators of the NetWalker ransomware are believed to have earned more than $25 million from ransom payments since March this year, security firm McAfee said today. From a report: Although precise and up-to-date statistics are not available, the $25 million figure puts NetWalker close to the top of the most successful ransomware gangs known today, with other known names such as Ryuk, Dharma, and REvil (Sodinokibi). McAfee, who recently published a comprehensive report about NetWalker's operations, was able to track payments that victim made to known Bitcoin addresses associated with the ransomware gang. However, security experts believe the gang could have made even more from their illicit operations, as their view wasn't complete.

The New York Times tells the story of the 17-year-old "mastermind" arrested Friday for the takeover of dozens of high-profile Twitter accounts.

They report that Graham Ivan Clark "had a difficult family life" and "poured his energy into video games and cryptocurrency" after his parents divorced when he was 7, and he grew up in Tampa, Florida with his mother, "a Russian immigrant who holds certifications to work as a facialist and as a real estate broker." By the age of 10, he was playing the video game Minecraft, in part to escape what he told friends was an unhappy home life. In Minecraft, he became known as an adept scammer with an explosive temper who cheated people out of their money, several friends said.... In late 2016 and early 2017, other Minecraft players produced videos on YouTube describing how they had lost money or faced online attacks after brushes with Mr. Clark's alias "Open...."

Mr. Clark's interests soon expanded to the video game Fortnite and the lucrative world of cryptocurrencies. He joined an online forum for hackers, known as OGUsers, and used the screen name Graham$... Mr. Clark described himself on OGUsers as a "full time crypto trader dropout" and said he was "focused on just making money all around for everyone." Graham$ was later banned from the community, according to posts uncovered by the online forensics firm Echosec, after the moderators said he failed to pay Bitcoin to another user who had already sent him money to complete a transaction.

Still, Mr. Clark had already harnessed OGUsers to find his way into a hacker community known for taking over people's phone numbers to access all of the online accounts attached to the numbers, an attack known as SIM swapping. The main goal was to drain victims' cryptocurrency accounts. In 2019, hackers remotely seized control of the phone of Gregg Bennett, a tech investor in the Seattle area. Within a few minutes, they had secured Mr. Bennett's online accounts, including his Amazon and email accounts, as well as 164 Bitcoins that were worth $856,000 at the time and would be worth $1.8 million today... In April, the Secret Service seized 100 Bitcoins from Mr. Clark, according to government forfeiture documents... Mr. Bennett said in an interview that a Secret Service agent told him that the person with the stolen Bitcoins was not arrested because he was a minor... By then, Mr. Clark was living in his own apartment in a Tampa condo complex...

[L]ess than two weeks after the Secret Service seizure, prosecutors said Mr. Clark began working to get inside Twitter. According to a government affidavit, Mr. Clark convinced a "Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal."
The plan was to sell access to the breached Twitter accounts, but Clark apparently began cheating his customers again, the Times reports — "reminiscent of what Mr. Clark had done earlier on Minecraft..."

"Mr. Clark, who prosecutors said worked with at least two others to hack Twitter but was the leader, is being charged as an adult with 30 felonies."

Apple co-founder Steve Wozniak says YouTube has for months allowed scammers to use his name and likeness as part of a phony bitcoin giveaway similar to the one that was quickly extinguished by Twitter last week. Scammers used images and video of Wozniak, who left Apple in 1985, to convince YouTube users that he was hosting a live giveaway and anyone who sent him bitcoins will get double the number back, according to a lawsuit filed Tuesday in state court in San Mateo County, California. "But when users transfer their cryptocurrency, in an irreversible transaction, they receive nothing back," Wozniak said. From a report: The scam also uses the names and images of other tech celebrities, including Microsoft co-founder Bill Gates and Tesla Chief Executive Officer Elon Musk, according to the suit. YouTube has been "unresponsive" to Wozniak's repeated requests to take down the fraudulent videos, he said. By contrast, Twitter reacted "that same day" after the accounts of Barack Obama, Joe Biden and high-profile users were hacked last week as part of a similar phony bitcoin giveaway, he said. "YouTube has been unapologetically hosting, promoting, and directly profiting from similar scams." Wozniak sued along with 17 other alleged victims of the scam. They are asking the court to order YouTube and its parent company Alphabet to immediately remove the videos and to warn users about the scam giveaways. They are also seeking compensatory and punitive damages.

Crypto exchange Coinbase has said that it prevented little over 1,100 customers from sending bitcoin to Twitter hackers who hijacked high-profile accounts to advertise a bitcoin scam last week. From a report: If Coinbase didn't take the step, these customers would have collectively sent 30.4 bitcoin (currently worth about $278,000) to hackers, the exchange's chief information security officer, Philip Martin, told Forbes. Notably, this amount is more than twice the actual amount ($121,000) that hackers collected via victims. Despite Coinbase's action, its 14 customers still fell prey to the scam and sent around $3,000 worth of bitcoin to hackers before the exchange blacklisted their addresses, said Martin. Gemini, Kraken, and Binance users also tried sending bitcoins to the addresses, but not as much as Coinbase's customers, per the report. All these exchanges moved to block the addresses as soon as the scam came to light.

Slashdot reader Charlotte Web quotes Mashable: Three years ago on this date, on July 17, 2017, McAfee, the eccentric founder of the antivirus software company bearing his name, made the bet of a lifetime. McAfee made a bet that in three years a single bitcoin (1 BTC) would be worth $500,000.

Now while most people would throw down money to make this bet, McAfee had a very different idea. "if not, I will eat my **** on national television...."

Fast forward to July 17, 2020, three years from the day McAfee made his bet. Today, a bitcoin is worth around $9,150. It's certainly up from three years ago, sure. But we're far away from $500,000. The world may be very different from the one we were living in three years ago, but a bet is a bet.

Many on Twitter reminded McAfee that it was time to make good on his bet.

McAfee's response? He appears to be chickening out... "The bet was the end 8f 2020."
McAfee also tweeted that at the end of 2020, he'd still honor the bet.

"Myself, or, perhaps, a subcontractor :)"

The New York Times claims to have traced the origins of a Twitter security breach to "a teasing message between two hackers late Tuesday on the online messaging platform Discord." [The Times' article was also republished here by the Bangkok Post.] "yoo bro," wrote a user named "Kirk," according to a screenshot of the conversation shared with The New York Times. "i work at twitter / don't show this to anyone / seriously." He then demonstrated that he could take control of valuable Twitter accounts — the sort of thing that would require insider access to the company's computer network. The hacker who received the message, using the screen name "lol," decided over the next 24 hours that Kirk did not actually work for Twitter because he was too willing to damage the company. But Kirk did have access to Twitter's most sensitive tools, which allowed him to take control of almost any Twitter account...

[F]our people who participated in the scheme spoke with The Times and shared numerous logs and screen shots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public. The interviews indicate that the attack was not the work of a single country like Russia or a sophisticated group of hackers. Instead, it was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6... "lol" did not confirm his real-world identity, but said he lived on the West Coast and was in his 20s. "ever so anxious" said he was 19 and lived in the south of England...
The group began by selling access to highly-coveted Twitter handles for bitcoin, according to the Times, including the accounts @dark, @w, @l, @50 and @vague.

Brian Krebs had suggested tweets of Twitter's internal tools came from "notorious SIM swapper" PlugWalkJoe — but the Times spoke to the 21-year-old (real name: Joseph O'Connor) who says his only involvement was taking possession of the breached Twitter account @6. "I don't care. They can come arrest me. I would laugh at them. I haven't done anything." Mr. O'Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter's internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company's servers. People investigating the case said that was consistent with what they had learned so far.
Meanwhile, Twitter has said, "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams."

But Mashable brings more bad news: In an update posted on Friday night, Twitter ran down what its internal investigation has discovered so far. One piece of previously unknown information: the hacker(s) downloaded the personal account data for up to eight of the accounts which they had access to.

I should make this clear up front: that data includes direct messages...

As rumors spread around the platform as to which eight accounts could have been targeted, Twitter released an additional clarification... "[T]o address some of the speculation: none of the eight were Verified accounts..." Twitter also says 130 Twitter accounts were targeted... The company said that hackers gained access to 45 of them via a password reset and, for a second time, reiterated that the passwords used on the accounts were not accessed.
An article shared by Slashdot reader kimmmos notes that one account that went untouched was that of U.S. president Donald Trump. The Verge reports "it could be because Twitter has implemented extra protections for his account." But responding to the other account breaches, "A Twitter spokesperson confirmed the company has been in touch with the FBI," reports CNN. "We're acutely aware of our responsibilities to the people who use our service and to society more generally," Twitter added in a blog post.

"We're embarrassed, we're disappointed, and more than anything, we're sorry."

The breach revealed Twitter's engineering prowess and management practices as subpar. Hedge fund Elliott Management can't be happy about its investment. From a report: Even if Twitter's user growth is relatively unaffected, shareholders shouldn't overlook what the latest in a long series of security incidents says about the how the company works and why its stock has been such a disappointment: Twitter's engineering prowess and management practices are simply second-rate. On Wednesday, numerous Twitter accounts from business leaders, celebrities to major companies -- including Elon Musk, Barack Obama, Jeff Bezos and Apple -- were hacked and posted cryptocurrency scam messages, promising to double the amount of any funds sent to a specific Bitcoin address. Twitter later admitted to the unprecedented nature of the breach, saying it believes it fell victim to a "coordinated social engineering attack," where hackers were able to take control of its internal systems. CEO Jack Dorsey tweeted, "Tough day for us at Twitter. We all feel terrible this happened."

Certainly, hedge fund Elliott Management must not be pleased with the turn of events. The activist hedge fund and Twitter stakeholder reached an agreement with the company earlier this year to restructure the company's board, standing down on an initial goal of replacing management including Dorsey. The lackluster security is more ammunition for Twitter's critics who have long questioned the company's efficacy in using its engineering resources. Even as Chinese super-apps such as WeChat have expanded upon core messaging services to build vast consumer internet empires, and Facebook has transformed its platforms into advertising money machines, the basic nature of Twitter's offering hasn't changed much over the past decade. That, even as the company spends an incredible amount in research and development annually -- including nearly $700 million last year alone. Where does all the money go?

Brian Krebs has written a blog post with clues about who may have been behind yesterday's Twitter hack, which had some of the world's most recognizable public figures tweeting out links to bitcoin scams. An anonymous reader shares an excerpt from the report (though we strongly recommend you read the full analysis here): There are strong indications that this attack was perpetrated by individuals who've traditionally specialized in hijacking social media accounts via "SIM swapping," an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target's account. In the days leading up to Wednesday's attack on Twitter, there were signs that some actors in the SIM swapping community were selling the ability to change an email address tied to any Twitter account. In a post on OGusers -- a forum dedicated to account hijacking -- a user named "Chaewon" advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece. "This is NOT a method, you will be given a full refund if for any reason you aren't given the email/@, however if it is revered/suspended I will not be held accountable," Chaewon wrote in their sales thread, which was titled "Pulling email for any Twitter/Taking Requests."

Hours before any of the Twitter accounts for cryptocurrency platforms or public figures began blasting out bitcoin scams on Wednesday, the attackers appear to have focused their attention on hijacking a handful of OG accounts, including "@6." That Twitter account was formerly owned by Adrian Lamo -- the now-deceased "homeless hacker" perhaps best known for breaking into the New York Times's network and for reporting Chelsea Manning's theft of classified documents. @6 is now controlled by Lamo's longtime friend, a security researcher and phone phreaker who asked to be identified in this story only by his Twitter nickname, "Lucky225."[...] But around the same time @6 was hijacked, another OG account -- @B -- was swiped. Someone then began tweeting out pictures of Twitter's internal tools panel showing the @B account. Another Twitter account -- @shinji -- also was tweeting out screenshots of Twitter's internal tools. Minutes before Twitter terminated the @shinji account, it was seen publishing a tweet saying "follow @6," referring to the account hijacked from Lucky225.

Cached copies of @Shinji's tweets prior to Wednesday's attack on Twitter are available here and here from the Internet Archive. Those caches show Shinji claims ownership of two OG accounts on Instagram -- "j0e" and "dead." KrebsOnSecurity heard from a source who works in security at one of the largest U.S.-based mobile carriers, who said the "j0e" and "dead" Instagram accounts are tied to a notorious SIM swapper who goes by the nickname "PlugWalkJoe." Investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists. Now look at the profile image in the other Archive.org index of the @shinji Twitter account (pictured below). It is the same image as the one included in the @Shinji screenshot above from Wednesday in which Joseph/@Shinji was tweeting out pictures of Twitter's internal tools.

This individual, the source said, was a key participant in a group of SIM swappers that adopted the nickname "ChucklingSquad," and was thought to be behind the hijacking of Twitter CEO Jack Dorsey's Twitter account last year. The mobile industry security source told KrebsOnSecurity that PlugWalkJoe in real life is a 21-year-old from Liverpool, U.K. named Joseph James Connor. The source said PlugWalkJoe is in Spain where he was attending a university until earlier this year. He added that PlugWalkJoe has been unable to return home on account of travel restrictions due to the COVID-19 pandemic. [...] If PlugWalkJoe was in fact pivotal to this Twitter compromise, it's perhaps fitting that he was identified in part via social engineering.

Day traders on viral video app TikTok are encouraging people to speculate on a joke cryptocurrency called Dogecoin. Based on an old Internet meme -- an overly sincere and whimsically grammar-challenged Shiba Inu dog -- the digital coin was developed as a Bitcoin-spinoff in 2013, after which it quickly rose to prominence as a gag. From a report: The shenanigans of the cryptocurrency-pumpers appear to be working, at least for now. The price of Dogecoin has nearly doubled since July 6th, rising 95% to $0.00448 from $0.0023, according to data from OnChainFX, a cryptocurrency data tracker. The price of Dogecoin peaked in January 2018 at $0.013 before promptly crashing. It appears a flood of stuck-at-home market hypers is behind the push to hype the cryptocurrency. "Go invest in Dogecoin, make me rich," wrote one pumper. "They cant stop us all," encouraged another. Yet one more: "worth it. i swear #stocks #coins #dogecoin #money"

A confrontation between venture capitalists and journalists has been slowly playing out on Twitter — and in an incendiary article on VICE US.

It started when...

• A luggage startup's co-CEO complained on Instagram about young reporters who "forgo their personal ethics."

• A New York Times reporter called the posts "incoherent" and "disappointing."

• Angel investor Balaji S. Srinivasan (also the former CTO of Coinbase) later said the reporter "attacked" the co-CEO, who he then needed to defend — calling the reporter a sociopath in a multi-tweet thread.

• The New York Times reporter tweeted that investor had "been ranting about me by name for months now."

The reporter and the angel investor both finally ended up on Clubhouse, an elite invitation-only audio social network popular with venture capitalists, but the reporter left early. Later Vice published leaked audio of the subsequent conversation, which included Srinivasan and several other Andreessen Horowitz venture capitalists, in which Vice says participants "spent at least an hour talking about how journalists have too much power to 'cancel' people and wondering what they, the titans of Silicon Valley, could do about it."

Then things got really ugly...

An anonymous reader quotes a report from Wired: The threat of ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.

Though ThiefQuest is packed with menacing features, it's unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton. K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program." So far, though, the researchers say that it doesn't seem to have a significant number of downloads, and no one has paid a ransom to the Bitcoin address the attackers provide. [...] Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation state spies looking to conduct espionage.

Someone transferred bitcoins worth close to $1 billion on Tuesday morning, a move that was public for everyone to see while the identities of the sender and receiver remain unknown. Motherboard reports: Big money moves hiding in plain sight tend to be events of some interest among Bitcoiners. Decrypt noted that the sending wallet was recognized as the largest Bitcoin wallet not known to be associated with a business such as an exchange. This means that it could belong to a wealthy private individual, or it could really belong to an exchange, investor, or other business that is simply currently unknown. There's no obligation to publicize which Bitcoin addresses one controls, and if nobody else puts two and two together, one's activities may remain shrouded in pseudonymity.

If the Bitcoin wallet belongs to someone legit, then it's likely the transfer was internal to the business, or it represents a large purchase of goods or services, or the sale of bitcoins. Regardless of what it was, the business would be expected to pay taxes in any relevant circumstances. If the transfer wasn't legit, well, pseudonymity and the ability to freely move money without the pre-approval of an authority is the point of Bitcoin. That being said, law enforcement is certainly aware of Bitcoin at this stage in the game and if I'm talking about this transfer then I'm sure more important people could be, too.

A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back. From a report: Attacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams. Attacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password. ZDNet was able to identify around 1,000 such devices using a Shodan search.

Bitcoin ATM operator LibertyX now offers bitcoin purchases at the United States' most popular convenience and drug stores. From a report: Per a PR Newswire released on Jun 22, the company has finished rolling out the buying option which will be available in "20,000 retail locations around the U.S., including major convenience store and pharmacy chains, such as 7-Eleven, CVS Pharmacy, and Rite Aid." This service will give LibertyX users the option to purchase bitcoin with cash at any of the participating retailers' cashier counters. These 20,000 new buying centers add to the 5,000 Bitcoin ATMs that the company has established across the United States since it launched in 2014.

Forbes reports on ThreeFold, an ambitious new "long-term project to rewire the internet in the image of its first incarnation: decentralized, unowned, accessible, free." "We have 18,000 CPU cores and 90 million gigabytes, which is a lot of capacity," founder Kristof de Spiegeleer told me recently on the TechFirst podcast. "It's probably between five and ten times more than all of the capacity of all the blockchain projects together..."

"It's a movement," de Spiegeleer says about ThreeFold. "It's where we invite a lot of people to...basically help us to build a new internet. Now it sounds a little bit weird building a new internet. We're not trying to replace the cables... what we need help with is that we get more compute and storage capacity close to us." That would be a fundamentally different kind of internet: one we all collectively own rather than just one we all just use.

It requires a lot of different technology for backups and storage, for which ThreeFold is building a variety of related technologies: peer-to-peer technology to create the grid in the first place; storage, compute, and network technologies to enable distributed applications; and a self-healing layer bridging people and applications. Oh, and yes. There is a blockchain component: smart contracts for utilizing the grid and keeping a record of activities. "Farmers" (read: all of us) provide capacity and get micropayments for usage.

So instead of a Bitcoin scenario where some of the fastest computers in the world waste country-scale amounts of electricity doing arcane math to create an imaginary currency with dubious value (apologies, are my biases showing?) you have people providing actual tangible services for others in exchange for some degree of cryptocurrency reward. Which, in my (very) humble opinion, offers a lot more social utility...

ThreeFold and partners have invested more than $40 million in make it happen, de Spiegeleer says, and there are more than 30 partners working on the project or onboarding shortly. "So it's happening," he says.
In the interview, de Spiegeleer points out 80% of current internet capacity is owned by less than 20 companies, arguing on the podcast that "It really needs to be something like electricity.

"It needs to be everywhere and everyone needs to have access to it. It needs to be cost effective, it needs to be reliable, it needs to be independent..."

"The U.S. federal government just awarded a grant to the blockchain startup Key Retroactivity Network Consensus (KRNC)," reports Futurism.com, "to study the feasibility of integrating cryptocurrency into the economy." That doesn't mean that the U.S. is going to pivot to a digital blockchain dollar, CoinDesk reports. Rather, the National Science Foundation funded KRNC because it's interested in exploring new ways to improve the security of digital transactions.

The protocol KRNC is developing would meter out a new cryptocurrency in proportion to a user's existing wealth, CoinDesk reports, instead of requiring them to purchase or actively mine new crypto. In other words, it wouldn't make people richer, but it would grant them an alternative means to transfer funds online.

"Bitcoin, which runs on the principle of Proof-of-Work, is wasteful," KRNC CEO Clint Ehrlich told CoinDesk. "It requires people to waste money and computing power solving pointless problems."

"A newly uncovered form of ransomware is going after Windows and Linux systems," reports ZDNet, "in what appears to be a targeted campaign." Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cyber criminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.

Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanised Java Runtime Environment and is compiled in a Java image file (Jimage) to hide the malicious intentions... [T]he first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing Remote Desktop Protocol servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop removal of their attack...

After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch and .thanos — and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email.

The fact the campaign is still ongoing suggests that those behind it are finding success extorting payments from victims.