Tag Archive for: Amazon

Amazon Security Engineer Arrested and Accused of Hacking Crypto Exchange

Looks like trouble is brewing for a top-notch cybersecurity whiz at Amazon. Shakeeb Ahmed, a former security engineer, finds himself in hot water as federal prosecutors allege that he skillfully used his hacking expertise for malicious purposes. The accusation? Mr. Ahmed allegedly orchestrated a scheme to pilfer a staggering $9 million in assets from a cryptocurrency exchange last summer and then tried to conceal his ill-gotten gains through a web of online trickery.

Authorities apprehended the 34-year-old tech aficionado in Manhattan on Tuesday, charging him with wire fraud and money laundering. Although officials refrained from disclosing the name of Ahmed’s former employer, they did describe him as a “former security engineer” for an undisclosed “international technology company.” According to the allegations, Ahmed exploited a vulnerability in the smart contract of an unnamed Solana-based crypto exchange, enabling him to generate a massive $9 million in fraudulent fees. These fees were meant to be rightfully disbursed to platform customers who contributed substantial liquidity. However, Ahmed supposedly manipulated the software by injecting false price data, essentially conjuring money out of thin air. Additionally, he stands accused of attempting to squeeze more funds out of the exchange using “flash loan” attacks—a type of crypto exploit.

Initially, the company where Ahmed previously worked remained shrouded in mystery, as officials declined to reveal any details. However, cybersecurity blogger Jackie Singh shed some light on the matter on Tuesday evening. Singh claimed that Ahmed had been an employee at Amazon, citing various online profiles seemingly connected to the security expert.

Curious to learn more, Gizmodo reached out to Amazon for clarification regarding Ahmed’s employment. A spokesperson confirmed that Ahmed was no longer working for the company, although they couldn’t provide further insights into his role at the tech giant.

According to a LinkedIn profile matching Ahmed’s description, he held the position of “Senior Security Engineer” at Amazon and had been with the company since November 2020. The profile…


Gigamon Announces Deep Observability Integration with Amazon Security Lake | National Business

SANTA CLARA, Calif.–(BUSINESS WIRE)–Jun 8, 2023–

Gigamon, the leading deep observability company, today announced that its Deep Observability Pipeline now efficiently delivers network-derived application metadata intelligence (AMI) into Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multicloud environments. This integration provides organizations the ability to access and analyze data-in-motion across hybrid cloud infrastructure to more efficiently and effectively secure and manage workloads, applications, and data.

The integration of network-derived intelligence with Amazon Security Lake supports important use cases for organizations seeking both completeness and efficiency across their security tools stack. With Amazon Security Lake, Gigamon can provide:

  • Security analytics based on actual data communications to completely and correctly identify any usage of vulnerable protocols, deprecated ciphers, and expired certificates
  • Forensics that compare what applications actually did with what logs report
  • A richer and deeper data set on which to base new AI-driven security analytics via tools like NDR or XDR

Gigamon uniquely leverages deep packet inspection (DPI) to extract more than 7,500 application-related metadata attributes derived from network packets. With Amazon Security Lake integration, users can centralize and gain deep observability into security data across their entire organization. The new integration helps organizations to:

  • Efficiently deliver AWS traffic to multiple security tools without installing individual agents for each tool
  • Contain excessive tool and transit costs by filtering unnecessary traffic and deduplicating redundant traffic
  • Generate NetFlow for SIEMs and raw packets for NPMs and packet sniffer tools

Gigamon is also a launch…


Android TV Boxes Sold on Amazon Come Pre-Loaded with Malware

Certain Android TV Box models from manufacturers AllWinner and RockChip, available for purchase on Amazon, come pre-loaded with malware from the BianLian family, a variant of which we investigated last year. The malware, discovered by security researcher Daniel Milisic, adds your smart set-top box to a botnet for initiating coordinated attacks. Affected models include the AllWinner T95, AllWinner T95Max, RockChip X12-Plus, and RockChip X88-Pro-10.

By looking at the traffic being sent by these devices, the researcher was surprised to find a number of DNS requests being sent for domains publically known to be botnet Command and Control (C&C) servers. The researcher also extracted a Stage-1 payload for the malware and contacted Linode, who had been hosting some of the C&C servers, getting them to shut them down. Having reached out to AllWinner, the researcher received a response denying the presence of malware and attributing the malicious traffic observed to the presence of Logcat on the system—a fact which is wholly unrelated. EFF was able to independently confirm the researcher’s findings.

What’s more, the T95 smart set-top box came out-of-the-box with the Android Debugger (adb) wide open and available over WiFi. The Android Debugger gives access to control a device, including issuing commands and installing apps. The device firmware was signed with a testing key, and no clean or production-ready firmware was made available to consumers. Without access to a clean version of the system firmware, consumers are left without a clear way to clean their system of the malware.

The widespread availability of these low-end devices present a danger to consumers, their networks, and the security and stability of the internet at large. Though it would be impractical to conduct a thorough security audit for all merchandise sold on Amazon, a more thorough vetting process could be introduced before selling consumer-grade IoT devices. For instance, a basic network analysis would have found these devices communicating with C&C servers and having wide-open adb ports.

The sale of these devices reveals some glaring holes in public cybersecurity infrastructure. The devices, manufactured by…


Amazon’s flying indoor security camera (first look)