Tag Archive for: Hands

Thief hands back at least a third of $600m in crypto-coins stolen from Poly Network • The Register

/in


Whoever drained roughly $600m in cryptocurrencies from Poly Network is said to have returned at least $260m so far.

The cyber super-heist, revealed yesterday, was described by Poly Network as the largest of its kind in decentralized finance history. The Chinese biz, which handles the exchange of cryptocurencies and other tokens between various blockchains, today said more than a third of the money pilfered from its systems has been returned.

Here’s what Poly Network had to say earlier:

Poly Network said the crook was able to interfere with the execution of smart contracts – typically, small programs that automatically run to fulfill agreements between parties – that are used by the platform to exchange people’s tokens and coins. Thus, funds were siphoned off in transit as opposed to being extracted directly from digital wallets.

You can find more technical detail here by security analysts Slowmist, and here by blockchain watchers Chainalysis.

“The hacker exploited a vulnerability, which is the _executeCrossChainTx function between contract calls,” a spokesperson for Poly Network told El Reg. “Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract. It is not the case that this event occurred due to the leakage of the keeper’s private key.”

The team at Chainalysis put it more bluntly: “The attacker pulled off the heist by taking advantage of an exploit in the smart contracts Poly Network uses to carry out cross-chain transactions.”

Earlier, Poly Network publicly pleaded for the thief to return all of the stolen assets, and urged crypto-exchanges and others to refuse to handle transactions from specific wallet…

Source…

Botnet Detection Market 2020 Explosive Growth | Reblaze, Infisecure, Unbotify, Digital Hands, Integral AD Science, Shape Security, Unfraud, Pixalate – KSU

/in


Botnet Detection Market accounted for USD 165.0 billion and is projected to grow at a CAGR of 43.6% the forecast period.

Botnet Detection Market Research Report’ the report is complete with an elaborate research undertaken by prominent analysts and a detailed analysis of the global industry place. Botnet Detection market report is a clear-cut study of the ICT industry which explains what the market definition, classifications, applications, engagements, and global industry trends are. The report braes down the important product developments and tracks recent acquisitions, mergers and research in the ICT industry by the key players. The market drivers and restraints have been explained with the help of SWOT analysis.

Botnet Detection Market 2027 Top Players (Market Analysis, Opportunities, Demand, Forecasting)

  • White OPS.
  • Shieldsquare,
  • Kasada,
  • Reblaze,
  • Infisecure,
  • Unbotify,
  • Digital Hands,
  • Integral AD Science,

You can Sample request an in-depth analysis detailing the impact of COVID-19 on the Botnet Detection  Market: https://www.databridgemarketresearch.com/toc/?dbmr=global-botnet-detection-market

The titled segments and sub-section of the market are illuminated below:

By Services (Professional, Managed),

By Application Area (Website Security, Mobile Application Security, API Security),

By Deployment Type (Cloud, On Premises),

By Organization Size (Small and Medium-sized Enterprises (SMEs), Large Enterprises),

By Vertical (Healthcare, Manufacturing, Education, Others),

Geographical Insights:

  • North America: United States, Canada, and Mexico.
  • South & Central America: Argentina, Chile, and Brazil.
  • Middle East & Africa: Saudi Arabia, UAE, Turkey, Egypt and South Africa.
  • Europe: UK, France, Italy, Germany, Spain, and Russia.
  • Asia-Pacific: India, China, Japan, South Korea, Indonesia, Singapore, and Australia.

What the Report has in Store for you?

– Industry Size & Forecast: The industry analysts have offered historical, current, and expected projections of the industry size from the cost and volume point of view

– Future Opportunities: In this segment of the report, Botnet Detection competitors are offered with the data on the future aspects that the Botnet…

Source…

Not so IDLE hands: FBI program offers companies data protection via deception

/in
The FBI's IDLE program uses "obfuscated" data to hide real data from hackers and insider threats, making data theft harder and giving security teams a tool to spot illicit access.

Enlarge / The FBI’s IDLE program uses “obfuscated” data to hide real data from hackers and insider threats, making data theft harder and giving security teams a tool to spot illicit access. (credit: Getty Images)

The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some companies to help prevent the loss of critical data.

Sometimes, that involves field agents proactively contacting companies when they have information of a threat—as two FBI agents did when they caught wind of researchers trying to alert casinos of vulnerabilities they said they had found in casino kiosk systems. “We have agents in every field office spending a large amount of time going out to companies in their area of responsibility establishing relationships,” Long T. Chu, acting assistant section chief for the FBI’s Cyber Engagement and Intelligence Section, told Ars. “And this is really key right now—before there’s a problem, providing information to help these companies prepare their defenses. And we try to provide as specific information as we can.”

But the FBI is not stopping its consultative role at simply alerting companies to threats. An FBI flyer shown to Ars by a source broadly outlined a new program aimed at helping companies fight data theft “caused by an insider with illicit access (or systems administrator), or by a remote cyber actor.” The program, called IDLE (Illicit Data Loss Exploitation), does this by creating “decoy data that is used to confuse illicit… collection and end use of stolen data.” It’s a form of defensive deception—or as officials would prefer to refer to it, obfuscation—that the FBI hopes will derail all types of attackers, particularly advanced threats from outside and inside the network.

Read 22 remaining paragraphs | Comments

Biz & IT – Ars Technica

Government Generously Hands Back Two-Thirds Of The $626,000 It Stole From Two Men Driving Through Missouri

/in

A case out of Missouri is highlighting yet again the stupidity and vindictiveness that defines civil asset forfeiture. In January 2017, law enforcement seized $ 626,000 from two men as they passed through the state on their way to California. According to the state highway patrol, the men presented contradictory stories about their origin, destination, and the plans for the money found during the traffic stop.

The complaint filed against the money made a lot of claims about the government’s suspicions this was money destined for drug purchases. Supposedly evidence was recovered from seized phones suggested the two men were involved in drug trafficking, utilizing a third person’s money. Despite all of this evidence, prosecutors never went after the men. They only went after the money.

Records searches of both state and federal courts did not identify any criminal charges against Li, Peng or Huang.

Even the speeding that predicated the stop (in which a drug dog “alerted” on the rental vehicle that contained no drugs) went unprosecuted.

This is where the stupid begins: alleged drug dealers allowed to continue their drug dealing by state and federal agencies more interested in the men’s cash.

But it gets stupider. This was offered up in the complaint against the seized money as evidence of the men’s criminal activities.

Authorities noted in the complaint he lived “9 houses” away from the site of a residence where drug transactions were occurring and a contact in his phone was recently the subject of a civil forfeiture action.

That’s some mighty fine evidence. If you happen to live in the same neighborhood as a known criminal, I guess you’re a criminal, too. That’s just how society works, ladies and gentlemen. Move to a better neighborhood if you don’t want to be lumped in with your worst neighbors.

The other part is stupid, too. According to this line of thought, if law enforcement has stolen cash and property from someone in your Contacts list, you must be a criminal. Only criminals would associate with people whose stuff has been taken by the government but have never been convicted of criminal activity.

Also apparently suspicious: traveling and not attempting to avoid mandated IRS reporting.

Peng had a number of bank transactions the complaint states were “highly unusual” including multiple deposits and wire transactions for about $ 100,000 each. Financial records also showed three trips between Chicago and California and one from Chicago to New York in a three-month period between November 2016 and January 2017.

You just can’t win. Keep deposits too low (under $ 10,000) and the federal government thinks you’re engaged in structuring. Keep them well above the mandatory reporting mark and you’re probably a drug dealer.

It appears the agencies involved in this seizure didn’t think they had enough real evidence to follow through on this forfeiture. More than two years after the $ 626,000 was seized, the government is returning it to its rightful owners. That’s where the vindictiveness comes in. The government hasn’t won a criminal or civil case against any of the people involved, but it’s still going to keep a third of the cash just because.

U.S. District Attorney for Western Missouri Tim Garrison, in a settlement agreement dated April 25, wrote the government will return almost $ 418,000 to claimant Lu Li, of Chicago, and will keep almost $ 209,000.

Even when the government loses, it still wins. One-third of $ 626,000 remains in the hands of a government that couldn’t prove anything it alleged, even in a civil case where the standard of proof is considerably lower.

In the end, we have three people short $ 200,000 and a government that can’t competently prosecute people or their money, even when the latter can’t defend itself in civil forfeiture litigation. [waves American flag with one blue stripe frantically while humming ‘The Ballad of the Green Berets” for some reason]

Permalink | Comments | Email This Story

Techdirt.