Tag Archive for: york

New York prosecutor charges hacker over $9M exploit of Solana-based exchange

/in


A former security engineer for an international technology firm has been arrested and charged for allegedly using a smart contract bug to steal $9 million in cryptocurrency from a Solana-based decentralized crypto exchange.

On June 11, the United States Attorney for the Southern District of New York Damian Williams announced the “first-ever criminal case” involving an attack on a smart contract operated by a decentralized exchange (DEX).

In a statement, Williams claims the accused — Shakeeb Ahmed — “used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.”

Williams said the attack was carried out in July 2022 and was aimed at a Solana-based DEX.

The attack involved exploiting a vulnerability in the exchange’s smart contracts to generate inflated fees with flash loans.

These were then withdrawn and laundered through a “series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.”

While Williams did not disclose the DEX that was exploited in July, previous reporting from Cointelegraph reveals an unknown hacker exploited Solana-based liquidity protocol Crema Finance on July 2, 2022, stealing $9.6 million in cryptocurrency.

The exploiter later returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.

Similarly, William’s statement also noted that Ahmed decided to return all of the stolen funds except for $1.5 million on condition the crypto exchange did not refer the attack to law enforcement.

“None of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money,” he said.

Ahmed was arrested in New York and has been indicted on charges of wire fraud and money laundering related to the attack of the Solana-based DEX in July 2022.

Cointelegraph…

Source…

Madison teen, accused in Memorial bomb threats, now charged in New York with hacking a sports betting website

/in


A Madison teen who still faces felony charges over bomb threats made at Memorial High School last year was arrested Thursday and charged by federal authorities in New York City with hacking an online sports betting website, which had user accounts that were then plundered.

The charges filed on Monday against Joseph H. Garrison, 18, in U.S. District Court for the Southern District of New York allege that in November — about three months after Garrison was charged and released for the Memorial threats — he launched what authorities called a “credential stuffing attack” to find username and password combinations, gleaned from sources on the “dark web,” that would work on other websites where users used the same username-password combinations.

People are also reading…

That included the fantasy sports and sports betting website, which was not identified by name in the complaint.

He then sold the working combinations to buyers on the internet, according to a criminal complaint, and provided detailed instructions on how to use them on the betting site. The buyers used them to steal about $600,000 from the site’s user accounts, the complaint states.

In todays world, its high tech versus high crime. Police work like dusting for prints is now supplemented with point and click. 


A credential stuffing attack uses a computer program to rapidly attempt to log into financial accounts using a list of known username-password combinations to search for working logins. 

Buyers took money from about 1,600 of the site’s 60,000 accounts that were accessed using the stolen credentials, the complaint states.

Intruders were able to clear out an individual user account by setting up a new payment method and depositing $5 into the account to verify it, then withdrawing the account’s balance through that new payment method, the complaint states.

Investigators identified Garrison as the person who carried out…

Source…

Ransomware attack at New York county tied to major cyber gaps

/in



Officials at Suffolk County, New York, have disclosed that significant cybersecurity lapses have brought upon the major ransomware attack last September, which compromised nearly 500,000 residents’ …

Source…

Cyber Attack Hits NJ Police Department – NBC New York

/in


The Camden County Police Department experienced a ransomware attack that has been locking many criminal investigative files and day-to-day internal administration abilities, several law enforcement officials said. 

Investigators said the attack started in the middle of March and technicians continue working to try to get all systems back up and running.

A police spokesman confirmed the cyber intrusion but stressed the ransomware attack did not impact 911 call systems or other public safety responses.

CCPD spokesman Dan Keashen said the malware first hit the department about three weeks ago. 

“The agency is operational and did not experience any disruption or outages in its public safety response services to the Camden City Community,” Keashen said.

The FBI, NJ State Homeland Security’s office and the New Jersey attorney general’s office were all notified of the incident and are assisting in the investigation, several officials said.

Sources familiar with the matter said the hackers were demanding hundreds of thousands of dollars to unlock the files as a result of the malware. Keashen declined to comment on what group might be behind the incident or how much money was being demanded.

Sources briefed on the matter said electronic police files were among those locked and inaccessible — delaying some investigations. One official said about 80-85 percent of the files have now been reopened. Keashen said the department “is working with information technology and law enforcement professionals to ensure there is no remaining threat in our network.”

An epidemic of ransomware attacks has prompted Biden administration officials to deem them a national security threat. But what exactly is “ransomware” and how do these cyberattacks work?

One law enforcement source said investigators were looking into whether the incident began after a police department employee opened a personal email that was malware on a police department device.

Two sources said the Camden County Prosecutor’s office has also been hit by a hacking incident impacting some files. It is unclear how significant of a cyberattack the office suffered in the last couple of…

Source…