Category Archives: bitcoin

Trade Recommendation: Salt

Salt (SALT/BTC) printed a fresh yearly low of 0.000051 on November 26, 2018. At that price, the market was down by more than 95% from the 2018 peak of 0.001244. If you’re a bottom picker, finding assets that have been brutally battered should excite you. However, not all altcoins that have lost over 90% of […]

The post Trade Recommendation: Salt appeared first on Hacked: Hacking Finance.

Bitcoin Price Jumps 5% on One-Year Anniversary of $20,000 Bull Run

The value of bitcoin rebounded sharply on Monday, shaking off a volatile weekend that dragged prices to new yearly lows. The broader cryptocurrency market quickly followed suit, as altcoins and tokens generated sizable gains over the last 24 hours. BTC/USD Update The bitcoin price reached a high of $3,600 on Bitfinex, where it traded at […]

The post Bitcoin Price Jumps 5% on One-Year Anniversary of $20,000 Bull Run appeared first on Hacked: Hacking Finance.

Trade Recommendation: Republic Protocol

We’ve been keeping a close eye on Republic Protocol (REN/BTC) since the second week of December when it showed bullish potential. It came off lows of 0.00000551 on December 7, 2018 and climbed as high as 0.00000838 on December 9. That’s an increase of over 52% in two days. Quick rises like this usually have […]

The post Trade Recommendation: Republic Protocol appeared first on Hacked: Hacking Finance.

Minor Bounce Lifts Bitcoin Price Back Above $3,200; Waves Making Big Moves

Cryptocurrencies levitated off yearly lows Sunday, with Litecoin and bitcoin SV emerging the biggest winners following an early weekend retreat. Another shake-up in the top-20 suggests 2019 will be a pivotal year for altcoins and tokens, which have struggled to remain relevant in the face of increasing bitcoin dominance and declining interest among retail investors. […]

The post Minor Bounce Lifts Bitcoin Price Back Above $3,200; Waves Making Big Moves appeared first on Hacked: Hacking Finance.

Mainstream Adoption of Bitcoin Will Send Price Soaring

The pain inflicted by the crypto markets has been extreme this year.  It’s become clear that the market ran way too high, way too fast in 2017.  Many traders knew a severe correction was forthcoming, but I doubt many predicted the correction (now a full-fledged bear market) would be this extreme.  While the markets have […]

The post Mainstream Adoption of Bitcoin Will Send Price Soaring appeared first on Hacked: Hacking Finance.

Trade Recommendation: NXT

While we wait for Bitcoin (BTC/USD) to bottom out, let’s continue looking for altcoins that have established a clear short-term bottom. One that fits the category is NXT (NXT/BTC). This altcoin printed new yearly lows of 0.00000742 on December 15, 2018. At that price level, the market was down by just over 85% from this […]

The post Trade Recommendation: NXT appeared first on Hacked: Hacking Finance.

PayPal Follows Own Customers in Move to Crypto; U.S Coinbase Support Launched

Freelancers, digital nomads and internet-based workers the world over will have something to smirk about this morning, when they wake up to the news that PayPal may be starting to see the lack of wisdom in their own business model. PayPal recently initiated a cryptocurrency-based incentive system for its in-house staff, as covered earlier on […]

The post PayPal Follows Own Customers in Move to Crypto; U.S Coinbase Support Launched appeared first on Hacked: Hacking Finance.

Bitcoin Price Unable to Break Downward Spiral as Speculation Drives Market

Bitcoin’s price touched new yearly lows on Saturday, as the broader cryptocurrency market risked further capitulation in the days and weeks ahead. According to the CEO of BitPay, bitcoin’s price is driven predominantly by speculation regarding future adoption and is less concerned with current market forces. If that’s the case, there’s a reasonable case to […]

The post Bitcoin Price Unable to Break Downward Spiral as Speculation Drives Market appeared first on Hacked: Hacking Finance.

Bogus Bomb Threats Demand Bitcoin Disrupt Businesses

Bogus bomb threats created a scare across the country. A quick note here that I'll dive into more deeply next week. The big question at this time -- with MANY of the IP addresses found in email headers originating from Moscow, Russia, is this "Russian influence" designed to disrupt American commerce? or is this just a spammer looking for a new way to make money?

IF YOU HAVE SAMPLES OF THE EMAIL, PLEASE REPORT THEM

The more emails we have to analyze, the better our understanding of this threat will be.  While reporting to the FBI's IC3.gov is a great idea, and highly encouraged, that hides the details from security researchers such as myself.  One great place to report any type of fraudulent bitcoin activity is "BitCoinAbuse.com".  If you decide to report there, please extract the sending IP address and the email Subject from your spam and include them as part of the report.  We can cluster on both of those things. (Including the bitcoin address used is a given.)

Extracts taken from BitCoinAbuse.com follow below. You can read the original reports yourselves here:

(If you have a sample of one of these emails, please consider filling out a BitCoinAbuse.com/report - but please make sure to include the SENDING IP ADDRESS from the email headers!)

Email Bodies contain Spam-template randomization

Here are extracts from many of the spam messages. Note for example the [man | mercenary | recruited person] and [tronitrotoluene | Hexogen | Tetryl] substitutions. Or the [suspicious | unnatural | strange] [activity | behavior] or the [power the device | device will be blown up | power the bomb]. This is very characteristic spam behavior.

Subjects reported by the NCFTA include:

Subject: Better listen to me
Subject: Bomb is in your building
Subject: Do not panic
Subject: Do not waste your time
Subject: Dont get on my nerves
Subject: I advise you not to call the police
Subject: I've collected some very interesting content about you
Subject: keep calm
Subject: My device is inside your building
Subject: Think about how they can help you
Subject: Think twice
Subject: We can make a deal
Subject: You are my victim
Subject: You are responsible for people
Subject: Your building is under my control
Subject: Your life is in your hands
Subject: Your life can be ruined, concentrate
Subject: You're my victim

(If you have examples of other Subjects, please share them in the comments section)

Hello. There is the bomb (tronitrotoluene) in the building where your company is located. It is constructed under my direction. It has small dimensions and it is hidden very carefully, it is not able to damage the supporting building structure, but you will get many wounded people if it detonates. My recruited person is controlling the situation around the building. If he notices any strange activity or policemen the device will be blown up. I want to propose you a deal. $20'000 is the value for your safety. Pay it to me in BTC and I assure that I have to withdraw my recruited person and the bomb will not explode. But do not try to deceive me- my assurance will become actual only after 3 confirms in blockchain. It is my btc address : 15qH84uLC49CmC6jRE958Qjcf9WRZ2rMuM

Good day. My mercenary hid an explosive device (Hexogen) in the building where your business is conducted. It was assembled according to my instructions. It is compact and it is hidden very carefully, it is impossible to damage the structure of the building by this bomb, but in case of its explosion you will get many victims.My mercenary is watching the situation around the building. If he notices any suspicious behavior, panic or cops he will blow up the bomb.I want to propose you a bargain. You transfer me 20'000 usd in BTC and the bomb will not explode, but don't try to deceive me -I guarantee you that I have to withdraw my man only after 3 confirmations in blockchain network. It is my Bitcoin address : 1LrZorkdqzPsg8JaGLwjLwg35viiH1Sv9v You must send bitcoins by the end of the working day.

My mercenary has carried an explosive device (Tetryl) into the building where your company is located. It was assembled under my direction. It can be hidden anywhere because of its small size, it is impossible to destroy the building structure by this explosive device, but if it detonates there will be many victims. My recruited person is watching the situation around the building. If he sees any unusual behavior or policemen he will power the device. I would like to propose you a deal. 20.000 dollars is the cost for your life. Tansfer it to me in BTC and I ensure that I will call off my man and the bomb will not explode. But do not try to fool me- my warranty will become valid only after 3 confirms in blockchain network. Here is my BTC address - 15qH84uLC49CmC6jRE958Qjcf9WRZ2rMuM You have to pay me by the end of the working day, if you are late with the payment the device will explode.

Good day. I write you to inform you that my mercenary hid an explosive device (lead azide) in the building where your company is located. My recruited person constructed a bomb under my direction. It can be hidden anywhere because of its small size, it can not damage the supporting building structure, but you will get many victims in case of its explosion. My mercenary keeps the territory under the control. If he notices any unnatural behavior or emergency he will power the bomb. I can call off my man if you make a transfer. 20'000 usd is the price for your safety. Pay it to me in Bitcoin and I guarantee that I will call off my mercenary and the device will not detonate. But do not try to cheat- my assurance will become valid only after 3 confirmations in blockchain.

Good day. There is a bomb (tronitrotoluene) in the building where your company is conducted. My recruited person constructed the explosive device according to my instructions. It can be hidden anywhere because of its small size, it is impossible to destroy the structure of the building by my explosive device, but in case of its explosion you will get many victims. My man keeps the territory under the control. If any unnatural behavior, panic or emergency is noticed the device will be blown up. I can call off my recruited person if you make a transfer. 20'000 usd is the price for your safety. Tansfer it to me in Bitcoin and I ensure that I will withdraw my mercenary and the bomb won't explode. But do not try to deceive me- my warranty will become valid only after 3 confirms in blockchain network. My payment details (Bitcoin address): 1CDs3JXUU6wNmndAF7EFcrJ6GGSYRKXd7w

My man hid a bomb (lead azide) in the building where your business is conducted. It was constructed according to my guide. It is small and it is hidden very well, it is impossible to destroy the supporting building structure by this explosive device, but you will get many victims in the case of its detonation. My mercenary keeps the territory under the control. If any unnatural activityor emergency is noticed the bomb will be blown up. I would like to propose you a deal. You transfer me $20'000 in Bitcoin and explosive will not explode, but do not try to cheat -I warrant you that I will call off my man solely after 3 confirmations in blockchain network.

Hello. There is the bomb (lead azide) in the building where your business is conducted. My man built the explosive device according to my instructions. It is compact and it is hidden very carefully, it is impossible to damage the structure of the building by this explosive device, but if it detonates you will get many victims. I would like to propose you a bargain. 20.000 dollars is the cost for your life. Pay it to me in BTC and I guarantee that I have to call off my man and the device will not explode. But do not try to cheat- my guarantee will become valid only after 3 confirmations in blockchain network.

My man has carried the explosive device (tronitrotoluene) into the building where your business is conducted. My recruited person constructed the bomb according to my guide. It can be hidden anywhere because of its small size, it can not destroy the supporting building structure, but in the case of its detonation there will be many wounded people. My man is controlling the situation around the building. If any unnatural activity, panic or policeman is noticed the device will be blown up.
I write you to inform you that my recruited person carried the explosive device (Tetryl) into the building where your business is located. It is assembled according to my instructions. It can be hidden anywhere because of its small size, it is impossible to destroy the building structure by this bomb, but in case of its explosion there will be many victims. My man is controlling the situation around the building. If he sees any suspicious activity, panic or emergency the device will be exploded. I can withdraw my mercenary if you make a transfer. You transfer me 20.000 dollars in Bitcoin and the device will not detonate, but don't try to fool me -I ensure you that I will withdraw my recruited person only after 3 confirmations in blockchain. Here is my BTC address - 161JE4rHfvygXUVLya8N2WFptjwon2172t


These were EVERYWHERE - NOT targeted

Dozens of law enforcement agencies tweeted about these threats being received in their local area.  If you are aware of such "official" tweets, please leave a link to the Twitter Status report in the comments section below. 

Even AFTER it was well known that these were hoaxes, many law enforcement agencies continued to respond with full bomb squad roll-outs.  Given the history in Oklahoma City, this was especially understandable there, but wasted a tremendous amount of resources as they responded to AT LEAST thirteen threats just in that city!

Here are a few examples, and then a longer list in Table form:


https://twitter.com/HsvPolice/status/1073310129284661254

https://twitter.com/PelhamPoliceAL/status/1073323648436658176

https://twitter.com/TulsaPolice/status/1073309200967761923

https://twitter.com/houstonpolice/status/1073320693507506177
Each entry in the table below is an "official" Tweet indicating local law enforcement responded to a bomb threat in that area.  If your local is not listed, please search for "official" notices for your area and share them in our comments section.  Thanks!

Calgary, Alberta, CA
Calgary, Alberta, CA
Winnipeg, Manitoba, CA
London, Ontario, CA
Toronto, Ontario, CA
Anniston, Alabama
Pelham, Alabama
Anchorage, Alaska
Phoenix, Arizona
Bakerfield, California
Chico, California
Chino, California
Garden Grove, California
Los Angeles, California
San Francisco, California
San Francisco, California
Santa Rosa, California
Ottawa, Canada
Aurora, Colorado
Fort Collins, Colorado
Danbury, Connecticut
Wallingford, Connecticut
Ocala, Florida
Sanford, Florida
Tampa, Florida
Atlanta, Georgia
Dekalb County, Georgia
Valdosta, Georgia
Honolulu, Hawaii
Chicago, Illinois
Chicago, Illinois
Indianapolis, Indiana
Cedar Rapids, Iowa
Wichita, Kansas
Wichita, Kansas
Lexington, Kentucky
Portland, Maine
Frederick, Maryland
Salisbury, Maryland
Boston, Massachusetts
Salisbury, Massachusetts
Massachusetts State Police
Detroit, Michigan
Grand Blanc, Michigan
Grand Rapids, Michigan
Long Beach, Mississippi
Raleigh, NC
Lincoln, Nebraska
Lincoln, Nebraska
Omaha, Nebraska
Linden, New Jersey
Buffalo, New York
Buffalo, New York
Buffalo, New York
New York, New York
Niagara Falls, New York
Rochester, New York
Boone, North Carolina
Boone, North Carolina
UNC Raleigh, North Carolina
Cleveland, Ohio
Columbus, Ohio
Bexley, Ohio (Capital University)
Oklahoma City, Oklahoma
Oklahoma City, Oklahoma
Tulsa, Oklahoma
Erie, Pennsylvania
Lancaster, Pennsylvania
Memphis, Tennessee
Beaumont, Texas
El Paso, Texas
Fricso, Texas
Houston, Texas
Lubbock, Texas
Rosenberg, Texas
St. George, Utah
St. George, Utah
Chesterfield County, Virginia
Hampton Roads, Virginia
Bellevue, Washington
Massachusetts States Police
Michigan State Police
Michigan State Police
Notre Dame University
Washington DC

Trade Recommendation: Ambrosus

We’ve been keeping tabs on Ambrosus (AMB/BTC) since it managed to create a short-term bottom of 0.00001595 on September 12, 2018. With a bottom in place, Ambrosus had space to rally. That’s exactly what it did. Ambrosus gathered the momentum required to climb as high as 0.00003511 on October 21. Like many of the altcoins […]

The post Trade Recommendation: Ambrosus appeared first on Hacked: Hacking Finance.

Trade Recommendation: Gifto

Gifto (GTO/BTC) came off lows of 0.00000606 on December 11, 2018. At that point, the market was down by over 91% from the 2018 peak of 0.00007499. With such a huge drop, it is easy to assume that Gifto is deep in bear territory. However, a closer look at the daily chart shows that we […]

The post Trade Recommendation: Gifto appeared first on Hacked: Hacking Finance.

Bitcoin Price Scrapes the Barrel While Stellar (XLM) Losses Fall in Line

Bitcoin returned to its lowest valuation of the year on Friday, as the last week of cautious upward movement by the crypto market came to a crashing halt. Just last week BTC fell to a dollar valuation in the high $3,200 range – a fifteen-month low at the time. After seven days of false hope […]

The post Bitcoin Price Scrapes the Barrel While Stellar (XLM) Losses Fall in Line appeared first on Hacked: Hacking Finance.

Bitcoin Bomb Scare Associated with Sextortion Scammers

This blog was written by Jaeson Schultz.

Organizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities, schools and news outlets, among others. The attackers distributed malicious emails claiming to have placed some type of explosive materials in the recipient's building. The emails stated the attackers would detonate these explosives unless the victim made a Bitcoin payment of several thousand dollars.

Cisco Talos discovered that this campaign is actually an evolution of sextortion and extortion attacks that we reported on in October. The claims in the emails we've seen from this actor are completely false, yet they have caused untold amounts of damage as organizations have evacuated buildings and called upon law enforcement to investigate.


An example of the malicious, phony emails that attackers sent out to organizations across the U.S. yesterday.


What makes these particular extortion messages unique from other extortion scams we've monitored is that, previously, the attackers threatened only the individual — the attackers would threaten to expose sensitive data, or even attack the recipient physically, but there was never any threat of harm to a larger group of people, and certainly not the threat of a bomb.

Talos has discovered 17 distinct Bitcoin addresses that were used in the bomb extortion attack. Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed. However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers.

So far, all of the samples Talos has found to be associated with the bomb threat attack were sent from IP addresses belonging to the domain registrar and hosting company reg.ru, suggesting that the attackers in this case may have compromised credentials for domains that are hosted at this particular domain registrar. Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign. In those cases, the attackers sent out emails claiming to have compromising videos of the victim and will release them to the public unless the attacker receives a Bitcoin payment.

As of late yesterday, the bomb threat email attack morphed. The attackers have returned to their empty threats of harming the individual recipient. This time, they threaten to throw acid on the victim.


An example of the newer extortion emails, claiming they will dump acid on the victim unless they receive a Bitcoin payment.


So far, none of the Bitcoin addresses associated with these new emails have received any payments. The source of the sending IP addresses changed, however. This time, the attackers are making heavy use of IP addresses at the Russian hosting company TimeWeb. As with the bomb threats, these IP addresses belong to domains that the attackers likely compromised.

The criminals conducting these extortion email attacks have demonstrated that they are willing to concoct any threat and story imaginable that they believe would fool the recipient. At this point, we have seen several different variations of these emails, and we expect these sorts of attacks to continue as long as there are victims who will believe these threats to be credible, and be scared enough to send money to the attackers. Talos encourages users not to fall for these schemes and — above all — DO NOT pay extortion payments. Doing so will only confirm for the attackers that their social engineering approach is working, and victims' money goes directly toward facilitating additional attacks.

IOCs (BTC Addresses)

11B68RbmyxQys2CXXbAZxcwVXnaWCNBbw
12MET3CnEBkRc5Si5udf95fGaTZ6JwgpkK
132f8T1qF9hZj13MvPN5FbxrAhGExYZ7P3
149oyt2DL52Jgykhg5vh7Jm1QpdpfuyVqd
15F7TCqGRWE66xrBNxyt9ko1XsKaQvEh9t
15qH84uLC49CmC6jRE958Qjcf9WRZ2rMuM
1893DMwnrq9vA6JmQBdyWRKecArDAUTcGR
18UNWkvEDXgYzSAVnTmaR1X66w3T7HHsdn
1BTuxsCpAGtCzcszvFV2g4beqAZ2AUnyFh
1BfmmRBfhujpK944gai4vWvwCwGeHKbmkB
1BHasGex1jhRZeY7KyUGGKUNRtVgKedRY8
1CDs3JXUU6wNmndAF7EFcrJ6GGSYRKXd7w
1CF9VQhwjJutPxwVq5QLFA7j7baq4RDb3w
1CXrmcKL7W2o6FnrFx3ZBGn2EAsbMVZMzD
1CdD3nthrWR76RkL1WwLH7BSqCFASLjbhu
1D3ArQebDneVBVCqLort9jwvUA3AoZaNq5
1DVVQpxF4nG7rmuQFb7ZboGxu6ahKJcjf5
1Dnw2qJxGFCZdE3PzCaVioBB9zERc7SzRB
1DRXeydtqfjAmvfrLY7XiCo2A1vCq32z3a
1Ebf2rrLxVuMGKkwi2PeZtjBEEiidxrkkL
1FnTQHffH42iS15FMYNZxmNdbXtmb8WChF
1GTd6DPqcxCwX263BMsvk7FcjCQxsXhJUs
1GYAJY3GRsC5twdPgmQiEeNjdn7Kx6KSPd
1L5SWCu4ZTLiyPyTAvfSVjhKrYNSnYgBKk
1LEevM4MxKSGRrTvVrvLyjiuq3vYssdTRa
1LT4WgSuTD71Emzc7DLeHxVoZ1RjkhNcFY
1LTYBLzVSLe6GDFJ5NVVxLR2j5eQ8Wy51N
1LjxZonruwcKXEUYySrXt7gWGJLL6Pzuyx
1M9r1FpWj5QbSMECeJvXoa85TDMpoQcRaT
1MeDDtvZB5TE5tDTcwk6GiGSK3sTAP2KLA
1P3cNFy3SdfZ8PvMSdgLRcb2TtaLvxfqat
1PqX7bMnCzpJ7L1mxuGgNyaJSkJRM8SjES


Coverage


Crypto Update: Majors Testing Lows Following Broad Selloff

The major cryptocurrencies have been once again under pressure in the past 24 hours and most of the coins got very close to their recent lows, even as the losses are limited for now. While the top coins avoided a breakdown, given the overwhelmingly bearish long-term picture and the steep short-term trend, odds continue to […]

The post Crypto Update: Majors Testing Lows Following Broad Selloff appeared first on Hacked: Hacking Finance.

Bitcoin Price Hits New Yearly Low; Now is Best Time to Buy, Says Weiss Ratings

Bitcoin was back on the defensive Friday, as prices sunk to new yearly lows following a minor consolidation earlier in the week. As Hacked recently reported, the bears are making a run at the psychologically significant $3,000 support and are likely to test that level in the near future. BTC/USD Update The bitcoin price is […]

The post Bitcoin Price Hits New Yearly Low; Now is Best Time to Buy, Says Weiss Ratings appeared first on Hacked: Hacking Finance.

Trade Recommendation: SelfKey

We’ve been watching Selfkey (KEY/BTC) for some time now. It started to become interesting for us when bulls showed their hands on August 14, 2018. At that point, the market dropped to as low as 0.00000066. KEY/BTC generated a hammer candle with a long wick below the body, which indicated the rejection of lower prices. […]

The post Trade Recommendation: SelfKey appeared first on Hacked: Hacking Finance.

Bitcoin Scammers Launch International Bomb Threat Hoax across US, Canada, Australia, New Zealand

An emailed bomb threat hoax sent Thursday afternoon has terrorized businesses and organizations across the US, Canada, Australia and New Zealand.

Claiming to have planted bombs all over the building, the email demands ransom in bitcoin or the bombs will be detonated. The email extortion scam, which states “I advise you not to call the police,” appears to be getting out of hand after a number of institutions took it as credible and evacuated the area. Each email comes with a different bitcoin address, writes Brian Krebs.

Source: KrebsonSecurity.com

The scam has so far been sent to financial institutions, banks, school districts, universities, newspapers and courthouses.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency, is aware of the global campaign and advises recipients to not contact the sender, not pay the ransom and immediately inform the FBI about the bomb threat email.

Australia and New Zealand, who are also investigating bomb threat emails, are telling residents that it may only be “an opportunistic scam,” Reuters reports.

“Given the widespread nature of these malicious emails, we have reason to believe this to be a scam,” the Australian Cyber Security Centre said in an email to Reuters. “As a precaution, state policing agencies are treating these emails as a legitimate threat until confirmed otherwise.”

The Cedar Rapids Police Department appears to agree: “The Police Department has found NO CREDIBLE EVIDENCE that these emails are authentic. It appears to be a robo-email that has been sent throughout the area hoping to scam businesses out of money. We have also received information that businesses in surrounding counties may have also received this email,” writes CNN.

“As always, we encourage the public to remain vigilant and to promptly report suspicious activities which could represent a threat to public safety,” said the FBI.

Dozens of Bomb Threats Reported Across America In Apparent Bitcoin Ransom Scam

An anonymous reader quotes a report from Gizmodo: On Wednesday afternoon, a wave of bomb threats were reported at various locations across the United States. On social media, numerous law enforcement departments issued alerts notifying citizens that they're looking into bomb threats targeting businesses, schools, government offices and even private residents. It appears the threats are being sent by email. NBC News said "dozens" of threats had been reported, but the full extent of these threats is not yet clear. A number of news organizations and law enforcement agencies report remarkably similar sounding emails mentioning a bitcoin ransom of $20,000. And some Twitter users have shared emails they've received demanding the cryptocurrency and warning that an explosion would only encourage others to pay up. NBC News quoted the NYPD's Counterterrorism Bureau's brief statement on the investigation: "We are currently monitoring multiple bomb threats that have been sent electronically to various locations throughout the city. These threats are also being reported to other locations nationwide and are not considered credible at this time."

Read more of this story at Slashdot.

Crypto Update: Bear Market Lows in Jeopardy After Latest Failed Bounce

The cryptocurrency segment switched directions yet again, as, after a weak bounce on Wednesday, the major coins are headed back towards their recent bear market lows today. While the losses are not significant, for now, given the bearish long-term picture and the vicinity of the lows, another leg lower in the downtrend could soon begin, […]

The post Crypto Update: Bear Market Lows in Jeopardy After Latest Failed Bounce appeared first on Hacked: Hacking Finance.

Ranks of Crypto Users Swelled in 2018 Even as Bitcoin Tumbled

It turns out that cryptocurrency enthusiasts were committed well beyond the HODL rallying call that urged them to hold on during this year's digital-asset market collapse. From a report: The number of verified users of cryptocurrencies almost doubled in the first three quarters of the year even as the market bellwether Bitcoin tumbled almost 80 percent, according to a study from the Cambridge Centre for Alternative Finance. Users climbed from 18 million to 35 million this year. The figures may provide a silver lining. If user numbers continue to increase even in a deep market downturn, that could signal that an eventual recovery could be coming -- a crucial finding at a time when some critics predict that the value of cryptocurrencies will go down to zero.

Read more of this story at Slashdot.

Pessimism Spreads and Blocks Out Opportunities for Bitcoin, Ripple and Ethereum

BTC/USD is in a key technical scenario. The dominant pessimism is likely to turn upside down. ETH/USD rejects leadership again and the market languishes. The weekend is approaching without significant changes among the main protagonists of the Crypto board. I am reviewing the dominant emotional state in social networks and pessimism rules. The gloom sets […]

The post Pessimism Spreads and Blocks Out Opportunities for Bitcoin, Ripple and Ethereum appeared first on Hacked: Hacking Finance.

‘Blockchain Developer’ is the Fastest-Growing US Job

"Blockchain developer" is the top emerging job in the U.S. -- according to data published in LinkedIn's 2018 U.S. Emerging Jobs report. From a report: [...] Using data gleaned from the LinkedIn Economic Graph, which serves as a "digital representation of the global economy" by analyzing the skills and job openings from across 590 million members and 30 million companies, LinkedIn found that "blockchain developers" has grown 33-fold in the past four years. In this case, "emerging jobs" refers to the growth of specific job titles on LinkedIn profiles in the period between 2014 and 2018. It's worth noting here that "blockchain" didn't appear anywhere in the top 20 emerging jobs in 2017, while "machine learning engineer" topped the list last year -- it's in second place this year.

Read more of this story at Slashdot.

Bitcoin Price Holds Head Above Water as Bearish Pressure Subsides

Bitcoin has declined slightly in the last 24 hours, but price action suggests that a deeper fall can be avoided for the time being as the market resumes its rangebound consolidation. Although the outlook remains firmly tilted to the downside, stable price action for the rest of the week could generate added support for the […]

The post Bitcoin Price Holds Head Above Water as Bearish Pressure Subsides appeared first on Hacked: Hacking Finance.

‘Cryptocurrencies Are Like Lottery Tickets That Might Pay Off in Future’

With the price of bitcoin down 80% from its peak a year ago, and the larger cryptocurrency market in systemic collapse, has "peak crypto" come and gone? From a column: Perhaps, but don't expect to see true believers lining up to have their cryptocurrency tattoos removed just yet. At a recent conference I attended, the overwhelming sentiment was that market capitalisation of cryptocurrencies could explode over the next five years, rising to $5-10tn. For those who watched the price of bitcoin go from $13 in December 2012 to roughly $4,000 today, this year's drop from $20,000 was no reason to panic. It is tempting to say, "Of course the price is collapsing." Regulators are gradually waking up to the fact that they cannot countenance large expensive-to-trace transaction technologies that facilitate tax evasion and criminal activity. At the same time, central banks from Sweden to China are realising that they, too, can issue digital currencies. As I emphasised in my 2016 book on the past, present, and future of currency, when it comes to new forms of money, the private sector may innovate, but in due time the government regulates and appropriates. But as I also pointed out back then, just because the long-term value of bitcoin is more likely to be $100 than $100,000 does not necessarily mean that it definitely should be worth zero. The right way to think about cryptocurrency coins is as lottery tickets that pay off in a dystopian future where they are used in rogue and failed states, or perhaps in countries where citizens have already lost all semblance of privacy. It is no coincidence that dysfunctional Venezuela is the first issuer of a state-backed cryptocurrency (the "petro").

Read more of this story at Slashdot.

Crypto Update: Another Rally Attempt in Crypto-Land

The major cryptocurrencies are all trading slightly higher today, following two bearish days that brought them back to last week lows, and for now, another breakdown has been avoided, despite the overwhelmingly bearish broader picture. The modest bounce left our trend model on sell signals across the board, and odds continue to favor new lows […]

The post Crypto Update: Another Rally Attempt in Crypto-Land appeared first on Hacked: Hacking Finance.

NEM Update: Good Time to Buy the Dip

What would you think if we told you that NEM (XEM/BTC) is a crypto leader in terms of chart analysis? Many would think that this statement is preposterous. After all, the market is still down by 85% from the 2018 peak of 0.000137. In September, it was even down further by over 90% when it […]

The post NEM Update: Good Time to Buy the Dip appeared first on Hacked: Hacking Finance.

Bitcoin Price Avoids Bigger Fall amid Market-Wide Consolidation

Bitcoin traded to the upside on Wednesday, snapping a multi-session losing streak that dragged prices toward new lows for the year. The outlook on BTC and other cryptocurrencies remains overwhelmingly bearish, which means investors can expect a re-test of last week’s lows relatively soon. BTC/USD Update The bitcoin price reached a high of $3,570.00 on […]

The post Bitcoin Price Avoids Bigger Fall amid Market-Wide Consolidation appeared first on Hacked: Hacking Finance.

Cost Management in the Crypto World

A common trope in the “get rich” world is that it is about how much you earn, not how much you save. To rephrase that, it is far more important to increase your earnings than it is to penny pinch on a few minor line items. Applying this to cryptocurrency investing, that would mean the […]

The post Cost Management in the Crypto World appeared first on Hacked: Hacking Finance.

Trade Recommendation: Golem

Golem (GNT/BTC) came off lows of 0.00001803 on November 20, 2018. At that price, the market was down by over 80% from the 2018 high of 0.0000909. This is an immense drop. An in-depth look, however, shows that the fresh yearly low was the result of a shakeout. At the end of November 20, the […]

The post Trade Recommendation: Golem appeared first on Hacked: Hacking Finance.

What Investors Should Know About Gulden

Despite Bitcoin’s widespread reputation, it isn’t used by the common man. Many cryptocurrencies have popped up that aim to address this, but Gulden does this in a unique way. Rather than being purely “technological” in their innovations, they are target Holland and doing their best to remain Dutch-centric. Introducing Gulden Gulden (NLG) is the name […]

The post What Investors Should Know About Gulden appeared first on Hacked: Hacking Finance.

If Bitcoin ETF Doesn’t Happen by February, How Will it Affect the Market?

The Bitcoin exchange-traded fund (ETF) has already become the catalyst of the next big rally of the cryptocurrency to the minds of many investors. Realistically, however, the U.S. Securities and Exchange Commission (SEC) could easily deem the cryptocurrency market unready of handling a large-scale investment vehicle like an ETF based on the wild volatility in […]

The post If Bitcoin ETF Doesn’t Happen by February, How Will it Affect the Market? appeared first on Hacked: Hacking Finance.

Bitcoin Life Expectancy: Lindy Effect Suggests BTC Is More Difficult to Kill Than Ever Before

The crypto bear market is showing little signs of letting up. On Tuesday, a fresh wave of selling engulfed bitcoin and altcoins, dragging the market toward fresh yearly lows and thrusting Tether (USDT) in to the top-five by market cap. Against this backdrop, it’s easy to forget that cryptocurrencies like bitcoin have become so resilient […]

The post Bitcoin Life Expectancy: Lindy Effect Suggests BTC Is More Difficult to Kill Than Ever Before appeared first on Hacked: Hacking Finance.

Popular JavaScript Library for Node.JS Infected With Malware to Empty Bitcoin Wallets

A version of a popular JavaScript library for Node.js contained malicious code for several months that enabled digital attackers to access users’ bitcoin wallets.

At the end of November, GitHub user Ayrton Sparling (aka FallingSnow) reported that someone had added malicious code to EventStream, a toolkit for Node.js that makes it easier for developers to create and work with data streams. The code became active in September when right9ctrl, the new owner of the library, published version 3.3.6 of EventStream. This version came with a dependency called flatmap-stream, which contained the malware.

The creator of flatmap-stream designed the module to steal bitcoin from Copay wallets, a wallet app designed by BitPay. The module then used Node Package Manager (NPM) to transfer the stolen bitcoins to a server located in Kuala Lumpur, Malaysia. NPM has since removed the backdoor.

According to Trend Micro, millions of developers downloaded the malicious code, since the module’s use of encryption enabled flatmap-stream to go undetected for more than two months.

Attacks Against Bitcoin Wallets on the Rise

Digital attackers aren’t new to the idea of stealing bitcoins out of users’ wallets. As reported by Carbon Black, these heists contributed to the loss of $1.1 billion in bitcoin during the first five months of 2018.

Some bad actors have also made a lot of money emptying cryptocurrency wallets. For instance, CoinDesk reported an attack that stole $78 million worth of bitcoin from the wallets of NiceHash, a cryptocurrency mining marketplace. News of this attack came less than a year after Cisco Talos uncovered CoinHoarder, a threat group that netted $50 million in three years by phishing blockchain.info users for access to their wallets.

How to Protect Against Cryptocurrency-Related Threats

Security professionals can help protect against bitcoin-related threats by training employees not to open suspicious emails designed to steal their credentials for cryptocurrency wallets and other accounts. They should also develop an endpoint security strategy built around artificial intelligence (AI) and machine learning to help defend against threats like crypto-mining malware.

Sources: Trend Micro, Carbon Black, CoinDesk, Cisco Talos

The post Popular JavaScript Library for Node.JS Infected With Malware to Empty Bitcoin Wallets appeared first on Security Intelligence.

Crypto Update: New Lows in Sight Again as Slide Continues

The cryptocurrency segment continues to be under heavy selling pressure following the weekend rally attempt, and although all of the majors are still above last week’s lows, the strong short-term downtrend remains dominant. The long-term picture is overwhelmingly bearish as well, and there are coins showing meaningful relative strength, so sellers are clearly still clearly […]

The post Crypto Update: New Lows in Sight Again as Slide Continues appeared first on Hacked: Hacking Finance.

Crypto Update: Weekend Bounce Fails to Turn Bearish Tide

The major cryptocurrencies continue to be stuck in declining trends, despite the bounce that followed the latest technical breakdown in the segment. The top coins failed to recover above the prior bear market lows sustainably, and today, the market turned lower again, with the weakest currencies already threatening with new lows. The long-term picture remains […]

The post Crypto Update: Weekend Bounce Fails to Turn Bearish Tide appeared first on Hacked: Hacking Finance.

Bitcoin Price Volatility Returns to Q1 Heights; Downturn Sends Traders to TA?

The price volatility of Bitcoin (BTC) hit a new nine-month high on Sunday, returning to the kind of flux not seen since early March of 2018. This comes barely a month after Bitcoin volatility struck a two-year low on November 11th, when the level of flux in BTC’s market value fell as low as the […]

The post Bitcoin Price Volatility Returns to Q1 Heights; Downturn Sends Traders to TA? appeared first on Hacked: Hacking Finance.

Bitcoin Leads Crypto Market Off Yearly Lows; Metcalfe’s Law Points to Six-Month Price Target of $10,000

The price of bitcoin rebounded on Sunday, helping to engineer a broader recovery in the cryptocurrency market following the latest bearish onslaught that drove values to 15-month lows. In all likelihood, the latest move higher is nothing more than a dead cat bounce as short-sellers appear keen on testing new lows in the near future. Long-term, however, […]

The post Bitcoin Leads Crypto Market Off Yearly Lows; Metcalfe’s Law Points to Six-Month Price Target of $10,000 appeared first on Hacked: Hacking Finance.

Trade Recommendation: TRON

TRON (TRX/BTC) is one of the few coins that have remained stable in spite of the massive November selloff. While bears worked hard to push the market below the yearly low of 0.00000259, bulls fought back and managed to lift the market above 0.000003. This happened twice: when the market dropped to 0.00000273 on September […]

The post Trade Recommendation: TRON appeared first on Hacked: Hacking Finance.

Bitcoin Options Purchased for $1 Million Will Soon Be Worthless

"The biggest-ever bet on Bitcoin options is about to expire worthless," reports Bloomberg: Purchased for almost $1 million on LedgerX's trading platform just days after Bitcoin peaked a year ago, the call options have a strike price of $50,000 and an expiry date of Dec. 28, 2018. For the contracts to retain any value at expiry, Bitcoin would need to rally more than 1,400 percent. The options' almost certain wipeout is a less-than-ideal outcome for the buyer, but it may not be quite as bad as it seems. Ari Paul, a cryptocurrency fund manager at BlockTower Capital, has indicated that he bought the options while simultaneously selling some of his fund's Bitcoin holdings... He later tweeted that the trade -- selling some of his Bitcoin holdings while buying the call options -- was profitable.

Read more of this story at Slashdot.

Cryptocurrencies Tumble Even More, While One Asset Manager Proclaims ‘Bitcoin is Dead’

Cryptocurrency prices "fell sharply on Friday, as another bout of selling took digital currencies to fresh lows," reports MarketWatch, adding that Friday the price of Bitcoin "crashed through support at $3,500, falling more than 10% to a 15-month low at $3,230 on the Kraken exchange." "What a difference a year makes," CNN Business quipped Friday, in an article headlined "Bitcoin's Epic Plunge Continues": In December 2017, bitcoin prices hit a record high of just under $20,000... Bitcoin is at a 15-month low. But prices have really gotten whacked this week, falling nearly 20% in just the past five days alone. Bitcoin isn't the only cryptocurrency getting hit either. Ripple/XRP, ethereum, stellar, litecoin and numerous other cryptocurrencies have plunged in the past week. Little tangible news can explain or justify the current crypto carnage. One possible reason is that a pro-crypto member of the Securities and Exchange Commission warned at a conference this week that she's fighting an uphill battle trying to convince the rest of the SEC to approve more bitcoin exchange traded funds.... Nearly two-thirds of money managers surveyed by asset management firm Natixis still thought that cryptocurrencies were a bubble, the firm reported this week. "In my opinion, bitcoin is dead," wrote the CEO of one wealth management firm with more than $32 billion in assets. It won't go quietly, but the recent precipitous drop may be the beginning of its inevitable and inexorable death spiral. Or there could be a dead cat bounce. Either way, I see bitcoin as a dead man walking. Future generations may read about bitcoin in a finance textbook as a curiosity and wonder what all the fuss was about. There are still some die-hard adherents espousing the virtues of bitcoin, desperate to make a silk purse out of a sow's ear. Unfortunately for them, the end may not be pretty when it comes. Proponents of bitcoin tend to focus on the impact of the blockchain technology that drives it, and make no mistake, blockchain is the real deal. Blockchain is fundamentally changing the way industries do business, from traditional banking to supply chain management. But just because blockchain technology is creating a new paradigm doesn't mean that bitcoin shares that same distinction.... Most cryptocurrency transactions are purely speculative. There are no real fundamentals to evaluate; bitcoin doesn't produce any products or services, hire any employees or pay any dividends. The only way profits are generated is when the owner is lucky enough to find someone else who will pay more for the thing... The minute bitcoin or any other cryptocurrency appears to have even the slightest chance of disrupting national monetary supply, I expect regulation to be swift and decisive. The SEC has already issued guidance around cryptocurrencies that has created roadblocks to gaining the same legitimacy as traditional marketable securities... If you enjoy the thrill of making bets, I suggest you visit your favorite sports book or table game in Vegas where your odds of success are much higher.

Read more of this story at Slashdot.

Trade Recommendation: Ripple

Ripple (XRP/BTC) is one of the few altcoins that have stood strong in the height of the bear market. It climbed as high as 0.00010523 on November 20, 2018, after dropping to as low as 0.00006077 on October 12, 2018. While almost every crypto was plummeting, XRP grew by over 73% in a little over […]

The post Trade Recommendation: Ripple appeared first on Hacked: Hacking Finance.

Bitcoin’s Dead Cat Bounce Proves Limited as Price Struggles to Hold $3,400

Bitcoin’s overnight recovery proved limited on Saturday, as the leading digital currency struggled to maintain $3,400 in the wake of yet another 15-month low. BTC/USD Update At the time of writing, the major exchanges were quoting bitcoin’s price between $3,365-$3,385. The cryptocurrency fell within that range on Coinbase, Bitstamp, Bitrex and Gemini, among others. However, […]

The post Bitcoin’s Dead Cat Bounce Proves Limited as Price Struggles to Hold $3,400 appeared first on Hacked: Hacking Finance.

Trade Recommendation: NEM

NEM (XEM/BTC) has been flying under the radar since it generated a yearly low of 0.00001254 on September 12, 2018. From that point, it range-traded between 0.00001325 and 0.00001760 until November 21. On that day, the market quietly broke out of the range high. However, the break out was not pushed by heavy volume. As […]

The post Trade Recommendation: NEM appeared first on Hacked: Hacking Finance.

Crypto Update: Sell-Off Deepens as Majors Break Key Levels

The past 24 hours saw another crucial bearish move in the cryptocurrency segment, with the majority of the top coins violating their prior bear market lows and starting another leg lower in the damaging downtrend. Even the relatively stronger coins turned bearish in our trend model with regards to the short-term time-frame while staying bearish […]

The post Crypto Update: Sell-Off Deepens as Majors Break Key Levels appeared first on Hacked: Hacking Finance.

Bitcoin Update: Bear Market Bottom Ahead

Bitcoin (BTC/USD), as well as most cryptos, are getting wrecked as we speak. Many are panic selling as the market is down by close to 50% in less than a month. On top of that, it seems that a fresh yearly low is printed with every passing minute. Bears look unstoppable as calls for Bitcoin’s […]

The post Bitcoin Update: Bear Market Bottom Ahead appeared first on Hacked: Hacking Finance.

Trade Recommendation: Litecoin

Litecoin (LTC/BTC) printed a fresh 2018 low of 0.007055 on November 19, 2018. At that price level, the market was down by more than 71% from the 2018 peak of 0.025. Nevertheless, participants rejected lower prices and brought the November 19 daily close up to 0.007412. This price action was bullish. It showed that buyers […]

The post Trade Recommendation: Litecoin appeared first on Hacked: Hacking Finance.

Crypto Update: Altcoins Remain Under Pressure as Bitcoin Holds Support

The cryptocurrency segment continues to trade with a bearish bias, with almost all majors challenging their bear market lows in the past 24 hours. While a broad breakdown has been avoided so far, in the case of the top coins, there is still no sign of meaningful bullish momentum or a developing leadership, so odds […]

The post Crypto Update: Altcoins Remain Under Pressure as Bitcoin Holds Support appeared first on Hacked: Hacking Finance.

Trade Recommendation: Loom Network

On October 12, 2018, Loom Network (LOOM/BTC) appeared ready to breach resistance of 0.00001964. It climbed as high as 0.00002421 and generated volume that’s over 400% of the market’s daily average. Unfortunately for breakout traders, Loom Network failed to sustain its bullish momentum. The market went below 0.00001964 on October 15 and retested it as […]

The post Trade Recommendation: Loom Network appeared first on Hacked: Hacking Finance.

Bitcoin Price Remains Under Pressure Following Midweek Rollover; Dump and Consolidation Continues

The price of bitcoin saw little upside on Thursday, as the leading digital currency remained in limbo following a sharp drop during the previous session. High trading volumes suggest BTC is subject to another large move before the week is over. BTC/USD Update The bitcoin price breached the $3,700 floor on Thursday for the second […]

The post Bitcoin Price Remains Under Pressure Following Midweek Rollover; Dump and Consolidation Continues appeared first on Hacked: Hacking Finance.

Ethereum Update: Santa Rally Possibly in the Works

Ethereum (ETH/BTC) is down by over 77% from the 2018 high of 0.12282435 in February 2018. At that point, the market has plummeted so deeply that we’ve reached whale territory. Ethereum is trading at price levels where high roller wallets are on the move. On November 30 alone, more than half a billion dollars worth […]

The post Ethereum Update: Santa Rally Possibly in the Works appeared first on Hacked: Hacking Finance.

Bitcoin’s Recovery Lacks Momentum as Price Returns Below $4,000; New Trading Range Established

The price of bitcoin traded lower on Wednesday, putting an abrupt end to yesterday’s rally attempt and signaling continued pressure on the cryptocurrency market as a whole. At the time of writing, BTC/USD was back trading below the psychologically significant $4,000 level as the pump-and-consolidation cycled continued. BTC/USD Update Bitcoin reached a session low of […]

The post Bitcoin’s Recovery Lacks Momentum as Price Returns Below $4,000; New Trading Range Established appeared first on Hacked: Hacking Finance.

Crypto Update: Bitcoin Eyes $4000 as Consolidation Continues

The crypto-segment is having a positive day so far today, with the top coins all being higher, recovering a large part of yesterday’ s losses. While the major cryptocurrencies still don’t show signs of strong bullish momentum, and the market is clearly controlled by sellers, the declining volatility of the recent period is an encouraging […]

The post Crypto Update: Bitcoin Eyes $4000 as Consolidation Continues appeared first on Hacked: Hacking Finance.

Bitcoin Price Breaks Two-Day Slide; Mining Difficulty Plummets

Bitcoin’s price bounced back on Tuesday, regaining a crucial support level following a two-day slide that was driven by technical repositioning. The leading digital currency is caught in a cycle of dumps and consolidation, signaling continued uncertainty over the short term. BTC/USD Update The bitcoin price notched a session high of 4,075.90 on Bitfinex, recovering […]

The post Bitcoin Price Breaks Two-Day Slide; Mining Difficulty Plummets appeared first on Hacked: Hacking Finance.

Trade Recommendation: Zcash

Zcash (ZEC/BTC) printed its yearly low of 0.012775 on September 14, 2018. At that price level, the market was down by over 78% from the 2018 peak of 0.058957. The breach of the key weekly support of 0.0165 would have most likely shaken out and whipsawed a lot of retail traders. That’s because, by the […]

The post Trade Recommendation: Zcash appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Struggle to Gain Momentum as Sellers Remain in Control

Despite the recovery during the weekend, the major cryptocurrencies failed to gain substantial ground, with even the relatively stronger coins getting stuck below their recent short-term swing highs. Most of the top coins are now back below their initial panic lows, and despite the recent stability and the strength in some of the coins, the […]

The post Crypto Update: Coins Struggle to Gain Momentum as Sellers Remain in Control appeared first on Hacked: Hacking Finance.

Moscow’s First Cable Car System Hacked a Day after Launch




Moscow's Mayor Sergei Sobyanin in an extravagant ceremony propelled Moscow's first cable car service promising free rides for the first month. In any case, tragically, just 2 days after the service was made accessible, hackers apparently hacked into the cable car system and tainted them with ransomware.

As per the local news outlets, who previously reported the incident and Moscow's Mayor, the main computer for the cable car system was tainted with ransomware and was requesting a payoff installment in bitcoins to unscramble the documents required for the operation of the cable car.

"According to the agency interlocutor, a message was received from an unknown person on the head computer of the Moscow Cable Cars operating company requesting to transfer bitcoins to him in exchange for decrypting all the electronic files of the computer that is responsible for the cable car operation. The amount of the ransom, said in the letter, depends "on the speed of response to the letter." As a result, there was a failure in the cable car."

The attack or rather the infection happened on Wednesday, November 28, at around 14:00, local time.

The attack was severe to the point that it had its effect on even the servers of the Moscow Ropeway (MKD), which apparently halted the majority of its task when it was informed about it.

The office's servers were exposed to a security review on November 29, and the infection was fortunately removed. Cable Car transports continued on the 30th, as per a message posted on the MKD's official website.

As of yet there are no points of interest thought about the kind of ransom ware that tainted the MKD's servers, or even the amount of the Bitcoin ransom demanded.

Crypto Downtrend Intensifies as Market Sheds $16 Billion from Last Week’s High

Cryptocurrency prices extended their slide mid-morning, as bitcoin plunged below $3,900 and the major altcoins fell between 4-10%. At the time of writing, the crypto market cap was $11 shy of a new yearly low, a sign that the bears were still very much in control. Crypto Markets Slump The crypto-market downtrend has accelerated in […]

The post Crypto Downtrend Intensifies as Market Sheds $16 Billion from Last Week’s High appeared first on Hacked: Hacking Finance.

Bitcoin Price Slips Below $4,000 in Market-Wide Slump

Bitcoin’s price fell below $4,000 briefly on Monday, extending a 24-hour slump that has shaved more than $8 billion off the total cryptocurrency market cap. BTC/USD Update Bitcoin reached a low of $3,980 on Bitfinex, as bearish momentum continued to mount following a late-weekend reversal. At the time of writing, BTC/USD was down 2.8% at […]

The post Bitcoin Price Slips Below $4,000 in Market-Wide Slump appeared first on Hacked: Hacking Finance.

Trade Recommendation: Cardano

We’ve been watching Cardano (ADA/BTC) for a few days now.  The breach of weekly support of 0.00000969 drove the market to print a fresh 2018 low of 0.00000904 on November 25. At that point, Cardano looked weak and it appeared headed to the next weekly support of 0.00000730. Fortunately for bulls, the market was in […]

The post Trade Recommendation: Cardano appeared first on Hacked: Hacking Finance.

Trade Recommendation: POA Network

POA Network (POA/BTC) breached key monthly support of 0.00000942 on November 20, 2018. At that point, the market appeared ready to print a fresh yearly low. However, bulls rejected lower prices as they rallied to close the day at 0.00000929. While the daily close was still below the monthly support, the daily chart generated a […]

The post Trade Recommendation: POA Network appeared first on Hacked: Hacking Finance.

Bitcoin Dips Below $4,200 as Crypto Markets Run Into Familiar Resistance

Bitcoin and the broader cryptocurrency market ran into familiar resistance on Sunday, as the bulls failed to inspire new highs during the much lighter weekend trading cycle. Cryptoassets are coming off one of their worst months in history, opening the door to bargain hunters and long-term supports to boost their holdings. Market Update The cryptocurrency […]

The post Bitcoin Dips Below $4,200 as Crypto Markets Run Into Familiar Resistance appeared first on Hacked: Hacking Finance.

Bitcoin ETF Watch: VanEck, SolidX and CBOE Met With SEC on Monday

Backers of a highly-touted bitcoin exchange-traded fund (ETF) application met with U.S. regulators last week to present a new case for why their proposed product should be approved. The contents of the meeting, which were published on the Security and Exchange Commission’s (SEC) website Wednesday, gave new reasons why the regulator should approve a specific […]

The post Bitcoin ETF Watch: VanEck, SolidX and CBOE Met With SEC on Monday appeared first on Hacked: Hacking Finance.

Crypto Update: Bitcoin Leads Weekend Recovery as Consolidation Continues

The major cryptocurrencies started the weekend in a positive fashion, recovering from yesterday’s selloff and stabilizing the short-term technical patterns. The current consolidation kept the possible failed breakdown formation in play in the case of the relatively stronger coins, such as Bitcoin and Litecoin, and although the bearish long-term picture is still not in any […]

The post Crypto Update: Bitcoin Leads Weekend Recovery as Consolidation Continues appeared first on Hacked: Hacking Finance.

Trade Recommendation: NEO

NEO (NEO/BTC) generated a fresh yearly low of 0.001834 on November 27, 2018. This new low might look bad for the market from a retail investor’s point of view. However, a smart trader looks to enter at these levels. After all, 0.00183 is a key monthly support. NEO dropped to this area back in December […]

The post Trade Recommendation: NEO appeared first on Hacked: Hacking Finance.

Trade Recommendation: Basic Attention Token

Basic Attention Token (BAT/BTC) printed a new yearly low on September 12, 2018 when it dropped to as low as 0.00002056. While this number may appear random, a closer look at BAT/BTC reveals that 0.00002056 is actually a key support level. This used to be the market’s resistance back in December 2017. The breach of […]

The post Trade Recommendation: Basic Attention Token appeared first on Hacked: Hacking Finance.

Bitcoin Begins December on Firm Footing Following Worst Monthly Performance Since 2011

Bitcoin’s price rebounded on Saturday, as the bulls looked set to reassert themselves following a rocky end to November. The leading digital currency fell by a whopping 37% last month, marking its worst 30-day performance since 2011. BTC/USD Update The bitcoin price reached a high of $4,335 on Bitfinex, having gained more than 7% during […]

The post Bitcoin Begins December on Firm Footing Following Worst Monthly Performance Since 2011 appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Pull Back Following Strongest Rally in Weeks

The cryptocurrency segment is seeing red once again today following the strongest rally attempt since the structural breakdown in Bitcoin, which led to a damaging leg lower in the ongoing bear market. The major coins are all pulled back from their recent swing highs, and most of them dipped back below last week’s initial panic […]

The post Crypto Update: Coins Pull Back Following Strongest Rally in Weeks appeared first on Hacked: Hacking Finance.

Litecoin Update: Good Time to Accumulate

The 2018 bear market has devalued many altcoins by over 70%. Litecoin (LTC/BTC) is part of that list. From the 2018 high of 0.025, the market dropped by as much as 71.78% as of November 19 when it touched a low of 0.007055. At that point, it looked like the market has more room to […]

The post Litecoin Update: Good Time to Accumulate appeared first on Hacked: Hacking Finance.

Bitcoin Price Buckles Under Corrective Pressure; $4,000 Support Holds

Bitcoin’s price gave back a big chunk of its weekly gains on Friday, as the market entered into technical correction following sharp rebounds earlier in the week. BTC/USD Update The bitcoin price swung below $4,000 briefly on Friday before recovering above the psychological threshold. At the time of writing, BTC/USD was trading hands at $4,054 […]

The post Bitcoin Price Buckles Under Corrective Pressure; $4,000 Support Holds appeared first on Hacked: Hacking Finance.

Trade Recommendation: Zilliqa

Zilliqa (ZIL/BTC) looked like it had more downside potential when it generated a fresh 2018 low of 0.00000347 on November 25, 2018. In hindsight, the move down to the yearly low was nothing but a shakeout, which is common in crypto. A couple of days after the market printed a new low, Zilliqa rallied significantly. […]

The post Trade Recommendation: Zilliqa appeared first on Hacked: Hacking Finance.

Floyd Mayweather, DJ Khaled Charged For Illegally Touting Crypto Offerings

The Securities and Exchange Commission is charging DJ Khaled and professional boxer Floyd Mayweather Jr for failing to disclose that they were paid promotional fees to tout fraudulent initial coin offerings. The Verge reports: According to the SEC, this is the first time that individuals have faced charges involving ICOs. The Commission is accusing Mayweather of failing to disclose a $100,000 promotional payment and DJ Khaled with a $50,000 one. Both celebrities received these promotional fees from Centra Tech, Inc. earlier this year. Neither Mayweather nor Khaled have admitted to or denied the Commission's findings, but both have agreed to pay back what they had received to promote the ICO and are facing hundreds of thousands of dollars in additional penalties each. "These cases highlight the importance of full disclosure to investors," said SEC Enforcement Division co-director Stephanie Avakian. "With no disclosure about the payments, Mayweather and Khaled's ICO promotions may have appeared to be unbiased, rather than paid endorsements."

Read more of this story at Slashdot.

Crypto Update: Coins Extend Bounce as Selling Pressure Eases

The top cryptocurrencies continue to trade with a bullish short-term bias, and thanks to the two-day rally, the technical picture improved across the board. The odds of a failed breakdown pattern increased in the segment, with Bitcoin clearly recovering above the prior low, joining Litecoin in the move, even as most of the major altcoins […]

The post Crypto Update: Coins Extend Bounce as Selling Pressure Eases appeared first on Hacked: Hacking Finance.

Trade Recommendation: Red Pulse Phoenix

We’ve been keeping tabs on Red Pulse Phoenix (PHX/BTC) after its meteoric ascent from 0.00000217 on October 26, 2018 to 0.00001 on October 27. That’s an increase of over 360% in 24 hours! Of course, such a big leap in price in such a short period of time is never sustainable. At that point, Red […]

The post Trade Recommendation: Red Pulse Phoenix appeared first on Hacked: Hacking Finance.

Bitcoin Price Approaches $4,500 as Recovery Deepens; Market Cap Rises $14 Billion

Bitcoin’s ambitious recovery broadened on Thursday, as prices came within striking distance of the psychologically significant $4,500 mark. Gains were widespread across the crypto markets, boosting convictions that the worst of the downturn had finally passed. BTC/USD Update The bitcoin price notched a session high of $4,488 on Bitfinex, having rebounded more than $1,000 from […]

The post Bitcoin Price Approaches $4,500 as Recovery Deepens; Market Cap Rises $14 Billion appeared first on Hacked: Hacking Finance.

Iranians Indicted in SamSam Ransomware Scheme

The federal government charged two Iranian men for orchestrating a nearly three-year-long international hacking and extortion scheme that deployed ransomware which to date has caused more than $30 million in losses to its victims, which include hospitals, municipalities and public institutions. A federal grand jury in New Jersey has indicted...

Read the whole entry... »

Related Stories

Bitcoin Had a Big 15% Bounce to $4,300 But Traders Aren’t Convinced of Bull Run

Over the past 24 hours, the price of Bitcoin (BTC) surged from $3,771 to $4,355, by more than 15.4 percent, against the U.S. dollar. The volume of the dominant cryptocurrency spiked from around $5 billion to $7.2 billion, as large buy orders were filled by major fiat-to-cryptocurrency exchanges like Coinbase and Bitstamp. Bitcoin recorded the […]

The post Bitcoin Had a Big 15% Bounce to $4,300 But Traders Aren’t Convinced of Bull Run appeared first on Hacked: Hacking Finance.

Bitcoin Gold Update: Shows Profit Potential

Just like many altcoins, Bitcoin Gold (BTG/BTC) was in a downtrend for most of 2018. It generated a 2018 high of 0.0317 on January 13. From there, the market got trapped in a brutal downward spiral. It nosedived to as low as 0.002336 on August 14. At that point, Bitcoin Gold was down by over […]

The post Bitcoin Gold Update: Shows Profit Potential appeared first on Hacked: Hacking Finance.

Crypto Update: Weakening Bearish Momentum Leads to Another Rally Attempt

The cryptocurrency segment is having its most bullish day in a long while, as despite the failed rally attempt on Monday, the top coins held up above their lows and launched another bounce. While that didn’t change the overwhelmingly bearish overall picture, it confirmed the weakening of the negative momentum, at least in the case […]

The post Crypto Update: Weakening Bearish Momentum Leads to Another Rally Attempt appeared first on Hacked: Hacking Finance.

Trade Recommendation: Stellar

Stellar Lumens (XLM/BTC) has been correcting over the last two weeks after climbing as high as 0.00004712 on November 20, 2018. With this retracement, all the hype that surrounded the Coinbase listing is now gone. This is good news for market participants who want to buy the dip without the mania. The first step to […]

The post Trade Recommendation: Stellar appeared first on Hacked: Hacking Finance.

SEC Chairman Says Most Crypto ICOs are Securities; Bloodbath For Tokens?

It may be the wrong time for crypto investors to hold onto tokens issued by initial coin offering (ICO) projects. On CNBC, Jay Clayton, the chairman of the U.S. Securities and Exchange Commission (SEC) emphasized once again that most ICOs that are being talked about by investors in the global cryptocurrency market are considered securities […]

The post SEC Chairman Says Most Crypto ICOs are Securities; Bloodbath For Tokens? appeared first on Hacked: Hacking Finance.

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps.

The malicious code was introduced in the version 3.3.6, published on September 9 via the  Node Package Manager (NPM) repository.

The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week.

It has been estimated that the tainted version of the library was downloaded by nearly 8 million developers.

The library was created by Dominic Tarr, who maintained it for a long time, but when he left the project allowed an unknown programmer, called “right9ctrl” to continue its work.

“he emailed me and said he wanted to maintain the module, so I gave it to him. I don’t get any thing from maintaining this module, and I don’t even use it anymore, and havn’t for years.” wrote Tarr.

Tarr trusted right9ctrl  because of his important contributions to the project, but the expert once gained the access to the library, released a new version released Event-Stream version 3.3.6, containing a new library, called Flatmap-Stream, as a dependency, which was specifically designed to implement the malicious feature.

The bad news is that the code remained undetected for more than 2 months because it was encrypted. The malicious code spotted by a computer science student at California State University, Ayrton Sparling (FallingSnow handle on gitHub), who reported it.

“If you are using anything crypto-currency related, then maybe. As discovered by @maths22, the target seems to have been identified as copay related libraries. It only executes successfully when a matching package is in use (assumed to be copay at this point).” reported Sparling  on GitHub

“If you are using a crypto-currency related library and if you see flatmap-stream@0.1.1 after running npm ls event-stream flatmap-stream, you are most likely affected.

For example:

$ npm ls event-stream flatmap-stream

flatmap-stream@0.1.1″

The manager of the NPM repository who analyzed the malicious code discovered that it was designed to target people using the open-source bitcoin wallet app BitPay, distribution of the Copay project, that leverages the event-stream.

A security advisory published by BitPay confirms that Copay versions 5.0.2 through 5.1.0 were affected by the malicious code, the organization released the Copay version 5.2.0 to address the issue.

“We have learned from a Copay GitHub issue report that a third-party NodeJS package used by the Copay and BitPay apps had been modified to load malicious code which could be used to capture users’ private keys. Currently we have only confirmed that the malicious code was deployed on versions 5.0.2 through 5.1.0 of our Copay and BitPay apps. However, the BitPay app was not vulnerable to the malicious code. We are still investigating whether this code vulnerability was ever exploited against Copay users.” BitPay says in the advisory.

“Users should assume that private keys on affected wallets may have been compromised, so they should move funds to new wallets (v5.2.0) immediately.Users should not attempt to move funds to new wallets by importing affected wallets’ twelve word backup phrases (which correspond to potentially compromised private keys). Users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.”

The malicious code allows the attackers to steal digital coins stored in the Dash Copay Bitcoin wallets and transfer them to a server located in Kuala Lumpur, Malaysia.

On Monday, NPM maintainers removed the backdoor from the repository.

Pierluigi Paganini

(Security Affairs – Daniel’s Hosting, dark web)

The post Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins appeared first on Security Affairs.

Crypto Update: Bounce Fails Again as Bearish Forces Remain Dominant

While yesterday’s there was a chance for a short-term reversal in the cryptocurrency segment, due to the weakening bearish momentum and an encouraging bounce in some of the majors, the rally failed, and a lot of top coins hit new lows afterward. Our trend model remains on sell signals in most cases, and although the […]

The post Crypto Update: Bounce Fails Again as Bearish Forces Remain Dominant appeared first on Hacked: Hacking Finance.

Trade Recommendation: Monero

Monero (XMR/BTC) came off lows of 0.0131 on August 18, 2018. At that point, the market showed signs of bear exhaustion. It was oversold on the daily RSI. In addition, bears failed to flip 0.014 support into resistance as bulls fought back to reject lower prices. With these conditions, it appeared that the short-term bottom […]

The post Trade Recommendation: Monero appeared first on Hacked: Hacking Finance.

Bitcoin Price Reverses Course Ahead of CME Futures Expiry

After a positive start to the week, bitcoin’s rally fizzled on Tuesday, as the bears reaffirmed their stranglehold on the market ahead of a key futures expiry on Friday. Although bitcoin futures have had a stabilizing effect on the market, price action tends o be volatile in the days leading up to a contract’s expiration. […]

The post Bitcoin Price Reverses Course Ahead of CME Futures Expiry appeared first on Hacked: Hacking Finance.

The People of Ohio Can Now Pay Their Taxes in Bitcoin

Starting this week, businesses in Ohio will be able to pay taxes in bitcoin through a new platform, OhioCrypto.com, a first in the US. From a report: For many enthusiasts, part of the appeal of crypto has been the very fact that these currencies are not backed by governments. That makes it harder for politicians to manipulate currencies to their own ends, they say. But for the same reason, states have sought to sideline cryptocurrencies, comfortable to dismiss bitcoin as a passing fad. So Ohio, and its treasurer Josh Mandel, see embracing them as a way to signal that the state is tech-savvy and forward-thinking. "I do see [bitcoin] as a legitimate form of currency," Mandel told (paywall) the Wall Street Journal.

Read more of this story at Slashdot.

Trade Recommendation: DOCK

We have been keeping tabs on DOCK (DOCK/BTC) since it climbed from a low of 0.00000190 on August 14, 2018, to a high of 0.00000683 on October 28. Those who were able to ride the rally grew their investments by close to 260% in two and a half months. At 0.00000683, the market was ripe […]

The post Trade Recommendation: DOCK appeared first on Hacked: Hacking Finance.

Bitcoin Crash Has Created An Amazing Buying Opportunity

“Buy the dip.” “Buy the dip.” “Buy the dip.”  It seems like most articles in 2018 have all been telling traders to buy the dip.  And traders that have done just that have likely paid a very dear price.  But capitulation probably isn’t the best strategy either.  Instead, the best option is (and always has […]

The post Bitcoin Crash Has Created An Amazing Buying Opportunity appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Bounce Back but Bear Trap Not Yet Confirmed

The cryptocurrency segment is finally showing early signs of strength following the weekend’s selloff that took most of the majors to new bear market lows. Compared to the steep declines of the past couple of weeks, the bearish momentum has been relatively weak, and some of the top coins managed to climb back to, or […]

The post Crypto Update: Coins Bounce Back but Bear Trap Not Yet Confirmed appeared first on Hacked: Hacking Finance.

Bitcoin price falls below $4,000, as cryptocurrency market continues to plummet

Bitcoin price falls below $4,000

Bitcoin (BTC), the number 1 ranked cryptocurrency, hit a 14-month fresh low over the weekend when its price sunk under $4,000, according to CoinDesk.

The last time when Bitcoin price fell below $4,000 was in September 2017. Other cryptocurrency tokens like ether and Litecoin too suffered double-digit percentage drops within a 24-hour period.

Bitcoin, also known as a highly-volatile currency, had one of the worst prices drop last week since its bubble burst at the start of this year.

It’s price when particularly dropped to $3,667.92 represented a loss of 15.5% and its lowest in the last 24 hours. Bitcoin lost nearly a third of its value in seven days, which was down more than 35 percent.

According to CoinDesk, the market was valued at $182 billion, but that number has since fallen to $54 billion, and it now stands at $128 billion, its lowest value since September 2017.

During December 2017, the Bitcoin price had reached a golden phase when it touched the $20,000 threshold.

However, earlier this year, the value of Bitcoin dropped below $8,000, as the global cryptocurrency landscape shifted. In fact, till last month, prices were hovering around the $6,000 point.

As we can see, the price of Bitcoin has been seeing a downward trend over the last 11 months. Will the value of Bitcoin continues to fall further or will it be able to recover from its downfall, remains to be seen.

The post Bitcoin price falls below $4,000, as cryptocurrency market continues to plummet appeared first on TechWorm.

Bitcoin Price Rebounds from Lows but Short-Term Recovery Far From Guaranteed

Bitcoin’s price rose on Monday, possibly signaling the end of a multi-week downtrend and the start of a much-needed relief rally. However, the bulls aren’t out of the woods yet, and price action over the next 24-48 hours will determine whether the recovery attempt is merely a dead cat bounce. BTC/USD Update Over the past […]

The post Bitcoin Price Rebounds from Lows but Short-Term Recovery Far From Guaranteed appeared first on Hacked: Hacking Finance.

Richard Stallman Criticizes Bitcoin, Touts a GNU Project Alternative

Richard Stallman doesn't like bitcoin, and has never used it, reports CoinDesk: To Stallman, bitcoin isn't suitable as a digital payment system. His biggest complaint: bitcoin's poor privacy protections. He told CoinDesk, "What I'd really like is a way to make purchases anonymously from various kinds of stores, and unfortunately it wouldn't be feasible for me with bitcoin." Using a crypto exchange would allow that company and ultimately the government to identify him, he said.... Asked what he thought about so-called privacy coins, Stallman said he'd gotten an expert to assess their potential, and "for each one he would point out some serious problems, perhaps in its security or its scalability." And speaking broadly, Stallman continued: "If bitcoin protected privacy, I'd probably have found a way to use it by now." Fortunately, Stallman's GNU Project has a better answer: The GNU Project, which Stallman founded, is working on an alternative digital payments system called Taler, which is based on cryptography but is not -- forgive the hair-splitting -- a cryptocurrency. The Taler project's maintainer Christian Grothoff told CoinDesk that the system is, rather, designed for a "post-blockchain" world.... It's based on blind signatures, a cryptographic technique invented by David Chaum, whose DigiCash was among the first attempts at creating secure electronic money. Plus, Taler's attempt to create a digital money that resists surveillance by governments and payments companies aligns it with many cryptocurrency projects. Yet, Taler does not attempt to bypass centralized authority. Payments are processed by openly centralized "exchanges" rather than peer-to-peer networks of miners because, Grothoff said, such a system "would again enable dangerous, money laundering kind of practice." Indeed, in a break with the anti-government ethos that has tended to characterize bitcoin and some of its peers, Taler's design explicitly tries to block opportunities for tax evasion.... Privacy in the Taler system, then, is limited to users spending their digital cash. They are shielded from surveillance because, Grothoff said, "the exchange, when coins are being redeemed, cannot tell if it was customer A or customer B or customer C who received the coin, because they all look identical from the exchange. Nobody," he added, "exactly knows who has how many tokens." Merchants (or anyone) receiving payments, on the other hand, do so visibly and in the open, making it possible for governments to assess taxes on their income -- not to mention harder for the recipients to participate in money laundering.... Currently, Taler is in talks with European banks to allow withdrawal into the Taler wallet and also re-deposit from the Taler system back into the traditional banking system. "I wouldn't want perfect privacy," Stallman says in the interview, "because that would mean it would be impossible to investigate crimes at all. And that's one of the jobs we need the state to do."

Read more of this story at Slashdot.

Bitcoin Loses 32% of Its Value This Week, Falls Below $4,000

An anonymous reader quotes USA Today: Last year at this time, bitcoin was in the middle of a 217-percent rally that saw its value peak in December near $20,000. Now the largest cryptocurrency can't stay above $4,000 -- losing almost 32 percent in value this week and briefly hitting its lowest level since September 2007 at $3,477.58 on Sunday, according to data from CoinDesk... Other cryptocurrencies also languished. XRP fell 10.4 percent from its 24-hour open, while Ethereum was down 7.5 percent. Litecoin lost 6.7 percent, according to CoinDesk. This week's sell-off marked the largest one-week decline since April 2013 when bitcoin lost over 44 percent of its value, according to CoinDesk... Year to date in 2018, bitcoin has declined more than 71 percent... The cryptocurrency jumped from $6,088.35 in mid-November 2017 to $19,326.49 on Dec. 17, 2017... Citing three unnamed sources, Bloomberg News also reported last week that the U.S. Justice Department is investigating if market manipulation caused bitcoin's 2017 rally. Earlier this week, one financial advisory firm's CEO told CNN that they were still bullish on bitcoin. "Savvy investors understand that digital currencies are the future of money and, as such, they will be capitalizing on the lower prices in order to build their portfolios and shore-up their positions." But not everyone seems convinced. "I bought $10 of bitcoin a year ago. Just to see how it goes," posted Austin-based technology reporter Mike Melanson on Twitter, adding "It's worth $3.45 now. Quite the investment!"

Read more of this story at Slashdot.

As Bitcoin Selloff Intensifies, Overstock CEO Doubles Down on Blockchain

Bitcoin’s month of pain intensified on Sunday, as prices briefly fell below $3,500 for the first time since September 2017. The panic sale hit the market at a time when Lightning Network is registering record capacity and institutional investors are lining up to trade physically-backed bitcoin futures at the beginning of next year. Amid the apparent […]

The post As Bitcoin Selloff Intensifies, Overstock CEO Doubles Down on Blockchain appeared first on Hacked: Hacking Finance.

Crypto Update: Another Steep Selloff Drags Majors to New Lows

The cryptocurrency segment got hit had yet again this weekend, as the mid-week bounce faded and the recent panic lows failed to hold up the top coins. The negative long-term market forces took hold of the segment again, and despite the deeply oversold momentum readings, the majors plunged to new lows. Bitcoin briefly violated the […]

The post Crypto Update: Another Steep Selloff Drags Majors to New Lows appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bitcoin

Bitcoin (XBT/USD) is down by over 40% in less than two weeks. If you’re one of those who holds on for dear life (HODL), we imagine the last few weeks would have been extremely painful. However, now may not be the best time to capitulate. A savvy trader would start scaling in at these levels. […]

The post Trade Recommendation: Bitcoin appeared first on Hacked: Hacking Finance.

Bitcoin Price Hits $3,800; Stellar (XLM) Loses 22% In A Day As Decline Continues

The global crypto market plunged a further 12% on Saturday night, as the total cap fell to $124 billion – a level not seen since September 2017. Bitcoin sunk below $4,000 for the first time in the same period, hitting $3,819 on the BTC/USDT market. The market fluctuation did also affect Tether however, so the […]

The post Bitcoin Price Hits $3,800; Stellar (XLM) Loses 22% In A Day As Decline Continues appeared first on Hacked: Hacking Finance.

Trade Recommendation: Request Network

Request Network (REQ/BTC) came off lows of 0.00000445 on September 12, 2018. At that price level, the market was down by over 93% from the 2018 high of 0.00007220. More importantly, dropping to that price level meant that Request Network has given up all of its gains from the December 2017 – January 2018 bull […]

The post Trade Recommendation: Request Network appeared first on Hacked: Hacking Finance.

Trade Recommendation: Modum

Modum (MOD/BTC) dropped to its yearly low of 0.00008 on August 3, 2018. At that price level, the market was down by almost 92% from the 2018 peak of 0.000935. This type of retracement may discourage the entry of retail investors. However, the risk to reward ratio at such low prices is highly favorable. More […]

The post Trade Recommendation: Modum appeared first on Hacked: Hacking Finance.

French Tobacco Shops Will Sell Bitcoin and Ethereum Starting January 2019

Tobacco shops are a staple of daily life across France, selling cigarettes, newspapers, magazines, and lottery tickets. Come January, these most traditional of merchants will take a plunge into the future by adding cryptocurrencies to their wares. From a report: The French Federation of Tobacco Vendors (French Confederation Nationale des Buralistes), which represents the 27,000 tobacco shops in France, announced that it has approved plans for its members to sell Bitcoin and Ethereum to customers. The program is expected to start in 3,000 locations in January, eventually rolling out to all tobacco shops across the country. Of course, the timing is somewhat less than ideal, as prices of cryptocurrencies have been in free fall most of this year. Just this week, Bitcoin hit a new low for 2018. While the effort is seen as a new potential revenue source for these merchants, it remains far from clear how interested the general public is in owning cryptocurrencies.

Read more of this story at Slashdot.

L0rdix malware on dark web steals data, mines crypto & enslaves PCs as botnet

By Waqas

There’s a new hacking tool circulating in the underground Dark Web forums that let cybercriminals target Microsoft Windows computers. It has become the newest universal go-to tool to attack a Windows machine because it presents an utterly lethal combination of data stealing, cryptomining, and snooping capabilities. Discovered by Ben Hunter, a security researcher at ENSILO, […]

This is a post from HackRead.com Read the original post: L0rdix malware on dark web steals data, mines crypto & enslaves PCs as botnet

EOS Update: Bull and Bear Scenarios

EOS (EOS/BTC) recorded one of its major lows of 0.0006914 on August 14, 2018. Since then, the market has been trading within a wide range between 0.0006914 and 0.0009544 with a midpoint or range equilibrium at 0.0008058. Retail investors buying this range are most likely accumulating. They believe that this is the bottom and EOS […]

The post EOS Update: Bull and Bear Scenarios appeared first on Hacked: Hacking Finance.

Crypto Update: Majors Test Lows After Consolidation

After a brief quiet period in the cryptocurrency segment, the top coins turned lower again in the second half of the day and approached their recent bear market lows. While Bitcoin only tested its panic low, Ethereum dipped below at and the still relatively strong Ripple also fell below the key long-term support zone that […]

The post Crypto Update: Majors Test Lows After Consolidation appeared first on Hacked: Hacking Finance.

Bitcoin’s Price Collapse: A Matter of Perspective

Bitcoin plunged anew on Friday, as prices threatened new bear market lows following two days of relative calm for the leading digital currency. As markets continue searching for a bottom, investors are reminded that the latest downturn is far from the worst bitcoin has experienced in its relatively short history. BTC/USD Update The bitcoin price […]

The post Bitcoin’s Price Collapse: A Matter of Perspective appeared first on Hacked: Hacking Finance.

Trade Recommendation: Ark

Ark (ARK/BTC) became a victim of the November 19 crypto carnage when it breached support of 0.00009. The breakdown sparked a waterfall event as those who bought the range rushed to close their positions. As a result, the pair plummeted and generated a yearly low of 0.0000752 on November 20. At that point, Ark appeared […]

The post Trade Recommendation: Ark appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Consolidate on Thanksgiving Day After Wild Ride

Volatility declined substantially today in the cryptocurrency segment following three days of heavy trading, with top coins consolidation after the recent leg of the market-wide crash. US markets have been closed for Thanksgiving Day, and although traditional financial markets had an active day, especially in Europe, volumes in the crypto-segment were much lower than in […]

The post Crypto Update: Coins Consolidate on Thanksgiving Day After Wild Ride appeared first on Hacked: Hacking Finance.

Trade Recommendation: Enigma

Enigma (ENG/BTC) came back to life with big moves over the last few days. A couple of days ago, on November 20, 2018, the market created a new yearly low of 0.000068. From that point, Enigma surged with a vengeance. It breached multiple resistances including 0.00008 as it climbed as high as 0.00009945 on November […]

The post Trade Recommendation: Enigma appeared first on Hacked: Hacking Finance.

Bitcoin Price Remains Under Pressure as Volatility Hits Six-Month High

Bitcoin’s price consolidated Thursday, as the bulls continued to face strong resistance from an upsurge of short positions placed in the futures market. The digital currency’s 30% drop since Nov. 13 has triggered the biggest rise in volatility since May, a discouraging sign for those eyeing a short-term bounce in prices. BTC/USD Update The bitcoin […]

The post Bitcoin Price Remains Under Pressure as Volatility Hits Six-Month High appeared first on Hacked: Hacking Finance.

Crypto Update: Ripple Due for a Correction

While Bitcoin (BTC/USD) and most altcoins have fallen in the height of the crypto carnages, Ripple (XRP/BTC) not only stood its ground but it even went against the trend. It managed to continue climbing while almost everything else was crumbling. Yesterday, November 20, 2018,  Ripple/Bitcoin was up by as much as 7.17% to as high […]

The post Crypto Update: Ripple Due for a Correction appeared first on Hacked: Hacking Finance.

Trade Recommendation: CyberMiles

CyberMiles (CMT/BTC) started to look bullish on October 4, 2018, when it breached resistance of 0.00001655. This triggered the breakout from the double bottom pattern on the 4-hour chart. The breakout ignited a rally to 0.0000222 on October 9. Although CyberMiles appeared to have established a short-term top at this point, it only needed to […]

The post Trade Recommendation: CyberMiles appeared first on Hacked: Hacking Finance.

The $700 Billion Question

As losses in the crypto universe continue to mount, U.S. regulators are once again asking whether last year’s bull market was artificially inflated. According to Bloomberg, the federal probe is intensifying now that bitcoin’s price floor has been severely breached. Tangled Web As Hacked previously reported, federal prosecutors have uncovered a suspicious relationship between Bitfinex, […]

The post The $700 Billion Question appeared first on Hacked: Hacking Finance.

Trade Recommendation: NavCoin

The NavCoin/Bitcoin pair (NAV/BTC) breached resistance of 5,000 satoshis on September 22, 2018. This triggered the breakout from the rounding bottom pattern on the 4-hour chart. The price action attracted breakout traders and trend followers. This sparked a strong rally to 9,230 satoshis on the same day. Of course, the strong rally was met with […]

The post Trade Recommendation: NavCoin appeared first on Hacked: Hacking Finance.

Price Prediction for Bitcoin, Ripple, Ethereum: Crypto Bloody Tuesday Sees Falls that Shake Convictions

The BTC/USD hits a low of $4,212 and eyes $3,500 in the next few days. The XRP/USD panics below $0.41 but recovers $0.45 amid high uncertainty. The ETH/USD marks a trough at $125 and could move below $100. If Hollywood creates the script of what’s happening on the Crypto Board, they wouldn’t have done any […]

The post Price Prediction for Bitcoin, Ripple, Ethereum: Crypto Bloody Tuesday Sees Falls that Shake Convictions appeared first on Hacked: Hacking Finance.

Bitcoin Price Carves Out New Lows as Crypto Carnage Intensifies

Bitcoin’s price plunged anew on Tuesday, reaching the lowest in over 13 months and signaling no end to the downtrend that began early last week. BTC/USD Update The leading digital currency dropped below $4,300 on Coinbase for the first time since early October 2017. At the time of writing, bitcoin was trading at $4,380, down […]

The post Bitcoin Price Carves Out New Lows as Crypto Carnage Intensifies appeared first on Hacked: Hacking Finance.

Bitcoin Falls Below $5,000 For First Time Since October 2017

The value of Bitcoin has hit a new low of $4,951, bringing the total value of all Bitcoin in existence to below $87 billion. Much of the turmoil can be attributed to the split of Bitcoin Cash on November 15th. The Bitcoin offshoot has been split into two different cryptocurrencies, which are now in competition with each other. The BBC reports: Bitcoin exchange Kraken said in a blog post that it regarded one of the two new Bitcoin Cash crypto-currencies -- Bitcoin SV -- as "an extremely risky investment." At its peak, in November 2017, it briefly hit $19,783 - which means the price has fallen by about 75%. After the excitements of last year when the price soared to nearly $20,000 and then tumbled, Bitcoin has been rather dull and stable for much of 2018, settling between $6,000 and $7,000.

Read more of this story at Slashdot.

Crypto Market Cap Plummets $42 Billion Over Six Days as Bitcoin Targets $5,000

A staggering selloff in the cryptocurrency market over the past six days has investors searching for an elusive bottom on major assets like bitcoin, bitcoin cash and Ethereum. However, the breakdown of key technical levels, combined with the complete disregard for fundamentals, suggest the bottoming process has not yet concluded. Crypto Selloff Deepens The combined […]

The post Crypto Market Cap Plummets $42 Billion Over Six Days as Bitcoin Targets $5,000 appeared first on Hacked: Hacking Finance.

Crypto Update: New Bear Market Lows Across the Board

The key long-term breakdown in the cryptocurrency segment that we observed last week continued in earnest today, with most of the majors hitting new bear market lows amid another wave of heavy selling. Bitcoin dropped below $5200 for the first time since last October, Ethereum violated the key $160 level, Litecoin plunged below $38, with […]

The post Crypto Update: New Bear Market Lows Across the Board appeared first on Hacked: Hacking Finance.

Bitcoin Price Crashes to New 2018 Lows as Selloff Resumes

Bitcoin and the broader cryptocurrency market slumped anew Monday, setting the stage for a prolonged downturn that could open the door to new support levels being breached. Market Update The bitcoin price crashed nearly 8% on Monday to reach a new yearly low of $5,180 on Coinbase. At the time of writing, the BTC/USD exchange […]

The post Bitcoin Price Crashes to New 2018 Lows as Selloff Resumes appeared first on Hacked: Hacking Finance.

Crypto Update: 5 Altcoins to Watch This Week

Last week’s crypto carnage has driven many altcoins below their yearly lows. However, there are some coins that managed to hold their ground. Even amidst massive selloffs, these coins are surviving the storm. Thus, they deserve your attention. In this article, we reveal the 5 altcoins to watch this week. Ripple/Bitcoin (XRP/BTC) While the rest […]

The post Crypto Update: 5 Altcoins to Watch This Week appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bitcoin Gold

The Bitcoin Gold/Bitcoin pair (BTG/BTC) took out resistance of 0.0045 on November 4, 2018. The breach triggered the breakout from the inverse head and shoulders pattern on the 4-hour chart. Also, the breakout looked valid as Bitcoin Gold had a volume buzz that’s over 410% of its daily average. The bullish price action attracted traders […]

The post Trade Recommendation: Bitcoin Gold appeared first on Hacked: Hacking Finance.

Trade Recommendation: Haven Protocol

We’ve been following Haven Protocol (XHV/BTC) from some time now, after we saw its bullish potential. It skyrocketed from 0.0001371 on October 12 to as high as 0.00056 on November 12, 2018. In as little as one month, Haven Protocol grew by over 308%. Though we were tempted to recommend long positions during this meteoric […]

The post Trade Recommendation: Haven Protocol appeared first on Hacked: Hacking Finance.

Bitcoin Sees Biggest Volatility Spike of the Year; Should Long-Term Holders Be Worried?

Bitcoin’s precipitous drop over the past 48 hours has rendered the virtual currency highly susceptible to new bear-market lows. According to one indicator, the sudden and dramatic downshift disrupted a period of calm not seen  disrupted a period of calm not seen in over two years. Bitcoin Volatility Surges In the span of just 24 […]

The post Bitcoin Sees Biggest Volatility Spike of the Year; Should Long-Term Holders Be Worried? appeared first on Hacked: Hacking Finance.

Trade Recommendation: Steem

An extended bear market may be upon us as altcoins either create new yearly lows or revisit historical support areas. While the prolonged downtrend can be difficult to trade, it doesn’t necessarily mean that there are no profitable trade opportunities. In fact, we’re seeing a promising setup now in Steem/Bitcoin (STEEM/BTC). Steem broke support of […]

The post Trade Recommendation: Steem appeared first on Hacked: Hacking Finance.

Trade Recommendation: Aeternity

Aeternity (AE/BTC) appeared to be doing well prior to the November 14, 2018 bloodbath. It bounced off lows of 0.0001266 on September 12, 2018, and climbed as high 0.0002275 on October 20. At that point, AE/BTC looked strong. In only needed to preserve support of 0.0001735 to resume its uptrend. Unfortunately, Aeternity fell as one […]

The post Trade Recommendation: Aeternity appeared first on Hacked: Hacking Finance.

Bitcoin Update: Bull and Bear Scenarios

To say that the last two days in crypto have been a bloodbath would be an understatement. Many altcoins have broken critical support areas. Some cryptos even registered new yearly lows. One of those is Bitcoin (BTC/USD). Bitcoin dropped to as low as $5,188 on Coinbase and lost as much as 20% of its value […]

The post Bitcoin Update: Bull and Bear Scenarios appeared first on Hacked: Hacking Finance.

Bitcoin Price Consolidates After Steep Loss as Market Cap Holds Below $100 Billion

Bitcoin’s market capitalization remains firmly capped below $100 billion on Friday, as prices struggled to regain momentum following a catastrophic selloff earlier in the week. Although bitcoin remains firmly in the grip of the bears, price action over the last 24 hours suggests the worst of the downshift had passed. BTC/USD Update The bitcoin price […]

The post Bitcoin Price Consolidates After Steep Loss as Market Cap Holds Below $100 Billion appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Consolidate After Key Breakdown

The cryptocurrency segment is still under the influence of this week’s key technical breakdown that carried several majors below crucial support levels. Bitcoin’s moves have been dominating the market in recent days, and as the most valuable coin formed a short-term bottom, the top coins entered a choppy consolidation phase, retracing some of their steep […]

The post Crypto Update: Coins Consolidate After Key Breakdown appeared first on Hacked: Hacking Finance.

Trade Recommendation: Ravencoin

We’ve been watching Ravencoin/Bitcoin (RVN/BTC) for some time now. We have a gut feeling that it has ultra-bullish potential. That’s because it climbed from a low of 254 satoshis on October 15, 2018, to its all-time high (ATH) of 1,045 satoshis on October 22. That’s an increase of over 311% in seven days. Of course, […]

The post Trade Recommendation: Ravencoin appeared first on Hacked: Hacking Finance.

Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack

Malaysia’s largest media company allegedly suffered a ransomware attack that affected its ability to use its in-house email system. Anonymous sources told The Edge Financial Daily that ransomware attackers struck Media Prima Berhad, a media giant which operates businesses in television, print, radio, out-of-home advertising, content and digital media. According to those unnamed individuals, bad […]… Read More

The post Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack appeared first on The State of Security.

Hackers infect Malaysia’s largest media company with ransomware, then demand $6.45 million

Media Prima Berhad, Malaysia’s leading media company, has been hit with a ransomware attack followed by a whopping $6.45 million demand for the decryption keys.

Anonymous sources from within the company told The Edge Financial Daily that the attack unfolded over four days, and that ransomware operators demanded the company pay 1,000 bitcoins in ransom – the equivalent of RM27,042.26, or US$6.45 million.

“The whole Media Prima group’s computer systems have been breached and infected with ransomware over the last four days,” said the source. “The attackers demanded 1,000 bitcoins from Media Prima in the ransomware attack.”

Asked to comment via email, Media Prima would neither confirm nor deny the breach, saying: “Thank you for the questions. It is with regret [we have] to inform you that we decline to comment on the questions.”

Another source, however, indicated that the attack was not very serious at all, and that Media Prima declined paying the ransom.

“Our office email was affected, but we have migrated to G Suite. They (the attackers) demanded bitcoins, but we are not paying,” this source said.

It is unclear what ransomware family was used in the attack. It is also unclear whether the operators had direct access to physical systems (an inside job would not be out of the question), or if they used social engineering schemes to make their way into Media Prima’s infrastructure and deploy the attack.

It is worth noting that ransomware operators typically use social engineering to trick victims into granting internal access. Whichever the case, going by the sum requested by the operators, the attack was very likely targeted.

Bitcoin Price Rebounds After Market Evacuation; XRP Kickstarts Decoupling Process?

After two days in which $38 billion left the global crypto market cap, anyone who was in doubt over the fragility of the market at large has now been firmly answered. Two competing theories have arisen over the source of the crash, with many suggesting the ongoing Bitcoin Cash hardfork saga as a possible culprit. […]

The post Bitcoin Price Rebounds After Market Evacuation; XRP Kickstarts Decoupling Process? appeared first on Hacked: Hacking Finance.

Long-Term Cryptocurrency Analysis: Bear Market Continues With Major Technical Breakdown

After months of choppy consolidation, yesterday, we saw the largest move in the cryptocurrency segment since April, which took the majors below key technical levels. Bitcoin’s drop is the most important event, since the most valuable coin violated a structurally important base support for the first time since its historic bull run to $20,000 started. […]

The post Long-Term Cryptocurrency Analysis: Bear Market Continues With Major Technical Breakdown appeared first on Hacked: Hacking Finance.

Canadian University Shuts Down Network in Response to Cryptocurrency Mining Attack

St. Francis Xavier University had to take its critical IT systems offline after it discovered a scheme to mine cryptocurrency using its network resources.

On Nov. 9, the school’s IT team identified an automated attack launched by unknown threat actors in an effort to steal computing power to mine cryptocurrency, otherwise known as cryptojacking.

After consulting with security specialists, the university, which is based in Nova Scotia, made the decision to disable all network systems. Representatives of the school announced plans to reinstate the offline servers across its network in stages to reduce potential security risks.

Why Did the University Shut Down Its Network?

So far, the university has reported no evidence that the personal information of students, faculty or other parties has been leaked or stolen as part of the attack. To be safe, however, administrators reset the passwords for all university accounts across campus. The IT team said it would continue to look for anomalous behavior over the next month.

The university’s swift response affected basic access to network resources such as Wi-Fi and educational software application Moodle. Meanwhile, student payment cards and debit transactions were temporarily inoperable. The school said it plans to publish a list of which services have been restored and which are still in the queue, such as its MesAmis reporting system and Banner database. The researchers did not explain exactly how the malware was installed on the system.

How to Keep Cryptocurrency Mining Threats at Bay

The St. Francis Xavier University incident is an increasingly rare example of cryptojackers focusing on bitcoin. According to security experts, general-purpose computers are not ideal for bitcoin given the sophisticated nature of its algorithm. Instead, attacks more often exploit IT resources to mine for newer cryptocurrencies such as Monero and Ethereum.

Regardless of what’s being mined, organizations that invest in security information and event management (SIEM) are better positioned to identify cryptojacking before it’s too late to remediate the threat without halting the entire network.

Sources: St. Francis Xavier, ZDNet

The post Canadian University Shuts Down Network in Response to Cryptocurrency Mining Attack appeared first on Security Intelligence.

New Ransomware Strain Evades Detection by All but One Antivirus Engine

Researchers discovered a new strain of Dharma ransomware that is able to evade detection by nearly all of the antivirus solutions on the market.

In October and November 2018, researchers with Heimdal Security uncovered four strains of Dharma, one of the oldest ransomware families in existence. One of the strains slid past a total of 53 antivirus engines listed on VirusTotal and 14 engines used by the Jotti malware scan. Just one of the security scanners included in each of those utilities picked up on the strain’s malicious behavior.

In its analysis of the strain, Heimdal observed a malicious executable dropped through a .NET file and another associated HTML Application (HTA) file that, when unpacked, directed victims to pay a ransom amount in bitcoin.

How Persistent Is the Threat of Ransomware?

The emergence of the new Dharma strain highlights ransomware’s ongoing relevance as a cyberthreat. Europol declared that it remains the key malware threat in both law enforcement and industry reporting. The agency attributed this proclamation to financially motivated malware attacks increasingly using ransomware over banking Trojans, a trend that it anticipates will continue for years to come.

Europol identified this tendency despite a surge in activity from other threats. For example, Comodo Cybersecurity found that crypto-mining malware rose to the top of detected malware incidents in the first three months of 2018. In so doing, malicious cryptominers supplanted ransomware as the No. 1 digital threat for that quarter, according to Comodo research.

Defend Against New Malware Strains With Strong Endpoint Security

Security professionals can help keep ransomware off their networks by using an endpoint management solution that provides real-time visibility into their endpoints. Experts also recommend using tools that integrate with security information and event management (SIEM) software to streamline responses to potential incidents.

Sources: Heimdal Security, Europol, Comodo Cybersecurity

The post New Ransomware Strain Evades Detection by All but One Antivirus Engine appeared first on Security Intelligence.

Headmaster caught mining cryptocurrency at school; gets fired

By Uzair Amir

A Chinese school headmaster Lei Hua was caught mining cryptocurrency using the school’s electricity. As a result, he had to lose his job. It happened at Puman Middle School in Hunan province of China. Initially, teachers complained about the loud noise that continued day and night while an increase in the school’s electricity consumption was also reported […]

This is a post from HackRead.com Read the original post: Headmaster caught mining cryptocurrency at school; gets fired

StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform

Anatomy of a sextortion scam

This blog was written by Jaeson Schultz.

Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passwords from a publicly available data breach, and then used this data to facilitate their sextortion attacks. While the attackers do not actually have any compromising videos showing the victim, the emails claim to have explicit videos that they will distribute if the victim doesn't pay the extortion payment by a certain time. By including the recipient's password along with their demands for payment, the attackers hope to legitimize their claims about having compromising material concerning the victim. While these attacks have been in the wild for months, Talos wanted to take a closer look at some of these campaigns to see why users were being tricked into sending the attackers large amounts of bitcoin despite the attackers' empty threats. By examining some of the sextortion spam campaigns in detail, our researchers were able to gain insight into how these criminals operate.



An example of a sextortion email containing slight changes to the wording of the message body.


Sextortion Campaign Analysis


To facilitate a deeper understanding of sextortion scams, Talos extracted and analyzed messages related to two very similar sextortion spam campaigns. The first spam campaign we analyzed began on Aug.30, 2018, and the second campaign began Oct. 5, 2018. Both campaigns are still active at the time of writing this blog.

Talos extracted all messages from these two sextortion campaigns that were received by SpamCop from Aug. 30, 2018 through Oct. 26, 2018 — 58 days' worth of spam. Every message sent as a part of these two sextortion campaigns contains a From: header matching one of the following two regular expressions:

From =~ /Aaron\d{3}Smith@yahoo\.jp/
From =~ /Aaron@Smith\d{3}\.edu/

Campaign Totals

In total, SpamCop received 233,236 sextortion emails related to these "Aaron Smith" sextortion campaigns. The messages were transmitted from 137,606 unique IP addresses. The vast majority of the sending IP addresses, 120,659 sender IPs (87.7 percent), sent two or fewer messages as a part of this campaign.


Number of sextortion emails received by SpamCop over time


The sending IPs are distributed among many countries, however roughly 50 percent of the sextortion messages come from only five countries: Vietnam (15.9 percent), Russia (15.7 percent), India (8.5 percent), Indonesia (4.9 percent) and Kazakhstan (4.7 percent). If some of these countries seem familiar, that may be because India and Vietnam were previously identified as having exceedingly large numbers of machines that are infected with the Necurs botnet, a well-known distributor of many pieces of malware.


Distribution of sender IP addresses by country


Despite sending more than 233,000 email messages as part of these campaigns, the number of unique recipients was actually fairly low. Talos found only 15,826 distinct victim email addresses. This means that the attackers were sending an average of almost 15 sextortion spam messages per recipient. One unlucky victim from our dataset was contacted a staggering 354 times.

Payment demands

Each sextortion spam contains a payment demand. The payment requested by the attackers varies according to the specific campaign, but in this instance, it is a randomly generated number consisting of an integer between one and seven, followed by three zeros ($1,000 - $7,000). These six different payment amounts appear with almost identical frequency across the entire set of emails, suggesting that there was no effort made on the part of the attackers to tailor their payment demands to individual victims.

Cryptocurrency wallets

In addition to the payment demand, each sextortion message also contains a bitcoin (BTC) wallet address to receive the payment from the victim. In total, Talos identified 58,611 unique bitcoin wallet addresses associated with these two spam campaigns. This works out to an average of approximately four sextortion messages per bitcoin wallet. Out of the approximately 58,000 bitcoin wallets, only 83 wallets have positive balances. However, the balances in those 83 wallets add up to 23.3653711 bitcoins, the equivalent of $146,380.31. That isn't too bad considering the attackers have only been distributing this particular scam for roughly 60 days, and do not actually possess any compromising material concerning the victim.

If you look at the number of unique bitcoin wallets and unique victim email addresses seen over time, you can see that the attackers periodically inject their ongoing campaign with fresh data. The number of unique bitcoin wallets tends to peak and then reduce over time, until it peaks again, with another fresh batch of attacker-generated bitcoin wallets. The last major injection of fresh wallet addresses occurred on Oct. 9. The same can be seen regarding unique message recipients over time, with what appears to be a large injection of fresh recipients also occurring around Oct. 9.


Unique versus duplicate bitcoin wallets and recipient email addresses


Unfortunately, as we dug further into the individual bitcoin wallets possessing positive balances, we noticed some oddities regarding the wallet payment amounts. Several wallets had received transfers that fell well under the minimum $1,000 payment that was demanded as part of this specific campaign. The payment amounts were low enough to fall outside the realm of what could be logically explained as a result of fluctuations in the price of bitcoin.


Bitcoin wallet found in the Aaron Smith sextortion spam that contains far less than the minimum demand of $1,000.


Our researchers discovered that some of the wallets used in this attack were also being used in other attacks. The attackers were reusing some of their bitcoin wallet addresses across different spam campaigns.

In light of the attackers' bitcoin wallet reuse, Talos decided to expand our research to include all spam messages that mention "bitcoin," while also possessing a string of 26-35 characters resembling a bitcoin wallet address in the body of the email.

Attackers' use of personal information


One of the first related sextortion campaigns we discovered utilized the victim's telephone number instead of their data breach password. While a telephone number isn't nearly as private or confidential as a user's password, it is still arguably somewhat personal. By including the victim's telephone number, the attackers were hoping they could convince recipients that their sextortion scam was indeed real.


An example sextortion attack using victims' phone numbers


If you read the text closely, you will notice that much of the text in this email is virtually identical to the text contained in the "Aaron Smith" campaigns Talos analyzed previously, especially the text in the closing paragraph.

As a matter of fact, while searching SpamCop, we encountered a sample email message where the attackers appeared to have mistakenly disclosed their template containing the choose-your-own-adventure-style text variations for generating varied message bodies as part of their sextortion spam attack.


An example of a sextortion template message mistakenly emailed out by the attackers


Internationalized sextortion


Security researchers at IBM X-Force recently discovered a sextortion campaign that was purportedly sent through the Necurs' botnet infrastructure in late September 2018. Using the 20 bitcoin wallet indicators of compromise (IoCs) provided by IBM, Talos identified nearly 1,000 different sending IP addresses involved in transmitting both the "Aaron Smith" spam, as well the international sextortion spam that IBM X-Force associated with the Necurs botnet. The overlap in sending IP infrastructure indicates, with a reasonable degree of confidence, that the same spammers are behind both of these sextortion campaigns.

Besides the "7 different languages (ENG, GER, FRE, ITA, JPN, KOR, ARA)" of sextortion spam identified in the X-Force blog, Talos identified additional variations of a similar sextortion campaign in Czech, Spanish, Norwegian, Swedish and Finnish.


An example of a sextortion message in Spanish


Additional attack variations


There were other, similar forms of sextortion spam originating from some of the same Necurs-sending IP infrastructure. Below is an example of a sextortion spam email that is attempting to look like a support ticket. For extra authenticity, the message even includes text near the top of the body that reads: "Camera Ready, Notification: <date>."


An example of a sextortion email disguised as a "Ticket"


The attackers used that same exact bitcoin wallet in a completely different type of bitcoin-related email scam. The BTC wallet 1HJbQG3NsDGqqnnF1cU2c1Cgj1BT65TYRy located in the "Ticket" example above, also appears in an explicit video-for-bitcoin scam. In the sex video swindle, the attackers impersonate a young girl from the Russian Federation, and promise to send a custom explicit video in exchange for a deposit of $100 into the attackers' bitcoin wallet.


An example of an explicit video-for-bitcoin message containing a duplicate sextortion bitcoin wallet


Talos identified additional bitcoin wallets that overlapped, which revealed additional attacks, also likely perpetrated by the same group of spammers. For example, the bitcoin wallet 1NAXPRTdVdR5t7wfR1C4ggr9rwFCxqBZD7 not only appears in the "Ticket"-type sextortion scam messages detailed above, but it also appears in a different scheme meant to extort bitcoin from recipients who may be cheating on their significant other. The spammers claim to have been following the victim, where they obtained photographic evidence concerning the recipient's purported infidelity.


An example of an illicit relationship extortion message


Other (unrelated?) attack variations


As we reviewed additional bitcoin-related spam from SpamCop, we came across several other types of social engineering attacks aimed at obtaining bitcoin payments.

In a clever twist on the "I-know-you-are-cheating" extortion example detailed above, attackers claim to have proof that the victim's partner is in fact cheating on them. While the wording of the text in the message feels somewhat familiar, it is dissimilar enough to other extortion attacks (by containing an attached QR code, for example) that it may in fact be the handiwork of a completely different group of attackers.


A variation of the extortion attack offering victims proof of their partner's infidelity


Talos also discovered messages related to a much more frightening and violent variety of extortion. In these messages, the attackers claim to have been paid to kill the recipient of the email. The hitmen claim to already have their transportation arranged, but since they have had a change of heart, they are now willing to sell information about who hired them to their potential victim. Again, the formula and wording the message sound quite similar to text we witnessed in multiple sextortion emails. Though we suspect it, Talos cannot say for certain that these violent extortion emails are in fact the work of the same attackers.


An example of a violent extortion message threatening to kill the recipient


Other examples of social engineering


There were some bitcoin-related spam campaigns we noticed that, while they had very little connecting them to the spam sent via the Necurs botnet, they represented creative attempts to coerce some victims through social engineering.

First, there was an attack targeting victims with a propensity to fall for get-rich-quick schemes. In this offer, recipients are encouraged to send bitcoin to a wallet address where their bitcoin will magically double in value within three hours' time. This bitcoin "doubler" claims to exploit an undisclosed "bug in the system." While the average user may be able to realize quickly this is a scam, some users who are not as educated on the concept of bitcoin may be susceptible to this type of spam.


An example of the bitcoin doubler email


Other bitcoin-related spam targets those who might be inclined to donate to charity. While easing the suffering of children affected by military aggression is a most admirable cause, we couldn't find anything in this message to indicate that this is a legitimate charitable organization.

An example of the questionable "Charitable Children's Fund" email


We also discovered a piece of spam that claims to be "positive junk mail." The body of the message reads, "You know those emails that keep circulating trying to extort you for bitcoin claiming they have compromised the camera in your computer and have embarrassing videos and photos that they plan to share with your friends and family?...This IS NOT one of those!"


An example of the bitcoin lottery spam


In the Q&A section near the bottom of this email the spammers write, "Q: How do we know this is legitimate? A: You don't. We can't actually post proof without exposing ourselves as well as the winner. Take it for what it's worth. We apologize but this is the best we can do."

If you're curious about how the whole Oct. 4 bitcoin lottery drawing turned out, note that there is only one transaction for the bitcoin wallet mentioned in the spam. That transaction happened back on Sept. 28 and was for $4.

Conclusion


Most anti-spam solutions will filter out obvious sextortion attempts like the ones we highlighted in this post. However, that is no silver bullet. When these kinds of spam campaigns make it into users' email inboxes, many of them may not be educated enough to identify that it's a scam designed to make them give away their bitcoins. Unfortunately, it is clear from the large amount of bitcoin these actors secured that there is still a long way to go in terms of educating potential victims.

Indicators of compromise (IOC)


Here is a list of the 58,611 bitcoin wallets used by the attackers in the "Aaron Smith" sextortion spam.

Fake Flash updates upgrade software, but install crypto-mining malware

According to cybersecurity firm Palo Alto Networks, it discovered a fake Flash updater that has been duping conscientious computer users since August. The fake updater installs files to sneak a cryptocurrency mining bot called XMRig, which mines for Monero.

But here's the catch, while the fake updater is installing the XMRig malware, it's also updating the user's Flash.

Via: The Next Web

Source: Palo Alto Networks

Dark Markets’ Weakness? Cashing out the Bitcoin to USD!

Over the years there has been an on-going battle between law enforcement and those who use technology-based anonymity to perform their illegal deeds.  Some of the FBI's tricks to break through the anonymity have created interesting challenges, such as the "Operation Pacifier" case, where the FBI used court orders to allow them to use hacking tricks to expose the true locations of members of a child sexual exploitation site with 150,000 members, leading to 350 US arrests and 548 international arrests.  In that case the FBI deployed "Network Investigative Techniques" (NITs) to learn the IP addresses of top members of a TOR protected .onion server.  To clarify the legality of that situation, Rule 41 of the Federal Rules of Practice and Procedure was amended in 2016 under some controversy, as we blogged about in "Rule 41 Changes: Search and Seizure when you don't know the Computer's location."

In the current case, "Operation: Dark Gold", perhaps as a demonstration that the old "Follow the Money" rule can work even in these modern times, law enforcement posed as cryptocurrency exchangers, offering attractive conversion rates to USD even for those clearly involved in criminal activity.  After Alexander Vinnik's BTC-e exchange was shuttered, with the owner accused of facilitating the laundering of $4 Billion in illicit funds, Dark Market vendors had a real problem!  How do you turn a few million dollars worth of Bitcoin into money that you can spend in "the real world?"



That's just the kind of problem that the Department of Justice's Money Laundering and Asset Recovery Section is happy to help criminals solve.  In a major operation, Special Agents from Homeland Security Investigations in New York posed as money launderers on various TOR-protected dark markets.  As the money launderers were able to drive conversations "off platform" they had the opportunity to refer cases around the nation and around the world.  So far, more than 90 cases have been opened, leading to investigations by ICE's HSI, the US Postal Inspection Service, and the US Drug Enforcement Agency.  65 targets were identified and 35 Darknet vendors have been arrested so far.  At least $20 million in Bitcoin and other cryptocurrencies was seized, as well as 333 bottles of liquid opioids, 100,000 tramadol pills, 100 grams of fentanyl, 24kg of Xanax, 100 firearms, including assault rifles and a grenade launcher, five vehicles, and $3.6 million in cash and gold bars.  They also seized 15 pill presses, and many computers and related equipment.

Powell and Gonzalez (BonnienClyde)


The case against Nicholas Powell and Michael Gonzalez really explains the background of some of these cases well. 

"In or about October 2016, HSI NY, USPIS, the USSS, and the NASA Office of Inspector General, apprehended a Cryptocurrency Exchanger/Unlicensed Money Remitter herein rferred to as Target Subject-1. With TS1's cooperation, agents began investigating TS1's customers.  From the limited subset of customers for whom TS1 saved any kind of personal information (such as the names and addresses to which TS1 had shipped the customers' cash), agents identified a number of vendors selling illegal goods and services on the dark net." (Gar-note: NASA OIG has one of the coolest most proactive cybercrime teams in Federal government.  Little-known FACT!)

"With TS1's permission, agents took control of TS1's online accounts and identity, initiating an undercover operation using that identity to create new accounts (the "UC Vendor Accounts") targeting dark net drug vendors who utilized TS1's services to launder their illicit proceeds.  Since January 2017, agents have advertised the UC Vendor Accounts' services on AlphaBay, HANSA, and other dark net marketplaces, which has led to hundreds of bitcoin-for-cash exchanges.  Because TS1's original business model involved sending cash to physical addresses, each UC Vendor Account transaction has provided agents with leads on the identities and locations of their counterparties.  Individuals who used the UC Vendor Account were charged a fee notably higher than the fee charged by Bitstamp or other exchanges with Know  Your Customer protocols.  This and other evidence helped establish that many of these "customers" were likely dark net vendors or controlled substances or other illicit goods.  Furthermore, and as explained below, in some instances, agents have successfully utilized undercover buyer accounts on dark net marketplaces to conduct undercover drug buys from vendors believed to be the UC Vendor Accounts' customers."

In this case, Law Enforcement first caught up with Michael Gonzalez in Parma, Ohio.  He claimed Nicholas Powell was the mastermind, and the only got paid to help with shipping and packaging of "a few orders."  His job was to measure out 500 gram bags of Xanax powder and handle the shipping.  Powell was found and interviewed in his home at 5283 Bevens Ave, Spring Hill, Florida on May 22, 2018.  Powell confirmed that he had begun selling steroids and weed on the dark net. Later he became a drop shipper, arranging shipments from China to be delivered domestically.  Powell started on Silkroad 2, using the name BCPHARMA, selling steroids and GHB that he purchased from China.  He sold on Agora and AlphaBay as BONNIENCLYDE or BNC.  Later he also used that alias on Evolution Markets.  He also shifted later to selling Xanax and steroids on AlphaBay.  He claimed he physically destroyed the computer he used for this work, and later also destroyed two Apple computers. 

Powell confirmed that he used TS1 to convert between $10,000 and $40,000 in crypto currencies to cash at a time, and would receive the packages via USPS Express.  He claims a Canadian vendor wanted to buy his online identity, and that he made $100,000 by transferring the "BONNIENCLYDE" id to the Canadian. 

Powell willingly signed over to agents $438,000 worth of cryptocurrencies.

TrapGod 

TrapGod was an online vendor alias shared by  Antonio Tirado, 26 and Jeffrey Morales, 32, of Bronx, New York.  An affidavit from Antonio's search warrant shows he was growing marijuana and packaging and shipping both LSD and Cocaine.

Here's a photo of some of TrapGod's goods for sale on one dark market.

The 2050 means that 2,050 people have rated this vendor's services, giving an average review of 4.79 out of 5 stars.  Even the "bad" reviews, show that Trapgod was good to do business with.  One says "Vendor has been top notch. Then got some really sub-par stuff.  Contacted vendor. He said he'll take care of me next time. Will post again..."  Comments include things like "Great shipping, good stealth." and  "Stealth was good, my package was well hidden and secure.  Quality is good, after testing I found that the product is about a 80/20 cut as described!  I like honesty, plus seller put a little extra in my order!!"  "Shipment was delayed, quality not so good. However vendor sent an additional shipment to make up for it.  The price is good, but I'd rather pay more for higher quality."

Unfortunately, Morales and Tirado either weren't the only ones behind the Trapgod alias, or they are continuing to sell while out on bail.  Morales and Tirado's homes both got hit July 20, 2018, but there were fresh reviews posted yesterday (July 3, 2018).

Qu/Wu/Weng/Tseperkas/Akkaya

The next group were worked as a single case (1:18-mj-05193-UA) also in New York, and involved raids on three houses in Flushing and Mt. Sinai, New York.  Charges are brought against Jian Qu, Raymeond Weng, Kai Wu, Dimitri Tseperkas, and Cihad Akkaya.

Kai Wu and Jian Qu were in one home, where $200,000 in cash, 110 kg of marijuana, and "680 grams of unidentified powders" were seized.

Residence-2 yielded 12kg of Alprazolam, 10kg of marijuana vape cartridges, 570 grams of ecstasy, "12kg of unidentified powder" and four pill presses, used to press powders into ecstasy tablets.  There were also at least 2 kg of THC gummies.



Residence-3 was the home of Dimitri Tseperkas and Cihad Akkaya, where law enforcement recovered $195,000 in cash, 30kg of marijuana, and three loaded shotguns and 100 shotgun shells.


Videos recovered from the cell phones of Wu and Weng (who was not home, but has been observed repeatedly at Residence-1) reveal they also have at least two marijuana grow houses.

Farace/Swain

Ryan Farace, who the indictment makes clear "has no known medical education, qualifications, or licensing in the State of Maryland or elsewhere", yet he and his partner were manufacturing and distributing serious amounts of Xanax.  So much so that the indictment calls for them to forfeit $5,665,000 in cash as well as a Lincoln Navigator, a  GMC pick-up truck, and 4,000 Bitcoins (which currently would be the USD equivalent of more than $26 MILLION dollars!

Not bad for the former parking lot attendant of a Home Depot ... according to Ryan's Facebook, where both of the named vehicles are featured:



The indictment charges the pair with "Conspiracy to Manufacture, Distribute, and Possess with Intent to Distribute Alprazolam" (aka Xanax) (21 USC section 846) as well as "Maintaining Drug-involved Premises" (21 USC section 856) and "Conspiracy to Commit Money Laundering" (18 USC section 1956).

CANNA_Bars:

Jose Robert Porras III and his girlfriend, Pasia Vue, were selling marijuana and crystal meth, as well as Xanax and Promethazine-codeine cough syrup (Lean).  The HSI agent noticed on their Dream Market account that they shared their rating from Hansa.  Big mistake.  The Dutch High Tech Crimes Unit has the seized servers from Hansa and is happy to do lookups for law enforcement.  This revealed that "CANNA_BARS" had earned about 56 bitcoins on Hansa, selling crystal meth in quantities as large as 1 pound bars!  They described the product there as "this crystal is directly from manufacturers in mexico so it is made with the highest qaulity products that cant be found in the us. expect the highest qaulity on hansa for the cheapest."  The same criminal also couldn't spell "qaulity" right on Dream Market, which was further confirmation this might be the same guy.  From Dream Market "whats up we are canna_bars a vendor of top qaulity weed we offer qps to multiple pounds we are operating out of northern california and have direct relationships with many growers so expect good qaulity for cheap prices."

By searching for this signature typo, "qaulity" for "quality", the agent was also able to confirm that CANNA_BARS was the same person that sold as THEFASTPLUG on Wall Street Market, another dark net marketplace.  They completed 60 orders there between Feb 2018 and May 13, 2018.

One of his loyal customers, y***h,  is apparently wishing him well after learning of the arrest ... in the comments section for THEFASTPLUG on Wall Street Market, they made this July 2, 2018 comment:





In one photograph shared by CANNA_BARS, his hands are shown, palms up, holding marijuana buds.  The fingerprints of the open palms were so clear that they could easily be used to run a fingerprint match:


The HSI Forensic Document Laboratory returned a fingerprint match confirming that the image showed the fingerprints for Jose Robert Porras III, who had prints on file.

CANNA_BARS offered "free samples" of marijuana, which the agent asked for and had shipped to another state.  The package arrived and was confirmed to contain marijuana. (The inner package was wrapped in fabric softener sheets, presumably to stop drug-sniffing dogs?)

HSI surveillance was used to follow Porras and Vue to a US Post Office where they shipped packages, a Bank of America branch where they had accounts, and to a storage unit, where they maintained their inventory.  Undercover purchases from CANNA_BARS of two pounds of marijuana, and THEFASTPLUG of three pounds of "og kush" marijuana were able to be observed in the gathering and shipping end of the surveillance, providing "end-to-end" proof of the identity of the criminals.

Some of the bitcoin that was used by CANNA_BARS was able to be linked via blockchain analysis to accounts that had a bit of KYC information attached.  This revealed four accounts at one exchanger, including one each for VUE (using the email "pasiavue57@gmail.com" and (916) 228-1506) and PORRAS.  These further linked to several bank accounts, two in the name of Pasia Vue, one in the name of Marcos Escobado (a brother(?) of Porras, and another in the name of Julie Hernandez.  Escobado was arrested in Oregon for possession of methamphetamine and had received $11,000 from the bitcoin exchanger in four transactions.

After TS1's money exchanger service was taken over by the feds, the couple did four more transactions, receiving $56,000 in cash shipped from New York to their drops in Live Oak and Sacramento, California.

In addition to the Drugs and Money laundering charges, Porras was charged with Felon Possessing a Firearm:



Sam & Djeneba Bent

Less details are revealed in the Vermont indictment against Sam & Djeneba Bent.  Same used dark markets to sell Ecstasy (MDMA), LSD, marijuana, and cocaine, and used the TS1 money exchanging service to cash out more than $10,000 from bitcoin to USD.


They are charged with using a false return address on a package shipped through the postal service.

(Just joking, I know this got long and I wondered if anyone had read this far, haha.)


Daniel Boyd McMonegal 

McMonegal became a dark market vendor in or around December 2016, which might be how he chose his vendor name, Christmastree.  McMonegal, according to the affidavit by Homeland Security Investigations, incorporated a "medical marijuana delivery dispensary" in December 2, 2016 under the name "West Coast Organix" in San Luis Obispo, California, and almost immediately started selling the drugs via interstate postal delivery via Dream Market using his Christmasstree vendor name.

From June 15, 2017 to May 12, 2018, Christmastree sold 2,800 packages and earned a 4.98 rating on Dream Market!


The rave reviews from buyers make it clear Christmastree really knew his stuff with high ratings on his Blue  Dream, OG Kush, Super Silver Haze, Blackberry Kush, and many others.  

Like the others, McMonegal's downfall was getting his Bitcoin turned into cash.  After the time the federal agents controlled TS1's exchange business, McMonegal used it to cash out at least $91,000 which was shipped to him in Mariposa, California in six shipments between April 2017 and March 2018.



IMMIGRATIONS AND CUSTOMS ENFORCEMENT

For all the crap that is in the news recently about ICE, Homeland Security Investigations, the team that was at the lead of many of these investigations, are using technology and brilliant investigators to help shut down some of the worst crimes on the Internet.  If you know an ICE or HSI agent, make sure to let them know you appreciate what they are doing for us all!


(For more of this press conference, please see this YouTube video: "Officers arrest 35 in dark web bust, seize guns and drugs")

Cyber Security Roundup for January 2018

2018 started with a big security alert bang after Google Security Researchers disclosed serious security vulnerabilities in just about every computer processor in use on the planet. Named 'Meltdown' and 'Spectre’, when exploited by a hacker or malware, these vulnerabilities disclose confidential data. As a result, a whole raft of critical security updates was hastily released for computer and smartphone operating systems, web browsers, and processor drivers. While processor manufacturers have been rather lethargic in reacting and producing patches for the problem, software vendors such as Microsoft, Google and Apple have reacted quickly, releasing security updates to protect their customers from the vulnerable processors, kudos to them.

The UK Information Commission's Office (ICO) heavily criticised the Carphone Warehouse for security inadequacies and fined the company £400K following their 2015 data breach, when the personal data, including bank details, of millions of Carphone Warehouse customers, was stolen by hackers, in what the company at the time described as a "sophisticated cyber attack", where have we heard that excuse before? Certainly the ICO wasn't buying that after it investigated, reporting a large number Carphone Warehouse's security failures, which included the use of software that was six years out of day,  lack of “rigorous controls” over who had login details to systems; no antivirus protection running on the servers holding data, the same root password being used on every individual server, which was known to “some 30-40 members of staff”; and the needless storage of full credit card details. The Carphone Warephone should thank their lucky stars the breach didn't occur after the General Data Protection Regulation comes into force, as with such a damning list of security failures, the company may well have been fined considerably more by ICO, when it is granted vastly greater financial sanctions and powers when the GDPR kicks in May.

The National Cyber Security Centre warned the UK national infrastructure faces serious nation-state attacks, stating it is a matter of a "when" not an "if". There also claims that the cyberattacks against the Ukraine in recent years was down to Russia testing and tuning it's nation-state cyberattacking capabilities. 

At the Davos summit, the Maersk chairman revealed his company spent a massive £200m to £240m on recovering from the recent NotPeyta ransomware outbreak, after the malware 'totally destroyed' the Maersk network. That's a huge price to pay for not regularly patching your systems.

It's no surprise that cybercriminals continue to target cryptocurrencies given the high financial rewards on offer. The most notable attack was a £290k cyber-heist from BlackWallet, where the hackers redirected 700k BlackWallet users to a fake replica BlackWallet website after compromising BlackWallet's DNS server. The replica website ran a script that transferred user cryptocurrency into the hacker's wallet, the hacker then moved currency into a different wallet platform.

In the United States, 
the Federal Trade Commission (FTC) fined toy firm VTech US$ 650,000 (£482,000) for violating a US children's privacy laws. The FTC alleged the toy company violated (COPPA) Children's Online Privacy Protection Rule by collecting personal information from hundreds of thousands of children without providing direct notice.

It was reported that a POS malware infection at Forever21 and lapses in encryption was responsible for the theft of debit and credit card details from Forever21 stores late last year. Payment card data continues to be a high valued target for cyber crooks with sophisticated attack capabilities, who are willing to invest considerable resources to achieve their aims.

Several interesting cybersecurity reports were released in January,  the Online Trust Alliance Cyber Incident & Breach Trends Report: 2017 concluded that cyber incidents have doubled in 2017 and 93% were preventable. Carbon Black's 2017 Threat Report stated non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite the proliferation of malware available to both the professional and amateur hackers. Carbon Black also reported that ransomware attacks are inflicting significantly higher costs and the number of attacks skyrocketed during the course of the year, no surprise there.  

Malwarebytes 2017 State of Malware Report said ransomware attacks on consumers and businesses slowed down towards the end of 2017 and were being replaced by spyware campaigns, which rose by over 800% year-on-year. Spyware campaigns not only allow hackers to steal precious enterprise and user data but also allows them to identify ideal attack points to launch powerful malware attacks. The Cisco 2018 Privacy Maturity Benchmark Study claimed 74% of privacy-immature organisations were hit by losses of more than £350,000, and companies that are privacy-mature have fewer data breaches and smaller losses from cyber-attacks.

NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

REPORTS

Cyber Security Roundup for December 2017

UK supermarket giant Morrisons, lost a landmark data breach court case in December after a disgruntled Morrisons employee had stolen and posted the personal records of 100,000 co-workers online, the supermarket chain was held liable for the data breach by the UK High Court. The High Court ruling now allows those affected to claim compensation for the "upset and distress" caused. Morrisons said it believed it should not have been held responsible and would be appealing against the decision. If the appeal is lost it could open up the possibility of further class action lawsuits cases by individuals. Pending the GDPR becoming law in May 2018, such a court ruling sets a legal precedent for individuals to claim damages after personal data losses by companies through the courts as well. After May 2018, the GDPR grants individuals the right sue companies for damages following personal data breaches. So we can expect 'ambulance chasers' lawyers to pick up on this aspect of the GDPR, with class action lawsuits following data breaches, it well could become the new "P.P.I. industry"

Any businesses or individuals using Kaspersky should be aware the UK National Cyber Security Centre has warned government agencies against using the Russian supplier’s products and services, which follows a ban by US government departments in November. Barclays responded to the warning by stopping their free offering of Kaspersky anti-virus products to its customers. 2017 saw Cyber Security become a political football, so it is no real surprise that the UK and US once again blamed North Korea for the devasting WannaCry attacks earlier in the year, personally, I blame poor patch management and hackers, not the North Korea cyber army!

Nadine Dorries MP got herself in hot water after trying to defend now former political colleague Damian Green, following claims of Mr.Green accessed porn on his Parliment computer. This was activity was reported by a retired Police officer, which was said to be a breach of the data protection act. Nadine tweeted "my staff log onto my computer on my desk with my login everyday" to suggest anyone could have used Damian Green's PC to access the illicit websites. This led to widespread condemnation and a warning by ICO to MPs on password sharing. 

The fact illicit websites were not blocked by Parliament systems is one concerning lack security issue, but the flagrant disregard for basic cybersecurity by government MPs is gobsmacking, especially when you consider they are supposed to be understanding the risk and setting laws to protect UK citizens from cyber attacks and data breaches. Its another "slap palm on head" after the last UK Prime Minister announced he wanted to ban encryption.

2017 has seen huge rises in cryptocurrencies values, which has placed cryptocurrency brokers and user crypto coin wallets in the sights of cybercriminals. This month mining platform NiceHash was breached by hackers, who stole £51 million worth of Bitcoin and Bitcoin exchange Youbit, which lets people buy and sell Bitcoins and other virtual currencies, shut down and filed for bankruptcy after losing 17% of its assets in the cyber-attacks. I think we can expect further cryptocurrencies attacks in 2018 given the cryptocurrency bubble is yet to burst.

Faked LinkedIn profiles are nothing new, however, the German Intelligence Agency (BfV) said it had spotted China were using faked LinkedIn profiles to connect with and gather information on German officials and politicians, which is an interesting development.

Finally, Hackers were reported as taking advantage of poorly secured systems at UK private schools, and it was claimed hackers could turn off heating systems at UK schools and military bases.

NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

Weekly Cyber Risk Roundup: Bitcoin Attacks Dominate Headlines, New Phishing Warnings

Several cryptocurrency exchanges were among the week’s top trending cybercrime targets due to a variety of different currency thefts, data breaches, and warnings from researchers.

2017-12-8_ITT.png

The most impactful incident occurred at the bitcoin mining platform and exchange NiceHash, which said on Wednesday that its payment system was compromised and the bitcoin in its wallet was stolen. NiceHash said it is “working to verify the precise number of BTC taken”; however, news outlets reported that a wallet linked to the attack obtained around 4,736 bitcoin, which is valued at more than $72 million based on Saturday’s price. The company has not released many details about the attack other than that it began after an employee’s computer was compromised.

In addition, researchers warned this week that the increased valuation of bitcoin has led to it becoming one of the top 10 most targeted industries for DDoS attacks. On Monday, Bitfinex said that its services were disrupted by a DDoS attack. On Thursday, Coinbase warned that the explosion of interest in digital currencies was creating “extreme volatility and stress” on its systems and warned its users to invest responsibly as any future downtime could impact their ability to trade.

News outlets also reported that some Bittrex customers who go through the company’s manual verification process but are rejected have received customer support emails that contain the passports details and photographs of other users, although Bittrex has not confirmed the reports.

Finally, the SEC announced that it obtained an emergency asset freeze to halt the Initial Coin Offering PlexCorps after it raised up to $15 million from thousands of investors by falsely promising a 13-fold profit in less than a month’s time.

2017-12-8_ITTGroups

Other trending cybercrime events from the week include:

  • TIO Networks announces breach: PayPal announced a breach at TIO Networks, a payment processor it acquired in July, that affects approximately 1.6 million customers. City Utilities (CU) and Duke Energy have since notified customers that their personal information was compromised due to the breach, as TIO was the provider of the operating system for CU’s payment kiosks and mobile payment app, in addition to being used to process Duke Energy’s in-person payments.
  • Payment card breaches: The Image Group is notifying customers of a temporary vulnerability on its eCommerce platform, Payflow Pro, that made some payment card numbers susceptible to interception while in transit to PayPal. JAM Paper & Envelope is notifying customers of a payment card card breach affecting its website due to unauthorized access by a third party. A payment card breach involving the Royal National Institute for the Blind’s web store affects as many as 817 customers, and around 55 individuals have already reported fraudulent activity as a result of the incident.
  • Extortion attacks: The Alameda County Library is notifying its users that their personal information may have been compromised after it received an extortion email that claimed hackers had gained access to the library’s entire database of users and may sell that information if they weren’t paid a five bitcoin ransom. The Mecklenburg County government in North Carolina said that its computer systems were infected with ransomware that is demanding $23,000 for the encryption key. Mad River Township Fire and EMS Department in Ohio said that years of data related to residents who used EMS or fire services was lost due to a ransomware infection. The fertility clinic CCRM Minneapolis said that nearly 3,300 patients may have had their information compromised due to a ransomware attack.
  • Other notable incidents: The Center for Health Care Services in San Antonio is notifying 28,434 patients that their personal information was stolen by a former employee. The County of Humboldt is notifying current and former employees that the Humboldt County Sheriff’s Office recovered payroll documents from the county. Pulmonary Specialists of Louisville is notifying patients their information may have been compromised due to possible unauthorized access. Virtual keyboard developer Ai.Type, bike sharing company oBike, Real Time Health Quotes, and Stanford University all had data breaches due to accidental data exposure. Baptist Health Louisville, Sinai Health System, and The Henry Ford Health System notified patients of employee email account breaches.
  • Law enforcement actions: Authorities reportedly shut down Leakbase, a service that sold access to more than two billion credentials collected from old data breaches. The Justice Department announced a software developer at the National Security Agency’s Tailored Access Operations has pleaded guilty to removing classified NSA data and later having that data stolen from his personal computer by Russian state-sponsored actors. A Michigan man pleaded guilty to gaining access to the Washtenaw County computer network and altering the electronic records of at least one inmate in an attempt to get the inmate released early. A Missouri man has been sentenced to six years in prison for hacking his former employer, American Crane & Tractor Parts, in order to steal trade secrets.

SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of those “newly seen” targets, meaning they either appeared in SurfWatch Labs’ data for the first time or else reappeared after being absent for several weeks, are shown in the chart below.

2017-12-8_ITTNew

Cyber Risk Trends From the Past Week

2017-12-8_RiskScoresPhishing concerns were highlighted once again this past week due to a newly announced vulnerability that allows malicious actors to spoof emails, as well as warnings that phishers are making efforts to appear more legitimate.

A researcher has discovered a collection of bugs in email clients, dubbed “Mailsploit,” that circumvents spoofing protection mechanisms and, in some cases, allows code injection attacks. The vulnerabilities were found in dozens of applications, including Apple Mail, Mozilla Thunderbird, Microsoft Outlook 2016, Yahoo! Mail, ProtonMail, and others.

The bug has been fixed in 10 products and triaged for 8 additional products, the researcher said. In addition, Mozilla and Opera said they won’t fix the bug as they consider it to be a server-side problem; however, Thunderbird developer Jörg Knobloch told Wired that a patch would be made available. DMARC spoofing protection is not attacked directly using Mailsploit,  the researcher said, but rather bypassed by taking advantage of how the clients display the email sender name.

In addition, researchers said that nearly a quarter of all phishing websites are now hosted on HTTPS domains, up from three percent a year ago. The increase is due to both an increased number of HTTPS websites that can be compromised and used to host malicious content, as well as phishers registering HTTPS domains themselves due to their belief that the “HTTPS” designation makes a phishing site seem more legitimate to potential victims. An informal poll conducted by PhishLabs found that more than 80% of the respondents incorrectly believed the green padlock associated with HTTPS websites indicated that a website was either legitimate or safe — when in reality it only means that the connection is encrypted.

Individuals and organizations should be aware that malicious actors continue to leverage exploits like Mailsploit along with more secure-looking websites in order to dupe potential victims via phishing attacks with the goal of installing malware, gaining access to networks, or stealing sensitive data.

Cybercrime Surges in Q3

young man with glasses sitting in front of his computer, programming. the code he is working on (CSS) can be seen through the screen.

PandaLabs Q3 Report indicates that incidences of cybercrime continue to increase, with 18 million new malware samples captured this quarter – more than 200,000 samples daily.

The Quarter at a Glance

Cybercrime continues to grow at an exponential rate, fuelled by the opportunity for large financial rewards.

Hackers have taken to developing new variants of successful Ransomware such as Locky, and the development of a model known as Ransomware-as-a-Service (RaaS), whereby developers create Ransomware for distributors, these distributors then target and infect victims – allowing both parties to achieve greater profits.

Another key development was the occurrence of DDoS attacks. Most natably that of Cyber Security journalist Brian Krebs. Krebs exposure of vDoS lead to the arrest of its key members and subsequently made Krebs’ site the target of a massive DDoS attack that saw Google step in to restore the site. As one of the largest attack of its kind, hackers leveraged IoT devices to send 620GB of data per second – at its peak – to the site.
graphs_cabecera-mediacenter
This quarter cyber-attacks targeted multiple gaming sites, gaining access to millions of users’ personal information. These attacks were largely launched using botnets composed of smartphones, and effected users of Overwatch, World of Warcraft and Diablo 3. Further attacks saw more than 3.5 million users exposed when Dota 2 and mobile game Clash of the Kings were targeted. These highlight just a few incidences in the Gaming world in the last 3 months.

The Banking sector remained a target for hackers as attacks on ATM’s, POS terminals and Bitcoin wallets continue to become more frequent and more advanced.

A Taiwanese ATM attack this quarter indicated just how advanced cybercriminals have become when they were able to hack the banks internal network and withdraw over R28 million without even touching the ATM itself.

Another big victim was Yahoo – one of the biggest attacks of its kind revealed this quarter indicated that 500 million user accounts had been comprised in a 2014 attack.

Finally, Q3 saw the largest Bitcoin robbery to date, when R 84 billion worth of Bitcoin was stolen by hackers.

View the full PandaLabs Q3 Report for more detail on specific attacks and find out how you can protect yourself and your business from the advanc

The post Cybercrime Surges in Q3 appeared first on CyberSafety.co.za.