Skip Navigation

Critical Infrastructure News

A cloud environment owned and operated by Tesla was breached back hackers who used the company’s compromised machines and computer resources to mine for cryptocurrency, according to security researchers .

In a report published this week by security firm RedLock, it was revealed that Tesla suffered a breach as a result of the vehicle manufacturer failing to password protect an open-source system that contained keys to access the company’s cloud.

According to the report, once the attackers gained access to Tesla’s cloud servers, they began running a cryptocurrency mining protocol called Stratum to mine for valuable digital currency that they could pocket and profit off of.

“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," Tesla said in a statement provided to International Business Times. "The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

The attackers used Tesla’s cloud environment to do the dirty work of the mining process, essentially making the company’s computer do all the work while pocketing all of the profits generated from the operation.

A protocol called Stratum was used to carry out the attack, and the hackers managed to evade detection by obscuring the true IP address of the mining server and keeping the CPU usage low so as to not raise any suspicion.

Read more: International Business Times

Hackers running malvertising campaign on YouTube to mine cryptocurrency

Security researchers have revealed how hackers are now bombarding YouTube videos with fake antivirus ads and running crypto jacking codes without alerting users.

Malvertisers are running fake antivirus adverts on YouTube videos by abusing Google's Double Click ad platform and tricking users into downloading malware.

Security researchers at both Trend Micro and Adguard have unearthed a sophisticated malvertising operation that helped people run cryptomining software on systems without alerting users. Ideally, such cryptomining consumes CPU power in user systems, and thus creators are required to inform users about such operations. However, those behind the malvertising campaign did no such thing.

According to security firm Adguard, the campaign was exposed after YouTube users complained about their antivirus alerting about mining attempts while they were watching videos on YouTube. Following deep analysis, researchers concluded that malicious actors abused Google's Double Click ad platform to run fake antivirus ads on YouTube videos, thereby provoking people to download malware.

'We discovered that advertisements found on high-traffic sites not only used Coinhive, but also a separate web miner that connects to a private pool. Attackers abused Google’s DoubleClick, which develops and provides Internet ad serving services, for traffic distribution. Data from the Trend Micro™ Smart Protection Network™ shows affected countries include Japan, France, Taiwan, Italy, and Spain,' noted researchers Chaoying Liu and Joseph C. Chen at Trend Micro.

The malvertising campaign was launched on such a large scale that the researchers observed a 285% increase in the number of Coinhive miners on January 24.

'The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices,' they added.

Speaking with Gizmodo, YouTube acknowledged the operation and termed it 'a relatively new form of abuse'. However, it also claimed that the malicious adverts were blocked in less than two hours, thanks to a multi-layered detection system set up by the company.

'Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms,' said YouTube.


Delaware hacker indicted in multimillion-dollar fraud scheme

His notoriety began seven years ago when he was arrested at a video game convention in Boston and accused of pirating $6 million in game code that was derived from a system used to train CIA agents for combat. May agreed to a Boston judge’s offer for pretrial probation in exchange for a dismissal of his case.

Last year evidence emerged that he was back on federal authorities' radar when police seized a $60,000 BMW Coupe and about $40,000 from his Brandywine Hundred residence. The FBI at the time declined to say why the assets had been seized.

The recent indictment against May states that the car was purchased through ill-gotten gains from the alleged fraud scheme.

That scheme began in April 2016 when May and other unnamed "co-schemers" obtained legitimate serial numbers to expensive Cisco computer hardware that they did not own, prosecutors say. The indictment does not state how they obtained those serial numbers. 

The group set up false online aliases to make it appear they worked for a legitimate company. They then submitted warranty claims for the equipment associated with the ill-gotten serial numbers, the indictment states. 

Their goal was to pose as legitimate owners of the computer components and present problems to Cisco engineers that they knew would require the company to replace the hardware through a warranty program. 

Through such misrepresentations, May and his conspirators were able to convince Cisco to ship approximately 169 pieces of computer hardware to replace technology they never owned. In all, May received some 155 pieces of computer hardware — valued at $2.3 million.  

He and his conspirators had submitted requests to replace some 266 pieces of equipment from Cisco, tot. It is unclear how the group's scheme was discovered. The indictment states that they agreed to return the equipment they had reported as broken, but never did.

Chicago Police Cut Crime with Major Upgrades to Analytics and Field Technology

The Chicago Police Department (CPD) is deploying predictive and analytic tools after seeing initial results and delivering on a commitment from Mayor Rahm Emanuel, a bureau chief said recently.

The issue, as the mayor said during his 2018 Annual Budget Address on Oct. 18, is how best to ensure that a rise in shootings and murders dating to 2015 continues to decline. Emanuel emphasized and police officials agree that using the latest in IT, including video surveillance and computer analysis of incidents, is reducing violent crime in the city.

Last year, CPD created six Strategic Decision Support Centers (SDSCs) at police stations, essentially local nerve centers for its high-tech approach to fighting crime in areas where incidents are most prevalent.

Jonathan Lewin, chief of CPD’s Bureau of Technical Services, revealed plans to expand the number of centers at the recent CES 2018. Effective immediately, CPD will add four additional SDSCs, Lewin told an audience of more than 100 on Jan. 11 at the consumer electronics show in Las Vegas.

“I’m happy to say that in the first six districts that went live, we were able to tie together a range of technology into a single platform,” Lewin said during a discussion of “Paving the Way for Connected Emergency Vehicles.”

Connecting features like predictive mapping and policing, gunshot detection, surveillance cameras and citizen tips lets police identify “areas of risk, and ties all these things together into a very consumable, very easy to use, very understandable platform,” said Lewin.

“The predictive policing component … the intelligence analyst and that daily intelligence cycle, is really important along with the room itself, which I didn’t talk about,” Lewin said in an interview.

P2P Botnet

This unusual new IoT botnet is spreading rapidly via peer-to-peer communication

A new Internet of Things botnet is the first of its kind to use custom-built peer-to-peer communication to spread to new targets.

Dubbed Hide 'N Seek (HNS) by the researchers at security company Bitdefender, the botnet first appeared in early January before disappearing then re-emerging on January 20.

The botnet communicates between devices using a decentralised peer-to-peer mechanism. It uses the same exploit as the Reaper botnet to infect devices, although there's currently no indication that the two armies of hijacked machines are related.

While Hide 'N Seek isn't the first botnet to have a peer-to-peer element -- the Hajime botnet used P2P architecture -- but rather than being constructed around a existing BitTorrent protocol, HNS uses a custom-built P2P system.

Equipped to carry out commands including data exfiltration, code execution, and interfering with a device's operation, initial reports said 2,700 devices were infected by the malware as of the end of January 23.

Now, under 48 hours later, the figure is thought to be over 24,000, and the botnet has spread around the globe. This is a network which just days ago was only made up of 12 devices in South-East Asia.