Tag: engineer | SpinSafe

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

April 14, 2024/in Computer Security

Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.

Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.

“At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks,” the U.S. Department of Justice (DoJ) noted at the time.

While the name of the company was not disclosed, he was residing in Manhattan, New York, and working for Amazon before he was apprehended.

Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange’s smart contracts to insert “fake pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he was able to withdraw.

Subsequently, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to alert law enforcement about the flash loan attack.

It’s worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a “white hat” bounty.

Ahmed has also been accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning $3.6 million in the process, ultimately leading to its shutdown.

“Ahmed used an exploit he discovered in Nirvana’s smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow,” the DoJ said.

“He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach…

Source…

Former Amazon Security Engineer Sentenced to Three Years in Crypto Hacking Case

April 13, 2024/in Computer Security

U.S. District Judge Victor Marrero of the Southern District of New York on Friday sentenced former Amazon security engineer Shakeeb Ahmed to three years in prison in connection with a cryptocurrency hacking scheme.

Ahmed, 34, pleaded guilty to one count of computer fraud in December, acknowledging that he hacked two crypto exchanges and stole more than $12 million in cryptocurrency in the summer of 2022. He was ordered to forfeit about $12.3 million and pay more than $5 million in restitution.

Source…

Ex-CIA computer engineer gets 40 years in prison for giving spy agency hacking secrets to WikiLeaks

February 6, 2024/in Computer Security

NEW YORK — A former CIA software engineer was sentenced to 40 years in prison on Thursday after his convictions for what the government described as the biggest theft of classified information in CIA history and for possession of child sexual abuse images and videos.

The bulk of the sentence imposed on Joshua Schulte, 35, in Manhattan federal court came for an embarrassing public release of a trove of CIA secrets by WikiLeaks in 2017. He has been jailed since 2018.

“We will likely never know the full extent of the damage, but I have no doubt it was massive,” Judge Jesse M. Furman said as he announced the sentence.

The so-called Vault 7 leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations, and efforts to turn internet-connected televisions into listening devices. Prior to his arrest, Schulte had helped create the hacking tools as a coder at the agency’s headquarters in Langley, Virginia.

In requesting a life sentence, Assistant U.S. Attorney David William Denton Jr. said Schulte was responsible for “the most damaging disclosures of classified information in American history.”

Given a chance to speak, Schulte complained mostly about harsh conditions at the Metropolitan Detention Center in Brooklyn, calling his cell, “My torture cage.”

But he also claimed that prosecutors had once offered him a plea deal that would have called for a 10-year prison sentence and that it was unfair of them to now seek a life term. He said he objected to the deal because he would have been required to relinquish his right to appeal.

“This is not justice the government seeks, but vengeance,” Schulte said.

Immediately afterward, the judge criticized some of Schulte’s half-hour of remarks, saying he was “blown away” by Schulte’s “complete lack or remorse and acceptance of responsibility.”

The judge said Schulte was “not driven by any sense of altruism,” but instead was “motivated by anger, spite and perceived grievance” against others at the agency who he believed had ignored his complaints about the work environment.

Furman said Schulte continued his crimes from behind bars by trying to leak more classified materials and by creating a hidden…

Source…

Amazon Security Engineer Arrested and Accused of Hacking Crypto Exchange

July 12, 2023/in Computer Security

Looks like trouble is brewing for a top-notch cybersecurity whiz at Amazon. Shakeeb Ahmed, a former security engineer, finds himself in hot water as federal prosecutors allege that he skillfully used his hacking expertise for malicious purposes. The accusation? Mr. Ahmed allegedly orchestrated a scheme to pilfer a staggering $9 million in assets from a cryptocurrency exchange last summer and then tried to conceal his ill-gotten gains through a web of online trickery.

Authorities apprehended the 34-year-old tech aficionado in Manhattan on Tuesday, charging him with wire fraud and money laundering. Although officials refrained from disclosing the name of Ahmed’s former employer, they did describe him as a “former security engineer” for an undisclosed “international technology company.” According to the allegations, Ahmed exploited a vulnerability in the smart contract of an unnamed Solana-based crypto exchange, enabling him to generate a massive $9 million in fraudulent fees. These fees were meant to be rightfully disbursed to platform customers who contributed substantial liquidity. However, Ahmed supposedly manipulated the software by injecting false price data, essentially conjuring money out of thin air. Additionally, he stands accused of attempting to squeeze more funds out of the exchange using “flash loan” attacks—a type of crypto exploit.

Initially, the company where Ahmed previously worked remained shrouded in mystery, as officials declined to reveal any details. However, cybersecurity blogger Jackie Singh shed some light on the matter on Tuesday evening. Singh claimed that Ahmed had been an employee at Amazon, citing various online profiles seemingly connected to the security expert.

Curious to learn more, Gizmodo reached out to Amazon for clarification regarding Ahmed’s employment. A spokesperson confirmed that Ahmed was no longer working for the company, although they couldn’t provide further insights into his role at the tech giant.

According to a LinkedIn profile matching Ahmed’s description, he held the position of “Senior Security Engineer” at Amazon and had been with the company since November 2020. The profile…

Source…

Tag Archive for: engineer