Tag: years | SpinSafe

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

April 14, 2024/in Computer Security

Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.

Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.

“At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks,” the U.S. Department of Justice (DoJ) noted at the time.

While the name of the company was not disclosed, he was residing in Manhattan, New York, and working for Amazon before he was apprehended.

Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange’s smart contracts to insert “fake pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he was able to withdraw.

Subsequently, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to alert law enforcement about the flash loan attack.

It’s worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a “white hat” bounty.

Ahmed has also been accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning $3.6 million in the process, ultimately leading to its shutdown.

“Ahmed used an exploit he discovered in Nirvana’s smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow,” the DoJ said.

“He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach…

Source…

Former Amazon Security Engineer Sentenced to Three Years in Crypto Hacking Case

April 13, 2024/in Computer Security

U.S. District Judge Victor Marrero of the Southern District of New York on Friday sentenced former Amazon security engineer Shakeeb Ahmed to three years in prison in connection with a cryptocurrency hacking scheme.

Ahmed, 34, pleaded guilty to one count of computer fraud in December, acknowledging that he hacked two crypto exchanges and stole more than $12 million in cryptocurrency in the summer of 2022. He was ordered to forfeit about $12.3 million and pay more than $5 million in restitution.

Source…

Identity Thief Lived as a Different Man for 33 Years

April 6, 2024/in Computer Security

It’s been a week since the world avoided a potentially catastrophic cyberattack. On March 29, Microsoft developer Andres Freund disclosed his discovery of a backdoor in XZ Utils, a compression tool widely used in Linux distributions and thus countless computer systems worldwide. The backdoor was inserted into the open source tool by someone operating under the persona “Jia Tan” after years of patient work building a reputation as a trustworthy volunteer developer. Security experts believe Jia Tan is the work of a nation-state actor, with clues largely pointing to Russia, although definitive attribution for the attack is still outstanding.

In early 2022, a hacker operating under the name “P4x” took down the internet of North Korea, after the country’s hackers had targeted him. This week, WIRED revealed P4x’s true identity as Alejandro Caceres, a 38-year-old Colombian American. Following his successful attack on North Korea, Caceres pitched the US military on a “special forces”-style offensive hacking team that would carry out operations similar to the one that made P4x famous. The Pentagon eventually declined, but Caceres has launched a startup, Hyperion Gray, and plans to further pursue his controversial approach to cyberwarfare.

In mid-February, millions of people lost internet access after three undersea cables in the Arabian Sea were damaged. Some blamed Houthi rebels in Yemen, who had been attacking ships in the region, but the group denied it had sabotaged the cables. But the rebel attacks are still likely to blame—albeit, in a bizarre way. A WIRED analysis of satellite images, maritime data, and more found that the cables were likely damaged by the trailing anchor of a cargo ship that the Houthi rebels had bombed. The ship drifted for two weeks before finally sinking, crossing paths with the cables at the time they were damaged.

The myth that Google Chrome’s Incognito mode provides adequate privacy protections can finally be put to rest. As part of a settlement over Google’s Incognito privacy claims and practices, the company has agreed to delete “billions” of records collected while users browsed in Incognito mode. It will also further clarify how…

Source…

Google on why it decided to offer 7 years of Android, security updates on Pixel 8 series

March 31, 2024/in Mobile Security

Google Pixel 8 series launch announcement was a bit of a sweet surprise for potential buyers as the company promised 7 years of OS and security updates. Apart from a bunch of AI magic tricks and quarterly feature drops, Google went ahead with this USP to make Pixel phones stand-out from a sea of Android smartphones. Recently, one of the company executives spoke about it and why it was done.

Seang Chau, vice president – Devices & Services Software, said during a podcast that Google has active user data of its Pixel users which suggests that most people use one model for multiple years.

“So when we look at the trajectory of where the original Pixel that we launched in 2016 landed and how many people were still using the first Pixel, we saw that actually, there’s quite a good active user base until probably about the seven-year mark,” Chau said.

According to the executive, when Google realised that people have been using the phones for as long as six years, the company decided that it will support Pixel 8 and later models with a total of 7 years of OS and security updates.

How Google is able to promise this change
One of the major changes that Pixel smartphones have seen since Pixel 6 onwards is the Tensor SoC – designed by Google to undertake AI tasks and machine learning models, giving it a better control on features.

But 7 years is a long time in the smartphone industry, and to tackle hardware limitations, Chau said that by keeping features software-based, Google aims to extend the usability of older devices, allowing them to benefit from new features without needing hardware upgrades.

Recently, it was announced that Pixel 8 is also going to get some AI features that were available on Pixel 8 Pro.

Source…

Tag Archive for: years