Cryptocurrency

U.S. authorities go after another crypto mixer


Welcome to The Cybersecurity 202! Pretty much any occasion makes me think of an episode of “It’s Always Sunny in Philadelphia,” but writing today’s newsletter had me thinking of one in particular the whole time. Those who watch the show know what I mean.

Was this forwarded to you? Sign up here.

Below: The federal government stops warning some tech companies about foreign disinformation, and lawmakers sound off on attaching a spying power to a key defense bill. First:

Authorities go after another cryptocurrency mixer, which they say North Korean hackers used to launder stolen crypto

The U.S. Treasury Department on Wednesday sanctioned what it said was a favored money-laundering tool for the infamous North Korean government-connected hacking outfit, the Lazarus Group, that’s been behind high-profile crypto heists.

Besides the sanctions against the crypto mixing service, known as Sinbad, a message appeared on its website saying it had been seized as part of an international law enforcement operation.

It’s the newest blow that authorities have struck against a number of big-name crypto mixers in the name of stifling hackers. The targeted mixers have resisted allegations that their tools — which pool digital assets to obscure their owners — are anything other than a legitimate method of preserving anonymity.

“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” Deputy Secretary of the Treasury Wally Adeyemo said. “The Treasury Department and its U.S. government partners stand ready to deploy all tools at their disposal to prevent virtual currency mixers, like Sinbad, from facilitating illicit activities. While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors.”

Lazarus Group has a pretty long rap sheet. Lately, it’s made its name with big-time cryptocurrency theft.

They were behind a hack of the “Axie Infinity” game last year, authorities said, that netted it more than $600 million. Authorities also said Lazarus Group stole $100 million in last year’s Horizon Bridge hack.

More recently this year, blockchain analysis firm Elliptic said, Sinbad has been used to launder hacked proceeds of a $41 million theft from Stake.com and a $70 million theft from CoinEx.

By way of overview, here’s Sinbad’s role, according to Treasury:

  • “Sinbad is responsible for materially assisting in the laundering of millions of dollars in stolen virtual currency and is a preferred mixing service for the Lazarus Group,” Treasury said in a news release. “Sinbad operates on the Bitcoin blockchain and indiscriminately facilitates illicit transactions by obfuscating their origin, destination, and counterparties.”
  • Additionally, according to Treasury, “Sinbad is also used by cybercriminals to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.”

Sinbad’s creator, “Mehdi,” told Andy Greenberg of Wired this year that the fact that Sinbad operated in the open, as opposed to being hidden on the Tor network, was evidence of its benevolence.

  • “Sinbad is present in clearnet because it doesn’t do anything bad,” Mehdi wrote. “I am against total surveillance, control over internet users, against autocracies and dictatorships,” they added. “Every living person has the right to privacy.”
  • Of the $25 million in stolen crypto that blockchain analytics firm Chainalysis saw North Korean hackers send to Sinbad, Mehdi said, “I couldn’t have possibly known about the funds’ sources.” 

As of Wednesday, Sinbad’s website bore a message reading, “This service has been seized as part of a coordinated law-enforcement action between the Federal Bureau of Investigation, the Financial Intelligence and Investigation Service (FIOD) [Netherlands] and the National Bureau of Investigations [Poland] taken against the Sinbad.io cryptocurrency mixing services.”

  • Sinbad didn’t immediately respond to an emailed request for comment from Reuters, which also reported on the sanctions

The Treasury Department’s Office of Foreign Assets Control first sanctioned a virtual currency mixer last year when it took action against Blender.io, which industry experts have called the predecessor to Sinbad.

Last year, it also designated Tornado Cash, alleging that it, too, provided mixing services to Lazarus Group. And this year, OFAC sanctioned two other virtual currency traders accused of working with Lazarus Group.

Tornado Cash users, backed by the Coinbase crypto exchange, sued Treasury over those sanctions, which they said went against their First Amendment and Fourth Amendment rights. But in August, a court granted a summary judgment to the Treasury Department, saying it had the authority to issue the sanctions. The founders of Tornado Cash face other federal government penalties.

Partnerships crumble between Big Tech, federal government over foreign disinformation

The federal government stopped warning some social networks about foreign disinformation campaigns on their platforms, “reversing a years-long approach to preventing Russia and other actors from interfering in American politics less than a year before the U.S. presidential elections,” our colleagues Naomi Nix and Cat Zakrzewski report.

  • “Meta no longer receives notifications of global influence campaigns from the Biden administration, halting a prolonged partnership between the federal government and the world’s largest social media company,” they write, citing senior security officials. “Federal agencies have also stopped communicating about political disinformation with Pinterest, according to the company.”

“The developments underscore the far-reaching impact of a conservative legal campaign against initiatives established to avoid a repeat of the 2016 election, when Russia manipulated social media in an attempt to sow chaos and swing the vote for Donald Trump,” they write.

  • “For months, researchers in government and academia have warned that a barrage of lawsuits, congressional demands and online attacks are having a chilling effect on programs intended to combat health and election misinformation,” our colleagues write. “But the shift in communications about foreign meddling signals how ongoing litigation and Republican probes in Congress are unwinding efforts once viewed as critical to protecting U.S. national security interests.”

The eroded partnerships come “months before voters head to the polls in Taiwan, the European Union, India and the United States,” Naomi and Cat write. “Ahead of the 2024 U.S. presidential race, foreign actors such as China and Russia have become more aggressive at trying to exacerbate political tensions in the United States, while advanced artificial intelligence allows bad actors to easily create convincing political propaganda.”

Lawmakers sound off on attaching spying power extension to national defense bill

A group of 50 lawmakers from both parties are asking congressional leaders to not attach an extension of a soon-to-expire surveillance authority in a must-pass national defense spending bill, Politico’s Jordain Carney reports.

  • The letter spearheaded by Reps. Warren Davidson (R-Ohio) and Zoe Lofgren (D-Calif.) addresses Section 702 of the Foreign Intelligence Surveillance Act, which allows the FBI and National Security Agency to warrantlessly gather the communications of foreign targets. 
  • But those intercepted exchanges sometimes include conversations with Americans, raising skeptics’ fears that American communications are being swept up in the process without proper legal guardrails.

“A temporary extension would be entirely unnecessary, and it would be an inexcusable violation of the public’s trust to quietly greenlight an authority that has been flagrantly abused,” the missive said. 

Carney adds: “Leadership hasn’t publicly indicated they intend to link a short-term extension of the surveillance power to the National Defense Authorization Act. But lawmakers and aides involved in the surveillance debate say they are likely to need more time and pointed to attaching a temporary extension to the defense bill, which also has to pass by the end of the year, as one way to accomplish that.”

The Politico report later continues that Senate Intelligence Committee Chairman Mark R. Warner (D-Va.) declined this week to say if he supports a temporary extension. “It would be disappointing if this authority were to lapse,” he told reporters.

Warner on Tuesday introduced a bill that would keep 702 in place but restrict some FBI authority (a similar proposal was previously circulated by House Intelligence Committee lawmakers). However, the bill does not include a requirement for agencies to obtain a warrant seeking probable cause to conduct queries of the communications database in all cases for U.S. person identifiers, such as their names or phone numbers.

  • The intelligence community says a warrant requirement would muddle its ability to efficiently use the spying tool, but civil liberties groups argue that it’s necessary to protect Americans’ privacy.

Founder of Hacking Team spyware maker reportedly arrested for attempted murder

David Vincenzetti, the founder of now-defunct spyware maker Hacking Team, was reportedly arrested Saturday on allegations that he stabbed and attempted to murder a relative, TechCrunch’s Lorenzo Franceschi-Bicchierai reports.

Vincenzetti, who launched Hacking Team in 2003, “was arrested when police showed up to his apartment after his cousin called the police, local media reported, because he couldn’t reach his wife on the phone,” according to TechCrunch.

  • Franceschi-Bicchierai adds: “Vincenzetti had been out of the public spotlight since 2020, when he declared on his LinkedIn account that Hacking Team was ‘dead.’ A year earlier, Vincenzetti had sold the company, which had rebranded as Memento Labs.”
  • Hacking Team was one of the first players to sell spyware tools to foreign governments, initially starting with Italy but expanding its roster to some 40 nations including Spain and Saudi Arabia. Reports have found that the company’s spyware was used to target journalists and dissidents
  • “Reached by phone, a telephone operator at the San Vittore prison in Milan, where Vincenzetti is reportedly being held, said they could not confirm if Vincenzetti was a detainee nor allow TechCrunch to speak with any detainee,” Franceschi-Bicchierai writes.

La Stampa reported that when he appeared before the judge upon his arrest, Vincenzetti only rambled about his professional life and did not discuss the incident, prompting the judge to have his mental health state examined and remain in jail as a precautionary measure. 

Senators introduce bipartisan legislation ending involuntary facial recognition screening (The Hill)

Arizona officials charged with conspiring to delay midterm election outcome (Yvonne Wingett Sanchez)

Film to tell story of Scottish hacker Gary McKinnon’s fight against U.S. extradition (The Guardian)

Google warns China is ramping up cyberattacks against Taiwan (Bloomberg News)

Chatbot boom has cyber experts racing to counter AI hacking (Bloomberg News)

Google researchers’ attack prompts ChatGPT to reveal its training data (404 Media)

Hacker claims theft of Shadowfax users’ information (TechCrunch)

Google Chrome emergency update fixes sixth zero-day exploited in 2023 (Bleeping Computer)

Google starts deleting dormant accounts Dec. 1. Here’s how to save yours. (Heather Kelly)

  • NIST Director Laurie Locascio speaks about emerging technology governance with Johns Hopkins University at 9 a.m.
  • The Center for Strategic and International Studies discusses North Korea’s purported spy satellite launch at 9:30 a.m.
  • The House Administration Committee marks up a slew of election bills at 10:15 a.m.
  • New America holds a discussion on human rights in the digital age at noon.
  • The House Select Committee on the Chinese Communist Party (CCP) holds a hearing on the “CCP’s Strategy to Shape the Global Information Space” tonight at 7 p.m. 
  • CISA executive assistant director Eric Goldstein speaks at the International Information System Security Certification Consortium’s Secure event tomorrow at 8:30 a.m.

Thanks for reading. You’ll get our next newsletter on Tuesday. See you then.



Source link

Leave a Response