July 21, 2022

Cyber-tales from the dark (and light) side: audacious crypto hack, K goes neuromorphic, and how to enter a data-center via a… toilet!

Hi folks!

For those still sweating it out in the office, not lucky enough to have left for some serious digital detox vacationing, herewith, to keep your mind off the heat, some juicy iNews, aka Dark (and Light) Tales from the Cyber Side – yet more extraordinary, hard-to-believe stories from the world of cybersecurity.

Crypto-decrepito

The gaming community will no doubt recall how, this spring, Axie Infinity, the online crypto-game (perhaps most notable for permitting virtual winnings to be exchanged into real money), suffered one of the largest robberies of all time. It appears highly likely that North Korean hackers broke into the Ronin blockchain that controls the game, and proceeded to steal around $625 million (the exact figure varies depending on the source) from users’ accounts! The incident went unannounced for a time, highlighting the vulnerability of the game’s security system, and putting the reputation of its developer behind – Sky Mavis – on the line too.

Oh my gigantic sum! But wait – that’s not all; there’s more!…

Earlier this month it was revealed precisely how the hackers managed to break into the blockchain. Are you sitting down?!…

Several months ago fake employees of a fake company on LinkedIn sent info about fake job vacancies to employees of Sky Mavis. A senior Axie Infinity developer decided to apply. He even got through several rounds of (fake) interviews, after which he was offered an extremely attractive (fake) salary and benefits package. Basically, he was made an offer he couldn’t refuse.

Said offer eventually arrived in the developer’s inbox in the form of a pdf document, which he had no qualms about downloading and opening on his work computer. And that was that – the bad guys were in. Henceforth it was all just a matter of technique: an espionage program infiltrated Ronin, via which they were able to seize four of the nine validators that protect the network. Access to the fifth validator (needed to complete the hack and then steal all the money) was gained by the hackers via the Axie Decentralized Autonomous Organization – a group set up to support the gaming ecosystem. Result – bingo; jackpot!

Though the hack didn’t lead to a direct theft of tokens, Sky Mavis still had to temporarily freeze all gamers’ accounts, and the company worked with law enforcement agencies, cryptographs and investors, to make sure that all losses were fully reimbursed. Ah yes – one other thing: remember the developer who applied for the fake job? He was fired. Shocker!

This tale shows how even the most experienced techies can get caught out by phishing – with grave consequences. Alas, it’s clear that this incident won’t stay unique or even rare – more like it are bound to be on the way; perhaps the main reason: blockchain-based gaming is attracting some seeeerious investment of late. And this, in turn, is bound to attract cybercriminals of all stripes – from low-skilled amateurs to professional APT groups.

A new – neuromorphiK – direction

Our experts are currently actively involved in the development of neural processing units. In line with this, just recently we invested in the start-up Motive Neuromorphic Technologies.

This business direction is a wholly promising one. The architecture of neuromorphic processors is based on the principle of the human brain; they’re much quicker than traditional processors, while consuming much less energy. Basically, they’re just what are needed for processing huge volumes of data, which are getting huger by the day. They’re also just what machine learning technologies are screaming out for. Solutions with neuromorphic chips will be used in the manufacture of drones, face recognition systems, in robotics, for the Internet of Things, in industry, and so on and so forth. You can find details about why we firmly believe neuromorphic processors are the future here.

Btw: we’re also looking for partners to launch pilot schemes using the “Altai” neurochip. Interested? Let us know!

A literal, physical, backdoor vulnerability!

To finish – some irony…

I’m referring to the seemingly funny (at first glance) story of a resourceful pentester who managed to penetrate a data storage and processing center via… a toilet!

Having studied the floorplans of the data-center building during a penetration test, the InfoSec specialist found that along – behind – the back wall of a floor’s gents’ restrooms there’s a narrow service corridor for plumbers (“only”!) to use for access to the toilets in the cubicles that line that wall. All would be as per the norm but… it turned out that this workman’s corridor connected unprotected spaces of the data center with (extremely highly!) protected ones.

Thus, the pentester was able to enter, unhindered, through into the “secure” area via a door at the back of the disabled cubicle that backed out onto to the passage. He bypassed cylinder man-trap gates that included surrendering all digital devices too. And this gaping hole in security in a “high-security” facility is/was viewable in publicly accessible planning documents! Alas – again, I can’t say such absurd security lapses are rare; they just seem to be rarely reported. That doesn’t make the tale any less juicy (thus, its inclusion here:).

And that all for today folks. Now I’m headed out on a lengthy vacation (pics and text, afterward!). And I hope you’ll be doing something similar soon too. Just… try not let the heat go to your head ).

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email
  • No, thanks

READ COMMENTS 0
Leave a note
Facebook

April 17, 2024

1500km on the R504: devilish cold; snow, ice and hoar.

There are many different kinds of roads and highways. There are straight and there are winding; there are smooth and there are bumpy; there are fast-moving and there are snail’s pace; there are ordinary and there are beautiful (rather: ordinary, pretty, beautiful, and mind-blowing). There are plenty of beautiful roads around the world – most […]

April 16, 2024

Water, outside, not frozen – below -40°C. How?!

Our friend, the Far North – even in winter (and up there, in northern Yakutia, even March is winter). The extended winter of the North is a kingdom of eternal snow and ice, extreme cold, and endless white expanses. All the same – and you won’t believe this – you can find H2O in liquid form […]

April 12, 2024

You’ve heard of a road trip. But what about an ice-road trip?!

You’ve had your intro posts already; now, if there are no questions from the audience, I’ll proceed to my next tale from the Far Northern side, which could have been titled “Yakutian ice roads heading north from Kolyma Highway“. But first, I think – an explainer… What is an ice road? And what’s a winter […]

April 9, 2024

My friend, the North. Yakutsk-Tiksi-Yakutsk 2024.

Hi folks! Last week I completed quite possibly my most mind-blowingly awesome trip up to the Far North – from Yakutsk in a northeasterly direction and then further north to Russia’s northern coast. You’ve had a few intro-posts on the expedition already; now for a (slightly) deeper dive… My regular readers will know well how […]

April 4, 2024

Yakutian winter roads, photoshoots on frozen rivers, and 4×4 and other good fun.

Hi folks! You’ve had your aperitifs, finger-nibbles, and soup (one, two, and April 1); now for… a salad starter!… How long have we been road-tripping on Yakutian highways and winter roads? Oh – three weeks already! Time to be heading back home I guess… As usual for my expeditions, I’ve taken a ton of photos […]

April 2, 2024

Far-North Road-Trip 2024: onward – northward!

The internet connection here is really unstable – coming and going all day long. Just now it’s available though, so here’s my next mini-tranche of Siberian on-the-road/wilderness pics: These photos are of a winter road upon a frozen river. As you can see – sunny and cloudless: a beautiful day indeed. The internet’s disappeared again […]

More

Travel Vlog

You might also like…