The Canada-based cryptocurrency exchange QuardigaCX has suffered a major setback after the untimely death of its founder and CEO Gerald Cotten. Apparently, Cotten had exclusive and crucial information about the exchange’s password. Now that the CEO is no more, the exchange claims to have lost access to an exorbitant virtual currency amount that totals around $145 million (CAD 190 million).

Cotton died in December last year in India. The company stated that Cotton died “due to complications with Crohn’s disease on December 9, 2018, while traveling in India, where he was opening an orphanage to provide a home and safe refuge for children in need.”

Gerald Cotten

For your information, QuadrigaCX is Canada’s leading and largest Bitcoin exchange. The exchange, unfortunately, cannot access its cold storage or offline wallets because they simply don’t know the password. The only person who knew, Cotten, is dead. As a result, the exchange has filed for legal protection in the Nova Scotia Supreme Court to address liquidity issues.

According to CoinDesk, the exchange is seeking legal protection because it cannot repay $190 million ($250 million CAD) to its creditors in client holdings.

The exchange, explains Cotten’s widow Jennifer Robertson in a sworn affidavit, has to pay funds to its creditors in cryptocurrency and fiat money but it can only access a meager amount stored in the Hot wallet. Therefore, the court should get the exchange enough time from its creditors for repayment until it finds a way to access the frozen funds. The company stored most of its funds in a cold wallet to prevent hackers and cybercriminals from stealing it. The website of QuadrigaCX is also inactive as of now.  

The cold wallet is a physical device that doesn’t hold any connection to the internet. According to Robertson, her late husband didn’t share any information about the password and neither does any other member of the team can access the cold wallet. Although she has Cotton’s laptop she cannot decrypt the password and a technical expert hired by the firm also couldn’t bypass the device’s encryption. Cotten also hasn’t left behind any business records, revealed Jennifer Robert

Some people are speculating that the funds have been moved since the case received a lot of public attention but there is no evidence to prove the claim. Furthermore, people doubt that the sudden death of the firm’s CEO is also fake news circulated to create an exit scam. However, Cotten’s death certificate has already been presented to the court in the filings.

On the other hand, a crypto researcher and analyzer called Crypto Medication conducted a detailed blockchain assessment of the company’s TX IDs, coin movements, and addresses and declared that the company doesn’t own “identifiable cold wallet reserves.”

“The number of Bitcoins in QuadrigaCX’s possession is substantially less than what was reported in Jennifer Robertson’s affidavit, submitted to the Canadian courts on January 31st, 2019,” wrote Crypto Medication.

Nonetheless, one thing is clear that if the password is never decrypted, a large number of cryptocurrency owners having funds in the QuadrigaCX wallet might not be able to get their funds back.

A New malware codenamed "CookieMiner" is targeting users of Apple devices. The malware is targeting the browser cookies of cryptocurrency exchange websites, cryptocurrency wallet websites and the corresponding credentials saved in the safari and chrome browsers.

Once the malware has infected the target system, it uses a shell script to scan the Safari and Chrome browsers for cookies that belong to known cryptocurrency exchanges and wallets including Binance, Bittrex, Bitstamp, Coinbase, Poloniex and MyEtherWallet, It then creates copies of the selected cookies and uploads them to the attackers server.

Next the malware runs a Python script called “harmlesslittlecode.py” to scan the browsers local storage folders to locate and extract saved account credentials and payment card information. In this Python script you can see that the attacker is targeting Visa, Mastercard, American Express, and Discover payment cards specifically (See attached image).

The malware then attempts to access text message data located in itunes backups to circumvent multi-factor authentication of the users account, To then gain full access to the victims cryptocurrency accounts and perform transactions on the victims behalf, on the victims own device without their knowledge.

Once the malware has completed its primary objective of locating and extracting the victims credentials as per the instructions from the command and control (C&C) server, A CPU optimised cryptocurrency miner that uses the "Yescrypt" algorithm, is downloaded that mines a fork of Zcash (ZEC) called koto (KOTO).

To persist the infection and maintain its foothold on the compromised device, The malware is using the post-exploitation package called "EmPyre", to maintain a permanent backdoor for remote control of the victims device.

With this backdoor inplace it is possible that the attacker can supply the compromised device with updates or additional exploits in the future. A list of the known Indicators Of Compromise (IOC), The Command and Control (C&C) server details, and the exploits used are listed in the comments below.

If you are a Mac or iPhone user, Please do not think that your devices are insusceptible to vulnerabilities or attacks from parties with malicious intent. Apple devices are not the 'be all and end all' of security that naive sales persons and users have led you to believe that they are. All consumer devices are vulnerable to attack if they are not maintained properly by the developers and the user.

As i ealier posted,you can see now!!!Some of the workers of these telecom companies are accomplices to and in some crimes. For example ,how do mobile money agents get conned using these networks?

1. 
   
2. 
   
3. 
   
4. Home
5. News
6. National

MTN staff deportation triggers Rwanda protest

WEDNESDAY JANUARY 23 2019

    

 

 

A photo montage of MTN Uganda’s Chief Marketing Officer, Mr Olivier Prentout and the general manager Sales and Distribution, Ms Annie Tabura.  

ADVERTISEMENT

By Monitor team

Kampala- Security sources have said the two MTN Uganda senior officials were deported after intelligence agencies intercepted their communication to “a dangerous foreign group and persons” deemed a threat to the country’s security.

But the claim provoked a protest from the Rwandan mission in Kampala who accused Uganda of deporting several Rwandans under dubious circumstances.

The MTN Uganda chief marketing officer, French national Olivier Prentout, was arrested on Saturday at Entebbe airport on arrival from a business trip and deported while Rwandan national Annie Bilenge Tabura, the telecom’s head of sales and distribution, was deported on Monday.

“They were in regular contact with bad people,” a security source said but declined to reveal further detail. This newspaper, however, was unable to independently verify the claim.

Yesterday, MTN Uganda issued a statement about the incident but offered nothing more than confirming the deportation.

The telecommunication company did not also give details of the allegations against its officials. The statement said Ms Bilenge was arrested by unidentified security personnel upon arrival at the MTN headquarters in Kololo.

Related Content

• Museveni orders UCC to explain MTN licence fees
• Uganda deports two MTN expatriates over compromising national security
• MTN Uganda in regulatory limbo

“Both Mr Prentout and Ms Bilenge have been deported from Uganda to their home countries, France and Rwanda respectively. MTN Uganda, together with all its employees, remains fully committed to operating within and respecting the laws of the country,” the statement said.

The two officials were reportedly returning from an MTN Group meeting in Rwanda.

Security agencies were tight-lipped on the matter.
No government official explained how the two MTN foreign officials had allegedly worked clandestinely to jeopardise Uganda’s security.

When asked about the cause of the deportation, the Uganda People’s Defence Forces (UPDF) spokesperson, Brig Richard Karemire, deflected the responsibility to police.

“That’s a police issue. They have already issued a statement on that,” he answered.

Other security sources said the duo is suspected to have been intercepting calls of government officials, business people and sharing their conversations with security agencies of foreign countries.

“They have been working with a leading telecom company and could use the telecom’s devices to tap calls of government officials. This has been going on for a while and a team of IT experts were assigned to track them down,” a senior security source said. We were also unable to verify this allegation.
The source further said when Mr Prentout arrived at the airport, he was led into a room where he was interrogated for two hours by police officers and security operatives in civilian clothes.

Rwanda’s High Commissioner to Uganda, Maj Gen Frank Mugambage, yesterday said he did not know why the Rwandan national had been deported.
“What is the case against her? Ask them. The right people to tell you what she was arrested and deported for are “them” (Uganda government),” Maj Gen Mugambage said.

He said Ms Bilenge is not the first Rwandan to be deported by the Uganda government, adding that several Rwandans have suffered the same fate under unclear circumstances.

“I have written to them [Uganda government] and asked why they are deporting Rwandans. I have not got any answer,” Maj Gen Mugambage said.
The immigration spokesperson, Mr Jacob Siminyu, only said the deportations were done correctly and followed the legal procedure. He declined to reveal further details.

When asked why people deemed to have endangered national security would not be arrested and prosecuted instead of deportation, he referred Daily Monitor to the deputy police spokesperson, Ms Polly Namaye.

Ms Namaye had earlier issued a statement which did not offer more than confirming the deportation on account of undermining national security.

“This is to inform the general public that security agencies in close coordination with immigration officials have been investigating two foreign nationals working with a leading mobile telecom company over their engagements in acts which compromise national security,” the statement said.

“We strongly believe that the deportation of the two foreigners, who were using their employment as tools to achieve their ill motives, has enabled us disrupt their intended plans of compromising our national security,” Ms Namaye added.

A security expert at a diplomatic mission in Kampala said MTN data centre in Uganda also keeps information from Rwanda and there were allegations that the deported officers were using call data to track communication between security agencies of both countries.

Sources in MTN said they suspect the telecom company was being targeted by government.

They said government has delayed to renew their operating licence and given the past raid on their data centre and persistent accusations of tax evasion to suggest the deportation was motivated by other factors other than the alleged undermining of national security.

On October 28, 2018, President Museveni wrote to Uganda Communications Commission demanding an explanation why the fees for renewal of MTN Uganda’s operating licence had been reduced from the original $100m (about Shs370 billion) to $58m (about Shs217b).

As of June last year, MTN commanded the largest share of mobile phone subscribers in Uganda at 10.5 million.

Mr Museveni also questioned UCC why it revised the licence fees without involving Ministry of Finance and Uganda Revenue Authority.

In the same letter to UCC, Mr Museveni said government was aware that MTN Uganda was under-declaring its profits and repatriating them.

In the past he has accused telecom companies of under-declaring to URA, the number of calls their subscribers make on their networks.

Take alook at some of these phone numbers?

Money fraudsters

+256706088605

+256782520243

+256700280768

+256771619125

....

Privacy violation

0779916876

0772120478

0771952364

0772423645

Check if this ip address has ever intruded in your email?Can any hacker tell me exactly where this ip address can be tressed?

Someb times i hace to play victim to get knowledge about what i need.


NetRange: 107.64.0.0 - 107.127.255.255
CIDR: 107.64.0.0/10
OriginAS:
NetName: ATT-MOBILITY-LLC
NetHandle: NET-107-64-0-0-1
Parent: NET-107-0-0-0-0
NetType: Direct Allocation
RegDate: 2011-02-04
Updated: 2012-03-20
Ref: http://whois.arin.net/rest/net/NET-107-64-0-0-1

OrgName: AT&T Mobility LLC
OrgId: ATTMO-3
Address: 1025 Lenox Park Blvd NE
Address: 5th Floor
City: Atlanta
StateProv: GA
PostalCode: 30319-5309
Country: US
RegDate: 2008-10-10
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/ATTMO-3

OrgAbuseHandle: CINGU-ARIN
OrgAbuseName: Cingular DNS
OrgAbusePhone: +1-770-360-8171
OrgAbuseRef: http://whois.arin.net/rest/poc/CINGU-ARIN

OrgTechHandle: CINGU-ARIN
OrgTechName: Cingular DNS
OrgTechPhone: +1-770-360-8171
OrgTechRef: http://whois.arin.net/rest/poc/CINGU-ARIN

You can check if your password is among

It’s a whopping 87GB data – Find out if you are affected by the massive data breach.

Security researcher and founder of Have I Been Pwned, Troy Hunt, has revealed that around 773 million ‘unique’ email IDs and 22 million ‘unique’ passwords were available on MEGA cloud service. Later on, the same data was found posted on a famous hacking forum which indicates that hackers have already downloaded their copy.

See:

Here is a list of top 25 worst passwords of 2018

In his blog post, Hunt wrote that there are nearly 12,000 separate files and over 87GB of data stored in the database dubbed Collection #1. Hunt has uploaded the email IDs on his site, which totaled around 772,904,991 files and 2,692,818,238 rows.

Credit: HIBP

The hackers can use this data to compromise numerous services on different websites through credential stuffing attacks. They can also use bots to test countless email IDs and password combos automatically on a wide range of login pages on various sites.

The concerning part of this incident is that the hacker has already cracked the hashing on the stolen passwords and hence, they are easy to use now since they are dehashed, that is, available in plain text. It is worth noting that the passwords weren’t cryptographically hashed at the time of hacking.

Hunt wrote in his blog post that Collection #1 contains accurate personal data including his own credentials.

“Right email address and a password I used many years ago. In short, if you’re in this breach, one or more passwords you’ve previously used are floating around for others to see,” wroteHunt.

The screenshot shows data is available on MEGA (Credit: HIBP)

Another concerning aspect is that this is another massive data breach and quite different from Yahoo or even Equifax because the credentials aren’t limited to any particular website. Hackers have managed to collect data from multiple services including 2,000 databases. Hence this is the “single largest breach ever to be loaded into HIBP,” claims Hunt in his blog.

See:

 Unprotected MongoDB leaks resumes of 202M Chinese job seekers

If you are one of the 2.2 million affected people and use the Have I Been Pwned website, you should have received a notification already because around half of the site’s users (roughly 768,000) are affected by this data breach. If you don’t use the website and want to know if your email ID is part of the breach, just visit the site and type in your email ID and search. 

If your email ID is part of this or any other data breach you will know right then and there. To confirm if your password is safe or compromised, check it separately on Pwned Passwords, which is another feature that the website offers

How long is going to take facebook to electify this?why would one similar mobile phone number be used to login to more than 2 different facebook accounts?

How long is phone number supposed to apend before it gets discovered that it's associated qith another's account????as you see in the pictures, 0789407795 can be used to login to more than two different accounts.. If facebook sends you a code to confirm a number ,just do not enter the code and the number will be kept pending but will be used as a login id to another different account evwn if it may be belonging and confirmed with another account.. Now ,look at the phone number 0706898585,Facebook gets to know that its associated wih another account but does nothing from prohibiting it to be a login id to another account

Alot of credential data dump found on dark web

As per the report from Heise.de, a German-language website, the first collection, which was published on January 17 and dubbed as Collections #1 had approx. 770 million or 772,904,991 unique email IDs of people. It also had 22 million usernames and passwords spread across 2,692,818,238 spreadsheet rows contained in 12,000 files.

See: A Trove of 1.4 Billion Clear Text Credentials File Found on Dark Web

The second collection of data is named Collections #2-5 and has been posted on Interweb. It contains 2.2 billion usernames and passwords and includes roughly 845GB of stolen data. The data includes 25 billion records but according to researchers most of the leaked accounts are duplicated, and might have been collected from previous data dumps. However, even if the duplicate accounts are left out, the size of the new data dump is much larger (at least three times large) than Collections #1.

According to a report from Wired, a researcher associated with the Hasso Plattner Institute noted that despite having duplicate content, the new data leak is probably larger than any published in the past because it still contains unique, new credentials in the majority.

Who posted the data? This question is still a mystery but researchers believe that the hackers might have collected the data from many low-key websites. Nonetheless, the appearance of old credentials once again in a massive, fresh data dump does make the targeted users around the world vulnerable because most people use the same credentials to access their accounts on different services.

Interestingly, instead of selling the data on underground forums like the dark web, the hackers behind the Collections data leak are offering such a massive number of unique credentials and emails IDs online for free. The databases can be accessed easily as a Mega upload link as well as on different hacking forums.

See: 3,000 Databases with 200 Million Unique accounts found on Dark Web

In a conversation with Wired, Chris Rouland, founder of Phosphorus.io security firm said that while he was downloading data he observed that the same data has been downloaded over 1,000 times already. Moreover, Rouland noticed that over 130 people were involved in making the database available online. Since there are multiple copies of the data online, therefore, it will be much difficult to remove it from the internet for good.

One of the public hacking forums where the latest dumb is available for download.

If you want to check whether your account details are part of the new data dump called Collections #2-5, you need to use the tool available at Hasso Plattner Institute’s website and enter your email ID. If the tool identifies your ID to be part of the new data collection, it will notify you via email. You can also use Identity Leak Checker developed by Hasso Plattner Institute if your email and passwords were part of a recent data breach.

Hungary’s Prosecution Service has accused an ethical hacker and computer specialist of infiltrating the Magyar Telekom database. The office found him involved in a crime that disrupted the operations of a “public utility” thereby attempting to endanger the society.

Reportedly, the hacker identified serious vulnerabilities in Magyar Telekom and reported them to the company. He was arrested for that and is now facing a sentence of several years in prison.

The Hungarian Civil Liberties Union (HCLU), human rights NGO, is defending the hacker and claims that the indictment file isn’t complete. On the other hand, the statement from the NGO was rejected by the Jász-Nagykun-Szolnok County Prosecutor’s Office.

See: “Good hackers” took over a billboard to send security warning

Magyar Telekom is a prominent telecommunications company in Hungary. The company complained against the hacker, who reported them about a vulnerability in the company’s systems in April 2018. The hacker proposed the idea of cooperating with the company in dealing with the situation when he was called for a meeting but this collaboration was never materialized.

The hacker continued to investigate the company’s networks. Later in May, the hacker identified another vulnerability, which he explained can be used to access the public and retail mobile and data traffic if exploited and can also help in monitoring T-Systems’ servers.

That day, Magyar Telekom filed a complaint about an unknown attacker probing their system, which eventually led to his arrest. The trial commenced this week and the Prosecutor’s Office is seeking a prison sentence. The HCLU, however, alleges that since the indictment files aren’t complete because these lack the time and place of the event and it isn’t clear what actually happened and what the accused did to the systems of the company.

Another strange fact is that the Prosecutor’s Office has offered the accused a rather unexpected and unusual plea bargain, according to which if he pleads guilty the court will suspend his sentence for two years and if he doesn’t then he might be facing five years in prison.

See: 10-year-old Kid Hacks Instagram, Gets $10,000 Reward from Facebook

The accused refused to plead guilty and rejected the plea bargain offer, after which the Prosecutor’s office changed the details of his crime in the indictment with that of causing disruption to a public utility’s operations with his actions. He is now facing up to eight years in prison.

“The hacker, beyond the limits of ethical hacking, launched new attacks after the first attack, and began to crack additional systems with the data he had acquired so far,” the company told Napi.hu.

The HCLU maintains that ethical hackers cannot be held responsible for identifying vulnerabilities because they are working for the welfare of the society. However, the Prosecutor’s Office claims that the accused crossed the line and his actions threatened the society, so, he should face the consequences under criminal law