#AxisOfEasy 173: Hackers Target Crypto Exchanges Via Their Domain Registrar

Weekly Axis Of Easy #173


Last Week’s Quote was The smallest bookstore still contains more ideas of worth than have been presented in the entire history of television,” was Andrew Ross, nobody got it.    

This Week’s Quote: “The best cure for overconfidence in your beliefs is to constantly remind yourself that you have experienced less than a tiny fraction of a percent of what has happened in the world. This experience, however, ends up representing nearly 100 percent of how you believe the world works.” By….??

THE RULES:  No searching up the answer, must be posted to the blog.  The place to post the answer is at the bottom of the post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.

In this issue:
  • Hackers target crypto exchanges via their registrar
  • Vatican cries foul after pontiff “likes”  racy pic on Instagram
  • Cybersecurity agency names four state actors as threats to Canada
  • RCMP dragging feet at disclosing data via FOIA requests
  • Swatters target home after hacking their Ring video doorbell
  • Librem 5 phones are finally shipping
  • Large colo provider hit with ransomware attack 
  • Large scale WordPress Epsilon theme attack
  • Now available on the Internet: Music
  • AxisOfEasy Salon #31: The Covid Episode


Hackers target crypto exchanges via their domain registrar

Now that Bitcoin looks to be challenging its all time highs, it’s no surprise that hackers are targeting end users and exchanges alike. In the case of the former we just wrote about a homoglyph attack against Ledger users just last week, and I saw another like homoglyph attack today.

In the latter, we have cases that bear out what I lamented in my first book about managing  domain names and DNS: all the security and disaster preparedness in the world will only work up until the point where the DNS or domain name that underpins it all gets cut off at the knees.

Security reporter Brian Krebs relates how several crypto exchanges have recently been targeted and successfully compromised via their domain registrar, Godaddy. Attackers were able to gain access to the crypto exchangers accounts via social engineering and make changes giving them the ability to intercept email or route the websites to fakes. 

Liquid.com was one of the exchanges targeted and they explained the details in a blog post advising customers to “remain vigilant” whenever they are accessing the platform. Mining pool Nicehash was also affected.

Read: https://blog.liquid.com/security-incident-november-13-2020?=11172020

Registrars also need to remain vigilant, and our new Domainsure platform is built specifically to facilitate that vigilance and actively seek out threats to your platform and users, that are launched via phishing attacks, credential stuffing, homoglyphs and more.

Vatican cries foul after pontiff “likes” racy pic on Instagram

Officials at the Vatican are not amused and are asking questions after a picture posted by Brazilian bikini model on Instagram was “liked” by the Pope Francis official account.

Natalia Garibotto’s pic depicted her in a schoolgirl scenario with an all-too-short miniskirt. According to Vatican officials, early indications were that the like did not originate within the Papacy 😉 but it was unclear whether the official Instagram account had been hacked.

Cybersecurity agency names four state actors as threats to Canada

The Canadian Centre for Cyber-Security has released a report naming four state actors as the largest threats against Canadian interests in the online realm. China, North Korea, Iran and Russia are named as the state sponsored threat actors who are targeting Canada’s critical infrastructure, intellectual property and political events. 

The 2020 National Cyber Threat Assessment enumerates the IT threats to Canadian businesses, individuals and government agencies, it carries the warning that countries like China and Russia are using the Internet  “to turn it into a tool for censorship, surveillance, and state control.”
The centre is a unit within the Canadian Security Establishment (CSE), this country’s top cyber-security agency, our equivalent of the NSA.

Read: https://cyber.gc.ca/sites/default/files/publications/ncta-2020-e-web.pdf

A separate report issued by security firm Symantec details a massive worldwide attack against corporate infrastructures by a Chinese state backed threat actor dubbed Cicada.

Read: https://arstechnica.com/information-technology/2020/11/massive-china-state-funded-hack-hits-companies-around-the-word-report-says/

And: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage

RCMP dragging feet at disclosing data via FOIA requests

A study released by Canada’s Information Commissioner, Caroline Maynar asserts that the RCMP (Canada’s version of the FBI for the foreigners in the house), is failing to respond adequately to Freedom of Information Requests,

“by nearly every measure, the Royal Canadian Mounted Police is failing in terms of its obligation to ensure that Canadians have access to information about its operations and decision-making.”

Ms. Maynar added that neither the agency nor the Trudeau government seems very interested in addressing and fixing the problems. 

Canadians are supposed to be able, at least in theory, to request information from the RCMP and to receive a response within 30 days. However the study found an over 1000% increase in delays pushing response times out past a year and many cases where requests simply end with the agency replying that they have found no information. 

One case is particularly interesting, that of the mass shooting in Nova Scotia that resulted in sweeping new legislation from the Federal government banning so-called “assault rifles” (but also seemingly included websites named after assault rifles).  FOIA inquiries initially yielded no results, until IC Maynar began investigating, at which point thousands of documents were found. Also of note is that a subsequent Macleans piece made a compelling argument that the shooter was a RCMP confidential informant.

Maynar is worried that unless immediate action is taken to rectify RCMP transparency, things will move past the point of no return to fix it. She adds that the RCMP is not alone to blame, the Federal Government and Public Safety Minister Bill Blair seems largely unconcerned and have ignored most of the recommendations to reform.

Swatter targets home after hacking their Ring video doorbell

This story combines two perennial cyber-security blights: hacked video doorbells and swatting attacks. 

Both have been covered here over the years, from a swatting attack that  resulted in the death of a 28-year father in Kansas, to a hacker prank that saw families being taunted via their Ring doorbells.

This time, attackers used a hacked Ring video doorbell to surveil the occupant of a house.  When they knew she was home, they called in a swat attack to her address, telling police he had murdered his estranged wife and had barricaded himself in the home with explosives. Nearby the children’s school went on lockdown and police arrived – only to be taunted verbally via the doorbell.

Apparently there is some prior history here and the attack is believed to have originated in Sweden.


Librem 5 phones are finally shipping

I know a few readers went ahead and preordered Purism’s Librem 5 phones based on my recommendation in these pages. That was a long time ago and I’ve been close to giving up on waiting. I’ve been using my daughter’s crappy old iPhone 4 or something like that holding out for my Librem to ship. 

So I noticed this announcement the other day that they were finally mass shipping the Librem 5 and while I haven’t yet received my individual shipping notice, I’m cautiously optimistic.

Large hosting provider hit with ransomware attack (printers too)

Large scale managed hosting provider Managed.com was hit with a ransomware attack last week affecting their entire system. The company disclosed a “coordinated ransomware attack” affecting a small number of clients, and then made the drastic move of taking down the entire system “out of an abundance of caution.”

The attack has been attributed to the REvil ransomware-as-a-service group, who were demanding a $500,000 USD ransom to be paid in Monero (XMR). In a prior interview with a public spokesperson for REvil, the group claimed to be making $100,000,000 USD per year in extortion demands. 

Speaking of ransomware, BleepingComputer also reports on the Egregor strain, which upon infecting a victim workstation, proceeds to blast ransom notes out in hard copy from all available printers on the network.

Read: https://www.bleepingcomputer.com/news/security/egregor-ransomware-print-bombs-printers-with-ransom-notes/

Large scale WordPress Epsilon theme attack

WordFence reports of a large scale wave of attacks against WordPress sites utilizing the Epsilon theme framework. They estimate the established base to be approximately 150,000 sites worldwide. The attack utilizes a recently reported flaw called Function Injection, they’ve also published a list of vulnerable themes:

Shapely <=1.2.7
NewsMag <=2.4.1
Activello <=1.4.0
Illdy <=2.1.4
Allegiant <=1.2.2
Newspaper X <=1.3.1
Pixova Lite <=2.0.5
Brilliance <=1.2.7
MedZone Lite <=1.2.4
Regina Lite <=2.0.4
Transcend <=1.1.8
Affluent <1.1.0
Bonkers <=1.0.4
Antreas <=1.0.2
NatureMag Lite <=1.0.5

At the moment there seems to be no active exploit attached to the attacks. These are probes for now. But if you’re running one of these themes you need to upgrade your installation ASAP. All easyBrand sites with Blogvault support (everything above Hobby level and everybody who was grandfathered in) have already been upgraded.

Now available on the Internet: Music

Unexpected blast from the past today as the CBC ran a “from the archives” piece about music on the internet from 1996. It was a two minute television segment about some weird guy named Mark Jeftovic who was putting rock bands on the internet and how major record labels were worried it would lead to copyright infringement. 

It featured a Vancouver band we were hired to do a web event for back in the day called Salvador Dream. Anybody know whatever happened to those guys?

Anyway, if you wanted to know what I looked like back when I had hair and was a metal head, look no further.

AxisOfEasy Salon #31: The Covid Episode

This week on the AxisOfEasy I wanted to draw your attention to an article Jesse Hirsh wrote about Canada’s new Digital Charter Implementation Act

Read: https://axisofeasy.com/metaviews/a-glaring-hole-in-the-digital-charter/

…and something Charles wrote that really nailed the phenomenon I’ve been referring to as The Great Bifurcation

Read: https://axisofeasy.com/oftwominds/the-one-chart-that-predicts-our-future/ 

And on our Salon #31 we finally devoted the better part of the entire episode talking about the elephant in the room: Coronavirus.

Watch: https://axisofeasy.com/podcast/salon-31-the-covid-episode/