AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/30/2021

1 – US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions

U.S. federal agents on Tuesday arrested the alleged operator of Bitcoin Fog, a cryptocurrency-obfuscation service that the dark web’s most notorious marketplaces have reportedly used to move tens of millions of dollars. Roman Sterlingov, a Russian-Swedish national, was arrested in Los Angeles and charged with money laundering for his alleged role as Bitcoin Fog’s mastermind, according to court documents. Created in 2011, Bitcoin Fog bills itself as a means of further anonymizing cryptocurrency transactions by separating transmitted bitcoin from a particular bitcoin address. Some $336 million in transactions were routed through Bitcoin Fog over a decade, according to a criminal complaint against Sterlingov filed in the U.S. District Court for the District of Columbia. That included tens of millions of dollars laundered for dark web forums like AlphaBay and Silk Road, which were known for trafficking in drugs and hacking tools, as well as other illicit products, before being shut down.


2 – Privacy Alert for Unknown AirTag Triggers When a User Returns Home

Apple has shared considerable information regarding the safety mechanisms in place within its Find My network and AirTags, that prevent unwanted tracking. One of the biggest measures is the ability of an iPhone to detect if an unknown AirTag has been following a person for a period of time. In the unfortunate event that does occur, the ‌iPhone‌ can display an alert. AirTag is joining an already crowded market, with Tile and other companies that have already produced item trackers for the last couple of years. So the challenges Apple faced with developing AirTag aren’t entirely new. However, Apple’s entry into a market typically leads to increased scrutiny over the real-world implications of the products and services.


3 – Paleohacks data leak exposes customer records, password reset tokens

A popular online resource for paleo recipes and tips was the source of a data leak impacting roughly 70,000 users. On Thursday, researchers from vpnMentor revealed a misconfigured Amazon AWS S3 bucket as the central point of the data breach, in which the account was used to store the private data and records of users.  Los Angeles-based Paleohacks runs a website containing recipes, meal plans, and articles on the paleolithic lifestyle, including downloadable guides, a forum, and an e-commerce store.  The team, led by Noam Rotem, said that there was a failure to implement “basic data security protocols” on the S3 bucket, and such misconfiguration means that there were no access limits to the public. 


4 – Fourth time’s a charm – OGUsers hacking forum hacked again

Popular hacking forum OGUsers has been hacked for its fourth time in two years, with hackers now selling the site’s database containing user records and private messages. OGUsers is a hacking forum known for the sale of stolen social media accounts hacked through SIM-swapping attacks, credential stuffing attacks, and other means. More recently, OGUsers members were charged by the US Department of Justice for their role in a string of successful hacks on verified Twitter accounts used to promote a cryptocurrency scam. Last week, cyberintelligence firm KELA tweeted that the OGUsers forum administrator confirmed that the site was hacked after hackers uploaded a web shell to their server.


5 – London City becomes first major airport to control air traffic remotely

Planes are being guided from a control tower more than 70 miles away.  A 50m-tall tower has been built at the airport, equipped with 14 high-definition cameras which will feed video and audio back to the remote-control centre in Hampshire, where air traffic controller NATS is based. The technology was developed by Saab Digital Air Traffic Solutions in Sweden, where it was initially tested. It marks a major change in step for the aviation industry, where planes are generally instructed to take off and land by operators based in the airport.

Related Posts