ddos

September 30, 2022

Biggest Hacks of 2022 (Part 2)

Biggest Hacks of 2022 (Part 2)

Continuing on from our previous blog, we are back with our survey of some of the largest and most surprising hacks in 2022. Uber and Rockstar Games fell victim to relatively simple cyber attacks. Social engineering has a remarkable ability to breach even the most secure security measures. Luckily, the Uber and Rockstar Games hacks were more flashy than they were costly. This week, we’re covering a pair of hacks with much more financial or potentially disastrous effects.

Crypto.com 30 Million Dollar Hack

Cypto.com was enjoying the limelight for a few years. The crypto boom gave it a platform and revenue stream like never before seen. In a few short years, Crypto.com became one of, if not the largest crypto exchange platform in the world. Its future was so bright, in fact, that Crypto.com purchased the naming rights to the LA stadium formerly known as Staples Center. After the season of boons, however, 2022 marked the beginning of a downfall.

In January of 2022, Crypto.com was hit by a massive breach that cost it about $30 million when everything was all said and done. On January 14th Crypto.com noticed that hackers were initiating transactions on its platform without triggering the two-factor authentication that normally comes along with said transactions. A few days passed while Crypto.com tried to stop the bleeding, eventually, they were forced to suspend all withdrawals from the site, revoke all of their two-factor tokens, and logged every single customer out of their accounts. By the time Cypto.com implemented these security measures and sent word out to news outlets, about $30 million in ill-gotten gains had been siphoned from Crypto.com users.

After this hack, Crypto.com implemented mandatory two-factor authentication policies on the customer-facing side and backend alike. Crypto.com also began a “Worldwide Account Protection Program (WAPP).” This was put in place to protect users in case attacks like this happened again. It’s a sort of internal FDIC, ensuring a refund of up to $250,000 for “qualified users.” This protection program is far from perfect, but hopefully, it protects its vulnerable users in the future should a massive hack like this occur in the future.

A Neopets Hack?

The online fantasy pet simulator, Neopets was the subject of a massive data leak in July of 2022. Users of the site tend to be on the younger side, but their data is just as valuable in large numbers as any adult’s data. This fact was confirmed by the hacker that seized a Neopets database containing the user data of approximately 69 million Neopets users both fresh and dated.

According to Polygon and an official statement on Twitter, ” Neopets became aware that customer data may have been stolen,” and “… immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. Interestingly, a community website, JellyNeo was the first to report on the breach, it seems that community members noticed the breach before Neopets themselves, and an anonymous source tipped JellyNeo off. In this hack, Neopets’ source code and the entirety of their user database had been accessed. The hackers were holding the data ransom to the tune of 4 Bitcoin (~$94,500 USD at the time).

The hack, on its face, seems a bit silly, but data is data. If any of these 60 million users share login information across platforms, then the reach of the security breach is much larger than it initially seems.

Keep Hackers Out

These massive breaches have been made or broken by the protections that businesses have put in place should their first lines of defense fall. Encryption and decentralized server structures are often the only things preventing an unfortunate breach from blossoming into a full-fledged disaster.

Protect Your Business

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

“Security Update | Uber Newsroom”. 2022. Uber Newsroom. https://www.uber.com/newsroom/security-update/

“Grand Theft Auto 6 Leak: Who Hacked Rockstar And What Was Stolen?”. 2022. The Guardian. https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-what-was-stolen

Fung, Brian. 2022. “Uber Says Hacker Group Lapsus$ Behind Cybersecurity Incident | CNN Business”. CNN. https://www.cnn.com/2022/09/19/tech/uber-lapsus-cybersecurity-incident/index.html

Newman, Lily Hay. “Crypto.com Finally Admits It Lost $30 Million in a Hack.” Wired. Conde Nast, January 22, 2022. https://www.wired.com/story/crypto-hack-nso-group-security-news/.

https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-what-was-stolen

September 23, 2022

Biggest Hacks of 2022 (Part 1)

Biggest Hacks of 2022 (Part 1)

Every day we are reminded that our security is more fragile than we think. It’s good to take some time to take stock a few times a year to get an accurate view of the cybersecurity landscape. Today, and in an upcoming companion blog, we will be covering four of the largest hacks that have hit the world of tech. This week we’re coving the Uber hack that has given the hacker access to all of Uber’s back-end passwords, and backdoor access to much of Uber’s operations. We will also be covering a slightly more mysterious hack that video game developer, Rockstar Games suffered that leaked tons of in-development projects and their in-network data.

Lapsus$ Uber Hack

On the morning of Monday, September 19, Uber posted a blog update to its website detailing a massive breach of Uber’s systems. This hack was a relatively simple social engineering attack that obtained an Uber EXT contractor’s credentials including their multi-factor authentication.

It was suspected that the hacker initially pulled the developer’s password from a cache on the dark net. It’s likely that the password was scraped from a device that had previously been the victim of a malware attack. Social engineering attacks are embarrassingly simple once a hacker has their hands on the right information. In this case, the Lapsus$ member fired off several login attempts, triggering the multi-factor authentication. After enough attempts, the contractor slipped up and accepted the multi-factor authentication and the breach was complete.

Once access to the contractor’s accounts had been granted, the hacker had nearly unlimited access to Uber’s systems. Uber claims that their security monitoring allowed them to respond to the issue, but notably, Uber’s statement does not claim to have excised the hacker or to have revoked their access entirely.

Some of Uber’s top priorities in the wake of this hack were to stop the bleeding so to speak. They checked their systems for similarly compromised accounts, forced password resets, and shuffled their internal access keys.

What Does This Mean?

The hacker had their fingers in everything, and its possible that, regardless of the key resets they may have their hands on a trove of internal data. Uber’s investigation found that no public-facing systems were touched, and their databases of sensitive user information like trip information and credit card numbers were similarly undisturbed.

Luckily, Uber is prepared for such a breach of those databases should it happen in the future. The personally identifying information that Uber’s customers trust them with is, fortunately, encrypted. In cases like these, encryption provides a secondary or tertiary layer of security.

It is lucky that Uber’s first sweep during this investigation has found no immediate negative effects, but the breach is a massively disappointing event, regardless. Uber processed $26.61 billion worth of bookings in 2020 along, and more than 1.44 billion rides are completed through Uber every quarter, meaning that even a small-scale breach or a fraction of leaked information would have far-reaching effects. The fact that this lone hacker got this far with a single password and a free afternoon does not bode well for their cybersecurity infrastructure.

Rockstar Games Data Leak

Rockstar Games is one of the most successful producers of video games on the planet. Their 2013 game Grand Theft Auto V has been generating well over $6 billion in revenue for the company on its own by maintaining a relatively simple massively multiplayer online mode. This developer has been working on the sequel to Grand Theft Auto V for the last few years, and it is, to this day, one of the most anticipated games in the industry.

About an hour of development footage has been leaked to the public and game journalists, giving the people an unprecedented look at the work Rockstar Games has been doing behind closed doors. The video game industry is famously secretive, so a breach of this magnitude from a studio with such vast resources comes as quite a shock to the cybersecurity world. Rockstar Games is incentivized to keep its title under lock and key to maximize press and public opinion when the game eventually releases.

This attack, interestingly, seems to have worked its way into Rockstar Games via its Slack channel. Details are slim from Rockstar, but the hacker, after leaking footage of the game, claims to have a hold of their source code. This source code is the backbone of the video game currently in development and may be used by the hacker as ransom collateral,

Battle Hackers With AXEL Go

AXEL Go is a cloud-based file storage and sharing system that acts as a secondary line of defense in the face of clever hacks. As we saw with the Uber hack, if crucial personally identifying data and sensitive information is stored in a properly sealed server structure, then even a successful hack will fizzle out. Our decentralized server structure creates an ecosystem of safety that can stand firm in the face of unexpected breaches. Anything from source code to employment information will be basically impenetrable on our decentralized servers and when combined with our AES-256 bit encryption.

Protect Your Business

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.
AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Sources

“Security Update | Uber Newsroom”. 2022. Uber Newsroom. https://www.uber.com/newsroom/security-update/

Fung, Brian. 2022. “Uber Says Hacker Group Lapsus$ Behind Cybersecurity Incident | CNN Business”. CNN. https://www.cnn.com/2022/09/19/tech/uber-lapsus-cybersecurity-incident/index.html

Newman, Lily Hay. “Crypto.com Finally Admits It Lost $30 Million in a Hack.” Wired. Conde Nast, January 22, 2022. https://www.wired.com/story/crypto-hack-nso-group-security-news/.

September 16, 2022

The State of Government Cybersecurity 2022

The United States government is a lurching behemoth with several massive branches that stand on opposing ends to, ideally, keep everything in check. This does mean, however, that specific standards and practices tend to fall the wayside or find themselves unable to update. In September 2022, the White House pushed forward an executive order to improve the government’s basic security infrastructure.

Previous State of Government Cyber Security

The Biden administration has slowly been chipping away at the cybersecurity threats facing the United States Government. In May of 2021, the White House published an executive order that began the federal push toward improved government cybersecurity policies. The order first and foremost pushes for lowering the information-sharing boundaries between government bodies. Before this order, government agencies like the CISA, FBI, and the Intelligence Community were unable to share information directly with one another about cyber security incidents.

These barriers created information gaps that would give security threats under government investigation the opportunity to repeatedly hammer away at security exploits that have been found by simply selecting a different target. These hackers would get away with targeting several different government bodies while the federal government had to slog through bureaucracy before they could compare notes with each other.

Beyond pushing for improved bureaucratic changes, this order improved infrastructural security issues. The Federal Government began adopting modern cyber security best practices such as implementing Zero Trust Architecture, secure cloud services for sharing and storing data, and other Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) solutions to storage and sharing problems facing the government in a rapidly digitizing world.

The 2022 Cybersecurity Briefing

The Washington Post’s cybersecurity column, Cybersecurity 202, was the first to report on The White House’s fresh cybersecurity guidance from the Biden administration in 2022. The briefing and executive order were further improvements on the previous order from the summer of 2021.

This executive order cites the SolarWinds attack of 2020 and the cybersecurity failures of many Federal Agencies in the face of that attack. Malicious code was planted into the code of the software SolarWinds provided which led to a rash of festering cybersecurity breaches that, to this day, have not been completely sealed. To this end, the 2022 White House Cybersecurity briefing has tightened up many of its policies and digital infrastructure in order to further protect Federal Agencies and prevent supply chain issues like the ones seen in the Colonial Pipeline attack.

The contents of this executive order are decidedly less flashy than the order from May 2021. Instead, it defines timelines within which Federal Agencies must shift their security over to zero-trust infrastructure and adopt secure cloud-based storage solutions.

Keep Pace with AXEL Go

AXEL Go provides the sort of cutting-edge security that The White House has been pushing for in order to protect The Federal Government from the increased rate of sophisticated cyber security attacks. The security that distributed, cloud-based storage solutions can provide against modern cyber attacks is unlike anything that has been seen before. AXEL Go uses a distributed, collective server structure to store and encrypt documents in several distinct fragments that may only be reassembled with the proper authorization. Should a hacker make their way into the IPFS storage that we use to protect our clients, the data they get their hands on would be effectively useless.

AXEL Go has been on the cutting edge of serious cybersecurity methods, and we plan on keeping it that way. The security that AXEL Go provides would have prevented national-level headaches. Similarly, AXEL Go can protect your business from persistent attempts from hackers. Join us in the fight for a more private and secure internet while The White House eventually keeps pace.

Sources

“Executive Order on Improving the Nation’s Cybersecurity.” The White House. The United States Government, May 12, 2021. https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/.

“Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience.” The White House. The United States Government, September 14, 2022. https://www.whitehouse.gov/omb/briefing-room/2022/09/14/enhancing-the-security-of-the-software-supply-chain-to-deliver-a-secure-government-experience/.

September 9, 2022

Privacy for the Future

Generation Z and Generation Alpha are defined by their relationship to the internet. These young adults, teenagers, and children have been raised in a media landscape dominated by online entertainment, communication predominantly via social media, and a world interconnected like never before. The internet for these people comes as naturally as walking and talking, but because these generations were young when big tech began collecting their data, they are in a uniquely bleak position.

Big Tech and Young People’s Data

It is well known now that Meta, Twitter, and Google make their money by collecting, organizing, and selling the data of their customers. This data, is usually sold to advertisers to precision-target users on the internet at every turn. Nearly every interaction on the internet these days is tracked in some form or another and collected by data collection agencies. This data can be used to create a disturbingly accurate profile of every user’s likes, dislikes, and future potential behavior.

Privacy laws have grown and changed over the last decade or so to allow users the opportunity to opt out of this invasive process. Many adults that have had the opportunity to know life apart from the internet have grown distrustful of data collection and seized the chance to opt out, but Generations Z and Alpha find themselves unprotected in a way that Millennials and Generation X were not. Generation Z has been unwittingly handing its data over to Big Tech for their entire lives. Their parents, though they may have had a passing understanding of personal data collection, were not adequately prepared to defend the data of their minors.

This means that young people have not only been given no opportunity to protect their privacy, but their understanding of what privacy looks like has also been drastically altered in favor of data collectors and Big Tech.

Big Tech’s Failings

Big Tech is a collection of incredibly powerful businesses driven by profit. These companies may have individuals within them that want nothing more than the safety and privacy of their users, but the size of these companies and their profit demands easily overpower the best intentions of any single good actor.

Meta especially has been the face of teenager-related failings. Lawsuits against Meta were filed in Colorado, Delaware, Florida, Georgia, Illinois, Missouri, Tennessee, and Texas accusing the site of unduly exploiting teenagers and other young people on their apps. The vice grip they have over the data of young people from the moment they set foot online has given the company the broadest possible view of an impressionable age group before they had the opportunity to opt out.

Even if these young people try to remove themselves from Meta and its umbrella of media sites, their data will live on in perpetuity on Meta’s servers, effectively stripping a generation of people of their digital privacy until something changes.

The National Programs’ Center for Industry Self-Regulation has introduced a roadmap for securing the data of young people aged 13-17. A large part of this attempt at social media regulation is curtailing the addictive designs of social media companies. Part of their ability to draw so much data out of teenagers is the pernicious design of these apps combined with a lack of data collection oversight.

This minimal amount of pushback from The National Programs’ Center for Industry Self-Regulation and legislation from the UK has already seen adjustments in behavior from social media companies. TikTok and Facebook, for example, have begun tightening their privacy settings for users under the age of 18, giving young people on the internet the opportunity to achieve the same privacy afforded to adults without having to jump through as many deliberately opaque hoops. The speed at which these companies have fallen in line after a whiff of pushback shows that there is a future where privacy is possible for everyone online.

Privacy Without Compromise

AXEL understands the importance of privacy online. Users of the internet deserve the dignity of privacy no matter their age, generation, or level of technological literacy. This is why AXEL Go is built on a foundation of privacy and security. By providing a service that supplies privacy and security without compromise, AXEL Go is leading the charge for a more secure and less invasive internet. While we pride ourselves on our security, AXEL Go is first and foremost a place for users to enjoy a sense of privacy that has been missing from the internet for years now.

Protect Your Privacy With AXEL Go

Citations

“New Teen Data Roadmap Seeks To Fill Gap In Kids’ Privacy Law”. 2022. News.Bloomberglaw.Com. https://news.bloomberglaw.com/privacy-and-data-security/new-teen-data-roadmap-seeks-to-fill-gap-in-kids-privacy-law

“Opinion | Gen Z Has Never Known A World Without Data Sharing (And It Shows)”. 2022. NBC News. https://www.nbcnews.com/think/opinion/teens-have-never-known-world-without-data-sharing-it-s-ncna1254332.

“Meta, Instagram Hit With 8 Lawsuits For ‘Exploiting Young People For Profit'”. 2022. Nypost.Com. https://nypost.com/2022/06/12/meta-instagram-hit-with-8-lawsuits-for-exploiting-young-people-for-profit

2022. https://www.wsj.com/articles/meta-tiktok-could-face-civil-liability-for-addicting-children-in-california-11656419401

September 1, 2022

File Sharing 101: How to Easily Share Large Files

The internet was designed to share data and facilitate communication. As technology has advanced, our computers have become more capable of generating and processing larger amounts of information. We need a modern solution to quickly, easily, and securely share files across devices. How did we end up with the rigid limitations of email attachments, and what can we do to circumvent them?

File Sharing History

The history of file sharing is intimately attached to the history of the internet. In fact, one way to think of the internet is as an endless series of rapidly delivered packages of data. From its inception, this has been the goal of the internet.

Before we had the internet as we know it, we had an interconnected network of computers called The Advanced Research Projects Agency Network or ARPANET. ARPANET was what is referred to as a wide-area packet-switched network. Packet switching is most simply defined as the process of sending and receiving “packets” of data and “switching” or transferring them to another telecommunications device in order to bring that data closer to its intended destination. ARPANET did this at first with four computers located in universities spread between California and Utah. At the time, they used the best technology available, phone lines, and packet switching nodes called Interface Message Processors (IMPs).

These connections began in 1969. Within a year, ARPANET made its way to the east coast of the United States, and by 1973, satellites were aiding in the process of switching packets across the Atlantic ocean. Interconnectivity, communication, and data transference quickly became a sort of modern convenience for university researchers with access to these rare, at the time, connected devices.

The internet was born from these innovations. A growing number of computer networks were integrated through Internetworking or the process of connecting several separate networks to a larger network of interconnected networks. Eventually, in 1991 the birth of the proper internet, or a network of information that anyone could access, came out of the mind of Swiss computer programmer Tim Berners-Lee. A year after the birth of the World Wide Web, the first email attachment was sent by Nathaniel Borenstein.

Email Attachments Today

Nathaniel Borenstein and Ned Freed developed a protocol called Multipurpose Internet Mail Extensions (MIME). MIME is still used to this day to attach and deliver email attachments. This process does well enough in many circumstances, however, in the modern age, this technology is no longer able to keep pace with the ballooning file sizes we use in our offices day to day.

MIME is a perfectly fine protocol for transferring a picture of the family at the beach or a quick PDF, but in the workplace, we are working on much more ambitious projects. Video editing packages, lossless audio formats, and massive presentation decks have been frustratingly bottle-necked by the 25-megabyte size limit even the most generous email clients provide. This chokes up the speed at which we can do work, and adds pain points to even the simplest tasks.

Security has also become a massive email attachment blind spot. The convenience of everlasting archival of our email attachments comes with a security risk that compounds with every day they wait patiently on our email servers. Personally identifying information, secret projects, and sentimental files could all be plucked from a server at a moment’s notice with time and without the proper security.

Easily Share Large Files With AXEL Go

AXEL Go is the easiest way to share large files via email or any other digital communication service. AXEL Go uses link-based file sharing, allowing direct access to an encrypted, password-protected copy of your data with no file size limit.

Security woes are immediately solved with AXEL Go’s password-protected end-to-end encryption and customizable expiration dates. Access to data shared via AXEL Go is entirely governed by the owner of that data.

Link file sharing is the most straightforward and secure method of sharing large files via email, messaging, or text message. It’s incredibly simple to copy and paste a link into the desired method, in-browser previews save on local storage space, and allow for on-the-go review no matter what device a file has been shared to. AXEL Go’s decentralized storage method and custom expiration dates eliminate the risks that abandoned email attachments present.

AXEL Go provides simplicity and control to the process of easily sharing large files online.

Simplify Your Large File Sharing with AXEL Go

August 26, 2022

Web3 Beyond Crypto

Web3 has been stuck in the shadow of cryptocurrency. During the crypto crash, we have the opportunity to use Web3 technology and decentralized server structure to its fullest potential. What does Web3 look like without crypto, and how will that help us usher in a more private and secure future on the internet?

The Internet as We Know It

Web3 is the third incarnation of standard operation on the internet. The internet at its inception has been retroactively named Web 1.0. This is the most simplistic version of the internet, this era of the internet is typically associated with the 90s, limited inter-user communication, an ocean of static HTML pages, and very little user-generated content.

Web 1.0 is where our understanding of the most basic functions of the internet comes from. Every little thing we associate with the internet from the idea of websites to usernames and passwords was built on the foundation that Web 1.0 has set for us.

Web 2.0

An internet gold rush led to the dot com bubble, a speculative bubble, similar to what we saw with cryptocurrencies and Web3, based on harnessing the commercial conveniences and innovations of the fledgling internet. When that bubble burst around the year 2000, attitudes and technologies connected to the internet began changing the way we connected our lives to the internet.

Around 2004 began the advent of social media and portable personal devices connected to the internet at all times. User-generated content, content aggregation, and the consolidation of technology around a few major companies. Those companies are colloquially referred to as Big Tech. They’re companies like Google, Meta, and Amazon. They’re responsible for collapsing the internet down into tighter umbrellas, and their immense amount of capital and tendency to sit on the cutting edge of technology gives them a great deal of control over our current, centralized internet.

Web3

Web3 is a push towards decentralizing the internet and giving power back to users in the form of privacy and security. Web3 doesn’t aim to change the user experience of the layperson, rather, it is a push to update the protocols and infrastructure of the internet as we know it. Rather than hosting data on single servers, Web3 would host portions or entire verified copies of data in multiple locations in a process known as decentralization.

This process of sharing and verifying ledgers of information is why cryptocurrencies have latched onto the decentralized technology of Web3. The process of comparing ledgers to each other in order to agree upon a “real” state of digital information, created stability that has not existed on the internet in a widespread manner until around 2018 when more users were paying attention to cryptocurrencies.

The novelty of decentralized data structures and a desire for a Web3 proof of concept led to the rush to make money off of the new form of digital currency. This zealous push to understand Web3 created a bubble similar to the dot com bubble. 2022 has seen many cryptocurrency crashes, which is unfortunate for many early adopters, but it does create a unique opportunity for us to see what Web3 is really capable of once freed from the shadow of crypto.

Web3 Beyond Crypto

The technology that allowed for secure mining and minting of a digital currency is capable of so much more. The security that a decentralized internet provides to every user is one of the more useful applications of Web3 technology. Storage protocols like the InterPlanetary File System (IPFS) when paired with high-quality encryption creates storage solutions that are nearly uncrackable via brute force.

Websites and the internet at large can enjoy more stable and resilient servers by having backups stored across the world, easily accessible by any authorized user. When governments have restricted access to free information, Web3 servers are able to provide that information to the people. We saw this in 2017 in Turkey. Web3 servers and the ingenuity of a few people were able to circumvent these restrictions with fully-featured mirrors of Wikipedia that could not be taken down by the Turkish government because there was no single, centralized target to block.

Web3 makes bold promises that are backed up by well-established technology. All we need to do as users of the internet is pivot to making the change. AXEL Go uses IPFS, AES-256 bit encryption, and decentralized servers to securely store and share your most important and private information.

Protect Your Data with AXEL Go

ddos

Footer