Wednesday, July 29, 2015

A new cyber-villain is born : Black Vine

The company Symantec claims to have discovered those responsible for the biggest data theft known so far, whose victims were 80 million people, customers of the second US insurer, Anthem. This would be the group Black Vine, formed by IT elite mercenaries. We'll talk about them and also about how easy it can be to assault a lockbox, an epic mistake of Belgian government and a success story that could have ended in tragedy: the fork of Bitcoin in 2013.


According to Symantec, Black Vine would be specialized in big companies, having attacked not only the insurer Anthem, but also oil, aerospace, air and other companies. The group would have ample funding for the purchase of equipment, including various 0days which cybercriminals could share with other groups, altough they would program their own tools too. Its main objective since 2012 when it began their voyage would have been US companies (82%) and to a lesser degree Canada, Denmark, Italy, India and China. Its origin could be Chinese.

Goliath and USB

On the Internet we do not have other things but super villains…In return, there are also excellent security professionals who will showcase their research this summer throughout the year at conferences like Black Hat and DefCon. Among the progress that we know, we like the most the hack to security boxes CompuSafe Galileo, by Brinks company, very common in restaurants and other businesses in the United States. That kind of tanks have a small slot for USBs that is their Achilles heel. And, moreover, using Windows XP.

Epic FAILs

Summer is also the time of the Pwnie Awards to the worst security failures. They will be presented at the Black Hat conference next week, and we already know the candidates (you can see the link on Twitter). What just happened to the Belgian government could perfectly deserve a Pwnie Award: they commissioned an audit to determine whether the officials would fall into a supposedly phishing sent by the travel company Thalys. But the auditors forgot to warn Thalys about the experiment...

Fork by surprise

We finish with an interesting study, to read quietly with an orchata or similar on the hand. This is the story of what might have been an apocalypse in the world of Bitcoin which was solved thanks to the good work of their community: in March 2013, versions 0.7 and 0.8 stopped behaving simultaneosly, due to a bug which finished causing a "fork". The author discusses how the community acted with this problem in real time and what were the keys to a success that could have ended in catastrophe.

We like to end our daily summary with positive news like this, much better if they show that the ways of organization of a community can work: decentralized but from a centralization that everybody trust. Something quantum, but doable. Welcome all of you to the future.


Post a Comment