dChan
Anonymous ID: 04bb01 March 23, 2023, 12:45 p.m. No.18567469   🗄️.is 🔗kun   >>7470 >>7653 >>7941

https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/?comments=1&comments-page=4

 

Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug

 

Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can’t be reversed, the kiosk manufacturer has revealed.

 

The heist targeted ATMs sold by General Bytes, a company with multiple locations throughout the world. These BATMs, short for bitcoin ATMs, can be set up in convenience stores and other businesses to allow people to exchange bitcoin for other currencies and vice versa. Customers connect the BATMs to a crypto application server (CAS) that they can manage or, until now, that General Bytes could manage for them. For reasons that aren’t entirely clear, the BATMs offer an option that allows customers to upload videos from the terminal to the CAS using a mechanism known as the master server interface.

 

Going, going, gone

Over the weekend, General Bytes revealed that more than $1.5 million worth of bitcoin had been drained from CASes operated by the company and by customers. To pull off the heist, an unknown threat actor exploited a previously unknown vulnerability that allowed it to use this interface to upload and execute a malicious Java application. The actor then drained various hot wallets of about 56 BTC, worth roughly $1.5 million. General Bytes patched the vulnerability 15 hours after learning of it, but due to the way cryptocurrencies work, the losses were unrecoverable.

 

General Bytes officials wrote:

 

The night of 17-18 March was the most challenging time for us and some of our clients. The entire team has been working around the clock to collect all data regarding the security breach and is continuously working to resolve all cases to help clients back online and continue to operate their ATMs as soon as possible. We apologize for what happened and will review all our security procedures and are currently doing everything we can to keep our affected customers afloat.

 

The post said the flow of the attack was:

 

  1. The attacker identified a security vulnerability in the master service interface the BATMs use to upload videos to the CAS.

 

  1. The attacker scanned the IP address space managed by cloud host DigitalOcean Ocean to identify running CAS services on ports 7741, including the General Bytes Cloud service and other BATM operators running their servers on Digital Ocean.

 

  1. Exploiting the vulnerability, the attacker uploaded the Java application directly to the application server used by the admin interface. The application server was, by default, configured to start applications in its deployment folder.

 

Once the malicious application executed on a server, the threat actor was able to (1) access the database, (2) read and decrypt encoded API keys needed to access funds in hot wallets and exchanges, (3) transfer funds from hot wallets to a wallet controlled by the threat actor, (4) download user names and password hashes and turn off 2FA, and (5) access terminal event logs and scan for instances where customers scanned private keys at the ATM. The sensitive data in step 5 had been logged by older versions of ATM software.

Anonymous ID: 04bb01 March 23, 2023, 12:57 p.m. No.18567531   🗄️.is 🔗kun

Look at who also? stole babies.

 

https://www.atlasobscura.com/articles/after-the-vietnam-war-america-flew-planes-full-of-babies-back-to-the-us

 

After the Vietnam War, America Flew Planes Full of Babies Back to the U.S.

Operation Babylift had some problems, though.

 

BY ANDY WRIGHT SEPTEMBER 21, 2016

 

The image is common enough: A passenger plane with human cargo belted snugly into their seats. But look for another second and you’ll see that every passenger is a child, and each one has been bundled up inside an identical cardboard box. Most of them are babies, but some are older and their limbs spill over the edges of their makeshift bassinets. They appear marooned without any adults in the shot.

 

The image is one of many taken during the chaotic end of the Vietnam War when the United States undertook an operation to evacuate thousands of children from Vietnam in April 1975, just weeks before the Fall of Saigon. Supposedly all orphaned, they were slated to be adopted out to waiting U.S. families. Over 2,500 children were brought stateside on flights manned by volunteers outnumbered by infants. Three processing centers were quickly formed at military outposts on the West Coast—two in California and one in Washington—where children were received before being placed with families throughout the country.

 

Doubts about some of the children’s orphanhood would bubble to the surface almost immediately, but before such questions could even be posed, those tasked with manning the operation had to grapple with an incredible logistical problem: quickly transporting and caring for thousands of infants during a time of pandemonium.

 

Those who accompanied children on flights—including commercial flight attendants who were recruited or volunteered—used the materials on hand to turn planes into makeshift nurseries.

 

Flight attendant Jan Wollett told NPR that she and others lined the floor of their plane with blankets for the babies, and secured others with cargo netting.

Anonymous ID: 04bb01 March 23, 2023, 2:02 p.m. No.18567885   🗄️.is 🔗kun

>>18567872

Read that book.

 

You can also hide certain items that way.

You can also hide certain info from search engines that way. See wikileaks emails.

I guess some corrupt people even thought they could hide from the NSA that way.