TechPression

Category: Hacking

  • Anonymous hacker group Communicate with Russians Through Printer Attacks in Anti-Putin Battle

    Anonymous hacker group Communicate with Russians Through Printer Attacks in Anti-Putin Battle

    The Anonymous hacker group has taken the responsibility of informing the people of Russia about the Invasion of Ukraine.

    After declaring war on Russian President Vladimir Putin, Anonymous, a decentralized international activist, and hacktivist group has been relentless in its attacks on the Kremlin, undermining the country’s leadership and disrupting the country’s narrative on the ongoing invasion of Ukraine. The most recent is a printer hack that enables the group to send a message across the country.

    About the Hack By Anonymous 

    In a post on the microblogging site Twitter, Anonymous revealed the detailHackney the latest attack on Russia. “We have been printing anti-propaganda and tor installation instructions to printers all over #Russia for 2 hours, and printed 100,000+ copies so far. 15 people working on this op as we speak,” the tweet read.

    The hack was confirmed in an interview conducted by International Business Time with one of the hacktivists, They also explained that the operation included PDFs printed on the hacked printers with a message informing Russians that its president, Kremlin, and Russian media have lied to them.

    The group also guides recipients in installing tor, accessing “real media” and getting around Russian Supervision. The Onion Router or tor browser is free, open-source software that allows anonymous communication.

    The Anonymous representative who goes by the Twitter handle @DepaixPorteur told IBT. “We hacked printers all across Russia and printed this PDF explaining that Putin/Kremlin/Russian media is lying and then we instructed how to install tor and get around their censorship to access real media,”

    Those Behind The Anonymous Hack

    The group revealed some of the actors behind the hack that make the Russian printer hack a success. Which are Anonymous Strategic Support(A.S.S) and #OpRedScare.

    Anonymous Message to the Russians

    The English version of the PDF in the printer hack urges “Citizens of Russia, act now to stop terrorist[s]. Putin killing over thousands in Ukraine.” and “the people of Russia should find horror in Putin’s actions.”

    Moreover, IBT added that the statement also underlined that it was Putin who started the war over “borders and fear of the West,” and not over Ukraine. The last paragraph remarked, “a wad of paper and ink is a cheap price for the blood of the innocent.” It also urges Russians to fight for their “heritage and honor, overthrow Putin’s corrupt system that steals from your picket.”

    While the anonymous had earlier told IBT that it is working on a data dump that “will blow Russia away.”

  • Lapsus$ Hackers Group Leak nearly 200 Gigabytes of Samsung Source Code In Cyber Attack

    Lapsus$ Hackers Group Leak nearly 200 Gigabytes of Samsung Source Code In Cyber Attack

    Lapsus$ Hackers Group at it again as nearly 200 gigabytes of data, including the source code for numerous technologies and algorithms used in biometric unlocking operations, have been reported stolen and exposed by hackers.

    The stolen data allegedly contains confidential information from Qualcomm, a US chipmaker that supplies chipsets for Samsung handsets sold in the US.

    Access to source code might aid threat actors in identifying security vulnerabilities that would otherwise go undetected, possibly exposing vulnerable devices or systems to exploitation or data exfiltration.

    The breach was claimed by the Lapsus$ hacker group, the same group that penetrated Nvidia and then leaked thousands of employee credentials online.

    Lapsus$ claims to have obtained source code for trusted applets installed in Samsung’s TrustZone environment, which Samsung phones use for sensitive operations, algorithms for all biometric unlock operations, and bootloader source code for all recent Samsung Galaxy devices in a post on its Telegram channel.

    What They Are Saying

    Samsung Spokesperson confirmed a “security breach” related to some internal company data but said no personal data belonging to customers or employees were accessed by the hackers.

    “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said. “Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

    When enquired, Qualcomm stated that it was aware of a reported incident involving Samsung.

    Read Also : How To Use Your Smartphone as a CCTV Camera Without Internet.

    We take these claims very seriously and are working expeditiously with Samsung to understand the scope of the incident, as well as to confirm what Qualcomm data, if any, have been impacted. We have no reason to believe that Qualcomm systems or security were impacted as a result of this reported incident,” said Clare Conley, Qualcomm spokesperson.

    Possible Motive Behind The Data Breach

    It’s unclear if Lapsus$ wanted a ransom from Samsung before publishing the data as it did with Nvidia’s increasingly strange requests. The group asked that the American chipmaker deactivate its controversial Lite Hash Rate (LHR) feature and open-source its graphics chip drivers for macOS, Windows, and Linux.

    Although the deadline passed on Friday, the hacker gang has yet to carry out its threat.

    About Samsung

    Samsung is a South Korean electronics manufacturer that is one of the world’s biggest. Samsung manufactures a broad range of consumer and industrial electronics, including appliances, digital media devices, semiconductors, memory chips, and integrated systems, among other things. It has become one of the most well-known technological brands.

    What to know about Lapsus$

    It’s a ransomware group, Lapsus makes money by breaking into business networks and then extorting them for cash. Sometimes they steal data and hold it hostage.

    The group’s notoriety is increasing as they continue to hack and steal data from the world’s tech giants. They hacked Nvidia and were able to expose some personal information onto torrent sites. Then came Samsung, which had vital data about the security of its phones stolen.

  • Technology in Nigeria’s Piracy Fights: What Somalia Can Learn

    Technology in Nigeria’s Piracy Fights: What Somalia Can Learn


    The Gulf of Guinea previously worn the title of the region with the highest rates of piracy attacks globally in the shipping corridor for years. The 5,000-nautical mile (nmi) coastline of the wider Gulf of Guinea offers seemingly idyllic conditions for shipping.

    It has numerous natural harbours and is largely free of weather-related chokepoints. It is also rich in hydrocarbons, fish, and other resources. These attributes provide tremendous potential for maritime commerce, resource extraction, shipping, and development. Indeed, container traffic in West African ports has grown 14 per cent annually since 1995, the fastest of any region in Sub-Saharan Africa.

    This economic boom, however, is threatened by pirates. In 2012, the Gulf of Guinea surpassed that of the Gulf of Aden (infamous for high-seas hijackings) as the region with the highest number of reported piracy attacks globally. These attacks also tended to be more violent. Given the limited maritime security presence of the West African coast, South American narcotics traffickers have found the region an attractive transit route to Europe.

    Oil theft and illegal bunkering plague the Gulf of Guinea.


    Nigeria alone loses between 40,000 and 100,000 barrels a day due to theft. With 40 per cent of the region’s annual catch estimated to be illegal, unregulated, or unreported, West Africa’s waters also endure the highest level of illegal fishing in the world.

    Trade partners have taken note. In 2013, almost all the estimated $10.2 billion worth of regional trade with the United Kingdom moving through the Gulf of Guinea was declared at risk of theft.

    Read Also : Cyberattacks Ravages European Oil Companies


    \With the increase in risk to ships, cargo, and seafarers, insurance premiums have soared, and companies have taken on additional burdens to secure their ships.

    However, efforts by the Federal Government of Nigeria in combating maritime crimes may have begun to yield results. The International Maritime Bureau (IMB), in a report, revealed a drastic reduction in the rate of piracy in the Gulf of Guinea.

    The Deep Blue Project


    The report said that piracy in the region dropped from 33 incidents in the last quarter of 2020 to six in the second quarter of 2021. IMB said the development gave credence to Nigeria’s efforts in combating piracy in the Gulf of Guinea, including the Integrated National Security and Waterways Protection Infrastructure, also called the Deep Blue Project.

    The IMB second quarter (Q2) 2021 report on the global reduction of piracy in 27 years in Nigeria, including the Gulf of Guinea region, stated that “the number of kidnappings in the Gulf of Guinea in the second quarter of 2021 is the lowest since Q2 of 2019.

    Director at IMB, Michael Howlett, said while it welcomes reduced piracy and armed robbery activity in the Gulf of Guinea, the IMB commended efforts by the Federal Government of Nigeria to tackle the challenge of piracy in the region, adding that reporting all incidents to the Regional Authorities and IMB PRC will ensure seafarers maintain pressure against pirates.

    Read Also: Cyber Crime Typology in Nigeria a sign of industrialization 

    “Bringing together maritime response authorities through initiatives – like Nigeria’s Deep Blue Project and Gulf of Guinea Maritime Collaboration Forum – will continue and strengthen knowledge sharing channels and reduce risk to seafarers in the region,” he said.

    How Nigeria did it

    Enhanced information sharing in the West and Central Africa sub-region. What technology was involved in Nigeria’s fight against piracy in the Gulf of Guinea? Reports reveal Drones and Choppers regularly deploy to combat piracy in the Gulf of Guinea. The government also use boats and aircraft to counter attacks on ships.

    The Situation in Somalia


    On the other hand, Somali pirates are checkmated by a patrol of the European Union Naval Force Somalia (EUNAVFOR), one of several initiatives to combat piracy against international shipping off the coast of Somalia.

    Twenty years ago, when the government of Somalia collapsed, few imagined that the country’s ongoing state of lawlessness would eventually spawn piracy on such a scale that the security of the western Indian Ocean region could be threatened. At first, many assumed that pirate attacks on passing ships could be quickly stifled.

    But the problem has grown into a global malady that so far has warranted seven United Nations resolutions, one of which authorized “all necessary means to repress piracy and armed robbery at sea.”

    According to the UN’s International Maritime Organization (IMO), the problem is global, with 276 acts of piracy or armed robbery against ships reported worldwide in 2010. With failed attempts added, the total climbed to 489, a 20 per cent increase from 2009. Although the South China Sea suffered the most attacks, Somalia came in second.

    Read Also : The Forbidden Tool


    The economic losses are also enormous. The US-based non-governmental One Earth Future Foundation, in a recent study on naval piracy, estimated that Somali pirates extorted some $177 million in ransom in 2009 and $238 million the following year. Including the costs of higher insurance premiums, re-routing ships, anti-piracy security and the impact on regional economies, the total annual costs may range between $7 billion and $12 billion, the study finds.

    Justifications

    Some arrested Somali pirates and senior officials have sought to justify the explosion of piracy off East Africa by citing illicit activities of foreign vessels off the Somali coast. Somali fishermen have long complained that foreign ships have been hurting their livelihoods by overfishing nearby waters, often with large illegal nets.

    In any case, critical figures within Somalia’s Transitional Federal Government strongly believe there is a connection. “If the international community wants to limit acts of piracy,” says Deputy Premier Abdulrahman Adan Ibrahim Ibbi, “it has to help Somalis keep illegal foreign fishing and toxic waste dumping away from their coasts.”

    Change on the ground

    Ultimately, whatever measures are taken to contain Somali piracy on the high seas, long-term solutions must address the source of the problem: the political instability and ongoing warfare within Somalia itself. Nigeria’s political stability has helped it in the fight against piracy.

    “You cannot hope to tackle piracy in any kind of serious way without change on the ground in Somalia,” argues Roger Middleton, a maritime expert with the Chatham House think-tank in London. “This is not started on the ocean, and it’s not a problem that can be solved on the ocean.”

    Regional political leaders agree. “The solution to ocean piracy,” says Ugandan President Yoweri Museveni, “is to ensure a stable government in Somalia.”

    It will then be possible to use information technology, drones, choppers etc., to fight piracy in Somalia like it is done in Nigeria.

  • The deadly cyber Russia-Ukraine war

    The deadly cyber Russia-Ukraine war

    As reactions trail the invasion of Ukraine by Russia, the technological dimension continues to emerge by the day. Cyberspace has become another platform for this war. Both countries continue to experience diverse adversarial attacks and consequences technologically and within their respective cyber ecosystem. 

    As reported earlier this week by Techpression, the Russians have been accused of attacking the financial services and various government websites of Ukraine. These attacks serve as the first cyber-offensive in this war. Also, some parts of the second-largest city in Ukraine, Kharkiv, witnessed internet disruption on Thursday. According to NetBlocks, an internet tracking advocacy group reported that about 25 per cent of Kharkiv’s 1.8 million residents and the surrounding region experienced this outage. 

    Netblocks Tweet on Russia-Ukraine

    On the other hand, many physical attacks have targeted various infrastructures in Ukraine that will disrupt the internet. Power grids, cell towers, and other telecommunication infrastructure are casualties of bombings and armed fights, further decimating Ukraine’s cyberspace. 

    Read Also : The Forbidden Tool

    On the other hand, Russia has also been a victim of cyber-related attacks since this war began. It was reported that ISPs in Russia are experiencing disruption. Anonymous, a cyber activist group, reported that numerous ISPs had been brought down. Although the credit is not attributed to the Ukrainian government, it appears to be a retaliatory move by members of this group. A quick check of the four reported ISP showed that only relcom.ru had been fully restored, with the remaining three still down. 

    Anonymous Tweet on Russia

    Despite this impact on Russia, Ukraine has been affected the more. ISPs in Ukraine such as Triolan, are experiencing partial outages, with websites going down due to the numerous cyber-attacks. Hence, this war is not all about mortal and guns or any other kinetic approach. It encompasses the internet, a significant aspect that must not be ignored. 

    Different Approaches

    Each country understands the role of cyberspace in this warfare. Hence, their recognition and support for its deployment in their offensive. The government of Ukraine has approached its cyber offensive in an uncoordinated manner. To secure critical infrastructure and perform cyber-surveillance missions against Russian forces, the Ukrainian government is reportedly looking for volunteers from the country’s hacker underground.

    Hackers and cybersecurity experts have been urged to submit their applications through online forms. Co-founder of a cybersecurity firm in Kyiv, Yegor Aushev, told Reuters that an official requested the appointment from Ukraine’s military on Thursday. Aushev’s company Cyber Unit Technologies is well recognised for collaborating with the government to defend critical infrastructure. The volunteers will be in two parts: defensive and offensive cyber units. The offensive unit will concentrate on conducting cyber espionage activity against the Russians. 

    Read Also Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 1

    On the other hand, the Russian approach is more coordinated and demonstrates long-term cyber capability development. The Russian military was modernised, and cyber techniques were incorporated following Russia’s 2008 retreat from Georgia. Ever since state-sanctioned cyberattacks have dominated Russia’s military strategy. Typically, these attacks are orchestrated by the GRU, Russia’s Main Intelligence Directory. Customised malware (malicious software) is commonly used to attack the systems of a targeted nation’s infrastructure and systems.

    Russia Malware Attack Image

    A clear demonstration of this impact was the discovery of a new data wiper malware. It has infected hundreds of machines. Russia was accused of this attack. However, the officials from Russia have denied responsibility for these attacks. Likewise, Russia’s embassy in Canberra has denied any role in the most recent strikes on Ukraine.

    Read Also: Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2

  • Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2

    Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2

    This is the second part of the Cybercrime in Nigeria series. 

    Read: Cybercrime Typology in Nigeria: A Sign of Industrialisation (Part 1)

    Nigerian crime now is abandoning pedestrian fraud-related crime that requires little or no technical skills. According to Statista, the country has 8th internet penetration rate, with 49 per cent of the country having an internet connection. The Nigeria Communication Commission has stated the country had over 114 million active internet subscriptions in December 2019. Technological penetration and increasing skills have raised the technical ability of users to conduct much more sophisticated and complex attacks.

    Cybercriminals from Nigeria have demonstrated significant competencies both locally and internationally. A lot of Nigerian government website and information technology infrastructure has been hacked. Corporate organisations are not spared as experienced by Aero contractors in 2019. Two Nigerians living in Dagenham (U.K.) were recently sentenced for hacking into 700 banks and cell phone accounts. The Lekoil fraud scandal is being perceived to involve the international Nigerian cybercrime syndicate. Despite the absence of proof, it is not beyond the capacity of Nigerian cybercriminals.

    Lekoil Logo

    It is generally acknowledged that no skill is required for any particular cybercrime not available among Nigerians. For example, Palo Alto Networks example named the Nigerian cybercrime crime group SilverTerrier.

    This group was accused of hacking, malware distribution, and Business Email Compromise (BEC). One official of the Nigerian Federal Ministry of Justice noted that Nigerians were now creating viruses and Botnets powerful enough to infiltrate any organisation.

    Read Also : The Forbidden Tool

    Recognition that majors Nigerian higher institutions are where these crimes are committed demonstrates that perpetrators are educated, technologically competent,t and have the resources to launch sophisticated cyberattacks. One example is the Hacking of the Independent Nigerian Electoral Commission (INEC) in the 2015 national election. The Nigerian state is preparing for cyber warfare by training service officers.

    Cyber hacking Nigeria

    In fact, we are witnessing the gradual evolution of cybercrime in Nigeria. It is how significant and sophisticated through advanced deployment. A further dimension of this sophistication is its direct focus on specific industries. The Nigerian hacking group named Gold Galleon has been associated with targeting the global maritime shipping industry. Other Nigerian hacking teams include “London blue”, which targets chief financial officers (CFOs). Other groups have the Nigerian cyber army and the Nigerian Hackers Team (NIHAT). The Nigerian cyber attackers develop their enterprise with increasing skills to hit local and foreign targets.

    Migration and Cybercrime in Nigeria

    Migration has played a significant role in improving the skills and competence of Nigerian cybercriminals. One convicted criminal has noted that there are now dedicated forums in which knowledge transfer occurs between Nigerians abroad and those that remain in the country. Hacking, for example, was one of the offenses leveled against the Bonaventure Chukwuka led group arrested and sentenced in London on the 2nd of May, 2019. In India, a cybercrime group consisting of three Nigerians involved in hacking bank accounts and creating fake web pages were arrested in June 2019.

    Many Nigerians residing abroad use their skills to expand their crimes. Moreover, many of these foreign-based perpetrators occasionally visit Nigeria to train or mentor locally based proteges to improve their skills and performance. This social arrangement has contributed to the overall sophistication of cybercrime in Nigeria.

    Evidence has also established the sophistication of cybercrime in Nigeria. Technological competency has stimulated high-level crime that was previously deemed impossible. The skills deployed suggest that technological penetration has contributed to the rate of perpetration. The most established modes include malware, hacking, virus, and botnets. Targets include specific industries or individuals which is another area of sophistication that emanates from the industry.

    Dr Pelumi Apantaku explores the changes in the type of crime as witnessed in established cases worldwide. This is a four-part series that provides an elaborate insight into cybercrime in Nigeria. 

  • The Russian Cyber Attack on Ukraine

    The Russian Cyber Attack on Ukraine

    Ukraine has been hit by cyberattacks that are feared to be backed by President Putin of Russia. The distributed denial-of-service (DDoS) attacks were targeted at the web portal of Ukraine’s ministry of defence as well as the country’s financial systems.
    The scope of the DDoS attack is such that hackers flood the servers hosting a website until it becomes overloaded and shuts down.

    Several major Ukrainian banks, including PrivatBank, Oschad and the State Savings Bank of Ukraine, experienced issues with transactions and mobile app.

    Clients began to complain on Tuesday about difficulties using teller machines and mobile phone applications. The banks confirmed the attack but said the funds in users’ accounts had not been affected, though users said they had been temporarily unable to withdraw money or use their credit cards. Some clients of the banks were worried, as their bank balances appeared drained. By Tuesday evening it was confirmed that most financial services had been restored.

    Ukrainian Ministry of defence and armed services websites were also brought down by these cyber attacks.

    Ukraine has been under constant attack from Russian and Kremlin-backed hackers since February and March 2014 when Russia invaded and subsequently annexed the Crimean Peninsula from Ukraine. This event took place in the aftermath of the Revolution of Dignity and is part of the wider Russo-Ukrainian conflict.

    In a briefing after the attack, Deputy Prime Minister Mykhailo Fedorov said, “This attack is unprecedented, it was prepared in advance. And the key goal of this attack is destabilization, it is to sow panic, to do everything so that certain chaos appears in our country.” “And today we know that the only country that is interested in such attacks on our state, especially against the backdrop of massive panic about a possible military invasion, the only country that is interested is the Russian Federation.”

    Fedorov said the attacks came from many places and involved IP addresses from Russia, China, Uzbekistan and the Czech Republic.

    Cyber espionage, damage to databases and servers, disruption to power and communications and disinformation are all now routine weapons in the Russian armoury.
    It has been estimated that approximately 150,000 Russian forces were gathered on Ukraine’s northern, eastern and southern borders around the time of the attack.
    Russia seems to be poking Ukraine in a bid to find weak spots, sow panic and show them what they’re capable of.

  • Google Chrome Vulnerability

    Google Chrome Vulnerability

    Users of Google chrome have been urged to update their browser as unpatched weaknesses in the software is being exploited by hackers. These vulnerabilities can lead to data corruption and the execution of arbitrary code on vulnerable systems.

    Tracked as CVE-2022-0609 and rated high severity, the exploited vulnerability is described as a use-after-free vulnerability issue in the Animation component.

    This vulnerability was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.

    Read Also: Kenya Launches Cybercrime Protection Game for Children

    On Monday, 14th February 2022, Google Chrome team released a report in which it announced the release of new updates to the Chrome browser. “The Stable channel has been updated to 98.0.4758.102 for Windows, Mac and Linux which will roll out over the coming days/weeks.” The recent update includes 11 security fixes.

    Google Nine other vulnerabilities rated “high” severity that has been patched in the latest Chrome release.

    2021 saw a total of 16 ‘zero-day’ listed below.

    CVE-2021-21148 – Feb. 4, a vulnerability in its V8 open-source web engine.
    CVE-2021-21166 – March 2, a flaw in the Audio component of Google Chrome.
    CVE-2021-21193 – March 12, a use-after-free flaw in Blink, the browser engine for Chrome that was developed as part of the Chromium project.
    CVE-2021-21220 – April 13, a remote-code execution issue.
    CVE-2021-21224 – April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

    Read Also: Africa is set to take over the global videogame business

    CVE-2021-30551 – June 9, a type confusion bug within Google’s V8 open-source JavaScript and WebAssembly engine.
    CVE-2021-30554 – June 17, a use-after-free bug.
    CVE-2021-30563 – July 15, type confusion in V8.
    CVE-2021-30632 and CVE-2021-30633 – Sept. 13, an out-of-bounds write in V8 and a use-after-free bug in the IndexedDB API, respectively.
    CVE-2021-37973 – Sept. 24, a use-after-free flaw in Portals.
    CVE-2021-37976 and CVE-2021-37975 – Sept. 30, an information leak in core and a use-after-free bug in V8, respectively.
    CVE-2021-38000 and CVE-2021-38003 – Oct. 28, an issue with Insufficient validation of untrusted input in Intents in Google Chrome on Android, and an inappropriate implementation in V8 respectively.
    CVE-2021-4102 – Dec. 13, a use after free in V8.
    Two of these zero-day were deemed serious enough to warrant a $7,500 payout to the security researchers who found them.
    The CVE-2022-0609 is Chrome’s first zero-day in 2022 and Google Chrome users anticipate a permanent fix to bugs and vulnerabilities.

    Read Also: MTN Set To Employ 150 Digital Experts

    How To Know Which Version of Google Chrome I am  using

    Knowing and keeping your browser up-to-date is vital and one of the safest ways to keep your browsing and your device as safe as possible and knowing how to do this on chrome is easy. Just follow the steps below to know which version of chrome you are using and keep it up to date

    1. Open Google Chrome on your device ( PC or Mac )

    2. Click the three dots in the upper-right corner of the window.

    3. Hover your cursor over “Help.” ( as shown in the image below )

    4. Click “About Google Chrome”

    Doing the above will display the current version of your Google Chrome on the screen. Depending on your setting, your chrome browser update can be done automatically or at a prompt from time to time.

  • BREAKING: In an email phishing attack, more than $200 million worth of NFTs were stolen from OpenSea.

    BREAKING: In an email phishing attack, more than $200 million worth of NFTs were stolen from OpenSea.

    There is a new Crypto market called NFTs it is a non-fungible token is a non-transferable unit of data that may be sold and traded and is held on a blockchain, a type of digital ledger. Digital media such as photographs, videos, and audio may be connected with several types of NFT data units. If you’re looking to buy or sell NFT tokens, you’ll want to look no further than OpenSEA.

    OpenSea is a non-fungible token marketplace based in New York City, United States. Devin Finzer and Alex Atallah started the company.

    The hack occurred shortly after OpenSea announced a new smart contract upgrade with a one-week deadline to remove dormant NFTs off the platform.

     

    Read Also : Cybercrime Typology in Nigeria: A Sign of Industrialisation Part 1


    Users were asked to convert their listed NFTs from the ETH blockchain to a new smart contract as part of the smart contract upgrade. Within hours of OpenSea’s update announcement, many sources reported on an active attack targeting the soon-to-be-delisted NFTs.

    According to sources reporting on this, high-value consumers were targeted by a hacker, according to what we know now:

    The attacker plundered the Ethereum wallets of an estimated 32 collectors on the leading NFT marketplace. Peckshield revealed that they took over 250 items from high-value collections such as Bored Ape Yacht Club, Doodles, Azuki, and NFT Worlds, according to on-chain data. Crypto Briefing estimates the overall haul to be worth over 1,000 Ethereum, or $3 million, based on the floor prices for the collections. The attacker’s wallet currently includes 641 Ethereum worth around $1.7 million, as well as a number of stolen NFTs.

    Read Also Google Expands Two-Step Verification To Protect Internet Users


    Because the contracts are unique but sold on a centralized marketplace, such as OpenSea, NFT faces a distinct set of security issues than the user-exchange approach. Hackers are also aware of prominent NFT sellers because their marketplace profiles are what allows them to sell NFTs for millions of dollars, making them a target.

    OpenSea is a good company, and they’ll most likely fix this issue so it doesn’t happen again. This isn’t an indication that NFTs are in a bubble, and there’s no hidden message here; it’s simply a new version of Blockchain that draws a new set of risks. It’s also a buy signal for Blockchain security firms, which we’ll discuss in more detail in a future piece.

  • Cybercrime Typology in Nigeria: A Sign of Industrialisation Part 1

    Cybercrime Typology in Nigeria: A Sign of Industrialisation Part 1

    Over the years, cybercrime in Nigeria has been equated to fraud on the internet. It is the only country where an internet crime was attributed to “the Nigerian scam”. A global perspective that Nigerian cybercrimes are only concerned with fraud has influenced the policing and focus of other law enforcement. It is also generally believed that Nigerian cybercriminals have limited skills and are only interested in low-level scams such as romance, inheritance, letter scams, and card fraud.

    In the ranking of serious cybercrimes that have occurred worldwide, Nigeria was never rated as a country with the capacity to launch a significant attack. The country is not part of the top 10 countries with most hackers globally, as ranked by Akamai (Cambridge, Massachusetts based cloud platform provider). The country was also not listed in the top 10 cybercrime stories of 2019. Despite the limited perception of the technical ability of Nigerian cybercriminals, they yet remain a significant player in the global cybercrime ecosystem.

    Recent trends and events demonstrate the growing sophistication of cybercrime. The industry has evolved towards developing new operation modes that go beyond fraud. Two themes have emerged from the new realities of these developments.

    Migration and Organised Crime

    As it is well established, Nigerians have migrated to many different countries. As of 2018, there are 205 000 Nigerians born in Nigeria who lives in the U.K. and around  348,000 Nigerians living in the U.S. as of 2017. Other countries such as Malaysia, India, Germany, France, and others have a significant presence of Nigerians. West African countries also have witnessed significant migration based on the Economic Community of West African States (ECOWAS) free movement protocol.

    Cybercriminals from Nigeria have migrated to all these countries while practicing their criminal enterprise. It has resulted in a sophisticated organised crime structure spanning countries and continents. In October 2018, Nigerian cybercriminals were arrested in Turkey as part of an international syndicate. Federal prosecutors in the U.S. arrested 281 cybercriminals in a Coordinated International Enforcement Operation within which 167 were Nigerians. Some of the arrests were made in Nigeria.

    It appears that major cities across Europe and America now host cells consisting of an international syndicate of cybercriminals. In February 2020, a gang of Nigerians living in Portsmouth were sentenced for cyber fraud, making it the second case of Nigerian gang arrests and prosecution in the Portsmouth area. One of the members destroyed a flash drive before his arrest, suggesting that it contained evidence that could have linked the gang to other cells of the broader Nigerian cybercrime organisation. The arrest of Nigerian influencer Ramon Abbas (Hushpuppi) in Dubai is evidence of the migration-oriented expansion of cybercrime by Nigerians.

    Raymond Abbas Hush Puppi

     Ramon Abbas with one of his cars (source: Instagram)

    The sudden rise of cybercrime in neighboring countries, including Cameroun, the Benin Republic, and Ghana, has been associated with Nigerian migration. Between 2018 and 2019, hundreds of Nigerians were deported from Ghana because of their cybercrime activity. Nuhu Ribadu (the first chairman of the Economic and Financial Crime Commission) stated that the crackdown on cyber fraudsters in 2004 in Nigeria resulted in a massive migration to neighboring countries by those young Nigerians.

    Migration has turned Nigeria’s cybercrime into a hydra-headed monster that continues to evolve into an ever-stronger organised cultured enterprise. Many countries are now experiencing the continued perpetration of these crimes only with a limited ability to either stop or prevent the commission of these crimes.

    Cybercrime from Nigeria is prominent and very popular in its fraud orientation. Over time, it has evolved and gradually involved sophistication. Migration has also contributed to cybercrime becoming more organised. These organisations have cells in cities worldwide and a strong partnership between perpetrators in Nigeria and those residing in other countries. Many countries are now struggling to understand Nigeria’s rampant and multi-faceted cybercrime.

    Dr Pelumi Apantaku explores the changes in the type of crime as witnessed in established cases worldwide. This is a four-part series that provides an elaborate insight into cybercrime in Nigeria. 

  • Cyberattacks Ravages European Oil Companies

    Cyberattacks Ravages European Oil Companies

    European major oil transport and storage companies are battling with cyber-attacks. Companies including Evos (Netherlands), SEA-Invest (Belgium), and Oiltanking (Germany) are witnessing the disruption of their IT infrastructure. These attacks are having a global effect, with about a dozen terminals being affected. The affected companies confirmed its occurrence in the last few days. 

    Logo of oil companies

    According to Oxford Dictionaries, cyber-attacks are “the act of trying to damage or destroy a computer network, computer system or website by secretly changing information on it without permission”.

    Although, the severity of this attack is yet to be determined. Analysts in the industry asserted that the three companies were significantly affected by significant disruption and total collapse of their IT systems. A spokeswoman for SEA-Invest affirmed the incident and said it affected every port of the company in Africa and Europe.

    Sample of Ports
    A Typical Port (source: SEA-Invest)

    While Belgian prosecutors have started investigation, there is no confirmation of such moves in Africa. The company is present in Senegal, South Africa and Ivory Coast. There has been no official statement from the three African countries about the attack and the depth of impact on the ports. Despite the attack, the liquid transportation remains operational while the company seeks to restore their backup IT system. 

    Ransomware is “type of software that is designed to block access to a computer system until a sum of money is paid”.

    On the other hand, Evos has confirmed that Malta, Ghent, and Terneuzen are the ports affected. As of the press time, no conclusion has been reached concerning the source of this attack.

    Cyberattacks in  Oil and Gas Industry

    The energy sector has been a victim of cyberattacks. In 2017, Notpetya (Ukraine) was attacked 2017, resulting in the shutdown of almost the country’s entire power grid. This is not the first time that oil installations have been attacked. In May 2021, U.S. oil supplier Colonial Pipeline experienced supply problems due to a ransomware attack. It resulted in limited capacity across the U.S., resulting in an emergency. 

    Read Also : IOS or ANDROID which is safer from Cyber attack?

     

    Cyberattacks on energy firms might impact different aspects such as confidentiality, integrity, and availability. It can even result in endangering the lives of workers.  Ahmed Bakr, a Saudi Arabian senior cybersecurity officer (CSO), stated that “Oil and gas companies are targets of cybercriminals. We all are. Their attacks are intended to target a company’s systems and inflict damage by compromising the availability, integrity, and confidentiality of data for example.” The companies are exposed to large-scale threats because of the transnational nature of the players. The threat can even come from activists that can even be environmental groups. 

    Research conducted by the U.S. research institute Ponemon in 2017 discovered that 68percent of U.S. oil and gas companies had experienced a form of cyber attack resulting in loss of confidential information or operational disruption. This further attests to Norway’s experience of 50 oil and Energy companies being infected with Trojan virus. The Council on Foreign Relations (CFR) cited the energy sector as the most vulnerable industry to cyber-attacks. Hence, the need for the energy sector to focus on cyber resilience.