Crypto Cracked, The World’s Richest About to be Exposed & Hacker Takes Over Coinhive

 

Don’t Use Hardcoded Keys (DUHK) – Security researchers have found a serious security issue involving an old pseudo-random number generator (PRNG) protocol, deprecated in many products but still found in around 25,000 devices made by Fortinet. Protocol ANSI X9.31, from the 1990s was approved and in use up until 2016 as it uses fixed keys as one of the inputs to generate pseudorandom numbers.However, as one of the researchers explains:

“If an attacker were to obtain K (one of the pseudorandom number generator’s (PRG’s) input values somehow, and then was able to learn only a single 16-byte raw output block (Ri) from a working PRG, she could do the following: (1) guess the timestamp T, (2) work backwards (decrypting using K) in order to recover the corresponding state value V, and now (3) run the generator forwards or backwards (with guesses for T) to obtain every previous and subsequent output of the generator.

“Thus, if an application uses the ANSI generator to produce something like a random nonce (something that is typically sent in a protocol in cleartext), and also uses the generator to produce secret keys, this means an attacker could potentially recover those secret keys and completely break the protocol.”

Patches are available for the Fortinet products however there may be other vendors and devices using the same protocol, which were not identified in the initial search. This may be the tip of the iceberg but for now, if you use Fortinet products which utilise the protocol, you know what to do.

Offshore Legal Firm Hacked – Financial details of some of the world’s richest individuals is likely to be published in the near future after a Bermuda based legal firm was breached by hackers. Appleby has been bracing for the coming storm and has been approached by the International Consortium of Investigative Journalists after information was leaked. The leak is also expected imminently as Appleby recently published that “a data security incident last year which involved some of our data being compromised,” had occurred. The Telegraph is running with the story today and has stated “it is understood the leak involves some of Britain’s wealthiest people, who were instructing lawyers and public relations companies in an effort to protect their reputations.” We will just have to wait and see what is leaked in the coming days.

Coinhive DNS Server Hacked – A mysterious hacker has ironically hijacked Coinhive’s DNS server and replaced the legitimate Coinhive javascript in-browser miner with a malicious version that then mines Monero for the hacker’s own wallet. Coinhive has commented on the issue saying that the attacker logged into the company’s Cloudflare account and replaced DNS records, pointing the Coinhive domain to a new IP address. Thousand of sites around the world then loaded this malicious script and mined cryptocurrency for the attacker for around six hours. The route cause of the how the attacker gained access? An insecure password that was most likely leaked in the Kickstarter data breach back in 2014. Despite the company using 2FA and unique passwords in other accounts they missed this old account and failed to include those security measures here. Coinhive has said it is looking into ways to reimburse customers who lost revenue as a result of the incident and has upped its own security as a result.