Bitcoin hacker steals money and passwords from Dark Web users, jailed

Blockchain and cryptocurrency related crimes are something heard about in a very scarce quantity. But this week, a 37 year-old man in the US has been sentenced to one year and one day in prison for fraud in connection with a Bitcoin $BTC▲2.4% phishing scheme designed to rob victims of their cryptocurrency.

Michael Richo was allegedly running an elaborate bitcoin phishing scheme, all with the purpose of stealing confidential information from unaware victims, including various sums of cryptocurrency which they held.

Richo, of New Haven, was also ordered to forfeit $352,000 in cash, various computers and electronic devices, such as digital and hardware-based wallets, which contained a vast array of different precious metals and virtual coins that he purchased with the proceeds of his offense.

It was during the trial that evidence, such as court documents from the trial in question, as well as supplementary statements, illustrate just where Richo was going in order to target individuals for his Phishing attacks – The Dark Web.

Per court documents associated with Richo’s case, he will be subject to three years of supervised release once he’s out of prison. His operation involved targeting individuals on the dark web using marketplaces.

He did so by posting fake links to online marketplaces on dark web forums. Once users clicked on them, these links would then direct users to fake login pages that resembled the real login pages for various dark web marketplaces. Once the victim entered his credentials, the hacker would steal them. He would then monitor the individual’s Bitcoin balance at the real marketplace and would withdraw the coins once the person deposited the funds. He would then either deposit the funds directly to his bitcoin wallet, or sell them on cryptocurrency exchanges for US dollars. The US dollars obtained as a result were deposited into bank accounts under his control or provided to him through Green Dot Cards, Western Union transfers, and MoneyGram transfers.

The dangers of default passwords : Routers use default 'password'

A hacker with twitter handle SuperSl1nk has discovered a security flaw in the Router's web admin interface. The famous organization left their router password as default one.  The worst part is that the default password is 'password'

"The dangers of default passwords is a critical vulnerability that unfortunately touches a lot of school, business, government and other ... The developpers are not aware of the danger or repercussion that this may have on the entire system." The hacker said in the leak.

"I can publish a little of my results. Only for Lesson ! :p"

The list of affected network includes (U.S.A), Imagination (U.S.A),
Hotwire Communications (U.S.A), Capital Market Stragies L (U.S.A), University of Maryland Baltimore County (UMBC U.S.A), U.S. Network (U.S.A), LG DACOM Corporation (Korea).

Other affected networks : Harano Telecom (Korea),SK Broadband Co Ltd (Korea) ,Korea Telecom (Korea) , Infrastructure EM (Denmark) , Bahnhof Internet AB (Sweden), Intelligente Office (Canada), Wightman Telecom (Canada).

"@EHackerNews I've seen much worse, but I did not publish everything, I have access to ISP, Telecom, Gov, Military, Big Company... " In a tweet hacker replied to EHN.

All of the affected network has the same password to sign in to the interface .  Yes it is 'password' .

Browser Event Hijacking allows hacker to steal your password

Browser Event Hijacking

Be careful what you type on your web browser.  Hacker can hijack search command in browser and steal your password or any other sensitive data by social engineering attack.

The hacking method has been possible for years , but now two POCs has been published that demonstrate how an attacker can lure victims to give their password.

Browser Event Hijacking:

The hacker can hijack the browser event by using 'preventDefault' method on JavaScript, that cancels an operation while allowing all remaining handlers for the event to be executed. For Eg: if you press Ctrl+F , hackers can display their own search box instead of the browser search box.

The hack was initially posted here:

A simple code that hijacks the browser event and steal password :
                if((evt.which == "70" && (evt.metaKey || evt.ctrlKey))){
                        /* display fake search */

Then another researcher rebuild the POC with a fake list of leaked passwords. So someone just presses CTRL+F in his browser and types his password to look if it is leaked ,become victim.

The POC :

If you search for any keywords in the page, it will lure you to believe there is password with your search string.