The Good, the Bad and the Ugly in Cybersecurity – Week 52

The Good

2020 has seen many international operations against cybercriminals and cybercrime infrastracture. This week, we were pleased to learn that law enforcement agencies continue the good fight with another impressive operation. Operation Nova, a coordinated law enforcement operation led by the German Police, Europol, the FBI and other law enforcement agencies from around the world, resulted in the takedown of Safe-Inet, a virtual private network (VPN) used by a number of prominent cybercrime groups.

The Safe-Inet service was shut down and its infrastructure seized in Germany, the Netherlands, Switzerland, France and the United States.

The VPN service was active for over a decade and was used by ransomware operators and other cybercriminals to cover their tracks. The service was sold at a high price and billed as “one of the best tools available to avoid law enforcement detection”, offering up to five layers of anonymous VPN connections.

The Head of Europol’s European Cybercrime Centre, Edvardas Šileris said:

“The strong working relationship fostered by Europol between the investigators involved in this case on either side of the world was central in bringing down this service. Criminals can run but they cannot hide from law enforcement, and we will continue working tirelessly together with our partners to outsmart them.”

The Bad

Cryptocurrencies are all the rage at the moment. The main currency, Bitcoin, has reached new heights, carrying with it the entire crypto market. But before these currencies can really become mainstream, there are several security challenges regarding the trade and safekeeping of cryptocurrency that remain to be solved. Case in point: cryptocurrency wallet company Ledger was breached earlier this year, and this week the details of 272,000 customers, including names, mailing addresses, and phone numbers were dumped online to Raidforums, a site for sharing hacked databases.

France-based Ledger reported back in July that it had discovered a breach of its e-commerce and marketing databases resulting in the theft of customer email addresses. The publishing of the database now increases the likelihood of Ledger customers becoming victims of phishing attacks by cybercriminals who will try to obtain their private keys. There have even been some reports of personal threats with violence.

There are crypto troubles on the other side of the English channel, too. British cryptocurrency exchange outfit EXMO disclosed Monday that its hot wallets had been compromised. It is unknown how the hackers were able to breach EXMO, but it is estimated that the company has lost over $10 million from the hot wallet breach, or about 6% of its total crypto assets.

In a statement, EXMO has notified its clients about the breach and warned them not to deposit any funds to existing wallets. Meanwhile, all withdrawal activity has been suspended.

The Ugly

The European Court of Human Rights has been hit by a cyberattack and taken offline since Tuesday. The attack came after the court published a ruling to release the incarcerated former leader of the pro-Kurdish Peoples’ Democratic Party (HDP), Selahattin Demirtaş. The Court found that the detention of 47-year-old Demirtaş, which has lasted more than four years, goes against “the very core of the concept of a democratic society.”

Anka Neferler Tim, a Turkish hacktivist group, took responsibility for the attack on their Facebook, Twitter and Youtube accounts:

“The website of the European Court of Human Rights, who wanted Selahattin Demirta aş’s release, has been closed due to our attacks. We are not opening the site until they make an apology statement!”

As of the time of writing, the site is still unavailable. It is unknown which type of attack took place, but given Anka Neferler Tim’s history, it’s most likely a DDoS attack.

The European Court of Human Rights provided this statement:

“Following the delivery of the Selahattin Demirtas v. Turkey (no. 2) judgment on 22 December, the website of the European Court of Human Rights was the subject of a large-scale cyberattack which has made it temporarily inaccessible. The Court strongly deplores this serious incident. The competent services are currently making every effort to remedy the situation as soon as possible.”