Last Week In Blockchain and CyberSecurity News - July 30, 2019

Capital One Data Breach Affects 106 Million People, Suspect Arrested

The transaction data, credit scores, payment history, balances, as well as some linked bank accounts and Social Security numbers of 106 million Capital One customers have been exposed. According to Capital One, an unauthorized individual accessed their systems and consumer data between March 22nd and March 23rd of this year. In their press release, Capital One stated:   

"On July 19, 2019, we determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for credit card products and Capital One credit card customers."  

The individual obtained a host of data including: 

  • “Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information 

  • Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018 

  • About 140,000 Social Security numbers of our credit card customers 

  • About 80,000 linked bank account numbers of our secured credit card customers”  

Customers that have been affected by this breach will be sent an email provided with a free credit monitoring service. The FBI has arrested a suspect in connection to the hack of Capital One’s systems.  

Read more here

Blockchain-Encrypted Mobile Voting Comes to Utah

Overseas voters from Utah County, Utah, are provided with a unique option to cast ballots in elections this year using a mobile application that utilizes blockchain encryption to transmit information/votes back to city officials. As active-duty military and other expats are unable to vote in person, this option may provide a more secure and stable process. 

The application, called Votaz, has also been tested in elections in West Virginia and Denver. Rather than using other antiquated and flawed software such as UOCAVA, Votaz claims to be much more secure and efficient. Votaz utilizes multiple authentication methods such as multi-factor authentication and facial recognition to ensure reliability while users access and submit their ballots. The application’s user data along with the filled-out ballots are then encrypted using a distributed ledger. 

Read more here

Judge Rules No Jail Time for WannaCry 'Killer' Marcus Hutchins, A.K.A. MalwareTech

Last week, District Judge J.P. Stadmueller determined Marcus Hutchins was a free man, only requiring one year of supervised release for developing and selling the Kronos banking malware. Stadmueller also highlighted Hutchins’s good work as “too many positives on the other side of the ledger.”  

The FBI arrested Hutchins on August 2017 for his alleged role in the production and distribution of Kronos between 2014 and 2015. Kronos is a banking trojan that is designed to steal banking credentials and other sensitive information from compromised computers. Hutchins defended himself, stating he “deeply” regrets his conduct and made some “bad decisions” while he was a teenager.  

Get more information here

New Variant of Linux Botnet WatchBog Adds BlueKeep Scanner

WatchBog, a cryptocurrency mining botnet, has developed a new variant that includes a module to scan the internet for Windows RDP servers vulnerable to the BlueKeep vulnerability (CVE-2019-0708). Researchers at Intezer suspect that more than 4,500 Linux machines have been compromised in new campaigns that have taken place since early June. Criminals can also use the BlueKeep RDP protocol vulnerability scanner module as a method to develop a list of vulnerable systems to target in the future or to sell to other malicious actors.  

BlueKeep is a critical vulnerability that “could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks.” As always, updating your systems with the most recent software is recommended.  

Read more here

U.S. Files a Lawsuit Against Bitcoin Exchange That Helped Launder Ransomware Profits

The US Department of Justice has hit the now-defunct BTC-e cryptocurrency exchange with a civil lawsuit that seeks to recover more than $100 million.  

According to ZDNet, “In a lawsuit filed on Friday, July 26, the US wants to recover $88,596,314 from the accounts of the now-defunct BTC-e cryptocurrency exchange, and an additional $12 million from Alexander ‘Mr. Bitcoin’ Vinnick, BTC-e's founder and CEO.”   

The lawsuit claims BTC-e helped cyber-criminals launder stolen funds, such as those who received payment of illegal cryptojacking campaigns, or ransomware payments. Vinneck has had a long history with authorities as multiple government entities have attempted to arrest or pose fines.  

Read more here