Hackers Using Bots for 2FA, FBI Email Hack, & Buying the Constitution

November 19, 2021 by
Hackers Using Bots for 2FA, FBI Email Hack, & Buying the Constitution
Lighthouse IT Solutions, Matthew Almendinger

The Lighthouse IT Podcast - Novermber 19th, 2021

This week, Matt & Griff discuss hacks on Syniverse, Robinhood, and the FBI, hackers working to get around multi-factor authentication, and crypto-miners working together to buy a copy of the U.S. Constitution.

Listen here!


Five year long breach found in text message routing company

  • Syniverse, a telecom company that helps carriers like Verizon, T-Mobile, and AT&T route messages between each other and other carriers abroad, disclosed in October that it was the subject of a possible five year long hack.
  • Syniverse shared that in May 2021 it "became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization." The company did its due diligence notifying law enforcement and conducting an internal investigation, resulting in the discovery that the security breach first started in May 2016.
  • The hackers "gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers"


Bots that hackers employ to steal your 2FA codes

  • To break into an account, a hacker will need a victim's username or email address and password. They might source that from a previous data breach.
  • But the victim may have multi-factor authentication enabled, which is where the bots come in.
  • Either on Telegram or Discord, the hacker enters their target's phone number and the platform the hacker wants to break into. In the background, the bot then places the automated call to the target.
  • When the bot places the automated call and asks the victim to enter a code they just received, the hacker will simultaneously trigger a legitimate code to be sent from the targeted platform to the victim's phone.


The FBI's email system was hacked to send out fake cybersecurity warnings

  • Hackers targeted the Federal Bureau of Investigation's (FBI) email servers, sending out thousands of phony messages that say its recipients have become the victims of a "sophisticated chain attack"
  • The emails were initially uncovered by The Spamhaus Project, a nonprofit organization that investigates email spammers.
  • The hackers managed to send out emails to over 100,000 addresses via the FBI's publicfacing email system
  • According to Bleeping Computer, the spam campaign was likely carried out as an attempt to defame Vinny Troia, a prominent cybersecurity researcher who runs two dark web security companies. The emails claim that Toria was behind the fake attacks and falsely state that Toria is associated with a hacking group called Dark Overload.
  • They exploited a security gap on the FBI's Law Enforcement Enterprise portal and managed to sign up for an account using a one-time password embedded in the page's HTML. From there, they were able to manipulate the sender's address and email body, executing the massive spam campaign.


Robinhood says a hacker who tried to extort the company got access to data for 7 million customers

  • Trading platform Robinhood said Monday that personal information for more than 7 million customers was accessed during a data breach on November 3rd.
  • An unauthorized third party "socially engineered a customer support employee by phone," Robinhood said, and was able to access its customer support systems. The attacker was able to get a list of email addresses for approximately 5 million people and full names for a separate group of 2 million people. For a smaller group of about 310 people, additional personal information, including names, dates of birth, and zip codes, was exposed, and for about 10 customers, "more extensive account details" were revealed.
  • "it does not appear that Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers have had 'financial loss' due to the incident."
  • Robinhood said the unauthorized third party sought an "extortion payment," and the company notified law enforcement but did not say whether it had made any payments.


Crypto nerds are trying to co-own the U.S. Constitution

  • On November 18, Sotheby's (a fine arts company) is auctioning off "an exceptionally rare and extraordinarily historic" first printing of the U.S. Constitution. Only thirteen copies remain, besides the one located in Washington D.C.'s National Archives museum, from the original printing of 500 that the founders issued for submission to the Continental Congress. It's the first time in 30 years that this one has become available for purchase
  • It's expected to fetch between $15 million and $20 million in the auction — unless, of course, it instead fetches the equivalent in Ethereum.
  • No sooner had Sotheby's announced the impending auction than a decentralized autonomous organization called ConstitutionDAO cropped up, with a plan to pool funds together to win the crown jewel.


Kaseya ransomware suspect nabbed in Poland

  • US Department of Justice (DOJ) press release has just announced the arrest of a Ukrainian suspect, 22, allegedly one of the REvil ransomware operators behind the Kaseya attack.
  • The DOJ also seized more than $6,000,000 in assets that it describes as "traceable to alleged ransom payments received by a Russian national, who is also charged with conducting REvil ransomware attacks"


Microsoft partners with Meta to integrate Teams into Facebook-like Workplace

  • Workplace by Meta will soon integrate Microsoft Teams to livestream video into Workplace groups.
  • Microsoft is also integrating Workplace into Teams, which will enable Teams users to access Workplace content through an app within Teams.
  • Microsoft and Meta are also setting the stage to compete for the enterprise metaverse in the years ahead. Both companies unveiled similar visions for virtual spaces and meetings recently, but given these continued partnerships, we may well see the pair collaborate even further on virtual reality and metaverse efforts in the future.


Blackberry uncovers initial access broker

  • IABs provide initial access to a network by compromising it and then selling the access to a someone like a ransomware group.
  • The average IAB makes about $5400/per network.


Twitter Blue's full launch

  • "We are excited to share that Twitter Blue is now available in the United States and New Zealand across iOS, Android and web." - Twitter
  • Twitter Blue is available for a monthly price of US $2.99
  • Ad-Free, Undo Tweets, customization, upload videos up to 10min long, pin conversations, and early access to future features.