Tag • #cryptocurrency

qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix

news.movim.eu / TorrentFreak · Saturday, 2 September - 19:59 · 4 minutes

While BitTorrent client functionality hasn’t fundamentally changed over the past 20 years, developers of leading clients haven’t let their software stagnate.

A good example is the excellent qBittorrent , a feature-rich open source client which still receives regular updates. In common with similar clients, qBittorent can be found on GitHub along with its source and installation instructions.

Elsewhere on the same platform, users were recently trying to work out how a standard qBittorrent install suddenly led to the appearance of unwanted cryptocurrency mining software on the same machine.

Proxmox and LXC

For those unfamiliar with Proxmox VE , it’s an environment for virtual machines that once tried becomes very useful, extremely quickly. It’s also free for mere mortals and in most circumstances, very easy to install and get up and running.

With help from various Proxmox ‘helper scripts’ offered by tteck on GitHub (small sample to the right), even beginners can install any of dozens of available software packages in a matter of seconds using LXC containers .

Even if none of that makes sense, it doesn’t matter. Those who want qBittorrent installed, for example, can copy and paste a single line of text into Proxmox…and that’s it. Given that the whole process is almost always flawless, user issues are very rare, so to hear of a possible malware infection came as a real shock recently

Cryptominer Discovery

In summary, a Proxmox user deployed a tteck script to install qBittorrent and then a month later found his machine being worked hard by cryptomining software known as xmrig . While he investigated the problem, tteck removed the qBittorrent LXC script as a basic precaution, but it soon became clear that neither Proxmox or tteck’s script had anything to do with the problem.

The unwelcome software was indeed installed maliciously, but due to a series of avoidable events, rather than a genius hack.

When a qBittorrent installation like this completes and the software is launched, access to qBittorent takes place through a web interface accessible from most web browsers. By default, qBittorrent uses port 8080 and since many users like to access their torrent clients from remote networks, qBittorrent uses UPnP (Universal Plug and Play) to automate port forwarding, thereby exposing the web interface to the internet.

Having this working in record time is all very nice, but that doesn’t mean it’s safe. To ensure that only the operator of the client can access the web interface, qBittorrent allows the user to configure a username and a password for authentication purposes.

This generally means that random passers-by will need to possess these credentials before being able to do damage. In this case, the default admin username and password were not changed and that allowed an attacker to easily access the web interface.

Attacker Told qBittorrent to Run an External Program

To allow users to automate various tasks related to downloading and organizing their files, qBittorrent has a feature that can automatically run an external program when a torrent is added and/or when a torrent is finished.

The options here are limited only by the imagination and skill of the user but unfortunately the same applies to any attacker with access to the client’s web interface.

In this case the attacker told the qBittorrent client to run a basic script on completion of a torrent. The script accessed the domain http://cdnsrv.in from where it downloaded a file called update.sh and then ran it. The consequences of that are explained in detail by tteck , but the main points are a) unauthorized cryptomining on the host machine and b) the attacker maintaining root access via SSH key authentication.

Easily Avoided

The default admin username for qBittorrent is ‘admin’ while the default password is ‘adminadmin’. Had these common-knowledge defaults been changed following install, the attacker would still have found the web interface but would’ve had no useful credentials for conventional access.

More fundamentally, possession of the correct credentials would’ve had limited value if the qBittorrent client hadn’t used UPnP to expose the web interface in the first place. Taking another step back, if UPnP hadn’t been enabled in the user’s router, qBittorrent would’ve had no access to UPnP, and wouldn’t have been able to forward ports or expose the interface to the internet.

In summary: disable UPnP in the router and only enable it once its function is fully understood and when absolutely necessary. Never leave default passwords unchanged, and if something doesn’t need to be exposed to the internet, don’t expose it unnecessarily.

Finally, it’s worth mentioning that tteck ‘s response, to a problem that had nothing to do with Proxmox or his scripts, has been first class. Anyone installing the qBittorrent LXC from here will find the default admin password changed and UPnP disabled automatically.

Any time saved can be spent on automated installs of Plex, Tautulli, Emby, Jellyfin, Jellyseerr, Overseerr, Navidrome, Bazarr, Lidarr, Prowlarr, Radarr, Readarr, Sonarr, Tdarr, Whisparr, and many, many more.

Proxmox: An Open Source Type 1 Hypervisor

From: TF , for the latest news on copyright battles, piracy and more.

Sam Bankman-Fried is going to jail

news.movim.eu / ArsTechnica · Friday, 11 August - 20:25

Enlarge / Sam Bankman-Fried. (credit: Bloomberg / Contributor | Bloomberg )

A federal judge in New York today ordered disgraced FTX founder Sam Bankman-Fried's to jail after revoking his bail, The New York Times reported .

Bankman-Fried had been under house arrest, but prosecutors convinced Judge Lewis A. Kaplan of the Federal District Court in Manhattan that Bankman-Fried had fed documents to the media in order to intimidate a witness in the case. Now Bankman-Fried has to prepare his defense to 13 criminal charges from jail.

In June, Bankman-Fried filed a motion to dismiss, hoping that some of those charges would be dropped. But Kaplan decided that his arguments in the motion were "either moot or without merit,” CNN reported .

Read 5 remaining paragraphs | Comments

Pirate Site Survives ‘Operation: Sunstroke’ But Massive Lawsuit Awaits

news.movim.eu / TorrentFreak · Thursday, 10 August - 07:56 · 5 minutes

At least on the surface, the story of Sdarot, Israel’s most popular pirate site, sounds quite similar to that of The Pirate Bay. Loved by millions and loathed by entertainment companies, both have demonstrated an unusual ability to remain online, despite overwhelming odds.

But while The Pirate Bay has generated considerable revenue over the years, Sdarot’s existence and its ability to generate profit seem inexorably intertwined. The subscription fees, paid by some (but not all) of its users in return for access to Israel’s top premium TV channels, are the main attraction. They’re also the reason the people behind Sdarot’s are among the most hounded pirate site operators on the planet.

Legal Action in the United States

With legal victories and blocking injunctions proving all but useless in Israel, companies including United King Film Distribution, DBS Satellite Services, and Hot Communication, filed three copyright infringement lawsuits in New York, with Sdarot one of the main targets. The companies requested an award for damages and then received one worth $23 million, not bad all things considered.

A decision by the entertainment companies to go hard with their injunction demands, including that every ISP in the United States should be forced to block Sdarot’s domains, was outrageously ambitious yet somehow received approval from the court in 2022.

What followed was an ill-thought-through attack on Cloudflare and universal disapproval from Big Tech. That led to the blocking demands being withdrawn and a mostly secret process to degrade Sdarot’s ability to conduct business online.

Sdarot Remains in Business; But For How Long?

Reports emerging over the past few days indicate that in addition to legal problems in the United States, Sdarot now faces a new lawsuit in Israel. Following an investigation by Zira, an anti-piracy group that has hounded Sdarot for years, a lawsuit was filed at the Tel Aviv District Court against 14 people alleged to be involved in the operation of the pirate TV show platform.

According to Israeli news outlet Walla, the letter of claim describes a “well-oiled criminal system” that illegally records and distributes copyrighted content, and then launders the revenue, hiding it from tax authorities. Those behind the platform are also accused of exploiting minors, an allegation we’ll return to in a moment.

Zira reportedly engaged an unnamed European cybersecurity company to “follow the money” or, more accurately, cryptocurrency wallets used to receive payments from users before forwarding to other wallets. As published by Walla, the document below appears to be part of the evidence package and claims to show a BTC wallet with an extremely healthy balance.

BTC transaction document (credit: Walla )

In common with the investigation that eventually took down Megaupload, Zira appears to have avoided discrimination based on the type or scale of alleged offending at Sdarot. From the top of the site to the very bottom, anyone involved seems eligible.

Owner Through to Facebook Moderator

The alleged owner of Sdarot (TV shows) and sister site Sratim (movies) is named in the lawsuit as Michael Ben-Ami, a former resident of Dimona who no longer lives in Israel. Seeing Ben-Ami’s name in print after years in the shadows provokes a trip down memory lane.

When local TV companies were trying to shut down and/or block Sdarot in 2013, the name of the site’s operator was initially unknown. After subsequently identifying Ben-Ami as the main suspect, police raided his home looking for evidence. Reports at the time claimed that officers were confronted by Ben-Ami’s then-wife/partner who pulled out a knife and turned a ‘normal’ police drama into a potential crisis.

As far as we know, no one was injured, which left Ben-Ami – a former police officer – to deny all involvement in the site.

The lawsuit goes on to name Ephraim Fishel Shtroch as a central figure in the streaming operation. The resident of Beit Shemesh stands accused of developing the site’s mobile and smart TV applications. Also among the accused is Ashdod resident Aviel Twito, who reportedly provided hosting services for Sdarot in Israel, plus Ariel Eisental and Bar Lubinger, who stand vaguely accused of helping the site to make pirated content available.

The list concludes with those who helped to run the site, such as Shaul Amedi and Daniel Levy, and those who moderated social media channels; Shoval Reshef and Lipez Nossen (Discord), David Shemesh (Telegram), plus Alik Abramson and Yuval Abramzon (Facebook). Idan Yuval stands accused of designing Sdarot’s website while Yarin Shimoni is said to have provided voice-overs for content released on the platform.

Commenting on the lawsuit, CEO of Zira Ido Natan said an important step had been taken against widespread copyright infringement in Israel. According to the person behind Sdarot’s Twitter account, Zira’s more recent steps against infringement have been going on for quite some time.

No Love Lost Between Sdarot and Zira

After celebrating Sdarot’s 1,000,000th member on June 16, early July the person controlling the Twitter account spoke of experiencing “somewhat significant technical malfunctions” due to Zira’s activities against the site. That turned out to be the seizure of Sdarot’s server in Israel which in turn solicited a response from Sdarot containing a threat against someone allegedly involved.

On July 12, alarm bells rang more urgently at Sdarot HQ, wherever that might be.

“The site is under attack on several different fronts at the same time now, in at least four different countries! The site is currently only active for subscribers until we return to full normality in a few days,” an announcement declared.

What followed were public allegations against Zira CEO, Ido Natan. The tweet in question claims that Natan previously worked as the Minister of Justice’s personal assistant and then suddenly became CEO of Zira.

A day later Eli Cohen, the pseudonym used by the owner of Sdarot, offered to close down the site if certain conditions were met.

With memes quickly descending into more personal insults, Sdarot acknowledged the existence of the Zira lawsuit on August 2 and also appeared to shine light on allegations that the site “exploited minors.”

“I heard that Zira reached the bottom of the ladder. They decided to sue 14 people, some of whom live in Israel. Some of them are minors, all because they claim to have been part of the site’s team about a decade ago,” the tweet reads, adding: “You increased our motivation to continue.”

This week Sdarot announced two things: 1) the operation to shut the site down (Operation: Sunstroke) had come to an end. 2) On September 7, 2023, Sdarot is expected to make a full comeback.

From: TF , for the latest news on copyright battles, piracy and more.

Ready for your eye scan? Worldcoin launches—but not quite worldwide

news.movim.eu / ArsTechnica · Monday, 24 July - 13:14

Enlarge (credit: FT Montage/Bloomberg)

Sam Altman’s cryptocurrency project, the Worldcoin Foundation, is rolling out its services globally even as the company cofounded by the OpenAI chief faces regulatory pushback in the US.

The Berlin and San Francisco-based start-up announced on Monday that its technology, including its Worldcoin token—a cryptocurrency traceable on the blockchain that requires users to first prove their identity—will be available in 35 cities across 20 countries.

Central to the effort is an eye-scanning physical “orb,” which Worldcoin’s founders say is necessary for a future in which distinguishing between humans and robots becomes increasingly challenging due to a surge in artificial intelligence technology. Once users have proved they are not robots, they can be issued one of the company’s tokens.

Read 11 remaining paragraphs | Comments

SEC sues Coinbase, continues major crackdown on cryptocurrency exchanges

news.movim.eu / ArsTechnica · Tuesday, 6 June - 18:08

SEC sues Coinbase, continues major crackdown on cryptocurrency exchanges

Enlarge (credit: NurPhoto / Contributor | NurPhoto )

Just one day after suing Binance , the US Securities and Exchange Commission (SEC) has now sued Coinbase , the largest cryptocurrency exchange operating in the US.

The SEC alleged that Coinbase has violated laws since "at least 2019" by failing to register both its cryptocurrency trading platform and its crypto asset-staking program. Director of the SEC’s Division of Enforcement, Gurbir S. Grewal, said in a press release that Coinbase chose not to register, making "calculated decisions" that "may have allowed it to earn billions" while knowingly depriving Coinbase investors of SEC protections.

"You simply can’t ignore the rules because you don’t like them or because you’d prefer different ones: the consequences for the investing public are far too great,” Grewal said. "As alleged in our complaint, Coinbase was fully aware of the applicability of the federal securities laws to its business activities, but deliberately refused to follow them."

Read 22 remaining paragraphs | Comments

Landmark crypto rules make exchanges liable for customer losses in EU

news.movim.eu / ArsTechnica · Tuesday, 16 May - 16:45

Landmark crypto rules make exchanges liable for customer losses in EU

Enlarge (credit: Yossakorn Kaewwannarat | iStock / Getty Images Plus )

Today, the European Union approved a comprehensive set of cryptocurrency regulations seeking to lay the groundwork for how crypto is regulated globally. The rules—which make providers liable if they lose investors' crypto assets—will go into effect in 2024 across 27 EU member states.

"I am very pleased that today we are delivering on our promise to start regulating the crypto-assets sector," Elisabeth Svantesson, Sweden's minister of finance, said in a press release. "Recent events have confirmed the urgent need for imposing rules which will better protect Europeans who have invested in these assets and prevent the misuse of crypto industry for the purposes of money laundering and financing of terrorism."

Among recent events spurring the legislative push was the collapse of FTX , Mairead McGuinness, the European commissioner for financial services, told CNBC late last year. FTX was one of the world's largest cryptocurrency exchanges, and its implosion led to $8 billion in customer losses, the United States Commodity Futures Trading Commission estimated .

Read 11 remaining paragraphs | Comments

$1.5M crypto scheme leads to 2-year prison term for ex-Coinbase manager

news.movim.eu / ArsTechnica · Wednesday, 10 May - 16:07

$1.5M crypto scheme leads to 2-year prison term for ex-Coinbase manager

Enlarge (credit: SOPA Images / Contributor | LightRocket )

Yesterday, a former Coinbase product manager, Ishan Wahi, was sentenced to two years in prison for running the first cryptocurrency insider trading scheme investigated by the United States Department of Justice.

Wahi had pleaded guilty after Coinbase and the FBI found that he provided confidential information on upcoming Coinbase crypto asset listings to his brother, Nikhil, and his friend Sameer Ramani. The multiple tipoffs led to profits of approximately $1.5 million as the men went undetected for 10 months, trading 55 digital assets ahead of Coinbase listing announcements that generally caused huge spikes in asset market valuation.

The US attorney for the Southern District of New York, Damian Williams, condemned Wahi's actions, saying that he "violated the trust placed in him by his employer by tipping others with valuable confidential information regarding Coinbase’s planned token listings."

Read 19 remaining paragraphs | Comments

SBF says “dishonesty and unfair dealing” aren’t fraud, seeks to dismiss charges

news.movim.eu / ArsTechnica · Tuesday, 9 May - 19:52 · 1 minute

SBF says “dishonesty and unfair dealing” aren’t fraud, seeks to dismiss charges

Enlarge (credit: Drew Angerer / Staff | Getty Images North America )

Late Monday, legally embroiled FTX founder Sam Bankman-Fried moved to dismiss the majority of criminal charges lobbed against him by the United States government after his cryptocurrency exchange went bankrupt in 2022.

In documents filed in a Manhattan federal court, the law firm Sullivan & Cromwell shared Bankman-Fried's first official legal defense. Lawyers accused the US of a "troubling" and "classic rush to judgment," claiming that the government didn't even wait to receive "millions of documents" and "other evidence" against Bankman-Fried before "improperly seeking" to turn "civil and regulatory issues into federal crimes."

After FTX's collapse last year, federal prosecutors acted quickly to intervene, within a month alleging that Bankman-Fried was stealing billions in customer funds , defrauding investors, committing bank and wire fraud, providing improper loans, misleading lenders, transmitting money without a license, making illegal campaign contributions, bribing China officials , and other crimes. Through it all, Bankman-Fried has pleaded not guilty. Now, in his motion to dismiss, Bankman-Fried has requested an oral argument to "fight these baseless charges" and "clear his name." He's asking the court to dismiss 10 out of 13 charges, arguing that federal prosecutors have failed to substantiate most of their claims.

Read 20 remaining paragraphs | Comments

Sc

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

news.movim.eu / Schneier · Tuesday, 4 April - 14:10

News :

Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.”

Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that’s used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines—at least as far as Kaspersky could observe so far—and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”