Wednesday, February 24, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange

September 21, 2019
in Internet Security
Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: ZDNet

US authorities have indicted two suspects for hacking cryptocurrency exchange EtherDelta in December 2017, changing the site’s DNS settings, and redirecting traffic to a clone where they logged user credentials and then stole customer funds.

One of the two suspects is Elliott Gunton, also known as “Glubz,” a 20-year-old from the UK, better known for participating in the TalkTalk hack.

You might also like

Bill establishing cyber abuse takedown scheme for adults enters Parliament

McAfee shares jump on first public report: Q4 revenue tops expectations, outlook higher as well

Flash version distributed in China after EOL is installing adware

The other is Anthony Tyler Nashatka, also known as “psycho,” a resident of New York.

The two, over the course of just a week, went from buying an EtherDelta’s employee phone number off the black market to stealing funds from thousands of EtherDelta users.

The hackers acquired the EtherDelta’s CEO personal details

According to court documents ZDNet received from a tip, it all started on December 13, when Nashakta bought using Bitcoin the personal details an EtherDelta employee.

The data, believed to have been acquired from underground data traders, contained the employee’s phone number and email address.

While court documents only identify this employee as Z.C., this person is believed to be Zachary Coburn, the company’s CEO, as only his accounts would have allowed the hacker to do what they did next.

Court documents don’t say if Nashakta specifically targeted Coburn’s data because he was the EtherDelta CEO, or if the hacker accidentally found it inside a larger data pool and realized who he was.

However, later that same night, recognizing the value of the details he acquired, Nashakta reached out to Gunton and made plans to hijack EtherDelta’s Cloudflare and Dreamhost accounts.

Hackers call-forwarded the CEO’s phone number

Things didn’t get off the ground right away, but six days later, on December 19, 2017. Court documents reveal that Gunton somehow managed to convince a mobile telco’s operator to add a call forwarding number to Coburn’s mobile account.

This meant that any incoming calls for Coburn’s phone would be silently forwarded to a Google Voice number operated by the two.

Gunton and Nashatka didn’t waste any time and immediately used the call forwarding feature to silently bypass two-factor authentication (2FA) on Coburn’s EtherDelta (admin) account.

A day later, on December 20, the two moved in to capitalize on their hack. They first started by modifying DNS settings in the company’s G Suite portal and redirected Gmail traffic through a UK server they owned, allowing the two to intercept and hide certain emails.

The next step was to reset the password on EtherDelta’s Cloudflare account, retrieve the password reset link from Coburn’s intercepted emails, and access the Cloudflare account as new owners, changing the password and locking out other company employees.

The final step was to change EtherDelta’s DNS records inside the Cloudflare account and add new values, effectively pointing the EtherDelta official site to a web server they operated. Here, the two hosted a clone of the original site, but one that logged users’ credentials.

The DNS redirection lasted only a few hours until it was spotted and widely reported in the media.

After their plan was exposed, the two moved on to cash in on the stolen credentials. While court documents don’t say how much the two made, they do reveal that one victim reported losing more than $800,000.

Gunton already sentenced in the UK

The indictment was filed on August 13, in San Francisco. Three days later, Gunton was sentenced to 20 months in prison in the UK for trading personal data online, for cryptocurrency, following his arrest in 2018. The US case is believed to have stemmed from the data found on Gunton’s devices.

In the US, the two face five counts each, with maximum prison penalties of up to 20 years, up to three years of supervised released, and a fine of up to $250,000.

Ironically, in November 2018, the US Securities and Exchange Commission also charged Coburn, the EtherDelta CEO, with running an unregistered securities exchange [PDF].

Credit: Zdnet

Previous Post

Water Data Provides Ground-Level Insight into Business Risk

Next Post

Creating an omnichannel experience for B2C brands

Related Posts

Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

Bill establishing cyber abuse takedown scheme for adults enters Parliament

February 24, 2021
McAfee shares jump on first public report: Q4 revenue tops expectations, outlook higher as well
Internet Security

McAfee shares jump on first public report: Q4 revenue tops expectations, outlook higher as well

February 24, 2021
Flash version distributed in China after EOL is installing adware
Internet Security

Flash version distributed in China after EOL is installing adware

February 24, 2021
These hackers sell network logins to the highest bidder. And ransomware gangs are buying
Internet Security

These hackers sell network logins to the highest bidder. And ransomware gangs are buying

February 23, 2021
IBM issues patches for Java Runtime, Planning Analytics Workspace, Kenexa LMS
Internet Security

IBM issues patches for Java Runtime, Planning Analytics Workspace, Kenexa LMS

February 23, 2021
Next Post
Creating an omnichannel experience for B2C brands

Creating an omnichannel experience for B2C brands

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Xi’an Jiaotong University establishes blockchain research institute with Future FinTech
Blockchain

Xi’an Jiaotong University establishes blockchain research institute with Future FinTech

February 24, 2021
Machine Learning Market Size 2021
Machine Learning

Machine Learning Market Size 2021

February 24, 2021
6 Tips for Measuring LinkedIn Ad Campaigns
Marketing Technology

6 Tips for Measuring LinkedIn Ad Campaigns

February 24, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

Bill establishing cyber abuse takedown scheme for adults enters Parliament

February 24, 2021
A Plethora of Machine Learning Articles: Part 1
Data Science

A Plethora of Machine Learning Articles: Part 1

February 24, 2021
Market Live: Global Machine Learning Big Data Analytics Education Market Can Deliver up to High CAGR over the next Few Years | COVID19 Impact Analysis
Machine Learning

Global Machine Learning Market 2021 Size, Industry Growth and Forecast till 2025 | COVID19 Impact Analysis

February 24, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Xi’an Jiaotong University establishes blockchain research institute with Future FinTech February 24, 2021
  • Machine Learning Market Size 2021 February 24, 2021
  • 6 Tips for Measuring LinkedIn Ad Campaigns February 24, 2021
  • Bill establishing cyber abuse takedown scheme for adults enters Parliament February 24, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates