Best Infosec Long-Reads of the Week, 6/11/22

Costa Rica pays a steep price for the Conti ransomware attack, Binance has processed billions from malicious deeds, Bitcoin veil of anonymity pierced, Malaysian LGBTQ activists get infosec help , more

Metacurity is pleased to offer our free and paid subscribers this weekly digest of selected long-form infosec pieces and related articles that we think you’d like and that we couldn’t properly fit into the daily crush of news.

Let us know what you think, and feel free to let us know if we missed something important by sending us a note to info@metacurity.com. Happy reading!

• Carla Rosch has this heartbreaking piece in Rest of World about how the infrastructure collapse in Costa Rica has been far more expensive than the $15 million that the Conti ransomware gang has demanded after it attacked the country in April. In the first two days of the attack alone, the Costa Rican Chamber of Foreign Commerce estimated losses of over $125 million while the economy is losing an estimated $30 million a day as the hackers call for an overthrow of the government. “Mayhem continues in the country’s ports. In addition, payroll systems are down, hindering the payment of about tens of thousands of public employees’ salaries,” Rosch writes.
• Angus Berwick and Tom Wilson of Reuters delve into how Slovakian cryptocurrency exchange Binance processed transactions totaling at least $2.35 billion from hacks, investment frauds, and illegal drug sales from 2017 to 2021, including, in at least one instance, funds from North Korea’s Lazarus threat group. Binance Chief Communications Officer Patrick Hillmann disputed Reuters calculations and said his company is building “the most sophisticated cyber forensics team on the planet” and was seeking to “further improve our ability to detect illegal crypto activity on our platform.”
• In this bonkers tale, the New Yorker’s Patrick Radden Keefe walks through how a volatile and unpleasant agency coder, Joshua Schulte, allegedly handed over more than two billion pages’ worth of data to Wikileaks, which published the data in what became known as the Vault 7 and Vault 8 leaks. Investigators also discovered incriminating material to bring federal child pornography and Virginia state sexual charges against Schulte. Trials related to these charges are on hold while Schulte stands trial for the second time (after a mistrial the first time) for the unauthorized disclosure of classified information and other offenses relating to the theft of classified material.
• Siobhan Roberts’ New York Times piece examines how Alyssa Blackburn, a data scientist at Rice University and Baylor College of Medicine in Houston, created a project to “pierce the scrim of anonymity, track the transaction flow from Day 1 and study how the world’s largest cryptoeconomy emerged.” By consolidating many bitcoin addresses was able to identify 64 key players who mined most of the bitcoin during the currency’s first two years.
• Wired’s Andy Greenberg explains how dark web marketplace AlphaBay has arisen from the ashes of its 2017 takedown in a global sting operation. Ten months after AlphaBay’s number-two administrator and security specialist, publicly known only as DeSnake, suddenly reappeared and announced AlphaBay’s resurrection in a new and improved form, AlphaBay “is now well on its way to its former heights atop the digital underworld.”
• Highlighting what experts say is a textbook example of China’s playbook to acquire advanced technology, Jordan Robertson and Michael Riley of Bloomberg detail how a Beijing-based firm Xtal Inc potentially stole its trade secrets from ASML Holding NV, a Dutch manufacturer. Xtal is the same as another firm, Dongfang Jingyuan Electron Ltd; both were created a month apart in 2014 by a former ASML engineer named Zongchang Yu. Yu has an outstanding arrest warrant in California on allegations of stealing trade secrets from ASML from litigation surrounding the alleged theft. According to company statements and other Chinese documents, Yu now runs Dongfang in Beijing with ample support from the Chinese government. “
• Megan Tatum in MIT Review looks into how despite severe online harassment and persecution of LGBTQ activists in Malaysia, safe spaces are opening online that have transformed LGBTQ activism in the country. To fight against the Malaysian government’s efforts to snuff out these new freedoms, organizations such as the trans-led SEED Foundation have brought in cybersecurity experts to train members about the intricacies of cybersecurity, teaching them how to prevent devices from being tracked, protect social media accounts from being hacked, and stop emails from being traced.