Black Hat investigations

[CEO]

Hey.

Posting good investigations here, only Black Hat intelligence.

That Gambling Site? It's Fueled by Chinese Organized Crime

 

[JohnnyDoe]

post a recap of the video, not everybody has 41 minutes of time available to watch it

 

[CEO]

Media coverage of China's organized criminal enterprises has surged in the last few years as the pandemic and regional political concerns drove them from brick-and-mortar casinos to online crime. These organized crime groups are at the center of modern slavery in China and Southeast Asia, with illegal gambling and so-called pig butchering scams being their most profitable industries, made possible through human trafficking and a pyramid of agents, many indentured. Additionally, the clever tactic of sponsoring European Football teams, including many in the British Premier League, to promote their brands has created significant controversy in Europe and led to sanctions in April 2023 by the UK Gambling Commission. Running a massive criminal enterprise such as this requires a sophisticated network operation that is agile, secure, and self-healing. While investigative journalists have highlighted several shady impenetrable businesses behind much of the scandal, our research reveals that almost all the sanctioned brands run on the same software, using the same DNS network. What looks like tens of independent gambling companies is, in fact, one service provider.

This talk will cover how the investigation of one curiosity at our DNS recursive resolvers led to uncovering a massive criminal enterprise, their entire software stack and network, and their techniques, tactics, and procedures (TTP). We will show how reporting by investigative journalists and watchdog organizations allowed us to tie the technical discoveries to specific Chinese criminal organizations, ultimately uncovering the company at the center of the ring. We will highlight how the online criminal world is not limited to data breaches and identity theft but conspires with the physical criminal world: people are both the victims and unwilling perpetrators.

Black Hat

Black Hat

www.blackhat.com

 

[CEO]

Bad Randomness: Protecting Against Cryptography's Perfect Crime

Crypto systems are the cornerstone of our digital security infrastructure, whether they are used to encrypt our data to protect their confidentiality or for signing to prove data authenticity.

However, most crypto systems have an Achilles heel: Their security relies on the proper randomness of their parameters' values, such as keys or nonces.

As a result, bad randomness is cryptography's perfect crime: Powerful enough to totally break crypto systems, yet highly stealthy. Unlike other malicious input based attack vectors, a bad randomness input is indistinguishable from a benign one, therefore making it impossible to protect against in real time and very hard to detect even in a post mortem analysis.

While the subject of bad randomness is not new in itself, it is often in the context of engineers' negligence or low cost IoT devices. In this talk, we will show how bad randomness was used in the wild to compromise highly targeted individuals and high value accounts.

One such example is the nation-state's APT Reductor malware, selectively fiddling with the victims' random generator (PRNG) to compromise TLS encryption. We will unearth for the first time how it could break TLS ECDHE "perfect forward secrecy" (PFS) to allow passive eavesdropping, thus making it more beneficial to attackers than the actual server TLS certificate(!). We will discuss why this capability remained undetected in previous analyses and share a new tool to demonstrate such passive decryption.
Another relevant example from a different field is our recently discovered Bitcoin's "dark forest" bots lurking for bad randomness in blockchains' signature keys, to steal millions of dollars of funds in seconds. We will explain and demonstrate this attack and share a tool to recreate it.

To solve this acute problem, we will suggest a novel architecture that allows crypto systems to minimize their blind trust in randomness. Where it is possible, it eliminates the need for additional randomness by relying on well-reputed past randomness. Where it is impossible, it applies secure Multi-Party Computation (MPC) to the protocol and its randomness. Distributing systems' randomness and removing single points of failure increases their resilience against bad randomness exploits.

Black Hat

Black Hat

www.blackhat.com

Zengo in my opinion isn't secure even if they claim it is.

 

[CEO]

The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users.

ScamSweeper, a novel framework designed to address these challenges. ScamSweeper focuses on the dynamic evolution of transaction graphs to better detect Web3 scams on Ethereum. Attendees will learn how ScamSweeper improves on existing methods by utilizing a structure-temporal random walk to sample transaction networks, capturing both temporal and structural features. The framework also incorporates a variational transformer to analyze the dynamic evolution of transaction patterns over time.

Black Hat

Black Hat

www.blackhat.com