CyberWire Daily: “Cracked and Nulled Taken Down” – Episode Summary

Release Date: January 30, 2025
Host: Dave Bittner
Guest: Ellen Chang, Vice President of Ventures at BMNT and Head of H4X Labs

Major Law Enforcement Action Against Hacking Forums

The episode opens with significant news on the crackdown of two of the largest hacking forums, Cracked and Nulled. Authorities, led by Europol and the FBI, orchestrated a coordinated takedown across multiple countries, seizing 17 servers and arresting two suspects. These forums, boasting over 10 million users, were pivotal hubs for cybercriminal activities, including the distribution of stolen credentials, hacking tools, and cybercrime-as-a-service offerings. Europol highlighted their role as "entry points into cybercrime," facilitating operations like credential stuffing using tools such as OpenBullet and hosting advanced AI-based hacking utilities.

Key Details:

• Domains Seized: 12, including cracked, nulled, stark, RDP, and celix.
• Assets Confiscated: Over 50 electronic devices and approximately $312,000 in cash and cryptocurrency.
• Impact: The FBI replaced the forums' name servers with FBI-controlled addresses, intending to leverage seized data for future investigations.

Vulnerability Found in Deepseek's Database

Cybersecurity firm Wiz uncovered a critical security lapse in Deepseek, an emerging AI startup known for its DeepSeek R1 reasoning model—a competitor to OpenAI's offerings. The research team discovered an open Clickhouse database exposed without any authentication barriers, granting full administrative access. This breach exposed over one million logs, including sensitive chat histories, API keys, and backend operations data.

Notable Quote:
Wiz emphasized the incident’s gravity, stating, “AI companies must prioritize security, just as cloud providers do, or risk exposing their users, their data, and their reputation.” (Timestamp: [05:30])

ChatGPT Jailbreaks Exploit Safety Filters

AI researcher David Kuzmar revealed a new jailbreak method named Time Bandit, which allows users to bypass ChatGPT’s safety mechanisms. This exploit manipulates the model’s temporal understanding, misleading it into believing it is operating in a different time frame to access restricted content related to weapons, malware, and nuclear topics. Despite reporting the vulnerability to OpenAI and multiple government agencies, Kuzmar faced delays in receiving a response. OpenAI has implemented partial fixes, but the exploit remains partially functional.

Notable Quote:
Kuzmar expressed frustration, saying, “My anxiety grew as the weeks passed,” highlighting the challenges in communicating critical security issues to large organizations. (Timestamp: [07:15])

Ransomware Attack Disrupts New York Blood Center

One of the largest US blood centers, New York Blood Center (NYBC), fell victim to a ransomware attack on January 26. The breach forced NYBC to shut down essential systems, disrupting blood donation processing and hospital supply chains during a critical blood shortage. The attackers remain unidentified, and it is unclear whether patient data was compromised. NYBC is actively working to restore operations without a definitive timeline.

South African Weather Service Hit by Cyberattack

A cyberattack disabled the South African Weather Service, impacting airlines, farmers, and neighboring countries like Mozambique and Zambia. The attack disrupted the agency’s website, email, and aviation and marine services, compelling the agency to provide updates via social media. This incident marks the second attempted attack within two days, with no ransomware group claiming responsibility. South Africa has been grappling with similar attacks on public institutions, including the Defense Department’s pension system and National Lab Services.

New Browser Sync Jacking Technique Unveiled

Researchers at SquareX disclosed a sophisticated attack method dubbed Browser Sync Jacking. This three-stage attack transforms a seemingly benign browser extension into a potent cyber weapon. The process involves:

1. Malicious Extension Installation: Authenticates the user into an attacker-controlled Google Workspace profile, disabling security settings.
2. Browser Takeover: Swaps legitimate downloads with malicious files, registering the browser as attacker-managed.
3. Device Hijacking: Grants attackers full control to record screens, capture audio, activate cameras, and install malware undetected.

Notable Quote:
SquareX warns, “Unless organizations start monitoring what extensions their employees install, this kind of attack could become a huge problem.” (Timestamp: [09:45])

TeamViewer Patches Critical Vulnerability

TeamViewer addressed a high-severity privilege escalation flaw that could allow local attackers to gain elevated privileges on Windows systems. The vulnerability affects multiple versions and has been patched in the latest updates. Although there is no evidence of active exploitation, TeamViewer urges immediate updating due to the tool’s frequent targeting by threat actors for malware deployment.

Advocacy for a National Data Privacy Law

Over three dozen industry groups have collectively urged the US Congress to enact a comprehensive national data privacy law, aiming to supersede existing state regulations. In their letter to the House and Senate Commerce Committee leaders, these groups argue that a unified standard would streamline business operations and reduce consumer costs. Key proposals include transparency requirements, consumer opt-out rights, and limitations on data collection, while exempting small businesses. Critics, however, contend that the proposed law may mirror weaker state protections and potentially diminish consumer safeguards.

Uncertain Future for CISA

The Cybersecurity and Infrastructure Security Agency (CISA), instrumental in safeguarding US election systems, now faces an uncertain future amidst political turmoil. Accusations from former President Donald Trump and his allies allege that CISA has been involved in censoring conservatives and meddling in the 2020 election, claims which CISA has denied. With Trump’s return to office, discussions are underway about restructuring or diminishing CISA’s role, including proposals to move it under the Transportation Department and limit its involvement in elections.

In-Depth Interview with Ellen Chang of BMNT

Brandon Karp engages in a comprehensive discussion with Ellen Chang, Vice President of Ventures at BMNT and Head of H4X Labs, focusing on the role of deep tech in national security and cybersecurity.

Key Insights:

• Definition of Deep Tech: Chang differentiates deep tech from general AI, emphasizing hardware-oriented technologies and material sciences as critical components contributing to national security.

• Supporting Startups: BMNT assists government-funded startups in transitioning their research into commercial products. Chang highlights the challenges inventors face in adopting entrepreneurial skills to scale their technologies effectively.

• Supply Chain Innovations: Chang expressed enthusiasm about the ongoing efforts to reinvigorate US manufacturing and supply chains, positioning it as a cornerstone of national security. She noted, “We’re re-industrializing, we’re regrowing our capability to manufacture...” (Timestamp: [26:39])

• Venture Capital Dynamics: The conversation touched on the evolving landscape of venture capital, with some funds extending their investment horizons beyond the typical 10-year cycle to better support long-term deep tech projects.

Notable Quote from Chang:
“Venture capitalists don't want their companies to become a project-based company.” (Timestamp: [21:37])

OpenAI’s Controversial Stance on Deepseek

The episode concludes with a critical analysis of OpenAI's recent complaints against Deepseek, alleging that Deepseek improperly utilized OpenAI’s models to train its AI systems. Jason Kobler of 404 Media highlights the irony in OpenAI’s stance, considering the company’s reliance on scraping vast amounts of data without explicit permissions—practices Deepseek similarly employs.

Notable Quote:
Kobler remarks, “If that's not the pot calling the kettle black, I don't know what is.” (Timestamp: [30:45])

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of significant cybersecurity developments, from major law enforcement actions against cybercriminal forums to vulnerabilities in prominent AI startups. The in-depth interview with Ellen Chang sheds light on the symbiotic relationship between deep tech innovation and national security, while the closing segment critiques the contentious dynamics within the AI industry. Listeners are left with a robust understanding of the current cybersecurity landscape and the intricate challenges it faces.

For more detailed analyses and updates, visit The Cyberwire Daily Briefing or subscribe to the CyberWire Daily podcast.