The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from wallets belonging to his crypto firm, FTX, just before it declared bankruptcy. As reported earlier this week, a trio of individuals, led by Chicago resident Robert Powell, were indicted on charges of committing SIM swapping attacks on over 50 victims in 13 US states from 2021 until 2023, stealing hundreds of millions of dollars in the process. The trio’s biggest haul was the theft of more than $400 million in cryptocurrency from an unnamed “Victim Company-1” on November 11, 2022 – the same day that FTX declared bankruptcy and an unknown attacker stole roughly $415m in crypto from the firm.
Brian Krebs was the first to make the connection between the indictment of the Powell gang and the FTX theft, and blockchain analytics firm Elliptic backed him up, noting “we are not aware of any other thefts from crypto businesses on this scale, on these dates.” “It, therefore, appears likely that FTX is the ‘Victim Company-1’ named in the indictment,” Elliptic concluded, while admitting that it’s not clear if Powell and his co-conspirators stole the money themselves, or facilitated the theft on behalf of another party. Bloomberg, citing unnamed sources familiar with the case, said it’s received confirmation that Victim Company-1 is, indeed, FTX. Powell was reportedly arrested in Chicago last week and is being held without bond pending transfer to Washington, DC to face charges. His co-conspirators, Carter Rohn of Indianapolis, Indiana, and Emily Hernandez of Colorado Springs, Colorado, have also been apprehended. While SBF might be off the hook for this element of his mismanagement of FTX, that won’t help him to walk free as he was convicted on seven charges in October 2023 and faces up to 110 years in prison when sentenced next month.
In other security news, it was quite a busy week in vulnerability land. Apple has released a pre-release patch for the critical vulnerabilities found in its Vision Pro headset. This comes in the wake of a WebKit vulnerability that was identified across Apple’s OSes and had already been patched. The fact that the patch was released before the product even hit the market is a testament to the severity of the vulnerability. On the bright side, users who have purchased the Vision Pro headset will be able to install the patch and safeguard their device from any potential exploits.
Moby and the Open Container Initiative (OCI) also released updates addressing several Docker-related vulnerabilities. Most notably, the vulnerabilities affected the Moby BuildKit and could be exploited to perform malicious acts outside of containers, posing a significant security risk. It is recommended that all users install the updates as soon as possible to protect their systems.
Furthermore, Qualys has discovered several vulnerabilities in the GNU C Library, or glibc, which is essential to many Linux systems. The vulnerabilities, found in the syslog and qsort functions, could potentially lead to root access for an unprivileged user on various Linux distributions. It is crucial for users to be aware of these vulnerabilities and take appropriate measures to patch their systems to prevent any potential exploitation.
Turning to a case of cybercrime, the Wisconsin teenager behind the theft of $600,000 from users of sports betting website DraftKings has been sentenced to 18 months in prison. Joseph Garrison, who pled guilty to one of six charges on which he was indicted, will also have to pay more than $1.5 million in forfeiture and restitution costs to victims. This case highlights the ever-present threat of cybercriminals using tactics such as credential stuffing to compromise user accounts and steal significant sums of money.
This week has been a reminder of the constant need for vigilance and proactive security measures to safeguard against the growing sophistication of cyber threats. With the release of patches for critical vulnerabilities, the cybersecurity community continues to work tirelessly to mitigate potential risks and protect users from exploitation.