Category Archives: Uncategorized

image_pdfimage_print
2024, Cyberculture, Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers

Posted on by FMTAD
02
Mar

Unprecedented Data Leaks Expose Chinese Cyber Espionage Programs

Following an unprecedented data leak from a Beijing regime hacking service provider, the secrets of Chinese cyberespionage are revealed. The I-Soon company is said to have infiltrated dozens of strategic targets around the world. This is what you will discover here by reading this brief cyberculture. Unprecedented data leaks reveal China’s cyberespionage program.
Following an unprecedented data leak from a Beijing regime hacking service provider, the secrets of Chinese cyberespionage are revealed. Based on the analysis of this data, it appears that the I-Soon company has infiltrated dozens of strategic targets around the world. This is what you will discover here by reading this brief Cyberculture.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

Stay informed with our posts dedicated to Cyberculture to track its evolution through our regularly updated topics.

Read the secrets of Chinese cyber espionage revealed by an unprecedented data leak, written by Jacques Gascuel, a pioneer of contactless, serverless and databaseless sensitive data security solutions. Stay up to date and secure with our frequent updates..

Chinese cyber espionage I-Soon: A data leak reveals the secrets of their hackers

Chinese cyber espionage poses a serious threat to the security and stability of the world. Many countries and organizations face hackers who try to steal sensitive information, disrupt critical infrastructure, or influence political outcomes. One of the most active and sophisticated cyber espionage actors is China, which has a large and diverse hacking program. But how does China conduct its cyber operations? What methods, targets, and objectives does it have? And how can we protect ourselves from its attacks?

In this brief, we will explore these questions of Chinese cyber espionage, based on a recent data leak that revealed the inner workings of a Chinese cybersecurity vendor working for the Chinese government. The vendor, I-Soon, is a private contractor that operates as an advanced persistent threat (APT) for hire, serving the Chinese Ministry of Public Security (MPS). The leaked data, published on GitHub, contains hundreds of documents that document I-Soon’s Chinese cyber espionage activities, from staff complaints to hacking tools and services.

We will also look at some of the solutions that exist to counter the cyber espionage threat, both from a technical and a strategic perspective. We will focus on the solutions developed by Freemindtronic, an Andorran company that specializes in security and encryption technologies, based on the NFC HSM (Near Field Communication and Hardware Security Module) technology. We will also examine the means of counter espionage against the methods of I-Soon, which are varied and sophisticated.

I-Soon data leak reveals insight into Chinese cyber espionage hacking program

The I-Soon data leak is a significant revelation in Chinese cyber espionage, as it offers a rare glimpse into the inner workings of a major spyware and APT-for-hire provider. The leak exposes I-Soon’s methods, tools and goals, as well as the challenges and frustrations of its staff.

According to the leaked data, I-Soon infiltrated several government agencies, including those from India, Thailand, Vietnam, South Korea, and NATO. Some of the tools that I-Soon used are impressive. For example, they had a tool that could steal the user’s Twitter email and phone number, read personal messages, and publish tweets on the user’s behalf. They also had custom Remote Access Trojans (RATs) for Windows, iOS, and Android, that could perform various malicious actions, such as keylogging, file access logging, process management, and remote shell. They also had portable devices for attacking networks from the inside, and special equipment for operatives working abroad to establish safe communication.

The leak also reveals some of the challenges and difficulties that I-Soon faced, such as losing access to some of their data seized from government agencies, dealing with corrupt officials, and working in sensitive regions like Xinjiang. The leak also shows some of the internal complaints and grievances of I-Soon’s staff, such as low pay, poor management, and lack of recognition.

The leak is a treasure trove of intel for cybersecurity researchers and analysts, as it provides a rare insight into the day-to-day operations of China’s hacking program, which the FBI says is the biggest of any country. The leak also raises serious concerns for the security and sovereignty of the countries and organizations targeted by I-Soon, as it exposes the extent and the impact of China’s cyber espionage activities.

In summary, the I-Soon data leak exposed the secrets of Chinese cyber espionage, which poses a major challenge to world security and stability. Faced with this threat, it is necessary to strengthen cooperation and defense in cybersecurity, while respecting the principles of freedom and transparency on the internet. It is also important to understand China’s motivations and objectives, in order to find peaceful and lasting solutions.

Reactions and challenges to the Chinese cyber espionage threat

The revelation of the I-Soon data leak comes amid growing tensions between China and its rivals, notably the United States, which regularly accuses it of carrying out cyberattacks against their interests. China, for its part, denies any involvement and presents itself as a victim of cyberwar. Faced with this threat, the countries targeted by I-Soon are calling for strengthening their cooperation and defense in cybersecurity.

For example, the European Union adopted a legal framework in 2023 to impose sanctions on perpetrators of cyberattacks, including China. Likewise, NATO has recognized cyberspace as a domain of operation, and affirmed its willingness to retaliate in the event of an attack. Finally, democratic countries have launched initiatives to promote the values ​​of freedom and transparency on the internet, such as the Partnership for an Open and Secure Cyberspace.

However, these efforts remain insufficient to confront the Chinese threat, which has considerable resources and sophisticated strategies. It is therefore necessary to develop a global and coordinated approach, which involves governments, businesses, organizations and citizens. This would involve strengthening the resilience of information systems, sharing information and good practices, raising users’ awareness of the risks and opportunities of cyberspace, and promoting constructive dialogue with China.

The solutions of Freemindtronic against the cyber espionage threat

Facing the cyber espionage threat, especially from China, requires effective and adapted solutions, both from a technical and a strategic perspective. One of the companies that offers such solutions is Freemindtronic, an Andorran company that develops security and encryption technologies, based on the NFC HSM (Near Field Communication and Hardware Security Module) technology. The NFC HSM technology allows to create hardware security modules on any type of device, that ensure the encryption and the signature of any data, without contact, without energy source, and without internet connection.

Freemindtronic offers several solutions against the cyber espionage DataShielder Defense NFC HSM: a solution for sovereign communications, that allows to encrypt and sign any data on any type of device, with an unmatched level of confidentiality and trust. DataShielder uses the EviCore HSM OpenPGP technology, which is interoperable, retrocompatible, and versatile. DataShielder allows to customize the security of secrets, and to meet various specific needs.

  • PassCypher NFC HSM: a solution for the management and storage of passwords, that allows to create, store, and use complex and secure passwords, without having to remember or enter them. PassCypher uses the EviPass NFC HSM technology, as well as the NFC HSM devices of Freemindtronic, EviTag and EviCard. PassCypher offers a maximum security and a simplicity of use.
  • PassCypher HSM PGP: a solution for the management and storage of PGP keys, that allows to create, store, and use PGP keys, certificates, and signatures, without having to remember or enter them. PassCypher uses the EviCore HSM OpenPGP technology, as well as a hybrid solution via a web extension. PassCypher works without server and without database, and stores the encrypted containers on any storage device, protected by a post-quantum AES-256 encryption.

These solutions of Freemindtronic allow to protect oneself from the cyber espionage threat, by encrypting and signing the data, by managing and storing the passwords and the keys, and by communicating in a confidential and sovereign way. They are based on the NFC HSM technology, which guarantees a hardware and software security, without contact, without energy source, and without internet connection.

The means of counter espionage against the methods of I-Soon

Against the methods of cyber espionage of I-Soon, which are varied and sophisticated, the countries and organizations targeted must implement effective and adapted means of counter espionage. These means can be of several types:

  • Preventive: they consist of strengthening the security of the information systems, by using up-to-date software, antivirus, firewall, complex passwords, encryption protocols, etc. They also consist of training the users to good practices, such as not opening suspicious attachments or links, not disclosing confidential information, not using public or unsecured networks, etc.
  • Defensive: they consist of detecting and blocking the intrusion attempts, by using tools of surveillance, analysis, tracing, filtering, neutralization, etc. They also consist of reacting quickly and limiting the damage, by isolating the compromised systems, backing up the data, alerting the competent authorities, communicating transparently, etc.
  • Offensive: they consist of retaliating and deterring the attackers, by using tools of counter-attack, disinformation, sabotage, sanction, etc. They also consist of cooperating with the allies and partners, by sharing the information, the evidence, the strategies, the resources, etc.

These means of counter espionage must be adapted to the specificities of the methods of I-Soon, which are varied and sophisticated. For example, to face the security flaws, it is necessary to use trustworthy software, verify their integrity, and update them regularly. To face the malware, it is necessary to use efficient antivirus, scan the systems regularly, and clean them in case of infection. To face the social engineering techniques, it is necessary to raise the awareness of the users, verify the identity and the credibility of the interlocutors, and not let oneself be influenced or corrupted.

Chinese cyberespionage statistics

The I-Soon data leak constitutes unprecedented testimony to the scale and impact of Chinese cyberespionage, which is based on close collaboration between the authorities and the private sector. Here are some statistics that illustrate the phenomenon:

China spent at least US$6.6 billion on cyber censorship in 2020, according to the Jamestown Foundation.

According to official sources, at least 2 million people were working for China’s cyberespionage system in 2013, a number that has almost certainly increased over the past eight years.
GreatFire, a censorship monitoring organization in China, estimates that 16% of the world’s 1,000 most visited websites are currently blocked in China.
In 2022, ANSSI handled 19 cyber defense operations and major incidents, compared to 17 in 2021. Nine of them were intrusions attributed to Chinese actors.

In conclusion, the means of counter espionage against the methods of I-Soon are essential to protect the interests and the sovereignty of the countries and organizations targeted. They must be implemented in a coordinated and proportionate way, respecting the principles of legality and legitimacy.

Uncategorized

LitterDrifter: A USB Worm for Cyberespionage

Posted on by FMTAD
LitterDrifter A USB Worm for Cyberespionage
28
Nov
LitterDrifter by Jacques Gascuel: This article will be updated with any new information on the topic.

LitterDrifter: USB Worm Threat and Safeguarding

Explore the LitterDrifter USB worm threat and effective safeguards. Learn to protect against this cyber threat and enhance data security.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

LitterDrifter: A USB Worm for Cyberespionage and Its Threats to Data Security

LitterDrifter is a computer worm that spreads through USB drives and is utilized by a Russian cyber espionage group known as Gamaredon. This group, active since at least 2013, primarily targets Ukraine but has also infected systems in other countries. LitterDrifter enables Gamaredon to gather sensitive information, execute remote commands, and download other malicious software. In this article, we will explore how this worm functions, methods to safeguard against it, and the motivations behind its creators.

Understanding Gamaredon

Gamaredon is a cyber espionage group suspected to have ties to Russia’s Federal Security Service (FSB). It conducts intelligence and sabotage operations against strategic targets in Ukraine, including government institutions, law enforcement, media, political organizations, and dissidents. Gamaredon plays a part in the hybrid warfare between Russia and Ukraine that emerged in 2014 following the annexation of Crimea and the armed conflict in Donbass.

Gamaredon employs a diverse range of cyberattack techniques, including phishing, disinformation, sabotage, and espionage. The group possesses several malicious tools such as Pterodo, Outlook Forms, VBA Macros, LNK Spreader, and, of course, LitterDrifter. Gamaredon is considered a group that learns from its experiences and adapts its tactics based on responses from its adversaries. It also serves as a training ground for Russia, observing the potential of cyber warfare in contemporary conflicts.

How LitterDrifter Works

LitterDrifter is a computer worm initially discovered in October 2021 by cybersecurity company Check Point Research. It is written in VBS and consists of two main modules: a propagation module and a communication module.

LitterDrifter’s Propagation

The propagation module is responsible for copying the worm to USB drives connected to the infected computer. It creates an autorun.inf file that allows the worm to launch automatically upon inserting an infected drive. Additionally, it generates an LNK file that serves as bait, featuring a random name to entice the user to click on it. The worm’s name is derived from the initial file name, “trash.dll,” which means “garbage” in English.

LitterDrifter’s Communication

The communication module establishes contact with the worm’s authors’ command and control (C2) server. It uses domains as markers for the actual IP addresses of the C2 servers. It can also connect to a C2 server extracted from a Telegram channel, a technique employed by Gamaredon since early 2021. The communication module allows the worm to collect information about the infected system, such as the computer name, username, IP address, operating system, process list, files on the hard drive, and USB drives. It can also execute remote commands, download and install other malicious software, and delete files or partitions.

How LitterDrifter Propagates

LitterDrifter is primarily intended to target Ukraine but has also been detected in other countries, including Latvia, Lithuania, Poland, Romania, Turkey, Germany, France, the United Kingdom, the United States, Canada, India, Japan, and Australia. The worm appears to spread opportunistically, taking advantage of USB exchanges and movements among individuals and organizations. Some of the victims may be secondary targets infected inadvertently, while others could be potential targets awaiting activation.

LitterDrifter Statistics

LitterDrifter is a rapidly spreading worm that affects a large number of systems. According to data from Check Point Research, the worm has been submitted to VirusTotal more than 1,000 times since October 2021, originating from 14 different countries. The majority of submissions come from Ukraine (58%), followed by the United States (12%) and Vietnam (7%). Other countries each represent less than 5% of submissions.

The worm also uses a large number of domains as markers for C2 servers. Check Point Research has identified over 200 different domains used by the worm, with most being free or expired domains. Some domains have been used by Gamaredon for a long time, while others are created or modified recently. The worm also uses Telegram channels to extract C2 server IP addresses, making their blocking or tracking more challenging.

The worm is capable of downloading and installing other malicious software on infected systems. Among the malicious software detected by Check Point Research are remote control tools, spyware, screen capture software, password stealers, file encryption software, and data destruction software. Some of these malicious software are specific to Gamaredon, while others are generic or open-source tools.

Uncontrolled Expansion and Real Consequences of LitterDrifter

LitterDrifter is a worm with uncontrolled expansion, meaning it spreads opportunistically by taking advantage of the movement and exchange of USB drives among individuals and organizations. It doesn’t have a specific target but can infect systems in various countries, without regard to the industry sector or security level. Consequently, it can affect critical systems, including infrastructure, public services, or government institutions.

The real consequences of LitterDrifter are manifold and severe. It can compromise the confidentiality, integrity, and availability of data. Moreover, it can serve as a gateway for more sophisticated attacks, such as deploying ransomware, spyware, or destructive software. Additionally, it can enable the worm’s authors to access sensitive information, including confidential documents, passwords, personal data, or industrial secrets.

LitterDrifter can have serious repercussions for victims, including damage to reputation, financial costs, data loss, disruption of operations, or legal liability. It can also impact national security, political stability, or the sovereignty of targeted countries. It is part of the context of a hybrid war waged by Russia against Ukraine, aiming to weaken and destabilize its neighbor through military, political, economic, media, and cyber means.

LitterDrifter’s Attack Methods

Understanding the attack methods employed by LitterDrifter is crucial in safeguarding your systems. This USB worm leverages various techniques to infiltrate systems and establish contact with its command and control (C2) servers. Below, we delve into the primary attack methods used by LitterDrifter:

Attack MethodDescriptionExample
Vulnerability ExploitationExploiting known vulnerabilities in software and network protocols, such as SMB, RDP, FTP, HTTP, SSH, etc. It employs tools like Metasploit, Nmap, and Mimikatz to scan systems, execute malicious code, steal credentials, and propagate.Utilizing the EternalBlue vulnerability to infect Windows systems via the SMB protocol and install a backdoor.
PhishingSending fraudulent emails containing malicious attachments or links that entice users to open or click. Attachments or links trigger the download and execution of LitterDrifter.Sending an email pretending to be an invoice from a supplier but containing a malicious Word file that exploits the CVE-2017-0199 vulnerability to execute LitterDrifter.
Identity SpoofingImpersonating legitimate services or applications through similar names, icons, or interfaces. This deceives users or administrators into granting privileges, access, or sensitive information.Using the name and icon of TeamViewer, a remote control software, to blend into the process list and establish a connection with C2 servers.
USB PropagationCopying itself to USB drives connected to infected computers, automatically running upon insertion. It also creates random-named LNK files as bait, encouraging users to click.When a user inserts an infected USB drive into their computer, the worm copies itself to the hard drive and executes. It also creates an LNK file named “Holiday Photos.lnk” pointing to the worm.
Domain Marker UsageUsing domains as markers for actual C2 server IP addresses. It generates a random subdomain of a hardcoded domain (e.g., 4fj3k2h5.example.com from example.com) and resolves its IP address through a DNS query. It then uses this IP address for communication with the C2 server.Generating the subdomain 4fj3k2h5.example.com from the hardcoded domain example.com, resolving its IP address through a DNS query (e.g., 192.168.1.100), and using it to send data to the C2 server.

LitterDrifter’s Malicious Actions

LitterDrifter is a worm that can cause significant damage to infected systems. It not only collects sensitive information but can also execute remote commands, download and install other malicious software, and delete files or partitions. Here’s a table summarizing LitterDrifter’s main malicious actions:

ActionDescriptionExample
Information CollectionThe worm gathers information about the infected system, including computer name, username, IP address, OS, process list, files on the hard drive, and USB drives.The worm sends the collected information to the C2 server via an HTTP POST request.
Remote Command ExecutionThe worm can receive remote commands from the C2 server, such as launching a process, creating a file, modifying the registry, opening a URL, etc.The worm can execute a command like cmd.exe /c del /f /s /q c:\*.* to erase all files on the C drive.
Download and Malware InstallationThe worm can download and install other malicious software on the infected system, such as remote control tools, spyware, screen capture software, password stealers, file encryption software, and data destruction software.The worm can download and install the Pterodo malware, allowing Gamaredon to take control of the infected system.
File or Partition DeletionThe worm can delete files or partitions on the infected system, potentially leading to data loss, system corruption, or boot failure.The worm can erase the EFI partition, which contains system boot information.

Protecting Against LitterDrifter

Safeguarding your systems against LitterDrifter and similar threats is essential in today’s interconnected digital landscape. Here are some steps you can take to enhance your cybersecurity posture:

  1. Keep Software Updated: Regularly update your operating system, software, and antivirus programs to patch known vulnerabilities that malware like LitterDrifter exploits.
  2. Exercise Caution with Email Attachments and Links: Be cautious when opening email attachments or clicking on links, especially if the sender is unknown or the email seems suspicious. Verify the legitimacy of the sender before taking any action.
  3. Use Reliable Security Software: Install reputable security software that can detect and block malware. Ensure that it is regularly updated to recognize new threats effectively.
  4. Employ Network Segmentation: Implement network segmentation to isolate critical systems and data from potentially compromised parts of your network.
  5. Educate Employees: Train your employees to recognize phishing attempts and the importance of safe browsing and email practices.
  6. USB Drive Security: Disable autorun features on computers and use endpoint security solutions to scan USB drives for malware upon insertion.
  7. Network Monitoring: Implement network monitoring tools to detect unusual activities and unauthorized access promptly.
  8. Encryption and Authentication: Use encryption for sensitive data and multi-factor authentication to secure critical accounts.

Enhancing Data Security with HSM Technologies

In addition to the steps mentioned above, organizations can enhance data security by leveraging NFC HSM (Near Field Communication and Hardware Security Module). These specialized devices provide secure storage and processing of cryptographic keys, protecting sensitive data from unauthorized access.

HSMs offer several advantages, including tamper resistance, hardware-based encryption, and secure key management. By integrating HSMs into your cybersecurity strategy, you can further safeguard your organization against threats like LitterDrifter.

Leveraging NFC HSM Technologies Made in Andorra by Freemindtronic

To take your data security to the next level, consider utilizing NFC HSM technologies manufactured in Andorra by Freemindtronic. These state-of-the-art devices are designed to meet the highest security standards, ensuring the confidentiality and integrity of your cryptographic keys.

Freemindtronic innovates, manufactures white-label NFC HSM technologies, including PassCypher NFC HSM and DataShielder Defense NFC HSM. These solutions, like EviPass, EviOTP, EviCypher, and EviKey, effectively combat LitterDrifter. They enhance data security, protecting against unauthorized access and decryption, even in the era of quantum computing.

With HSMs from Freemindtronic, you benefit from:

  • Tamper Resistance: HSMs are built to withstand physical tampering attempts, providing an added layer of protection against unauthorized access.
  • Hardware-Based Encryption: Enjoy the benefits of hardware-based encryption, which is more secure than software-based solutions and less susceptible to vulnerabilities.
  • Secure Key Management: HSMs enable secure generation, storage, and management of cryptographic keys, reducing the risk of key compromise.

By integrating HSMs into your organization’s security infrastructure, you can establish a robust defense against threats like LitterDrifter and ensure the confidentiality and integrity of your sensitive data.

Conclusion

Staying One Step Ahead of LitterDrifter

LitterDrifter, the USB worm associated with the Gamaredon cyber espionage group, poses a significant threat to cybersecurity. Its ability to infiltrate systems, collect sensitive data, and execute malicious actions underscores the importance of proactive protection.

By understanding LitterDrifter’s origins, functionality, and impact, as well as implementing robust cybersecurity measures, you can shield your organization from this perilous threat. Additionally, NFC HSM technologies offer an extra layer of security to safeguard your data and secrets.

Stay vigilant, stay informed, and stay ahead of LitterDrifter and the ever-evolving landscape of cyber threats.

Articles, EviVault Technology, News, Uncategorized

Why choose a Cold Wallet NFC HSM to secure your cryptocurrencies?

Posted on by FMTAD
Secure your cryptocurrencies with a cold wallet NFC HSM hacker hood with laptop secure cryptocurrencies the fatal mistake of using a virtual password manager lastpass hacked
10
Sep

secure your cryptocurrencies with a cold wallet NFC HSM by Jacques Gascuel: This article will be updated with any new information on the topic.  

Secure your cryptocurrencies offline by Cold Wallet NFC HSM

Did you know that password managers and hot wallets can be hacked, leaked or stolen? In this article, we will show you a better solution: the cold wallet NFC HSM. It is a physical wallet that uses NFC technology to store and manage your private keys and recovery phrases offline. It is simple, efficient, durable and secure. Read on to find out more!

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
April 18, 2024
A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security
March 25, 2024
Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints
February 22, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024

How to secure your cryptocurrencies with a cold wallet NFC HSM is the topic of this article. Cryptocurrencies are digital currencies that offer many benefits, but also pose risks, especially in terms of security. To avoid losing or having your funds stolen, there is a solution: the cold wallet NFC HSM. It is a physical wallet that uses NFC technology to store and manage your private keys and recovery phrases offline, without internet connection or contact with a third party. The cold wallet NFC HSM uses patented technologies by Freemindtronic, an Andorran company specialized in security and protection of computer systems and information systems. These technologies are EviSeed and EviVault. In this article, we will explain why you should use a cold wallet NFC HSM to secure your cryptocurrencies and how to do it.

Why you need a cold wallet NFC HSM to secure your cryptocurrencies

If you own cryptocurrencies, you know that it is essential to protect your private keys and recovery phrases, which are the only means of accessing your funds. These sensitive data are often stored on online services, such as password managers, clouds or exchange platforms. These services offer some convenience, but they also pose significant risks:

  • You depend on a third party that can be victim of an attack, a flaw or a closure. If the service is compromised, you can lose access to your cryptocurrencies or have them stolen.
  • You do not have full control over your data, which can be exposed to leaks, thefts or legal requests. If someone accesses your private keys or recovery phrases, they can transfer your cryptocurrencies to another wallet without your consent.
  • You do not have the guarantee that your data are encrypted end-to-end, which means that they can be read or modified by the service or by a third party. If your data are stored in plain text or with weak encryption, they can be easily decrypted by a hacker.

These risks are not hypothetical. They are real and have already caused many losses for cryptocurrency users. Here are some statistics that show the dangers of storing cryptocurrencies online:

The statistics on the security incidents of password managers and hot wallets

  • A study by Verizon in 2021 showed that 81% of global data breach notifications were related to a password issue.
  • A survey conducted by Google in 2020 revealed that only 15% of users used an online password manager.
  • A report by CipherTrace published in 2020 stated that thefts and frauds related to cryptocurrencies reached 1.9 billion dollars in 2020.
  • A study by Chainalysis published in 2019 reported that exchange platforms suffered 11 major attacks in 2019, resulting in the loss of more than 283 million dollars in cryptocurrencies.
  • An analysis performed by Independent Security Evaluators in 2017 found that five of the main password managers presented critical vulnerabilities that allowed attackers to access the stored passwords.

The recent example of the hacking of LastPass and the thefts of cryptocurrencies

A recent example shows the dangers of storing recovery phrases or private keys online. LastPass, a password management service, had two major security incidents in 2022. A hacker accessed the source code, technical information and vaults of customers. Several experts linked these incidents to a series of cryptocurrency thefts. More than 150 victims lost more than 35 million dollars. These experts said that the victims had used LastPass to store their recovery phrases.

These incidents prove that virtual password managers are not good for securing cryptocurrencies. They do not encrypt or protect your data enough. They can also suffer from attacks or flaws that expose or change your data.

For more details about these incidents and their link to the crypto thefts, you can check these sources:

Therefore, you need a safer and more reliable solution to store and manage your cryptocurrencies: the cold wallet NFC HSM. It is a physical wallet that uses NFC technology to store and manage your private keys and recovery phrases offline, without internet connection or contact with a third party. The cold wallet NFC HSM uses patented technologies by Freemindtronic, an Andorran company specialized in security and protection of computer systems and information systems. These technologies are EviSeed and EviVault.

In the next section, we will explain how the cold wallet NFC HSM works and what are its advantages.

How the cold wallet NFC HSM works and what are its advantages

The cold wallet NFC HSM is a physical wallet that uses NFC (Near Field Communication) technology to store and manage your private keys and recovery phrases offline, without internet connection or contact with a third party. The cold wallet NFC HSM uses patented technologies by Freemindtronic, an Andorran company specialized in security and protection of computer systems and information systems. These technologies are EviSeed and EviVault.

EviSeed is a technology that allows you to backup your recovery phrases in an encrypted way on the NFC HSM support of your choice. EviSeed also generates a QR code containing your encrypted recovery phrase, which you can print, share, send or save between NFC HSM supports by scanning the QR code encrypted in RSA 4096. You can also exchange your encrypted recovery phrases in NFC Beam or proximity between phones by wifi or Bluetooth.

EviVault is a technology that allows you to store and manage your private keys on the NFC HSM support of your choice. It is designed to protect your sensitive data and transactions from unauthorized access or alteration. It can be used as a secure element for authentication, encryption, digital signature or blockchain applications.

The cold wallet NFC HSM offers several advantages over other cold wallets:

Simplicity

You do not need to write or engrave your recovery phrases or private keys, just scan them with the application developed by Freemindtronic that embeds the EviSeed or EviVault technologies dedicated to securing blockchain and cryptocurrency keys on your NFC Android smartphone and transfer them to the NFC HSM support of your choice.

Efficiency

You do not need to memorize or type your recovery phrases or private keys, just scan them with your smartphone to restore your wallet.

Durability

The NFC HSM support that you choose to store your recovery phrases or private keys can be resistant to water, fire, shocks and scratches. It does not deteriorate over time. It does not require battery or internet connection.

Security

The NFC HSM support uses a patented segmented key technology, which means that your private keys are divided into several parts that are distributed between the support, the application and your smartphone. Thus, even if one of the elements is compromised, your cryptocurrencies remain protected.

To use a cold wallet NFC HSM to secure your cryptocurrencies, you must follow these steps:

  • Download the application developed by Freemindtronic that embeds the EviSeed or EviVault technologies dedicated to securing blockchain and cryptocurrency keys on your NFC Android smartphone.
  • Create or import your cryptocurrency wallet on the application.
  • Scan your recovery phrase or private key with the application.
  • Choose the NFC HSM support on which you want to save your recovery phrase or private key: an EviVault compatible Keepser or an EviSeed compatible SeedNFC.
  • Transfer your encrypted recovery phrase or private key to the NFC HSM support.
  • To restore your wallet, scan again the NFC HSM support with the application.

To sum up, a cold wallet NFC HSM is a simple, efficient and durable way to secure your cryptocurrencies. Freemindtronic, an innovative and patented company, created this solution. You have full control over your private keys and recovery phrases with a cold wallet NFC HSM. You do not depend on an online service. It protects you from hackers, thieves or losses. You should use a cold wallet NFC HSM to protect your cryptocurrencies if you own them. You can order it on Freemindtronic’s website or from its partners.

Uncategorized

How Freemindtronic designs eco-friendly security products

Posted on by FMTAD
By Jacques gascuel
This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking
March 25, 2024
EU military defense of cryptocurrency

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview
March 15, 2024
Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
March 10, 2024
ECHR landmark ruling in favor of encrypted messaging, featuring EviCypher NFC HSM technology by Freemindtronic.

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them
February 21, 2024
A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks
February 10, 2024
Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
February 8, 2024
Woman holding a smartphone with a padlock icon on the screen, promoting protection from stalkerware.

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone
January 26, 2024
Digital image showing a confused user at a computer surrounded by complex password symbols

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation
January 22, 2024

Eco friendly & Data Security

Do you want to know how to protect your data and devices from cyberattacks while being eco-friendly? Do you want to discover a company that designs innovative and sustainable cybersecurity products that respect the planet and society? If yes, then this article is for you. In this article, we will introduce you to Freemindtronic, a company that follows the eco-friendly approach in its research and development of customized cybersecurity and cyber-safety products. We will explain what are the concepts of green tech, eco friendly and circular economy and why they are important for the future of humanity. We will also present the products and services offered by Freemindtronic and their advantages in terms of environmental, social and economic benefits. By reading this article, you will learn how Freemindtronic combines technological innovation and ecological responsibility to meet the current and future needs of its customers. So, don’t wait any longer and read on!

How Freemindtronic designs eco-friendly cybersecurity products

What are green tech, eco friendly and circular economy?

Firstly, green tech, eco friendly and circular economy are concepts that aim to reduce the environmental impact of our human activities while promoting economic and social development. Secondly, they involve rethinking the way we use natural resources, design products and manage waste. Moreover, these concepts are increasingly important in the face of the challenges of climate change, scarcity of raw materials and social inequalities.

Freemindtronic is a company that follows this eco-friendly approach. Based in Andorra and France, it specializes in research and development of customized cybersecurity and cyber-safety products for its clients. In addition, its products are designed with industrial-grade electronic components, manufactured in Europe, and respect the principles of green tech, eco friendly and circular economy.

Among its flagship products, we can mention EVICARD, EVIKEY and EVITAG. These products allow to store, protect, encrypt, decrypt, authenticate, share and control sensitive data with high security and reliability.

  • EVICARD, an NFC card that allows to store and protect sensitive data such as passwords, encryption keys or biometric identifiers. It has an anti-bruteforce system that makes brute force hacking impossible. It is also customizable and reusable at will.
  • EVIKEY, a secure USB key that allows to encrypt and decrypt data on any computer without leaving a trace. It is equipped with a biometric sensor that verifies the identity of the user before allowing access to the data. It is also resistant to shocks, water and extreme temperatures.
  • EVITAG, an NFC tag that allows to create secure links between connected objects or people. It can be used to authenticate, share or control information or actions remotely. It is also programmable and adaptable to different uses.

The benefits of these concepts for the planet and humanity

Freemindtronic est donc un exemple d’entreprise qui allie innovation technologique et responsabilité écologique. Ses produits de cybersécurité et de cybersécurité répondent aux besoins actuels et futurs de ses clients tout en respectant l’environnement et la société.

These products have several environmental, social and economic benefits:

  • They reduce resource consumption by using recyclable or biodegradable materials, optimizing the size and weight of the products, and limiting unnecessary packaging.
  • They extend the lifespan of the products by guaranteeing their reliability, robustness and scalability. Some products are even guaranteed for life by the manufacturer.
  • They recycle resources by offering customers to return used or obsolete products for repair, refurbishment or recycling.
  • They regenerate resources by supporting reforestation or biodiversity protection projects. For example, for each product sold, Freemindtronic plants a tree with the association Reforest’Action.

Freemindtronic: a company that follows the eco-friendly approach

Freemindtronic is therefore an example of a company that combines technological innovation and ecological responsibility. Its cybersecurity and cyber-safety products meet the current and future needs of its customers while respecting the environment and society.

Finally, if you want to know more about Freemindtronic and its products, you can visit its website https://freemindtronic.com or its social networks. You can also contact us for any questions or requests. We will be happy to help you.

Thank you for reading!

Uncategorized

IK CODE NF EN 62262

Posted on by FMTAD

Shock resistance

The European standard EN 62262, the equivalent of the international standard IEC 62262 (2002), concerns IK ratings. This is an international numerical classification of the degrees of protection provided by the enclosures of electrical equipment against external mechanical impacts. It specifies the ability of an enclosure to protect its contents from external impacts. The IK10 classification is the highest vandal resistance rating with an impact energy of 20 joules repeatedly applied to the GRP enclosure.

Impact test characteristics

Indice IK

IK 01

IK 02

IK 03

IK 04

IK 05

IK 06

IK 07

IK 08

IK 09

IK 10

Impact energy (joules)

0.15J

0.20J

0.35J

0.5J

0.70J

1J

2J

5J

10J

20J

R mm (radius of striking element)

10

10

10

10

10

10

25

25

50

50

Material

Polymide

Polymide

Polymide

Polymide

Polymide

Polymide

Polymide

Polymide

Polymide

Polymide

Mass Kg

0.2

0.2

0.2

0.2

0.2

0.5

0.5

1.7

5

5

Pendulum hammer

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Spring hammer

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

Free fall hammer

No

No

No

No

No

No

Yes

Yes

Yes

Yes

1 J = 1 N m = 1 kg m2 s (The expression for the joule in the basic units of the international system is kilograms per square metre per square second.)

Bug Bounty, CONAND, Events, Uncategorized

Bug Bounty Express on Evitag: Conand 2018, the cybersecurity congress in Andorra

Posted on by FMTAD
Bug Bounty Express on EviTag NFC event illustration
08
Jan



Do you have what it takes to hack the contactless security solution by Fullsecure and Freemindtronic Andorra? If yes, then you should join the Bug Bounty Express on Evitag NFC HSM that took place at CONAND 2018, the cybersecurity congress in Andorra. It was a security challenge that consisted of detecting vulnerabilities on the innovative product Evitag NFC HSM, which allows to secure your secrets via an NFC electronic module. The Bug Bounty Express was organized by Fullsecure, partner of CONAND 2018, on its booth during the second edition of the event, on February 7 and 8, 2018.


Conand Show Events


What is CONAND 2018?


CONAND 2018 is an event organized by Andorra Telecom, the telecommunications operator of the country, in collaboration with the government of Andorra, the Cybersecurity Research Center of the University of Andorra and the Chamber of Commerce, Industry and Services of Andorra. It aims to promote cybersecurity as a key element of digital transformation and to strengthen Andorra’s position as a technological and innovative hub. The second edition of this congress took place from February 7 to 8, 2018 at the Congress Center of Andorra la Vella and brought together national and international experts, companies, institutions and researchers around conferences, workshops, demonstrations and business meetings.

Bug Bounty Show Events


What is a Bug Bounty?

A Bug Bounty is a reward offered to anyone who can find and report a security flaw in a software, a hardware, a website or an application. The reward can be monetary, in-kind or in recognition. The Bug Bounty aims to encourage ethical hackers to help improve the security of the products and services they use, and to prevent malicious hackers from exploiting the vulnerabilities they find.


Demo show in booth


How to use Evitag NFC HSM?


To use Evitag NFC HSM, you just need to have an Android NFC smartphone and the Android application developed by Freemindtronic Andorra. By passing the NFC HSM module under the phone, you can display your secret, share it in RSA 4096 (a very robust asymmetric encryption algorithm) or use it directly on your phone or on a computer via a web extension coupled to the phone serving as a terminal.




Safety and Cybersecurity System presented at Conand 2018


What are the advantages of Evitag NFC HSM?


EviTag NFC HSM has several advantages over traditional solutions for storing your secrets:

  • It works without server or database, which reduces costs and risks of hacking.
  • It works only without contact, which avoids compatibility or connectivity issues.
  • It is lifetime without battery, without maintenance and tamperproof and waterproof, which ensures its reliability and durability.
  • It uses an AES 256 encryption algorithm, recognized as one of the safest in the world, to encrypt your secrets stored in the EPROM memory of the NFC.


Use case


Who is Evitag NFC HSM for?


Evitag NFC HSM is for anyone who needs to secure their secrets in a convenient and reliable way. It is especially useful for private users who want to protect their online accounts, digital wallets, social media profiles and other sensitive information. Indeed, with Evitag NFC HSM, you can:

  • Manage and access your secrets easily without having to memorize or write them down.
  • Log in to your online accounts using the NFC HSM to display your password in volatile memory on your phone without leaving any trace of it.
  • Share your secrets with your friends or family in a secure and controlled way.
  • No risk in case of loss, theft or attempted compromise of the NFC HSM module locked to access with more than 9 trust criteria serving as a multifactor authentication system. Knowing that your secrets contained in the NFC HSM can be cloned, backed up in an encrypted way for later restoration in a new NFC HSM.
  • Benefit from a high level of security thanks to the physical and logical protection of the NFC HSM module encrypted in AES 256 with segmented key.


Bug Bounty Information


What was the Bug Bounty Express on Evitag NFC HSM at CONAND 2018?

The Bug Bounty Express on Evitag NFC HSM was a security challenge that consisted of detecting vulnerabilities on the product Evitag NFC HSM. The product included an Android application and an NFC electronic module. The challenge was to recover the login and password hosted inside an Evitag NFC HSM safe.

The Bug Bounty Express lasted for two days, from 10 am to 6:30 pm, on February 7 and 8, 2018. It was free and open to anyone who wanted to participate. It took place on the Fullsecure booth at the Congress Center of Andorra la Vella, where five Evitag NFC HSM devices were available for testing. Each device contained five labels, five login and five passwords, brute force enabled with administrator password and jamming enabled. One device was dedicated to physical brute force attacks (Tamper-proof).

Each participant had to register online and submit their vulnerability reports online. The material provided for testing included an oscilloscope, a NFC reader card for PC, a professional thermal sensor with thermal image capture, a WIFI router for creating a local network for the EVILOCK NFC function, and the Android application and the web plugins for Evitag NFC HSM.

The participant was free to use any type of material to carry out their attacks. The participant brought their material under their sole responsibility, such as computer, smartphone, measuring devices and/or radio frequency.

For physical brute force attacks, the participant had to bring their tools and/or physical attack solutions. However, tools and/or solutions that could harm the physical integrity of people were prohibited within the framework of the CONAND event. In the event that the participant wanted to carry out this type of test, they had to make an explicit and motivated request. The request accepted by Fullsecure, had to be carried out outside the framework of the event in a secure environment by the participant. At least one witness was present during the physical attack and was filmed by a person from Fullsecure.

In general, all brute force attacks were allowed, whether passive and/or intrusive.

What were the rewards for the Bug Bounty Express on Evitag NFC HSM at CONAND 2018?

The rewards for the Bug Bounty Express on Evitag NFC HSM were as follows:

  • For each vulnerability detected, the participant received a certificate of participation and a trophy with the name of the vulnerability and the name of the participant.
  • For the first vulnerability detected, the participant received a gift voucher of 100 euros.
  • For the second vulnerability detected, the participant received a gift voucher of 200 euros.
  • For the third vulnerability detected, the participant received a gift voucher of 300 euros.
  • For the fourth vulnerability detected, the participant received a gift voucher of 400 euros.
  • For the fifth vulnerability detected, the participant received a gift voucher of 500 euros.

The maximum amount of rewards per participant was 1500 euros. The rewards were cumulative and could be combined with other rewards offered by other partners of the event.


Buy


How to get Evitag NFC HSM?

Evitag NFC HSM is a product marketed in white label by Fullsecure, a company specialized in the distribution of IT security solutions. To learn more about Evitag NFC HSM or to place an order, you can contact Fullsecure at the following coordinates:


Send us a message


    How to join the Bug Bounty Express on Evitag NFC HSM?

    If you are interested in joining the Bug Bounty Express on Evitag NFC HSM, you can find more information about the challenge, the rules, the rewards and the registration process on the following link: Bug Bounty Express on Evitag NFC HSM. This is a great opportunity to test your skills, learn new techniques and earn incentives for finding vulnerabilities on this innovative product. Don’t miss this chance to join the cybersecurity community and contribute to making the digital world safer.