🔑🦸‍♂️ [monthly report - March 2021]

@keys-defender 69

about 3 years ago (Edited)

LeoFinance

@keys-defender activity report for the past month

I've been on paternity leave so I managed to do a bit more than usual.. =]

K E Y S P R O T E C T I O N:

1. @kuro6380

Chain: Hive (active only on hive 😎)
Type: Memo key
Operation in which the account was leaked: transfer_to_savings

Leaked account stats:

- Estimated Account Value: $ 10.64
- Reputation: 43
- Followers: 2
- Account age: Joined Feb 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure

2. @gatticus

Chain: Hive (hive only account)
Type: Memo key
Operation in which the account was leaked: transfer

Leaked account stats:

- Estimated Account Value: $ 30.03
- Reputation: 51
- Followers: 17
- Account age: Joined Nov 2020

@keys-defender's actions:
- Immediate automated reply
- Disclosure

3. @deltaforces

Chain: Steem (steem only account 👎)
Type: Posting key
Operation in which the account was leaked: comment

Leaked account stats:

- Estimated Account Value: $ 30.03
- Reputation: 30
- Followers: 9
- Account age: Joined Mar 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure

4. @royboyy

Chain: Hive (Hive only account 😎)
Type: Memo key
Operation in which the account was leaked: transfer

Leaked account stats:

- Estimated Account Value: $ 7.64
- Reputation: 6
- Followers: 2
- Account age: Joined March 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure

5. @omar703

Chain: Hive (Hive only account)
Type: Memo key
Operation in which the account was leaked: transfer

Leaked account stats:

- Estimated Account Value: $ 2.35
- Reputation: 34
- Followers: 3
- Account age: Joined Jan 2021

@keys-defender's actions:
- Immediate automated warning via transfer memo
- Disclosure

6. @themobile

Chain: Hive (steem+hive account but active only on Hive 😎)
Type: Memo key
Operation in which the account was leaked: transfer to savings

Leaked account stats:

- Estimated Account Value: $ 6.55
- Reputation: 25
- Followers: 2
- Account age: Joined Nov 2019

@keys-defender's actions:
- Immediate automated reply
- Disclosure

7. @angelnu

Chain: Steem (steem only account 👎)
Type: Posting key
Operation in which the account was leaked: post edit

Leaked account stats:

- Estimated Account Value: $ 31.98
- Reputation: 48
- Followers: 3
- Account age: Joined Feb 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure

_{NOTE: @keys-defender still scans the STEEM blockchain because your private keys are shared across the two chains unless you reset your password at https://wallet.hive.blog/@your-username-here/password!}

_{TOTAL KEYS FOUND since [launch](https://hive.blog/@gaottantacinque/the-keys-defender-bot-is-live-in-beta-mode):}

_{posting keys: // todo}
_{active keys: // todo}
_{memo keys: // todo}
_{owner keys: // todo}

PHISHING LINKS detected (and auto-replied to): ~1384❗

It has been a heavy month for phishing. The attacker that started his phishing waves in February did not slow down in March.

Example 1: https://hive.blog/hive-138876/@keys-defender/there-is-no-airdrop-it-s-just-phishing
Example2: https://hive.blog/hive-138876/@keys-defender/new-phishing-wave-do-not-fall-for-it-there-is-no-mainnet-launch

Furthermore the 3speak domain theft happened and cause the site to be temporarily marked as phishing.

New features have been added in @keys-defender (and some more not disclosed in order to make the phishing prevention more effective) that revealed successful to reduce the impact of such attacks. Plus, hopefully most frontends will start/continue using my universal script to block dangerous domains and users. See the development updates section for more info!

CODE INJECTIONS detected on Hive: 2

Just false positives, no harmful code was injected:

UNSAFE LINKS detected:

HTTP links: 70.6/h -> ~50,832/month. Auto-replies/warnings throttled 1/20.
Shortened links: 20.4/h -> ~14,688/month. Auto-replies/warnings throttled 1/20.

The latter figure seems smaller this month, maybe because of the phishing campaigns
reminding users that shortened links looks phishy 🎣 (and my warnings on their posts about shortened links? =] )

_{NOTE: links that do not use a secure protocol (https) and shortened links (eg. bit.ly) are NOT a threat per se but can lead to theft of credentials if misused or used in a malicious attack.}

O T H E R A C T I V I T I E S: --> will be moved to @hive-defender (👶👶👶👶👶)

Confirmed re-posting authors: 0 ✔️

Just some false positive that will be prevented in the future with an easy fix.

Hundreds of notifications were automatically sent to my discord server as suspicious shortening of posts body, but no actual findings were reported. I suspect that the volunteer that used to go through these suspicious edits stopped doing it because Hive Watchers stopped rewarding users for these type of reports. =[

_{some bug fixes are required as well}

Downvotes of @keys-defender (and its trail) against hive-abusers:

...thousands.. _{(I do not have accurate stats yet due to all the automated flags given the past month to farming and phishing waves)} ❗

Accounts:

not available at this time

_{@keys-defender currently follows the hiveflagreward team's downvote trail}
_{@keys-defender is downvoting: farming waves, phishing waves, old hive haters that are active again (but not spamming the chain with vomit and dick pics, at this time)}

Followers of my downvote-trail: 10 _{(plus their own trail - about $ 5 downvote power in total) -> PLEASE JOIN}

What else has been going on in March..

Phishing waves...
[when the attacker surrenders/stops/gets-arrested, I will reveal the additional defense put in place against him that has been effective in stopping him multiple times in the past couple of weeks as soon as he tried to start a new campaign 😎]

1. _{https://hive.blog/hive/@hivewatchers/new-phishing-warning-no-usdhive-7th-anniversary-airdrop-or-or-nueva-advertencia-de-phishing-no-hay-airdrop-del-7o-aniversario-de}

2. _{https://hive.blog/hive-138876/@keys-defender/there-is-no-airdrop-it-s-just-phishing}

3. _{https://hive.blog/hive-138876/@keys-defender/new-phishing-wave-do-not-fall-for-it-there-is-no-mainnet-launch}

3speak's domain got compromised and later on restored -> https://hive.blog/hivedev/@keys-defender/3speak-is-compromised-at-the-moment-please-do-not-use-it-until-resolved
farming waves on Hive _{(my countermeasure started on April 2nd but the waves started in March so I'm adding it to this report..)} -> https://hive.blog/hive-169321/@gaottantacinque/10-line-script-that-anyone-can-use-to-downvote-abuse-help-counteract-ongoing-farming-on-hive

DEVELOPMENT UPDATE:

Phishing protection in wallet transfers: https://hive.blog/hive-139531/@keys-defender/new-feature-phishing-protection-for-hive-wallet-transfers
Universal script for hive frontends to timely block phishing: https://hive.blog/hive-139531/@keys-defender/phishing-on-hive-no-more-solution-for-all-frontends
Command on chain to allow the Hive community to timely block a phishing campaign -> https://hive.blog/hive-139531/@keys-defender/community-reported-phishing-automation-added-to-keys-defender
New commands and new banlists for the community -> https://hive.blog/hive-169321/@keys-defender/new-commands-and-ban-lists

OTHERS:

Tentative of doing the first restrospective meeting for the Hive community in occasion of its first birthday -> https://hive.blog/hive-139531/@gaottantacinque/retrospective-meeting-for-the-hive-community

Future development:

See the posts above for more details.
In a nutshell my current priorities are:
_{( ...let's see how far I get today and tomorrow - will likely spend less time on this starting from next week, gotta do life stuff.. =] )}

@kd to follow hive-defender up-down/votes + notify discord of votes > 6.5 days
Mute lists and tests in testing community using @key-defender.shh
Formula to counteract exact votes (plus UI?)
Universal script to use new banlists. + other improvements
Allow community to remove entries from ban list
Abuse reports (rewarded) and separate ban lists (plagiarism, farming, etc)
Tech-only proposal to cover expenses??
Old (huge) backlog. Eg. bug fixes ( boring.. =] ).
😎

_{My security disclosures for Hive:}
_{- _{XSS vulnerabilities in #########.com}}
_{- _{XSS vulnerabilities in hive-db.com}

- _{XSS vulnerabilities in scribe.hivekings.com}

- _{XSS vulnerabilities in hiveblockexplorer.com}

- _{Malicious ads redirecting all Steemit iOS users to a phishing site}

- _{Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page}}

_{Other contributions:}
_{- _{Universal script to prevent phishing in all Hive frontends}}
_{- _{Commands for community reports and ban lists}}

Keys-Defender features:

- _{Keys protection_{[live scan of transfers / posts / comments / other_ops. Auto-transfers to savings, auto-reset of keys, ..] {see automatic posts on leak and monthly reports}}}
- _{Phishing protection
_{[live scan of commentsa and posts to warn users against known phishing campaigns and compromised domains, scan of memos]}}
- _{Re-posting detection
_{[mitigates the issue of re-posters]}}
- _{Code injections detection
_{[live scan of blocks for malicious code targeting dapps of the Hive ecosystem]}}
- _{Anti abuse efforts
_{[counteracts spam from hive haters and milking campaigns]}}

_{_{Discord server}}

To support this project..

- _{Delegation links:}
_{10, 20, 30, 40 HP
50,100, 200 HP,
500 HP, 1000 HP}

- _{Curation trail}
_{_{Follow my curation trail on hive.vote to upvote all my posts with a fixed weight.}}

_{I do NOT receive funds through a proposal or running a node witness.
If you like what I'm doing please upvote, delegate 👆 or auto-vote 👆 my posts.
Thx! 😊}

abuse stem security hivestats palnet neoxian