Mandiant releases quick credential cracker, to hasten the death of a bad protocol

Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol. For over 20 years researchers have known that Microsoft’s Net-NTLMv1 legacy authentication protocol exposes users to credential theft. Yet it’s still out there. Mandiant therefore released rainbow tables it says allow security pros to easily demonstrate the weakness of Net-NTLMv1. “The release of this dataset allows defenders and researchers to recover keys in under 12 hours using consumer hardware costing less than $600 USD,” Mandiant’s principal red team consultant Nic Losby wrote last week. Losby’s post explains how to use the dataset, and concludes “Organizations should immediately disable the use of Net-NTLMv1.”

In other legal news, a US District court last week sentenced a US Navy sailor convicted of selling secrets to China to 16 years and eight months of prison time. The court last year convicted Wei of six espionage-related charges, stemming from the sale of technical manuals and operational information to a Chinese intelligence official between 2022 and 2023. According to the Department of Justice’s note on his sentencing, he earned around $12,000 for his spying activities. Additionally, Nicholas Moore, 24, of Springfield, Tennessee, last week pleaded guilty to hacking the US Supreme Court’s electronic document filing system. Per court documents, Nicholas Moore spent 25 days illegally accessing the SCOTUS filing system in 2023, earning him a charge of computer fraud. US electronic court systems have been compromised on numerous occasions in recent years, most recently by supposed Russian hackers who were accused of attacking the Public Access to Court Electronic Records (PACER) system last year. Moore, who was charged under 18 USC 1030(a)(2), could face up to a decade in prison, plus fines.

Meanwhile, the Nigeria-based crime syndicate Black Axe was recently busted by Interpol, with the cross-border police organization reporting apprehending 34 individuals in Spain. Black Axe is known to engage in various types of crime, both virtually and in the physical world, involving cyber-enabled fraud, drug and human trafficking, and even armed robbery. Interpol believes Black Axe has around 30,000 members, plus countless affiliated individuals. While Interpol said 10 of its recent arrests involved members of the gang’s core group from Nigeria, the sheer numbers of Black Axe actors mean recent arrests are a pinprick. The group has been busted twice previously in recent years, with 75 arrests in 2022 and 14 more apprehensions in 2023.

To read the complete article see: The Register