"It's a brilliant example of taking advantage of social weaknesses with technical exploitation," said Weaver, "Actually building the cryptography to do this would be something that would be a reasonable homework assignment. Doing the integration needed and the social aspects needed to get this adopted and used by thousands of criminals, running millions of dollars in drugs is the true brilliance of this operation."

It's unclear how the DOJ obtained the private key, but experts, including Dr. Nicholas Weaver, a cybersecurity professor at the University of California at Berkeley, have suggested federal officials effectively hacked the hackers in a show of unprecedented government intervention in the cryptocurrency space.

Sometimes even app developers can find it challenging to figure out where data is being sent because of third-party components built into apps, according to a study by Serge Egelman.

Notably, two of the gifts are from current Berkeley faculty: professors Scott Shenker and Ion Stoica of the Division of Computing, Data Science, and Society, and the College of Engineering. “We are deeply grateful for these three gifts.” said Jennifer Chayes, associate provost of the Division of Computing, Data Science, and Society. “I cannot imagine a stronger endorsement of CDSS and of Berkeley than the unprecedented generosity of our two current faculty, Scott and Ion.”

The Key to Getting People to Be Safer Online: Make the Appeals More Personal
June 7, 2021 | Serge Egelman and Eyal Pe'er for Wall Street Journal

Many of us know that strong passwords are crucial protection against hackers, yet many people still routinely use weak ones. So, how can they be encouraged to create stronger passwords? Our research suggests the answer is to make the appeal more personal.

How it came to have that private key is the key question. Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, said the most likely explanation is that law enforcement agents seized money from a specific DarkSide affiliate responsible for bringing the crime gang the initial access to Colonial’s systems.

Hacker Lexicon: What Is a Supply Chain Attack?
May 31, 2021| Andy Greenberg, Wired | Also appeared in Ars Technica on June 6, 2021

"Supply chain attacks are scary because they're really hard to deal with, and because they make it clear you're trusting a whole ecology," says Nick Weaver, a security researcher at UC Berkeley's International Computer Science Institute. "You're trusting every vendor whose code is on your machine, and you're trusting every vendor's vendor."

The experts on the panel — Angela Campbell, a Georgetown Law professor; Serge Egelman, a research director at UC Berkeley; and Beeban Kidron, founder and chair of 5Rights Foundation — also all testified in opposition to Instagram launching a platform for kids.

The IRS Wants Help Hacking Cryptocurrency Hardware Wallets
April 29, 2021 | Lorenzo Franceschi-Bicchierai, Vice

"It seems like overkill," Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an online chat. "For most of these devices a choice of 'Either give us the password or rot in jail for contempt' might be sufficient."

“One of the problems is that there have been a lot of advances in security—good advances aimed at protecting users—that make it a lot harder to intercept the traffic, which at the same time we need to do to see what’s in it,” said [Serge] Egelman.