Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Neustar, Inc.
Protect your website & network
using real-time information & analysis

www.neustar.biz
Network Security
See data differently
Average Rating:
Rate this article:  
Behind the Million-Dollar Bitcoin Hack
Behind the Million-Dollar Bitcoin Hack

By Jennifer LeClaire
November 8, 2013 12:41PM

    Bookmark and Share
Putting a wallet that size on the Internet is like dropping your own wallet in Times Square and thinking your money will be there when you return hours later. Someone with that much money in Bitcoins should take appropriate security precautions. But, yeah. Sorry bro. A fool and his Bitcoins are easily parted, said security expert Ken Pickering.
 



Hackers swiped more than $1 million worth of Bitcoins from Inputs.io. The site owner, which goes by the public-facing name TradeFortress, waited weeks to tell its customers about the theft of 4,100 Bitcoins in two separate hack attacks.

Bitcoin is the network behind a new payment system that lets you use digital money. It is the first user-powered, decentralized, peer-to-peer payment network with no central authority or middlemen. From a user perspective, Bitcoin’s creators describe it as cash for the Internet.

In a message simply headlined, “:(,” the company said the hacks left Inputs.io unable to pay user balances. Apparently, the hacker broke into the hosting account through compromised e-mail accounts. The attacker was able to bypass 2FA due to a flaw on the server host side, according to the company.

“Database access was also obtained, however passwords are securely stored and are hashed on the client,” the company said. “Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31 (most likely another compromised server).”

Prepare to Get Robbed

We turned to Matthew Bergin, a senior security consultant at security firm CORE Security, to get his reaction to the theft. He told us, plain and simply, that this is what TradeFortress gets for storing Bitcoins on a system connected to the Internet.

“There are several other options for storing Bitcoins that are much safer,” he said. “That's a lesson learned the hard way, but at least it has been learned.”

Tommy Chin, a technical support engineer at CORE Security, told us Bitcoin transactions are irreversible by design. In other words, there are no 30-day return or exchange policies.

“This attracts some serious criminal talent,” he said. “If you use Bitcoins, be prepared to get robbed no matter how much security you implement. By design, this system gives smart people easy methods to take someone else's money.”

Trade Fortress isn’t taking it lightly. Consumers who store more than one Bitcoin are invited to send e-mails to the company with a Bitcoin address, preferably an offline, open source light or SPV wallet like Multibit or Electrum. That doesn’t do anything about the coins folks lost, but could secure coins in the digital bank.

“I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement,” the company said.

The Wallet Metaphor

Ken Pickering, director of engineering at CORE Security, told us the anonymity of Bitcoins makes them about as traceable as cash by default, and therefore as easy to steal as cash.

“The wallet metaphor is an accurate one. If someone gains access to your physical wallet without your knowledge, they can do much of the same thing. Putting a wallet that size on the open Internet is like dropping your own wallet in the center of Times Square and thinking somehow all your money will be there when you return hours later,” Pickering said.

“Someone with that much money in Bitcoins should take appropriate security precautions. But, yeah. Sorry bro. A fool and his Bitcoins are easily parted,” he added.
 

Tell Us What You Think
Comment:

Name:



You have the experience and skills, let an ISACA® certification demonstrate your value. Our certifications announce that you have the expertise and insight to speak with authority. ISACA certification is more than a credential; it's a platform that can elevate your career. Register for an Exam Today.


 Network Security
1.   Russian Hacker's Charges Revealed
2.   Another IE-Focused Patch Tuesday
3.   Russian Arrested in Hacking Case
4.   Most Networks Not Ready for IoT
5.   Gartner Rates IT Security Companies


advertisement
Android SMS Worm on the Loose
Malware lets bad actors cash in.
Average Rating:
Another IE-Focused Patch Tuesday
One critical for Internet Explorer.
Average Rating:
Most Networks Not Ready for IoT
But most enterprises are prepared.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Charges: Russian Stole Data from U.S. Restaurants, Zoo
A Russian man arrested on bank fraud and other charges hacked into computers at restaurants in Washington, hundreds of other retail businesses, and even the Phoenix Zoo, authorities say.
 
Another Month, Another IE-Focused Patch Tuesday
Microsoft rolled out 59 vulnerabilities for Internet Explorer in June. But the IE-patching party is not over yet. Redmond published six new security bulletins on Tuesday; two, critical; three, important.
 
Russian Arrested in Hacking Case Filed in Seattle
The U.S. Secret Service has arrested a Russian man who is accused of hacking store computers to steal thousands of credit card numbers, charging him with bank fraud, identity theft and more.
 

Enterprise Hardware Spotlight
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 
Gartner Sales Study Sees Tablets Up, PCs Down but Recovering
Are PCs on the comeback trail? That depends on how you define "comeback." While tablet sales remain strong, Gartner's latest study found PC shipments aren't dropping as fast as they did last year.
 
Review: Warming Up to Tablets with Keyboard Covers
If you've ever thought tablets with keyboard covers were just a poor excuse for a laptop, think again. Nokia's Lumia 2520 comes with an optional keyboard cover that just may change your mind.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.