Attacks/Breaches
11/27/2013
10:35 AM
50%
50%

Bitcoin Thefts Surge, DDoS Hackers Take Millions

Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays.

10 IT Job Titles We Miss
10 IT Job Titles We Miss
(Click image for larger view.)

Say you've created a cryptographic currency called bitcoin that promises users relative anonymity and untraceable transactions. What could possibly go wrong? The answer, of course, is that these virtues also appeal to hackers, malware developers, and organized crime rings who wouldn't think twice about committing virtual bank robberies.

Earlier this month, for example, Bitcoin Internet Payment System (BIPS), a Denmark-based Bitcoin payment processor, suffered a denial-of-service (DDoS) attack. Unfortunately for users of the company's free online wallets for storing bitcoins, the DDoS attack was merely a smokescreen for a digital heist that quickly drained numerous wallets, netting the attackers a reported 1,295 bitcoins -- worth nearly $1 million -- and leaving wallet users with little chance that they'd ever see their money again.

"On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th," Kris Henriksen, the CEO of BIPS, said via Reddit. "Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets."

BIPS has been conducting a digital forensic investigation and working with authorities to try to identify the perpetrators. It said that early results showed that the attack originated "from Russia and neighboring countries."

The BIPS heist followed two separate October attacks against Australia-based Inputs.io, in which attackers netted about $1.3 million in bitcoins after stealing all 4,100 bitcoins being held by the free e-wallet service.

[Criminals are taking shelter under bitcoins. See Dutch Banking Malware Gang Busted: Bitcoin's Role.]

The value of bitcoins continues to fluctuate wildly due to a bubble created by bitcoin speculators. In 2011, for example, the currency's value fell from $33 to just $1 per bitcoin before rising to more than $900 earlier this month on MtGox, the world's biggest bitcoin exchange. But that bubble burst the next day, when the value of bitcoins fell by half. As of early Wednesday, however, the currency's value had once again skyrocketed, trading at more than $980 on MtGox.

That rise in value has driven hackers to attack online wallet services that store bitcoins. "Each of these companies had been operating officially for only a few months, yet already had entrusted to them millions of dollars that are now in the hands of cybercrooks," Paul Ducklin, head of technology for Sophos in the Asia Pacific region, said Tuesday in a blog post.

Malware writers have also taken a keen interest in bitcoins, with some -- especially Russian gangs -- modifying their crimeware tools to identify and steal any bitcoins found on infected PCs. "There are numerous malware families today that either perform Bitcoin mining or directly steal the contents of victims' Bitcoin wallets, or both," according to a blog post from Robert Lipovsky, a researcher at security firm ESET.

(Source: zcopley)
(Source: zcopley)

Other malware attacks have started closer to home. Last week, for example, the New Jersey state attorney general's office announced that it had settled a complaint it filed against Commack, N.Y.-based online gaming company E-Sports, as well company co-founder Eric Thunberg and software engineer Sean Hunczak. According to the complaint, Hunczak designed malware that infected about 14,000 computers that subscribed to the company's service, and which mined their PCs for bitcoins, which the perpetrators then sold for about $3,500. Under the terms of the state's $1 million settlement agreement, the company will pay a fine of $325,000, but the rest will be vacated, providing the company complies with a 10-year compliance program.

But not all bitcoin heists have been executed via hack attacks or malware. For example, a China-based bitcoin exchange called GBL launched in May. Almost 1,000 people used the service to deposit bitcoins worth about $4.1 million. But the exchange was revealed to be an elaborate scam after whoever launched the site shut it down on October 26 and absconded with the funds.

Given the potential spoils from a successful online heist, it's not surprising that related attacks are becoming more common. "Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins," said Henriksen.

Bitcoin users have echoed that suggestion. "One note of warning: don't trust any online wallet," read a comment on a recent Guardian feature. "The two biggest ones have already been robbed. Use your own wallet on your own computer and back it up on a USB stick."

"Remember, you don't have to keep your Bitcoins online with someone else: you can store your Bitcoins yourself, encrypted and offline," said Ducklin at Sophos.

Knowing your enemy is the first step in guarding against him. In this Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, we examine the world of cybercriminals -- including their motives, resources and processes -- and recommend what enterprises should do to keep their data and computing systems safe in the face of an ever-growing and ever-more-sophisticated threat. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 3 / 3
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
11/27/2013 | 2:53:09 PM
Re: Virtual Highway Robbery
There are indeed too many outlaws out there. It isn't the bitcoin network in and of itself that is the problem, its bad people trying to steal money from ususpecting users.

Companies providing bitcoin services should not be so unsuspecting; they shold implictly undertstand the risks of getting involved in bitcoin-based businesses and understand that security should be of paramount importance. 
coalminds.com
50%
50%
coalminds.com,
User Rank: Apprentice
11/27/2013 | 2:17:31 PM
Re: Virtual Highway Robbery
"According to the complaint, Hunczak designed malware that infected about 14,000 computers that subscribed to the company's service, and which mined their PCs for bitcoins, which the perpetrators then sold for about $3,500. Under the terms of the state's $1 million settlement agreement, the company will pay a fine of $325,000, but the rest will be vacated, providing the company complies with a 10-year compliance program."

So breaking into someone's property 14,000 times just leads to a settlement? Shouldn't he be doing hard time the way he would be if he were a black person let's say... possessing a pound of marijuana?
WKash
50%
50%
WKash,
User Rank: Apprentice
11/27/2013 | 1:46:56 PM
Virtual Highway Robbery
Knowing..."That rise in value has driven hackers to attack online wallet services that store bitcoins," it's hard to get excited about jumping on the virtual currency wagon trail...too many outlaws out there.

 
<<   <   Page 3 / 3
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.