Slashdot Mirror
DNS Hijack Leads To Bitcoin Heist
First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."
Bitinstant's mother. She knows both her maiden name and his birthdate, probably.
I do not think that any court or official government body recognizes your television as being a legitimate currency but I can be prosecuted for stealing it. If it has value to the owner, it can be stolen.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Lamps, dog food, and records aren't currency, but if someone broke in your house stole them from you it would still be a crime.
You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
If a standard currency exchange was robbed for $12,000 we would not even read the story. This is a trivial crime and of little interest. It serves more as a warning rather than as a bank robbery story. I hope that those that are concerned learn from this but if this is the crime of the century in the Bitcoin world then they are doing really well.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
I don't know how bitcoins work; but don't they have serial numbers? Isn't there some way for the original owners to say something like, "153545FDCEAB-35353ABD-01 is hot" and publish that to a public list?
You can't steal data... Just like you can't steal language.
You can't steal data, but do you have the right to copy it? And can you copy bitcoin? Is bitcoin data?
See subject.
Nothing to see here. Move along.
I've heard a few people with bitcoins complaining about how they can't do anything with them and they're locked in. Apparently there's an online store that catalogs all the stuff you can buy all over the place, with bitcoins . . . and it looked to me like the kind of shitty collection of stuff you'd expect at a flea market. High priced low-end windows laptops and speaker wire and shampoo and shit.
You can't steal data... Just like you can't steal language.
Slashdot - full of sophists, meme chanters, and semantic pedants, but sadly it hasn't been a forum for intelligent opinion for sometime.
You talk here about theft worth only 300 BTCs or 12 000$
Well, I can only conclude that overall BTC security maybe has improved. Recall previous thefts worth of 25 000 BTC or 500 000$ (at that time) or 18 547 BTC or 87 000$ (at that time).
Why such conclusion? Well, if those evil people started to go after such low-profile target, it *can* mean that all high profile targets have adequate security.
#
#\ @ ? Colonize Mars
#
Current BTC exchange rates and trading volumes offer quite a different view.
Write failed: Broken pipe
It's wire fraud. Nobody needs to recognize the currency to prosecute for that.
Michael J. Ryan - tracker1.info
Eh. There's plenty of intelligence here: but these days, it mostly comes in the ossified form of Clarke's elderly scientist:
"If an elderly but distinguished scientist says that something is possible he is almost certainly right, but if he says that it is impossible he is very probably wrong."
Bitcoin, Climate Change, etc. /. got old...
Capcha: compost. heh...
The court ruled that:
*) Virtual items have value in virtual of the effort and time invested in obtaining them
*) The value in Virtual items is recognised by those that play the game (including the defendents who went to the trouble to take them)
*) The Virtual items were under the exclusive control of the player – who was relieved of this control
The court made reference to cases of electricity theft which is a similar intangible good but certainly has properties of power and control, and consequently can be stolen.
http://www.virtualpolicy.net/runescape-theft-dutch-supreme-court-decision.html
it's in my head
You can't steal language because nobody is trying to keep language a secret. It's public domain. It doesn't belong to anyone.
bitcoins aren't data per se. A person's private key for their bitcoin wallet that is used to transfer ownership of bitcoins is data. It's just a long number. The proof of work used to establish a bitcoin is data. The transaction history of each bitcoin is data.
A bitcoin is more than just the data underlying it. There are may thousands of copies of each bitcoin, but at any given time only one person has the authority to transfer a bitcoin to someone else.
A bitcoin itself cannot be copied. To copy a bitcoin would mean copying it's ability to be spent (allowing it to be spent twice). This would ruin any currency. And much of the design of bitcoin is prevention of double spending.
This is similar to how xeroxing your bank statement doesn't double the amount of money you have in the bank.
Robbery is using violence or intimidation to take anothers property.
Social Engineering plus stealing is not robbery.
BTC is divisible into smaller units. To quote the link:
In trade, one bitcoin is subdivided into 100-million smaller units called satoshis, defined by eight decimal places.
Your entire argument is therefore invalid. Perhaps you shouldn't have wasted so much time typing it.
Write failed: Broken pipe
gets more like a Charlie Stross novel. Sigh.
If you had studied the subject for even 10% of the time it took to write that, you would have realized the problems you describe only exist in your head.
Bitcoin is a very cool idea. Just because it's not _exactly_ like some existing idea (like state-backed currency) does not make it stupid.
If someone steals your car in the night, you find no car in your driveway in the morning. If someone steals your television, you have nothing to watch this evening. If someone steals anything, the stolen item is no longer in your possession: that's what stealing is.
In your example, the money was stolen. The data, however, was not.
"Convictions are more dangerous enemies of truth than lies."
Do people really use this stuff in place of real money? I'll keep my real cash thanks... And as the world's currencies (particularly the dollar) are being intentionally devalued, I'll hang on to my precious metals.
Mothers maiden name: 9zimu8sj4q99uf
Place of birth: wj9awitkj4girc
If you use real details, you're a fool.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
I think the court got it wrong, The value inherent in virtual goods is in the price that people are willing to pay for them or would be willing were they on the market. Supply and demand dictates value.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
No, Bitcoins aren't data, they are imaginary. What was stolen were the secret keys (data) that allow you to spent the Bitcoins. Or you could say that the ownership certificate was changed without the permission of the previous owner.
Maybe it's a bit like if I "steal" your car by convincing the world that it is legitimately mine? Or like if I convince our circle of friends that your imaginary friend hates you now and spends all his time with me so when you tell stories about your adventures with him nobody believes you any more ;)
what actually happens in this type of incident? from what i read, the bitcoin is supposed to be tied to your secret keys and whatnot. so what do they actually steal from the "broker"?
One of the thieves was later seen at the racetrack, trying to put down 1024 bitcoins on a horse in the third race.
He was apprehended and later sentenced to 10 years of ridicule without possibility of parole.
You are welcome on my lawn.
This looks like poor security from everyone involved.
This is perhaps arguable in the case of VirWox, the exchange used to move the money out of the account. According to the article, VirWox has offered two factor authentication since September of last year. The fact that BitInstant didn't use it allowed the attackers to succeed with the heist. I say arguable because two factor authentication should probably be mandatory for anything that involves monetary transactions.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Supply and demand dictates value.
The court's 1) is supply and 2) is demand.
One way of doing it is to use somebody else's info for password reset so you can remember what you entered. Maybe you pick John Kennedy. You'd enter Kennedy's mother's maiden name, Kennedy's dog's name, etc. That way anyone impersonating you by entering your data doesn't get in, but you don't have to remember nonsense answers.
Believe it or not that was only approximately 266 bitcoins.
Crying bull on that one. That means that my precious family photos have zero value. It's the value they have to the possessor, not the value to others. My collection of digital photos on a drive, if erased maliciously, by your standards would have zero harm. The drive I'm paying for "in the cloud" is still there... in fact, from the market's perspective, the thief did me a favor by freeing up storage, thereby increasing the utility of the service. Ahem, yes, but data that _I_ value is gone, and nobody will care what the market would have paid. To test this, remote wipe 10 iPads in your organization, and then tell them you did them a favor by increasing the utility of their iPad, and that the market wouldn't have paid for the photos, so therefore there was no value destroyed, so no harm.
what about MMO games where you can take stuff form others as part of game play and let's say there are 3rd party sellers in game that lets you buy stuff with cash and also sell stuff for cash?
How will the courts look at that?
Some one can say Bitcoin is a game with real cash stores as part of it.
This is not a problem of Bitcoin, but of the site that got robbed. They should increase their security! Begin using Bitcoins here - http://thebitcoinmaster.blogspot.com
Bitcoins are imaginary property. Slashdot is against imaginary property. Therefore bitcoins are bad and should be copied whenever possible. After all they are just data, and data wants to be free.
It is not the data that is being stolen. Data is just bits and bytes, kilobytes etc. of ones and zeroes.
What APPEARS AS being stolen is the information encoded within the data.
What is actually happening is UNAUTHORIZED ACCESS. Possibly unauthorized dissemination of information, revealing of trade and other secrets etc. IF the information is relayed to a third party.
It helps if you think of it as a case of early 20th century spying.
A spy intercepts and reads an enciphered radio transmission - he has the data but no information. Information gets to its intended recipient, clearly not stolen.
A spy deciphers the transmission - he has access to what he was actually after. The information.
Information still gets to its intended recipient, still not stolen, BUT - the spy above has also had access to information.
So far, all that the spy is guilty of is unauthorized access.
If and when he delivers the information to the third party, then he is guilty of various other things. None of them being stealing.
You can absolutely steal data. If you steal someone's debit card and buy a bunch of stuff with it, you have stolen data that allowed you to gain access to their bank account. Someone else ends up losing the stolen dollars you used.
That is not stealing data.
That is stealing a physical object, a debit card, THEN using it without authorization to gain access to the bank account, THEN stealing the money from the account.
No data was stolen. No, not even when the money was stolen in the end.
Data on the card was USED to access the bank account but it was not stolen - the CARD was stolen. And the money.
Same way you are not stealing the position of the teeth on a key used to open a safe - you are stealing a key.
Now, making a copy of the card or key - that's unauthorized copying OR just making a copy.
When you bring a "borrowed" key to a key copying store, the employee is not copying a key without authorization. He is just making a copy.
YOU are doing the unauthorized copying, but only if there is a specific rule prohibiting access to that key or making copies of it.
Same with the card.
Making a copy is unauthorized copying, accessing the account is unauthorized access, stealing money is stealing - but the card or the data were not stolen.
Money was.
Mit der Dummheit kämpfen Götter selbst vergebens
Amateur bankers hustled by trivial attack. Film at eleven.
In your example, the money was stolen. The data, however, was not.
When was the last time you visited the bank and asked them to actually show you your money?
Last time I checked my bank balance it was via a NetBank screen, so I suppose that amount is nothing more than a database variable right?
Wait, did I just make bank robbery legal? Hold on ...
what about MMO games where you can take stuff form others as part of game play and let's say there are 3rd party sellers in game that lets you buy stuff with cash and also sell stuff for cash?
How will the courts look at that?
Some one can say Bitcoin is a game with real cash stores as part of it.
MMO developers are adamant about retaining ownership any and all digital items in their game - you don't own the "Sword of Dragon-slaying Greatness" (or whatever..) you just have a license to access it. Selling an item that you don't own is iffy.
some games do have a in game store that they get a cut of the sales.
Now just saying a game maker can have all kinds of stuff in it but then what happens when that mixes with real laws out side of the game??
Let's say hacking is part of the game but let's just say the game makes messed up and you can get into people real data or a in game hack ends up taking down a sever.
But if you use the same person's data for every site you still have the problem of a hacker being able to use the information from one of the sites to get into all of the others.
You can steal anything that has value if you intend to permanently deprive the owner of said property. There is no requirement in law to show a physical object, only the property has value.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
A bit like the way that China is convincing everyone that they own Taiwan?
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Zero value for criminal prosecution.. The loss of family photos would end up in civil court I believe, and could possibly bring in millions depending on "harm" determined there..
Family photos that were stolen in a criminal case would probably have the same value any other random photo's fair market value (not much).
You're free to copy your bitcoins as much as you want. It just won't actually get you anywhere. You're an idiot.
You can shop for anything online using http://bitspend.net/
Amazon, newegg, ebay, department stores, etc.
You can get a US Dollar-denominated Mastercard debit card from http://www.okpay.com/en/services/accept-payments/index.html
and fund it with bitcoins.
Subdivision is irrelevant, and does not render my entire argument invalid, there are still a finite number of these things. They're still worthless, so something that is arbitrarily designated to be a 100-millionth of something that's worthless is also worthless. Your attempt to dismiss my point by making a straw-man out of one aspect of it and then pretending to knock that down, and then declaring that you've knocked down the actual point itself is sad. You shouldn't have wasted so much time typing that.
I do love (and I'm being sarcastic here, in case anyone reading this is too slow to figure that out,) how things people disagree with get modded down on slash-shit. Doesn't matter if the point is valid, or the sentiment expressed is correct, if it's unpopular, it's made harder to read by the jackasses running the show, or their karma-whores who suck dick for points.
Fuck this place, I'm done trying to talk to you moronic pseudo-tech-intellectuals.
I don't have to read 10% of the bible to know it's 100% bullshit, just as I don't have to study bitcoin to know someone making up a currency is no different from someone bottling and selling snake-oil is a scam.
This here is my famous, patented Digital Snake-oil! Guar-an-teed to cure everything that ails your personal fi-nance-es!
Yeah, enjoy your bitcoins. Spend real money (or other valuable commodities) to obtain them. Have fun.
Examples of data would be: 5, $, B, T, C. Meaningless values. 5 of what? How much IS 5? What does $ signify? Or B?
Examples of information would be: $5, BTC5 - data encoded with meaning. 5 dollars. 5 BitCoins.
KNOWING which one of those is worth more would be knowledge.
Wisdom would be using that knowledge to achieve something. Some form of advantage or additional value.
http://en.wikipedia.org/wiki/DIKW_Pyramid
Mit der Dummheit kämpfen Götter selbst vergebens
The same can be said for any tangible good, from cars, food, baseball cards and the computer device you're touching right now, to oil, gold, and money itself. The value of a thing is exactly equal to the price someone is willing to pay you for it.
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
No precedence required. You cant steal data that does not belong to you. Almost all photographs are completely digital now... you think that somehow there is no ownership because they lack the physical quality of pictures from the past? And accessing a website using fake credentials to access someone elses account is illegal in most countries and further it specifically breaks the user agreement for site usage. This was obviously a crime and there is no need to prove whether bitcoins have dollar value or not. If caught and prosecuted, any ruling would require the bitcoins to be returned (I assume). Which would effectively return the value to the owner regardless of whether or not the courts recognize this as currency.
If someone discovers your bitcoin wallet private key, your bitcoins will now be stolen and are no longer available to you.
yes you still have your bitcoin wallet private key, but now it's useless because there are no more bitcoins that can be transferred with that private key. I am not saying *all* data can be stolen. I am saying that bitcoin wallet private keys are special in that they behave like real property. They really do stop working correctly once someone else knows them, just like how your car doesn't get you places anymore once someone else has it.