Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Hijack Leads To Bitcoin Heist

Posted by timothy on from the don't-make-trouble-nobody-gets-hoit dept.

First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."

126 comments

  1. Conviction for stealing bitcoins by Anonymous Coward · · Score: -1

    I'm waiting to see whether or not someone would be convicted for stealing bit coins as no court or official government body recognizes them as being a legitimate currency. A case in this would lead to an interesting de-facto precedent being set.

    1. Re:Conviction for stealing bitcoins by Zemran · · Score: 5, Insightful

      I do not think that any court or official government body recognizes your television as being a legitimate currency but I can be prosecuted for stealing it. If it has value to the owner, it can be stolen.

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    2. Re:Conviction for stealing bitcoins by HairyNevus · · Score: 3, Informative

      Lamps, dog food, and records aren't currency, but if someone broke in your house stole them from you it would still be a crime.

      --
      You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
    3. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 0

      You can't steal data... Just like you can't steal language.

    4. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 1

      You can't steal data, but do you have the right to copy it? And can you copy bitcoin? Is bitcoin data?

    5. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 0

      You can't steal data... Just like you can't steal language.

      • Copyright, patents, DRM
      • Copyright, trademark, plagiarism

      Slashdot - full of sophists, meme chanters, and semantic pedants, but sadly it hasn't been a forum for intelligent opinion for sometime.

    6. Re:Conviction for stealing bitcoins by aztracker1 · · Score: 4, Insightful

      It's wire fraud. Nobody needs to recognize the currency to prosecute for that.

      --
      Michael J. Ryan - tracker1.info
    7. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 1

      Eh. There's plenty of intelligence here: but these days, it mostly comes in the ossified form of Clarke's elderly scientist:

      "If an elderly but distinguished scientist says that something is possible he is almost certainly right, but if he says that it is impossible he is very probably wrong."

      Bitcoin, Climate Change, etc. /. got old...

      Capcha: compost. heh...

    8. Re:Conviction for stealing bitcoins by Troed · · Score: 4, Informative

      The court ruled that:

      *) Virtual items have value in virtual of the effort and time invested in obtaining them
      *) The value in Virtual items is recognised by those that play the game (including the defendents who went to the trouble to take them)
      *) The Virtual items were under the exclusive control of the player – who was relieved of this control

      The court made reference to cases of electricity theft which is a similar intangible good but certainly has properties of power and control, and consequently can be stolen.

      http://www.virtualpolicy.net/runescape-theft-dutch-supreme-court-decision.html

      --
      it's in my head
    9. Re:Conviction for stealing bitcoins by TsuruchiBrian · · Score: 1
      You can absolutely steal data. If you steal someone's debit card and buy a bunch of stuff with it, you have stolen data that allowed you to gain access to their bank account. Someone else ends up losing the stolen dollars you used.

      You can't steal language because nobody is trying to keep language a secret. It's public domain. It doesn't belong to anyone.

    10. Re:Conviction for stealing bitcoins by TsuruchiBrian · · Score: 5, Informative

      bitcoins aren't data per se. A person's private key for their bitcoin wallet that is used to transfer ownership of bitcoins is data. It's just a long number. The proof of work used to establish a bitcoin is data. The transaction history of each bitcoin is data.

      A bitcoin is more than just the data underlying it. There are may thousands of copies of each bitcoin, but at any given time only one person has the authority to transfer a bitcoin to someone else.

      A bitcoin itself cannot be copied. To copy a bitcoin would mean copying it's ability to be spent (allowing it to be spent twice). This would ruin any currency. And much of the design of bitcoin is prevention of double spending.

      This is similar to how xeroxing your bank statement doesn't double the amount of money you have in the bank.

    11. Re:Conviction for stealing bitcoins by osu-neko · · Score: 2

      If someone steals your car in the night, you find no car in your driveway in the morning. If someone steals your television, you have nothing to watch this evening. If someone steals anything, the stolen item is no longer in your possession: that's what stealing is.

      In your example, the money was stolen. The data, however, was not.

      --
      "Convictions are more dangerous enemies of truth than lies."
    12. Re:Conviction for stealing bitcoins by MrL0G1C · · Score: 3, Insightful

      I think the court got it wrong, The value inherent in virtual goods is in the price that people are willing to pay for them or would be willing were they on the market. Supply and demand dictates value.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    13. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 1

      No, Bitcoins aren't data, they are imaginary. What was stolen were the secret keys (data) that allow you to spent the Bitcoins. Or you could say that the ownership certificate was changed without the permission of the previous owner.

      Maybe it's a bit like if I "steal" your car by convincing the world that it is legitimately mine? Or like if I convince our circle of friends that your imaginary friend hates you now and spends all his time with me so when you tell stories about your adventures with him nobody believes you any more ;)

    14. Re:Conviction for stealing bitcoins by raymorris · · Score: 2

      Supply and demand dictates value.

      The court's 1) is supply and 2) is demand.

    15. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 0

      Crying bull on that one. That means that my precious family photos have zero value. It's the value they have to the possessor, not the value to others. My collection of digital photos on a drive, if erased maliciously, by your standards would have zero harm. The drive I'm paying for "in the cloud" is still there... in fact, from the market's perspective, the thief did me a favor by freeing up storage, thereby increasing the utility of the service. Ahem, yes, but data that _I_ value is gone, and nobody will care what the market would have paid. To test this, remote wipe 10 iPads in your organization, and then tell them you did them a favor by increasing the utility of their iPad, and that the market wouldn't have paid for the photos, so therefore there was no value destroyed, so no harm.

    16. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 0

      Bitcoins are imaginary property. Slashdot is against imaginary property. Therefore bitcoins are bad and should be copied whenever possible. After all they are just data, and data wants to be free.

    17. Re:Conviction for stealing bitcoins by oztiks · · Score: 1

      In your example, the money was stolen. The data, however, was not.

      When was the last time you visited the bank and asked them to actually show you your money?

      Last time I checked my bank balance it was via a NetBank screen, so I suppose that amount is nothing more than a database variable right?

      Wait, did I just make bank robbery legal? Hold on ...

    18. Re:Conviction for stealing bitcoins by Zemran · · Score: 1

      You can steal anything that has value if you intend to permanently deprive the owner of said property. There is no requirement in law to show a physical object, only the property has value.

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    19. Re:Conviction for stealing bitcoins by Zemran · · Score: 1

      A bit like the way that China is convincing everyone that they own Taiwan?

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    20. Re:Conviction for stealing bitcoins by brokenin2 · · Score: 1

      Zero value for criminal prosecution.. The loss of family photos would end up in civil court I believe, and could possibly bring in millions depending on "harm" determined there..

      Family photos that were stolen in a criminal case would probably have the same value any other random photo's fair market value (not much).

    21. Re:Conviction for stealing bitcoins by Anonymous Coward · · Score: 0

      You're free to copy your bitcoins as much as you want. It just won't actually get you anywhere. You're an idiot.

    22. Re:Conviction for stealing bitcoins by Gallomimia · · Score: 1

      The same can be said for any tangible good, from cars, food, baseball cards and the computer device you're touching right now, to oil, gold, and money itself. The value of a thing is exactly equal to the price someone is willing to pay you for it.

      --
      Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
    23. Re:Conviction for stealing bitcoins by peawormsworth · · Score: 1

      No precedence required. You cant steal data that does not belong to you. Almost all photographs are completely digital now... you think that somehow there is no ownership because they lack the physical quality of pictures from the past? And accessing a website using fake credentials to access someone elses account is illegal in most countries and further it specifically breaks the user agreement for site usage. This was obviously a crime and there is no need to prove whether bitcoins have dollar value or not. If caught and prosecuted, any ruling would require the bitcoins to be returned (I assume). Which would effectively return the value to the owner regardless of whether or not the courts recognize this as currency.

    24. Re:Conviction for stealing bitcoins by TsuruchiBrian · · Score: 1

      If someone discovers your bitcoin wallet private key, your bitcoins will now be stolen and are no longer available to you.

      yes you still have your bitcoin wallet private key, but now it's useless because there are no more bitcoins that can be transferred with that private key. I am not saying *all* data can be stolen. I am saying that bitcoin wallet private keys are special in that they behave like real property. They really do stop working correctly once someone else knows them, just like how your car doesn't get you places anymore once someone else has it.

  2. The most likely suspect is... by Anonymous Coward · · Score: 5, Funny

    Bitinstant's mother. She knows both her maiden name and his birthdate, probably.

    1. Re:The most likely suspect is... by Anonymous Coward · · Score: 0

      This. Whilst most will argue the true value of a bitcoin crime most are also ignoring the attack vector. This was not a drive by attack by any means. The ability to crack someones password this way can be done by only a limited number of scenarios: brute force (extremely unlikely), espionage or a criminal collection database. There may be other ways but this is what I thought of. This brings me to the database. Entering recovery passwords using even more personally identifiable information is just plain stupid and should be avoided or faked at all costs. The mere fact that the world has decided upon it necessary to collect this 'information', albeit with a fallacy of unidentifiable, is just as stupid to believe. The reliance of a backdoor as simple as this must change if we are to think even slightly about security.

  3. Nerdcoin by Anonymous Coward · · Score: -1

    DO NOT WANT!

  4. Of course no one lost any money! by Anonymous Coward · · Score: -1

    All they lost were bitcoins!

    1. Re:Of course no one lost any money! by philip.paradis · · Score: 1

      Current BTC exchange rates and trading volumes offer quite a different view.

      --
      Write failed: Broken pipe
  5. Non story by Zemran · · Score: 3, Insightful

    If a standard currency exchange was robbed for $12,000 we would not even read the story. This is a trivial crime and of little interest. It serves more as a warning rather than as a bank robbery story. I hope that those that are concerned learn from this but if this is the crime of the century in the Bitcoin world then they are doing really well.

    --
    I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    1. Re:Non story by Anonymous Coward · · Score: 2

      On the other hand, if standard banking websites were created by rube PHP coderz and buttards who can't secure their domain, it would be major news.

      Bitcoin is stil mostly underground, and therefore the community is full of incompetents, phonies, and scammers. Goes with the territory.

      captcha: superego

    2. Re:Non story by mkraft · · Score: 5, Interesting

      If a standard currency exchange was robbed for $12,000 we would not even read the story. This is a trivial crime and of little interest. It serves more as a warning rather than as a bank robbery story. I hope that those that are concerned learn from this but if this is the crime of the century in the Bitcoin world then they are doing really well.

      No, the Bitcoin crime of the century was last year when the same server was hacked twice, to a tune of several hundred thousand dollars, as mentioned in TFA. Bitcoin hacks are becoming more and more common, so it's only a matter of time before that amount is surpassed.

      Personally I don't see the point of bitcoins. I don't pay for everything in cash in the real world because it lacks the protections that other payment methods have. I don't see a reason to use a digital equivalent of cash in the online world. Bitcoins' anonymity might be it's biggest strength, but it's also it's biggest weakness.

    3. Re:Non story by ArsenneLupin · · Score: 3, Insightful
      Part of the hack was to exploit the unsecure procedures at the DNS registrar to add a new e-mail address for administering the victim's domain.

      Any other company at the same registrar could fall victim for this, even a bank! And actually many registrars are this unsecure: not so long ago, it was possible to do similar things with just a faxed request with a (faked) signature. Not even necessary to know birth town and mother maiden name.

      So, blaming this on lack of PHP (or other) coding skills of the victim is silly. Blame the insecure DNS registrar.

      What would protect a brick and mortar bank against a similar hack would not be its coding skills, but rather its notoriety: a DNS registrar would hesitate if suddenly somebody asked to add a hotmail e-mail address to a well-known bank's registry information, and would try to confirm this by phoning back the bank during business hours before doing such change.

    4. Re:Non story by Pentium100 · · Score: 2, Insightful

      I pay for everything in cash or debit card, but the card is only for convenience - my salary is wired to the bank account, so to have cash I have to go to an ATM and take it. Also, since I also buy stuff online, I have to have money in my bank account (since I can't pay an online store in cash).

      Bitcoin has some problems though. When I pay in cash, I am physically in the store, I can inspect the item etc and if the store does something wrong, I know where it is and can complain to the authorities. Online purchases are quite risky, since I am not there (maybe not even in the country where the seller is) when I pay - the seller might ship the wrong item or not ship at all and without the added protection of paypal and similar services it would be impossible to prove that the seller did something wrong or reverse the transaction.

      I do lie the anonymity though.

    5. Re:Non story by philip.paradis · · Score: 4, Informative

      There's nothing stopping you from conducting a Bitcoin transaction in person, aside from the other party needing to hold and/or be able to receive BTC as well. For the holding part, new solutions providers such as Coinbase are starting to focus on merchant gateway style solutions. Progress is being made.

      --
      Write failed: Broken pipe
    6. Re:Non story by Pentium100 · · Score: 4, Insightful

      There's nothing stopping you from conducting a Bitcoin transaction in person, aside from the other party needing to hold and/or be able to receive BTC as well.

      Yes, but if the transaction is in person, I might as well use cash. Neither me nor him would need an internet connected device to send/receive money and no need to wait for confirmations.

      One day Bitcoin may be really convenient, but right now it is too much like cash for online use and too much like a wire transfer (or paypal) for in person use.

    7. Re:Non story by philip.paradis · · Score: 1

      Please bear in mind that one of the more interesting aspects of this story is the fact that there is no standard set of currency exchanges for BTC. In fact, it's rather trivial to set one up. For well recognized exchanges, there are various actors in the market, each with varying codebases driving their infrastructure.

      This is a fairly direct example of one of the strengths of Bitcoin as a currency, and speaks volumes to the advantages that can be gained by network users who utilize as many distributed exchange mechanisms as possible. The best part of all is the fact that such endeavors are trivially implemented in simple software constructs on the part of other actors. Avoiding being tied to a very limited set of transaction authorities can be a very good thing, especially for actors who aren't sensitive to short term fluctuation in currency valuation and can leverage gains in various ways.

      Welcome to the digital currency equivalent of the "sexy side" of insurance businesses, sans a few of the standard issue problems, at least for modestly capitalized players.

      --
      Write failed: Broken pipe
    8. Re:Non story by Sam+H · · Score: 2

      Oh, so you don’t believe the Bitcoin crime of the century was pirateat40’s BS&T going away with 500,000 BTC, that are now valued at about 20 million dollars?

      --
      God, root, what is difference ?
    9. Re:Non story by philip.paradis · · Score: 3, Informative

      I think you're missing some of the benefits of BTC-based transactions. First, they're rather difficult to forge by virtue of reliance upon math for integrity verification. The same can't be said of cash, and the average man on the street would be hard pressed to discern half decent counterfeit paper currency from the real deal. While this particular example may represent a corner case for some, I happen to know two people who have been defrauded with counterfeit currency.

      Second, Internet connected devices are everywhere. It's getting rather hard to find people without basic web access via a smart-ish phone in many areas, and full fledged BTC apps are popping up for those with anything fairly modern in terms of radio handsets. I wouldn't be terribly shocked to find devices that cater to simple apps and BTC transactions popping up in developing areas in the near future either.

      With respect to waiting for confirmation, most transactions are verified on the BTC network within one hour. If you're willing to pay a small transaction fee to the network, verification can come more quickly. As a side effect of this state of affairs, you might just gain the benefit of meeting up with your transactional counterpart at a coffee house and having a tasty beverage. I call that an excuse to take a break, and welcome it.

      --
      Write failed: Broken pipe
    10. Re:Non story by TheRaven64 · · Score: 1

      Personally I don't see the point of bitcoins

      It's a very volatile market that has no regulation. Or, to put it another way, it's a completely unregulated online casino. If you can't see the market for this, you haven't been paying attention for the last few years...

      --
      I am TheRaven on Soylent News
    11. Re:Non story by TsuruchiBrian · · Score: 2

      If you are talking about credit cards, that is completely different. You still have to pay of your credit card somehow.

      If you are talking about something linked to a bank account (e.g. like a debit card), then it is similar to paying with bitcoin.

      The difference is not in how you pay but how the money is stored. If your money is stored in a US bank account, it can be taken easily be seized by anyone with enough authority. The US government freezes people's bank accounts regularly. If you bury US dollars in your back yard, the US government can just create more US dollars and devaluing your money without your consent.

      Bitcoin is like the digital version of gold. The US government can't arbitrarily decide to print more gold. Gold actually requires resources to find, and it's getting harder to find every day. There is a finite amount of gold on the earth. Unlike gold, bitcoin is easy to manage, through digital transactions.

    12. Re:Non story by Anonymous Coward · · Score: 0

      Stealing the bitcoin is the story. It's a first.

    13. Re:Non story by Anonymous Coward · · Score: 0

      They should have copyrighted the Private Key then the Feds could get involved and raid/extradite the baddies.

    14. Re:Non story by athmanb · · Score: 4, Insightful

      One hour? If "ease of use" means to have to wait a full hour for confirmation whether the purchase of your coffee went through or not I think I'd rather use cash...

    15. Re:Non story by philip.paradis · · Score: 2

      Depending of course upon the physical stage for the transaction, the verification period may indeed be a rote formality, more importantly if you've dealt with the other party to the transaction before and most importantly if you plan on dealing with that party again (which represents the very foundation of "credit" ala reputation in economic systems). Again, it's also easy to drastically accelerate the verification time by paying a small transaction fee to the network for processing it. I'd also encourage you to think in more flexible terms such as stored value purchase devices; to use a common example, Starbucks cards let you buy goods from Starbucks. The retailer can set an arbitrary minimum balance on the retail stored value account, at which point verification time means nothing. Especially coupled with additional fiscal and social rewards for utilizing such payments vehicles, the transaction verification time to load the stored value device with credits is removed as a significant factor in the relationship.

      --
      Write failed: Broken pipe
    16. Re:Non story by Anonymous Coward · · Score: -1

      You taking risks with cash too. If you had to authenticate cash it would take more than an hour.

    17. Re:Non story by Anonymous Coward · · Score: 1

      So you'd have to have a gift card ahead of time to the place you want to go... that sounds practical for every day use.

      So I'm on a trip, vacation, whatever. I get a flat tire and need to buy a replacement. I either hopefully purchased a gift card to what happens to be the closest tire shop, or I get to sit an EXTRA HOUR waiting for the transaction to process.

      Same with gas, or any other impulse buy or anything needed in a hurry.

      It's just not practical at all.

    18. Re:Non story by IamTheRealMike · · Score: 2

      Right, banking websites are only ever made by experts, no coderz or buttards there.

    19. Re:Non story by IamTheRealMike · · Score: 2, Interesting

      The DNS registrar actually spoke about this incident publicly - it turns out that there was no social engineering, BitInstant just selected dumb security questions/answers when they registered the domain name. It's poor security on BitInstants part, no more or less.

    20. Re:Non story by IamTheRealMike · · Score: 1

      The Bitcoin protocol has support for dispute mediation in it (actually, 2-of-3 signing for coins). Unfortunately the surrounding ecosystem does not exist ... the features aren't exposed via GUIs and there are no dispute mediators who support it. But probably it will come in future. Right now there doesn't seem to be much demand, many sellers have been able to build a trustworthy reputation.

    21. Re:Non story by bill_mcgonigle · · Score: 1

      Personally I don't see the point of bitcoins. I don't pay for everything in cash in the real world because it lacks the protections that other payment methods have.

      But the problems are symmetrical. If you're an American, you're using a different digital currency (USD) that lacks the cryptographic and non-inflationary benefits of Bitcoin. But, over time many groups of people have created systems to allow you to use that currency in a more safe manner than storing large anonymous bits of it yourself. For that safety and convenience, they take a cut.

      These systems will evolve too for Bitcoin, but it's true that they're not quite here yet.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    22. Re:Non story by Anonymous Coward · · Score: -1

      YOU and the rest of the ppl on this thread are idiots. How do you think your credit card wotks? Why can you overdraft or go over your balance? Because your card has been authorized, but not verified. An hour is 23-47 hours FASTER than your bank.

      Again read up on that previous comment on coinbase.

      Fools

    23. Re:Non story by Anonymous Coward · · Score: 0

      But then you have all that change in your pocket to deal with.

    24. Re:Non story by rvw · · Score: 2

      Part of the hack was to exploit the unsecure procedures at the DNS registrar to add a new e-mail address for administering the victim's domain.

      Any other company at the same registrar could fall victim for this, even a bank! And actually many registrars are this unsecure: not so long ago, it was possible to do similar things with just a faxed request with a (faked) signature. Not even necessary to know birth town and mother maiden name.

      We had this at our company last year. Someone hacked into our account at the DNS provider, changed the DNS for the mail of one domain, then used that to request a new password for our Amazon EC2 account, which had two-factor login. They called Amazon, which disabled the two-factor login, after which they could take over the Amazon account. It took us two days to gain full control back over the account, as Amazon was unable to log the out. The DNS provider didn't give any good explanation about how this was possible. Amazon said they would discuss it and change policy, but did they? I don't know.

    25. Re:Non story by brokenin2 · · Score: 1

      Bitcoin's version of confirmation means that the transaction is set in stone. It's virtually impossible to conceive of a way that the transaction could ever be undone under any circumstances.

      When you use your debit card at the store, this is not what you're doing or getting.

      If you just want to know that someone had funds available, and has sent them to you, then you will find that out in a couple of seconds.. It's still theoretically possible (but pretty darn difficult) they they could also spend those funds elsewhere, and then you don't know if you're really going to get paid in the end or not. Not the kind of effort someone is going to go through to steal a coffee.

      If you've purchased/sold a house, or maybe a car, then you probably want to hang out for a couple of confirmations.. I'd still say though that after two confirmations (somewhere from 10-20 minutes usually) you're probably pretty safe, even if you transferred a couple of million dollars.

    26. Re:Non story by DanielRavenNest · · Score: 1

      > Personally I don't see the point of bitcoins.

      That's because you are not a merchant. Credit card fraud is 3% of all credit card transactions, and usually it is the merchant who loses. Credit card processing for legitimate transactions is another couple of percent in fees. A low fee solution with no possibility of charge backs is very attractive relative to this.

    27. Re:Non story by crtreece · · Score: 1

      need an internet connected device to send/receive money

      Not exactly cash, but you can make transactions via SMS.

      --
      file: .signature not found
    28. Re:Non story by mysticalreaper · · Score: 2

      BitInstant just selected dumb security questions/answers when they registered the domain name.

      Wait, were the questions dumb, or the answers?

      Allowing your clients to select dumb, insecure questions means that you have an optionally secure registration platform, which requires your customers to be competent about security.

      To me, this kind of incedent points out the need for a more expensive, higher security registrar, who designs systems which are very hard to subvert. Till now, DNS regstrars have competed on price. This story says that security is important too, especially when control of the domain leads directly to cash money.

    29. Re:Non story by Anonymous Coward · · Score: 0

      Personally I don't see the point of bitcoins. I don't pay for everything in cash in the real world because it lacks the protections that other payment methods have. I don't see a reason to use a digital equivalent of cash in the online world. Bitcoins' anonymity might be it's biggest strength, but it's also it's biggest weakness.

      I pay cash all the time. Pretty much any purchase less than $20. I feel no reason to enrich the banks every time I pay for lunch. Small stores pay huge transaction fees.

      I agree with you about bit coin.

    30. Re:Non story by Anonymous Coward · · Score: 0

      The answers are dumb. Personally, don't give real answers to these questions.

  6. Serial numbers? by Anonymous Coward · · Score: 0

    I don't know how bitcoins work; but don't they have serial numbers? Isn't there some way for the original owners to say something like, "153545FDCEAB-35353ABD-01 is hot" and publish that to a public list?

    1. Re:Serial numbers? by lister+king+of+smeg · · Score: 1

      they don't have serial numbers because they are themselves nothing more than a number. as such they don't need globally unique identifier as they are already all unique numbers

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    2. Re:Serial numbers? by Anonymous Coward · · Score: 0

      http://www.lmgtfy.com/?q=how+do+bitcoins+work

    3. Re:Serial numbers? by icebraining · · Score: 2

      Not exactly; Bitcoins themselves don't have or are numbers, they're just an amount.

      The Bitcoin protocol is essentially a ledger. In order to take some bitcoins from an account, you need to identify where did they come from (previous transaction crediting that account).

      So, transactions have hashes, but coins themselves don't; they're just amounts that get transferred.

      --
      Dilbert RSS feed
    4. Re:Serial numbers? by IamTheRealMike · · Score: 1

      Yes, you could do that, and in fact they did. However it doesn't really help because there's no supporting infrastructure for people to download lists of tainted outputs and trigger alerts when a transaction rooted on that output shows up in your wallet, and if there was, it isn't clear what you would do about it, and even if it was, it isn't clear how you'd stop people gaming the system by claiming coins as stolen when they actually were not. But it's technically feasible.

    5. Re:Serial numbers? by DanielRavenNest · · Score: 1

      The individual accounts are numbered, in fact the number is the public part of a public-private key pair. An account has a balance which is the sum of all past incoming and outgoing transaction amounts. The amounts are in units called "bitcoins", which are recorded to 8 decimal places. Thus my account is currently 8.51336124 BTC. A transaction is a message signed with your private key (that's how you prove you have the right to make a transaction) giving the number of units to send, and the destination account number.

      All past transactions are stored in a public ledger, called the block chain. So everyone can look at past transactions for a given account, and see if their current balance is sufficient for a new transaction. If not, the transaction is rejected, by everyone. This prevents "double spending", ie spending money you don't have.

      What happened in this theft was VirWox, the exchange which was holding some coins for the victim, was convinced to send them to the thief's account. This is in fact traceable by VirWox and everyone else. You can then follow the money in later transactions wherever it goes. The tricky part is identifying the human that goes with an account number, since account numbers don't have personal information attached to them.

  7. Level Three Attack by Anonymous Coward · · Score: -1, Offtopic

    On my ranking site (Gibson Index), I rated this a Level Three Attack, but I think the submitter is wrong to say there was poor security. By all accounts, if they were any less secure, they would have lost tens of thousands more. It just happened that *one* of their exchange accounts did not have 2FA, because they weren't aware that that vendor had added support for it.

    BitInstant's full blog post has more details: http://blog.bitinstant.com/blog/2013/3/4/events-of-friday-bitinstant-back-online.html

    1. Re:Level Three Attack by Anonymous Coward · · Score: -1

      thank you for rating it as a level 3 attack.

      WTF is a level 3 and why do I care about your spergtastic rating of somebody losing their autism kroners?

  8. ... and nothing of value was lost by Anonymous Coward · · Score: 0

    See subject.

    Nothing to see here. Move along.

    1. Re:... and nothing of value was lost by Anonymous Coward · · Score: 0

      Until they do a some other nifty trick with the hijack like stealing/redirecting traffic (might even be an interesting way to DOS attack, Joe Blow's tiny company site suddenly gets traffic intended for some large social media site) or doing some really fancy spear phishing to people that didn't typo or are otherwise mislead to the fake site.

      Also if you can hijack enough DNS servers and you might also have a "nuclear option" in terms of presenting media to the public in a manner similar to the high-level spear phishing attack. Stuff like whistleblower sites are so "meh" when nobody pays attention to them, may as well put that info on a fake mainstream media frontpage. Zombies ahead folks... Zombies ahead.

      But yeah, bitcoins... Who cares?

  9. So what can you buy with bitcoins? by Seumas · · Score: 2

    I've heard a few people with bitcoins complaining about how they can't do anything with them and they're locked in. Apparently there's an online store that catalogs all the stuff you can buy all over the place, with bitcoins . . . and it looked to me like the kind of shitty collection of stuff you'd expect at a flea market. High priced low-end windows laptops and speaker wire and shampoo and shit.

    1. Re:So what can you buy with bitcoins? by maxwell+demon · · Score: 1

      You are not locked in because one of the things you can buy with bitcoins are dollars. And those dollars can then be used to buy about anything that can be bought at all.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:So what can you buy with bitcoins? by Anonymous Coward · · Score: 0

      you can buy money with them.

      also a free tip: NEVER USER MOTHERS MAIDEN NAME EVEN IF THE SITE ASKS FOR IT FOR AUTHENTICATION!!!!!!!!!!! IT'S FUCKING STUPID!!!!!!! BEYOND STUPID! USER YOUR CAR MODEL, YOUR OS NAME, YOUR FUCKING DOMAIN NAME! ANYTHING BUT !

      yelling filter blablablabla but the point is, you can buy money with it so it's worth stealing. you can also buy drugs with it - though wouldn't recommend it. you can buy hosting with it too.

    3. Re:So what can you buy with bitcoins? by Anonymous Coward · · Score: 3, Interesting

      yelling filter blablablabla but the point is,

      The point is that anyone who answers stereotypical "security" questions with factual information is a complete and utter moron.

      My mother's maiden name is Banana. My favorite color is Jupiter Capitolinus. My first car was Abraham Lincoln. Come at me, Facebook Data Scrapers.

    4. Re:So what can you buy with bitcoins? by brokenin2 · · Score: 1

      Of course posting the answers to your questions in /. isn't much better than putting them in facebook.. One could argue that it's a bit worse given the audience.

    5. Re:So what can you buy with bitcoins? by Areyoukiddingme · · Score: 1

      You didn't think those were the answers he actually uses, did you? Really?

    6. Re:So what can you buy with bitcoins? by Cro+Magnon · · Score: 1

      Which works if you're consistent. The problem is, if you don't use the question for awhile, you might forget, and tell them your mother's maiden name is Rhubarb.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  10. what, only 300 BTC ? by Janek+Kozicki · · Score: 3, Interesting

    You talk here about theft worth only 300 BTCs or 12 000$

    Well, I can only conclude that overall BTC security maybe has improved. Recall previous thefts worth of 25 000 BTC or 500 000$ (at that time) or 18 547 BTC or 87 000$ (at that time).

    Why such conclusion? Well, if those evil people started to go after such low-profile target, it *can* mean that all high profile targets have adequate security.

    --
    #
    #\ @ ? Colonize Mars
    #
    1. Re:what, only 300 BTC ? by Anonymous Coward · · Score: 0

      Or adequate obscurity for the time being.

    2. Re:what, only 300 BTC ? by wvmarle · · Score: 1

      And it being a digital currency, any way to disable the stolen coins to make them worthless? Would be interesting, especially in light of the limited number of bitcoin that can exist.

    3. Re:what, only 300 BTC ? by icebraining · · Score: 1

      The coins themselves aren't identifiable; you could refuse to process the transactions coming from the thieve's addresses, but:

      1.) Since the system is decentralized, you'd need to get all miners to agree to it (not likely).

      2.) The thieves often send some of the coins to other people's addresses, to make it harder to identify them.

      --
      Dilbert RSS feed
    4. Re:what, only 300 BTC ? by Anonymous Coward · · Score: 0

      This is an extremely stupid and dangerous notion. Who decides which coins were "stolen"? How do we prove this? Why would we *want* to prove this?

    5. Re:what, only 300 BTC ? by Janek+Kozicki · · Score: 2

      bitcoin is in much more aspects like gold, than you would initially expect.

      How would you "disable" stolen gold bars? Theoretically there are ways to mark gold using rare gold isotopes, so that even smelting will not destroy the signature. But this is not practical - it would require isotope detector at every place that trades even smallest amounts of gold.

      With bitcoin it is similar. In fact all bitcoins are already marked separately, and can be precisely tracked, but tracking only stolen ones (even if we reach an agreement how to decide if they are indeed stolen) is simply not practical - everyone using bitcoins would need to download (and update frequently) a centralized blacklist of stolen bitcoins and refuse to process them. Sounds familiar? So this approach would clearly break one of main strengths of bitcoin: decentralization.

      --
      #
      #\ @ ? Colonize Mars
      #
    6. Re:what, only 300 BTC ? by Anonymous Coward · · Score: 0

      Dear Janek Kozicki,

      I not trying to be rude, but why are you putting the United States Dollar sign at the end of the number? I am used to seeing $500,000.00 and $87,000.00. I never seen monetary amounts in the United States of America written as 500,000$. Just saying

    7. Re:what, only 300 BTC ? by Time_Ngler · · Score: 1

      The problem is that can transactions can happen faster than the information that fraud occurred. If the coins are marked hot after the thieves already traded them, then the merchants they traded with are out of luck. This would cause merchants in general to be wary of accepting bitcoins, and bring up all the same problems we have with credit cards and other financial instruments today.

  11. Very funny. by Anonymous Coward · · Score: -1

    Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000.

    Bitcoins have a number of fundamental problems, such as determining in advance there are only going to be a finite number and naming that number to begin with guarantees the currency will be worthless. The amount of currency in an economy needs to be able to increase or deflation makes the currency so valuable that it becomes impossible to buy anything, and the common people won't have any money. Imagine if today, the government required everyone to turn in their cash, and they started issuing only $10,000 bills...

    Customer: How much is that loaf of bread?

    Clerk: Two ninety five.

    Customer: The smallest thing I have is a $10,000 bill. Can you break it?

    Clerk: No. The ten-gee note is the smallest thing there is.

    Customer: So why are you open, there's nothing in the store that is anywhere near $10,000?

    Clerk: That's a good point. Get out, we're closed. Or fuck it, stay. I quit, since I'm not getting paid anyway...

    If you're having trouble understanding this, go try to buy a single piece of spaghetti. Or try to buy 1mL of plain drinking water. Instead of a box of them, try to buy one Cheerio. You can't, because in the first place, they're not for sale individually, and in the second, either would be about a tenth or a hundredth of a cent, and the smallest unit of modern American hard currency is the penny, $0.01. Bitcoins (if they were really worth anything,) would have the same problem with real-world products.

    Also, weren't Bitcoins supposed to be resistant to the problems of that... ugh... real-money? Seems they're really not, are they.

    It is a fun idea in theory, but it the real world, it's just not practical or sensible to have some random schmuck just make up his own currency, without it being exchangeable for some valuable commodity, or a service of some kind.

    It's so quaint when people pretend Bitcoins are actually worth something. Mod me down, but what I've written will still true. It's a made up, bullshit, nonexistent currency - might as well be Angelbucks or Devildollars. It's not worth shit.

    Of course you could make the same argument (and many have) about US Dollars, since they're "not based on or backed by anything," but the difference is that for starters, you can pay your tax-bill in dollars. Got a speeding ticket? Try paying that shit with Bitcoins. Just try it. Drop me a line from jail, let me know how it goes. The US dollar is coin of the realm (in the US and a few other places) and THAT'S why it's worth something, because people will accept it; you can buy stuff with them. Some countries have experienced runaway inflation where you needed a trillion units of it to buy a loaf of bread, and it has to be redenominated and re-redenominated, and it still descends into worthlessness. It can be argued that THAT currency is worthless, but shit, man, it's still legal tender in that country. Wrangle enough of them together and you can buy something. It might take a wheel-barrow full of them to buy a loaf of bread, but you can still buy a loaf of bread.

    Anyone with any brains would accept payment for a job in fucking Trident Layers (TM) before accepting Bitcoins. It's not trolling if what you say is true, anymore than it would be mean to tell Mitt Romney he's not president because too many people thought he was a rich, arrogant, fucking robotic asshole from another planet. It might not be nice, but damn it, it's the truth!

    1. Re:Very funny. by philip.paradis · · Score: 1

      BTC is divisible into smaller units. To quote the link:

      In trade, one bitcoin is subdivided into 100-million smaller units called satoshis, defined by eight decimal places.

      Your entire argument is therefore invalid. Perhaps you shouldn't have wasted so much time typing it.

      --
      Write failed: Broken pipe
    2. Re:Very funny. by Anonymous Coward · · Score: 0

      If you had studied the subject for even 10% of the time it took to write that, you would have realized the problems you describe only exist in your head.

      Bitcoin is a very cool idea. Just because it's not _exactly_ like some existing idea (like state-backed currency) does not make it stupid.

    3. Re:Very funny. by Anonymous Coward · · Score: 0

      Subdivision is irrelevant, and does not render my entire argument invalid, there are still a finite number of these things. They're still worthless, so something that is arbitrarily designated to be a 100-millionth of something that's worthless is also worthless. Your attempt to dismiss my point by making a straw-man out of one aspect of it and then pretending to knock that down, and then declaring that you've knocked down the actual point itself is sad. You shouldn't have wasted so much time typing that.

      I do love (and I'm being sarcastic here, in case anyone reading this is too slow to figure that out,) how things people disagree with get modded down on slash-shit. Doesn't matter if the point is valid, or the sentiment expressed is correct, if it's unpopular, it's made harder to read by the jackasses running the show, or their karma-whores who suck dick for points.

      Fuck this place, I'm done trying to talk to you moronic pseudo-tech-intellectuals.

    4. Re:Very funny. by Anonymous Coward · · Score: 0

      I don't have to read 10% of the bible to know it's 100% bullshit, just as I don't have to study bitcoin to know someone making up a currency is no different from someone bottling and selling snake-oil is a scam.

      This here is my famous, patented Digital Snake-oil! Guar-an-teed to cure everything that ails your personal fi-nance-es!

      Yeah, enjoy your bitcoins. Spend real money (or other valuable commodities) to obtain them. Have fun.

  12. Robbery by Anonymous Coward · · Score: 0

    Robbery is using violence or intimidation to take anothers property.

    Social Engineering plus stealing is not robbery.

  13. Every year the Internet by Anonymous Coward · · Score: 0

    gets more like a Charlie Stross novel. Sigh.

  14. what the? by Anonymous Coward · · Score: 0

    Do people really use this stuff in place of real money? I'll keep my real cash thanks... And as the world's currencies (particularly the dollar) are being intentionally devalued, I'll hang on to my precious metals.

    1. Re:what the? by Chrisq · · Score: 2

      Do people really use this stuff in place of real money? I'll keep my real cash thanks... And as the world's currencies (particularly the dollar) are being intentionally devalued, I'll hang on to my precious metals.

      Hey is that you Ebenezer Scrooge?

    2. Re:what the? by DanielRavenNest · · Score: 1

      Yes we do. And how are "dollars", which mostly exist as database entries, backed by securities which *also* exist as database entries, any more "real"?

      The bitcoin network consists of people willing to trade goods and services, and an account database that tracks balances. The database is designed to be very secure, so people are comfortable trading an item now for a balance, with the expectation they can later trade that balance for something else they want. The database itself isn't what gives the balances value, it's people's willingness to trade.

      This is the same thing which gives precious metals most of their value - willingness to trade other things for them. If it were not for that, they would only have "use value" as industrial commodities. There is nothing wrong with precious metals, in fact bitcoin was designed to be similar. It was purposely made finite in quantity and hard to find, and the process of finding new coins is called "mining" by analogy to metals.

    3. Re:what the? by brokenin2 · · Score: 1

      I got pizza delivered to the house the other night. It cost me 0.82 bitcoins. Pizza Hut got it there in about 35 minutes.

      Of course, Pizza Hut doesn't support using bitcoins directly, but there is a proxy to make it happen... pizzaforcoins.com

      Incidentally, the first well documented purchase of anything real using bitcoins was also purchasing pizza (years ago).. The purchaser spent 10,000 BTC to have 2 pizzas delivered. Later after the price of Bitcoin had shot way up, a journalist asked him if he regretted that.. He said something like "no way.. it was *REALLY* good pizza" (that he spent the then equivalent of $300,000 on).

       

  15. Stengthen your security. by MrL0G1C · · Score: 4, Insightful

    Mothers maiden name: 9zimu8sj4q99uf
    Place of birth: wj9awitkj4girc

    If you use real details, you're a fool.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    1. Re:Stengthen your security. by Dan541 · · Score: 1

      I've always wondered if putting "Don't you fucking dare reset that password" as a secret question.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    2. Re:Stengthen your security. by Anonymous Coward · · Score: 0

      care to finish your thought.... ?

    3. Re:Stengthen your security. by bill_mcgonigle · · Score: 1

      and the LastPass browser extension makes this fairly trivial to implement.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:Stengthen your security. by Anonymous Coward · · Score: 0

      My (dead) daddy and mama was so nasty and evil to me that I use an alias for her maiden name and changed my last name.

  16. whut you say by hraponssi · · Score: 1

    what actually happens in this type of incident? from what i read, the bitcoin is supposed to be tied to your secret keys and whatnot. so what do they actually steal from the "broker"?

    1. Re:whut you say by Anonymous Coward · · Score: 0

      what do they actually steal from the "broker"

      Those secret keys and whatnot.

    2. Re:whut you say by hraponssi · · Score: 1

      thanks for the info. so when the article says

      "With control of the DNS, the bad guys also had control over Bitinstant’s email. They then did an online password reset at a Bitcoin exchange called VirWox and started emptying Bitinstant’s account. The total haul: $12,480"

      does that mean you use the exchange to store your keys, which are associated to some set of transactions, and the bad people got the keys that enabled them to grab the loot in terms of using some chain of hashing or what? so what was stolen was the keys, which enabled use of the coins?

      yeah, i am just generally clueless, thanks.

    3. Re:whut you say by Anonymous Coward · · Score: 0

      The keys aren't involved. The exchange has a pool of coins on its own keys, which are controlled by the exchange website interface. The hackers went into the website posing as BitInstant and instructed the exchange to sign coins to the hackers account.

  17. crime doesn't pay by PopeRatzo · · Score: 4, Funny

    One of the thieves was later seen at the racetrack, trying to put down 1024 bitcoins on a horse in the third race.

    He was apprehended and later sentenced to 10 years of ridicule without possibility of parole.

    --
    You are welcome on my lawn.
  18. Poor security from everyone? by Fnord666 · · Score: 1

    This looks like poor security from everyone involved.

    This is perhaps arguable in the case of VirWox, the exchange used to move the money out of the account. According to the article, VirWox has offered two factor authentication since September of last year. The fact that BitInstant didn't use it allowed the attackers to succeed with the heist. I say arguable because two factor authentication should probably be mandatory for anything that involves monetary transactions.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    1. Re:Poor security from everyone? by peawormsworth · · Score: 1

      Two factor authentication is useless in its current state. The whole question/answer is pointless and only used by banks and other sites to meet buzz word "two factor authentication". The only protection this offers is against a site wide attack against a large set of user accounts at once. But it is absolutely no trouble at all to gather the simple information needed to answer all the typical questions asked in two factor authentication.

      In response, some users will put in false answers to the questions asked. For example, it will ask for your home town, and they put in their pets name or something similar. This is totally useless as it provides absolutely no greater defense against simply attaching the two words and using them both in a single login password. So two factor authentication should never be two things inside your head. A password, plus an answer to a personal question is not two factor authentication, and yet, that is what most sites use and believe is enough to strengthen your account.

      Two factor should be your passphrase + a long random value that you are responsible for storing on your PC or anywhere else you feel safe keeping it. Some people think this is not safe, but it is much safer, because even if the file is stolen from your PC drive, they are no further in getting into your accounts as they will still need the passphrase in your head. Also, a random passphrase can be changed often, it could even be automated by using something similar to how firefox stores login passwords encrypted on your system under a master passphrase.

      I actually set up the above in a test environment and was able to create this two factor authentication where firefox holds the long random password inside the saved passwords sections of the browser, encrypted under a master passphrase. It works really well and all the client has to do is tell firefox to store the password on initial signup. Firefox provides a secure way to move saved passwords between various devices like PC's cellphones and tablets. It works really well. This would be far better then the current system most sites call "two factor" authentication.

    2. Re:Poor security from everyone? by peawormsworth · · Score: 1

      I just wanted to add that this test solution I made only works under firefox. Both Chrome and IE fail because they do not provide a safe mechanism for storing login credentials. They also do not provide a strong encrypted and private way of transferring login credentials between various PCs and other devices. Only firefox is strong enough to store your login credentials without potential comprimise. Chrome and IE (and Safari, etc) are weak browsers that should not be used for things like login into banks, financial services or anything else where hacking would risk your personal assets.

      This is a shout out to Google: fix your browser by installing a master passphrase to protect login credentials... also encrypt my data when transferring between devices. I do not think it is worth the small profit you make for selling my information in this area, because it puts my assest at risk.

  19. Pretend you're Orson Welles, put his mother's maid by raymorris · · Score: 1

    One way of doing it is to use somebody else's info for password reset so you can remember what you entered. Maybe you pick John Kennedy. You'd enter Kennedy's mother's maiden name, Kennedy's dog's name, etc. That way anyone impersonating you by entering your data doesn't get in, but you don't have to remember nonsense answers.

  20. That's only... by WhackAttack · · Score: 1

    Believe it or not that was only approximately 266 bitcoins.

    1. Re:That's only... by peawormsworth · · Score: 1

      266 bitcoins? Wow, that would cost at least 12,000 dollars to replace them.

      It really doesnt matter how many bitcoins it is or is not. The important aspect is how much value they retain. At the moment it would take a fair amount of money to replace it. Thats like saying: believe it or not, thats only 8 oz of gold. But the quantity means nothing until you try to sell or buy it. So in fact its the dollar value and not the quantity of goods that is significant.

      But I do hear what you are saying... bitcoins are on the rise and still rising.

      It would be interesting if some day in the future a news report says: "its estimated the disaster will cost the city 50,000 bitcoins to repair the damages" and dollars are totally left out of the equivelence equation. For now... most people relate to the dollar and that is what we use to estimate the value of something.

      One last point: its not just 266 bitcoins. It is in fact 266.00000000 bitcoins. I dont know what the small bit of a bitcoin is called, but maybe you could say that 26.6 trillion deca-nano bitcoins were stolen.

    2. Re:That's only... by WhackAttack · · Score: 1

      My point of posting that was to show how much bitcoins are worth. Of course the "important aspect" is how much value they retain, how do you think I came up with 266 BTC?! And of course BTC value is on the rise, with bitcoins being harder to mine everyday, with that 21,000,000 bitcoins upward limit. If it were " 26.6 trillion deca-nano" bitcoins stolen, I'd say that right?! But no, I said 266 with the presumed decimal point after the second "6", that everyone else seemed to understand. I also said "approximately" because the value is not exact, and this number changes every second of every hour of every day, etc, etc. Your post was absolutely pointless and you shouldn't have even bothered posting it, you typing it and me replying to it is just a waste of time for the both of us, no offense...

  21. what about MMO games where you can take stuff form by Joe_Dragon · · Score: 1

    what about MMO games where you can take stuff form others as part of game play and let's say there are 3rd party sellers in game that lets you buy stuff with cash and also sell stuff for cash?

    How will the courts look at that?

    Some one can say Bitcoin is a game with real cash stores as part of it.

  22. Not my problem! by Anonymous Coward · · Score: 0

    This is not a problem of Bitcoin, but of the site that got robbed. They should increase their security! Begin using Bitcoins here - http://thebitcoinmaster.blogspot.com

  23. It's a bit of a strawman... by denzacar · · Score: 3, Insightful

    It is not the data that is being stolen. Data is just bits and bytes, kilobytes etc. of ones and zeroes.

    What APPEARS AS being stolen is the information encoded within the data.
    What is actually happening is UNAUTHORIZED ACCESS. Possibly unauthorized dissemination of information, revealing of trade and other secrets etc. IF the information is relayed to a third party.

    It helps if you think of it as a case of early 20th century spying.
    A spy intercepts and reads an enciphered radio transmission - he has the data but no information. Information gets to its intended recipient, clearly not stolen.

    A spy deciphers the transmission - he has access to what he was actually after. The information.
    Information still gets to its intended recipient, still not stolen, BUT - the spy above has also had access to information.

    So far, all that the spy is guilty of is unauthorized access.
    If and when he delivers the information to the third party, then he is guilty of various other things. None of them being stealing.

    You can absolutely steal data. If you steal someone's debit card and buy a bunch of stuff with it, you have stolen data that allowed you to gain access to their bank account. Someone else ends up losing the stolen dollars you used.

    That is not stealing data.
    That is stealing a physical object, a debit card, THEN using it without authorization to gain access to the bank account, THEN stealing the money from the account.
    No data was stolen. No, not even when the money was stolen in the end.
    Data on the card was USED to access the bank account but it was not stolen - the CARD was stolen. And the money.

    Same way you are not stealing the position of the teeth on a key used to open a safe - you are stealing a key.

    Now, making a copy of the card or key - that's unauthorized copying OR just making a copy.
    When you bring a "borrowed" key to a key copying store, the employee is not copying a key without authorization. He is just making a copy.
    YOU are doing the unauthorized copying, but only if there is a specific rule prohibiting access to that key or making copies of it.

    Same with the card.
    Making a copy is unauthorized copying, accessing the account is unauthorized access, stealing money is stealing - but the card or the data were not stolen.
    Money was.

    --
    Mit der Dummheit kämpfen Götter selbst vergebens
    1. Re:It's a bit of a strawman... by brokenin2 · · Score: 1

      ...but the money *is* data.. USD or BTC.. the money is just data.

    2. Re:It's a bit of a strawman... by TsuruchiBrian · · Score: 1

      If you are going to take things that literally, I would say that buying things with a stolen debit card number is not even stealing. There is no physical money exchanging hands at all. It's all just bits on a server somewhere being manipulated.

    3. Re:It's a bit of a strawman... by Anonymous Coward · · Score: 0

      And that's why the use of a stolen card number is called fraud instead.

  24. This just in... by Jawnn · · Score: 1

    Amateur bankers hustled by trivial attack. Film at eleven.

  25. Re:what about MMO games where you can take stuff f by Anonymous Coward · · Score: 0

    what about MMO games where you can take stuff form others as part of game play and let's say there are 3rd party sellers in game that lets you buy stuff with cash and also sell stuff for cash?

    How will the courts look at that?

    Some one can say Bitcoin is a game with real cash stores as part of it.

    MMO developers are adamant about retaining ownership any and all digital items in their game - you don't own the "Sword of Dragon-slaying Greatness" (or whatever..) you just have a license to access it. Selling an item that you don't own is iffy.

  26. Re:what about MMO games where you can take stuff f by Joe_Dragon · · Score: 1

    some games do have a in game store that they get a cut of the sales.

    Now just saying a game maker can have all kinds of stuff in it but then what happens when that mixes with real laws out side of the game??

    Let's say hacking is part of the game but let's just say the game makes messed up and you can get into people real data or a in game hack ends up taking down a sever.

  27. Re:Pretend you're Orson Welles, put his mother's m by Time_Ngler · · Score: 1

    But if you use the same person's data for every site you still have the problem of a hacker being able to use the information from one of the sites to get into all of the others.

  28. Re:You can buy anything by DanielRavenNest · · Score: 1

    You can shop for anything online using http://bitspend.net/

    Amazon, newegg, ebay, department stores, etc.

    You can get a US Dollar-denominated Mastercard debit card from http://www.okpay.com/en/services/accept-payments/index.html

    and fund it with bitcoins.

  29. No. Money is information. by denzacar · · Score: 1

    Examples of data would be: 5, $, B, T, C. Meaningless values. 5 of what? How much IS 5? What does $ signify? Or B?

    Examples of information would be: $5, BTC5 - data encoded with meaning. 5 dollars. 5 BitCoins.

    KNOWING which one of those is worth more would be knowledge.

    Wisdom would be using that knowledge to achieve something. Some form of advantage or additional value.
    http://en.wikipedia.org/wiki/DIKW_Pyramid

    --
    Mit der Dummheit kämpfen Götter selbst vergebens