Slashdot Mirror
DNS Hijack Leads To Bitcoin Heist
First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."
Bitinstant's mother. She knows both her maiden name and his birthdate, probably.
I do not think that any court or official government body recognizes your television as being a legitimate currency but I can be prosecuted for stealing it. If it has value to the owner, it can be stolen.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Lamps, dog food, and records aren't currency, but if someone broke in your house stole them from you it would still be a crime.
You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
If a standard currency exchange was robbed for $12,000 we would not even read the story. This is a trivial crime and of little interest. It serves more as a warning rather than as a bank robbery story. I hope that those that are concerned learn from this but if this is the crime of the century in the Bitcoin world then they are doing really well.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
You talk here about theft worth only 300 BTCs or 12 000$
Well, I can only conclude that overall BTC security maybe has improved. Recall previous thefts worth of 25 000 BTC or 500 000$ (at that time) or 18 547 BTC or 87 000$ (at that time).
Why such conclusion? Well, if those evil people started to go after such low-profile target, it *can* mean that all high profile targets have adequate security.
#
#\ @ ? Colonize Mars
#
It's wire fraud. Nobody needs to recognize the currency to prosecute for that.
Michael J. Ryan - tracker1.info
yelling filter blablablabla but the point is,
The point is that anyone who answers stereotypical "security" questions with factual information is a complete and utter moron.
My mother's maiden name is Banana. My favorite color is Jupiter Capitolinus. My first car was Abraham Lincoln. Come at me, Facebook Data Scrapers.
The court ruled that:
*) Virtual items have value in virtual of the effort and time invested in obtaining them
*) The value in Virtual items is recognised by those that play the game (including the defendents who went to the trouble to take them)
*) The Virtual items were under the exclusive control of the player – who was relieved of this control
The court made reference to cases of electricity theft which is a similar intangible good but certainly has properties of power and control, and consequently can be stolen.
http://www.virtualpolicy.net/runescape-theft-dutch-supreme-court-decision.html
it's in my head
bitcoins aren't data per se. A person's private key for their bitcoin wallet that is used to transfer ownership of bitcoins is data. It's just a long number. The proof of work used to establish a bitcoin is data. The transaction history of each bitcoin is data.
A bitcoin is more than just the data underlying it. There are may thousands of copies of each bitcoin, but at any given time only one person has the authority to transfer a bitcoin to someone else.
A bitcoin itself cannot be copied. To copy a bitcoin would mean copying it's ability to be spent (allowing it to be spent twice). This would ruin any currency. And much of the design of bitcoin is prevention of double spending.
This is similar to how xeroxing your bank statement doesn't double the amount of money you have in the bank.
Mothers maiden name: 9zimu8sj4q99uf
Place of birth: wj9awitkj4girc
If you use real details, you're a fool.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
I think the court got it wrong, The value inherent in virtual goods is in the price that people are willing to pay for them or would be willing were they on the market. Supply and demand dictates value.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
One of the thieves was later seen at the racetrack, trying to put down 1024 bitcoins on a horse in the third race.
He was apprehended and later sentenced to 10 years of ridicule without possibility of parole.
You are welcome on my lawn.
It is not the data that is being stolen. Data is just bits and bytes, kilobytes etc. of ones and zeroes.
What APPEARS AS being stolen is the information encoded within the data.
What is actually happening is UNAUTHORIZED ACCESS. Possibly unauthorized dissemination of information, revealing of trade and other secrets etc. IF the information is relayed to a third party.
It helps if you think of it as a case of early 20th century spying.
A spy intercepts and reads an enciphered radio transmission - he has the data but no information. Information gets to its intended recipient, clearly not stolen.
A spy deciphers the transmission - he has access to what he was actually after. The information.
Information still gets to its intended recipient, still not stolen, BUT - the spy above has also had access to information.
So far, all that the spy is guilty of is unauthorized access.
If and when he delivers the information to the third party, then he is guilty of various other things. None of them being stealing.
You can absolutely steal data. If you steal someone's debit card and buy a bunch of stuff with it, you have stolen data that allowed you to gain access to their bank account. Someone else ends up losing the stolen dollars you used.
That is not stealing data.
That is stealing a physical object, a debit card, THEN using it without authorization to gain access to the bank account, THEN stealing the money from the account.
No data was stolen. No, not even when the money was stolen in the end.
Data on the card was USED to access the bank account but it was not stolen - the CARD was stolen. And the money.
Same way you are not stealing the position of the teeth on a key used to open a safe - you are stealing a key.
Now, making a copy of the card or key - that's unauthorized copying OR just making a copy.
When you bring a "borrowed" key to a key copying store, the employee is not copying a key without authorization. He is just making a copy.
YOU are doing the unauthorized copying, but only if there is a specific rule prohibiting access to that key or making copies of it.
Same with the card.
Making a copy is unauthorized copying, accessing the account is unauthorized access, stealing money is stealing - but the card or the data were not stolen.
Money was.
Mit der Dummheit kämpfen Götter selbst vergebens