Slashdot Mirror
Is Coinbase Closing Accounts For Paying Ransoms With Bitcoins? (coindesk.com)
Even as some comparnies are stockpiling bitcoins so they can quickly pay ransom demands, security firms that try paying those ransoms may face losing their accounts on Coinbase. Slashdot reader Mosquito Bites quotes a report from CoinDesk:
Less than a year ago, Vinny Troia, CEO and principal security consultant of Night Lion Security and a certified white hat hacker, was sent a compliance form by US bitcoin exchange Coinbase, where he had an account. Coinbase wanted to know how Troia was using bitcoin and his account. "I told them I run a security firm. I pay for ransoms and buy documents on the dark web when clients request it," Troia told CoinDesk. The ransoms Troia helps his clients pay are those stemming from ransomware attacks, which have surged in number over the past few years. Many, like the well-publicized WannaCry attack, are asking for bitcoin.
And the documents? Troia said, "We do breach investigations a lot of times. If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents." According to Troia, Coinbase "did not like that at all." Coinbase then asked the IT expert whether he had a letter from the Department of Justice giving him permission to do those things. No, Troia said. Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this," he said. Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account... "My entire family is blocked from Coinbase," he said.
And the documents? Troia said, "We do breach investigations a lot of times. If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents." According to Troia, Coinbase "did not like that at all." Coinbase then asked the IT expert whether he had a letter from the Department of Justice giving him permission to do those things. No, Troia said. Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this," he said. Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account... "My entire family is blocked from Coinbase," he said.
Vote with your feet. There are other exchanges.
Good.
It's because asshole pricks like your clients buy bitcoins, pay the ransom, then go complaining to their bank or credit card provider that the payment was unauthorised or a result of blackmail, and try to do a chargeback against the innocent bitcoin merchant. Or gets them locked out of their accounts while being investigated for fraud.
So you can just fuck off and buy your bitcoins somewhere else.
Anyone?
Bueller?
Quagmire?
E-money?
Fake news?
The TRUMP douchebag?
Van self-drive maniacs?
When will it stop?
Why do liberals apologize for Islam while simultaneously hating all other religions? Why does Islam always get a pass?
Why do lefties love Islam?
Please explain (I don't think you can):...........
Security companies should not be allowed to act as front companies for cybercriminals anymore than they should be allowed to assassinate people for pay. Let's hope there's a criminal investigation as well. Perhaps this one was even directly involved in the original crimes, not only encouraging them...
Download Bitcoin Core and use it for all transactions. Never involve a third party. That was the whole point of Bitcoin.
As discussed here Cyber extortion - legality of ransom payments and the approach of businesses and insurers it shows under international law, cyber extortion payments arent illegal unless they are terrorism related.
I dont believe Coinbase should be denying access to legitimate funds, that arent terrorism related, unless they want to get regulated... this would be the first step to ruining their little monopoly.
It's not a typo if you understood the meaning!
Looks like I am changing my wallet provider.
Bitcoin was created so that people could anonymously commit crimes. Fuck the police!
This just prove not all Bitcoin exchanges are created to be equal. Put a bias human judgement and you got this problem.
comparnies... excellent!
Dear Slashdot, I would like some "covfefe" with that.
Bitcoin becomes more restrictive than the traditional banks
Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account.
That seems reasonable. Coinbase is an american company. There are laws against financing or facilitating the financing of terrorist and/or criminal activities.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
a "security" expert that owns a "security" company should know better than to respond to "form", one not required by any federal law or regulation, asking questions from the exchange. don't hire them, folks. they don't know shit from rainbows.
and the "news site" linked to in tfs is partially owned by that same exchange.. so is hardly unbiased. "Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Coinbase." -- not even any actual copies of the "compliance form" or email exchanges between them and their (former?) client -- ya know, things a "real" news outlet would publish to back their story.
It's a good thing that you own your bitcoin wallet so you can just go wherever.
Isn't it usually that you either hire security firm to prevent blackmailing or pay the ransom, not both?
>> The ransoms Troia helps his clients pay are those stemming from ransomware attacks, which have surged in number over the past few years.
Well, duh. Maybe if they didn't make it a successful business model in the first place, it would go away.
I'm thinking what those companies actually need to spend their money on is better backup solutions.
That Coibase is asking for "a letter from the DoJ" seems very strange; especially if this isn't actually obtainable. If I was running a security company that ran into such a requirement, I would immediately engage my legal council...especially if Coinbase closing my accounts actually cost me "real world loss" in the form of me loosing access to my bitcoin wallet stored on their system. Requirements that are impossible to fulfill might constitute fraud, especially if there is a demonstrable "loss of income" due to Coinbase's activities from Troia's (currently) legal activities. Right now, there has only been a (A HREF="https://coincenter.org/entry/it-should-not-be-a-crime-to-help-victims-of-ransomware">single court case in the New York southern district court that has touched on the idea that paying ransom with bitcoin violates 18 U.S.C. 1960.
The irony of this is that the FBI itself has no good answer to ransomware and has even themselves recommended that people pay the ransoms: http://www.businessinsider.com...
Yet the same government regulations make it nearly impossible for Coinbase to let people use their Bitcoin like that, ironically forcing people to unregulated or dark markets to buy Bitcoin.
You don't need an account to buy, have, and sell Bitcoins.
Personally I don't agree that the whole "KYC/AML" CYA BS does any good and I'm certain it does a lot of harm. But everyone habitually dealing with bitcoin knows that dick pix are a requirement of doing any business with any exchange, moreso the 'merkin ones. They are required by law to, well, police and rat out their own customers. And since just like banks who do the same, they're commercial entities, they'll do the cheapest most shoddy job that doesn't lose them too much money but buys them the proof they're getting rid of any and all badness, real or suspected.
So that's what's happened to this guy. And by his own admission, this guy is shady as fuck, complete with certificate of shadity*. So I have no idea what he's complaining about, except insofar he's disagreeing with the "KYC/AML" CYA BS. But he's not even doing that. He's just trying to tell us he's so cool that he's undeserving of getting booted. Well, no, he's not undeserving. It's exactly what he was shooting for, even if he didn't know it.
* "Call yourself a 'hacker', lose your fourth amendment rights", says US judge. This guy claims to be certified 'hacker', so might as well report at the jail right away. See how this works, security industry s'kiddies? Words have power, and you have forged the power of "hacker" to be a weapon against you and a bunch of better people besides. Congratulations. It's your main contribution to make a difference. Thanks so much.
This is an interesting pattern (which often becomes also an antipattern) which I like to call "deregulated regulation": private enterprise takes over things which used to be done by the executive and (hopefully) double-checked by courts.
You find many examples out there, like DMCA takedown, firmware lockdown in WIFI devices, "censorship" by dominant platforms (technically not censorship, but when a platform has near-monopoly position, well... tough luck), ISP "blocking" of "pirates", yadda, yadda.
As the "anorectic state" becomes more and more fashionable, we'll see more of that. Watch, e.g. the German justice minister telling Facebook to suppress "hate speech". Now I don't like hate speech. I'm even of the position that free speech isn't absolute and that each society has to find some kind of balance, which will always be a difficult process. But outsourcing that to a private company, with all their conflicts of interests and that? And this in halfway democratic societies, which have taken so long (and so much blood, sweat and tears -- excuse my dramatic language) to find out about democracy, state of right, separation of powers, checks & balances?
I don't think that's a good idea.
There are, AFAIK, only two exchanges that 1) mind your privacy, 2) are out of reach of U.S. gov, and 3) comply with regulations for financial institutes, and that's Paymium and Bitstamp in the EU.
Use Coinbase and you risk losing your Bitcoin and your personal detaisl to the U.S. gov.
had a hair transplant.
Casey Neistat did a review of "American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road" by Nick Bilton. I haven't read it yet but looks like a good read.
https://youtu.be/7-nzTfv5IZY?t=88
Okay, but why would it be just the Los Angeles branch closing these accounts?
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Why the hell are people paying the ransoms in the first place? This is just encouraging more people to make these types of viruses. Make fucking backups of your shit, fire the moron that unleashed the virus in your network, restore from backup, and carry on with life.
If only there was a way to conduct financial transactions beyond the reach of 3rd-party interference!
Remember the question about documents from the dark web? Those are criminal acts and now informed, coinbase would be facilitating it.
why are you sending funds directly from your coinbase wallet? and you say you work for a security company? noob!
Account was shut down because he was buying personal information & stolen documents online using bitcoin.
From TFA: "If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents."
That is illegal. That is why his account was shut down.
performing illegal actions will get you banned. Got it.
Why would you answer such a letter? Why would you need to? Why volunteer anything?
If you feel you need to respond, a better reply is "I use my account to settle confidential transactions on behalf of my clients." They want to know more? Screw them.
Unless their TOS specifically entitle them to detailed information on their users business dealings (if they do, it would amaze me that they have any customers at all), you're not obligated to give them information. Particularly not when it seems clear you're being accused of having done something wrong.
Maybe offer them a gift? Like any good Troian would..
We know the government is dangerous because they've got the biggest guns but what about corporations? We've seen Facebook deciding what you can say (real name policy, Compulsory Facebook email) plus actual censorship result in alarming control over someone's online existence. The current situation of a few corporations making the internet work, means one can easily be ostracized. What if PayPal (there are PayPal-only shops) or VISA/MasterCard decided you couldn't shop online? What if all supermarkets decided to close your online accounts?
How quickly should someone be blacklisted be they might be supporting, enabling or inciting a crime? We've faced similar questions over trolls and SJW on Twitter and Reddit: But Twitter and Reddit aren't essential like banking or grocery shopping. Twitter refusing to spread hate speech causes no damage unlike PayPal deciding someone can't pay their bills.
Reasons like this is why I stopped keeping money in paypal and will not even consider places like Coinbase. I now just pay a little extra and have gift cards converted to bitcoin. No need to set up accounts attached to my social and information. Just do that. Sure it's a little bit more of a hassle to convert funds but you do stay anonymous if you take certain precautions.
>
> quotes a report from CoinDesk
>
Did I miss something?
In some jurisdictions it is illegal to knowingly do business with criminals... By giving criminals money you are encouraging further crime by demonstrating that crime does pay, and many police forces will come down pretty hard on this.
Obtaining documents that you believe may have been illegally obtained from your clients is also questionably legal, you are collecting evidence which is the job of law enforcement, and there is also the chance that those aren't your clients documents and your obtaining something totally illegal.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Coinbase is a bully just like the cybercriminals. Keeping all those confiscated Bitcoins to themselves.
what goods a currency if you cant spend it how you want. "just as good as cash" my ass... no one take my wallet away because they dont like what I am spending my money on... kinda defeats the whole point of currency.
Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this,"
So, if I understand it correctly, this security researcher thinks that having a third party authorize you to do illegal things on their behalf suddenly makes them legal. Makes total sense, I predict there'll be a boom of "hooker agents" who can be authorized to pay the hooker on behalf of the john, making the whole operation fully legal per Troia.
The real motive by Coinbase is probably a fear that they'll be accused of helping facilitate criminal activity.
I really do not understand this. I've never heard of a bank closing someone's account because they used the money in it to pay a ransom. Surely if there is no danger to the bank from facilitating payment of a ransom in fiat currency why would there be any danger to Coinbase for doing the same in Bitcoin? The people committing the crime here are those extorting the ransom, not those who pay it whatever your position may be on paying ransoms.
Cancelling ransomware payouts, pffbt of course, I ran into the same problem when I tried paying for drugs with my coinbase account.. they're so touchy! jeez, no illicit substances, no shady malware authors, what the fuck coinbase.
640k ought to be enough for anyone.
Not closing accounts that pay WITH bitcoin, but close the accounts that the payments are going TO. How 'bout that legal accounting idea? Otherwise you're hurting the victim.
Don't use Coinbase. Ever. When they dry up, they'll have nobody to blame but themselves and their ignorance.
The first prohibited use in their terms of use
Unlawful Activity: Activity which would violate, or assist in violation of, any law, statute, ordinance, or regulation, sanctions programs administered in the countries where Coinbase conducts business, including but not limited to the U.S. Department of Treasury's Office of Foreign Assets Control ("OFAC"), or which would involve proceeds of any unlawful activity; publish, distribute or disseminate any unlawful material or information
Paying someone to obtain stolen goods is illegal in many places.
The user didn't have authority from DoJ to recover stolen goods on someone else's behalf.
If you see someone with your stolen stuff, you tell the police. You don't pay some random guy to do your dirty work.
Repo agents, etc, are authorised by the government to do their work.
Buying stolen goods from someone that you know are stolen is illegal.
This asshole should be in prison! You DO NOT pay ransoms. It should be against federal law to pay ransoms like this. You're supporting terrorists, drug dealers, and at the very least, criminal groups overseas. That in itself is illegal so why not extrapolate it to making paying ransoms illegal. Every single ransom this asshole pays encourages more people to do the same thing because it makes money. This idiot needs to be stopped.
So many typos in this post, one can only assume the monkeys with typewriters did this.