$12,000 in Bitcoin Stolen

[Renegade]

Interesting little article on how some thieves social engineered themselves into stealing $12k in bitcoins:

http://www.wired.com...12000-bitcoin-heist/

The criminals were able to take control of Bitinstant’s internet domains by convincing its domain registrar, Site5, to hand over control of the company’s Domain Name Service, or DNS. “Armed with knowledge of my place of birth and mother’s maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login,” the company said Monday in a blog post detailing the incident.

It has nothing to do with Bitcoin security, but does show that social engineering still works.

[40hz]

It also shows that, despite many people's romantic fascination with "alternate currencies," unless you have an established government standing behind your monetary system, it's little more than an interesting social experiment so far.

Your currency is only as good as the reputation and strength of whatever is backing it. As many 'revolutionary' governments discovered the hard way when they first came into power. And it's only as 'safe' as your ability to protect it.

[Renegade]

It also shows that, despite many people's romantic fascination with "alternate currencies," unless you have an established government standing behind your monetary system, it's little more than an interesting social experiment so far.

Your currency is only as good as the reputation and strength of whatever is backing it. As many 'revolutionary' governments discovered the hard way when they first came into power. And it's only as 'safe' as your ability to protect it.

-40hz (March 08, 2013, 08:22 AM)

The hack had ZERO to do with Bitcoin. The exact same tactics could be used to steal from your Paypal account or anything. It only illustrates that social engineering is still the bread & butter of cyber crime.

e.g. I use the same kinds of tactics used by Rand to mine public data on 40hz. I hijack 40hz.com DNS, then well, game over. Same exact deal.

Lesson learned? Never let anyone know your mother's maiden name, and always tell everyone that you're a simple orphan bastard.

As for Bitcoin, you might want to look at it again. What you think you know may be out of date.

It also shows that, despite many people's romantic fascination with "alternate currencies," unless you have an established government standing behind your monetary system, it's little more than an interesting social experiment so far.

-40hz (March 08, 2013, 08:22 AM)

This is quite wrong. However, the Basement is the proper place for that discussion. (Sorry. )

Your currency is only as good as the reputation and strength of whatever is backing it.

-40hz (March 08, 2013, 08:22 AM)

Reputations can be ruined in a day.

The strength is the only thing that matters. But I have a feeling that we're not going to agree on what constitutes "strength" for a currency. The other thing is that any discussion there will quickly get us sent to the Basement. I've got a feeling that monetary policy and all that won't sit well with a lot of people. That whole cognitive dissonance thing and all. So - I'll drop it and keep to the social engineering stuff as that's plenty fun anyways~!

[40hz]

at the risk of the basement, exactly who do you call - and more importantly WHO will be willing to open an investigation.

AFAIK something like this would generally be handled under civil rather than criminal law unless you could interest a prosecutor in basing a case around some sort of cybercrime.

Good luck. you can't even get the cops interested in looking into major data security breeches. So when it comes to something like bitcoins, I don't think that will gain much traction with the police.

Not saying it's right. Just saying how it usually works. At least where I live.  

[Renegade]

at the risk of the basement, exactly who do you call - and more importantly WHO will be willing to open an investigation.

AFAIK something like this would generally be handled under civil rather than criminal law unless you could interest a prosecutor in basing a case around some sort of cybercrime.

Good luck. you can't even get the cops interested in looking into major data security breeches. So when it comes to something like bitcoins, I don't think that will gain much traction with the police.

Not saying it's right. Just saying how it usually works. At least where I live. 

-40hz (March 08, 2013, 12:51 PM)

True enough. Though I'm not sure that I'd say it's civil as it is still theft. But, that doesn't affect how law enforcement treats/mistreats the issue, which is the real question.

[Tinman57]

at the risk of the basement, exactly who do you call - and more importantly WHO will be willing to open an investigation.

AFAIK something like this would generally be handled under civil rather than criminal law unless you could interest a prosecutor in basing a case around some sort of cybercrime.

Good luck. you can't even get the cops interested in looking into major data security breeches. So when it comes to something like bitcoins, I don't think that will gain much traction with the police.

Not saying it's right. Just saying how it usually works. At least where I live. 

-40hz (March 08, 2013, 12:51 PM)

  In the U.S., if there is actual theft of anything of monetary value over the internet, it will be investigated by law enforcement.  I think you would have to file with your state's Attorney General or the FBI, or even the Federal Trade Center website for complaints.  I've read about it in the past, but fortunately have never had to file....

[40hz]

^From my experience, it doesn't happen very often in practice. Law enforcement will usually let you file the complaint. But unless you can document an actual quantifiable and substantial financial loss, it just stops there. And forget the FBI. Unless you're a financial institution or defense contractor - or you have a provable financial loss up in the millions.

What mostly happens is the information you provide gets filed. If your issue is part of a larger pattern, something may eventually happen. But if it's a smaller "one off" sort of crime they seldom open an active investigation.  At least from my experience.

Probably all depends on where you live, how busy the police are, and how interested they become in what's happened to you.

[Tinman57]

^From my experience, it doesn't happen very often in practice. Law enforcement will usually let you file the complaint. But unless you can document an actual quantifiable and substantial financial loss, it just stops there. And forget the FBI. Unless you're a financial institution or defense contractor - or you have a provable financial loss up in the millions.

What mostly happens is the information you provide gets filed. If your issue is part of a larger pattern, something may eventually happen. But if it's a smaller "one off" sort of crime they seldom open an active investigation.  At least from my experience.

Probably all depends on where you live, how busy the police are, and how interested they become in what's happened to you.

-40hz (March 08, 2013, 09:27 PM)

  If it's over a certain amount, something like $1500 - $2000 (or whatever), then it's a felony offense and the FBI will investigate.  Anything lower then the others get involved.  Or that's how it worked years ago when I read about all that stuff.  Now days there's no telling how much has to be stolen before they'll get off their collective asses and do something.  But I'll bet that if it happens to anyone, they'll be heading over to FBI.gov to see what they have to do.  lol