Featured news
"We've long been targeted by someone using social engineering tactics to attempt to compromise our various accounts at exchanges, with our hosting provider Amazon AWS and even on my personal accounts, mostly without success," explained one of the BitInstant team. "At no time have we ever had a single system or account compromised through technical means, or indeed at all before yesterday."
But the weak link proved to be Site5, the site's domain registrar, as the attackers managed to convince Site5 staff with clever social engineering that they were talking to the aforementioned representative, and to add a new email address to the site's account and to make it the primary login.
Once booted out of the account, the attackers managed to gain access again and redirect DNS by pointing the nameservers to hetzner.de in Germany, then redirect traffic to a hosting provider in Ukraine.
This allowed them to lock out BitInstant co-founders, to hijack their emails and reset the login for the VirWox exchange, enabling them to steal the aforementioned amount of money.
"No other exchanges were affected due to either Multi Factor Authentication, OTP, Yubikey's and auto lockdowns," the BitInstant team claims, and the stolen internal company emails are useless to the hackers because PGP encryption of emails in internally mandated.
"None of your personal or transactional information has been leaked. We keep all that data offline to protect everyones privacy," they reassured users, adding that the attackers managed to only steal that small sum due to major choke points and redundancies in their system.
The team suspects the attackers to be of Russian origin, even though they were sneaky enough to cover their tracks. They also said that they will be moving to a more secure registrar as soon as possible.
Follow @zeljkazorz
Spotlight
Lessons learned developing Lynis, an open source security auditing tool
Posted on 15 October 2014. | Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.
Detecting cyber attacks in a mobile and BYOD organization
Posted on 14 October 2014. | Enabling employees and contractors to bring their own devices to work has become a way of life for many organizations. Many understand that traditional perimeter security defenses are not effective at identifying attacks on mobile devices.
Russian espionage group used Windows 0-day to target NATO, EU
Posted on 14 October 2014. | The vulnerability and the attack exploiting it have been discovered by iSIGHT Partners, whose researchers were tracking the activities of a group of hackers whom they suspect to be of Russian origin and potentially working for (or selling information to) the Russian government.
Identifying deceptive behavior in user-generated content
Posted on 13 October 2014. | JT Buser, Manager of Authenticity and Fraud at Bazaarvoice, talks about challenges involved in identifying deceptive behavior in user-generated content as well as interesting techniques he's seen scammers use.
Integrating IT security at the board level
Posted on 9 October 2014. | Risk is usually only managed at the board level once a major attack has taken place, which, besides being by far the most expensive way to resolve such problems, is neither logical nor sustainable.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.
