Canadian Bitcoin exchange defrauded of $100,000 BTC

by
in security on (#3GJ)
story imageOttawa bitcoin exchange Canadian Bitcoins was subject to a heist that led to $100,000 worth of bitcoins being stolen. But it was no complicated, security fraud: it was simple, social engineering.

The Ottawa Citizen reports:
The Ottawa police are investigating an Oct. 1, 2013, incident at Canadian Bitcoins, when someone opened an online chat session with a technical support worker at Granite Networks, now owned by Rogers Communications, and claimed to be Canadian Bitcoins owner James Grant. He claimed to have a problem with a server and asked the attendant to reboot it into recovery mode, allowing him to bypass security on the server. "It's ridiculous," said the real James Grant when asked about the incident. "There was absolutely zero verification of who it actually was."
The most frustrating details relate to the high degree of physical security that the real owner was subjected to when attempting to access his server cage - something the thieves didn't face. Canadian Bitcoins' statement on the matter is here.

being conned (Score: 5, Insightful)

by rocks@pipedot.org on 2014-03-20 12:35 (#Q2)

is something I have experienced a bunch of times, probably more times even than I know, some of the events being so ridiculous that I can't even picture myself doing what I did. Most of the time I am pretty sceptical and careful with strangers, but basically a variety of human conditions such as feeling happy and safe, being depressed, being very tired, being distracted, and so on can bring your guards down for external reasons and they don't get back up in time when a con arrives at your doorstep. I have since acquired a lot of sympathy for people who get conned because usually they are not ridiculously stupid. Instead, they generally had their guards down for external reasons and made a mistake, a mistake they can easily recognize in hindsight and not repeat in the future, and it usually accomplished little to berate the momentary stupidity.

That said, the discrepancy between the physical security and chat security in this case is remarkable for people managing a financial business. Secure protocols appear to have been missing in this case and could have helped?
Post Comment
Subject
Comment
Captcha
Eight add 5 is what?