Canadian Bitcoin exchange defrauded of $100,000 BTC

by
in security on (#3GJ)
story imageOttawa bitcoin exchange Canadian Bitcoins was subject to a heist that led to $100,000 worth of bitcoins being stolen. But it was no complicated, security fraud: it was simple, social engineering.

The Ottawa Citizen reports:
The Ottawa police are investigating an Oct. 1, 2013, incident at Canadian Bitcoins, when someone opened an online chat session with a technical support worker at Granite Networks, now owned by Rogers Communications, and claimed to be Canadian Bitcoins owner James Grant. He claimed to have a problem with a server and asked the attendant to reboot it into recovery mode, allowing him to bypass security on the server. "It's ridiculous," said the real James Grant when asked about the incident. "There was absolutely zero verification of who it actually was."
The most frustrating details relate to the high degree of physical security that the real owner was subjected to when attempting to access his server cage - something the thieves didn't face. Canadian Bitcoins' statement on the matter is here.

Re: being conned (Score: 2, Informative)

by andycal@pipedot.org on 2014-03-21 01:30 (#QK)

Seems to me it took a lot more than just opening up a chat session. The attacker needed to know enough about the infrastructure to guide the attack. I suspect either an inside job, or at-least some other inside connection, perhaps the part we know about was only part of the social engineering.

I've always been shocked at how easy it is defeat security with a few words.

To the hotel clerk at the front desk around 2 in the morning: "I left my room key in my room, Can you make me a key for Room number ####?"

I stood ready to produce my photo id, or at-least give the name on the room... neither was asked for .
Post Comment
Subject
Comment
Captcha
What is seventy six thousand five hundred and sixty one as digits?