Topic: HACKED THIS AFTERNOON! PLEASE HELP! (Read 616 times)

You shouldn't take it to the extremes. Linux is much more secure by default, but its not perfect. It also depends on distro, some are more security oriented than others. Windows on the other hand, can be made safer, with work, but the end result isn't perfect either, and is not as good as a truly secured linux or bsd. You just can't do anything about secret backdoors/bombs/bugs hidden in code you have no access to, that is a fundamental difference you have to always live with when using closed source proprietary software.

Of course there is a lot of money to be made in this sector, some people are fool enough to insist on using windows and beg professionals to make it safer. One of the things usually done is put a firewall (with a secure os) in the gateway to the wild savage internet and their little windows Lan to at least contain the brunt of the attacks. You can also spend a lot of effort and time trying to secure as best as you can windows, within the limitations no access to the code will never let you surmount.

The irony here is that a simple user isn't going to make it, that is why they hire you in the first place. If windows was "secure by default", you would have to do a different job. And these are the typical targets, remember? Laziness.

Easy to use, easy to crack, you could say.

You are wrong.

Just because YOU can't manage a windows system / network properly, it doesn't mean that it is not possible.
While i agree that it takes way more effort to create a somewhat secure system running windows, it is - by far - not impossible.

We would have all of your governments and any other critical infrastructure compromised already.. The majority is using windows only..

You should keep away from the thought that not a single person can do things which YOU can't do..

Any chance suing AT&T? Did they hi-jack your sim? There was several high-profile cases like this in california/miami last year.

@ Op how many KYC  did you do for crypto companies?

KYC at an exchange like Bittrex,Coinbase

KYC with bitmain
KYC with most anyone in crypto can be a big weakness.

Did you have any

yahoo accounts?
outlook accounts
live accounts?

Which is incorrect. Windows is insecure regardless of your "configuration and management" bullshit.

You are posting false information and using fallacies which I utterly despise. Thus you are directly, or indirectly, intentionally or unintentionally harming the readers. Here you go again, with a red herring. Just stop. Then again, you gotta earn your shitposting sig. money somehow. This solves my own question why pseudo-randoms have been posting pseudo-science in this section for a while now; it's time to exclude it from everything.

Yes, i were talking about out-of-the-box in one sentence:


All i have said was that any system can get compromised and that no system is secure directly after installing.
It is the configuration which makes it more or less secure. The possibilities and simplicity of unix-based OS's are the reason linux can be made more secure in an easier way.
This has nothing to do with linux = secure; windows = horrible. It all depends on the configuration and the management.. always.




Just because you didn't see X, it means X doesn't exist ? What kind of an argument is that ?

Also.. why are you hating so much ? There is not a single reason to be aggressive at all..


Edit:
Just checked your post history and it seems you have a bad day today..
What about we stop the discussion here now and talk some other day about this topic (given that you want to properly discuss this topic) ?

That is, again, nonsense. You were talking about the out of the box security. Windows is garbage, especially windows server. Luckily for that garbage OS this discussion does not involve performance.


What has me never seeing a linux system get compromised have to do with the existence of exploits? Strawman facepalm. I'm well familiar with exploits, especially those that were planted by NSA undercover contributors[1]. Read before you respond next time or just avoid responding at all (the later is the better option).

---

[1] Greetings to all american kool-aid drinkers again; you live in such a lovely country.

And dynamite will destroy both.

With proper network- / privileges-management and some common sense a windows network can be as secure as a linux network.

It all depends on the security mechanism / -management.
A miserably managed linux network is way more prone to being compromised than a moderately good managed windows network.




So.. you mean there never were linux kernel exploits, privilege escalations or any other exploits which only affected linux and were severe (*cough*  shellshock  *cough*) ?


Just because the majority of malware doesn't work on linux, it doesn't mean that linux is more secure.

If you consider a non-techy guy who barely can open his browser and type into google.
Without any security practices, it is not harder to compromise his computer running linux than if he would use windows. Same applies to a MAC, iOS, android etc..

Most people using linux do have more clue regarding IT / security / etc.. And that's the reason why it is 'easier' to compromise a windows system. Most windows user just don't know what they are doing at all..

Then you need to do a lot more reading. When compared: Windows = swiss cheese; Linux = brick wall.

Is not.

---

For the sake of reference: the last time anything running Linux that I've seen was compromised was never. The again, that might be partially because of proper security practices.

While i agree that it is safer to use Linux, i would not agree that linux is a more secure OS per se.

It is the configuration of your computer, software, network which makes your system secure or not secure.

More than 90% of the malware is written for windows.. but this still doesn't mean that you are more secure (especially not in a targeted attack).
In a targeted attack it doesn't matter at all which OS you are using. Bugs and exploits exist (and can be found) for every OS / system setup.


Generally, yes. Linux is safer (out-of-the-box). And you are more secured against the day-to-day threats, yes.
But saying linux is more secure per se, is kind of wrong.




Password managers are a good idea, yes.
But in some cases you need to memorize your password (e.g. for an account you need to log into from different devices from different networks).
In this case you need some password you can memorize.

Then, you can easily go without special chars by increasing the length.

An explanation on length beats complexity regarding password security: https://bitcointalksearch.org/topic/m.50625648




Definitely, but maybe not manjaro.

For a linux newbie, some easier-to-learn distro might be more helpful (e.g. ubuntu / mint).

Email access doesn't necessarily means they can get you, many sites ask you security questions before sending you a new password to your email, it depends on the site. If you are smart, you don't use a normal answer to the security question, but instead use random generated passwords as response for each different security question (you can store those in your password manager the same way).

If the site simply sends you a new password over email when you request it, that site has a very poor design. In this day and age, that's unacceptable. Some form of challenge should be expected. Often a weakness here is people using dumb simple answers to the security questions.

Windows has a LONG history of security breaches. Problem is, its full of holes, several undocumented. Once a malicious individual finds one, it can keep it to himself until the day he wants to use it. In open source, the same thing can occur, BUT  more often than not a thid party finds it and alerts the community. This cannot happen with closed software where its impossible to audit the code, or can only be audited by too small a limited group for a short period of time; meaning several bugs and flaws remain hidden for decades. The software development model (open vs closed) is one of the main reasons for insecure software, but its not the only one. It is however harder to secure closed since its harder to find the flaws than open.

There is no such thing as security by obscurity. A common cryptography tradition is: show your algorithm, so the community as a whole can audit it and give its blessing or find its faults. you know, basic science. Keep it hidden, nobody will trust it as its likely full of flaws. Software is the same.

I understand that my case was completely my fault (same pass on every site), and the reason is laziness, ignorance, or thinking it will never happens to you. I can't say the OP was hacked the same way that I was, anyway, it could be his fault or a website leaking his data: once they have access to an email address, they got access to all other sites, it doesn't matters if you have one password for each one.



I recommend the same, Windows is a spyware for itself, they are more busy spying on your biometrical data than on bringing security. I'm a total Linux noob, but I started using Ubuntu this year, learned GIMP to replace Photoshop, and I still need to buy a BricsCAD license to replace Autocad, to fully get rid of Windows for ever. I also recommend Linux Tails in a thumbdrive for important transactions.

This is why its critical to never repeat passwords anywhere. First thing they do when they obtain password databases is to try them elsewhere. People can't remember a thousand sites passwords, but they can remember a very good password for a password manager running in a secure OS. Of course you should run a secure OS always (ie. Linux).

And your passwords shouldn't be trivial. Password managers have good random password generators, you should aim for (at least) 16 char long passwords using all char type groups first (ie. letters, numbers, caps, symbols).

I would advise the OP to download a live linux iso and use that in a thumbdrive and boot the computer from it. always have one of those ready.

Why, oh why is it only after people lose money that they start to pay attention? If you haven't been harmed yet, Do it now™; drop windows today, no more excuses.

Then, no "easy passwords", no repeating passwords. Careful with the 2FA, they are double edged swords, not universal protection. Keep major amounts in cold wallets, no excuses for that either. Exchanges learned that lesson the hard way, so should you...

So now its too late for (yet another) poster. Is it late for you the reader? Best OP can do now is report to authorities, probably will never see anything of it back again.

Remember this: When you use crypto, you are your own bank. Act responsibly.

Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

You might be right about the computer issue cause the OP said he's using mac computers but the part of his phone also been hacked another thing and I believed it might be an inside job done by the person that knew the OP which I asked him the previous question but the OP was not online since his last reply.

If you follow the addresses they split transactions up on, 3BXTZHn8h7v69KoZTnnTU3Qj9TxBejLX9T is associated with BTC ransomware and blackmail scam. I've seen some of those spoofed emails have actual passwords in them to make them more worrisome, so there have definitely been database breaches. If you used the same email/password for everything it could be from whatever breach they obtained those passwords from or a simple phishing scam with fake login. Could have also been a more sophisticated, targeted attack, and only way to try and find out would be to do a full forensic examination of your computers and devices. I'd make forensic copies of everything and then wipe the originals before going back online.

I'm really sorry for your loss, hope you can make it back again double of what you have!

adding to posi, I'm really curious on how this attack happened and what was the security breach, since you had 2FA on all exchanges and on email.

did anybody had physical access to your mobile phone?
which was the version of your iphone and how do you think the 2FA got copromised?

any info on this can possibly save other people to suffer the same kind of hack

I'm really sorry for your loss. I will advice you to do all the calling using a new phone but I was surprised all your phones, email and computer were hacked and would like to ask you some few question.
How many people know you holder some crypto?
Do you share your computer?
Do you expose your SSN in the last 3 months, save it on phone etc or apply an anonymous registration which require your private info?

Steamy27, I'm sorry for your loss, but you should have been a lot smarter and never hold such a quantity of coins on crypto exchanges. Simple desktop wallet would save you, and I do not have to mention how much security would you have with any hardware wallet which is cost 50$ or something like that.

By the way you are hacked it is obvious that you were the calculated target, so think who else is know that you hold such amount of coins? Did you tell your friends, acquaintances or family members? Although the chances are very small, maybe police can do something if you collect enough data and make a report.


Unfortunately exchanges do not give the possibility of exporting private keys, and because of that coins stored there are not just owned by owner, but also by exchange and anyone who can hack such service.

The block explorer says you still have 24.6995 BTC at this address -- I'm taking it you don't have the private key to this address? If you did, the obvious thing to do would be to import it into another wallet; preferably on a device you know isn't connected to the hacking. If you don't, sorry to hear about your loss. That's truly awful and I hope you somehow recover at least some of it.

This is an ultimate MCA. I am sorry to hear that.

Unfortunately we can't change it anymore, but the way it happened means that your whole network is compromised.

You need to get rid of this as fast as possible.


I suggest you do the following:
- Disconnect from the internet and don't connect anymore until you have cleaned everything.
- Make a backup of all relevant files (wallet files, documents, pictures, etc.. )
- Completely wipe (format) your hard drives (all of them; format your PC, factory-reset your mobile, if you have IoT-devices, factory reset them, ...)
- In the meantime try to regain access to your accounts from a clean device outside of your home network
- Reinstall your Operating system (please do not use cracked windows software or something like that, they are ALWAYS infected).
- Reconnect to the internet. From this point you can change passwords etc. using this device on your home network.

This is the only correct way of minimizing the damage.


Also, it is important to find out how this happened to not let it happen again in the future.
At least you should not store any coins on any online service (e.c. exchange) anymore and use a hardware wallet to store your coins.

Hacker must have already acquired most of your accounts earlier than the incident but waited for the right moment (recovery emails and info) to execute the transfers and all things that can slow down your recovery attempt.

For the culprit: All Devices including your Mac PCs were compromised.... it must be a DNSChanger virus or later variants that targets routers.
Take note that it's not limited to displaying malicious ads but also able to redirect you to phishing sites which might be the cause of the multiple account hacks.
Try to look for the browsing history for questionable URLs since even started from a bookmark, that virus can redirect you to a fake site.

The chances are tiny, but try to contact Bittrex support and tell that your account is hacked.
If they see it in time, maybe they can prevent the funds getting sent out and they'll do a thorough verification of identity.

Sorry to hear what had happened to you. 

Since crypto transaction is irreversible, you can't do anything about it. I will just advise you to just take some time off to at least recover emotionally.

Thanks for the reply HCP..

Sad day  :

Working on the gmail issues.. All of my recovery email addresses were compromised as well... hence me being pretty handcuffed on the email front..

I have reached out to Bittrex and Binance to freeze accounts.. Binance has done so but not in time.. KYC'd in both exchanges.

Here is the transaction out of my account: https://bitcoinwhoswho.com/address/1CenzCoKFoQyBdFbi1uYU1DEmyQFyM8cfm/urlid/13236721
This was a very very sophisticated attack.. I was simultaneously hacked at 2 email addresses.. I phone.. Multiple mac computers.. At&T (they changed my ssn and disconnected my phone!)..

At a loss.. total loss..

About all I can advise is trying to follow the steps here to regain control of your Gmail: https://support.google.com/accounts/answer/6294825

Sadly, as for all the crypto, that's gone... your chances of recovery are basically nil.

You can try contacting the exchanges, but usually they'll just lock your accounts... and unless you had completed KYC and are verified, getting them back will be difficult.

Any help here would be extremely helpful. Help, resoureces.. contacts. anything.

I got hacked this afternoon.. first my email accounts (all of them), then my phone, then my computer.. one right after the other.

I still do not have access to email (gmail won't let me in via 2FA). I just regained control of my phone and 2FA.. Logged in to both my Bittrex and Binance accounts and am missing almost everything.. Binance is empty.. Bittrex everything has been consolidated into Bitcoin and is likely ready to send out into space.. As soon as seeing my bittrex portfolio, i was locked out..

Any input is greatly appreciated.. This is a significant amount crypto..

Help