Hackers Have Stolen Millions Of Dollars In Bitcoin -- Using Only Phone Numbers - page 3.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: nizamcc on December 22, 2016, 03:04:36 PM

Quote from: Lauda on December 22, 2016, 01:59:04 PM

1) Do not use your personal phone number for 2FA. Use SIM cards without contracts.
5) Do not use any web wallets or online services to keep Bitcoin. If you need to keep them on an online device (for whatever reason), at least make sure that you're talking about a local desktop client.

Quoted you to discuss your first and fifth points.
I just wanted to know that if I use my personal phone number (specifically non-contract sim cards), isn't it still on the edge of getting hacked?

Your carrier shouldn't be able to revoke a non-contract sim to which no information is actually bound. In that sense, it should not be 'hackable' in a way as described

Quote from: nizamcc on December 22, 2016, 03:04:36 PM

And when you said that we should keep our coins in a local desktop client, say if I am using any web wallets like blockchain, so is it not good to have all my coins be kept there?

Your web wallets, and those especially that use 2FA are vulnerable to social attacks. A desktop wallet is only vulnerable to targeted attacks, in which you machine has to be compromised. There's a huge difference in the possible approaches for a malicious individual.

dontryjustdoit

newbie

Activity: 30

Merit: 0

use a burner phone not in your name to have your codes texted to. dont even tell you wife.

Bigdan

member

Activity: 84

Merit: 10

That's why you need to download the entire blockchain and wallet and keep your private keys.

nizamcc

legendary

Activity: 1218

Merit: 1007

Quote from: Lauda on December 22, 2016, 01:59:04 PM

Quote from: ebliever on December 22, 2016, 12:34:52 AM

The hackers are able to access PC's starting with the phone hacking.

Nope. Sounds to me like a case of someone who thinks they understand security, but actually don't. The article is unnecessarily long and pretty much useless (doesn't outline ways of protecting yourself well, but rather tells us a story). Here are some semi-easy ways for prevention:

1) Do not use your personal phone number for 2FA. Use SIM cards without contracts.
2) Do not use social networks (they aren't for the brightest anyways).
3) Delete anything you can find online about yourself -> effectively kills social engineering attempts.
4) Disable Javascript, Flash and everything else by default.
5) Do not use any web wallets or online services to keep Bitcoin. If you need to keep them on an online device (for whatever reason), at least make sure that you're talking about a local desktop client.

Alternative:
A) Use a different computer solely for Bitcoin, banking et al. (Note: This does not save you from targeted network intrusion, rootkits and similar).

Quoted you to discuss your first and fifth points.
I just wanted to know that if I use my personal phone number (specifically non-contract sim cards), isn't it still on the edge of getting hacked?
And when you said that we should keep our coins in a local desktop client, say if I am using any web wallets like blockchain, so is it not good to have all my coins be kept there?

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: ebliever on December 22, 2016, 12:34:52 AM

The hackers are able to access PC's starting with the phone hacking.

Nope. Sounds to me like a case of someone who thinks they understand security, but actually don't. The article is unnecessarily long and pretty much useless (doesn't outline ways of protecting yourself well, but rather tells us a story). Here are some semi-easy ways for prevention:

1) Do not use your personal phone number for 2FA. Use SIM cards without contracts.
2) Do not use social networks (they aren't for the brightest anyways).
3) Delete anything you can find online about yourself -> effectively kills social engineering attempts.
4) Disable Javascript, Flash and everything else by default.
5) Do not use any web wallets or online services to keep Bitcoin. If you need to keep them on an online device (for whatever reason), at least make sure that you're talking about a local desktop client.

Alternative:
A) Use a different computer solely for Bitcoin, banking et al. (Note: This does not save you from targeted network intrusion, rootkits and similar).

Quote from: Sithara007 on December 22, 2016, 01:41:26 PM

How they are going to hack in to the SIM card?

People need to stop watching hacking in movies.

Sithara007

legendary

Activity: 3220

Merit: 1344

Leading Crypto Sports Betting & Casino Platform

Quote from: Yakamoto on December 22, 2016, 01:05:50 PM

Quote from: BitcoinGirl.Club on December 22, 2016, 12:58:54 PM

Thought that 2FA was the safest thing out there. Apparently not! Embarrassed

2FA is actually one of the safest methods of securing your data that exists. The only issue is that hackers can access your SIM card if they know your number and call your phone company, and then make a blank and get the same info you get from your 2FA services.

How they are going to hack in to the SIM card? Especially if the mobile phone used is a basic variant instead of a smartphone? How they are going to install trojans and other spyware in such a phone?

Yakamoto

legendary

Activity: 1218

Merit: 1007

Quote from: BitcoinGirl.Club on December 22, 2016, 12:58:54 PM

Thought that 2FA was the safest thing out there. Apparently not! Embarrassed

2FA is actually one of the safest methods of securing your data that exists. The only issue is that hackers can access your SIM card if they know your number and call your phone company, and then make a blank and get the same info you get from your 2FA services.

It's not easy, per say, but it can be done and it is simpler to do than dictionary-attacking a password. It requires a lot of information first though.

BitcoinGirl.Club

legendary

Activity: 2800

Merit: 2736

Farewell LEO: o_e_l_e_o

Thought that 2FA was the safest thing out there. Apparently not! Embarrassed

bitbunnny

legendary

Activity: 2912

Merit: 1068

WOLF.BET - Provably Fair Crypto Casino

Hackers are always step ahead. It's needed to develope the new security mechanisms all the time. But it seems that everything that is considered to be secure in fact it's not. That also happened with 2FA. So, what can we do, what method, mechanism or tool can actualy protect our coins? Is there anything that we can fuly trust?

Roger Burton

member

Activity: 101

Merit: 10

A very good hacker knows how to handle you and take information from you. All we have to be very careful with those we're talking to. It's for our safety, not only for our money but for our lives. So people do not give your informations.

Kakmakr

legendary

Activity: 3458

Merit: 1961

Leading Crypto Sports Betting & Casino Platform

Ok, explain this to me. Why would a early Bitcoin adopter store 1000's of coins on a hardware device? This smells a bit fishy, to say the least. I never keep all my coins in the same device. I always split my coins over 100's of paper wallets, and I store those in different places. If I need coins, I just grab one paper wallet and sweep it online. < not everything in one go, because that would be VERY stupid >

None of this are proven statements, so they can just publish any shit they want to, to sell papers and get more hits on their news sites.

maydna

hero member

Activity: 2912

Merit: 556

Enterapp Pre-Sale Live - bit.ly/3UrMCWI

Quote from: NorrisK on December 22, 2016, 03:08:42 AM

How about proper training to people that give out personal details of others?

If the people got some training on how to verify better that its the real person, it may become less common. I mean, most companies only ask for publically available information such as address and birth date before they give you whatever you want...

its a good idea but i don't think this could be solve the problem as we can see that many people is not giving their attention for the 2FA phone number. but at least that person know how to solve their problem with 2FA, and i think we can using another security for saving our account so we can prevent of hackers attack.

NorrisK

legendary

Activity: 1946

Merit: 1007

How about proper training to people that give out personal details of others?

If the people got some training on how to verify better that its the real person, it may become less common. I mean, most companies only ask for publically available information such as address and birth date before they give you whatever you want...

MingLee

hero member

Activity: 490

Merit: 520

Everything is vulnerable as long as they can find your phone number and contact your phone service provider and get your SIM card info.

There is nothing that can especially prevent anything, but phoning up your provider and setting up additional security for something like this can help ease these woes, again, to a certain extent.

There are cases like this for YouTube users as well, so it's not rare or specific.

davis196

hero member

Activity: 2968

Merit: 913

Quote from: ebliever on December 22, 2016, 12:15:20 AM

Article at link:

http://www.forbes.com/sites/laurashin/2016/12/20/hackers-have-stolen-millions-of-dollars-in-bitcoin-using-only-phone-numbers/#3e024ad522db

Lessons learned:
2FA using SMS is badly compromised.
You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.
Hackers are targeting prominent bitcoiners - but it's only a matter of time for the rest of us.
Thieves are impersonating prominent bitcoiners, asking friends for "loans" of BTC (etc) - which just means more victims.
It's not just bitcoins - bank accounts and everything else are vulnerable. (And you can't fix those with a Trezor or paper wallet.)

What else?

Let`s just stop using bitcoins and stop online banking because of the hackers. Grin

Let`s use only gold and silver coins for trading purposes.

Hackers can`t hack gold and silver coins. Grin

Just kidding.

Hackers are a serious problem.

avatar_kiyoshi

legendary

Activity: 1106

Merit: 1000

I have same case like kenna, fortunately I just lose few bucks. Using 2FA phone number is very vulnerable, it's proved when I lost my money using these features. Although it's keep offline.

Arrakeen

hero member

Activity: 532

Merit: 500

Offer escrow, receive negative trust

Quote from: shamzblueworld on December 22, 2016, 12:28:03 AM

Quote from: ebliever on December 22, 2016, 12:15:20 AM

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.
Hackers are targeting prominent bitcoiners

I completely agree with this. You can not trust all your apps blindly, it is a great risk to do that and sooner or later, you will regret it if you do keep sharing sensitive info with your mobile phone, even the words you type from your mobile phone are recording by your keyboard, how can you be sure they cannot reuse them for harmful reasons?
So try to be as secure as possible and only do it with PC, though it is also not that secure but at least it is way more than the so called smartphone.

As secure as possible with a pc would mean an isolated box, where your funds/keys are stored. Even if that means looking over then typing everything individually, better than a possibly compromised USB stick.

ebliever

legendary

Activity: 1708

Merit: 1035

Guys, read the article. (It is a good read.) The hackers are able to access PC's starting with the phone hacking. Sounds like a very ugly episode when everything - bank accounts, Windows login, desktop wallets, etc. - all get seized in one swoop. Because phone companies still think of themselves as phone companies, and not as gatekeepers to people's financial and personal property on a vast scale. They can't keep screwing up like this.

If the evidence that this operation(s) is based in the Phillipines is right... well, the hackers might not be too happy once Duterte catches up with them. If he treats them like he does drug dealers, they will have a _very_ short life expectancy.

shamzblueworld

hero member

Activity: 714

Merit: 500

Quote from: ebliever on December 22, 2016, 12:15:20 AM

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.
Hackers are targeting prominent bitcoiners

I completely agree with this. You can not trust all your apps blindly, it is a great risk to do that and sooner or later, you will regret it if you do keep sharing sensitive info with your mobile phone, even the words you type from your mobile phone are recording by your keyboard, how can you be sure they cannot reuse them for harmful reasons?
So try to be as secure as possible and only do it with PC, though it is also not that secure but at least it is way more than the so called smartphone.

ranochigo

legendary

Activity: 2982

Merit: 4193

Quote from: ebliever on December 22, 2016, 12:15:20 AM

Article at link:

http://www.forbes.com/sites/laurashin/2016/12/20/hackers-have-stolen-millions-of-dollars-in-bitcoin-using-only-phone-numbers/#3e024ad522db

Lessons learned:
2FA using SMS is badly compromised.

Definitely. Phone companies are especially vulnerable to social engineering. It has happened to various other people, including linustechtips and even cloudflare's CEO.

Quote from: ebliever on December 22, 2016, 12:15:20 AM

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.

The services are vulnerable too. 2FA isn't safe if you use it with your phone number.

Quote from: ebliever on December 22, 2016, 12:15:20 AM

Hackers are targeting prominent bitcoiners - but it's only a matter of time for the rest of us.

Hackers are likely more interested with the people holding a larger amount.

Quote from: ebliever on December 22, 2016, 12:15:20 AM

Thieves are impersonating prominent bitcoiners, asking friends for "loans" of BTC (etc) - which just means more victims.

It's weird if a friend asks you for a loan over the phone. Anyone receiving such a request SHOULD verify it physically, especially if its for a large amount.

Quote from: ebliever on December 22, 2016, 12:15:20 AM

It's not just bitcoins - bank accounts and everything else are vulnerable. (And you can't fix those with a Trezor or paper wallet.)

For the banks I use, the bank account have physical OTP keys and they are much more difficult to compromise.

Bitcoins aren't vulnerable if you choose to secure your coins with a desktop/cold wallet. The reason why Bitcoins are lost through this is because of people storing them in services.

Topic: Hackers Have Stolen Millions Of Dollars In Bitcoin -- Using Only Phone Numbers - page 3. (Read 2881 times)