Pages:
Author

Topic: LocalBitcoins Attack against infrastructure 3.5.2014 - page 2. (Read 2485 times)

legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
If only these hackers could put their talents to good use on something positive...
The Bitcoin network and all its peripheral entities need to be tested while we are in beta.

All this testing from worthy opponents only makes us stronger.

So their talents are being put to good use.
sr. member
Activity: 406
Merit: 252
usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief

so here are some lessons
1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them.

2. pre-knowledge -  the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long.

3. admin rights. if you own the domain YourDomain. then DO NOT register [email protected] or [email protected] instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time.

4. set up a passphrase that must be mentioned in all correspondence.

5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them.

 so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done


Very good advice. Thank you.
legendary
Activity: 1456
Merit: 1001
This is the land of wolves now & you're not a wolf
If only these hackers could put their talents to good use on something positive...
legendary
Activity: 4410
Merit: 4766
usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief

so here are some lessons
1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them.

2. pre-knowledge -  the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long.

3. admin rights. if you own the domain YourDomain. then DO NOT register [email protected] or [email protected] instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time.

4. set up a passphrase that must be mentioned in all correspondence.

5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them.

 so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done
sr. member
Activity: 406
Merit: 250
Another bad news for bitcoiners because now peoples more worry about bitcoin trade
full member
Activity: 307
Merit: 102
This is pretty standard social engineering, the hosting company screwed up big time. They gave someone root access with apparently no real validation.
full member
Activity: 126
Merit: 100
https://plus.google.com/+BitcointrukkokHu/posts/UkRc4jrJAbn

Saturday, May 3, 2014

Attack against LocalBitcoins infrastructure 3.5.2014

LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014.
For now
All user data and Bitcoins are safe;
The site will be down for a while as the system is being rebuilt

Details

LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.
  • LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
    The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.
  • All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.
It is very unlikely that the attacker gained access to any data;  LocalBitcoins is still performing full investigation on the matter.
  • Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
    LocalBitcoins team has started to rebuild the website server on fresh hardware.
  • LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again.  
We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.
Pages:
Jump to: