LocalBitcoins Attack against infrastructure 3.5.2014 - page 2.

BurtW

legendary

Activity: 2646

Merit: 1136

All paid signature campaigns should be banned.

Quote from: keithers on May 03, 2014, 07:46:29 PM

If only these hackers could put their talents to good use on something positive...

The Bitcoin network and all its peripheral entities need to be tested while we are in beta.

All this testing from worthy opponents only makes us stronger.

So their talents are being put to good use.

MarketNeutral

sr. member

Activity: 406

Merit: 252

Quote from: franky1 on May 03, 2014, 06:19:15 PM

usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief

so here are some lessons
1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them.

2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long.

3. admin rights. if you own the domain YourDomain. then DO NOT register [email protected] or [email protected] instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time.

4. set up a passphrase that must be mentioned in all correspondence.

5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them.

so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done

Very good advice. Thank you.

keithers

legendary

Activity: 1456

Merit: 1001

This is the land of wolves now & you're not a wolf

If only these hackers could put their talents to good use on something positive...

franky1

legendary

Activity: 4270

Merit: 4534

usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief

so here are some lessons
1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them.

2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long.

3. admin rights. if you own the domain YourDomain. then DO NOT register [email protected] or [email protected] instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time.

4. set up a passphrase that must be mentioned in all correspondence.

5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them.

so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done

MoneyGod

sr. member

Activity: 406

Merit: 250

Another bad news for bitcoiners because now peoples more worry about bitcoin trade

aceat64

full member

Activity: 307

Merit: 102

This is pretty standard social engineering, the hosting company screwed up big time. They gave someone root access with apparently no real validation.

RUEHL

full member

Activity: 126

Merit: 100

https://plus.google.com/+BitcointrukkokHu/posts/UkRc4jrJAbn

Saturday, May 3, 2014

Attack against LocalBitcoins infrastructure 3.5.2014

LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014.
For now
All user data and Bitcoins are safe;
The site will be down for a while as the system is being rebuilt

Details

LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.

LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.
All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.

It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter.

Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
LocalBitcoins team has started to rebuild the website server on fresh hardware.
LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again.

We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.

Topic: LocalBitcoins Attack against infrastructure 3.5.2014 - page 2. (Read 2451 times)