ebliever (OP)
Legendary
Offline
Activity: 1708
Merit: 1035
|
|
December 22, 2016, 04:15:20 AM |
|
Article at link: http://www.forbes.com/sites/laurashin/2016/12/20/hackers-have-stolen-millions-of-dollars-in-bitcoin-using-only-phone-numbers/#3e024ad522dbLessons learned: 2FA using SMS is badly compromised. You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster. Hackers are targeting prominent bitcoiners - but it's only a matter of time for the rest of us. Thieves are impersonating prominent bitcoiners, asking friends for "loans" of BTC (etc) - which just means more victims. It's not just bitcoins - bank accounts and everything else are vulnerable. (And you can't fix those with a Trezor or paper wallet.) What else?
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
ranochigo
Legendary
Offline
Activity: 3010
Merit: 4262
Crypto Swap Exchange
|
|
December 22, 2016, 04:24:32 AM |
|
Definitely. Phone companies are especially vulnerable to social engineering. It has happened to various other people, including linustechtips and even cloudflare's CEO. You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.
The services are vulnerable too. 2FA isn't safe if you use it with your phone number. Hackers are targeting prominent bitcoiners - but it's only a matter of time for the rest of us.
Hackers are likely more interested with the people holding a larger amount. Thieves are impersonating prominent bitcoiners, asking friends for "loans" of BTC (etc) - which just means more victims.
It's weird if a friend asks you for a loan over the phone. Anyone receiving such a request SHOULD verify it physically, especially if its for a large amount. It's not just bitcoins - bank accounts and everything else are vulnerable. (And you can't fix those with a Trezor or paper wallet.)
For the banks I use, the bank account have physical OTP keys and they are much more difficult to compromise. Bitcoins aren't vulnerable if you choose to secure your coins with a desktop/cold wallet. The reason why Bitcoins are lost through this is because of people storing them in services.
|
|
|
|
shamzblueworld
|
|
December 22, 2016, 04:28:03 AM |
|
You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster. Hackers are targeting prominent bitcoiners
I completely agree with this. You can not trust all your apps blindly, it is a great risk to do that and sooner or later, you will regret it if you do keep sharing sensitive info with your mobile phone, even the words you type from your mobile phone are recording by your keyboard, how can you be sure they cannot reuse them for harmful reasons? So try to be as secure as possible and only do it with PC, though it is also not that secure but at least it is way more than the so called smartphone.
|
|
|
|
ebliever (OP)
Legendary
Offline
Activity: 1708
Merit: 1035
|
|
December 22, 2016, 04:34:52 AM |
|
Guys, read the article. (It is a good read.) The hackers are able to access PC's starting with the phone hacking. Sounds like a very ugly episode when everything - bank accounts, Windows login, desktop wallets, etc. - all get seized in one swoop. Because phone companies still think of themselves as phone companies, and not as gatekeepers to people's financial and personal property on a vast scale. They can't keep screwing up like this.
If the evidence that this operation(s) is based in the Phillipines is right... well, the hackers might not be too happy once Duterte catches up with them. If he treats them like he does drug dealers, they will have a _very_ short life expectancy.
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
Arrakeen
|
|
December 22, 2016, 04:39:07 AM |
|
You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster. Hackers are targeting prominent bitcoiners
I completely agree with this. You can not trust all your apps blindly, it is a great risk to do that and sooner or later, you will regret it if you do keep sharing sensitive info with your mobile phone, even the words you type from your mobile phone are recording by your keyboard, how can you be sure they cannot reuse them for harmful reasons? So try to be as secure as possible and only do it with PC, though it is also not that secure but at least it is way more than the so called smartphone. As secure as possible with a pc would mean an isolated box, where your funds/keys are stored. Even if that means looking over then typing everything individually, better than a possibly compromised USB stick.
|
|
|
|
avatar_kiyoshi
Legendary
Offline
Activity: 1106
Merit: 1000
|
|
December 22, 2016, 05:55:06 AM |
|
I have same case like kenna, fortunately I just lose few bucks. Using 2FA phone number is very vulnerable, it's proved when I lost my money using these features. Although it's keep offline.
|
|
|
|
davis196
|
|
December 22, 2016, 06:30:33 AM |
|
Let`s just stop using bitcoins and stop online banking because of the hackers. Let`s use only gold and silver coins for trading purposes. Hackers can`t hack gold and silver coins. Just kidding. Hackers are a serious problem.
|
|
|
|
MingLee
|
|
December 22, 2016, 06:50:30 AM |
|
Everything is vulnerable as long as they can find your phone number and contact your phone service provider and get your SIM card info.
There is nothing that can especially prevent anything, but phoning up your provider and setting up additional security for something like this can help ease these woes, again, to a certain extent.
There are cases like this for YouTube users as well, so it's not rare or specific.
|
|
|
|
NorrisK
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
December 22, 2016, 07:08:42 AM |
|
How about proper training to people that give out personal details of others?
If the people got some training on how to verify better that its the real person, it may become less common. I mean, most companies only ask for publically available information such as address and birth date before they give you whatever you want...
|
|
|
|
maydna
|
|
December 22, 2016, 07:15:25 AM |
|
How about proper training to people that give out personal details of others?
If the people got some training on how to verify better that its the real person, it may become less common. I mean, most companies only ask for publically available information such as address and birth date before they give you whatever you want...
its a good idea but i don't think this could be solve the problem as we can see that many people is not giving their attention for the 2FA phone number. but at least that person know how to solve their problem with 2FA, and i think we can using another security for saving our account so we can prevent of hackers attack.
|
█████████████████████████ ████████▀▀████▀▀█▀▀██████ █████▀████▄▄▄▄██████▀████ ███▀███▄████████▄████▀███ ██▀███████████████████▀██ █████████████████████████ █████████████████████████ █████████████████████████ ██▄███████████████▀▀▄▄███ ███▄███▀████████▀███▄████ █████▄████▀▀▀▀████▄██████ ████████▄▄████▄▄█████████ █████████████████████████ | BitList | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . REAL-TIME DATA TRACKING CURATED BY THE COMMUNITY . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | List #kycfree Websites |
|
|
|
Kakmakr
Legendary
Offline
Activity: 3500
Merit: 1963
Leading Crypto Sports Betting & Casino Platform
|
|
December 22, 2016, 07:52:28 AM |
|
Ok, explain this to me. Why would a early Bitcoin adopter store 1000's of coins on a hardware device? This smells a bit fishy, to say the least. I never keep all my coins in the same device. I always split my coins over 100's of paper wallets, and I store those in different places. If I need coins, I just grab one paper wallet and sweep it online. < not everything in one go, because that would be VERY stupid >
None of this are proven statements, so they can just publish any shit they want to, to sell papers and get more hits on their news sites.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Roger Burton
Member
Offline
Activity: 101
Merit: 10
|
|
December 22, 2016, 04:45:32 PM |
|
A very good hacker knows how to handle you and take information from you. All we have to be very careful with those we're talking to. It's for our safety, not only for our money but for our lives. So people do not give your informations.
|
|
|
|
bitbunnny
Legendary
Offline
Activity: 2912
Merit: 1068
WOLF.BET - Provably Fair Crypto Casino
|
|
December 22, 2016, 04:57:52 PM |
|
Hackers are always step ahead. It's needed to develope the new security mechanisms all the time. But it seems that everything that is considered to be secure in fact it's not. That also happened with 2FA. So, what can we do, what method, mechanism or tool can actualy protect our coins? Is there anything that we can fuly trust?
|
|
|
|
BitcoinGirl.Club
Legendary
Offline
Activity: 2856
Merit: 2757
Bitcoingirl 2 is downloading 💓
|
|
December 22, 2016, 04:58:54 PM |
|
Thought that 2FA was the safest thing out there. Apparently not!
|
|
|
|
Yakamoto
Legendary
Offline
Activity: 1218
Merit: 1007
|
|
December 22, 2016, 05:05:50 PM |
|
Thought that 2FA was the safest thing out there. Apparently not! 2FA is actually one of the safest methods of securing your data that exists. The only issue is that hackers can access your SIM card if they know your number and call your phone company, and then make a blank and get the same info you get from your 2FA services. It's not easy, per say, but it can be done and it is simpler to do than dictionary-attacking a password. It requires a lot of information first though.
|
|
|
|
Sithara007
Legendary
Offline
Activity: 3276
Merit: 1351
Leading Crypto Sports Betting & Casino Platform
|
|
December 22, 2016, 05:41:26 PM |
|
Thought that 2FA was the safest thing out there. Apparently not! 2FA is actually one of the safest methods of securing your data that exists. The only issue is that hackers can access your SIM card if they know your number and call your phone company, and then make a blank and get the same info you get from your 2FA services. How they are going to hack in to the SIM card? Especially if the mobile phone used is a basic variant instead of a smartphone? How they are going to install trojans and other spyware in such a phone?
|
|
|
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
AVATAR & PERSONAL TEXT Leading Crypto Sports Betting & Casino Platform Feel free to drop your doubts bellow Report to moderator ♠ ♥ ♣ ♦ ▬▬▬ ▬ Stake.com / Play Smarter ▬ ▬▬▬ ♠ ♥ ♣ ♦ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ L E A D I N G C R Y P T O C A S I N O & S P O R T S B E T T I N G Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here. Strongkored Legendary * Online Online Activity: 2072 Merit: 1061 View Profile Personal Message (Online) Trust: +0 / =0 / -0 Ignore Re: [OPEN]Stake.com NEW SIGNATURE CAMPAIGN l NEW PAYRATES l HERO & LEG ONLY May 31, 2022, 08:28:59 AM Reply with quote +Merit #2 Bitcointalk Username: strongkored Profile Link: https://bitcointalk.org/index.php?action=profile;u=640554Post Count: 5040 Forum Rank: Legendary Are you able to wear our Signature, Avatar & Personal Text? will wear upon receipt Stake
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
December 22, 2016, 05:59:04 PM |
|
The hackers are able to access PC's starting with the phone hacking.
Nope. Sounds to me like a case of someone who thinks they understand security, but actually don't. The article is unnecessarily long and pretty much useless (doesn't outline ways of protecting yourself well, but rather tells us a story). Here are some semi-easy ways for prevention: 1) Do not use your personal phone number for 2FA. Use SIM cards without contracts. 2) Do not use social networks (they aren't for the brightest anyways). 3) Delete anything you can find online about yourself -> effectively kills social engineering attempts. 4) Disable Javascript, Flash and everything else by default. 5) Do not use any web wallets or online services to keep Bitcoin. If you need to keep them on an online device (for whatever reason), at least make sure that you're talking about a local desktop client. Alternative: A) Use a different computer solely for Bitcoin, banking et al. (Note: This does not save you from targeted network intrusion, rootkits and similar). How they are going to hack in to the SIM card?
People need to stop watching hacking in movies.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
nizamcc
Legendary
Offline
Activity: 1218
Merit: 1007
|
|
December 22, 2016, 07:04:36 PM |
|
The hackers are able to access PC's starting with the phone hacking.
Nope. Sounds to me like a case of someone who thinks they understand security, but actually don't. The article is unnecessarily long and pretty much useless (doesn't outline ways of protecting yourself well, but rather tells us a story). Here are some semi-easy ways for prevention: 1) Do not use your personal phone number for 2FA. Use SIM cards without contracts. 2) Do not use social networks (they aren't for the brightest anyways). 3) Delete anything you can find online about yourself -> effectively kills social engineering attempts. 4) Disable Javascript, Flash and everything else by default. 5) Do not use any web wallets or online services to keep Bitcoin. If you need to keep them on an online device (for whatever reason), at least make sure that you're talking about a local desktop client. Alternative: A) Use a different computer solely for Bitcoin, banking et al. (Note: This does not save you from targeted network intrusion, rootkits and similar). Quoted you to discuss your first and fifth points. I just wanted to know that if I use my personal phone number (specifically non-contract sim cards), isn't it still on the edge of getting hacked? And when you said that we should keep our coins in a local desktop client, say if I am using any web wallets like blockchain, so is it not good to have all my coins be kept there?
|
|
|
|
Bigdan
Member
Offline
Activity: 84
Merit: 10
|
|
December 22, 2016, 07:38:04 PM |
|
That's why you need to download the entire blockchain and wallet and keep your private keys.
|
|
|
|
dontryjustdoit
Newbie
Offline
Activity: 30
Merit: 0
|
|
December 22, 2016, 11:06:52 PM |
|
use a burner phone not in your name to have your codes texted to. dont even tell you wife.
|
|
|
|
|