mufa23 (OP)
Legendary
 Offline
Activity: 1022
Merit: 1001
I'd fight Gandhi.
|
 |
June 27, 2012, 05:37:50 PM |
|
|
Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
|
|
|
Hexadecibel
Human Intranet Liason
VIP
Hero Member
Offline
Activity: 571
Merit: 504
I still <3 u Satoshi
|
|
June 27, 2012, 07:57:16 PM |
|
are there other sources?
|
|
|
|
|
|
nathanghart
|
|
June 27, 2012, 08:00:39 PM |
|
shhh. I'm still in escrow on my island.
|
|
|
|
|
|
dirtycat
|
|
June 27, 2012, 08:01:54 PM |
|
I was reading that this morning.. not much information on how it was done all they keep yappin about is zeus and spyeye "siphoning".. NEED MORE INFO! |
poop!
|
|
|
carafleur
Member
Offline
Activity: 113
Merit: 10
lost@bitcoinica.com
|
|
June 27, 2012, 08:31:33 PM |
|
For what it's worth, there's a link to the original McAfee Report : https://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdfjust reading |
“We build but to tear down. Most of our work and resource is squandered. Our onward march is marked by devastation. Everywhere there is an appalling loss of time, effort and life. A cheerless view, but true"
“Most certainly, some planets are not inhabited, but others are, and among these there must exist life under all conditions and phases of development.”
Tesla N
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 27, 2012, 10:10:05 PM
Last edit: June 27, 2012, 10:27:47 PM by Stephen Gornick |
|
What are the chances that the RBS / Nat West / Ulster Bank problems last week were truly because of "problems with an upgrade"? I can't see how those two tools Zeus and SpyEye would have control of enough systems where multifactor authentication is used to be successful at draining $75 million worth of funds. I'ld suspect most of the exploited systems were not using multifactor (e.g., time based PIN on a smartcard or like what Yubikey offers) or with method they had there was some vulnerability (e.g., account recovery process) that provided some way to bypass multifactor. Either way, I wonder which is a worse fate ... that the banks are insolvent or that they are incompetent? Be prepared! Time To Perform Your Own Bank Stress Test - http://www.bitcoinmoney.com/post/26014446677 |
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 27, 2012, 10:26:47 PM |
|
Ok, things aren't adding up here. To further hide the criminal activity, the hackers alter bank statements, leaving the victims clueless to the transactions. - http://www.scmagazine.com.au/News/306602,ongoing-racket-drains-high-roller-bank-accounts.aspxSo whose multifactor authentication was compromised? The customer cannot alter their own bank statement. If it was the customer's chip and pin system (or whatever they use) to blame, then the problem wouldn't be hacked bank statements. So, my bet is that this is a compromise of the banks internal systems and not just compromises on the customer side. |
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
June 27, 2012, 10:37:34 PM |
|
Ok, things aren't adding up here. To further hide the criminal activity, the hackers alter bank statements, leaving the victims clueless to the transactions. - http://www.scmagazine.com.au/News/306602,ongoing-racket-drains-high-roller-bank-accounts.aspxSo whose multifactor authentication was compromised? The customer cannot alter their own bank statement. If it was the customer's chip and pin system (or whatever they use) to blame, then the problem wouldn't be hacked bank statements. So, my bet is that this is a compromise of the banks internal systems and not just compromises on the customer side. From what I read, Zeus and Spyeye use a kind of MTIM attack that waits for the users to make a transfer of their own, but modifying the recipient and the ammount. After, the clueless user inserts the TAN and aproves the transfer  Banks like that way of exploiting because they can blame the users and leave them empty handed  |
|
|
|
|
ArticMine
Legendary
Offline
Activity: 2282
Merit: 1050
Monero Core Team
|
|
June 27, 2012, 11:03:08 PM |
|
Not much impact on Bitcoin. The banks themselves were not hacked. What was hacked were end user computers running Microsoft Windows and a similar kind of attack can be launched to steal Bitcoins. I myself have removed Bitcoin stealing and mining malware form Microsoft Windows computer. The solution here is to deal with the attack vector namely: Microsoft Windows. I have refused to do any online banking or any other financial transaction from a Microsoft Windows machine for over 6 years. I use GNU/Linux for this purpose and that includes Bitcoin transactions. When it comes to Bitcoin this includes refusing to host on a Microsoft Windows machine a Bitcoin wallet that has any of my personal private keys. As for backing up an encrypted, with Truecrypt, wallet.dat on a Microsoft Windows computer that is of course fine.
|
|
|
|
|
opticbit
|
|
June 27, 2012, 11:17:03 PM |
|
I saw something about 80 banks having a vulnerability. Someone tried to warn them. Maybe 20 listend, or 20 are yet to be attacked?
only 1.25M / bank? - under achiever.
|
|
|
|
|
Realpra
|
|
June 28, 2012, 02:43:06 PM |
|
Proportionally they have not lost that much compared to the BTC hacks.
I don't think security is Bitcoin's strong point, in fact it may be the only point where the regular system wins.
Yes you can use BTC safely if you are just a little savvy, but most people are idiots with computers.
We should "sell" BTC on other points and perhaps recommend online wallet services to the noobs.
|
|
|
|
|
bitdragon
|
|
June 28, 2012, 03:00:02 PM |
|
The details of the global fraud come just a day after the MI5 boss warned of the new cyber security threat to UK business. Oh those coincidences remind me of Peter Power and his simulation on the same day it really happened. http://www.youtube.com/watch?v=KJUVqcNDZlk |
|
|
|
|
