recommended reading

Threatwatch

Australia-based bitcoin fund robbed of $70,000 after U.S. Marshals leaked contact info

Credential-stealing malware; Cyber espionage; Password cracking; Social engineering; Spear-phishing; User accounts compromised

The email address of Sam Lee, co-founder of Bitcoins Reserve, was made public by accident, allowing an attacker to send him an infected message that stole company computer credentials.  

Lee’s contact details, along with those of others interested in an auction of 30,000 bitcoins confiscated from the Silk Road black marketplace, were recently leaked by the U.S. Marshalls Service by mistake.  

The hacker posed as a journalist requesting an interview to lure Lee into opening a bogus Google Doc. Lee believed the file contained interview questions.

By clicking on a link to the document, Lee unwittingly unleashed a malicious program that grabbed access to his email account and other passwords.

The attacker pried into company emails through that one opening

“They couldn’t gain direct access to Bitcoins Reserve’s bitcoins, Lee says, because it’s handled by a security expert ‘and they’re all locked down,’” StartupSmart reports. “Instead they sent an email from Lee’s email address, purporting to be him, to the company’s chief technology officer, requesting that 100 bitcoins be sent to a specific bitcoin address.”

The CTO requested to speak over the phone with the individual claiming to be Lee to confirm it was indeed him.

The attacker consented, but said the call would have to be later that afternoon since he was busy.

In an unfortunate coincidence, Lee actually was busy on the morning of the attack, and unable to answer his mobile, which made the attacker’s claims more credible.

The CTO called other fund executives who authorized the transaction, under the mistaken impression they were fulfilling an internal client withdrawal request.

“Is it the U.S. Marshals’ fault that the attack occurred? Absolutely! Is it their fault that we lost some Bitcoins? No,” Lee tells StartupSmart. “I’m glad it’s happened sooner rather than later, as it’s made us aware of our vulnerabilities.”

sector

Financial Services

reported

July 1, 2014

reported by

StartupSmart

number affected

Unknown

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

Some point in mid to late June 2014

date breach detected

Some point in mid to late June 2014

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.