The Bitcoin Theft

Late last month, Bitcoin exchange Mt. Gox in Tokyo declared bankruptcy, claiming hackers had exploited a vulnerability in its transactions to steal 850,000 bitcoins (worth approximately $474 million). The flaw, called transactions malleability, was known for a while and it is possible that a malicious party could have taken advantage of it to withdraw funds.

It is also possible that funds were being mismanaged through the Mt. Gox exchange. Mt. Gox had problems for some time, as users complained they could not withdraw dollars from Mt. Gox for close to a year now. The website has gone off-line as authorities look into the situation.

There is much suspicion among bitcoin users around the shut down of the exchange. “I am extremely disappointed with the company but not surprised,” said investor Kolin Burges in an email. “I am thoroughly disgusted by the company and the way they have ruined so many people’s lives, as well as disgusted by their conduct through this whole situation. I will be doing anything I can to ensure that anyone at the company who was to blame for this faces justice for any crimes they might have committed. I will also do anything I can to investigate what was really going on there, but hopefully the courts and police of Japan will do a thorough job,” said Burges.

The issue of the latest theft appears too small to shut down one of the largest bitcoin exchanges in the world. In the news recently, anonymous hackers claim to have evidence that the bitcoin from Mt. Gox are not missing, but that customers were defrauded by Mt. Gox management.

The Bitcoin network has experienced major security breaches over the past year. November saw three major Bitcoin thefts: One involving more than $1 million in bitcoin from Bitcoin Internet Payment Services, a Denmark-based exchange that promoted itself as Europe’s biggest. There was a heist involving about $1.4 million from Australian online wallet service Inputs.io. Finally, the disappearance of a Chinese Bitcoin exchange with more than $4 million in it, revealing that exchange as a con. Since the Mt. Gox theft, Canadian Bitcoin bank, Flexcoin, announced it is going out of business, following a hack which saw 896 coins stolen.

Read the full story in the news here and here.

Why Debit Cards Are Riskier

The recent IS&T article “Tips for Shopping Safely Online” mentions that using a debit card is riskier for shopping than using a credit card. A colleague wondered how much of this was true, so I decided to do a little bit of research. These are some reasons why:

  • Payments made with credit cards are charged to the lender, who takes the risk and covers you for fraud. You can make a dispute claim and have the charge removed from your account. You simply decline the charges and don’t have to pay the bill. Debit cards are tied directly to a bank account, so payment is almost instant and charges are billed to you, the client, rather than the intermediary credit lender. Disputing a charge can take weeks to clean up, in the meantime leaving less funds in your account than you thought you had.
  • ATMs, where you withdraw cash from your bank account, are the perfect target for thieves. Outdoor ATMs are especially susceptible: the thieves install a skimming device that reads the magnetic strip on the back of the card, thereby stealing your financial information. Gas station payment machines are another place thieves install skimmers.
  • Stores are also targets for thieves. In 2009 Heartland Payment Systems discovered thieves had been stealing financial data right from the check-out card payment machines at 175,000 of their merchants, and several years later Michael’s was hit in a similar manner.

Of course, using a credit card comes with its own risks, such as interest rates and late fees. You can run up too much debt if you’re not careful. But for those of you who are financially responsible, credit cards can also earn you miles or other bonus points and rewards.

View more information about the differences between debit and credit cards at bankrate.com and this article on the NY Times.

Fraud Statistics That May Surprise You

Fraud is nothing new. Scammers have been attempting to trick consumers into spending money on fake (or non-existent) products for a long time.

However, what IS new is how we are getting scammed. Did you know that one third of people who reported being scammed first learned of the fake pitch online? The other sources are print ads, TV and radio, and telemarketing calls. When you consider that fraud harms 25.6 million people in the U.S. in one year (from a survey done in 2011), that adds up to a lot of people. That’s about one in every 10 adults in the U.S.

Learn more about the survey done by the Federal Trade Commission here.

Are you one of those affected? Learn how you can avoid or report fraud.

Identity Theft: Not so Funny for Most of Us

I don’t know if you’ve seen it listed in the movie section of your local paper, but Identity Thief, the movie, was released a week or two ago. I was pretty excited to see this, considering that the main focus of my job is to help people protect against identity theft.

How quickly my excitement turned to disappointment, when I realized from the synopsis that the movie is a comedy. A poor sod gets his identity stolen by a unrepentant fraudster, who turns his credit rating into shambles and steals his carefully saved funds. He then goes on a mission to clear his name by going after her.

Not having seen the movie, I can’t say too much about it, except this: although it didn’t get high ratings from reviewers, it’s currently at the top of the past week’s box office ratings. So maybe there’s something to be said for wanting to see a victim go after his identity thief.

For those of us who can’t actually do this, here are some tips for preventing identity theft from occurring in the first place.

Online Shopping Risks During the Holiday Season

The trickery involved in a different form of phishing came to my attention this weekend. You may have already heard about phishing as it relates to emails. Phishing emails are spam messages that arrive in our mailboxes and pretend to come from a legitimate entity, such as a bank or your school’s email administrator and then attempt to obtain your credentials so that they can access your email account, your bank account or any of your other online accounts. A keen eye and suspicious mind will go far to prevent you from falling for these scams.

What you might not be as familiar with is internet phishing. This is when you visit a website that you might already trust or which has a good reputation and so you have no reason to suspect foul-play. Even so, some scammer has managed to compromise a portion of that site so that when you are submitting your personal information, you are actually submitting it to a cyber criminal.

An example I saw this weekend involved renting a vacation property via a popular website. When submitting an inquiry or deciding to place a reservation, the victim is unaware that he is sending his information to the phisher, rather than to the property owner/manager. The phisher intercepts the client’s credit card information and the victim is unaware that not only did the inquiry or reservation not go through, but his credit card could now be compromised. In this example, the phisher impersonated the owner/manager and perhaps already gained access to his or her email account.

Today is Cyber Monday, kicking off the online shopping season, and cyber criminals are out there busily setting traps for the unwary shopper.

This news article provides some tips to help you have a safe and pleasant online shopping experience this holiday season. In addition, if you experience fraud via a website, be sure to let the owners of the website know so that others don’t fall victim as well.

The Dangers of Hacking

There are those who engage in hacking and commit fraud for monetary gain. And there are those who hack for the purpose of civil disobedience or to disrupt businesses, such as the group Anonymous. An article posted on NPR: All Tech Considered, discusses the anonymity of online actions and how this anonymity can lure people to believing their actions online may not have real-world consequences. The author believes the risk has more to do with the kind of technology that is being built into more kinds of networked devices, from factory valves to medical equipment to chips used to track cattle. Food for thought?

Data Center Breach Jettisons 1.5M Credit/Debit Card Numbers into the Wild

Last week, the Atlanta-based processing firm Global Payments announced that a data center security breach exposed 1.5 million credit and debit card numbers. The incident occurred between January 21st and February 25th of this year and affects credit and debit cards that bear the Visa or MasterCard logo. In a statement, Global Payments noted that “cardholder names, addresses and social security numbers were not obtained by the criminals.”

If fraudulent or erroneous charges do appear on a bank or credit card account, it is important to contact your financial institution’s customer service department and file a complaint immediately.

In light of this disclosure, Visa and MasterCard customers should be extra vigilant.

Read More: http://krebsonsecurity.com/2012/04/global-payments-1-5mm-cards-exported/