A Scam-Free Vacation

A lost ID card, using unknown wireless connections, stolen smartphone, skimmers, or laptop theft can ruin that glow you acquired while you were away. You don’t want to have to deal with identity theft or lost devices. These tips from the FTC provide some peace of mind for vacationers.

The Bitcoin Theft

Late last month, Bitcoin exchange Mt. Gox in Tokyo declared bankruptcy, claiming hackers had exploited a vulnerability in its transactions to steal 850,000 bitcoins (worth approximately $474 million). The flaw, called transactions malleability, was known for a while and it is possible that a malicious party could have taken advantage of it to withdraw funds.

It is also possible that funds were being mismanaged through the Mt. Gox exchange. Mt. Gox had problems for some time, as users complained they could not withdraw dollars from Mt. Gox for close to a year now. The website has gone off-line as authorities look into the situation.

There is much suspicion among bitcoin users around the shut down of the exchange. “I am extremely disappointed with the company but not surprised,” said investor Kolin Burges in an email. “I am thoroughly disgusted by the company and the way they have ruined so many people’s lives, as well as disgusted by their conduct through this whole situation. I will be doing anything I can to ensure that anyone at the company who was to blame for this faces justice for any crimes they might have committed. I will also do anything I can to investigate what was really going on there, but hopefully the courts and police of Japan will do a thorough job,” said Burges.

The issue of the latest theft appears too small to shut down one of the largest bitcoin exchanges in the world. In the news recently, anonymous hackers claim to have evidence that the bitcoin from Mt. Gox are not missing, but that customers were defrauded by Mt. Gox management.

The Bitcoin network has experienced major security breaches over the past year. November saw three major Bitcoin thefts: One involving more than $1 million in bitcoin from Bitcoin Internet Payment Services, a Denmark-based exchange that promoted itself as Europe’s biggest. There was a heist involving about $1.4 million from Australian online wallet service Inputs.io. Finally, the disappearance of a Chinese Bitcoin exchange with more than $4 million in it, revealing that exchange as a con. Since the Mt. Gox theft, Canadian Bitcoin bank, Flexcoin, announced it is going out of business, following a hack which saw 896 coins stolen.

Read the full story in the news here and here.

Using a Tracking System for Lost or Stolen Devices

In addition to using the STOP tags mentioned above, the MIT Police recommends that Apple device owners make use of the free “find my iPhone” feature that comes with an Apple iCloud account. Apple products, especially iPhones, are highly attractive to thieves. According to various police reports around the country, theft of smartphones increased 40% in 2012.

The same iCloud service exists for Mac laptops and desktops. However, be aware that even with a tracking system on a device — whether using the iCloud service from Apple or a third-party software such as LoJack for Laptops (http://www.lojack.com/Laptops) or Prey Project (http://preyproject.com/) — the police may not be able to simply retrieve it.

Even when the police can track the stolen item to a building, the difficulty is in finding the person who has it. If your device has been stolen, or is in a location that you do not trust and cannot get to quickly, your best bet is to erase or lock the device. Once erased, files and configurations cannot be restored except from a backup.

If you have a smart phone but don’t have an iCloud account or Apple device, check with your cell phone service provider. They may have ways to lock or wipe the device remotely on your behalf.

What to do if your MIT or personally owned device has been lost or stolen.

Laptop Tagging and Registration, Feb. 28

On February 28, 11:00am – 1:00pm, laptop registration will be in W92–106A

On Thursday, MIT Police is providing an opportunity for those in the West MIT Campus to tag and register laptop computers and electronic devices.

When registering your device, it receives a STOP tag. This loss prevention measure is a visible deterrent to theft. Take a look at this video to see the results. Each tag costs $10. Cash or a G/L account is accepted (no TechCash).

Details of this service and all upcoming dates and locations are listed here.

Ouch! October 2012 Issue

This month’s security newsletter by SANS explains how to protect your smartphone and the information it contains in case you lose your device or it is stolen. You can view it here (pdf).

Four Million Hotel Rooms Could Be Hacked + Theft Is Increasing = Be Careful

With less than $50 of off-the-shelf hardware and a bit of programming, it’s possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms. This hack was demonstrated at the Black Hat conference in Las Vegas. Apparently, there is no easy fix. If the hotels want to secure their guests, every single lock will have to be changed.

If you are traveling this year, I would recommend not leaving anything valuable in your hotel room. If the room has a safe, use it. If not, take your items with you, such as hard drives, thumb drives, computers, tablets, smart phones and iPods. Incidentally, if it’s a Mac product, beware: according to the Wall Street Journal, 40% of all major city robberies now involve Apple products.

Theft on the MIT Campus

The Police at MIT is warning the community about the occurrence of theft on campus this summer. Nine laptops, tablets, phones or backpacks/wallets were reported stolen in June; so far this month, ten such items were reported stolen. The thefts occur with higher frequency in public areas, such as the Student Center.

The Police bulletin recommends that you do not leave any of your possessions unattended, not even for an instant. Most items are stolen when the victim gets up and leaves his or her bag or device behind “just to grab a coffee” or “to use the restroom.” As an additional precaution against theft of electronic devices, it is recommended to use a tool (such as iCloud for Mac OS or iOS devices or one that supports multiple platforms such as http://preyproject.com/) that can locate, lock and recover your device at no cost.