Krebs on security bitcoin values
Potentially more punishing, the flaw let anyone paying with bitcoin reap many times the authorized bitcoin refund amount on any canceled Overstock orders. In JanuaryOverstock. As a result of the change, Coinbase customers with balances of bitcoin at the time of the fork were given krebs on security bitcoin values equal amount of bitcoin cash stored by Coinbase.
However, there is a significant price difference between the two currencies: During the checkout process for those paying by bitcoin, Overstock. The solar lights I purchased from Overstock.
After indicating I wished to pay for the lamps in bitcoin, the site produced a payment invoice instructing me to send exactly 0. The site responded that the payment was complete. Within a few seconds I received an email from Overstock congratulating me on my purchase and stating that the items would be shipped shortly.
Crypto-currency alchemy at last! So I cancelled the order. To my surprise, the system refunded my purchase in bitcoin, not bitcoin cash!
Consider the implications here: A dishonest customer could have used this bug to make ridiculous sums of bitcoin in a very short krebs on security bitcoin values of time.
Reached for comment, Overstock. After working with the researcher to confirm the finding, that method of payment was disabled while we worked with our cryptocurrency integration partner, Coinbase, to ensure they resolved the issue. We have since confirmed that the issue described in the finding has been resolved, and the cryptocurrency payment option has been re-enabled.
No other Coinbase customer had this problem. To our knowledge, a very small number of transactions were impacted by this issue. The snafu comes as many businesses that have long accepted bitcoin are now distancing themselves from the currency thanks to the recent volatility in bitcoin prices and associated krebs on security bitcoin values.
Earlier this week, it emerged that Microsoft had ceased accepting payments in Bitcoinciting volatility concerns. And, as KrebsOnSecurity noted last month, even cybercriminals who run online stores that sell stolen identities and credit krebs on security bitcoin values are urging their customers to transact in something other than bitcoin.
Instead, I donated it to archive. A previous version of this story stated that neither Coinbase nor Overstock would say which of the two was responsible for this issue. The modified story above resolves that ambiguity. Bancsecbitcoin cashCoinbaseJ.
Snydermicrosoftoverstock. This entry was posted on Tuesday, January 9th, at 1: You can follow any comments to this entry through the RSS 2. Both comments and pings are currently closed. Best story so far this year! Now we all know to check out new adopters of Bitcoin to see if the same thing can be replicated with them. This is at least two separate Krebs articles in the last couple of weeks on the topic of cryptocurrency now where your comment has been a clear standout as the most facepalm worthy.
I suspect not… As there are far superior technologies, which are directly completing against each other. There will be some winners and losers, but Bitcoin is currently the gold standard of the Crypto world…. Besides money laundering and crime what is the real advantage of a currency backed by nothing with widely varying fees?
No major country in the world is going to stand by while billions of tainted dollars flow unseen, untaxed, and unregulated.
Sure sounds like the current currencies being used around the world. Have you not considered that your current currency is digital? Only the bank has a copy of that database. If they lose their copy, there goes the proof of your finances. Blockchain provides everyone with an exact copy of the database. You say that like it matters. I would prefer in fact for the drug dealers and high dollar money launderers to get caught and prosecuted by the IRS and FBI. The inevitable result is what we see today, governments not recognizing these as legitimate ways to process transactions and rightfully seeing them as a smoke signal for criminal activity.
I wonder how much longer Overstock will even be accepting Bitcoin. Like the others that you mentioned, most retailers cannot manage the volatility. Bitcoin is hardly a currency anymore. Long-time supporters of Bitcoin, as I am, are saddened by this. Theyre the 1st public corp I know of to hodl BTC. Good luck trying that during the next post-natural disaster situation. Is it truly any different than the krebs on security bitcoin values money system?
I go months on end without touching a paper bill. In that case, what happens when the power goes out?? Can I go to an ATM? Everything is play money now. You can bury the private keys printed on paper or etched on metal. You can transact with no power the same way you do with no cash during a blackout. You agree to even things up when the power comes back on.
The US Dollar has value because every believes it has value. Read up on how Brazil launched their new currency and stopped the crazy inflation krebs on security bitcoin values the old Real. Nothing changed, except public perception. The old dollar is bad. Not unfixable, but breathtaking.
Brian, maybe Amazon is too volatile for you too? Krebs on security bitcoin values stock is a commodity. Comparing the two only undermines your argument that Bitcoin is a currency. What I think Greg is saying is that generally a currency should be a 1 medium of exchange and 2 a store of value. That value is obviously not a constant, but we expect still our currency to be more dependable predictable?
I see where he is coming from. Nice job of distancing yourself from the caper. Great research you did on this article! And thumbs up for supporting archive.
But I think you miss one point here: The more complicated it is, the more likely it will happen. I have implemented online payment methods into online shops myself and I know from experience, both in my own work and from other developers.
I remember when MasterCard secure code was introduced a few years ago and online shops started adapting it: What happend was the purchase was completed and marked as paid. The item was sent to me, even though I never paid for it. Bitcoin may be groundbreaking as an idea, but the current implementation has been proven completely unfit as an everyday payment method.
There will most definitely be a crypto currency or multiple currencies that will replace PayPal and credit cards for online payments, but it has to be different to Bitcoin in a way that is yet to be found.
Bitcoin is one of the few that actually has real engineering and coding talent behind it. Bcash is a patch job run by a criminal.
Support of that trash was the first mistake. And they are real scalable solutions. The volatility is natural and healthy at this stage. The laws are clear about how they wish to treat it, at least right now. The major difference being your responsible for securing your money or pay someone to do it for you. The real krebs on security bitcoin values will be when government inevitably pushes for their own controlled cryptocurrency. Will people refuse and fight back in the centralization of power and lack of freedom that entails or roll iver thinking.
Most people krebs on security bitcoin values how to use debit cards for online payments simply by intuition. Good luck trying to explain the problem of unspent outputs with a paper wallet to 10 random people you meet krebs on security bitcoin values the street! If you think that Bitcoin or any crypto currency can replace credit cards if you krebs on security bitcoin values solve the scalability issues, it is wishful thinking. The idea behind Bitcoin is great, but the revolution has just begun.
The guy who runs Bitcoin cash is a criminal? You continue with only wishful thinking, or simply utter dreams. Already another one replied to you krebs on security bitcoin values that too.
Crypto will remain but bitcoin is doomed already. Bitcoin Cash, EthereumMonero and countless others have already surpassed it!
But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.
According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database. Unfortunately, your data was leaked in the recent hacking krebs on security bitcoin values Ashley Madison krebs on security bitcoin values I now have your information. If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.
You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…. Increasingly, however, these accounts are showing up for sale at Payivy[dot]coman open Web marketplace that happily accepts PayPal in exchange for a variety of stolen accounts.
A PayIvy seller advertising Netflix accounts for a dollar apiece. Unlike most sites selling hacked accounts, this one takes PayPal. The fact that PayIvy takes PayPal krebs on security bitcoin values payment means that buyers can purchase hacked accounts with [stolen] credit cards — or, worse yet, stolen PayPal accounts.
Reachable only via the Tor network a. Evolution operates on an escrow system, allowing buyers and sellers to more confidently and successfully consummate sales of dodgy goods.
The administrators assured anxious vendors that the issue would be resolved within 24 hours. But before that 24 hours could elapse, the Evo community — its marketplace and user discussion forum — went offline.
One big takeaway from this slideshow is that many shops are now categorizing their goods for sale by the state or region of the victim company. This was a major innovation that we saw prominently on display in the krebs on security bitcoin values shop that was principally responsible for selling cards stolen in the Target and Sally Beauty retail breaches: In those cases, buyers were offered the ability to search for cards by the city, state and ZIP of the Target and Sally Beauty stores from which those cards were stolen.
The slideshow may make more sense if readers familiarize themselves with a few terms and phrases that show up in the text:. Prior to breaking the story of the Target breach on Wednesday, Dec. There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country. Armed with that information, thieves can effectively clone the cards and use them in stores.
More than a million of their cards were thought to have been compromised in the Target breach. One of those institutions noticed that one card shop in particular krebs on security bitcoin values recently alerted its loyal customers about a huge new batch of more than a million quality dumps that had been added to the online store. When the bank examined the common point of purchase among all the dumps it had bought from the shady card shop, it found that all of them had been used in Target stores nationwide between Nov.
Subsequent buys of new cards added to that same shop returned the same result. Not long after that announcement, I pinged a source at a krebs on security bitcoin values community bank in New England to see whether his institution had been notified by Visa or MasterCard about specific cards that were potentially compromised in the Krebs on security bitcoin values breach.
This institution has issued a grand total of more thandebit and credit cards to its customers, but my source told me the tiny bank had not yet heard anything from the card associations about specific cards that might have krebs on security bitcoin values compromised as a result of the Target breach. On the other hand, this bank had identified nearly 6, customer cards — almost 5 percent of all cards issued to customers — that had been used at Target stores nationwide during the breach window described by the retailer.
Forum software maker vBulletin is urging users to change their passwords following a recent breach of its networks. The attackers who claimed responsibility for the intrusion say they broke in using a krebs on security bitcoin values flaw that is now being sold in several places online, but vBulletin maintains it is not aware of any zero-day attacks against current versions of its product.
Kim said the attackers in that case even came on the MacRumors forum and posted a blow-by-blow of the attackconfirming that the cause of krebs on security bitcoin values breach was a compromised moderator account. Kim said the person who left the comment krebs on security bitcoin values using the same Internet address as the attacker who hacked his forum, and that the moderator account that got compromised on MacRumors also had an krebs on security bitcoin values with the same name and password on vBulletin.
All of you kids that are saying upgrade from 3. This message is left by Krebs on security bitcoin values for victims whose antivirus software removes the file needed to pay the ransom. To recap, CryptoLocker is a diabolical new twist on an old scam. The malware encrypts all of the most important files on a victim PC — pictures, movie and music files, documents, etc. Victims who pay the ransom receive a key that unlocks their encrypted files; those who let the timer expire before paying risk losing access to their files forever.
Part of the problem, according to Abrams, is that few victims even know about Bitcoins or MoneyPak, let alone how to obtain or use these payment mechanisms. The people who did pay with Bitcoins said they found the process for getting them was so cumbersome that it took them a week to figure it out.
The idea of purposefully re-infecting a machine by downloading and executing highly destructive malware may be antithetical and even heresy to some security pros. But krebs on security bitcoin values who are facing the annihilation of their most precious files probably have a different view of the situation.
And those victims will krebs on security bitcoin values longer have the option to pay the ransom via Krebs on security bitcoin values. Abrams said the service exposes two lies that the attackers have been perpetuating about their scheme. For starters, the bad guys have tried to dissuade victims from rolling back their system clocks to buy themselves more time to get the money together and pay the ransom. According to Abrams, this actually works in many cases to delay the countdown timer.
A complaint unsealed Oct. Krebs on security bitcoin values with the FBI and U. Post Office inspectors say they tracked dozens of packages containing drugs allegedly shipped by Sadler and a woman who was living with him at the time of his arrest.
Authorities tied Sadler to the Silk Road after intercepting a package of cocaine and heroin destined for an Alaskan resident. Investigators allege that the tracking showed the two traveled to at least 38 post offices in the Seattle area during the surveillance period.
Two of those servers were located in Iceland, one in Latvia, another in Romania, and apparently one in the United States. See the map above. Still more admirers paid my cable bill for the next three years using stolen credit cards.
Malware authors have even used my name and likeness to peddle their wares. But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police.
Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery. In the screenshot pictured above, Flycracker says to fellow members:. We will save Brian from the acute heroin withdrawal and the world will get slightly better!
At first, Fly tried to purchase a gram of heroin from a Silk Road vendor named 10toesan anonymous seller who had excellent and plentiful feedback from previous buyers as a purveyor of reliably good heroin appropriate for snorting or burning and inhaling see screnshot below. Seller said the krebs on security bitcoin values will be delivered after 3 days, on Tuesday. If anyone calls then please say that drugs are hidden well. Last week, I alerted the FBI about this scheme, and contacted a Fairfax County Police officer who came out and took an official report about it.
Meiklejohn and fellow researcher Damon McCoyan assistant professor of computer science at George Mason Universityhave been mapping out a network of bitcoin wallets that are used exclusively by the curators of the Silk Road.
If you wish to transact with merchants on the Silk Road, you need to fund your account with bitcoins. The act of adding credits appears to be handled by a small number of bitcoin purses. New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines.
That is, they tend to chronically undervalue the computers at their disposal, and instead focus on extracting specific resources from hacked PCs, such as using them as spam relays or harvesting online banking credentials.
Some of the panels are even reselling hacked credentials at popular porn sites. Goods can be purchased via virtual currencies such as Perfect Money and bitcoin. The shop shown below — blackhatstore[dot]ru — borrows the trademarked image of the Black Hat security conference franchise. This bot chop shop trades on the good name and trademarks of the Black Hat security conference franchise owned by UBM Tech.
Follow me on Twitter. Join me on Facebook. Krebs on Security In-depth security news and investigation. An extortion email sent to an AshleyMadison user. The slideshow may make more sense if readers familiarize themselves with a few terms and phrases that show up in the text: Templates like this are helping to spread one-stop-fraud shops. Your email account may be worth far more than you imagine.
The friend said he had nothing to hide and suspects this is part of a random but well-crafted campaign to prey on men who may have a guilty conscience. The letter addressed the recipient by his first name and hometown throughout, and claimed to have evidence of the supposed dalliances.
It is just your bad luck that I stumbled across your misadventures while working on a job around Bellevue. Frankly, I krebs on security bitcoin values ready to forget all about you and let you get on with your life.
And I am going to give you two options that will accomplish that very thing. Critics of unregulated virtual currencies like Bitcoin have long argued that the core utility of these payment systems lies in facilitating illicit commerce, such as buying drugs or stolen credit cards and identities.
But recent spikes in the price of Bitcoin — and the fees associated with moving funds into and out of it — have conspired to make Bitcoin a less useful and desirable payment method for many crooks engaged in these activities. This has made Bitcoin far less attractive for conducting small-dollar transactions for more on this shift, see krebs on security bitcoin values Dec. As a result, several major underground markets that traffic in stolen digital goods are now urging customers to deposit funds in alternative virtual currencies, such as Litecoin.
Those who continue to pay for these commodities in Bitcoin not only face far higher fees, but also are held to higher minimum deposit amounts. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money krebs on security bitcoin values call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks.
As part of this scheme, victim devices were used to transmit high volumes of requests to view web addresses associated with affiliate advertising content. The documents show that Norman helped Jha and White discover new, previously unknown vulnerabilities in IoT devices that could be used to beef up their Mirai botnet, which at its height grew to more thanhacked devices.
The Mirai malware is responsible for coordinating some of the largest and most disruptive online attacks the Internet has ever witnessed. The biggest and first to gain widespread media attention began on Sept. That September digital siege maxed out at Gbps, almost twice the size of the next-largest attack that Akamai — my DDoS mitigation provider at the time — had ever seen.
Justice Department held a press conference to detail the AlphaBay takedown that the other shoe dropped: Police in The Netherlands for the past month have been operating Hansa Marketa competing Dark Web bazaar that enjoyed a massive influx of new customers immediately after the AlphaBay takedown.
The normal home page for the dark Web market Hansa has been replaced by this message from U. We know of several Americans who were killed by drugs on AlphaBay.
Andrew McCabeacting director of the FBI, said AlphaBay was roughly 10 times the size of the Silk Roada similar dark market that was shuttered in a global law enforcement sting in October Since the undercover operation to take over Hansa market by the Dutch Police, usernames and passwords of thousands of buyers and sellers of illicit commodities have been identified and are the subject of follow-up krebs on security bitcoin values by Europol and our partner agencies.
The ransom note that gets displayed krebs on security bitcoin values screens of Microsoft Windows computers infected with Petya.
According to multiple news reports, Ukraine appears to be among the hardest hit by Petya. National Security Agency and in April leaked online by a hacker group calling itself the Shadow Brokers. Microsoft released krebs on security bitcoin values patch for the Eternal Blue exploit in March MSbut many businesses put off installing the fix.
Many of those that procrastinated were hit with the WannaCry krebs on security bitcoin values attacks in May. Organizations and individuals krebs on security bitcoin values have not yet applied the Windows update for the Eternal Blue exploit should patch now.
Krebs on security bitcoin values initial vDOS story was based on data shared by an anonymous source who had hacked vDOS and obtained its private user and attack database. Most of those profits came in the form of credit card payments via PayPal. The researchers found that their interventions cut profits in half for the popular booter service, and helped reduce the number of attacks coming out of it by at least 40 percent. The prices were based partly on the overall number of seconds that an attack may last e.
The Wana ransomware became a global epidemic virtually overnight this week, after criminals started distributing copies of the malware with the help of a security vulnerability in Windows computers that Microsoft patched in March Infected computers have all their documents and other important user files scrambled with strong krebs on security bitcoin values, and victims without access to good backups of that data have two choices: According to a detailed writeup on the Wana ransomware published Friday by security firm RedsocksWana contains three bitcoin payment addresses that are hard-coded into the malware.
One of the nice things about Bitcoin is that anyone can view all of the historic transactions tied a given Bitcoin payment address. The source, who asked to remain anonymous, said his honeypot soon began seeing traffic destined for Asus and Linksys routers running default credentials. When he examined what that traffic was designed to do, he found his honeypot systems were being told to download a krebs on security bitcoin values of malware from a destination on the Web.
My source grabbed a copy of the malware, analyzed it, and discovered it had two basic functions: When he realized how his system was being used, my source fired up several more virtual krebs on security bitcoin values, and repeated the process.
What he observed was that all of the systems were being used for a variety of badness, from proxying Web traffic destined for cybercrime forums to testing stolen credit cards at merchant Web sites. Unfortunately, this type of criminal proxying is hardly new.
Crooks have been using hacked PCs to proxy their traffic for eons. The various subscription packages to the service are sold based in part on how many seconds the denial-of-service attack will last.
And in just four months between April and JulyvDOS was responsible for launching more than million seconds of attack time, or approximately 8. Let the enormity of that number sink in for a moment: That kind of time compression is possible because vDOS handles hundreds — if not thousands — of concurrent attacks on any given day. The hack of vDOS came about after a source was investigating a vulnerability he discovered on a similar attack-for-hire service called PoodleStresser.
PoodleStresser, as well as a large number of other booter services, appears to rely exclusively on firepower generated by vDOS. Responses from the tech support staff show that the proprietors of vDOS are indeed living in Israel and in fact set the service up krebs on security bitcoin values that it was unable to attack any Web sites in that country — presumably so as to not attract unwanted attention krebs on security bitcoin values their service from Israeli authorities. Here are a few of those responses:.
Sorry for any inconvinience. I know him from Israel. P1st0and AppleJ4ck. The Web server hosting vDOS also houses several other sites, including huri[dot]bizustress[dot]ioand vstress[dot]net. Virtually all of the administrators at vDOS have an email account that ends in v-email[dot]org, a domain that also is registered to an Itay Huri with a phone number that traces back to Israel.
The proprietors of vDOS set their service up so that anytime a customer asked for technical assistance the site would blast a text message to six different mobile numbers tied to administrators of the service, using an Krebs on security bitcoin values service called Nexmo.
Two of those mobile numbers go to phones in Israel. One of them is the same number listed for Itay Huri in the Web site registration records for v-email[dot]org; the other belongs to an Israeli citizen named Yarden Bidani. Neither individual responded to requests for comment. The data shows that vDOS support emails go to itay huri[dot]biz, itayhuri8 gmail. But for several years until recently it did, and records show the proprietors of the attack service worked assiduously to launder payments for the service through a round-robin chain of PayPal accounts.
They did this because at the time PayPal was working with a team of academic krebs on security bitcoin values to identify, seize and shutter PayPal accounts that were found to be accepting funds on behalf of booter services like vDOS. Turns out, AppleJ4ck and p1st routinely recruited other forum members on Hackforums to help them launder significant sums of PayPal payments krebs on security bitcoin values vDOS each week. The data shows that they now use an intermediary server When a Bitcoin payment is received, Coinbase notifies this intermediary server, not the actual vDOS servers in Bulgaria.
A server situated in the middle and hosted at a U. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers. Acting on a tip from a trusted source in the cybercrime underground who reported that a cache of account data on Gyft customers was on offer for the right bidder, KrebsOnSecurity contacted Gyft to share intelligence and to request comment.
Gyft declined to comment on the record for this story. Gyft did confirm attackers were able to acquire usernames and passwords for a subset of Gyft customers, and that it had forced a password reset for those accounts. Follow me on Twitter. Join me on Facebook. Krebs on Security In-depth security news and investigation. The vDos home page. Your email account may be worth far more than krebs on security bitcoin values imagine.