BitcoinTalk Server Compromised

1

BitcoinTalk is currently offline for an extended maintenance and forensics review after a “social engineering attack” took place against the service provider NForce.

A tweet sent out by the BitcoinTalk twitter account stated the server had been compromised and a forensic analysis would take place before a reinstall.

NFOrce Headquarters. Image provided by NFOrce

NFOrce Headquarters. Image provided by NFOrce

NForce is a cloud hosting, dedicated hosting and colocation company located in the Netherlands.

theymos posted on reddit they he believed the server was only compromised for approximately 12 minutes and that he believed every user should act as though password hashes, PMs, emails and other materials were compromised.

The forum’s ISP NFOrce managed to get tricked into giving an attacker access to the server. I think that the attacker had access for only about 12 minutes before I noticed it and had the server disconnected, so he probably wasn’t able to get a complete dump of the database. However, you should act as though your password hashes, PMs, emails, etc. were compromised. The forum will probably be down for 36-60 hours for analysis and reinstall. I’ll post status updates on Twitter @bitcointalk and I’ll post a complete report in a post in Meta once the forum comes back online.

The company  NForce has been in operation since 1995 and officially incorporated in April of 2004.

theymos told Coin Fire,

Someone managed to impersonate me to the forum’s ISP NFOrce and then reset the forum’s KVM password. It looks like they had unrestricted access to bitcointalk.org’s server for about 12 minutes before I noticed it and had the server disconnected. Now we’re trying to figure out exactly what database info the attacker managed to download in that time (if anything), and then we’re going to have to reinstall the OS to rule out the possibility that the attacker installed any rootkits while he had access. As such, the forum will probably be down for 36-60 hours. I’ll post status updates on Twitter @bitcointalk and I’ll post a complete report in a post in the Meta section of the forum once the forum comes back online.

I am consistently disappointed in the miserable state of security in the world. Even if your own security is perfect (which it basically never is), you can still be compromised by the people you rely on, who are often very careless. This particular type of attack is especially common and easy, even among companies that are supposed to be very secure. The problem is that customer-facing employees can often cause a lot of damage, but they usually don’t have much training in security, and their first priority is usually to satisfy whoever they’re talking to as quickly as possible. Next time you talk to a bank clerk in order to send a wire transfer or something like that, think about whether the “security questions” that they ask (if any) would actually stop an attacker who has spent a long time researching you. Usually, the answer is no. I’ve even heard stories of support personnel for Bitcoin companies disabling 2FA on accounts for anyone who asks. Cryptography’s ability to solve this sort of nonsense is one thing that drives my interest in it, but it only works if people use it.

theymos brings up a valid range of concerns regarding customer security and front line employees. A large number of security issues await solving by the minds in cryptocurrency and cryptography.

 

Find the best exchange to buy Bitcoins


Coin Fire

Coin Fire is a cryptocurrency news site started on June 6th of 2014. The site focused on hard-hitting investigative stories. Coin Fire was acquired by 99Bitcoins on October 2015.

1 Comment

Leave A Reply