BitInstant Posted on Monday, March 4, 2013 at 11:03AM
As many of you know, BitInstant was down starting Thursday evening and was turned back on today (Monday) with a limited relaunch.
None of your personal or transactional information has been leaked. We keep all that data offline to protect everyones privacy.
Over the weekend the BitInstant team has been hard at work securing our system from a sophisticated attack on Thursday evening. Overall, due to major choke points and redundancies in our system, the hacker was only able to walk away with $12,480 USD in BTC, and send them in 3 installments of 333 BTC to bitcoin addresses.
We've long been targeted by someone using social engineering tactics to attempt to compromise our various accounts at exchanges, with our hosting provider Amazon AWS and even on my personal accounts, mostly without success. At no time have we ever had a single system or account compromised through technical means, or indeed at all before yesterday. For the sake of convenience I'll refer to this mystery person as simply "the attacker". This individual was only successful due to the failure of the staff at our domain registrar as I will explain below, we intend to move to a more secure registrar ASAP.
The attacker contacted our domain registrar at Site5 posing as me and using a very similar email address as mine, they did so by proxying through a network owned by a haulage company in the UK whom I suspect are innocent victims the same as ourselves. Armed with knowledge of my place of birth and mother's maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login (this prevented us from deleting it from the account). We immediately realized what was going on, and logged in to change the information back. After changing this info and locking the attacker out, overnight he was able to revert my changes and point our website somewhere else. Site5 is denying any damages, but we suspect this was partly their fault.
After gaining access, they redirected DNS by pointing the nameservers to hetzner.de in germany, they used hetzner's nameservers to redirect traffic to a hosting provider in ukraine. By doing this, he locked out both my login and Gareths's login and they used this to hijack our emails and reset the login for one exchange (VirWox), enabling them to gain access and steal $12,480 USD worth of BTC. No other exchanges were affected due to either Mult Factor Authentication, OTP, Yubikey's and auto lockdowns.
The hacker was also able to pull a few hours of internal company emails. However due to mandatory PGP encrytion between members of our company and tools like Cryptocat, sensitive information was not breached.
Information about the attacker:
Based on their general MO, the attacker is not highly technically skilled but is sneaky enough to cover their tracks. Some of the hosting providers they directed our domain at may have billing information, but such billing information is likely a stolen card. Geographically, I would personally suspect them to be Russian, based on the choice of providers and based on past fruitless attempts that clearly were of Russian origin. They seem focused on me in particular and have tried many times to gain access to my accounts (both personal and business)
Other parties involved (the attacker used these parties in some way):
meta.ua - email provider
hetzner.de - nameservers for the first attempt were hosted here
ukraine.com.ua - hosting provider involved in the first hijack
smtp.parkside.at - mail provider which was involved in the email hijack
Circle Express Ltd - their network was used as a proxy, the actual IP
is registered to BT PLC but is used by Circle Express on a business
line of some variety
So, we wanted to provide this update in order to continue our practice of transparency, but also as a lesson to the community - you must be ever-vigilant in making security your top priority. We outline many more of our security protocals here: bitinstant.com/security
Thanks for your patience, support, and trust during these times.
- The Team @ BitInstant.
References allow you to track sources for this article, as well as articles that were written in response to this article.
Response: SCADAHey you all, That is a very good update. Have you thought of wireless communication for PLCs?
Response: cashmoneygoldmine-review.comEvents of Friday - BitInstant Back Online - Blog - Genesis Block - The BitInstant Blog
Response: bunniestenerife.comI really like this text, the content written in this article is incredibly useful. I appreciate the write and his efforts to produce information regarding topic. it is a well-written article and is sort of comprehensive and precise. the author has command over the theme and it is a well-researched article. ...
Response: wpanel.hostinglab.itWhile trying to give up smoking cigarettes, I heard about the smokeless cigarette. The e-cig uses a nicotine compound which holds simply nicotine. Virtually no toxic substances in the least. They already have actually improved my life. Quitting breathing in smelly smoke feels stupendous to me!
Response: hosting professionaliEvents of Friday - BitInstant Back Online - Blog - Genesis Block - The BitInstant Blog