Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
The Almighty Buck

A Source Code Typo Allowed An Attacker To Steal $592,000 In Cryptocurrency (bleepingcomputer.com) 88

An anonymous reader writes: "A typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price," reports BleepingComputer. According to the Zcoin team, one extra character left inside Zerocoin's source code was the cause of the bug. The hacker exploited the bugs for weeks, by initiating a transaction and receiving the money many times over.

"According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks," reports the site. "They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume... The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000)."

Bitcoin

Former Fed Employee Fined $5,000 For Installing Bitcoin Software On Server (bloomberg.com) 80

An anonymous reader quotes a report from Bloomberg: A former Federal Reserve employee was sentenced Friday to 12 months probation and a $5,000 fine after pleading guilty in October to installing unauthorized software on a computer server at the U.S. central bank. Nicholas Berthaume, who as a communications analyst had access to computer servers at the Fed's Board of Governors in Washington, installed software that connected to an online bitcoin network in order to earn units of the digital currency, according to a statement Monday from the central bank's Office of Inspector General. Berthaume also "modified certain security safeguards so that he could remotely access the server from home," the statement said. When confronted, he tried to cover up his actions by deleting the software; eventually he was fired and admitted guilt, the office said. His actions didn't result in the loss of any Fed information, and the board has enhanced security since the incident, the internal watchdog said. The story was first reported by The Wall Street Journal (Warning: source may be paywalled).
EU

Ransomware Infects a Hotel's Key System (dailymail.co.uk) 203

An anonymous reader writes: A luxury hotel "paid "thousands" in Bitcoin ransom to cybercriminals who hacked into their electronic key system. The "furious" hotel manager says it's the third time their electronic system has been attacked, though one local news site reports that "on the fourth attempt the hackers had no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled." The 111-year-old hotel is now planning to remove all their electronic locks, and return to old-fashioned door locks with real keys. But they're going public to warn other hotels -- some of which they say have also already been hit by ransomware.
UPDATE: The hotel's managing director has clarified today that despite press reports, "We were hacked, but nobody was locked in or out" of their rooms.
Security

Ransomware Infects All St Louis Public Library Computers (theguardian.com) 163

An anonymous reader quotes a report from The Guardian: Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims. Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city's 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines. As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks. On Friday, St Louis public library announced it had managed to regain control of its servers, with tech staff continuing to work to restore borrowing services. The 16 libraries have all remained open, but computers continue to be off limits to the public. Spokeswoman Jen Hatton told CNN that the attack had hit the city's schoolchildren and its poor worst, as many do not have access to the internet at home. "For many [...] we're their only access to the internet," she said. "Some of them have a smartphone, but they don't have a data plan. They come in and use the wifi." As well as causing the loans system to seize up, preventing borrowers from checking out or returning books, the attack froze all computers, leaving no one able to access the four million items that should be available through the service. The system is believed to have been infected through a centralized computer server, and staff emails have also been frozen by the virus. The FBI has been called in to investigate.
China

Bitcoin Slides as China's Central Bank Launches Checks On Exchanges (reuters.com) 43

An anonymous reader shares a Reuters report: China's central bank launched spot checks on leading bitcoin exchanges in Beijing and Shanghai, ratcheting up pressure on potential capital outflows and knocking the price of the cryptocurrency down more than 12 percent against the dollar. The People's Bank of China said its probe of bitcoin exchanges BTCC, Huobi and OKCoin was to look into a range of possible rule violations, including market manipulation, money laundering and unauthorized financing. It did not say if any violations had been found. Chinese authorities have stepped up efforts to stem capital outflows and relieve pressure on the yuan. While the yuan lost more than 6.5 percent against the dollar last year, its worst performance since 1994, the bitcoin price has soared to near-record highs.
Bitcoin

Bitcoin Was 2016's Best-Performing Currency (newsweek.com) 104

The co-founder of Blockchain published an opinion piece in Newsweek today mocking predictions about the death of bitcoin, saying "each is more wrong than the last... Bitcoin was again declared the world's best performing currency in 2016 by Bloomberg. In fact, it's held that title every year since 2010, with the notable exception of 2014, when it was the worst." An anonymous reader writes: Bitcoin president Nicolas Cary writes that bitcoin has become more stable than many of the world's top currencies, while the British pound "has dropped by more than 17% in a colossal collapse of confidence... In Africa, the Egyptian pound dropped 59% and the Nigerian naira fell 37%. In South America, the Argentine peso plummeted over 17% and the Venezuelan bolivar tumbled so far off a cliff it's difficult to measure -- even bricks of cash are worthless for everyday purchases there. Perhaps most dramatically of all, India, the world's second most populated country, introduced a stunning policy of demonetization declaring banknotes illegal overnight...

"During this time period, and partially in response to it, the price of bitcoin surged... Bitcoin also trounced the stock market from a performance perspective. Brand names like McDonald's, Home Depot and Disney grew at a paltry 1.6% or less; bitcoin outpaced them by over 70 times."

In 2009 one man in Norway bought $27 worth of bitcoin while writing a thesis on encryption, then forgot about them. Six years later, he discovered they were worth nearly $500,000.
The Almighty Buck

Bitcoin Is Crashing (businessinsider.com) 296

An anonymous reader writes: Bitcoin is getting smashed. The cryptocurrency was down 18% to about $892 per coin as of 8:17 a.m. ET on Thursday. It is the biggest drop in two years. Earlier this week, on its first trading day of the new year, Bitcoin crossed above the $1,000 mark for the first time since 2013, but it has now tumbled below that level.
Bitcoin

Over 1,800 MongoDB Databases Held For Ransom By Mysterious Attacker (bleepingcomputer.com) 115

An anonymous reader writes: "An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a 0.2 Bitcoin ($200) ransom to return the data," reports Bleeping Computer. According to John Matherly, Shodan founder, over 1,800 MongoDB databases have had their content replaced with a table called WARNING that contains the ransom note. Spotted by security researcher Victor Gevers, these databases are MongoDB instances that feature no administrator password and are exposed to external connections from the internet. Database owners in China have been hit, while Bleeping Computer and MacKeeper have confirmed other infections, one which hit a prominent U.S. healthcare organization and blocked access to over 200,000 user records. These attacks are somewhat similar to attacks on Redis servers in 2016, when an unknown attacker had hijacked and installed the Fairware ransomware on hundreds of Linux servers running Redis DB. The two series of attacks don't appear to be related.
The Almighty Buck

Legal Sparring Continues in Bitcoin User's Battle with IRS Tax Sweep (fortune.com) 101

In a strange twist, Coindesk reports that the IRS has, somewhat indirectly, removed one target from its broad request for data about U.S. users of the Bitcoin exchange Coinbase. It no longer wants data about Jeffrey Berns, a lawyer who also happens to be fighting the IRS's "John Doe" request in court. From a report on Fortune: Berns originally filed a motion on December 13th asking the U.S. District Court for Northern California to stop the IRS' subpoena of Coinbase records. The IRS believes that its request, filed in November, is justified because Bitcoin owners "may fail, or may have failed, to comply with one or more provisions of the internal revenue laws." Berns is represented by his own law firm, Berns Weiss, whose motion argues that the IRS data search is "an abuse of process" and "overbroad." Berns has said his motion is intended to defend not only himself, but all targeted users. But according to a December 28th court filing by the IRS, Berns is no longer a target of its records request because he identified himself in his own filing, and the request is only for unidentified users. Therefore, the IRS argues, Berns is not a party to proceedings and his request to block the data grab should be thrown out of court. In response, Berns Weiss had its own spin, telling Coindesk that "The IRS's willingness to withdraw the summons as to Mr. Berns only because it is now aware of his identity," and without the additional information they're seeking about many other Coinbase users, "Makes it clear that the IRS does not have a legitimate purpose in seeking substantial personal and financial information concerning approximately 3 million Americans."
The Almighty Buck

Bitcoin Breaks $1,000 Level, Highest in More Than 3 Years (cnbc.com) 146

The price of digital currency bitcoin has hit the $1,000 mark for the first time in three years. From a report on CNBC: The cryptocurrency was trading at $1,021 at the time of publication, according to CoinDesk data, at level not seen since November 2013, with its market capitalization exceeding $16 billion. Bitcoin has been on a steady march higher for the past few months, driven by a number of factors such as the devaluation of the yuan, geopolitical uncertainty and an increase in professional investors taking an interest in the asset class. "We are seeing the aftermath of zero interest rates run amok. So bitcoin is a healthy reminder that we don't have to hold on to dollars or renminbi, which is subject to capital controls and loss of purchasing power. Rather it's a new asset class," Bobby Lee, chief executive of BTC China, one of the world's largest bitcoin exchanges, told CNBC by phone.
Bitcoin

Destructive KillDisk Malware Turns Into Ransomware (securityweek.com) 56

wiredmikey writes from a report via SecurityWeek: A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain. CyberX VP of research David Atch told SecurityWeek that the KillDisk variant they have analyzed is a well-written piece of ransomware, and victims are instructed to pay 222 bitcoins ($210,000) to recover their files, which experts believe suggests that the attackers are targeting "organizations with deep pockets." From the report: "The ransomware is designed to encrypt various types of files, including documents, databases, source code, disk images, emails and media files. Both local partitions and network folders are targeted. The contact email address provided to affected users is associated with Lelantos, a privacy-focused email provider only accessible through the Tor network. The Bitcoin address to which victims are told to send the ransom has so far not made any transactions. Atch pointed out that the same RSA public key is used for all samples, which means that a user who receives a decryptor will likely be able to decrypt files for all victims. According to CyberX, the malware requires elevated privileges and registers itself as a service. The threat terminates various processes, but it avoids critical system processes and ones associated with anti-malware applications, likely to avoid disrupting the system and triggering detection by security products."
Bitcoin

Bitcoin Circulation Hits Record High Of $14 Billion (theguardian.com) 153

Bitcoin, the digital currency that most people have never actually used, has hit a record value of $14 billion after jumping 5 percent on Thursday. From a report on The Guardian: The price of one bitcoin reached $875 on the Europe-based Bitstamp exchange, its strongest level since January 2014, putting the cryptocurrency on track for its best daily performance in six months. That compared with levels around $435 at the start of the year, with many experts linking bitcoin's rise with the steady depreciation of the Chinese yuan, which has slid almost 7% in 2016. Data shows the majority of bitcoin trading is done in China, so any increase in demand from there tends to have a significant impact on the price.
Security

New Ransomware Offers The Decryption Keys If You Infect Your Friends (bleepingcomputer.com) 236

MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes: "With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their decryption key (potentially).
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?
Bitcoin

Bitcoin Hits Highest Levels In Almost Three Years (reuters.com) 78

Digital currency bitcoin hit its highest levels in almost three years on Friday, extending gains since India sparked a cash shortage by removing high-denomination bank notes from circulation a month ago. From a report on Reuters: Bitcoin was trading as high as $774 on the New York-based itBit exchange, up almost 1 percent on the day and the highest since February 2014, having climbed almost 9 percent in the past month. It has climbed around 80 percent so far this year, far exceeding its 35 percent rise in 2015.
Bitcoin

Bitcoin Could Rise By 165% To $2,000 in 2017 Driven by Trump's 'Spending Binge' and Dollar Rally (cnbc.com) 255

The price of Bitcoin could hit more than $2,000 in 2017 driven by expectations that U.S. President-elect Donald Trump may introduce economic stimulus policies, which could send inflation soaring and propel the dollar to record highs, a report from Saxo Bank claims. An anonymous reader shares a CNBC report: Bitcoin is currently trading around $754.51, according to CoinDesk data. A handle of over $2,000 would represent 165 percent appreciation. During his election campaign Trump has talked about an increase in fiscal spending. Saxo Bank's note said that this could increase the roughly $20 trillion of U.S. national debt and triple the current budget deficit from approximately $600 billion to $1.2-1.8 trillion, or some 6-10 percent of the country's current $18.6 trillion economy. As a result, the economy will grow and inflation will "sky rocket," forcing the U.S. Federal Reserve to hike interest rates at a faster pace and causing the U.S. dollar "to hit the moon." When inflation rises the Federal Reserve may raise interest rates to bring it under control. This causes the dollar to appreciate because it would be seen as an attractive currency for foreign investors.
Bitcoin

Bitcoin Exchange Ordered To Give IRS Years of Data On Millions of Users (gizmodo.com) 203

Last month, instead of asking for data relating to specific individuals suspected of a crime, the Internal Revenue Service (IRS) demanded America's largest Bitcoin service, Coinbase, to provide the identities of all of the firm's U.S. customers who made transactions over a three year period because there is a chance they are avoiding paying taxes on their bitcoin reserves. On Wednesday, a federal judge authorized a summons requiring Coinbase to provide the IRS with those records. Gizmodo reports: Covering the identities and transaction histories of millions of customers, the request is believed to be the largest single attempt to identify tax evaders using virtual currency to date. As a so-called "John Doe" summons, the document targets a particular group or class of taxpayers -- rather than individuals -- the agency has a "reasonable basis" to believe may have broken the law. According to The New York Times, the IRS argued that two cases of tax evasion involving Coinbase combined with Bitcoin's "relatively high level of anonymity" serve as that basis. "There is no allegation in this suit that Coinbase has engaged in any wrongdoing in connection with its virtual currency exchange business," said the Justice Department on Wednesday. "Rather, the IRS uses John Doe summonses to obtain information about possible violations of internal revenue laws by individuals whose identities are unknown." In a statement, Coinbase vowed to fight the summons, which the company's head counsel has previously characterized as a "every, very broad" fishing expedition.
Facebook

Locky Ransomware Uses Decoy Image Files To Ambush Facebook, LinkedIn Accounts (arstechnica.com) 36

An anonymous reader quotes a report from Ars Technica: A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn. According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer. Users who notice the download, and who then access the file, cause malicious code to install "Locky" ransomware onto their computers. Locky has been around since early this year, and works by encrypting victims' files and demands a payment of around half a bitcoin for the key. Previously, it had relied on a malicious macro in Word documents and spam e-mails, but Check Point says that in the past week there has been a "massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign." Users are advised not to open any file that has automatically downloaded, especially any image file with an unusual extension such as SVG, JS, or HTA -- though benign-looking images could exploit the way Windows hides file extensions by default.
Bitcoin

IRS Demands Identities of All US Coinbase Traders Over Three Year Period (vice.com) 124

An anonymous reader quotes a report from Motherboard: In bitcoin-related investigations, authorities will often follow the digital trail of an illegal transaction or suspicious user back to a specific account at a bitcoin trading company. From here, investigators will likely subpoena the company for records about that particular user, so they can then properly identify the person suspected of a crime. The Internal Revenue Service, however, has taken a different approach. Instead of asking for data relating to specific individuals suspected of a crime, it has demanded bitcoin trading site Coinbase to provide the identities of all of the firm's U.S. customers who made transactions over a three year period, because there is a chance they are avoiding paying taxes on their bitcoin reserves. Coinbase has a total of millions of customers. According to court filings, which were first flagged by financial blogger Zerohedge on Twitter, the IRS has launched an investigation to determine the correct amount of tax that those who use virtual currencies such as bitcoin are obligated to pay. But according to the documents, the IRS is asking for the identities of any U.S. Coinbase customer who transferred crypto-currency with the service between 2013 and 2015. "The John Does whose identities are sought by the summons are United States persons who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions in a convertible virtual currency," reads a memorandum written by Department of Justice attorneys and filed on Thursday, November 17.
Bitcoin

Bitcoin Boosted by Safe-Haven Demand After Trump Victory (cnbc.com) 45

Donald Trump's historic victory in the U.S. presidential elections has pushed up prices for the digital currency bitcoin. As the results for the election began to trickle in, the cryptocurrency quickly began to rise at around 2 a.m. London time. From a report on CNBC: The price for bitcoin was around 3.5 percent higher at 11:00 a.m. London time Wednesday at $733.84. Since November 4, the cryptocurrency has been stuck around the $700-709 trading band. The weakening dollar may have added to the rise, but the digital currency is also higher when priced in other currencies like the Chinese yuan, sterling and the euro. Charles Hayter, CEO and founder of Crypto Compare, said that the price is rising on safe-haven demand in reaction to the uncertainty created as a result of Trump's victory.
Bitcoin

Bitcoin Can Be Bought With Cash At Swiss Railway Ticket Machines (techweekeurope.co.uk) 63

In what is seen as a move that could help boost the spread of Bitcoin, the cryptocurrency will be available to purchase from Swiss railway ticket machines starting next month. Reader Mickeycaskill writes: Swiss Federal Railways (SBB) has more than 1,000 ticket machines and has partnered with regulated financial intermediary SweePay to distribute Bitcoin. Customers need to select mobile top up on the machines, scan the QR code on their Bitcoin digital wallet and enter the number of Swiss Francs, up to 500 CHF, in to the machine, confirm the offer of Bitcoins they receive then identify themselves using a mobile number and a security code sent to their smartphone. While the machine can pay out Bitcoin, for the time being, it will not accept payments made with the cryptocurrency. Furthermore, credit card cannot be used with the machines to buy Bitcoins, SBB is effectively providing a way to swap local currency for a digital version that can be used anywhere around the world, thereby bypassing unfavourable exchange rates"From 11 November 2016, customers will be able to obtain Bitcoin at all SBB ticket machines. Until now, there have only been limited opportunities to purchase Bitcoin in Switzerland," the company was quoted as saying.

Slashdot Top Deals