Čvc 31

Floridian Thieves use Local Bitcoin Exchange to Rob Customers

Source: bitcoin

Floridian Thieves use Local Bitcoin Exchange to Rob Customers

With all the coverage surrounding massive Crypto Theft and Scams recently, whether it’s The DAO, OneCoin, or questionable ETC ownership policies on major exchanges, it’s easy to ignore the more mundane events in this arena. Luckily, Steve Manos, A man in Lake Worth Florida, was brave enough to ignore best practices and common sense to bring us this gem of an example of how not to buy Bitcoin.

Read Also: New Polaris GPUs Shake Up GPU Mining


Thieves Ill-Informed as Their Victim


Manos apparently needed several thousand dollars in Bitcoin, and quickly. Instead of waiting a few days on the verification process integral to services like Circle or CoinBase, he tried to source his Crypto locally, and all in one place. This unfolded with disastrous results according to the original article at the Sun Sentinel:

Andre Allen, Arrested for Theft of Manos’ 28K

“The exchange took place outside the restaurant at 2024 Military Trail. One of the men got into the front passenger seat of Manos’ car, while the second man sat behind Manos, according to the report.

Manos handed over 28 bundles of $1,000 in a gift bag. The front seat passenger took out a laptop to finish the exchange, but he also pulled out a knife. He pressed it to Manos’ chest; Manos told deputies.

Manos told the men to just take the money and leave. But a struggle ensued as the backseat passenger tried to grab Manos’ gun out of the driver’s door pocket.

The two robbers ran with the money. Manos chased them, but couldn’t keep up, the report said. The suspects got into an Acura, and sped off.”

Luckily, Manos was able to provide Law Enforcement with the would be Thieves’ Contact info, Resulting in their arrest when he later picked them from a lineup. Had he not had the presence of mind to do so, they would have got away with 28,000 dollars of Manos’ Cash.

So what can we learn from this misadventure, brought to us by a woefully ill-informed Cryptocurrency enthusiast? Surely local and decentralized bitcoin exchanges aren’t to blame! Well, of course they aren’t. By that logic, Pokemon Go is responsible for human stupidity, and Harambe was accountable Zoo Safety Oversight. Your main takeaway should be to go with reputable sellers, use multiple sources to limit your risk, and use multisig/escrow where possible. Had Manos done any of this, he likely wouldn’t be a contributor to the “Florida Man” Twitter account.

Thoughts on the risk thieves present to decentralized exchanges or Bad security? Leave them in the comments!


Images courtesy of Palm Beach County Sheriff’s Office

The post Floridian Thieves use Local Bitcoin Exchange to Rob Customers appeared first on Bitcoinist.net.

Floridian Thieves use Local Bitcoin Exchange to Rob Customers

Čvn 08

Team Captures RSA Keys With AM Radio and Cell Phone

Source: bitcoin


Coil whine: it’s not just a problem for PC gaming enthusiasts anymore. A recent paper outlines an attack vector for capturing RSA keys by analyzing the noises, RF variations, or electromagnetic changes produced from computers as they do intense computational tasks. Of particular note is their work capturing RSA keys with sound. This so-called ‘coil whine’ is loud and regular enough to be picked up by a cell phone mic attached to an AM radio from as much as a foot away, or over thirty feet using more sophisticated equipment. The process takes time, isn’t stealthy, and isn’t exactly practical for the average hacker to execute, but the vulnerability is there nonetheless. The primary concern here is that those under long-term surveillance may have their keys compromised if using outdated RSA encryption.

Read also: ownCloud Closes Following Launch Of Competing NextCloud

Coil Whine Gives Away Your RSA Keys


Any PGP attack vector should be of particular concern to those who own and trade in cryptocurrency, as wallets are secured with this technology. While physical measures can be taken to protect against this type of attack, the recommendation from the white hat team that discovered the vulnerability is to make revisions to cryptography software to hide the activity from acoustic analysis, to prevent general end users from being vulnerable. Luckily, GPG is in the process of implementing this, and other encryption tools are following suit.

There are a variety of other attacks, with varying degrees of effectiveness, outlined in the original document. Some use RF fluctuations; others exploit changes in electrical potential on cables attached to the machine being attacked (ethernet cables, power cords, display adapters, etc.) While the more privacy conscious of us won’t like the idea that any old hidden microphone, electrical probe, or RF sensitive wire loop could be recording our computer as it chugs through its decryption routines, It’s good to know that the vulnerability is there, and open source projects like Gnu Privacy Guard (GPG) are taking steps to render the exploit ineffective.


Thoughs on this new set of physical attack vectors? Let us know in the comments!

Images (credit)

The post Team Captures RSA Keys With AM Radio and Cell Phone appeared first on Bitcoinist.net.

Team Captures RSA Keys With AM Radio and Cell Phone

Dub 13

Why the FBI Encryption Debate Is Less Significant Than You Think

Source: bitcoin


Apple recently won their case against the FBI, and the FBI cracked the iPhone in question anyway, with the help of Cellebrite, a government contractor that provides “forensic extraction” tools to investigative agencies. Their new methods in securing evidence have bordered closer to hacking, bringing the legality of them into question. 

Read Also: Homeland Security Task Force Tracks Domestic Bitcoin Traders

The federal investigative agency has shown a pattern of reluctance to release their data acquisition methods, including refusing an order from a Federal Judge to reveal how they hacked the Tor anonymizing network during the investigation of an online child pornography ring. Their refusal has been the subject of some controversy, and while they argue that releasing these methods may lessen their effectiveness in the future, it also sets a disturbing precedent for the status of our 4th Amendment rights.

Encryption Matters Less If the State Endorses FBI Hacking

Traditionally, the burden of investigative methodology falls on law enforcement to ensure citizens’ rights are not violated. At least in the States, law enforcement is barred from searching a person’s belongings without probable cause. If the FBI does not need to disclose their methodology in obtaining their information in digital investigation, then the current debate over civilian encryption is largely a moot point.

There are plenty of ways to circumvent privacy-minded practices being used by Law enforcement that fall under the umbrella of hacking – the digital equivalent of breaking and entering. Many of them may be violating probable cause and employing malware to collect data on suspects. The encryption debate challenges some of the assumptions that are generally made about private and sensitive data as property, but the discussion largely omits these novel “forensic” methodologies used increasingly by law enforcement to gain questionably legal access to that data.  Furthermore, hacking is a prosecutable offense if carried out by a private citizen, just like B&E. It’s all well and good that the FBI took down a pedophile ring, and can access a domestic terrorist’s mobile device, but if they are violating the chain of custody or probable cause to build their cases, something is clearly wrong.

Cellebrite’s UFED mobile data extractor

Even assuming a best case, by-the-book methodology, refusal to release their exploits is problematic for security application developers because they leave legitimate users vulnerable. The rhetoric circulated by law enforcement is that the “bad guys” would start using them, which is entirely false. Malicious actors exploit security vulnerabilities every day to conduct illegal activity, which is precisely why the security community shares info on them. The sooner the exploits are well known; the sooner software developers can patch holes that put their users at risk.

By keeping mum about their software exploits, the FBI is writing every malicious actor on the planet with knowledge of the vulnerability a blank check, because the developers of the software being abused can’t fix their problems until they reach critical mass on the black market. The FBI is enabling cyber-crime to further their agenda. Even worse, they have stated a willingness to cooperate with local law enforcement to do the same, exposing their methods to a much larger, more leak-prone community.

It doesn’t matter if you’re taking down pedophiles, drug lords, or common street criminals. Excusing the shady practices being used to build cases against them is a slippery slope, and the FBI is assuming they’ll get away with it because people don’t understand the technology in play with these cases. In doing so, they leave the security community and software developers in the dark, and allow malicious hackers to ape their methods and act with impunity.

Data encryption is a powerful tool that is utilized for many legitimate applications, ensuring source safety among them. If state actors are allowed to circumvent tools like encryption and Tor using malware and methods illegal in the private sector, then using those tools just treats symptoms of a systemic problem. What’s to stop the government from rooting out confidential sources that start unfavorable press or violating dissident privacy to discredit them? The moral arguments against tools like encryption are a thin veneer over unacceptable methodologies in modern law enforcement, and conceding to them is giving the state more ground to operate outside of their jurisdiction, and the legal protections private citizens enjoy.

Thoughts on law encforcement practices in the digital realm? Let us know in the comments!

Image courtesy of Cellebrite.

The post Why the FBI Encryption Debate Is Less Significant Than You Think appeared first on Bitcoinist.net.

Why the FBI Encryption Debate Is Less Significant Than You Think