BitCoin forum hacked by donor

Powered by SC Magazine

Spruiks CosbyCoins?

Update: A hacker has used a zero day flaw to steal email addresses, hashed passwords and read personal messages from the forum.

Forum administrators said the attacker gained root access and was able to run arbitrary PHP code.

The attacker gained access on 3 September and was not detected until the attacker injected "annoying JavaScript" into the forum pages a week later.

According to website, the Javascript splashed actor Bill Cosby across the forums and replaced all references to BitCoin with CosbyCoin.

It has posted screenshots of the hack.

The forum was shut down and migrated to a new host.

The attacker launched a SQL injection to exploit a vulnerability that existed because the forum software did not handle escape characters in username details correctly.

The attacker purchased a donor account to gain the access privileges required to illegitimately change usernames, then hijacked the account of administrator Satoshi.

From there, the attacker injected arbitrary PHP code into the site by modifying a style template.

Bitcointalk identified a series of compromised accounts and IP addresses that appeared to be used in  the attacks.

Passwords were hashed with the popular SHA-1 function and salted by combining them with usernames -- an ineffective method used by the Simple Machines Forum software.

"It is not known for sure that the attacker copied any password hashes, but it should be assumed that he did," administrators said.

Administrators urged users to change passwords and be alert to BitCoin-related phishing scams.

"Change your password. If you used the same password on any other sites, you should change the password on those sites as well," they advised.

BitCoin is a digital, peer-to-peer currency that can be traded for national currencies – including those of the US, Poland, Britain and the European Union – via various online exchanges.

Earlier this year, more than 61,000 usernames, email addresses and hashed passwords were stolen from the popular BitCoin exchange Mt.Gox.

Copyright © SC Magazine, Australia

BitCoin forum hacked by donor
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
IBM denies plans to cut 112k jobs
But admits to further restructuring.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.