Bitcoin hacker hunted

Powered by SC Magazine
 

Online sleuths match high school student with MtGox phishing site.

A Canadian high school student has been identified as the most likely suspect behind a phishing site that allegedly ripped off thousands of dollars worth of Bitcoins from unsuspecting users.

The student, according to an ongoing investigation initiated by private individuals, has been in possessions of sold Bitcoin wallets loaded with thousands of dollars worth of the digital currency. 

A profile linked to the suspect on public site HackForums claimed to have sold two accounts each containing 40 Bitcoins today alone, worth about $7000 at the time of writing.

It was also selling hacked LiteCoin account.

How the BitCoins were stolen 

The phishing site used to launch the attacks, Mt Gox-Chat, hosted a Java exploit which hijacked user machines with what researchers said appeared to be an Autoit script.

The malware was then used to drain the digital currency from victims' Bitcoin wallets in a series of non-reversible transactions.

One victim using the handle BitBully wrote on the Bitcointalk forum they lost 34 Bitcoins to the scammer, worth anywhere between $3500 to $8000 due to the fluctuating value of Bitcoins this week.

The transaction pointed to an account that held 72 Bitcoins, worth around $8000 at the time of writing.

The victim was compromised after they clicked through Java warnings prompted by the MtGox-Chat site.

He told SC he wanted to warn others of the attack and attempt to get the stolen Bitcoins returned.

Online sleuths 

Following the victim accounts, a small group of online sleuths began the investigation to identify the perpetrator and invited SC Magazine to bear witness to their collaboration.

Analysis of the malware by a member of the anonymous group of sleuths, who claimed to be a security researcher, pointed to IP addresses which were linked to other accounts used by the suspect.

This information led the group to suspect the scammer was using his Canadian residential address to host a command and control server.

The research also revealed a series of domain information and months of login data, along with website profiles - including the suspects' Facebook account, which provided further evidence of the man's identity.

The party investigating the scam engaged in a Skype chat with their suspect hacker, but he claimed  the information gathered was fake and promptly terminated the conversation.

At the time of writing, those investigating the scammer had threatened to reveal the data gathered in the investigation unless the suspect returned the stolen Bitcoins to victims.

SC Magazine recommends that Bitcoin users operate online with a heightened awareness of security. Users should activate two-factor authentication for online accounts where possible, disable Java in web browsers used for BitCoin transactions and be extremely cautious about following links posted in forums and chat rooms. 

Copyright © SC Magazine, Australia


Bitcoin hacker hunted
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 840

Vote