The Bitcoin Heist!

The present article is written by Mehak Khurana, 1st year M.Sc Forensic Science student from LNJN National Institute Of Criminology And Forensic Science,Ministry Of Home Affairs, Government Of India; during her internship at LeDroit India.

Abstract

Humans are the weakest link in the cyber security system . The world we are living in is highly connected and digitally exhaustive. With the increase in technological advancements ,methods to commit cyber crimes have also been changed, so it has become imperative to create awareness in the use of digital platforms through digital literacy .

Introduction:

Cyber crime can be defined as any illegal behaviour committed by means of, or in relation to, computer system or network. In a cyber crime, the computer or network can be – tool of a crime, target of a crime, or used for purposes incidental to crime. 

What’s at Stake?

There is too much at stake in a cyber crime. A cyber crime involves –

  • Information Security
  • Identity
  • Privacy
  • Money

The threats of cyber crimes, continue to grow in number, frequency, and complexity. Trends indicate that cyber crimes are-

  • Powerful for conventional defenses to handle. 
  • Rising alarmingly in volume and security.
  • Increasingly sophisticated and difficult to defend against.
  • Exploiting software vulnerabilities and human gullibility.
  • Increasingly motivated by financial gain.

Fundamental Principles of Security:

There are three principles of Information Security ( CIA Triad) :   

   1.Confidentiality: 

Confidentiality ensures that necessary level of security is implemented at each junction of data processing and prevention of unauthorized disclosure. Confidentiality can be provided by encrypting data as it is stored and transmitted , by imposing strict access control and data classification and other data protection procedures.

  2. Integrity: 

Integrity is upheld when the assurance of the accuracy and reliability of data and systems is provided and any unauthorized modification is averted. System and Network communications ought to be shielded from outside interference and contamination.

 3.Availability:

It ensures reliability and timely access to data and resources to authorized individuals. 

Cyber Hacking and Crypto – Currency:

  • Hacking:  Hacking is electronic vandalism where the security of a computer system or network is intruded for some illicit purposes . It is a cyber trespass, defined as an act of penetrating or gaining unauthorized access to or use data available in a computer system or a computer network for the purpose of gaining money , stealing or making unauthorized use of data .
  • Crypto- Currency:    A crypto-currency is a medium of exchange like normal currencies , but designed for the purpose of exchanging digital information through a process made possible by certain principles of cryptography . Cryptography is the conversion of data into a secret code for transmission over a public network . A plain text is turned into a coded equivalent called cipher text via an encryption algorithm and use of keys . It is used to secure the transactions and to control the creation of new coins . This encrypted decentralized digital currency is transferred between peers and confirmed in a public ledger via a process known as mining . 
  • Top 10 crypto-currencies :
  • Bit-coin ( 2009)
  • Black-Coin (2014)
  • Dash (2015)
  • Doge-coin (2013)
  • Lite-coin (2011)
  • Name-coin (2011)
  • Nxt ( 2013)
  • Peer-coin ( 2012)
  • Prime-coin (2013)
  • Ripple(2013)

The Bitcoin Twitter Scam:

  • On 15 July 2020, twitter accounts of high –profile personalities having millions of twitter followers such as : Mike Bloomberg, Joe Biden, Kim Kardashian, Kanye West, Elon Musk , Barack Obama, Bill GatesJeff BezosMrBeastWarren Buffett, Floyd Mayweather , and companies ,  Uber , Apple and Cash App became targets of a hackers who offered fake bit coin deals. [1]
  • The perpetrators urged people to send bit-coin currency to a specific crypto-currency wallet, with the promise of getting it returned in double amounts .
  • The scammers had gained access to Twitter’s administrative tools in order to alter the accounts and post the tweets directly. 
  • Minutes after the tweets were posted , nearly 12 bit-coins were sent to one of the addresses involved, which is   equivalent of more than Rupees 89 lakhs and more than 320 transactions had already taken place .
  • Some phrases were repeatedly being posted by the compromised accounts , even after having some of the messages deleted. The tweets were labelled as being sent through the Twitter web app. One of the phrases involved in the scam was tweeted more than 3,000 times in the space of four hours, with tweets being sent from IP addresses linked to many different countries. This reused phrasing allowed Twitter to remove the offending tweets easily.
  • In addition to posting tweets, the account data of 8 compromised accounts were downloaded, which included all created posts and direct messages, though these 8 accounts weren’t of verified users.
  • Soon twitter took action , and while they were working to resolve the scam related issue , four individuals who claimed to be part of the scam and presented the website with screenshots told that they gained access to a Twitter administrative tool, also known as an “agent tool” which allowed them to change settings of the hacked accounts, even the confirmation emails for the account were changed which allowed them to set email addresses which any other user with access to that email account could initiate a password reset and hence, post the tweets. These hackers had paid insiders at Twitter to get access to the administrative tool to be able to pull off this massive scam.

Curbing Cyber Security Dangers:

           ‘Forewarned is forearmed’

  • Implementing network segmentation, which reduces the exposure during an attack. 
  • Setting up access control by enforcing the principle of least privilege (PoLP). 
  • Backing-up all data. 
  • Educating end users on how to spot malspam
  • Educating  people on creating strong passwords and implementing multi-factor authentication techniques .
  • Updating softwares, and detect vulnerabilities which infect machines.
  • Getting proactive about endpoint protection.   [3] 

Conclusion:

Cyber crimes involve cyber security attacks and exploiting vulnerabilities, and digital literacy that consists of developing new skills and knowledge which provides awareness by implementing combination of tactics, policies, and processes will help to significantly strengthen the cyber security posture and our level of cyber resilience along with it. 

  • References:

[1] https://economictimes.indiatimes.com/markets/stocks/news/bitcoin-scam-decoded-how-hackers-swindled-rs-89-lakh-from-twitter-users/articleshow/76996282.cms

[2] https://en.wikipedia.org/wiki/2020_Twitter_bitcoin_scam

[3] https://www.malwarebytes.com/hacker/

Leave a Comment