Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Hacked

Discussion in 'Off Topic' started by fible1, Jun 2, 2016.

  1. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    710
    Likes Received:
    722
    Trophy Points:
    163
    Well it happened again, my personal laptop was hacked. Not going into details, but I want to warn everyone that there are some very sophisticated spearfishing emails going around. I got one over the weekend (unfortunately deleted) that addressed me personally over a crypto related matter. This isn't weird as I get a decent amount of mail from random people, but it went downhill from there.

    Thankfully my Dash and other cryptos are safe, and it looks like nothing serious was looted; but heads up everyone, this could happen to you.

    Pablo.
     
    • Useful Useful x 5
    • Like Like x 1
    • Informative Informative x 1
  2. TheDashGuy

    TheDashGuy Well-known Member

    Joined:
    Dec 16, 2015
    Messages:
    1,232
    Likes Received:
    1,011
    Trophy Points:
    183
    Care to share an edited version of said email?
     
  3. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    710
    Likes Received:
    722
    Trophy Points:
    163
    Unfortunately I deleted it after reading it; as I thought it was a bit weird and decided not to bother. Wish I had it to do some counterintelligence; I actually don't remember much about it, but that's when my computer started behaving weirdly, and today a bunch of my files were mucked about with and terminal and other tools I use were supplanted by clone software. It's pretty involved but stupidly pulled off imho. I'm a little bothered I didn't do anything about it earlier as I attributed it to my computer being old-ish and that was stupid.

    Anyway, the reason I posted is because these spearfishing emails are probably going around. I'm not sure how I popped into the hackers radar but I spend most of my time here so I thought I'd let you guys know. Aside from that, it's not my first hack and I'm already on a clean comp; I'm pretty sure damage was highly limited.

    Pablo.
     
    • Like Like x 1
  4. Jeztah

    Jeztah Active Member

    Joined:
    Oct 9, 2014
    Messages:
    181
    Likes Received:
    145
    Trophy Points:
    103
    I can confirm, a few of my customers have encountered several very targeted and specific requests that were quite convincing. All of my customers use Office 365.

    Only minor details were off.... like an Android email signature when one KNOWS that the sender has an iPhone. Always sent to the proper people using convincing language. It's as though someone tapped into a live stream of email somewhere and are looking for certain business language/relationships. The two I was lucky enough to be able to look at the headers both originated in .ru.
     
    • Like Like x 1
    • Informative Informative x 1
  5. Ha Bui

    Ha Bui New Member

    Joined:
    May 31, 2016
    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    3
    Okay now i know that it's not just me who getting this trouble
     
    • Like Like x 1
  6. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    Did you click on something or was just viewing the email enough to get you infected? And, if so, which email client are you using?
     
  7. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    710
    Likes Received:
    722
    Trophy Points:
    163
    Just viewing the email, GMail.

    Pablo.
     
  8. raganius

    raganius cryptoPag.com
    Foundation Member Masternode Owner/Operator

    Joined:
    Jun 11, 2014
    Messages:
    719
    Likes Received:
    1,162
    Trophy Points:
    263
    This is scary... I receive tons of weird emails daily. I don't even open it if I don't know the sender :eek:
     
    • Agree Agree x 2
  9. TaoOfSatoshi

    TaoOfSatoshi Grizzled Member

    Joined:
    Jul 15, 2014
    Messages:
    2,699
    Likes Received:
    2,604
    Trophy Points:
    1,183
    Another trick is to have a dedicated device just for emails, something far away from crypto wallets... I use my iPad. I'm still careful about what I open, though.
     
    • Like Like x 1
    • Winner Winner x 1
  10. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    710
    Likes Received:
    722
    Trophy Points:
    163
    You make a good point. All security is a tradeoff with convenience.

    Pablo.
     
    • Like Like x 2
  11. Jeztah

    Jeztah Active Member

    Joined:
    Oct 9, 2014
    Messages:
    181
    Likes Received:
    145
    Trophy Points:
    103
    You never should open those, but if you do...... don't ever blindly click a link without seeing where it's actually sending you first.
     
    • Agree Agree x 1
  12. TheDashGuy

    TheDashGuy Well-known Member

    Joined:
    Dec 16, 2015
    Messages:
    1,232
    Likes Received:
    1,011
    Trophy Points:
    183
  13. splawik21

    splawik21 Grizzled Member
    Dash Core Team Foundation Member Dash Support Group Moderator

    Joined:
    Apr 8, 2014
    Messages:
    1,912
    Likes Received:
    1,273
    Trophy Points:
    1,283
    Yeah I`ve received some emails too, did the filter to remove them form the server instantly.
    Got the email from kraken too.
    --------------------------------------------------------------------------------

    We know that some of you have accounts on bitcointalk.org and we wanted to let you know that a phishing attempt was made on bitcointalk email addresses earlier today.

    If you received an email with the subject Mtgox.Claim assessment process, delete it and do not click on the link it contains! This email did not come from Kraken, but was spoofed to look as though it came from our support email ([email protected]).

    For more information about the email, see this post on reddit:
    https://www.reddit.com/r/Bitcoin/comments/4m3op0/psa_phishing_attempts_reported_today_kraken_re/

    We do not know how the bitcointalk email addresses were obtained, however the bitcointalk database has been compromised in the past. You can be assured that this incident was not the result of any breach in Kraken’s database and your personal information with Kraken is safe.

    Even if you did receive the email, you are safe so long as you do not click on the link (just delete the email and you will be fine). If you did click on the link and are concerned about it, please contact us at: [email protected].

    Stay safe,

    The Kraken Team
     
    • Informative Informative x 2
  14. jpr

    jpr Active Member

    Joined:
    May 11, 2014
    Messages:
    493
    Likes Received:
    393
    Trophy Points:
    133
    What OS you're on? Can't see how viewing email without clicking on a dangerous link gets one hacked.
     
  15. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    710
    Likes Received:
    722
    Trophy Points:
    163
    I'm not very technical so the minutia of it eludes me, but I know it can be done through vulnerabilities in the browser.

    Pablo.
     
  16. rustycase

    rustycase Active Member

    Joined:
    Apr 19, 2016
    Messages:
    497
    Likes Received:
    117
    Trophy Points:
    113
    All this is beyond my capability and it usually takes me two or three days to recover from malware problems.
    Quite some time ago a forum owner told me the larger percentage of scams originate from gmail accounts.
    ...which is, of course, my preference... go figger !

    As described above, it's probably wise to conduct various activities from different machines, if at all possible.

    Best
    rc
     
  17. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
    @fible1 , Although nothing was looted now, it does not mean that malicious entities are 100% not in possession of encrypted password databases, wallet.dats, or encrypted zip files with private keys/passwords inside. If they think they stumbled on a gold mine, they can rent sufficient processing power to break your encryption eventually.

    If you stored any crypto stuff on that computer, it might be a good idea to re-do your setup; create new wallets and passwords on new computer/fresh install and spend to new addresses. If your money is all on the Trezor, you're safe because there is no way a virus can sniff your PIN which uses the scrambled numberpad input from your Trezor screen (but you should always double-check the recipient address on the Trezor screen is the same one that you're trying to spend to--a virus can change the spending address so you accidentally spend to the hacker instead!).

    Anyway, just a heads-up. I think we're all anxiously waiting the offline( or Trezor) masternode start capabilities of the new release. Some more than others :D
     
    • Agree Agree x 3
    • Informative Informative x 1
  18. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    710
    Likes Received:
    722
    Trophy Points:
    163
    Thank you for your concern :),
    My wallets are in cold storage and not linked in any way to my hacked laptop, which has already been wiped and overwritten. Purchased new router and modem just to be safe as well.

    :)

    Pablo.
     
    • Like Like x 1
  19. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    I was under the impression as long as I don't open the attachment I would be safe, although I don't use Gmail as such, what OS and browser were you using at the time ?