{"id":6118,"date":"2020-08-17T13:31:25","date_gmt":"2020-08-17T17:31:25","guid":{"rendered":"https:\/\/cointelegraph.com\/magazine\/?p=6118"},"modified":"2020-08-18T19:21:47","modified_gmt":"2020-08-18T23:21:47","slug":"crypto-crimes-twitter-hackers-keyser-soze","status":"publish","type":"post","link":"https:\/\/cointelegraph.com\/magazine\/2020\/08\/17\/crypto-crimes-twitter-hackers-keyser-soze","title":{"rendered":"Crypto Crimes Rated: From the Twitter Hackers to Not Your Keyser, Not Your Coins"},"content":{"rendered":"

The high-profile Twitter hack <\/strong>\u2014 which saw malicious actors take over 130 verified accounts including Bill Gates and Elon Musk \u2014 managed to be both technically brilliant and incomprehensibly stupid at the same time.<\/p>\n

It was a multi-person attack, deep inside the company’s infrastructure, using sophisticated social engineering to defeat 2FA-protected accounts.<\/span><\/p>\n

But while the hackers were smart enough to defeat Twitter\u2019s security, trawling through the internal Slack messaging system to unlock ever greater levels of access, they ultimately failed. Miserably.<\/span><\/p>\n

Instead of, say, using Musk\u2019s account to send Tesla market FUD to tank the stock price (and make millions shorting it) the hackers instead sold access to various accounts on the darknet for a few magic beans to some vanity-handle clowns, and then spammed out a two-for-one Bitcoin giveaway scam, netting a paltry $117,000.<\/span><\/p>\n

And then they got caught.<\/p>\n

\u201cIt doesn’t make sense as far as the sophistication of the attack,\u201d says Dave Jevans, CEO of CipherTrace. \u201cThe actual scam was ridiculous.”<\/span><\/p>\n

Rather than an elite group of high-level professionals, the ringleaders were a bunch of teenagers and 20-somethings who\u2019d stumbled upon Twitter\u2019s God Mode but had no idea what to do with it. The FBI tracked them down thanks to a series of total<\/span> noob mistakes<\/span><\/a>, including using their home WiFi without a VPN, and trying to cash out stolen Bitcoin using Coinbase accounts verified with their real drivers licenses.<\/span><\/p>\n

It turns out that just like ordinary criminals, some technically adept cyber criminals can act like bumbling goons too.<\/span><\/p>\n

Cleverness not required<\/h4>\n

Alex Lazarenko, Group-IB’s Head of R&D says that being clever is not a prerequisite of hacking into many crypto exchanges, which can have worse cybersecurity than non-finance companies.<\/span><\/p>\n

“From our experience with our clients they are pretty bad with security,” Lazarenko explains in his thick Russian accent. <\/span><\/p>\n

“There are not so many sophisticated attacks because the industry is not very much secure in terms of cyber security. A lot of people are getting into trouble with cryptocurrency because of simple mistakes.”<\/span><\/p><\/blockquote>\n

Most cryptocurrency scams don’t involve a crack team of hackers pulling off some ingenious and unique multi-level con \u2014 instead they just dust off hoary old scams and dress them up with a thin veneer of technobabble about \u2018high yield investments\u2019 and \u2018sophisticated trading algorithms\u2019.<\/span><\/p>\n

“There’s nothing much new under the sun,” says Michael Cohen, Vice President of Operations at MyChargeBack, an American company that deals with retail crypto crimes. “You don’t have to be Dr Evil to scam someone via cryptocurrency. You can be a Mini Me.\u201d<\/span><\/p>\n

Scammers and thieves love crypto because there\u2019s a perception that there\u2019s no central authority to complain to, no way to reverse transactions, and the funds are difficult to trace. (In truth, most on-chain transactions are far from anonymous, and their traceability is often a boon to law enforcement.)<\/span><\/p>\n

But cryptocurrency\u2019s complexity means that even some of the smartest people can fall victim to their dumb tricks.<\/span><\/p>\n

“The common denominator of all of them is a tremendous amount of inexperience on the side of the consumer,\u201d says Cohen. <\/span><\/p>\n

\u201cYou could have doctors, lawyers, investment CFOs, government officials. We see there’s no delineation between someone’s professionalism and education and the susceptibility to these types of scams.”<\/span><\/p><\/blockquote>\n

So how smart do you have to be to pull off various types of crypto crimes?<\/span><\/p>\n

\n

The Scam: Say Hello To My Little Friend<\/h4>\n

Criminal sophistication level: Grunts and goons.<\/i><\/strong><\/p>\n

Crypto extortion is a crude and unpleasant crime. At its most basic this involves a man with a shotgun bursting into your apartment demanding the passcode to your Bitcoin wallet.\u00a0<\/span><\/p>\n

Crude attacks can be defeated with similarly crude countermeasures however, and when this exact situation happened to a<\/span> Norwegian crypto millionaire<\/span> last year, he vaulted over the balcony of his <\/span>second-floor<\/span><\/i> apartment and escaped.<\/span><\/p>\n

I<\/span>n a bizarre spin on the practice, The New York Times reported a group of men had ransacked the New York apartment of a man named Nicholas Truglia, and held his head underwater demanding his crypto logins. But it turned out that Truglia had made up the story, and in doing so he\u2019d sparked an investigation by the police into his unexplained crypto wealth.\u00a0<\/span><\/p>\n

He was unmasked as The Bitcoin Bandit, the ringleader of a 25-person SIM swap gang, and ordered to pay $74.8 million in compensation to Michael Terpin, an investor in multiple ICOs and head of a blockchain marketing group.\u00a0\u00a0<\/span><\/p>\n

 <\/p>\n

The Scam: Show Me The Money<\/h4>\n

Criminal sophistication level: Dumb as a stump.<\/i><\/strong><\/p>\n

The oldest scam in the world is convincing people to hand over money now, with the promise of getting more money later.\u00a0<\/span><\/p>\n

\u2018Bitcoin giveaways\u2019 on Twitter trade on this principle and have been at plague proportions for years. For a slightly more sophisticated example, head on over to YouTube on any given day and you\u2019ll find tens of thousands of people watching a ‘live broadcast’ from someone posing as Ripple or SpaceX to promote the scam.\u00a0<\/span><\/p>\n

It\u2019s lent credibility by screening on what appears to be a verified channel with hundreds of thousands of followers. Scammers typically use phishing emails to get a password to take over a gaming nerd\u2019s verified channel. They then change the name from \u2018Bob\u2019s Gaming Channel\u2019 to \u2018Ripple\u2019, and start screening old footage as \u2018live\u2019 to attract viewers. Both Ripple and Steve Wozniak have launched lawsuits against YouTube over the practice.<\/span><\/p>\n

 <\/p>\n

The Scam: We\u2019re Not In Kansas Anymore<\/h4>\n

Criminal sophistication level: basic comprehension of Rock, Paper, Scissors<\/i><\/strong><\/p>\n

Moving up the scale, we begin to find crimes that require a modicum of technical ability. One method scammers use to steal passwords is to clone exchange websites to fool victims into entering their details.<\/span><\/p>\n

The trick here is to use a domain name that looks identical to the real one, but isn\u2019t, thanks to a \u2018homograph attack\u2019. This takes advantage of the fact that various letters in alphabets like Cyrillic and Greek look virtually identical to English.\u00a0<\/span><\/p>\n

In 2018, scammers set up a fake Binance site, complete with a reassuring looking padlock next to the address denoting an SSL certificate. But the letter \u2018n\u2019 had been replaced with a version that included an underdot (<\/span>\u1e47)<\/span>. Scammers pulled a similar trick by replacing the \u2018r\u2019 in Bittrex with one that included a cedilla (<\/span>\u0157)<\/span> which looks like a comma.<\/span><\/p>\n

\"Binance<\/p>\n

 <\/p>\n

Once every couple of months Ledger is forced to put out another warning of a malicious browser extension pretending to be Ledger, seeking to trick users into entering their seed phrase. At one crypto conference in 2017 scammers went so far as to distribute fake Trezor and Ledger hardware wallets so they could later steal funds users deposited.<\/span><\/p>\n

There are also simple malware programs devoted to diverting your funds to scammers\u00a0 \u2014 one Trojan called CryptoShuffler affects the cut and paste function, so that each time you \u2018cut\u2019 a wallet address, it pastes in the scammer\u2019s destination address instead.<\/span><\/p>\n

 <\/p>\n

The Scam: I Know What You Did Last Summer<\/h4>\n

Criminal sophistication level: knows not to iron a shirt while wearing it.<\/i><\/strong><\/p>\n

Sextortion is where victims receive a personally addressed email from attackers who claim to have hacked their webcam and recorded them masturbating, demanding payment not to release the footage.\u00a0<\/span><\/p>\n

“They’re not spamming,” says Jevans. “They actually do have your name and they do have your email address. That’s why they’re convincing.\u201d<\/span><\/p>\n

 <\/p>\n