Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: InfoSec Handlers Diary Blog - Free Bitcoins? Why not? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Free Bitcoins? Why not?

Published: 2017-08-24
Last Updated: 2017-08-24 17:11:57 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

Since the invention of the Internet (or e-mail) we have been seeing various scams that try to entice the user to transfer his hard-earned money to a scammer’s account.

There are many, many forms of the old fashioned advance-fee (419) scam where the victim is usually asked to transfer money to attacker’s account for whatever purpose we can think of: it can be a dead Prince’s legacy or money that a stranger in distress needs. 

Of course, with all crypto currencies flying around, the bad guys saw an opportunity as well, with the major advantage being difficult traceability of crypto currency transactions.

Couple of days ago, one of our readers, Jason Killam sent in an example of a scam (although, a bit poorly written) but where the attacker was asking for few USD in Bitcoins – the e-mail is shown below:

Hello, my name is Arseny Golorich, I live in the country Belarus, Minsk, we are a rather poor country. On July 26, the BTC-E Crypto-Currency Exchange closed, and I can not get my money back. It was closed by the FBI and illegally appropriated all of our funds. There were my last 2 Bitcoins on which I earned and traded on the stock exchange. Now I am without means for existence, I am starving, I ask to help, who can. On the Internet, I found the emails of the wealthy people of America and decided to write to you, for you a few $ are worthless, but they will help me a lot to start earning again on the exchange. Thank you so much for reading!

My Bitcoin Wallet - 1MY1Fso8SW9XTPCca7oLEBUWFJRZWNK9Qs

For the help you can use absolutely safe resources:
https://localbitcoins.com/
https://www.coinbase.com/

As we can see, this is just a poor attempt where the attacker is practically begging for Bitcoins. He was, though, nice enough to provide the victim with links on purchasing Bitcoins.

We can search for his wallet at https://blockchain.info/address/1MY1Fso8SW9XTPCca7oLEBUWFJRZWNK9Qs and it appears that at least this attempt was completely unsuccessful as there were no transaction of any Bitcoins to this account.

However, who knows how successful (or not), this particular attacker is – for him, the nice thing about Bitcoins is that he can create a new wallet for every victim, so it becomes much more difficult not only to trace the transactions but also to see what his total gain is, especially if he decides further down the line to use notorious mixing services.

Bitcoin mixing services are anonymous services that allow anyone to send Bitcoins to them. For a small fee, such services collect multiple transactions and then mix them and divide into smaller/different outgoing transactions to new wallets. This makes tracing very difficult (and, depending on the mixing service maybe impossible) and as such is the perfect way of laundering Bitcoins.

A chicken and egg problem is, though, that the attacker must really trust the mixing service that it will do what it claims to be doing – because once the Bitcoins have been sent, the attacker could also be a victim of the mixing service operator, in case he/she decides to simply keep Bitcoins.

In any case, one thing I am sure is that various scammers will happily embrace crypto currencies, in case they have not done so already.

Have you experienced similar scams or attacks that were new or you found them interesting? Let us know!

--
Bojan
@bojanz
INFIGO IS

Keywords: 419 scam bitcoin
0 comment(s)
Diary Archives