Unfortunately, those of a criminal nature (usually theft) often do not care who their targets (victims) are, whether they be little old grannies, or your local Bitcoin self made millionaire.
Roger Ver (“Bitcoin Jesus”) recently became the target of a hacker, and not of the nice variety of hackers out there. He quickly posted a reward for the apprehension of the hacker who was trying to access his emails, accounts and personal information.
As a very successful bitcoin entrepreneur from pretty much what is currently referred to as ‘the early days’, it can be seen that Roger Ver is a likely target for such behaviour.
However, through his quick independent actions of offering an award, he has since stated via Coindesk that the situation has been resolved.
An email address and Facebook account I don’t use anymore were hacked, but it started to spread until I told him I’m offering a $20k bounty for his arrest, then he gave up and gave me the password to all the hacked accounts. I’ll post all the details once I finish locking everything down.
Security In Bitcoin As Security In All
At this point it behoves us to remind our readers that best security practices should not just be implemented in Bitcoin and your wallet software (or incoming hardware) – that security practices should be used where attackers can gain access to such things as your important email addresses, social media accounts, wallet providers and especially your Bitcoin wallet.
2-Factor Authentication (2FA) is generally cried out as a must in the Bitcoin sector. It never used to be available for email accounts, yet email providers are catching up and most now provide 2FA in the form of Google Authenticator or via sending a text message to your mobile phone.
What Is 2FA
2FA can be in a variety of forms.
Google Authenticator is an app that you can download for your mobile and synchronizes random numbers to act as a ‘key’ for the service you have linked it to.
- Commonly used.
- Easy to setup.
- Be aware of time zone changes may result in unsynchronized ‘key numbers’.
Mobile texting is another form of 2FA, whereby the site you are trying to access will send you a text to your linked mobile phone, usually of a 5-6 digit number that you will have to enter within a certain period of time.
- Easy to setup.
- Not as commonly used.
- Sometimes texts can be delayed.
Emails are another form of 2FA and can be layered with other forms of 2FA. For example, having your account require a password that is sent to your email address, and then also requiring your Google Authenticator code.
- Can be layered with Google 2FA or mobile text 2FA to provide extra security.
- Email address used may also have 2FA activated (possibly from an alternative phone).
- A lot of email accounts are created (by default) to not have 2FA activated.
- If you are using only an email 2FA for your more security conscious sites (wallet holders/exchanges), you may have to activate your email 2FA.
Though email 2FA provide an extra layer of protection, an account protected only by email 2FA (with no 2FA activated for the email account itself) is in fact only protected by your email password, if an attacker brute forces your email password then they will be able to access your ‘email 2fa protected’ account.
Weakest To Strongest
Email > Mobile Text > Google Authenticator > Email + Google Authenticator/Mobile Text.
It is important to remember, that depending on how you have setup your security, someone gaining access to one of your email or social media accounts may then use these to access one of your financial accounts – or at the very least, use your name to steal from others.
In Roger Ver’s case it could quite easily be argued that setting up ‘Honey Pots’ is an excellent way to give yourself warning that an attacker has you in their crosshairs.
Your password is your first line of defence. A small (few characters) simple password can be brute forced by an attacker; it is generally recommended that your password be at least 15 characters, contain numbers and symbols and a mix of lower and upper cases, and do not use whole words.
Defined as easier to hack/access than your more important accounts. When these are broached you have clear warning that someone is targeting you.
Bitcoin.org offers some very sound advice with regards to your bitcoin security, which can be found here: https://bitcoin.org/en/secure-your-wallet.
And of course, cold storage via USB sticks, CDs, paper wallets, floppy disks and whatever else you can imagine is always highly recommended. Best practices for security does not stop at the financial/final destination, it only starts from there.
More details of Mr Ver’s case can be found via the following reddit post – http://en.reddit.com/r/Bitcoin/comments/26d79c/roger_ver_hacking_incident_full_details_376_btc/.