

For Ransom, Bitcoin Replaces the Bag of Bills - jhonovich
http://www.nytimes.com/2015/07/26/business/dealbook/for-ransom-bitcoin-replaces-the-bag-of-bills.html

======
sorrythrowaway9
I know this is not 100% specific to this article, but this is happening right
now to a friend of mine's gmail account. Scammer was able to social engineer
the cell phone company to forward his number, then did a password reset, and
locked him out of his account. 20BTC Ransom. He followed every single google
customer service link/resource he could find and tried to reset link, which
said they would contact him in 3-5 days. This was 6 days ago. No response. FBI
can't do anything either. Its so disturbing that there is absolute nothing you
can do to reach Google once this happens. It could happen on anyone's cell
phone as well, how many fortune 500 companies have higher up employees with
cell phones and gmail accounts? Imagine in the future trusting google with a
self driving car and home automation -- imagine getting locked out of your
house or hijacked in a self driving car and having nobody to call. If anybody
here knows somebody at google who can reach the group that handles Gmail
security, please contact this account so I can give you his info.

~~~
nadams
I'm sorry if this sounds like me being a jerk - that's not my goal. I just
want to point out cold hard facts.

> but this is happening right now to a friend of mine's gmail account

I can't stress this enough but please enable OTP on your accounts. Facebook,
gmail, and even your Windows system if you are paranoid enough. Yeah it adds
some hassle - but the value of increased security far outweighs the hassle.
Also backup the OTP codes somewhere.

> Scammer was able to social engineer the cell phone company to forward his
> number

If they are in the US please tell us the name of the provider so we know not
to ever use them. This isn't the first this kind of attack has happened [1]
(shame on you DigitalOcean). I use Gandi and they state in their documentation
that they will not reset it if you ask them [2].

> Its so disturbing that there is absolute nothing you can do to reach Google
> once this happens.

It's a free service - what do you expect? I've heard this story many many
times. Yes - google makes billions in profits and could in theory hire someone
to handle gmail issues. But, they don't and it makes sense from a business
point of view (why spend money on a guy who will support a service that
doesn't make money?).

> It could happen on anyone's cell phone as well, how many fortune 500
> companies have higher up employees with cell phones and gmail accounts?

If a Fortune 500 company uses gmail they would buy the google apps for work.
If they buy google apps for work they get an 800 number to call if they have
problems (and most likely a dedicated account rep because they are probably
buying 1000s of accounts).

> Imagine in the future trusting google with a self driving car and home
> automation

Again - you would be giving money to google. And in return you will get
support. I'm not saying Google is perfect but if self driving cars become a
thing I'm sure (hope) there will be an 800 number you can call when your car
becomes sentient.

[1] -
[https://news.ycombinator.com/item?id=9596258](https://news.ycombinator.com/item?id=9596258)

[2] - [https://wiki.gandi.net/en/hosting/gandi-expert/change-
root-p...](https://wiki.gandi.net/en/hosting/gandi-expert/change-root-passwd-
in-expert-mode)

~~~
sorrythrowaway9
The cellphone provider was sprint. My friend is a paid customer of Google
Apps. In part of the process he called called Google Apps, and they
immediately disabled his Apps account but -- but they couldn't or wouldn't do
anything else including helping him escalate to the right people -- They said
they did not know who to contact. Eventually after he called back several
times, he got a manager/supervisor who was able to create a ticket. He called
back the next day and the ticket was deleted!

Meanwhile the scammer is making threats to his family and pretending to be him
send out emergency BTC loan requests and resetting bank passwords. He could be
SWAT'd at any moment.

Apparently Google executives are in the mindset that it isn't cost effective
for them to provide even the most minimalist crisis support -- a trivial 5
minute look at the account and seeing the ransom artist texting him (through
his own gmail) would at least justify an account hold. Google couldn't be
bothered-- even at a record 66 billion dollar profit to help him. Why? Because
they can't make a profit helping him. Or maybe its that and they are still in
the 2003 "beta" mindset. It truly is a real life THX 1138 nightmare for him.

~~~
o87dv
He is a paying customer... wow unbelievable.

Why can the police/FBI help in this case, given all the threads and demands?
Were they contacted and informed of the situation?

~~~
sorrythrowaway9
Yes he has a FBI complaint id and met with them. Basically the FBI said there
is nothing they can do. I'm going to get him to contact the journalist for
this article and see if there is another FBI agent he can work with. Sprint
wouldn't work with him at all and only after dozens of calls did they start to
help him get his number back. (The entire number was in the process of being
ported). We didn't even think about him being SWAT'd until I read this
article. The threats were specifically towards his parents. If anybody has any
suggestions please let me know.

------
bdcravens
So if a) users don't get smarter about security and b) the use of Bitcoin as a
ransom currency doesn't get disincentivized, how will this play out? I can't
see the status quo continuing; resigning to "oh well, the nerds have won, we
can't do anything" isn't how the government tends to operate.

Would the government try to really hammer down on Bitcoin if this becomes the
epidemic I think that it might?

Government regulation of companies that permit easily "hacked" accounts?

The introduction of personal insurance policies for online data that would
pay?

------
kwijibob
Why can't you track where they spend the ransom money via the blockchain?
Couldn't this be used to identify the criminals?

~~~
eru
It depends how good their mixers are.

------
codeshaman
To me this is a serious downside of cryptocurrencies - the fact that criminals
have this secure channel of stealing from victims.

Besides malware, one can be blackmailed with information disclosure (everyone
has secrets), one can be physically bullied into transferring his BTC or
forced to pay bribes by police or corrupt authorities. In western countries
some of these may seem impossible, but in a lot of places, police or
authorities are worse than criminals. And of course good old hacking.

It's also a very good incentive for maybe-criminals to actually go and do the
crime - because the risks of being caught are very small.

One counter argument is that it's possible to steal cash anonymously too, but
of course it's not the same thing, just like crypto is not cash.

This is serious problem with (anonymous) crypto and it will only grow bigger
and bigger as it goes more mainstream..

~~~
oleganza
If we were running our economy on steam and gold we would have even less
problems. Your life expectancy would be 2x lower, but Sherlock Holmes would be
able to find the blackmailer.

Do you seriously blame the technology and instead of finding a technological
solution propose to blame everyone using it for occasional consequences you do
not like?

~~~
codeshaman
> If we were running our economy on steam and gold we would have even less
> problems.

Absolutely. I've lost a lot of coins in various hacks so this is experience
talking, not theory ;).

> propose to blame everyone using it for occasional consequences you do not
> like.

Not blaming anyone and I'm still quite hopeful about crypto (albeit much less
now than before), just saying this is a dark side of crypto which people are
afraid to look at and it's not going away.

You may remember this discussion if god forbid somebody hacks the service were
you hold your coins at
([https://bitcointalk.org/index.php?topic=576337](https://bitcointalk.org/index.php?topic=576337))
or exploits a vulnerability in your OS and steals your wallet OR does the
thing in the article.

Right, we are literate, we don't keep our wallets online or on our hard
drives. For maximum safety we keep our public key pairs on a piece of paper or
wood and hide it away in a dark place.

------
zajd
It's hard to take these seriously when they equate digital ransom with actual
kidnapping. Clickbait headline if I ever saw one.

~~~
dang
There's nothing wrong with the headline, and the article doesn't mention
kidnapping. The comparison it does make is a reasonable one: "a modern day
version of a mob shakedown".

