

Bitcoin fund lost $70,000 in a cyber-attack caused by US Marshals Service - bronwen
http://www.startupsmart.com.au/financing-a-business/melbourne-based-bitcoin-fund-lost-70000-in-a-cyber-attack-caused-by-us-marshals-service/2014070112637.html

======
patio11
Social engineering attacks work, particularly on non-technical users, and it
is highly likely that the US Marshals didn't uniquely possess this gentleman's
email address.

The really terrifying thing is not losing 100 BTC. The attacker got DNS.
That's not game over, that's "Your Nintendo just developed a circuit fault and
burned your entire apartment down." Convincing an employee to disburse a small
sum of money is almost the most boring thing one could do with that.

P.S. Go into Google Apps as your domain administrator, check "Require 2 factor
authentication for all users." If you've already got it on your personal
email, check _again_ that it is set on your work email. I mistakenly didn't
have it on for my main email address and didn't notice for years.

------
jdong
This attack was hardly caused by the USMS, it was caused by terrible security
practices.

