[ISN] The $7 million hack (was re: [dgc.chat] Crowne Gold Update)

From: InfoSec News (isnat_private)
Date: Tue Aug 27 2002 - 06:00:06 PDT

  • Next message: InfoSec News: "[ISN] WLANs May Be Banned at Agencies"

    ---------- Forwarded message ----------
    Date: Mon, 26 Aug 2002 23:37:33 -0400
    From: R. A. Hettinga <rahat_private>
    To: Digital Bearer Settlement List <dbsat_private>, dcsbat_private,
         cryptographyat_private, cypherpunksat_private
    Subject: The $7 million hack (was re: [dgc.chat] Crowne Gold Update)
    --- begin forwarded text
    Status: RO
    Date: Mon, 26 Aug 2002 19:14:44 -0400
    From: Sean Trainor <sean@crowne-gold.com>
    Subject: [dgc.chat] Crowne Gold Update
    To: GoldMoney List Server <dgcchatat_private>
    Organization: Crowne Gold
    Reply-To: <dgcchatat_private>
    To all for worldwide delivery.
    Update: Crowne Gold
    I wanted to brief the Gold community on the situation at Crowne Gold
    and apologize for the delay in coming back on-line after recent
    events. Crowne's staff is available and working even though servers
    have not been accessible.  Here's a brief overview of what happened
    and where we are:
    Crowne Gold was attacked by hackers who attempted to hijack U.S. $7
    million but failed.  They failed in part because members of the
    digital gold community quickly offered assistance to thwart their
    assault.  The level of cooperation was excellent.
    Hackers managed to breach part of the Crowne Gold system due to a
    key-logging program not recognized by the most up-to-date anti-virals
    that came in attached to an email directed to a customer service
    person.  The email was sent and received outside the normal encrypted
    email system provided within the Crowne Gold program.  This was not a
    frontal attack on the server but rather a carefully orchestrated
    process that engaged direct email interaction between the hackers
    (under alias) and a customer service person from their own
    By getting an administrator to respond directly to email, the hackers
    gained access to a computer half a world away from the front-end
    server and eventually captured administrative logons.  The primary
    server system was not attacked until 'Carnival' was in full swing in
    the Caribbean from whence Crowne Gold customer service functions are
    provided.  When it was discovered that hackers had penetrated the
    system, IP addresses were put under trace and the information gained
    was submitted to Interpol.
    Crowne elected to shutdown servers including front-end, back-up, and
    double mirror-backup systems in order to ascertain the extent of the
    penetration. Even the customer service network was shutdown until IT
    personnel arrived on site and made changes to secure these normally
    benign networks.
    The hackers were both clever and to some extent lucky, on the other
    hand, and as already pointed out, they failed to make even a single
    dollar out of the entire exercise.  However, we have been led to
    believe that they have attempted to blackmail other digital gold
    providers based on their ability to force the temporary shutdown of
    Crowne Gold.
    So where are we now?
    As you may be aware, Crowne Gold absorbed the former 3PGold whose
    front-end server was located at Havenco at the Principality of
    Sealand.  Havenco is physically secure but when the hackers accessed
    Crowne Gold's equipment at the Havenco server farm, there was no one
    on location at Havenco to support the several IT persons on the Crowne
    Gold side who desperately needed on site assistance.  It took several
    days for Havenco staff to respond to calls for assistance and then it
    became immediately apparent that those in communication were nowhere
    near the actual Havenco platform.  Hence Havenco is now a backup
    server in the new server structure, at least until Havenco is able to
    provide 24/7 support on-site.
    Considerable changes have been made which required the server systems
    to remain down longer than we would have liked but "safe rather than
    sorry" has been pretty much the by-line of the entire event.  There
    are a host of technology enhancements now taking place, both hardware
    and software, but to say more than this would probably be unwise.
    Again we apologize for the delay. We have been rudely educated. Yet as
    things go it has been a dramatic wake-up call and probably the best
    time possible for us to live through this experience.
    To our customers, the digital gold community, and new users, we
    apologize for this huge inconvenience. Rest assured we will be back
    online soon and with a system that is better suited for our future
    success together.
    I can be reached at sean@crowne-gold.com for further details regarding
    our position.
    Best regards,
    Sean Trainor
    Sean Trainor
    Crowne-Gold The worlds easiest way to buy,
    sell, hold and use gold as money.
    subscribe: send blank email to dgcchat-joinat_private
    unsubscribe: send blank email to dgcchat-leaveat_private
    digest: send an email to dgcchat-requestat_private
    with "set yournameat_private digest" in the message body
    --- end forwarded text
    R. A. Hettinga <mailto: rahat_private>
    The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
    44 Farquhar Street, Boston, MA 02131 USA
    "... however it may deserve respect for its usefulness and antiquity,
    [predicting the end of the world] has not been found agreeable to
    experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 09:09:42 PDT