Re: The $7 million hack (was re: [dgc.chat] Crowne Gold Update)

[Tim May]

On Monday, August 26, 2002, at 08:37  PM, R. A. Hettinga wrote:

 --- begin forwarded text

 Date: Mon, 26 Aug 2002 19:14:44 -0400
 From: Sean Trainor [EMAIL PROTECTED]
 Subject: [dgc.chat] Crowne Gold Update
 To: GoldMoney List Server [EMAIL PROTECTED]
 Organization: Crowne Gold
 ...
 Update: Crowne Gold

...long account of nature of intrusion elided

 By getting an administrator to respond directly to email, the hackers
 gained access to a computer half a world away from the front-end server 
 and
 eventually captured administrative logons.  The primary server system 
 was
 not attacked until Carnival was in full swing in the Caribbean from
 whence Crowne Gold customer service functions are provided.  When it was
 discovered that hackers had penetrated the system, IP addresses were put
 under trace and the information gained was submitted to Interpol.

And what will happen if and when TLAs decide the best way to undermine 
confidence in upstart, anarchic extra-governmental banks who haven't 
been paying bribes and taxes for generations, like some Swiss banks, 
etc. is to hack them, drain the accounts, or at least shut them down for 
distressing amounts of time?

Will Interpol do anything when HMRG or POTUS was behind the attack?

And considering that CERT wants to be notified first of any identified 
weaknesses, and presumably they and others in HomeSec and other BlackOps 
TLAs know weaknesses not yet publicized or fixed, wanna bet whether they 
could attack many of the upstart offshore banks?

 As you may be aware, Crowne Gold absorbed the former 3PGold whose 
 front-end
 server was located at Havenco at the Principality of Sealand.  Havenco 
 is
 physically secure but when the hackers accessed Crowne Golds equipment 
 at
 the Havenco server farm, there was no one on location at Havenco to 
 support
 the several IT persons on the Crowne Gold side who desperately needed on
 site assistance.   It took several days for Havenco staff to respond to
 calls for assistance and then it became immediately apparent that those 
 in
 communication were nowhere near the actual Havenco platform.

You have just now realized that the Sealand platform is minimally 
staffed?  We heard this a couple of years ago, straight from people who 
ought to know. Seems to me that you have not done due diligence

(I mean, how can Ryan be on the platform and also be on his way to 
Burning Man? (As an example...I haven't heard from Ryan in a long while, 
but I know that at one time he was administering the Sealand routers and 
boxes remotely.)

 Again we apologize for the delay. We have been rudely educated. Yet as
 things go it has been a dramatic wake-up call and probably the best time
 possible for us to live through this experience.

This will not be the last such attack. Nor could it be expected to be.

Banks have been robbed, blackmailed, threatened, and even burned for 
thousands of years. If digital banking (in its various forms) is 
successful at all, it will be attacked.

Some will try to attack these banks because that's where the money is, 
as Willie Sutton used to say. Others will attack because of the threat 
the digital banks pose, to other banks, to tax collectors, to the status 
quo. For this second class of attackers, disrupting or tarnishing the 
reputation of the operation is enough.

Much more could be said on this.

--Tim May

The $7 million hack (was re: [dgc.chat] Crowne Gold Update)

[R. A. Hettinga]

--- begin forwarded text


Status: RO
Date: Mon, 26 Aug 2002 19:14:44 -0400
From: Sean Trainor [EMAIL PROTECTED]
Subject: [dgc.chat] Crowne Gold Update
To: GoldMoney List Server [EMAIL PROTECTED]
Organization: Crowne Gold

To all for worldwide delivery.


Update: Crowne Gold

I wanted to brief the Gold community on the situation at Crowne Gold and
apologize for the delay in coming back on-line after recent events.
Crownes staff is available and working even though servers have not been
accessible.   Heres a brief overview of what happened and where we are:

Crowne Gold was attacked by hackers who attempted to hijack U.S. $7 million
but failed.  They failed in part because members of the digital gold
community quickly offered assistance to thwart their assault.  The level of
cooperation was excellent.

Hackers managed to breach part of the Crowne Gold system due to a
key-logging program not recognized by the most up-to-date anti-virals that
came in attached to an email directed to a customer service person.  The
email was sent and received outside the normal encrypted email system
provided within the Crowne Gold program.  This was not a frontal attack on
the server but rather a carefully orchestrated process that engaged direct
email interaction between the hackers (under alias) and a customer service
person from their own workstation.

By getting an administrator to respond directly to email, the hackers
gained access to a computer half a world away from the front-end server and
eventually captured administrative logons.  The primary server system was
not attacked until Carnival was in full swing in the Caribbean from
whence Crowne Gold customer service functions are provided.  When it was
discovered that hackers had penetrated the system, IP addresses were put
under trace and the information gained was submitted to Interpol.

Crowne elected to shutdown servers including front-end, back-up, and double
mirror-backup systems in order to ascertain the extent of the penetration.
Even the customer service network was shutdown until IT personnel arrived
on site and made changes to secure these normally benign networks.

The hackers were both clever and to some extent lucky, on the other hand,
and as already pointed out, they failed to make even a single dollar out of
the entire exercise.  However, we have been led to believe that they have
attempted to blackmail other digital gold providers based on their ability
to force the temporary shutdown of Crowne Gold.

So where are we now?

As you may be aware, Crowne Gold absorbed the former 3PGold whose front-end
server was located at Havenco at the Principality of Sealand.  Havenco is
physically secure but when the hackers accessed Crowne Golds equipment at
the Havenco server farm, there was no one on location at Havenco to support
the several IT persons on the Crowne Gold side who desperately needed on
site assistance.   It took several days for Havenco staff to respond to
calls for assistance and then it became immediately apparent that those in
communication were nowhere near the actual Havenco platform.   Hence
Havenco is now a backup server in the new server structure, at least until
Havenco is able to provide 24/7 support on-site.

Considerable changes have been made which required the server systems to
remain down longer than we would have liked but safe rather than sorry
has been pretty much the by-line of the entire event.   There are a host of
technology enhancements now taking place, both hardware and software, but
to say more than this would probably be unwise.

Again we apologize for the delay. We have been rudely educated. Yet as
things go it has been a dramatic wake-up call and probably the best time
possible for us to live through this experience.

To our customers, the digital gold community, and new users, we apologize
for this huge inconvenience. Rest assured we will be back online soon and
with a system that is better suited for our future success together.

I can be reached at [EMAIL PROTECTED] for further details regarding our
position.

Best regards,


Sean Trainor



Sean Trainor
Crowne-Gold The worlds easiest way to buy,
sell, hold and use gold as money.
WWW.Crowne-Gold.com
[EMAIL PROTECTED]
727-418-4905



subscribe: send blank email to [EMAIL PROTECTED]
unsubscribe: send blank email to [EMAIL PROTECTED]
digest: send an email to [EMAIL PROTECTED]
with set [EMAIL PROTECTED] digest in the message body

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'