The Anatomy of the Ian Balina Hack of 2 million in cryptocurrency

This week a popular youtuber Ian Balina a cryptocurrency evangelist was hacked of almost 2 million in Ethereum tokens and other alt coins a snapshot of his portfolio is below. This news was quite shocking for many people in this space as Ian does have a reputation as savvy ICO investor reputedly turning an initial investment of $90,000 US dollars into $4 million in under a year. Due to his transparency in showing his methods and showing his success he has built up a large social media following across YouTube , Facebook, twitter and Instagram. People are clearly looking to Ian for guidance, so I and others were quite surprised to discover how weak his defence system was in light of the resources he could deploy to have come up with a better system. Most individuals in the space with large portfolios usually keep their lucrative crypto gains on a hardware wallet such as a Trezor wallet or a ledger blue. Attacking these devices is difficult for an online hacker as they are seldom attached to the network and usually have mechanisms which make it difficult to establish through an infected computer which password the user is typing. I hope the other half of his portfolio is spread on 10 of these and locked away in a bank security vault! I can only assume that he chose to have these items in an online file as he planned to trade the tokens and did not want to carry a hardware wallet around the world with him as that would make him vulnerable to a “wrench attack” or an “evil maid attack”.  

So let’s have a look at how it was done, and inexpensively learn from poor old Ian’s mistakes. Ian kept the private and public keys to his Ethereum wallet in an encrypted file on the Evernote online platform. As long as he remembered the password to evernote.com he would be able to access  the files he created there to store his private keys. The hacker must of picked up a list of Ian’s most commonly used emails by researching his online content. They then must of probed each one by requesting a password reset request which possibly challenged the hacker to state which recovery address or method the email provider should use to perform the request. Even if they only showed a partial address it may have been enough for the hacker to guess the complete email address which turns out to be his old college address. So now they have the recovery address of his main email address but as yet cannot enter it. So, they need to put together a very authentic looking college admin email pretending to be from the college and claim there had been some unusual activity on his account and could he login via a link. Clearly you should be aware that this is spearfishing. This is where you prepare a bespoke email targeting one high net worth individual or a prominent person in a company with a view to get them to compromise their login password. I do feel for Ian Balina here because if the email is put together well and your in a bit of a lazy  mood you might not check the url and login on the link. I have done it myself when Btc-e went down and I received a timely email from WEX.nz admin. Fortunately I had no funds in that trading exchange so my guard was down and I took the bait and they stole my password, but like I said nothing was lost. 

Now here’s where the Hacker must have had patience or Ian neglected to realise the college email was the password recovery email of his main email account and had been compromised. Getting control of his main account would then mean they would have access to the evernote.com account if they initiated the password reset they would then be able to access the files containing the cryptocurrency private keys to his Ethereum wallets and tokens. Now the actual methods used are not disclosed in detail by Ian I have on extrapolated information from the very grey details I was able to pick up from posts online. 

Clearly if he had two factor authentication on all of these accounts and Authy (Password locked) instead of the popular Google authenticator it would of gone a long way to restricting the Hackers and perhaps given him the time to react. For example The hack took place while he was on a live YouTube stream  which seems the popular with hacks against YouTubers. I believe this is more about the victim being distracted and therefore not able to take the necessary steps to lock-down the affected accounts.

Hopefully we can learn from this crime and better protect ourselves and get help in accessing our security systems. If your interested in assessing your computers systems and security methods get in contact with us. We are also given out a free “Recovery email checklist” use the contact us form to request yours free.

 

Should you buy a Gaming Console or Invest in a Gaming PC

Should you buy a Gaming Console or Invest in a Gaming PC ?

 

It’s a great question should you buy a gaming  console with your hard earned money or spend a little extra and get that gaming pc you secretly desire. Well it depends, are you willing to spend the time and research to get the equipment that will deliver, as per your expectations. How far will your budget spread? Will a limited budget mean that you will have to build it all yourself, and how much research will need to be done to make sure your components are all compatible with each other? If you realise you can’t assemble the machine half way through the build as system components seem to be failing, do you have a plan B in place (That would be the telephone number of your local Game System builder). The video example on this page will show you the visual difference between the two and at the end of them both you will be somewhere closer to make that decision yourself. Also I can confirm you do not have to spend $10,000 on components to get a system running at 60 FPS that is easily possible on a 4K GPU starting at $250 surrounded by the right component including a SSD hard drive of good quality.

 

Need our help in either designing a build. Troubleshooting a build you have started. Or just some general questions. Get in touch where located in London and can serve customers physically in and around this area. We can of course help other users via email around the globe. Let us know in the comments what your decision was on buying a Gaming Console or Invest in a Gaming PC, we would love to know.

Just enjoy the experience on a 4k GPU card at 60FPS (From £220.00) below including the amazing detail of the helicopter scene at 3 mins 14 sec: