A second Bitcoin wallet service is facing security issues today after it was discovered that you can find Coinbase user information simply by searching on Google.

The company warned users yesterday that a phishing email was spreading around, asking for people to enter their Coinbase information on a website not affiliated with Coinbase. Ars Technica connected it to what we hope is a bug or fixable oversight that shows Coinbase user information in search results.

Coinbase, which acts as a digital wallet for Bitcoins, also allows merchants to put a “Pay with Bitcoin” button on their websites, as a Redditor pointed out. Those Pay with Bitcoin buttons display your name, email address, and Bitcoin address and lead you to a transaction page. Google indexes that transaction page, and while it seems it does not display the actual transaction, it will show your Bitcoin address in searches.

“It’s unclear which emails received the above message, but there doesn’t seem to be any clear link between those we’ve seen and our user database,” said Coinbase in its blog post.

The issue comes soon after another digital Bitcoin wallet called Instawallet was hacked into on Tuesday. At the time, Instawallet announced it was halting its service “indefinitely” because the way it was hacked rendered the entire service permanently vulnerable. The company says it is having to go back to the drawing board to rethink the way Instawallet will work technically.

Yesterday, Bitcoin market Mt. Gox experienced outtages, which it explained were actually denial of service attacks.

As a commenter on our post about the issue pointed out, this isn’t really a mark on Bitcoin itself. It seems the tools we use to store and trade Bitcoins are insecure, but the currency itself might not be.

Bitcoin image via zcopley/Flickr

MIT acknowledged it has been experiencing a series of distributed denial of service attacks since January 13, a day after coder and activist Aaron Swartz committed suicide.

Swartz faced heavy punishment, including jail time and a $1 million fine, for siphoning off millions of JSTOR documents using MIT’s network. In the aftermath of his January 11 suicide, Anonymous, a hacktivist group, claimed to attack MIT’s system in retaliation. Anonymous’ weapon of choice is usually a DDoS attack, which overloads servers with traffic, causing them to shut down, and defacement of websites.

MIT says the attacks caused those on the school’s networks to lose Internet connectivity and delay emails.

On the first January 13 attack, Anonymous defaced MIT’s network, saying Swartz’ prosecution was a, “grotesque miscarriage of justice, a distorted and perverse shadow of the justice that Aaron died fighting for — freeing the publicly funded scientific literature from a publishing system that makes it inaccessible to most of those who paid for it.”

MIT explained in a blog post that its systems were shut down on January 13, followed by an email outage “lasting four to six hours” five days later. Then, on January 28, MIT experienced more delays in its email service, and found the MIT website inaccessible from outside the campus.

Whether all of these attacks were associated with Anonymous is unknown, though the connection between MIT, Swartz, and the attacks is obvious.

MIT says it has “taken several measures, such as installing filters to block problematic traffic or content.”

MIT image via Shutterstock

U.S. “intelligence officials” believe Iran could be the force behind a number of attacks on banking institutions in the United States, according to the New York Times. The attacks, which started in September 2012, focus not on stealing money, but on knocking the bank websites offline.

Financial institutions have had reinstate their websites after cyber attacks overload them, knocking them offline. The affected banks include Bank of America, Wells Fargo, Capital One, HSBC, and Citigroup.

When VentureBeat reached out to Bank of America, the institution said it had no comment on the suggestion that Iran could be behind the attacks.

But James A. Lewis, the director and senior fellow for the technology and public policy program at the Center for Strategic and International Studies, told the Times, “There is no doubt within the U.S. government that Iran is behind these attacks.”

Lewis previous served as an official within the U.S. State Department and the Commerce Department.

The cyber aggression comes in the form of denial of service attacks. These attacks send packets of information at a rate much higher than a server’s ability to process them, overloading the server, and shutting down the website. It’s a fairly common attack since the onset of Anonymous, a group of hackers known for taking political stances and for their propensity to protest using denial of service attacks.

As Forrester analyst John Kindervag notes to the Times, however, the suspected hackers are using more sophisticated methods in their DDoS attacks. Where these attacks are usually launched from individual computers, it seems the attackers have rallied whole cloud networks to send off huge amounts of traffic to the bank servers.

That means Iran, if it is the culprit behind the attacks, could either be building its own private cloud network or somehow stealing less secure, but already established private clouds from other companies. With networks being used to launch the DDoS attacks, that banks are being hit by a substantial force.

Officials also believe the attackers are using a new form of DDoS called encryption denial of service. Since banks process a number of encrypted transactions dealing with the type of data they do, attackers can send hundreds of thousands of encryption requests to overload the servers.

Tactics as complex as these support the idea that the attacks are state sponsored.

A number of groups have come forward to claim the attacks, such as Izz ad-Din al-Qassam Cyber Fighters, who say they attacked the banks because of an offensive video. Others such as a cyber criminal known by the handle “vorVzakone,” posted intent to hack the banks in a campaign called “Project Blitzkrieg” on a Russian forum in September. VorVzakone , however, suggested attackers would hit the banks with malware and actually steal information rather than just knock down websites. Still, McAfee gave weight to vorVzakone’s post, saying Project Blitzkrieg is a “credible threat.”

It seems officials think the former group may just be a front for state sponsored attacks out of Iran, which could be retaliating for recent cyber attacks believed to be joint efforts by the U.S. and Israel. The attacks could also be connected to economic sanctions against the country in recent years.

Bank image via Shutterstock

Researchers at Doctor Web found a new trojan app in the Google Play store that can launch distributed denial of service attacks when opened.

Android.DDoS.1.origin, as it’s called, is Russian and disguises itself as the Google Play icon once downloaded. When opened, the app takes its victims to the actual Google Play store so as to distract the user. In the background, however, it searches for its command and control server — and if a connection is made, the app sends the infected phone’s number to the criminals. These hackers then administer commands to the app via text messages.

Commands include launching a DDoS attack or sending other text messages. Doctor Web suggests that the text message function could be used to spam others in the phone’s contact list, prompting them to either download the app or something else the hackers are pushing.

Nowadays when we think of DDoS attacks, we often are reminded of Anonymous, the hacker collective that launches a number of these attacks in the name of political protest. We’ve seen DDoS attacks take down a number of important websites including the CIA’s, financial institutions, and others. These attacks send large amounts of traffic toward a certain website’s servers in an attempt to overload the system and shut it down.

With this app, however, hackers with DDoS intentions are roping in innocent bystanders to do the dirty work. This isn’t the first time we’ve seen a campaign like this. In the case of the CIA website’s take down, Anonymous was accused of distributing links on Twitter to low-orbit-ion-canons (LOIC). These “cannons” send thousands of packets of information to a targeted server per second. When the Twitter links were clicked on, unsuspecting visitors would suddenly be roped into the attack.

Doctor Web goes on to say that the app can cause the phone to perform poorly, and can actually run up the owner’s bill by texting premium numbers.

hat tip The Next Web; Android image via Shutterstock, App image via Doctor Web

Zooming in on November and December 2012 it’s not hard to spot when Thanksgiving 2012 happened. Fully 1/5 of the attacks that CloudFlare saw in November and December (so far) happened on the Thursday and Friday of Thanksgiving:

In the past we’ve seen drops in DDoS attacks on some holidays because the home and office machines used as bots in those attacks have been turned off. For example, this year we noticed a large drop in attack activity on Earth Day (when people are encouraged to switch off their machines to save the planet). But this year’s Thanksgiving attack statistics indicate that plenty of hacked machines were online through the holiday.

But what does this tell us about the coming Christmas holiday period? To answer that we can look back to December 2011. CloudFlare has DDoS data for December 11, 2011 to January 1, 2012 which shows two distinct peaks of attack activity: one just before Christmas and one just after.

So, if 2011 is a guide DDoS attackers will be taking a few days off over Christmas, but will be keeping the pressure on just before and immediately after. That’s probably not a surprise as some fo the attackers will be attempting to disrupt businesses during critical periods for pre- and post-Christmas sales.

Even though there’s a Christmas lull, that doesn’t mean that CloudFlare staff will be letting down their guard, however. We’ll be here working to ensure that whenever attacks arise and from whereever we’re ready to absorb and deflect them.

John Graham-Cumming is the lead programmer at CloudFlare, the content delivery and security network. Prior to CloudFlare he worked at a number of startups and created the award-winning POPFile email machine learning software. He knows way too much about GNU Make having self-published a book entitled GNU Make Unleashed. He joined CloudFlare to take on the task of ‘patching the Internet.’

photo credit: kevin dooley via photopin cc

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

Security researchers at McAfee labs believe Project Blitzkrieg, a plan to use malware to steal money from 30 banks in the U.S., is a real threat not to be taken lightly.

The security company released a report about the project that was originally announced in September on a Russian forum. A cyber-criminal by the handle “vorVzakone” originally posted the intent to hack into 30 banks across the U.S. and steal information and money using a trojan. A trojan is a type of malware that secretly enters a computer system by pretending to be something innocuous.

McAfee says that the forum post originally called for developer help and said the trojan would be launched within a few weeks. Timing for the attacks have not been confirmed, though a number of banks were recently hit with denial of service attacks (DDOS) that took down their websites. DDOS attacks work by flooding a system’s servers with traffic, causing it to overload and shut down. This kind of attack does not actually reach the inside of the system, allowing hackers access, but is sometimes used a diversion tactic while hackers silently gain illegal access to the servers.

“McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned. Not only did we find evidence validating the existence of an early pilot campaign operated by vorVzakone and his group using the Trojan Prinimalka that infected at a minimum 300 to 500 victims across the United States, but we were also able to track additional campaigns as a result of the forum posting,” said McAfee Labs threat researcher Ryan Sherstobitoff in the report.

McAfee believes the trojan in use here is called Prinimalka, a piece of malware originally built in 2008. VorVzakone’s forum post also said that the trojan had already stolen $5 million from unknown institutions.

Bank of America image via Shutterstock

Where political discord exists, Anonymous will be there. The hacktivist group went after Israeli websites last night after the Israeli Defense Forces began live-blogging and tweeting its attack on Hamas in the Gaza Strip.

Anonymous, which often makes its point by taking down websites, aimed distributed denial of service attacks what it claimed to be 40 Israeli websites, according to the New York Times. A DDOS attack knocks a website offline by sending a rush of traffic to the site’s servers, eventually causing it to overload and collapse. The group posted about its efforts on Pastebin, where Anonymous often announces and updates the public on its attacks, in a post called “OpIsrael.”

“Anonymous does not support violence by the IDF or by Palestinian Resistance/Hamas,” the group said in the announcement. “Our concern is the for the children of Israel and Palestinian Territories and the rights of the people in Gaza to maintain open lines of communication with the outside world.”

The New York Times notes that while Anonymous claims to have taken down up to 40 websites, it was likely only successful in taking down a few.

The Anonymous action might have also stemmed from IDF’s use of social media during its attacks. Yesterday, the defense force used its blog to post videos and photos of the attacks, including a video that reportedly shows a car carrying Hamas military leader Ahmed Jabari being blown up. IDF later tweeted a photo of Jabari with the word, “eliminated” superimposed over him.

Today, IDF added a Foursquare-like badge system to its blog, supplying “IDF ranks” for different levels of interaction a visitor has with the site.

Anonymous image via Shutterstock

Eager content-deprived pirates were flummoxed on Wednesday by the news that The Pirate Bay had been taken offline by a massive distributed denial of service (DDoS) attack.

While suspicions were almost immediately leveled at the hacktivist group Anonymous, The Pirate Bay quickly denied the group’s involvement.

But one decidedly anti-Pirate Bay hacker named “Nyre” who is taking responsibility, ZDNet reports.

“The Pirate Bay was a press-release website for Anonymous, then I had a idea, why not take it down? Why not make it impossible for Anonymous?” Nyre said in a post on PasteBin titled “The Reason“.  (Nyre, was, of course, slightly off-base with his assessment. The Pirate Bay and Anonymous aren’t exactly allies, having disagreed on a variety of fronts.)

Nyre initially said his intention was to keep the site down for a week, but the hacker didn’t quite meet his ambitions.

So, to recap: The Pirate Bay wasn’t taken down by Anonymous. It was, however, taken down by a rogue former agent of Anonymous, who now hates Anonymous and Pirate Bay equally, more or less. It’s a narrative that James Bond creator Ian Flemming would be proud of.

As for The Pirate Bay itself, the site is celebrating its return with a special phoenix-themed home page. Let the piracy re-commence.

Hacker photo via Shutterstock