Wiping Your Old Android Device Isn’t Enough

 

pileofcellphones(x-ray)

The average user’s upgrade cycle for smartphones and tablets is around two years. If the old device is still in good shape once the user upgrades, individual users and small businesses usually sell it or pass it along to someone else. Big companies send obsolete devices to companies that specialize in recycling end-of-life electronics. Most users just perform a factory reset before sending the device on its way, but a recent finding by security software company Avast illustrates that this assumption is false.

Avast employees purchased 20 used smartphones from eBay and used readily-available data recovery software to browse through the wiped devices using a PC. They were able to recover over 40,000 photos, 750 messages and 250 contacts. They also managed to identify four previous users and found a completed loan application with enough information to perpetrate identity theft.

Why wiping your device doesn’t delete your data

The factory reset or wipe feature on an Android device doesn’t actually remove the data from the device’s storage. When it comes to deleting files, the system Android uses is very similar to the hard drive on a computer. It uses an index of pointers to keep track of the location of different files. When you wipe your device, the operating system only resets the pointers and marks the space open for overwriting. The actual information is still present until the device overwrites the space. Until then, anyone with access to the device, a computer, a data cable and the right software can find and open the deleted files.

How to make sure your information is gone for good

1. Enable Encryption on Your Device

Google included a standard encryption feature starting with Android 3.0. When you encrypt the data before wiping the device, the device prompts you to enter an encryption key. Without the key the information is unreadable. The default location for this setting in stock Android is Settings>Security>Encryption. Device manufacturers and developers can customize Android to their own specifications, so check the manual or contact support if you can’t find it.

android-encrypt

2. Save personal files on a removable memory card

If your device has a memory card slot, use a microSD card to store your photos, videos and other personal files. When you remove the memory card, the data goes with it.

3. Load junk data

After wiping your device, use a computer to transfer files into the memory and fill up the available storage space. Any large file without sensitive information will work. After the transfer is complete, wipe the device again. Doing this will overwrite your personal files, so anyone trying to browse through them will only find the junk files.

4. Install adequate security software

Avast’s has a vested interest in pointing out the problem because they provide a free Android app that allows you to secure your device and permanently delete the data. For an added fee there are other useful services such as remotely wiping the data in case you lose the device. They aren’t the only game in town, so browse through the Google play™ store and choose an app that fits your needs.

When you decide it’s time for an upgrade and want to dispose of your old Android device, don’t just wipe it and consider the job done. Take a few minutes to clear the data the right way and you won’t have to worry about the new owner getting your personal information.

TSA Bars Dead Electronics from Certain Incoming International Flights

56440_low_income_health__battery-low

On July 6th the United States Transportation Safety Administration announced passengers flying into the U.S. from Europe and the Middle East will soon have to power on their cell phones and other electronic devices. If the device will not power on, it won’t be allowed on the plane. The TSA has required international passengers to power on laptops for many years, but until Sunday smaller electronics were exempt.

pan-am-bombing

While the TSA has stated there’s no specific threat, the administration is concerned that terrorists may hollow out the devices and use them to conceal explosives. It’s not as farfetched as you might think. In 1988, Pan Am Flight 103 was brought down by a bomb hidden in a cassette player. Cell phones were also used to detonate explosive devices on public transportation in Europe in 2004 and 2005. Since then explosives have gotten smaller and harder to detect.

Here’s a list of things you can do to make sure your cell phone can come on the flight with you once the new rules go into effect:

  • Make sure your phone is charged prior to arriving at the airport. Don’t count on being able to charge your phone while you’re there. Available outlets are few and far between at many airports and competition can be fierce.
  • If your phone has a replaceable battery, carry a spare and keep it charged.
  • Invest in a portable battery pack or battery case. They provide extra power, even to phones with sealed batteries. If you carry a laptop, you can use it as a portable battery in a pinch.
  • Carry your charger and extra cables in your carry-on bag. A portable power source won’t do you much good if you can’t connect it to your phone.
  • Turn off your phone or use airplane mode when you don’t need to make or receive calls. Many phones have trouble picking up signal at airports due to radio interference. While the phone is searching for service, the battery drains much faster. You may find your phone has gone dead during a long layover.

41OLCwoaiVL._SY300_

Right now the changes only apply to passengers on international flights coming into the United States, not passengers on domestic flights. However, that could change at any time. All it took was one person with bombs in his shoes for the TSA to require everyone to remove their footwear at security checkpoints.

Safeguarding Digital Evidence on Wireless Devices

cellphone-evidence-bag-580x326-131617

On June 25th, the US Supreme Court struck a blow for digital privacy rights by ruling that in most cases police must get a search warrant before searching a suspect’s cell phone. The court ruled unanimously on two separate cases, one involving a feature phone and the other a smartphone.

There’s no question any cell phone can contain data that could be helpful in a prosecution. Photos, call records, text messages and emails can link the owner to crimes, victims and known criminal accomplices. There are a few cases where law enforcement personnel can search a phone without a warrant, such as when not examining the device would endanger public safety. For example, if a bomber or kidnapping suspect were apprehended and the police needed to search their device to prevent greater harm.

The process for obtaining a search warrant can take anywhere from a few hours to several days. This leaves law enforcement personnel with the dilemma of how to safeguard any information on the device until they can obtain the warrant.

Bad Guys Can Reach Out and Delete Some Evidence

Don’t make the mistake of thinking just because the phone is out of the suspect’s possession it means the data on the device is safe. Some phones allow the user to wipe or alter the information over the Internet, and it’s not just limited to smartphones. An accomplice or a suspect out on bail could change or delete incriminating evidence such as call logs and contact numbers without even touching the phone.

google-remote-wipe

Even turning the phone off isn’t a safeguard, since it will receive and carry out the change or wipe as soon as it connects to the cellular network. While law enforcement personnel can isolate smartphones from the network by activating airplane mode, most feature phones lack this ability and many owners secure their phones with access codes anyway.

Cutting Seized Phones Off From the Wireless Network

The solution to this remote alteration problem lies in Faraday evidence bags. Faraday look similar to the familiar static shield bags used to protect electronics sensitive to static shock, but don’t be fooled into thinking they’re the same thing.

faraday

Cell phones communicate wirelessly by sending and receiving electromagnetic radio waves. A Faraday bag isolates the cell phone from radio waves and prevents communication with the outside network by completely surrounding it in conductive material. Since the electromagnetic waves do not penetrate the bag, the cell phone is completely cut off from the wireless network. If you’ve ever dropped a call when riding in a metal elevator, you’ve seen this effect in action.

When law enforcement personnel seize a device, they should turn feature phones off and place smartphones into airplane mode. Since the phone doesn’t have any signal inside the bag, the battery will run down quickly as the device continues to search for service.

Cell phones with touchscreens should be wrapped in protective padding to prevent accidentally activating the touchscreen through the material. While capacitive touchscreens will not work through the Faraday bag, resistive touchscreens are sensitive to simple pressure. If in doubt, wrap it up.

IMG_7428

Before law enforcement personnel can secure the phone, they need to find it. Here at BVS, we’re the phone-finding experts. Our line of cell phone detection equipment can locate cell phone from up to a mile away and find them hidden inside other objects, even people. Contact us today for advice on finding and safeguarding digital evidence on mobile devices.

Kidnapping Orchestrated by Inmate With Cell Phone

Screen Shot 2014-07-02 at 7.54.06 PM

It seems every week there’s a story in the news about the number of cell phones confiscated from prison inmates. A recent incident in the American south provides a dramatic illustration why correctional facilities cannot afford to allow this problem to continue.

In 2012, a North Carolina gang member with a long history of violent felonies named Kelvin Melton received a life sentence for ordering the shooting of his ex-girlfriend’s new boyfriend. Melton swore revenge and in March 2014, he acted.

Screen Shot 2014-07-02 at 7.55.03 PM

Melton was on maximum control status at Polk County Correctional Facility, but somehow managed to get a cell phone. He contacted accomplices from inside the prison and tried to arrange for the kidnapping of a family member of the court-appointed attorney who defended him at trial. For unknown reasons the plan was called off, but sometime in late March or early April he contacted the accomplices and told them to change targets to the Wake County Assistant District Attorney.

The kidnappers looked up the information online but somehow got the address for Frank Arthur Janssen, the father of the prosecutor who sent him to jail. On April 5th, a team of kidnappers travelled from Atlanta to the Raleigh area of North Carolina, with Melton calling them several times during the trip to give instructions.

When Janssen answered a knock on the door, they forced their way inside and immobilized him with a stun gun. They put him in handcuffs, pistol whipped him many times and brought him back to Atlanta in a rental car.

On Monday, April 7th Jenssen’s wife Christie received a text message threatening to send him home in “six boxes” if she contacted authorities. Early on April 9th, she received a picture message with a photo of him tied to a chair and a threat to start torturing him the next day.

Later that night, Melton received a text message from the kidnappers confirming they had a shovel, a car and a spot to dispose of the body. He immediately called them back with instructions to kill Jenssen if his demands were not met or they lost contact with him for more than three days.

By that night, the authorities had determined Melton was orchestrating the kidnapping from behind the bars. When correctional officers entered his cell, he tried to destroy the phone by smashing it. Fortunately, the authorities were able to locate of the apartment were the kidnappers were holding Jenssen. Just before midnight on the 9th they stormed the apartment and rescued him unharmed. Three suspects were picked up later in a Tahoe with a gun, two shovels and a pick.

In the week before the kidnappers were caught, Melton was in regular contact via cell phone. He made at least 123 calls or text messages to his accomplices. Unmonitored communication by inmates presents a serious threat to the general public, court employees and their families. Correctional facilities must do everything they can to keep cell phones out of the hands of dangerous criminals.

BVS offers a full line of cell phone detection equipment that helps correctional staff sniff out contraband phones no matter where they hide, at a cost much lower than other detection methods. Contact us today for a solution that fits your facility.

References:

http://news.nationalpost.com/2014/04/23/i-will-start-torchering-gang-kidnapped-wrong-person-in-plot-directed-from-behind-bars-police-say/

http://www.hngn.com/articles/28644/20140411/fbi-news-fbi-update-fbi-rescues-kidnapping-victim-north-carolina-man-kidnapped-frank-arthur-janssen-frank-arthur-janssen-update-wake-forest-man-kidnapped.htm

http://bigstory.ap.org/article/fbi-team-has-rescued-nc-kidnap-victim-atlanta

Think only the military has drones? Think again.

drone-POV

Just a few years ago, only militaries and government agencies had access to sophisticated drones, but today anyone can buy them for just a few hundred dollars. The basic hardware has been around for decades in the form of remote-controlled helicopters. Today drone operators can equip them with high-definition cameras, Wi-Fi detection tools and other sophisticated equipment.

It’s important to remember that drones can have a positive impact on our daily lives. A company in San Francisco is testing drones that could be used to deliver medicine to people in under 12 minutes. Last month a company in India made the first pizza delivery by drone. Wildlife officers are using them to track wild animals, scare away problem geese and detect poachers. But what was once just a fun toy for hobbyists now has the potential to help criminals spy on you, deliver illegal goods and steal valuable information.

Wi-Fi Hacking

wifi

When you connect your smartphone or tablet to a Wi-Fi hotspot, it remembers the network information. When you leave the Wi-Fi feature turned on, the device constantly scans for these remembered connections unless it’s connected to another hotspot. Hackers can install software on their drones that fools your device into thinking it has connected to a remembered hotspot. Once your device is connected, the software can capture sensitive data such as the device’s unique MAC address, usernames and passwords.

Drone Spying

Just a few days ago the French World Cup soccer team complained they were spied upon by a drone while practicing in Brazil. The controller can fly the drone by remote control, but they can also have the drone lock onto a specific device or person and follow them on its own.

Drone Contraband

As the medicine and pizza delivery drones illustrate, drones can deliver small payloads. While there’s nothing wrong with getting some aspirin delivered to your house, criminals could use them to deliver illegal drugs without risk to themselves. Remote-control helicopters have already been used in attempts to smuggle contraband cell phones into prisons in Taiwan and Brazil. In November 2013 prison officials in southwest Georgia arrested four people for delivering rolled-up tobacco into a prison using a drone. While all of these efforts failed and the contraband was intercepted, there’s no telling how much literally flies under the radar.

What You Can Do

Like many other technologies, the law has yet to catch up with the increasing sophistication of drones. The Federal Aviation Administration has issued a small number of drone permits to researchers and law enforcement agencies, but Congress has ordered the restrictions relaxed by 2015. Most states have no specific legislation against them, and the FAA estimates up to 30,000 civilian drones could be flying by 2020. The organization is still in the process of deciding what restrictions will apply once the date arrives.

In the meantime, always make it a habit to turn off your device’s Wi-Fi feature when you’re finished using it or leave the area. Not only does it prevent your information from getting stolen, it saves the device’s battery life as well.

Reference:

http://www.wsbtv.com/news/news/local/4-arrested-trying-smuggle-contraband-jail-using-re/nb6Q5/

How Prisoners Conceal Phones on the Inside

Finding phones is imperative, since inmates with unmonitored communication pose a risk to the public and to prison staff. Prisoners have used contraband phones to intimidate witnesses, torment victims, threaten officials and coordinate escape attempts. In 2005, an inmate in Tennessee used a phone concealed in a jar of peanut butter in an escape attempt that led to the murder of a corrections officer.

penutbutter

Being caught with a phone results in confiscation, and the prisoner risks additional prison time and losing good behavior privileges. Inmates are endlessly inventive when it comes to hiding contraband cell phones. Let’s look at some of the places prisoners hide their phones and the accessories.

Where’s the Phone?

Prison officials have found phones hidden in toilets and sinks, mattresses, prosthetic limbs, hollowed-out Bibles, stacks of legal papers, furniture and shoes. They can also hide cell phones inside the cell itself, hollowing out spaces in the walls, around access panels and above drop ceiling tiles. These spaces can be especially difficult to spot, since prisoners can put the phone in a baggie and hang the baggie with a piece of dental floss.

hidden_cellphone

Food and cosmetics containers are another popular hiding place, since the strong smell makes it harder for cell phone sniffing dogs to find them. Inmates can hide phones inside liquid containers by creating a dry compartment with a false top and bottom, similar to our covert water bottle for hiding cell phone detectors.

 

Where’s the Charger?

A cell phone is useless with a dead battery. Prisoners often wire chargers into other electronic equipment allowed in their cell. Inmates have powered phones using TVs, portable fans, light fixtures, radios and electric shavers. If the electronic device is large enough, it can serve the dual purpose of hiding the phone while charging it at the same time.

 

Where’s the SIM Card?

SIM cards can be even more difficult to find. These plastic chips are about the thickness of a credit card and range from the size of your pinkie fingernail to about half the size of a postage stamp. They store the phone number, text messages and up to 250 contacts on GSM devices. In most GSM phones, the SIM card is located under the battery or in a small tray that slots into the side.

SIM

It’s easy for inmates to duplicate the contacts from one card to another so they have a backup in case the phone is found. If a GSM phone is found in a prisoner’s possession, there’s a good chance they have a second SIM card hidden somewhere. Look for them in areas where inmates hide other small items like drugs and shanks.

Our line of cell phone detection products can help prison staff sniff out phones no matter where they hide, whether they’re on or off. Contact us for a solution to cell phone headaches in your correctional facility.

Sources:

http://usatoday30.usatoday.com/news/nation/2008-07-10-2906880450_x.htm

How do Contraband Cell Phones Make it into Prisons?

 

kid_on_phone_handcuffs

Contraband cell phones are a huge problem for prison systems. Inmates use them to run their criminal empires, coordinate escape attempts, intimidate witnesses and order hits without interference from prison authorities. But before inmates can use them, the phones have to make it inside the prison. Today we’ll look at how phones fall into inmates’ hands.

Corruption of Prison Employees

In February of 2013, 17 corrections officers were charged with racketeering in Texas for smuggling cell phones to inmates. In 2012, 54 prison workers were accused of smuggling phones in California. 20 were fired, 13 had charges dropped and the rest were under investigation as of October 2012.

Corrupt employees pose a particular risk because they have close and repeated contact with many different inmates and can bring multiple phones in at the same time. Cell phones are worth up to $2,000 each to prisoners with financial resources, and unfortunately some prison employees are lured in by the promise of easy money. A California guard told investigators in 2009 he made over $100,000 a year smuggling phones. Others get involved in personal relationships with an inmate and give them a phone to communicate when they’re not at work.

Screen Shot 2014-06-09 at 10.24.49 AM

Smuggling by Outsiders

Visitors to the prison sometimes conceal phones on their person by hiding them in clothing and handbags, taping the phones to their bodies, inserting them in body cavities and tucking them in their hair. In facilities where security is not as strict, accomplices place phones in bags and throw them over the walls where inmates pick them up during exercise periods.

Others use more unusual methods. In 2004, the Associated Press reported authorities in Sweden arrested a man who shot a phone into a prison using a  bow and arrow. In 2011, prison officials in Thailand discovered a crashed remote-controlled toy helicopter with $84,000 in phones and equipment. They estimated the goods were worth up to $320,000 on the inside.

Packages and Shipments

Inmates often receive care packages from family members and friends on the outside, and sometimes those packages contain cell phones. Contraband phones have been discovered concealed inside a wide variety of items, including shoes, footballs, hollowed-out electronics, personal-care products and even loaves of bread.

Cell phones can also be concealed inside authorized shipments to the prison. A maximum-security prison in Indiana reported as many as 10 cell phones were smuggled in via a truck delivering dry goods. The phones were never found, even after strip-searching inmates and sweeping their housing units. An Australian milkman was arrested in 2010 for placing phones inside waterproof bags and hiding them inside resealed milk containers.

pockethound WatchHound Wolfhound-Pro

Tools to Keep Phones Out

Prison officials often feel like they’re fighting against the tide trying to keep cell phones out of their correctional facilities. For every phone they discover, there are multiple devices that make it inside and end up squirreled away inside mattresses, cell walls, hollowed-out books and a million other potential hiding places. BVS offers a complete line of cell phone detection equipment designed to help officials intercept them before they make it into inmates’ hands. If your prison facility is experiencing problems with contraband phones, contact us today for assistance.

References:

http://www.cnn.com/2013/02/27/justice/texas-prison-guard-arrests/

http://www.nbcnews.com/id/6596428/ns/world_news-weird_news/t/phones-shot-prison-bow-arrow/

http://gizmodo.com/5843931/smuggling-cell-phones-into-a-prison-with-a-toy-rc-helicopter-is-a-great-ideaif-you-dont-crash

http://www.theindychannel.com/news/call-6-investigators/prison-officials-see-variety-of-smuggling-tactics-to-get-cellphones-into-correctional-facilities

http://www.dailymail.co.uk/home/moslive/article-1273197/How-smuggled-mobile-phones-used-prisoners-commit-crimes-cells.html

7 Simple Ways Business Owners Can Protect Routers From Malware

Routers are basically very specialized computers, and unfortunately they can get malware too. Routers are susceptible to altered firmware installed by hackers and software worms that replicate directly through the network. A compromised router can allow hackers to steal data and gain access to other devices on the network, so it’s important to keep your router secure.

routers

1. Invest in business-grade routers

A router is a router, right? Well, not quite. Consumer-grade routers lack the scalability and security features of business-grade hardware. A consumer usually runs no more than one router, and their main security concern is keeping the neighbor next door from mooching free broadband off their Wi-Fi connection. Business-grade routers offer better scalability and tighter security, and when malware or security flaws are discovered the manufacturer has more incentive to fix the problem quickly.

 

2. Change the username and password

This is hands down the easiest and most important thing you can do to safeguard your router against hackers. Any router’s default username and password are available to anyone who cares to browse through the user manual or check the manufacturer’s web site. There are even lists floating around with the default login information of hundreds of models.

Free Public WiFi

3. Change the Wi-Fi network name

When you set up a Wi-Fi network on a wireless router, the router will typically choose a network name based on the model or manufacturer. Anyone in range can view the list of available public networks, and the name can give them information on how to start breaking in. Even if you have the network set to hidden, it’s still a good idea to change it since there are scanners capable of detecting hidden network traffic.

 

4. Avoid weak authentication protocols

Some malware can spread from one router to the next, or to PCs connected to your Wi-Fi network. Avoid using weaker authentication protocols like WEP and WPA, and choose a strong authentication key with at least 13 characters.

 

5. Keep the firmware up to date

The firmware in a router is similar to the operating system in a PC, and manufacturers regularly release updates to fix bugs and improve performance. Check the manufacturer’s web site for updates, and sign up for email or text alerts for firmware updates if they offer it.

remote_access

6. Disable remote administration

Most routers have remote administration capability, so technical personnel can access the router without being present. Disable this feature unless you need it. If you decide to keep it enabled, limit access to a specific number of trusted IP addresses.

 

7. Turn off services you don’t use

Modern routers are controlled using a small network of linked HTML pages hosted in the device itself. Take a few minutes to go through the pages and familiarize yourself with the settings that are enabled by default. Then ask yourself if you really need the service. If not, turn it off. The less services you have enabled, the fewer possible weak points.

Since routers interface directly with devices on the network and act as a gatekeeper to the Internet, router security should be foremost in the mind of any business owner looking to keep their assets safe. Implementing these solutions will go a long way toward keeping malware off your network.

4 Simple Ways to Keep Your Business Secrets Safe

corporate_secrets

Governments have been using cyber espionage to spy on one another almost as long as the Internet has been around. Likewise, cyber crime is nothing new. Until relatively recently, the two were distinct. Governments stole military secrets from other governments, and criminals stole money from banks and private enterprises.

Now the two have come together. Companies must deal with hackers backed by foreign governments out to steal trade secrets, research data and other valuable information. The recent accusation of five Chinese military officials on hacking charges is just the latest development in a dispute that has been simmering for several years.

Most companies don’t have the unlimited resources of the government, so let’s look at some simple ways every company can keep their intellectual property safer.

email

Don’t open unexpected emails

A surprising number of attacks begin with an employee at the victimized company opening a phishing email. These emails carry a malware attachment or contain a disguised link that directs the reader to a web site that installs malware on the host computer. Once the computer is compromised, the attacker can use it to steal data directly or impersonate the user and send more phishing emails to gain greater access. Instruct employees not to open any emails they were not expecting, and to verify directly with the source if they receive a message that might be suspicious.

Keep antivirus updated

Antivirus software is an important first line of defense against malware, but you can’t rely on it totally. Hackers with government backing can create their own malware from scratch, and new malware may not be recognized as a threat. Still, many attackers are not so sophisticated and use variants of known malware.

 

Screen Shot 2014-05-23 at 11.58.01 AM

Keep software and operating systems updated

Sometimes a savvy hacker doesn’t even need malware to crack a system. The recent Heartbleed bug is a good example. It affected webservers running OpenSSL and only required a hacker to send a command to an afflicted server to have it return potentially valuable data from a random chunk of memory. A fixed version was released the same day the bug was officially announced, but more than a month later almost 1,300 of the 200,000 most popular web sites were still vulnerable to Heartbleed.

When a software developer releases a security fix or patch, you can bet hackers are looking to exploit computers running older versions. Update your computers as soon as possible.

Keep private meetings safe from clandestine cell phones

While cyber attacks are in the news, sometimes trade secret theft takes place in person. In today’s business world, almost everyone carries a cell phone of some type. Even basic feature phones have the ability to record voice notes and low-resolution video. A smartphone can take HD pictures and video and record hours of conversation. Our line of cell phone detection products can sniff out phones whether they’re on or off, so you can keep your confidential meetings safe from electronic ears.

Protecting Your Bitcoin Wallet from Virtual Pickpockets

 bitcoinlock

Bitcoin is a form of worldwide electronic currency not tied to a specific country. This makes it a popular form of international trade, especially in countries where the local currency has little value. In November 2013, Bitcoins hit an all-time high of $1,124.76 US dollars. While the exchange rate has fallen in the last few months, they are still valuable enough to make Bitcoin users a target for fraud. Let’s examine some ways Bitcoin users can protect their wallets.

 

encryption_key

Use Strong Encryption

Bitcoin wallets use a public key for receiving money, and a private key for sending money. The keys are stored in a wallet file on your computer. The name of the file varies depending on the app you use, but for the original client it is wallet.dat. If the file isn’t encrypted, and your computer is compromised, it’s easy for a hacker read the private key and transfer the Bitcoins out of your wallet. The Bitcoin client allows you to encrypt the file with 256-bit encryption. You may also encrypt the file manually with whatever type of encryption you require.

 

Practice Strong Security Measures

Most major Bitcoin heists target exchanges and merchants that accept Bitcoins, but malware targeting end-users is becoming more popular. According to digital security firm Kaspersky Labs, malware attacks targeting virtual currency increased by 250% in 2013 and accounted for 8.3 million incidents.

Bitcoin malware comes in two forms: malware designed to copy the wallet file and send it to the attacker, and malware designed to use the device to “mine” Bitcoin keys by cracking them with brute force. The main concern for Bitcoin users is the former. The most recent large-scale theft used botnet malware dubbed ‘pony’ and compromised 85 wallets containing approximately $220,000 USD worth of virtual currency.

Malware designed to crack keys is not a direct threat to end-users, but it can sap processing power from the host device and leave it open to attacks from other malware. This type of software is not limited to computers. It has appeared on everything from DVRs to routers to smartphones.

Keep your computer antivirus up-to-date, and always change the default password on any device connected to the Internet. Choose passwords that contain at least 12 characters and a mix of numbers, letters and symbols.

 

wallet-in-ziplock-bag

Use Paper Wallets

A paper wallet is a physical document that holds the Bitcoin value. They are essentially a separate Bitcoin account, and the keys are not stored anywhere in a digital format. You print the paper wallet and the keys on your printer, then transfer Bitcoins into the wallet account. The advantage of a paper wallet is the funds are secure provided you use good security practices. The disadvantage is if you lose the paper wallet or it is destroyed and do not have the keys, you lose all the funds and there is no way to recover them.

Remember that malware can capture screenshots and log your keystrokes, and printer spools and smart printers can hold information. Bitcoin recommends only printing a paper wallet on a computer or printer that is not connected to the Internet. Make sure to clear the printer queue and printer memory after you print your paper wallet.

Since virtual currency is not backed by any government, users have few options for recovering their money if their wallet is compromised. So it’s important for any virtual currency user to protect their investment.

References:

The Hacker News – Pony Botnet steals $220,000 from multiple Digital Wallets

McAfee Labs – Variant of Pony Botnet Pickpockets Bitcoin Users

Kaspersky Lab Report – Financial cyber threats in 2013