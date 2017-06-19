Is Coinbase Closing Accounts For Paying Ransoms With Bitcoins? (coindesk.com) 82
Even as some comparnies are stockpiling bitcoins so they can quickly pay ransom demands, security firms that try paying those ransoms may face losing their accounts on Coinbase. Slashdot reader Mosquito Bites quotes a report from CoinDesk: Less than a year ago, Vinny Troia, CEO and principal security consultant of Night Lion Security and a certified white hat hacker, was sent a compliance form by US bitcoin exchange Coinbase, where he had an account. Coinbase wanted to know how Troia was using bitcoin and his account. "I told them I run a security firm. I pay for ransoms and buy documents on the dark web when clients request it," Troia told CoinDesk. The ransoms Troia helps his clients pay are those stemming from ransomware attacks, which have surged in number over the past few years. Many, like the well-publicized WannaCry attack, are asking for bitcoin.
And the documents? Troia said, "We do breach investigations a lot of times. If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents." According to Troia, Coinbase "did not like that at all." Coinbase then asked the IT expert whether he had a letter from the Department of Justice giving him permission to do those things. No, Troia said. Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this," he said. Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account... "My entire family is blocked from Coinbase," he said.
And the documents? Troia said, "We do breach investigations a lot of times. If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents." According to Troia, Coinbase "did not like that at all." Coinbase then asked the IT expert whether he had a letter from the Department of Justice giving him permission to do those things. No, Troia said. Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this," he said. Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account... "My entire family is blocked from Coinbase," he said.
Punt coinbase? (Score:3)
Vote with your feet. There are other exchanges.
Re: (Score:2)
Editor Dsvid who can't be assed to proofread his own articles.
Re: (Score:2)
Ia! Ia! Coinbase fhtagn!
Re: (Score:1)
Re: (Score:1)
Why do you even need an exchange for this kind of thing? Just use a wallet app, nobody can tell you what you can and cannot do with it.
(That doesn't mean I endorse paying ransoms, of course)
Good (Score:2, Interesting)
Good.
It's because asshole pricks like your clients buy bitcoins, pay the ransom, then go complaining to their bank or credit card provider that the payment was unauthorised or a result of blackmail, and try to do a chargeback against the innocent bitcoin merchant. Or gets them locked out of their accounts while being investigated for fraud.
So you can just fuck off and buy your bitcoins somewhere else.
Re: (Score:2)
Yes, good for Coinbase for taking a stand. Ransomeware exists because people pay ransoms, it's as simple as that. To take this further: is there any way an exchange could facilitate the tracing of Bitcoin payments?
Re: (Score:2)
When I read the summary, I thought to myself that "white hat" hackers are merely facilitating a security economy by buying hacks, documents, etc. They may not specifically commit criminal hacks and may actually be "defenders" of their clients, but in a lot of ways they kind of look like just middle men.
I'm pretty sure there's been plenty of cons run where "the bad guys" steal something and a person claiming to be a "good guy" approaches the victim and says "I'm a white hat, I have contacts and can get your
Re: (Score:1)
Not to mention the latest terrorist attack in London was perpetrated by a non-Muslim, targeting Muslims.
Re: (Score:2)
I think you misunderstood the rolling news feed. The attack last night was a muslim attack in that muslims outside a mosque were attacked not that muslims were the perpetrators.
Re: (Score:2)
I think you misunderstood the rolling news feed. The attack last night was a muslim attack in that muslims outside a mosque were attacked not that muslims were the perpetrators.
Sounds more like they misunderstood a trolling news feed. If the attack is against muslims, and not by muslims, That is not a muslim attack. That is an anti-muslim attack. This is what happens when people fundamentally fail to comprehend English.
Well Done, Coinbase! (Score:1)
Security companies should not be allowed to act as front companies for cybercriminals anymore than they should be allowed to assassinate people for pay. Let's hope there's a criminal investigation as well. Perhaps this one was even directly involved in the original crimes, not only encouraging them...
Re: (Score:2)
Security companies should not be allowed to act as front companies for cybercriminals anymore than they should be allowed to assassinate people for pay. Let's hope there's a criminal investigation as well. Perhaps this one was even directly involved in the original crimes, not only encouraging them...
You're not paying attention.
The security company wasn't accepting payment on behalf of ransomware actors. They were facilitating the payment TO ransomware actors on behalf of companies that aren't familiar with bitcoin and have no accounting methodology to make such a payment before the ransomware runs out. They were a front for the victims, not the criminals.
It's akin, in a rough way, to what K&R companies like Control Risk do when it comes to ransoms in the real world. There are right ways and wron
Re: (Score:2)
> The real motive by Coinbase is probably a fear that they'll be accused of helping facilitate criminal activity. Bitcoin exchanges are on the narrow edge of falling under regulation,
I suspect that, since many exchanges do facilitate quasi-legal and illegal activity, it's important in business terms for them to avoid any involvement in clearly illegal activity that has the kind of paper trail or provenance that a security firm such as Control Risk might provide. An exchange for an illegal activity, such
Re: (Score:1)
Unless you're going to mine, then you need some way to acquire bitcoin, generally this is by converting fiat currency at an exchange.
Since everything in bitcoin is public, the exchange could easily track what happens to the bitcoins after they leave their wallet.
Re: (Score:2)
He does, actually, and what he describes happens all the time.
Is it illegal? (Score:3)
I dont believe Coinbase should be denying access to legitimate funds, that arent terrorism related, unless they want to get regulated... this would be the first step to ruining their little monopoly.
Re: (Score:1)
What does legality have to do with anything?
Coinbase can choose who their customers are and who they give service to, just like any brick & mortar store, or any other internet service provider.
Re: (Score:2)
And everybody can choose to tell Coinbase to mind their own fucking business when it comes to what funds are being used for. They aren't a regulatory body.
Re: (Score:2)
But they can be held legally responsible if they knowingly help criminals use a "security" front company to collect blackmail money and kidnapping ransoms.
Like how Western Union and Moneygram are held responsible when a mark sends money via their network?
Re: (Score:2)
The word "knowingly" is significant. Try wiring a friend money and mark it with "ransom", and see what happens.
Re: (Score:2)
There was that $586 million settlement [ftc.gov] and the FTC adding prohibitions against telemarketers using those services [ftc.gov].
But they... that was Obama era stuff. I'm sure it'll be rolled back as quickly as possible in the name of helping "small businesses"
Re: (Score:2)
They aren't a regulatory body, but they also aren't a regulated body either - this is the equivalent of going to a chinese medicine doctor instead of a sexual health clinic when your john thomas is oozing green puss.
Re: (Score:2)
They aren't a regulatory body, but they also aren't a regulated body either - this is the equivalent of going to a chinese medicine doctor instead of a sexual health clinic when your john thomas is oozing green puss.
Yes, but the day is coming when that will change. And they know it. If you were in their shoes, what would you want those regulations to look like? They'll be crafted to deal with what happens before they are written.
Re:Is it illegal? (Score:4, Informative)
Could it possibly be that Coinbase are themselves concerned that they will get into trouble for aiding and abetting due to the very transactions this guy wants to do, as currently they are not regulated and therefor have no scope within any regulation to be allowed to permit transactions to known fraud accounts while holding no responsibility for that transaction.
A basic cover your ass situation. "Cyber extortion payments" may not strictly be illegal, but certainly an aiding and abetting criminal activity case can be made against any exchange which facilitates them...
Re: (Score:2)
As discussed here Cyber extortion - legality of ransom payments and the approach of businesses and insurers [taylorwessing.com] it shows under international law, cyber extortion payments arent illegal unless they are terrorism related.
I dont believe Coinbase should be denying access to legitimate funds, that arent terrorism related, unless they want to get regulated... this would be the first step to ruining their little monopoly.
They aren't worried about "international law" (which, incidentally, is barely a thing unless you are a war criminal or something else so egregious that most of the world is willing to support a method around prosecuting you.) They're worried about local laws, which are a lot more real. The absence of relevant criminal statutes under international law will not protect you against regulatory or criminal proceedings in nations where you operate.
They're worried about being blamed for money laundering, so they
Re: (Score:2)
I dont believe Coinbase should be denying access to legitimate funds, that arent terrorism related
Nothing in the summary or story says anything about denying access to his funds. You just sort of pulled that out of nowhere.
This is a story about a company that doesn't want to work with a guy who profits off of ransom payments (you didn't think he was doing this for free, did you?).
Well.. (Score:1)
Re: (Score:2)
Everyone who needs to know it knows what "Ia" means!
Re: (Score:2)
Yep.
Ia! Ia! Cthulhu fhtagn! Ph'nglui mglw'nfah Cthulhu R'lyeh wgah'nagl fhtagn!
Oh the irony (Score:2)
Re: (Score:2)
Abiding by the law (Score:4, Interesting)
Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account.
That seems reasonable. Coinbase is an american company. There are laws against financing or facilitating the financing of terrorist and/or criminal activities.
two problems here.... (Score:1)
a "security" expert that owns a "security" company should know better than to respond to "form", one not required by any federal law or regulation, asking questions from the exchange. don't hire them, folks. they don't know shit from rainbows.
and the "news site" linked to in tfs is partially owned by that same exchange.. so is hardly unbiased. "Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Coinbase." -- not even any actual copies of the "compliance form" or
Re: (Score:2)
What? You really is a special kind of clueless fuck. Yeah one doesn't need to reply to a "form" (which was a form -> nothing "" about it) from a company one use the service from - but then the company doesn't need to provide any service to you either.
...or just invest in better backup solutions (Score:2)
>> The ransoms Troia helps his clients pay are those stemming from ransomware attacks, which have surged in number over the past few years.
Well, duh. Maybe if they didn't make it a successful business model in the first place, it would go away.
I'm thinking what those companies actually need to spend their money on is better backup solutions.
Bizzare (Score:2)
Two things at odds (Score:1)
The irony of this is that the FBI itself has no good answer to ransomware and has even themselves recommended that people pay the ransoms: http://www.businessinsider.com... [businessinsider.com]
Yet the same government regulations make it nearly impossible for Coinbase to let people use their Bit
The Silk Road paved with bitcoins... (Score:2)
Casey Neistat did a review of "American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road" [amzn.to] by Nick Bilton. I haven't read it yet but looks like a good read.
https://youtu.be/7-nzTfv5IZY?t=88 [youtu.be]
la Coinbase closing accounts? (Score:2)
Okay, but why would it be just the Los Angeles branch closing these accounts?
Why? (Score:3)
If only... (Score:1)
If only there was a way to conduct financial transactions beyond the reach of 3rd-party interference!