Brought to you by Data Center Knowledge
A Bitcoin exchange is blaming its colocation provider for a security breach that left to the theft of about $100,000 in virtual currency.
Ottawa-based Canadian Bitcoins says that staff at the Rogers Data Center failed to check the identity of a scammer using a tech support web chat, allowing him access to the company’s servers. “It is important to note that this breach occurred without any authentication being performed by the Rogers Data Centre staff whatsoever,” the exchange said in a statement.
The Oct. 1, 2013 incident was outlined in a story by The Ottawa Citizen, which said an online chat user claimed to be James Grant, the owner of Canadian Bitcoins. Here’s an excerpt:
“According to a text copy of the chat session obtained by the Citizen, at no point during the nearly two-hour-long conversation was the caller asked to verify his identity. After being asked, the technical support worker gained access to Grant’s locked server pen, plugged in a laptop and then manually gave the fraudster access to Canadian Bitcoins servers, where he cleaned out a wallet containing 149.94 bitcoins, valued at around $100,000.”
Rogers told the paper that it has offered a credit to Canadian Bitcoins, which has instead removed its equipment from the Rogers data center.
“Canadian Bitcoins has requested a full accounting from Rogers regarding the security breach at their Ottawa Data Centre and also filed a police report,” the company said.
“The situation surrounding this customer is unique to this customer, and does not apply to any other customer of Rogers Data Centres. Rogers has been fully co-operative with authorities in the investigation,” Rogers told the newspaper.
An email to Rogers customers, which was posted on Reddit, said the incident occurred while the facility was operated by Granite Networks, which in the process of being acquired by Rogers. “ It should be noted that this incident took place during the acquisition period before Rogers Data Centres had full business operational control of the facility,” the email read. “Once Rogers Data Centre had taken full operational control of this Granite location, its full suite of security protocols was implemented.”
Original article appeared here: http://www.datacenterknowledge.com/archives/2014/03/20/bitcoin-exchange-blames-data-center-provider-100000-theft/