14 DAY TRIAL // On Sunday, users of the popular Bitcoin discussion forum Bitcoin Talk (bitcointalk.org) noticed that the website was being served via CloudFlare. It turns out that the change is the work of cybercriminals.
According to Bitcoin Talk administrator Theymos, this appears to be a man-in-the-middle attack that leveraged a vulnerability in the systems of AnonymousSpeech.com, an anonymous domain registration service.
“8-14 hours ago, an attacker used a flaw in the forum's AnonymousSpeech registrar to change the forum's DNS to point to 108.162.197.161 (exact details unknown). Sirius noticed this 8 hours ago and immediately transferred bitcointalk.org to a different registrar,” Theymos stated a few hours ago.
However, he warns that it might take around 24 hours until the changes propagate.
It’s believed the attacker could have intercepted encrypted communications, including passwords, authentication cookies and private messages. However, only information submitted while the DNS was changed could have been compromised.
All security codes have been invalidated, but while this is sorted out, users are advised to add “109.201.133.195 bitcointalk.org” to their hosts file to make sure they’re communicating with the right server.
Interestingly, the man-in-the-middle attack coincided with a massive distributed denial-of-service (DDOS) attack launched against the website.
“These two events are probably related, though I'm not yet sure why an attacker would do both of these things at once,” Theymos said.
The incident is still being investigated. A discussion on this topic can be followed on Bitcoin Talk.
It’s worth noting that several Bitcoin-related services have been targeted by hackers over the past period, especially since the value of the digital currency skyrocketed. The list of targets includes Bitcash.cz, Inputs.io and BIPS.
Also, this isn’t the first time Bitcoin Talk suffers a data breach. A couple of months ago, the website was taken offline after hackers breached the forum.