My name is Olayinka Odeniran CCO by day, Cybersecurity advocate at all time, and blockchain enthusiast. The opinions in this article are my own. Feel free to connect with me on LinkedIn and share this article. Member of Women in Blockchain International group.
Part 2: In Your Neighborhood… Digital Pickpockets
I had been traveling and juggling multiple things at once, including jet-lag, when I finally decided to give some time to understand the situation with Ian Balina. I’ve seen several articles about his recent security breach and have caught up on his telegram and twitter mention describing the incident. As I’m reading all the information I’m recognizing a familiar situation that can happen to many of us at any given time. Pay attention and listen close because you are not far off from being the next victim.
Here is Ian’s deleted recount of the incident…pay close attention:
This is how I think I got hacked. My college email was listed as a recovery email to my Gmail. I remember getting an email about it being compromised, and tried to follow up with my college security to get it resolved, but wasn’t able to get it handled in [sic] fast manner and gave up on it thinking it was just an old email.
I keep text versions of my private keys stored in my Evernote, as encrypted text files with passwords. I think they hacked my email using my college email and then hacked my Evernote.
So, did you catch it? I have written about this very issue before in the last article Cybersecurity for Dummies Series I Blockchain
I’m sure many wrote me off or probably assume they got everything covered. Well, even the most influential crypto-investor has blind spots. Blind spots that if he had heed my warning would have secured his millions in crypto investments.
It is not too late, so here are some tips that I must stress to you:
Starting today check all your accounts and make sure that your emails are not linked to each other.
Ian’s mistake was he linked his Gmail to documents that he actively shared with the general public. This Gmail account was also linked to another email. Among the individuals who actively viewed his ICO rating list are people with sophistication and know withal to pull a digital pickpocket move so fast you wouldn’t know what hit you.
These digital pick-pocketers are not like the scary boogeyman that you assume they are. They can be those who are close to you, or even one of your followers. They can also be that friendly Mister Roger type who wants to meet all the beautiful people in your neighborhood…
In your neighborhood of crypto enthusiasts are all sorts of people who are seeking and waiting for the perfect opportunity. The individual who stole Ian’s crypto assets didn’t just get lucky. It took precision and time. I’m sure s/he tried several times and/or strategically narrowed down their options to that one successful opportunity. Unbeknownst to Ian he had provided enough information for the right person to decipher how to access his emails and his crypto wallets.
Change your password often and don’t link accounts!
There is a reason why at work they instruct you to change your password often. This is something that you should also do at home.
Unlike at work you can use any email account to create your crypto related activities. As I said, never link emails. Just like with your investments, it is also a good step to diversify your email accounts and keep them separate.
Convenience has made us lazy. Sure, it’s easy to sync our emails to others and use a default email as the recovery point. It’s convenient and with the hustle and bustle of life it makes sense. But you must remember what makes life easy for you also makes it easy for the digital pick-pocketers.
Do not use the same login information to access other accounts. I’m sure you have encountered websites that permit you to log into another account simply by using your Facebook, Gmail, or LinkedIn accounts…. Always OPT out.
Think about it, in the age of data mining you are giving the likes of Facebook and others, access to other accounts that you may own. Not only that but you are also providing easy access for would-be digital pick-pocketers to scavenge more than one account.
There are so much more that you can do to keep yourself safe while online. If you want to learn more and you are in DC join us on April 28th where we talk about Securing your Crypto. Otherwise, feel free to contact me.