• Sc chevron_right

    Stealing Bicycles by Swapping QR Codes / Schneier · Monday, 21 February, 2022 - 00:33

This is a clever hack against those bike-rental kiosks:

They’re stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app.

The app doesn’t work for the rider but does free up the nearby Citi Bike with the switched code, where a thief is waiting, jumps on the bicycle and rides off.

Presumably they’re using camera, printers, and stickers to swap the codes on the bikes. And presumably the victim is charged for not returning the stolen bicycle.

This story is from last year, but I hadn’t seen it before. There’s a video of one theft at the link.

  • chevron_right

    Man robbed of 16 bitcoin hunts down suspects, sues their parents / ArsTechnica · Friday, 27 August, 2021 - 18:27

Man robbed of 16 bitcoin hunts down suspects, sues their parents

Enlarge (credit: KeremYucel / iStock )

Andrew Schober was almost all-in on cryptocurrency. In 2018, 95 percent of his net wealth was invested in the digital tokens, which he hoped he could sell later to buy a home and support his family.

But then disaster struck. Schober had downloaded an app called “Electrum Atom” after clicking a link on Reddit, mistakenly thinking it was a bitcoin wallet. Instead, it was malware that allowed hackers to steal 16.4552 bitcoin when he tried moving some of his tokens. At the time, they were worth nearly $200,000. Today, they would be worth over $750,000.

Distressed, Schober didn’t eat or sleep for days. He vowed to track down the culprits. After years of private investigations costing more than $10,000, Schober thinks he has found the thieves, and he’s suing their parents to get his bitcoin back. Krebs on Security first reported on the lawsuit.

Read 11 remaining paragraphs | Comments

  • Sc chevron_right

    Dutch Insider Attack on COVID-19 Data / Schneier · Wednesday, 27 January, 2021 - 14:59

Insider data theft :

Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground.


According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases.

They were working from home:

“Because people are working from home, they can easily take photos of their screens. This is one of the issues when your administrative staff is working from home,” Victor Gevers, Chair of the Dutch Institute for Vulnerability Disclosure, told ZDNet in an interview today.

All of this remote call-center work brings with it additional risks.

  • chevron_right

    $340,000 of Nvidia RTX 3090 graphics cards were stolen in China / ArsTechnica · Monday, 7 December, 2020 - 22:25 · 1 minute

A photo of a box truck has been photoshopped to include The Grinch stealing a computer component from it.

Enlarge / The GPU Grinch doesn't care about your lists or whether you've been naughty or nice. (credit: Aurich Lawson / Dr. Seuss / GettyImages )

Some time last week, thieves stole a large number of Nvidia-based RTX 3090 graphics cards from MSI's factory in mainland China. The news comes from twitter user @GoFlying8, who posted what appears to be an official MSI internal document around the theft this morning, along with commentary from a Chinese language website.

Roughly translated—in other words, OCR scanned, run through Google Translate, and with the nastiest edges sawn off by yours truly—the MSI document reads something like this:

Ensmai Electronics (Deep) Co., Ltd.
Memo No. 1-20-12-4-000074
Subject: Regarding the report theft of the graphics card, it is appropriate to reward


  1. Recently, high unit price display cards produced by the company have been stolen by criminals. The case has now been reported to the police. At the same time, I also hope that all employees of the company will actively and truthfully report this case.
  2. Anyone providing information which solves this case will receive a reward of 100,000 yuan. The company promises to keep the identity of the whistleblower strictly confidential.
  3. If any person is involved in the case, from the date of the public announcement, report to the company's audit department or the head of the conflicting department. If the report is truthful and and assists in the recovery of the missing items, the company will report to the police, but request leniency. The law should be dealt with seriously.
  4. With this announcement, I urge my colleagues to be professional and ethical, and to be disciplined, learn from cases, and be warned.
  5. Reporting Tel: [elided]

Reporting mailbox of the Audit Office: [elided]
December 4, 2020

There has been some confusion surrounding the theft in English speaking tech media; the MSI document itself dates to last Friday, and does not detail how many cards were stolen or what the total value was. The surrounding commentary—from what seems to be a Chinese news app—claims that the theft was about 40 containers of RTX 3090 cards, at a total value of about 2.2 million renminbi ($336K in US dollars).

Read 1 remaining paragraphs | Comments