31/03/2012. LibertyReserve Hit by Massive Security Breach and Daily News from the Industry
Hello everybody! As many of you are already aware, one burning question on the minds of every concerned HYIP investor these days is the safety of LibertyReserve. Or maybe that should be the lack of safety. Over the last couple of weeks you might have heard about the accounts of numerous clients in LibertyReserve getting hacked under suspicious circumstances best described in this thread on the TalkGold forum. You know that I don’t really like this forum all that much but the topic and the issues raised should really be cause for concern for anyone who uses LibertyReserve on a regular basis. The thing is there now seems to be more and more reports of hijacked accounts and stolen money now more than any other time in LR’s ten year history. More alarming is either the inability or the unwillingness of the people running LibertyReserve to deal with the problem. In fact to even acknowledge the problem even exists seems to be totally beyond them at the moment. So what really happened with LibertyReserve and is it still safe to use it? Let’s try to understand it better by listing the problems and their possible solutions in this article.
Starting with the roots of the problem, let’s go back a few weeks. This is when the first reports of hacking incidents started appearing on public forums. Hundreds and some occasions thousands of dollars was stolen from members’ accounts which LibertyReserve’s administration did nothing to help with as all transactions made within the system are irreversible even if they are made by an alleged hacker. Of course that doesn’t mean LibertyReserve can’t help you (because they could if they wanted), it means that they won’t.
I must add that I was a victim myself as my account was emptied twice within a week. Luckily I know from experience to empty all my accounts on a daily basis so there wasn’t much in there at the time, but that’s not the point. I have written confirmation from my e-mail provider (no, it’s not the address I use for MNO) that my e-mail was not compromised, no “forwarders” were ever installed, and I have a complete list of the locations and IP addresses from which my e-mail account was accessed, all of which belong exclusively to me. My computer is also swept for viruses every 24 hours so I’m perfectly satisfied that this security breach is not on my end. Therefore this has left me no choice but to temporarily stop accepting LibertyReserve. Like I said there wasn’t much money there but the fact that I wrote to the so-called Abuse department as instructed by LR’s Live support (who have no idea how the theft happened) and as of today still haven’t received any response from them is more than a little disappointing. Apparently all those people whose LR accounts were hacked were treated with the same lack of professional courtesy.
How the hacker empties your account is quite simple, though still unexplained. Without requesting it you receive a Reset PIN to the email address associated with your account in LR and (if you have it installed) an IP-security code that is supposed to be sent when your IP-address changes from where ever you last accessed your account. Supposedly this is to ensure tighter security which should make it theoretically impossible to hack into your LibertyReserve account. In theory the only way a hacker can now break into your LR account is if he has already taken control of your email account, thus intercepting the reset codes, but as I have written confirmation from my email provider that no such thing has happened then clearly the problem lies elsewhere. It’s obvious that this information is being stolen as it leaves LibertyReserve, and not when it enters your mailbox.
So what is this Reset PIN you might ask? Well, I believe it’s the single biggest vulnerability in the LR security system. The Reset PIN allows the supposed owner of the account to get into his account in case he forgets his password and both the PIN-codes he himself set up when registering in the first place. The question is very relevant as to why LibertyReserve still have such an archaic system in place which a hacker can use to take over your LR account by first hacking your email is more than questionable and hardly secure. Come to think of it neither the email owner nor the hacker should be allowed to automatically take control of any account without so much as lifting a finger to verify the real identity of the rightful owner. Why does he do it if he can simply reset the entire system and steal your data and money too? Anyway, this way how my money was stolen from my LR account a year ago when another email account was compromised and the hacker emptied it by simply putting the Reset code “he” received to “my” email address.
Apparently, since then LR has tightened their security (or at least it looked that way) and introduced a couple of security questions which only the owner of the account should know. So, together with the Reset code now you have this measure as well. But what happened this time that allowed the hacker to empty the accounts of so many people who confirmed the same issue as I had on the TG thread? The Reset code is being sent to the email address associated with the LR account but the hacker still gets it anyway without logging into your email account. Moreover, many victims confirmed that the email account used by them and associated with LR exclusively was not used anywhere else, so the hacker couldn’t possibly know that. But the most stunning thing is that the hacker apparently knew the answers to the security questions which only the rightful owner should know. In fact I almost forgot the answer to my security questions which I set up myself and it took me several unsuccessful attempts to restore the access to my LR account by utilizing the same Reset passwords option – the answer to which the hacker could give on its first attempt to access the LR account. So how can it be possible that the answer to the question was known to the hacker which even legitimate members sometimes can’t memorize? The correct answers are not stored anywhere on my computer, are not stored in any other online resource, and are not used in connection with anything other than LR.
These issues were raised by me and many others to the so called Abuse department of LibertyReserve who have totally ignored them and didn’t even acknowledge receipt. And that is after several attempts to contact them as advised by their Live support who incidentally are equally clueless and of precisely zero help whatsoever (or pretending not to know about the hacking attempts). The last attempt to contact LR’s Live support (after waiting for a full week to get a reply from their Abuse department) ended in them denying the problem even exists and blaming me for taking my own personal issues into their busy LR customer support.
When I asked them “what are you doing to fix the problem”, you wanna know what they said to me? They said (and this is a quote), “we don’t have any problem. You’re the one with the problem. What are you gonna do to fix it?”. Can you seriously believe a Customer Support operator actually said that to a client? An operator getting paid from the commissions and charges taken from your money by the way. Anyone reading this with any experience in the real world of customer services, be it in a bank, a factory, an office, or whatever will confirm that if an employee representing your company took that attitude with a customer he’d be unemployed so fast he wouldn’t know what happened. But not with LibertyReserve. No, here we’re just dealing with a shady and irresponsible payment processor that tried to monopolize the whole industry so obviously do not care and do not bother to answer their clients. I can only hope that anyone using e-currencies will take the only sensible option and look for a safe alternative to LR (and there are several) until the hacking issue is fixed. If you don’t allow them to handle your money you will ultimately force their administration into doing something about it instead of just shrugging their shoulders.
Among the possible solutions to the problem that is resulting in the theft of hundreds and thousands from LR users I would suggest the following:
1) Having the option to remove the Reset PIN from within the LR account which would prevent the hacker exploiting this vulnerable feature (until a most appropriate solution is found).
2) Implement a more sophisticated verification process that will allow only the legitimate account owners access since the email resetting option cannot be considered secure anymore. For instance, LR could copy the method used by Gmail as well as a number of banks and implement a telephone SMS-verification system. You get a code sent to your mobile phone number which has to be entered before you’re allowed to do anything with your account. I know that members with thousands in their accounts, such as those using it to manage their businesses like exchangers and the like would be grateful for this new feature and would not hesitate to pay $0.10 per message for example. This can already be seen in the phone verification option in the Security settings in your area but isn’t working yet. Typically of course the Live support are blissfully ignorant and utterly indifferent as to when/if this SMS feature will ever be enabled so I can’t say if they’re actually doing anything with this at all.
Many theories are floating around as to how the hacker manages to obtain the Reset codes sent by LibertyReserve without actually logging into your email account and (which is more important) how he manages to know the answer to security questions set by you and known only to you. Like everyone else I can only speculate as LR themselves have nothing to contribute. One scenario is a LibertyReserve employee with access to their mail server and/or the database. He either empties the accounts himself or diverts suspicion by sharing the information with a partner and then splits the money. A second option might be that due to LR’s total denial of the issue is that they knowingly do it themselves and then just let you go about blaming a hacker or blaming whatever you like. Though it is hard to believe that’s the case I also simply cannot believe LR’s administration is ignoring all their member’s concerns and won’t do anything about it. Unless of course they’re totally comfortable with how this situation is developing because otherwise, I simply have no idea why LibertyReserve is doing nothing regarding the whole mess.
But I think I might see one reason to this self imposed ignorance, guys. Since LR has practically monopolized the HYIP market over the last couple of years and is still considered by many as a safe payment processor (I can assure you their faith in LR will be tested one day when they see their account is hacked and the money gone!) they will do nothing in order to restore the investors’ confidence in their ability to deliver and work on the security issues they are clearly having now. They need a push in order to do so because as the old expression goes “success breeds complacency” and these guys have had it their own way for far too long now. They think they’re bigger than the HYIP industry and that the industry can’t function without them. Well, it can. Unfortunately it will take the realization that their clientele is abandoning them due to their second rate treatment of them and a shockingly amateur attitude towards security. Then they will be forced to do something and I hope that this will happen sooner rather than later, until the damage to their reputation will be beyond repair.
I’m not out to destroy LR as a payment processor by the way, in fact they’ve been really good for many investors and the industry as a whole for the last few years. I only want to raise awareness that investors are advised to look for an alternative payment processor in the hope of forcing LibertyReserve to fix the security issues and prevent hacking incidents from happening again in the future. I’m not going to call it a Boycott because that’s not what it is, but the fact is this is you’re money we’re talking about here, nobody else’s, and you have an obligation to keep it as safe as possible. Right now passing it through LibertyReserve is as high a risk activity as giving it to a HYIP admin. And if you think the problem doesn’t exist because you personally have not been a victim, then you badly need to wake up and get your head out of the sand! Because believe me, you’re in for a rude awakening. Congratulations on not being a victim but if security has been compromised then it’s purely a matter of time until it’s your turn. The fact is that you may not be dealing with enormous amounts of cash and therefore have not come under the hacker’s radar just yet and he’s just after the bigger fish. But if you receive just one big payout (like let’s say the return of your investment principal in a long term HYIP) chances are he will know it’s in your account before you do, and then you have something worth stealing.
If something is not going to be done about it the incidents will increase, more and more accounts will be hacked on a daily basis, and more people will keep losing their money (including HYIP admins) and leave the industry for good. So I hope I will persuade you that this is more of a campaign against their awful attitude and for the good of the members and the future of the HYIP industry. In order to join this campaign you should avoid storing money in your LibertyReserve account at any time and when you have something to withdraw send it to your bank account using one of the many exchangers shown on the LibertyReserve website. But under no circumstances leave the money in your LR account, at least until the security breach is properly admitted to and dealt with by the LR administration and the necessary security precautions taken to prevent it from happening again. I will report on my blog if that ever happens, but until then please be really careful about keeping much money in your LibertyReserve account and don’t take that utterly stupid attitude that if it didn’t happen to me then it doesn’t happen at all. Recent events clearly indicate that nobody is safe from sophisticated hackers who can steal your money anytime they like and take the total indifference of LibertyReserve’s administration as silent approval of their actions.
What if you still want to play in HYIPs even despite all this? You probably think LibertyReserve being so synonymous with the HYIP industry that you probably can’t avoid them, but you can. I mean in my case as a monitor it’s difficult but even I can do a lot to reduce the amount of cash I have flowing through them. In all hoesty they’ve forced my hand here and left me with very little choice anyway. But in the case of the average investor I would suggest switching to PerfectMoney. It’s a far superior e-currency when it comes to security issues. And as for payment fees PM charges only 0.5% compared to 1% charged by LR. PerfectMoney also offer you three types of the protection against hackers: Identity Check (a one-time code similar to what LibertyReserve offers will be sent to your email account if you access the account from a different IP-address), Code Card which prompts you to put in a code when sending or withdrawing funds, and SMS Login which is a fee based service that will allow you to enter your account more securely than you could ever have imagined in LibertyReserve. I believe these security features (especially if you enable all of them) will protect your PerfectMoney account from the hacking attempts plaguing LibertyReserve users now. As for the spread of PerfectMoney around the industry you can be sure that almost all HYIPs that accept LibertyReserve will gladly accept your PerfectMoney as well, so you won’t have any problems in finding sites you want to join with PM. The fees charged by PM are also quite competitive as well as the many different exchangers that will gladly take your LR and change it to PM with minimum fees. Believe me, paying those fees is the lesser of two evils when you consider the losses you might incur if your LR account is hacked and is definitely worth every penny. As for exchanging PerfectMoney to Bank wires and other options there are a lot of authorized exchangers that offer a highly professional and reliable service. You can find a list of them here. That’s why I believe that temporarily switching your HYIP investments from LibertyReserve to PerfectMoney will be a better insurance policy you might want to follow from now on to protect your money from being stolen by an unknown hacker which apparently LibertyReserve can’t (or simply don’t want to) do anything about. For the last three weeks absolutely no official response from LR was published regarding those hacking incidents, and for a company handling other people’s money that is simply unacceptable. Actually, it’s downright disgraceful. In addition to that, I myself have never heard of anyone losing their money in a PerfectMoney account due to some unexplained hacking incidents.
I’m pretty sure that following my advice will prevent you from losing money in the unpleasant situations similar to those described by the dozens of victims in this thread on the TalkGold forum. Please be sure that I will be keeping an eye the thread and will notify you on my blog if something changes for the better. Please don’t hesitate to share your thoughts in the comments section to this article, even if your views are different from mine. If your LR account was hacked please share your experience in comments as well, so to make others aware that the problem is real and to treat it seriously. I’m sure that only our combined efforts will force LibertyReserve take the appropriate actions and make this payment processor a secure place to send and receive money again. Sorry to be crass about it but you have to hit these guy’s in the pocket and not give them your money until they guarantee its safety – it’s the only language they understand!
DAILY NEWS FROM THE INDUSTRY
INVESTIX – REFERRAL CONTEST LAUNCHED
The first round of payments in Investix is going to be over in a week so the first investors should see their first profits in just a couple of days from now. But the activity of the admin Hamzah is simply over the top. Despite a very slow period in the HYIP he announced a referral contest today with prizes of $350 split between three winners and credited to their accounts 48 hours from now. I must admit these are some generous prizes which hopefully will not negatively affect the flawless performance of Investix (reviewed here) so far that keeps paying on 5%-7% for 25 days plan instantly both to LibertyReserve and PerfectMoney. Please note that this new referral contest is going to be a regular event from now on, though the prizes might vary. Winners will be not the ones with the biggest downlines but the ones whose referrals spend most money. Rightly so, and quite fair I think. So, please take your time to promote Investix further and let’s look forward to more upgrades including the addition of the program’s own forum which is expected to be ready by next week. Read MNO for more details as I’m always the first to bring you the most important news from this perfectly designed and managed program so far. Hopefully, in the next few days we’ll see more members sharing news of their profits from their Investix‘ accounts. Meanwhile, read the latest newsletter from the program below:
“Referral Contest
I have some exciting news to announce tonight. Our first referral contest is now beginning and the top 10 members will be positioned based on the amounts deposited by their downline. We thought it will only be fair to include the values since the launch of program for the first round of this contest. So the first winners will be announced on Monday, 2nd of April 2012.
First winner will get $200 USD while second and third will receive $100 and $50 USD to their LibertyReserve accounts. That’s right, First winners will be announced in approx. 48 hours from now so there is still some time to buzz your downline and win one of these exciting rewards!
https://www.investix.net/contest.php
Please note that these prizes may changed every week and so the figures will also be reset. And in the upcoming rounds of this contest, we will be announcing winners every weekend.
In the meanwhile, We are working on new upgrades for Investix where we are focusing on adding more community related facilities and a public forum as well. So these new additions will be announced during this week as soon as we find an appropriate date to schedule these tasks.
Regards, Hamzah M.
Investix Management.”
VERTICALPROFITS – DDOS IS OVER AND PAYOUTS ARE BACK TO INSTANT
I was pleasantly surprised with the attitude and the courage shown by the admin of VerticalProfits (his program was reviewed on MNO here). Not only does it look as if his program has fully recovered from the very strong DDoS attacks VerticalProfits was subjected to during the first days online, but the instant withdrawals to both LibertyReserve and PerfectMoney accounts have now been reinstated. In the latest newsletter issued by VerticalProfits the admin didn’t forget to mention that despite this in some cases it may still take up to 24 hours. Note also that as VerticalProfits credits your account on business days only for every plan – be it 22%-22.5% for 5 business days or 127% after 10 business days – you should only expect the next payment to be credited on Monday. In the latest newsletter issued by VerticalProfits the link to the recent review on MNO was also given for your attention:
“Latest News and Updates
Greetings from VerticalProfits!
We congratulate all our 200+ clients, who showed faith in us by joining us. Inspite of a slow start,we are four days online now, but it has been a tough journey so far with huge DDOS attacks (more than 15GPS) welcoming us and several hacking attempts on our LR and PM accounts. It resulted in Downtime for more than 6-8 hrs and yes, Pending Withdrawls. All the pendings are cleared till now, some of which were processed manually without e-mail alert due to an error in the system.
We apologize to all, for the inconvenience caused and assure them best of our services in future.
Lastly, we pointed out that some of the clients are pretty worried about our instant withdrawls, let me clear out that our withdrawls are Instant and many are paid instant, but we do need to reload our e-currency accounts several times to prevent hacking so sometimes it may get saved. Please check withdrawl section note for that. We were also reviewed by our monitor partner MNO(money-news-online), you can read the review through the link http://money-news-online.com/blog/2012/03/30/29032012-verticalprofits-review-and-daily-news-from-the-industry/
Thanks & Regards
Rhody.T”.
VERIFONDS AND SOME OTHER PROGRAMS STOPPED PAYING!
Please note that unfortunately Verifonds proved to be a fast scam which only lasted for nine days and brought only losses to investors as even with the best paying plan the program didn’t manage to last for one full cycle or to the point where the majority of investors would break even. At the time of writing the Verifonds website is offline and so it cannot accept the deposits anymore, though I wouldn’t be surprised if it magically re-appears in a couple of days and perhaps the admin could even send out a newsletter encouraging further deposits. In this case please do not believe a word from him as he stopped responding to all the emails and the site has definitely stopped paying. For this Verifonds have been moved to Scam status on MNO already.
Please note that two more programs from my Basic list – RoyalMiracles and CreditProgramBank – have been moved to scam status over the last few days as well. They also stopped paying and there is not much hope that they will get back to normal. Although it may happen, if we judge by the example of PanamaHedgeFund (reviewed here) which suddenly stopped paying for three days forcing me to move it to Problem status on MNO. Then suddenly the payments became instant again, however, the admin never explained the reason for the delays. But the main thing – PanamaHedgeFund is back to Paying status on MNO and I hope it will stay there.
GET PAID REPORT FOR 31/03/2012
Here is the list of the programs from my monitor that paid me for the last 48 hours:
From MNO Sticky list: HoldingsTrade.
From MNO Premium list: TopsFund, NewGNi, Royalty7, OneInv, EurexTrade, GeniusVenture, BensonUnion, ProfitableSunrise, SolidForexLtd, VascoForex, FelminaAlliance, GlobalResources, PlexCapital, SilverStructure, Investix, ENR-G, DividendService, MyDiamondShare, FreedomTradingLtd, MoneyEra, CFDonline.
From MNO Standard list: PanamaHedgeFund, VerticalProfits.
From MNO Basic list: UFOWin, WalesFinance, AmbrianInvestment.
That’s all the news for tonight, guys. I hope to see you back on MNO soon. Enjoy the rest of the weekend and keep in touch with the latest events from the HYIP industry and stay ahead of the crowd with Money-News-Online!
Filed under Daily News, Uncategorized by on Mar 31st, 2012. Comment.