Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: 135 BTC Stolen from my Deepbit account!!!!!!!! - page 5. (Read 29040 times)

MemoryDealers
vip
Activity: 1052
Merit: 1155
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 03:24:49 PM
#51
Quote from: mewantsbitcoins on May 14, 2011, 03:21:22 PM
Quote from: MemoryDealers on May 14, 2011, 03:19:35 PM
Quote from: ribuck on May 14, 2011, 03:13:39 PM
I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

Are your mining computers on a wireless network?

No,  they are hardwired.
mewantsbitcoins
full member
Activity: 126
Merit: 100
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 03:21:22 PM
#50
Quote from: MemoryDealers on May 14, 2011, 03:19:35 PM
Quote from: ribuck on May 14, 2011, 03:13:39 PM
I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

Are your mining computers on a wireless network?

Edit: depending of what kind of logging deepbit uses, they maybe able to provide user agents, which in turn may help to narrow your search down
AntiVigilante
member
Activity: 98
Merit: 10
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 03:21:12 PM
#49
Quote from: BitcoinBonus on May 14, 2011, 12:35:20 PM
I hope that people can build extensions of block explorers to watch where these funds get sent and when they get sent to a known entity we can slowly backtrack and narrow down who the scoundrel was who did this.  Bitcoin isn't anonymous as people think---Its got Lojack built in.  Using some good old fashioned Link Analysis, thefts on a grand scale can be monitored.   I'd like to see something built into the Bitcoin user interface that would check a database of reported stolen bitcoins and send an alert when some were received from an address in the database.  We can all be Big Brother collectively.

The Anonymous of Bitcoin. I love it.
MemoryDealers
vip
Activity: 1052
Merit: 1155
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 03:19:35 PM
#48
Quote from: ribuck on May 14, 2011, 03:13:39 PM
I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.
ribuck
donator
Activity: 826
Merit: 1041
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 03:13:39 PM
#47
I still think the most likely is that a browser window was left unattended while logged in.
Raoul Duke
legendary
Activity: 1358
Merit: 1002
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 02:08:34 PM
#46
Quote from: MemoryDealers on May 14, 2011, 11:25:15 AM
I have since changed the password,  and I am currently the only person on the planet who knows it.

Does deepbit have any sort of a log of what IP addresses log into each account?
I think that might be my only chance of having any info at all as to who took my bitcoins.
If the IP address is one in the same town as my business,  I will know the theft was related to one of the employees who knew the password.

If the IP address is in some far off country,  then I know it was just some random hacker.

Any other thoughts on how I can find additional information?

Or someone using a proxy or tor...  Undecided
VTCarter
member
Activity: 61
Merit: 10
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 01:58:31 PM
#45
Quote from: MemoryDealers on May 14, 2011, 01:07:29 PM
Quote from: Hawkix on May 14, 2011, 12:51:59 PM
A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.


I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.


this is why I like poclbm-gui it also hides the worker password, but thanks for the heads up I wasn't aware of this HTTP header transparency myself
proudhon
legendary
Activity: 2198
Merit: 1311
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 01:22:58 PM
#44
Quote from: vuce on May 14, 2011, 01:17:28 PM
Quote from: proudhon on May 14, 2011, 12:46:34 PM
Quote from: ColdHardMetal on May 14, 2011, 12:30:19 PM
Quote from: proudhon on May 14, 2011, 12:28:01 PM
Quote from: trentzb on May 14, 2011, 12:22:59 PM
Quote from: proudhon on May 14, 2011, 12:09:54 PM
My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.
vuce
sr. member
Activity: 476
Merit: 250
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 01:17:28 PM
#43
Quote from: proudhon on May 14, 2011, 12:46:34 PM
Quote from: ColdHardMetal on May 14, 2011, 12:30:19 PM
Quote from: proudhon on May 14, 2011, 12:28:01 PM
Quote from: trentzb on May 14, 2011, 12:22:59 PM
Quote from: proudhon on May 14, 2011, 12:09:54 PM
My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).
proudhon
legendary
Activity: 2198
Merit: 1311
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 01:12:28 PM
#42
Quote from: mewantsbitcoins on May 14, 2011, 01:01:32 PM
Quote from: proudhon on May 14, 2011, 01:00:34 PM
Quote from: mewantsbitcoins on May 14, 2011, 12:58:08 PM
We are not talking about you, but about security practices and how dumb some people are revealing their personal data on public forums without even realizing it

But you are talking about me since I'm the dummy who revealed the personal data that my deepbit password is over 20 characters long.  Now, in a matter of months, if not sooner, any sufficiently crafty scriptkiddie could have access to my deepbit account.

You must be a genius

I must.
MemoryDealers
vip
Activity: 1052
Merit: 1155
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 01:07:29 PM
#41
Quote from: Hawkix on May 14, 2011, 12:51:59 PM
A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.


I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.
mewantsbitcoins
full member
Activity: 126
Merit: 100
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 01:01:32 PM
#40
Quote from: proudhon on May 14, 2011, 01:00:34 PM
Quote from: mewantsbitcoins on May 14, 2011, 12:58:08 PM
We are not talking about you, but about security practices and how dumb some people are revealing their personal data on public forums without even realizing it

But you are talking about me since I'm the dummy who revealed the personal data that my deepbit password is over 20 characters long.  Now, in a matter of months, if not sooner, any sufficiently crafty scriptkiddie could have access to my deepbit account.

You must be a genius
proudhon
legendary
Activity: 2198
Merit: 1311
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 01:00:34 PM
#39
Quote from: mewantsbitcoins on May 14, 2011, 12:58:08 PM
We are not talking about you, but about security practices and how dumb some people are revealing their personal data on public forums without even realizing it

But you are talking about me since I'm the dummy who revealed the personal data that my deepbit password is over 20 characters long.  Now, in a matter of months, if not sooner, any sufficiently crafty scriptkiddie could have access to my deepbit account.
mewantsbitcoins
full member
Activity: 126
Merit: 100
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 12:58:08 PM
#38
We are not talking about you, but about security practices and how dumb some people are revealing their personal data on public forums without even realizing it
proudhon
legendary
Activity: 2198
Merit: 1311
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 12:56:46 PM
#37
Quote from: mewantsbitcoins on May 14, 2011, 12:53:53 PM
Quote from: proudhon on May 14, 2011, 12:46:34 PM
Quote from: ColdHardMetal on May 14, 2011, 12:30:19 PM
Quote from: proudhon on May 14, 2011, 12:28:01 PM
Quote from: trentzb on May 14, 2011, 12:22:59 PM
Quote from: proudhon on May 14, 2011, 12:09:54 PM
My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

Yes it will. With some clever social engineering, dumpster diving and few good gpus in skilled hands your password would probably be broken in couple of months if not sooner

Well, I guess I've just made myself a target and I'm as good as screwed.
mewantsbitcoins
full member
Activity: 126
Merit: 100
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 12:53:53 PM
#36
Quote from: proudhon on May 14, 2011, 12:46:34 PM
Quote from: ColdHardMetal on May 14, 2011, 12:30:19 PM
Quote from: proudhon on May 14, 2011, 12:28:01 PM
Quote from: trentzb on May 14, 2011, 12:22:59 PM
Quote from: proudhon on May 14, 2011, 12:09:54 PM
My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

Yes it will. With some clever social engineering, dumpster diving and few good gpus in skilled hands your password would probably be broken in couple of months if not sooner
Hawkix
hero member
Activity: 531
Merit: 505
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 12:51:59 PM
#35
A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.
proudhon
legendary
Activity: 2198
Merit: 1311
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 12:46:34 PM
#34
Quote from: ColdHardMetal on May 14, 2011, 12:30:19 PM
Quote from: proudhon on May 14, 2011, 12:28:01 PM
Quote from: trentzb on May 14, 2011, 12:22:59 PM
Quote from: proudhon on May 14, 2011, 12:09:54 PM
My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.
casascius
vip
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 12:42:25 PM
#33
Quote from: BitcoinBonus on May 14, 2011, 12:35:20 PM
I hope that people can build extensions of block explorers to watch where these funds get sent and when they get sent to a known entity we can slowly backtrack and narrow down who the scoundrel was who did this.  Bitcoin isn't anonymous as people think---Its got Lojack built in.  Using some good old fashioned Link Analysis, thefts on a grand scale can be monitored.   I'd like to see something built into the Bitcoin user interface that would check a database of reported stolen bitcoins and send an alert when some were received from an address in the database.  We can all be Big Brother collectively.

I think that would make merchants hesitant to accept Bitcoins.  If I were a merchant and had to worry that people's payments had their own paparazzi behind them, that might just make it not worth my while.

The best thing we can do as a community is perhaps buy some memory from him if we need it (or fiber transceivers as he seems to be selling), and be super vigilant down the road, as this stuff is only bound to increase.  More people should be practicing using offline wallets, as keeping significant sums on third party websites or even on networked computers is just begging for eventual problems.
BitcoinBonus
newbie
Activity: 46
Merit: 0
Re: 135 BTC Stolen from my Deepbit account!!!!!!!!
May 14, 2011, 12:35:20 PM
#32
I hope that people can build extensions of block explorers to watch where these funds get sent and when they get sent to a known entity we can slowly backtrack and narrow down who the scoundrel was who did this.  Bitcoin isn't anonymous as people think---Its got Lojack built in.  Using some good old fashioned Link Analysis, thefts on a grand scale can be monitored.   I'd like to see something built into the Bitcoin user interface that would check a database of reported stolen bitcoins and send an alert when some were received from an address in the database.  We can all be Big Brother collectively.
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: