Pages:
Author

Topic: A public apology to Donald, Patrick and Amir ("Intersango guys") - page 2. (Read 8373 times)

hero member
Activity: 868
Merit: 1008
Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first.  If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess.  At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.
sr. member
Activity: 455
Merit: 250
You Don't Bitcoin 'till You Mint Coin
If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.

Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.

From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!

legendary
Activity: 4690
Merit: 1276

That is really bizarre.  Behavior like this speaks allot about the nature of the one behind it's premeditation.  Juvenile for one, and why those three words?  Designed to instill fear in the minds of those that find the message.  Allot went into them being embedded in the transaction.  More than likely a troll shunned by the community here.  If this heist had been done by some group within TPTB in-order to derail BitCoin progress, I doubt they would go to all this trouble, no this is the mind of a Jack The Ripper type personality, and my guess a solo individual.  


It's heartening to know that we've got Dayle Hinman on the case!

rjk
sr. member
Activity: 448
Merit: 250
1ngldh
It seems you are the one not to understand how things work. Not even going to argue this with you. It's really not worth it lol
Oh? You have your own Rackspace account, and you can log in and tell me how it works?
I do, but I am not going to waste any more of my time explaining things to a brick wall.
legendary
Activity: 1358
Merit: 1002
Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

blah blah blah... Stop kissing Zhou tongs ass, dude.
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?
Jesus Christ, I am not responsible for how badly Rackspace fails at server administration, I'm just telling you how the fucking setup WORKS. If you can't comprehend how it works, you have no right to be placing blame.

Now obviously, using cloud services in this manner was not a good idea, and there should have been some actual dedicated hardware in use, in a locked cage, "blah blah blah", but it's too late for that now.

It seems you are the one not to understand how things work. Not even going to argue this with you. It's really not worth it lol

I still want Zhou Tong to tell me how much did he pay Rackspace for a FULLY managed server...
For people who understand 1 word is more than enough. You're not such a person, rjk...
donator
Activity: 1731
Merit: 1008
How about the claim page start with asking me my user - password then ask for OTP ?

I had not used bitcoinica for ... 3 months ... I can't recall what positions or how much I had.

Hint : I'm not going to bother filling a page full of infos I don't know about, or I never gave them, other than my email. ... on a 173.45.224.244 that could be anything.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

blah blah blah... Stop kissing Zhou tongs ass, dude.
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?
Jesus Christ, I am not responsible for how badly Rackspace fails at server administration, I'm just telling you how the fucking setup WORKS. If you can't comprehend how it works, you have no right to be placing blame.

Now obviously, using cloud services in this manner was not a good idea, and there should have been some actual dedicated hardware in use, in a locked cage, "blah blah blah", but it's too late for that now.
hero member
Activity: 504
Merit: 502
Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, create backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

The main question, why did they remain on VPS hosting after the linode VPS hack. They can buy or even rent a high powered dedicated server for peanuts nowadays.
donator
Activity: 1731
Merit: 1008
...

PS. You can claim your Bitcoinica account at https://claims.bitcoinica.com/ now.

This link's doing nothing, I tried yesterday too.
legendary
Activity: 1358
Merit: 1002
Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

blah blah blah... Stop kissing Zhou Tongs ass, dude. First it was php sessions, now you're telling me that Zhou Tong couldn't send a halt command to his instance? GTFO
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, create backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).
legendary
Activity: 1358
Merit: 1002
The terrible thing is, Rackspace refused to I didn't log the hacker out. They I (still) don't know how to do it.

Fixed that shit for you.

Was that a managed server? How much did you pay monthly/yearly to Rackspace for managing the server for you?
Um psy, do you know how a cloud works? Virtual machines. Suspend it, and it stops responding - same as physical hardware being put into sleep mode.
Even though this was done, the cracker had access to the RS admin console, which is something that they have hosted on their own infrastructure. Apparently they don't know how to invalidate a php session, and so the cracker was able to spin up a new VM instance and load a backup and away goes Mabel with all the data.

Apparently, Zhou Tong, which had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and by their I don't mean Rackspace Roll Eyes
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
The terrible thing is, Rackspace refused to I didn't log the hacker out. They I (still) don't know how to do it.

Fixed that shit for you.

Was that a managed server? How much did you pay monthly/yearly to Rackspace for managing the server for you?
Um psy, do you know how a cloud works? Virtual machines. Suspend it, and it stops responding - same as physical hardware being put into sleep mode.
Even though this was done, the cracker had access to the RS admin console, which is something that they have hosted on their own infrastructure. Apparently they don't know how to invalidate a php session, and so the cracker was able to spin up a new VM instance and load a backup and away goes Mabel with all the data.
legendary
Activity: 1358
Merit: 1002
The terrible thing is, Rackspace refused to I didn't log the hacker out. They I (still) don't know how to do it.

Fixed that shit for you.

Was that a managed server? How much did you pay monthly/yearly to Rackspace for managing the server for you?
legendary
Activity: 1458
Merit: 1006

Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response.

http://www.rackspace.co.uk/managed-hosting/solutions-for-business/type-of-business/finance/

Quote
Your business demands that you have 24/7/365 access to your trading systems, email, back-office applications and websites.

vip
Activity: 490
Merit: 502
Err, pull the plug for the whole dedicated server is that hard?
If I'm not mistaken, it was hosted on RS Cloud Servers (similar to AWS), and I assume that shutting it down would destroy valuable evidence that could remain in memory.

They pulled the plug (suspend the servers), but the hacker was still in session. Thus the hacker is able to re-create cloud servers using our backup images.

Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Err, pull the plug for the whole dedicated server is that hard?
If I'm not mistaken, it was hosted on RS Cloud Servers (similar to AWS), and I assume that shutting it down would destroy valuable evidence that could remain in memory.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.

Almost.
Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents.

And he ought only have hashes of passwords.

Link me to more detail on the "EXPECT MASS LEAK" message?

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

This is an address some of the stolen money was sent to

Notice the transaction amounts:

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

The part after the decimal point is ascii binary, and it converts to: expect mass leak soon

Also, the address starts with 1EML

Expect Mass Leak

Converter:
http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

(for amounts that don't have 8 decimal places you need to add in more 0's, the 116BTC transaction is irrelevant I think)

Great find Blazr! I wonder if the attackers are planning to leak the database in the open? Transaction information, etc.

Another point that I don't know if people thought about is, what happens with those generated MtGox codes on the database that haven't been redeemed by the users yet? Could the attacker cash them out at will (and probably already did) to hundreds of MtGox accounts, or even instantly exchange them to LR or other currencies using services like the one we  offer?

What is interesting is, Friday RIGHT before Bitcoinica went down we were trying to withdraw several thousands using MtGox (this is common practice for us since as funding partners, we usually get more Bitcoinica than what we sell, and eventually we need to turn it back into fiat). What is interested is that I was hitting the "MtGox limit temporarily reached" a lot of the times, even with small test amounts such as $100. I wonder if at that point, the attacker indeed emptied the bitcoinica MtGox account from funds.

I mean, think about it: with full access to the server, what would have prevented the hacker from issuing a whole bunch of MtGox redeemable codes and completely empty their account?


No, I was online for the entire duration of the hacking. I revoked the keys immediately. The withdrawal limit had already been reached due to normal withdrawals.

The terrible thing is, Rackspace refused to log the hacker out. They don't know how to do it.

Err, pull the plug for the whole dedicated server is that hard?
vip
Activity: 490
Merit: 502
The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.

Almost.
Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents.

And he ought only have hashes of passwords.

Link me to more detail on the "EXPECT MASS LEAK" message?

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

This is an address some of the stolen money was sent to

Notice the transaction amounts:

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

The part after the decimal point is ascii binary, and it converts to: expect mass leak soon

Also, the address starts with 1EML

Expect Mass Leak

Converter:
http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

(for amounts that don't have 8 decimal places you need to add in more 0's, the 116BTC transaction is irrelevant I think)

Great find Blazr! I wonder if the attackers are planning to leak the database in the open? Transaction information, etc.

Another point that I don't know if people thought about is, what happens with those generated MtGox codes on the database that haven't been redeemed by the users yet? Could the attacker cash them out at will (and probably already did) to hundreds of MtGox accounts, or even instantly exchange them to LR or other currencies using services like the one we  offer?

What is interesting is, Friday RIGHT before Bitcoinica went down we were trying to withdraw several thousands using MtGox (this is common practice for us since as funding partners, we usually get more Bitcoinica than what we sell, and eventually we need to turn it back into fiat). What is interested is that I was hitting the "MtGox limit temporarily reached" a lot of the times, even with small test amounts such as $100. I wonder if at that point, the attacker indeed emptied the bitcoinica MtGox account from funds.

I mean, think about it: with full access to the server, what would have prevented the hacker from issuing a whole bunch of MtGox redeemable codes and completely empty their account?


No, I was online for the entire duration of the hacking. I revoked the keys immediately. The withdrawal limit had already been reached due to normal withdrawals.

The terrible thing is, Rackspace refused to log the hacker out. They don't know how to do it.
donator
Activity: 826
Merit: 1060
I have violated my promise (of "not to post anything [about Bitcoinica]") yesterday
A word of friendly advice, zhoutong: your life will be much easier and lower-stress if you leave this mess to Donald, Patrick and Amir to sort out.

I mean, we all appreciate everything you have done, and that you have been the most communicative representative of the service, but it's not your problem anymore.

So why not disable your forum login, block access to the forum in your computer's host file, back away from the keyboard, and focus on your studies and on enjoying the great lifestyle that Australia has to offer. It's not your problem anymore.
Pages:
Jump to: