Pages:
Author

Topic: About the recent server compromise - page 6. (Read 15385 times)

legendary
Activity: 1736
Merit: 1023
May 25, 2015, 05:29:32 PM
Thanks for the info and hope you are able to figure out exactly how it happened.
legendary
Activity: 1148
Merit: 1018
It's about time -- All merrit accepted !!!
May 25, 2015, 05:12:43 PM
Did he confirm his identity ??

check the pgp signature in the e mail you would have got.

that confirms it

----------

Thanks for these details.

Also the people running this board CANNOT control if someone social eng. the employee's working or the isp.
This hack is not on them.

Furthermore I would suggest to everyone to do what i do regarding forums or anything else you 'sign up for' ....

Always use different e mail addresses and long difficult passwords, (also login names if possible)

If the information in the op is correct my password is good for several million years at present technology although I did change it as recommended.

Another item to remember.  If you use the e mail for this forum for other 'accounts' , for example twitter, or a coin exchange.....  remember for many places your e mail address is as good as your log in name.....

Therefore it may make it MUCH easier for someone to attack you someplace else unless you use only e mail addresses for one place. 

Anyone who uses the same password for more than one thing in life is just a sitting duck in cyberspace waiting to be taken out.

Personally what I am most curious about is why someone would go to such trouble to hack this forum ?

As most here are going to be way above average in security habits the chance of getting a password to something else is almost nil (and they were not stored in plaintext although I guess the attacker may have hoped they would be) . 

Was it an enemy of bitcoin ??

Was it a teenager hoping to be a famous hacker ?? (doubtful no one claimed respnsibility or  posted information to pastebin proving they pulled this off)

Was it some curious person wondering if they could figure out who Satoshi is ??

Was it a wealthy jealous spouse that paid a private investigator a lot of money to 'sniff out' all their spouses online activity ?

Was it a team of scammers hoping to steal bitcoin ??

I wonder....


When hacks take place they remind everyone how important it is to practice good secure methods on everything.  I guess now we wait and watch........ see what happens next.

   
vip
Activity: 308
Merit: 250
May 25, 2015, 04:47:25 PM
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.
I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.

ddosbtc is fucking around with his annoying booter.
global moderator
Activity: 4018
Merit: 2728
Join the world-leading crypto sportsbook NOW!
May 25, 2015, 04:44:17 PM
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.
I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.
legendary
Activity: 2912
Merit: 1309
May 25, 2015, 04:32:15 PM

After he got KVM access, the attacker convinced the ISP NFOrce that he was me (using his KVM access as part of his evidence) and said that he had locked himself out of the server. So NFOrce reset the server's root password for him, giving him complete access to the server and bypassing most of our carefully-designed security measures. I originally assumed that the attacker gained access entirely via social engineering, but later investigation showed that this was probably only part of the overall attack. As far as I know, NFOrce's overall security practices are no worse than average.


To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.


please do so!
legendary
Activity: 2674
Merit: 2970
Terminated.
May 25, 2015, 04:28:06 PM
I don't think he stated or insinuated that, just that people should consider using them.

Have others received an email from the forum? I took a quick peek. Just want to verify if isn't something fishy.

Yes, they were sent out by theymos en masse, though that doesn't mean you might not have recieved a phishing mail. I'm sure the hacker will try something with our emails.
Well yes, I do agree on that. People should consider using one and using Protonmail (or a similar service) with Bitcointalk. Using that email only for Bitcointalk is also recommended.
I'm pretty sure that individuals will receive emails in the future; whoever uses the same email for other services too will receive a taste of social engineering.

I recall theymos saying that deleted PMs and posts are kept in the db? This is a concern (especially PMs) in situations like these. Hopefully PMs have not been compromised.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
May 25, 2015, 04:20:15 PM
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.
I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

It's also loading slower for me, although I'm confident that this will improve throughout the day.
legendary
Activity: 1736
Merit: 1029
May 25, 2015, 04:18:10 PM
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.
I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?
sr. member
Activity: 366
Merit: 250
May 25, 2015, 04:17:33 PM
I am not sure why anyone would consider not using a VPN. They are really not very expensive to use and they provide a lot of added privacy.
If you believe that the majority of the users here use a VPN you are wrong.

I don't think he stated or insinuated that, just that people should consider using them.

Have others received an email from the forum? I took a quick peek. Just want to verify if isn't something fishy.

Yes, they were sent out by theymos en masse, though that doesn't mean you might not have recieved a phishing mail. I'm sure the hacker will try something with our emails.
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
May 25, 2015, 04:16:18 PM
Theymos,

Check your PMs. I sent you some info on something that might get the ball rolling. That said there are obvious suspects which info I already provided to CCN. Some press coverage might get the right wheels greased to get an actual investigation going.


I don't think a witchhunt + grease is a good combination, it just ends up in a "everyone is Satoshi" shitstorm that gets innocent people caught up. Those that aren't yet aware of the hacking yet probably don't have the expertise to work it out, so let those that do get on with it.
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
May 25, 2015, 04:12:55 PM
What's the limit for passwords? I tried using an unreasonably large string as my password and didn't receive any error messages (despite the load time after I press the login button being huge). Were the last characters of the string cut off for it to fit a certain limit?

No, the last characters are not cut off, at least not at any "reasonable" password length.  My password here is over 60 characters, and it still cares about whether the last character is entered. 

I used a 2024 character string though. Not the most reasonable password length eh? I was pretty surprised to see that there wasn't any warning or error message and that's why I came here to ask if there's any limit.

Aaaaaand now we know the reason why the server lags every now and then, you're signing in Cheesy For the sake of the servers might want to set it to a reasonable 50 or so, which has the same strength of 2048 = not worth bruting = just as likely to be social'ed or reset.


Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now Wink.   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).
PS: however good luck with the search.

From what I saw it wasn't a new virtual identity that was used in the attack.

legendary
Activity: 2674
Merit: 2970
Terminated.
May 25, 2015, 03:43:10 PM
I am not sure why anyone would consider not using a VPN. They are really not very expensive to use and they provide a lot of added privacy.
If you believe that the majority of the users here use a VPN you are wrong.

For most people it doesn't matter if their IP address is now in the hands of the hacker, they will most likely target those with the highest ranks and based on how important that person is in the community.
Then I should have posted less I guess. Although a high post count is quite useless. I'm going to assume that the most likely targets would be people on the default trust list and people with a lot of trust (100+).

Have others received an email from the forum? I took a quick peek. Just want to verify if isn't something fishy.
hero member
Activity: 532
Merit: 500
May 25, 2015, 03:36:58 PM
Theymos,

Check your PMs. I sent you some info on something that might get the ball rolling. That said there are obvious suspects which info I already provided to CCN. Some press coverage might get the right wheels greased to get an actual investigation going.
staff
Activity: 3304
Merit: 4115
May 25, 2015, 03:31:09 PM
Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ? Shocked Probably not the IP range but well

If having a IP address was that big of an issue, nobody would be safe. Just imagine the amount of websites you've connected to over the years. If you have open ports it can slightly more concerning, but it would likely require a number of things to be truley concerened. For example, vunerable software. Keep up to date with the latest patches is normally advised. If the hacker was interested in using the IP to exploit, it would more than likely be on highly ranked members with a large presensce within the Bitcoin community.

An issue some users may find, is that the hacker may have your IP address, which is a place to start exploiting. Your hash of your password. So if he/she does crack it then they know of one possible password you might use or varations of it. Or have a general idea of the passwords you use. They may also have a secret question and answer. But, I always recommend not using them, or if you must make it completely random.

Of course, if you are concerned. Then you should get started in cranking up your security. A lot of users will be doing this, just to keep it fresh.
legendary
Activity: 1568
Merit: 1031
May 25, 2015, 03:25:13 PM
Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now Wink.   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).


PS: however good luck with the search.

You'd probably be suprised by how easy some people can trick others into giving them sensitive information. I've seen it done on a much smaller scale and all it took was a little bit of confidence. There's also been reports over the years of simple techniques used against big companies and much more sensitive data.

Yes I am surprised and I know that a 100% security doesn't really exist but c'mon... we are talking about a big service provider and it should not be easy to trick them (in my honest opinion) but everything is possible. The real problem is always the people, you can build the security that you want but you are fuc**ed if an employee will reset the pwd .

Well Seems like It dosen't matter how big the service provider is anymore .
I mean look how big Amazon and famous it is . and you can trick them in less them 60 seconds . "Oh empty box" => "GG , refunded" and people are doing it all the time .
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
May 25, 2015, 03:24:19 PM
Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ? Shocked Probably not the IP range but well

This depends on your ISP. Having your modem/router closed overnight usually does the job. If you didn't login during the short time that the forum was back up but then went offline again then I'm guessing that you most certainly should have a new IP address than the one last used to login.
legendary
Activity: 1778
Merit: 1043
#Free market
May 25, 2015, 03:22:41 PM
Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now Wink.   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).


PS: however good luck with the search.

You'd probably be suprised by how easy some people can trick others into giving them sensitive information. I've seen it done on a much smaller scale and all it took was a little bit of confidence. There's also been reports over the years of simple techniques used against big companies and much more sensitive data.

Yes I am surprised and I know that a 100% security doesn't really exist but c'mon... we are talking about a big service provider and it should not be easy to trick them (in my honest opinion) but everything is possible. The real problem is always the people, you can build the security that you want but you are fuc**ed if an employee will reset the pwd .
legendary
Activity: 2632
Merit: 1094
May 25, 2015, 03:19:11 PM
Now I started receiving spam emails from maximeco******@gma and some vayne*****@gmail.com. Any way to report these emails or ban these users' accounts as they seem to be the hackers.

Of course they can be reported to your email provider but blocking out the emails doesn't do much good for the forum to be able to do anything about it not that they could anyway as they likely wont be linked to accounts here.

I have reported the emails to theymos and hope that he can track those accounts and take an action soon. I don't know how to report it to my email provider. I just clicked "Report Spam."
newbie
Activity: 29
Merit: 0
May 25, 2015, 03:16:41 PM
Well I couldn't get into my account and for a while it looked like the password recovery wasn't working.

Thankfully I don't reuse passwords, but it's always a good wake up call to just go through and refresh your passwords on anything vaguely important once in a while..
legendary
Activity: 1568
Merit: 1031
May 25, 2015, 03:15:11 PM
Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ? Shocked Probably not the IP range but well
Pages:
Jump to: