About the recent server compromise - page 8.

MakingMoneyHoney

hero member

Activity: 504

Merit: 500

Quote from: BDCoinMiner on May 25, 2015, 02:25:49 PM

Welcome Back!

Just out of curiosity, I wander what could be the possible 'gain' for attacker by attacking BCT forum, other then mental satisfaction ?

Yes, a lots of user contact data, related to CryptoCurrency which can be use for other phishing attack...

Other then above, what could be the 'direct' gain he/she/they (The attacker) had in mind at time of attacking??

Cheers!

If someone used the same username/password with email/online banking accounts/exchanges they could log in and withdraw the money, or use password resets to the email account and withdraw money.

This is a nice read on how easy someone can use some information to get past other checkpoints, such as 2FA - http://www.theverge.com/a/anatomy-of-a-hack

marcotheminer

legendary

Activity: 2072

Merit: 1049

┴puoʎǝq ʞool┴

Quote from: BDCoinMiner on May 25, 2015, 02:25:49 PM

Welcome Back!

Just out of curiosity, I wander what could be the possible 'gain' for attacker by attacking BCT forum, other then mental satisfaction ?

Yes, a lots of user contact data, related to CryptoCurrency which can be use for other phishing attack...

Other then above, what could be the 'direct' gain he/she/they (The attacker) had in mind at time of attacking??

Cheers!

Gaining access to accounts and scamming with them or selling them. Also spamming emails.

BDCoinMiner

member

Activity: 111

Merit: 10

The Future is Here; Grab it Fast Before Past

Welcome Back!

Just out of curiosity, I wander what could be the possible 'gain' for attacker by attacking BCT forum, other then mental satisfaction ?

Yes, a lots of user contact data, related to CryptoCurrency which can be use for other phishing attack...

Other then above, what could be the 'direct' gain he/she/they (The attacker) had in mind at time of attacking??

Cheers!

damm315er

sr. member

Activity: 539

Merit: 255

https://twitter.com/#!/2256561481/status/602900410647580672

AgentofCoin

legendary

Activity: 1092

Merit: 1001

This might be a dumb question, but why aren't emails also hashed on the server?
(If the user decides not to display it in their own profile, the only people who know it is the user, mods, and the server).

galdur

hero member

Activity: 616

Merit: 500

Well, nothing amiss here it seems. Changed the password. No suspicious emails received so far. Looks like it´s back to plain sailing. Good luck, g

alani123

legendary

Activity: 2394

Merit: 1412

Leading Crypto Sports Betting & Casino Platform

Oh I see, Nsa.gov...

Xialla

legendary

Activity: 1036

Merit: 1000

/dev/null

Quote from: alani123 on May 25, 2015, 02:02:36 PM

Quote from: btcdealer.nl on May 25, 2015, 01:57:39 PM

9800 Savage Rd
Fort Meade, MD 20755
USA

Wink

What is this?

NSA address my friend.

btcdealer.nl

full member

Activity: 235

Merit: 250

Quote from: alani123 on May 25, 2015, 02:02:36 PM

Quote from: btcdealer.nl on May 25, 2015, 01:57:39 PM

9800 Savage Rd
Fort Meade, MD 20755
USA

Wink

What is this?

Address of the most loved agency in this world Tongue

alani123

legendary

Activity: 2394

Merit: 1412

Leading Crypto Sports Betting & Casino Platform

Quote from: btcdealer.nl on May 25, 2015, 01:57:39 PM

9800 Savage Rd
Fort Meade, MD 20755
USA

Wink

What is this?

btcdealer.nl

full member

Activity: 235

Merit: 250

9800 Savage Rd
Fort Meade, MD 20755
USA

Wink

1Referee

legendary

Activity: 2170

Merit: 1427

Quote from: Lauda on May 25, 2015, 01:46:28 PM

Quote from: Panthers52 on May 25, 2015, 01:24:33 PM

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

Actually there is quite some damage. Passwords are irrelevant,as they can be changed.
A lot of people are going to be targeted due to this

Quote

- Last-used IP address and registration IP address

There are people who sometimes use a VPN, and some that don't use it at all. We will see what happens in the future.
Hopefully the attacker gets found.

For most people it doesn't matter if their IP address is now in the hands of the hacker, they will most likely target those with the highest ranks and based on how important that person is in the community.

Panthers52

hero member

Activity: 675

Merit: 502

#SuperBowl50 #NFCchamps

Quote from: Lauda on May 25, 2015, 01:46:28 PM

Quote from: Panthers52 on May 25, 2015, 01:24:33 PM

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

Actually there is quite some damage. Passwords are irrelevant,as they can be changed.
A lot of people are going to be targeted due to this

Quote

- Last-used IP address and registration IP address

There are people who sometimes use a VPN, and some that don't use it at all. We will see what happens in the future.
Hopefully the attacker gets found.

I am not sure why anyone would consider not using a VPN. They are really not very expensive to use and they provide a lot of added privacy.

Fernandez

legendary

Activity: 1008

Merit: 1000

I was using a moderately strong password which I could remember too. Now I will have to come with another system.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: Panthers52 on May 25, 2015, 01:24:33 PM

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

Actually there is quite some damage. Passwords are irrelevant,as they can be changed.
A lot of people are going to be targeted due to this

Quote

- Last-used IP address and registration IP address

There are people who sometimes use a VPN, and some that don't use it at all. We will see what happens in the future.
Hopefully the attacker gets found.

Panthers52

hero member

Activity: 675

Merit: 502

#SuperBowl50 #NFCchamps

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

1Referee

legendary

Activity: 2170

Merit: 1427

As far as I can see no one had access to my account. I have set a stronger password just in case. Better safe than sorry. Credits to theymos for his hard work.

matt4054

legendary

Activity: 1946

Merit: 1035

I'm quoting this for those like me who didn't understand why they couldn't login after changing pwd yesterday

Quote from: theymos on May 25, 2015, 10:39:49 AM

If you changed your password in the short time when the forum was online a little over a day ago, the change didn't stick. You'll have to change it again.

alani123

legendary

Activity: 2394

Merit: 1412

Leading Crypto Sports Betting & Casino Platform

What's the limit for passwords? I tried using an unreasonably large string as my password and didn't receive any error messages (despite the load time after I press the login button being huge). Were the last characters of the string cut off for it to fit a certain limit?

nor9865

hero member

Activity: 700

Merit: 500

If you think you know me.. Think again

Quote from: timk225 on May 25, 2015, 12:46:50 PM

15 XAU....how much is that in US Dollars? If it isn't enough for me I will not tell what I know about the attack. Hint -- it came from China. They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.

XAU is Gold

Quote

XAU-USD 1,206.9400 Price of 1 XAU in USD

Topic: About the recent server compromise - page 8. (Read 15325 times)