Topic: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off - page 3. (Read 18562 times)

That statement does not indicate shit.
I don't have any account with your mentioned sites or sites that have been hacked. I am extremely paranoid and use one time identities and one time passwords for different sites/forums/communities. Even if some site was hacked that we don't know about, attackers would never be able to tie them to this one. Go ahead and try to find info about mewantsbitcoins or any other identifies tied to it.
The reason why I don't post my password is because if someone really wanted to target me, this would give them advantage, however small. Anyone with half a brain and basic understanding of IT security would do the same.

Anyway, I'm not here to argue about security practices. I don't think my password was secure - I know it was. I only came back here and posted what I thought because people seem to be mislead by this "clarification" bs.

From what I've seen I can conclude with certainty that Mark is incompetent and greedy and it is just a matter of time before this will happen again. It is unfortunate that some people are too thick to realize they are going to lose their money. But I am not even very worried about them - they deserve everything they get. What I'm worried about is the image of bitcoin and articles in press. It is very difficult to bring in new, serious people, when our major exchange is a joke.

Indeed...


There is no way the passwords above have been bruteforced by conventional mechanisms. MD5-based crypt() can be theoretically attacked at 10 Mpw/s on an HD 6990 (the best public bruteforcer, oclHashcat, only achieves 5 Mpw/s on this card). Given a search space of length 10 and random printable ASCII chars (and the passwords above are even stronger), and a private tool doing 10 Mpw/s, it would take on average 948 years on a cluster of 100 HD 6990 to bruteforce only one of them! Therefore, there are only a few possible theories:

• Theory 1: The attacker compromised MtGox.com and logged the passwords on the server side, for every authentication attempt. This would be very serious. MagicalTux has not hinted this was a possibility. (But who knows? He doesn't seem very good at investigating breaches, eg. he first denied evidence of SQL injection, then confirmed there was one, etc).
  
• Theory 2: The attacker phished passwords or keylogged them in targeted attacks against specific individuals. This seems possible given previous reports of individuals having had their Bitcoins stolen from their personal computers.
  
• Theory 3: Inside Job. MtGox had to scale up very rapidly these past few months. They may have hired one individual, without proper background checks, who is stealing passwords and money from the MtGox infrastructure.
  
• Theory 4: The MtGox password hashes were compromised before April 2011, when raw MD5 hashing was in use (MagicalTux said he started migrating to salted MD5-crypt only 2 months ago). This would have made bruteforcing 1000x faster for a single password, and doable in parallel on all hashes instead of one at a time (thanks to the absence of a salt). It would have taken the same cluster of 100 HD 6990 described above about a year to cover a 10-char random printable ASCII search space. However, given the large number of hashes (65k), a fraction of them would have been broken after 2 months of bruteforcing. However theory 3 is not very likely, after all the passwords shown above are even longer than 10 chars.
  

This statement indicates that your password was insecure.

If all it takes to risk guessing your password is to know your password generation logic, then the breach of any of the dozens of websites on which you have a password-protected account, may have helped the attacker in guessing your password. What happens when a password hash leak occur is that attackers generate candidate passwords based on bruteforcing results from previous leaks (Gawker, phpbb, MySpace, etc). They read them, try to understand how users picked them, and they adjust the mangling rules in their bruteforcers.

Also you would not be the first one to think your password was relatively secure when in fact it turned out to be complete crap (this guy claimed his password was secure, and even lied about its length, when it was in fact "rascal101").

Thanks MagicalTux for this explanation.  It really helps build back the trust, and it seems like you've got a good idea of how things should be secure.  I 100% trust your intentions, and theoretical understanding of what should be done from a security standpoint.  I don't have enough trust in your followthru or trust you'll have the bandwidth to provide excellent service, but you've got opportunities in the future to earn that too. 


There is a *BIG* flaw in your logic, bitsalame.  If disclosing just one of your passwords can enable an attacker to tailor attacks against your other passwords, you have to trust *all* the sites that you use that style of passwords to not store plaintext passwords and intentionally be evil.  That, in my opinion, is a really risky assumption.  Also with your method it's more easily possible to truely forget a password.  For these reasons, I think it is less risky to use a password manager to create truely random passwords.  (There's risk there too... but I think less risk.)

precisely what i've been thinking.  i truly think a major financial institution or gov't related entity hacked the system with its sole purpose to drive down the price of btc.

stealing the btc outright which would have been the logical and easiest first move for an individual.  why go to the trouble of creating a selloff lasting 30 min?  stealing the btc for an institution or gov't would have been an international crime whereas a creating a selloff could just be considered "national security".  stealing the DB would also be information gathering.

There is some indication that the password file was stolen more than two weeks before the break-in.  At least one person has said that their (cracked and exposed) password was in effect 17 days prior.  The hacker(s) apparently had lots of time to break many passwords.

I've found four sets of cracked passwords from the master list so far.  Two of the files were made by some *serious* crackers, with each file having over 3000 cracked passwords.


The user jed (user #1) was _not_ among the cracked passwords that I've seen so far.

There were no users with a @mtgox.com email address among the cracked passwords so far.

The user mewantsbitcoins was _not_ among the cracked passwords so far.

All of those passwords must have been reasonably strong, at minimum.


Many of the passwords that *have* been cracked look pretty damn strong.  Like, 14 characters long with alpha/numeric/symbol and no obvious patterns or weaknesses.  Scads of them are 12-characters long.  It's pretty scary, actually.

People: you really need to re-think what it means to have a strong password these days.  A billion attempts per second really adds up.  The cracking programs aren't just picking sequentially -- they are clever.  For example, if you think Leet-speak (e.g. subbing @ for a, 3 for E, and so on) is smart, you're wrong -- the good cracking programs try all of those variations as alternate spellings of words or partial words.  If you think an arcane non-word and keyboard pattern is smart, you're wrong -- trogdor321!!!~ was much easier than some of the other passwords that have been cracked... (it was strong-bad

It's time to move over to strong *pass phrases* -- several unrelated words strung together.  Go to a place like diceware.com and get some serious entropy on your side.  Or use a password manager and generator like 1password, LastPass, KeePass, etc.

Humans are humans, and it will always be the case that most passwords are way too weak.  The question is whether you want to be part of the herd.

Hah. It actually confirms several of them and leaves several more at least as plausible as they were before. In particular, it confirms the allegations that Mt Gox did actually have a SQL injection vulnerability and the theory that the attacker had somehow managed to gain write access to the database and created themselves a whole bunch of coins from thin air, both of which contradicted Mt Gox's previous statements.

You quoted part of where they explained it, the full quote being:

Which to me says pretty clearly the attacker assigned themselves coins out of thin air.

I'm glad to see this release, only I wish it was made a week ago. Hopefully it'll put to bed at least some of the conspiracy theories and accusations.

I'm wondering why they couldn't have be more forthright, however. Was there an NDA or gag order involved, or did they just want to be sure to have fully investigated and sealed the security holes before informing us?

An NDA might make sense, as many website and software sales that involve residual payments also have a holding period during which the previous owner is somewhat liable for certain issues (Previous patent claims, undisclosed legal or security issues, etc). Revealing anything about the residuals and the former owner's involvement post-sale might have been in their contract, which would ostensibly include talking too much about the hacked account.

(I'm not a lawyer. I only know some of this because my stepbrother just sold his software company)

Wrong ius.
Even if the password is cryptographically strong, it doesn't mean that it can't actually allow you to predict his future passwords by the style of it.
For example, I have a specific method to remember passwords without storing it anywhere.

I know that my passwords would never be cracked within a millenium since it is base96+1 (alphanumeric+upper/lower case+symbols+foreign language characters) even in a Class F which is the highest level of cracking possible (1,000,000,000 Passwords/sec) normally possible with supercomputers and distributed cracking.

I know that my passwords are not in dictionaries.
But I am not a computer so I can't memorize random characters, therefore I use some heuristics and mnemonics to remember them.

If you saw my password, you could deduce from my style the rules I set for myself for all the passwords I am using on every single site and the future ones I'll generate.
You might not guess it right away, but you could tailor an attack for me, launching a statistical attack, or just making a password generating algorithm based on what type of rules I set up in my mind for new passwords.
It would considerably narrow down the possible passwords and accelerating considerably the cracking speed with a extremely higher degree of success.

Yes, it is security through obscurity, but this obscurity is in my brain, and as long as you don't have a mind reader the password will remain cryptographically secure.
(for the record, my password wasn't cracked, and I am also cracking it myself to test it out. I got more than 2000+ passwords cracked mine is still holding up pretty well and it should remain that way)

Therefore I totally agree with mewantsbitcoins, telling your password is stupid.
It can be really secure and be impossible to crack with current means, but knowing his mindset it might reveal everything.

Ah. One major thing that's bugging me is this - if the person doing this had so much access, why couldn't they change their limits and withdraw a large chunk of their freshly-created bitcoin balance? The original Mt Gox statement said that the withdrawal limits stopped them, but we now know that statement's stuffed full of BS. Whether they were just attempting to damage trust in bitcoins or were actually trying to make money, this would be a much more effective way of doing it.

Still, at least Mt Gox eventually admitted what's been obvious for a while: they've been lying to us. It was fairly clear that the total amount of bitcoins they had was less than the amount they were claiming was in the "single large account" that got compromised, and they had to have known that all along too. Which in turn meant that their claims of "read-only" access to the database must've been wrong.

- If you maintain proper password policies, you shouldn't have to worry about disclosing a password which you're not using anymore (you weren't reusing it anywhere, were you?)
- If it was actually 'random' and 'long' enough you should be able to determine the average time required to crack it - ie. the feasibility of a brute force attack (dictionary should be useless) given am average set of cracking hardware (GPUs).

All that, without having to resort to calling me retarded.

You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.
Like I said - hash is up there. If you think my password could have been cracked in couple of days - go ahead and try. If you're serious about it, I'll even add few of my 5870s to your hardware to prove it was good enough for this particular application

Then please disclose your password - if it was anything but totally random & a-z/A-Z/0-9/special & >9 chars you were definately at risk.

Why did you still have an account with administrator privileges? Auditing? Why did it still grant additional privileges with respect to being able to modify account balances?


Absolute nonesense. If you discover a vulnerability it's your duty to inform your users, doesn't matter whether you are actually compromised or not - there's a risk and you should inform people about it.

I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades.

Mt.gox says they he doesn't know:
No, it doesn't if you offer adequate reward, hence greedy.

Hence, incompetent.
A monkey can restart server and fire away an email.

And for the conspiracy theorists: could it just be that mt.gox's and your bots
were "assigning these simply numbers"
to themselves for us to enjoy this remarkable growth period? It is fairly easy to make profit when you have access to all the data, isn't it?
Just sayin

mewantsbitcoins:
Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.
> If someone gained admin level user account why would they go to the lengths of SQLi to get the database?
My account still had admin access. They were able to get my account password because of the SQLi

I'm sure Mark is very busy with mtgox so has been neglecting Kalyhost.

Mistakes were obviously made but I don't think Mark is being greedy or incompetent here. He needs to hire more people and he knows this. But which if you have ever tried to do you know takes time which he doesn't have much of these days.

If it was not publicly leaked, that would be of interest.  I would like to know where the BTC went, and what about Keven?

All this "Clarification" BS is fine and dandy, but my account was compromised(or atleast Mt.gox would like me think so) and I can't figure out how. This I know from the logs provided by Mt.gox:

That is not my IP.

While my password was not the most secure, I don't believe it could have been cracked in the short amount of time attackers had. You are welcome to try to crack it:
Out of curiosity I put JTR to work but after 12 hours no luck yet.

You may say that my computer might have been compromised and someone got my password from a keylogger. While I can't be 100% certain, I am fairly confident it wasn't. I work in IT and know few things about IT security. Plus, if that were true and my computer indeed got compromised, my other accounts would have been accessed too, which is not the case.
Note: I don't reuse passwords, so it could not have been a password from another account. This is a one time password and I used it only on one computer. My OS is not Windows.

In general, I have to say - things don't add up from where I stand. If someone gained admin level user account why would they go to the lengths of SQLi to get the database?

I can think of two scenarios where such things would be possible and none of them are compatible with this "Clarification" story.

On an unrelated note, I bought hosting from https://www.kalyhost.com/ which belongs to Mark Karpeles. The server has been down for more than two weeks now and I can't get a response from him despite sending several emails.

To sum up, I've drawn my conclusions, but was highly surprised to see people going back to Mt.gox and trading like nothing has happened. This is EXTREMELY greedy and incompetent individual trying to manage huge amounts of money. It will end up in tears eventually and you'll have no one to blame but yourself.


And before you ask for my tradehill reference code, I don't have one - I think they are shit too. My advice is to stay away from people who can't afford a dedicated server.

Those are quite possibly the same thing. The blurb is, perhaps intentionally, unclear on the exact details. Where it says "was able to arbitrarily assign himself a large number of Bitcoins" it could be that that large number is the total number of Bitcoins in the system, which would effectively be a pooling of all user balances (not necessarily zeroing out user balances, just a sum/view).

If there are no safeguards to limit admins to a balance that is actually backed, then an attacker could 'create' 50 million BTC and sell as long as there are buy orders. This would of course have to be rolled back.

"We would like to note that the Bitcoins sold were not taken from other users’ accounts—they were simply numbers with no wallet backing." doesn't specify whether there are internal safeguards against going over the backed limit, but it makes it possible.

BTW, saying the withdrawal was prevented by unspecified security measures could mean they had an on-line wallet that was used for small or expected day-to-day withdrawals and perhaps their off-line wallet was accessed once every 24 hours to move funds back and forth as necessary. But the full withdrawal could just as well have been prevented by panic sells and opportunistic buys quickly driving the price up (0.50 USD/BTC for a withdrawal of 2000 BTC with a $1000 limit).