Topic: [BDK] - Liquidating, Permanent Closure - - page 2. (Read 16700 times)
For future reference, our very own Mike works in Google's abuse department.
Hmmm, formatting of my post is all messed up, sorry about that.
I've contacted the police and will head over in the afternoon. I have no expectations.
Fwiw, current damages in the form of funds withdrawn are 344.117BTC. Current damages in the form of funds needing to be sent for the reversal of transactions related to this are 204.85BTC. The grand total, then, is 548.967BTC in damages, or a bit over $4.8k at current rates. However, the various lenders and related contacts, have, in a show of extreme generosity, provided 180BTC worth of relief, significantly offsetting losses.
I was a shack, I am now a barricade, and within a week, I will be a fortress.
Cheers,
Ben
(and thanks, Nef)
Fwiw, current damages in the form of funds withdrawn are 344.117BTC. Current damages in the form of funds needing to be sent for the reversal of transactions related to this are 204.85BTC. The grand total, then, is 548.967BTC in damages, or a bit over $4.8k at current rates. However, the various lenders and related contacts, have, in a show of extreme generosity, provided 180BTC worth of relief, significantly offsetting losses.
I was a shack, I am now a barricade, and within a week, I will be a fortress.
Cheers,
Ben
(and thanks, Nef)
After speaking with Kluge(verified it was him) we've done a few things.
His account has been frozen, as have both BDK and BDK.BND assets meaning they can't be traded, they will remain frozen until everything has been cleared up(likely a couple of days).
We will be reversing those transactions for these two assets from the break in, those who bought will have their BTC returned.
Dividend payments due soon (within the next 24 hours I think) for these assets will be delayed, possibly by a couple of days.
The alternativ to this would be to close down the assets.
Kluge is going this route at great personal expense.
Nefario.
His account has been frozen, as have both BDK and BDK.BND assets meaning they can't be traded, they will remain frozen until everything has been cleared up(likely a couple of days).
We will be reversing those transactions for these two assets from the break in, those who bought will have their BTC returned.
Dividend payments due soon (within the next 24 hours I think) for these assets will be delayed, possibly by a couple of days.
The alternativ to this would be to close down the assets.
Kluge is going this route at great personal expense.
Nefario.
I've been advised the only way to get Google to release the IP activity AWS wants is by going to the police, filing a report, and hoping for a court filing leading to a demand from Google/Gmail to release information. At that time, that info can be sent to AWS, who would then hopefully release the information I'm seeking without requiring a separate demand -- or the demand could be sent directly to AWS. Then, further action can be taken.
Sounding like a strenuous, time-consuming task, but it would be nice to catch at least one of these fellows, and set a precedent that it's possible.
Sounding like a strenuous, time-consuming task, but it would be nice to catch at least one of these fellows, and set a precedent that it's possible.
"Hello Ben,
We have received your report of unwanted access to your Gmail account from an Amazon IP address.
We have completed an initial investigation of the issue and learned that the IP address you reported did indeed belong to an Amazon EC2 instance. Amazon’s EC2 service allows EC2 customers to run their applications using Amazon’s infrastructure, including IP addresses. The accesses that you reported may have come from an Amazon EC2 customer’s application. You may learn more about EC2 at http://aws.amazon.com/ec2 .
The customer we have identified runs a Social Media/Networking Site or mobile device push service. You may have signed up for this service and granted permission and provided username/password to their application to access your Gmail account. We have passed this message on to the customer that uses the IP address mentioned in your abuse report. However, we have no reason to believe that this is an actual intrusion attempt. This issue was also addressed in our security bulletins: http://aws.amazon.com/security/security-bulletins/ (see July 13th 2010 bulletin).
If you continue to see unwanted activity, please contact Google and ask that they initiate an investigation with Amazon.
Regards,
Amazon EC2 Abuse Team"
Considering police report, police I don't think would bother doing anything, vs. attempting to contact Google, a company I doubt would want to get involved without a police filing, at least. ETA: Made an indirect request to Gmail. They don't allow direct contact by default, so hopefully someone will see what I've written and contact me directly. ETA2: Made a direct request. ETA3: Also made another request of AWS.
We have received your report of unwanted access to your Gmail account from an Amazon IP address.
We have completed an initial investigation of the issue and learned that the IP address you reported did indeed belong to an Amazon EC2 instance. Amazon’s EC2 service allows EC2 customers to run their applications using Amazon’s infrastructure, including IP addresses. The accesses that you reported may have come from an Amazon EC2 customer’s application. You may learn more about EC2 at http://aws.amazon.com/ec2 .
The customer we have identified runs a Social Media/Networking Site or mobile device push service. You may have signed up for this service and granted permission and provided username/password to their application to access your Gmail account. We have passed this message on to the customer that uses the IP address mentioned in your abuse report. However, we have no reason to believe that this is an actual intrusion attempt. This issue was also addressed in our security bulletins: http://aws.amazon.com/security/security-bulletins/ (see July 13th 2010 bulletin).
If you continue to see unwanted activity, please contact Google and ask that they initiate an investigation with Amazon.
Regards,
Amazon EC2 Abuse Team"
Considering police report, police I don't think would bother doing anything, vs. attempting to contact Google, a company I doubt would want to get involved without a police filing, at least. ETA: Made an indirect request to Gmail. They don't allow direct contact by default, so hopefully someone will see what I've written and contact me directly. ETA2: Made a direct request. ETA3: Also made another request of AWS.
I am still surprised that GLBSE does not have a session expiration. That nap the scum had would have been prevented if the sessions expired after a period of inactivity.
Not so much a relief fund, but it helps. It's pretty sucky to see a heap of hard work plundered.
And yes it is a re-used address, but tagged specifically for Kluge (Ben) - current balance 90 coins: 1J4qAYqQsNJbTDhwyf7A9eCPykNLVysnp2
Edit: 120 coins - thanks to Ineedausername
Edit: Thanks also to Brendio and BurtW (current total 180)
Edit: DollarTrader and BrightAnarchist have provided donations. (current total 216)
And yes it is a re-used address, but tagged specifically for Kluge (Ben) - current balance 90 coins: 1J4qAYqQsNJbTDhwyf7A9eCPykNLVysnp2
Edit: 120 coins - thanks to Ineedausername
Edit: Thanks also to Brendio and BurtW (current total 180)
Edit: DollarTrader and BrightAnarchist have provided donations. (current total 216)
You should also set up 2-factor auth for your gmail account.
Best of luck sorting everything out.
This thread has shown me how important it could be to have an emergency, secure address to send your BTC to.
This thread has shown me how important it could be to have an emergency, secure address to send your BTC to.
My assumption of the events so far:
[1]Everything from Bitcoinica has been leaked, including credentials. I haven't been keeping up as much as I should have since I had nothing in there -- maybe that's already public knowledge. The other alternative is that EMC's credentials db was compromised, but I find that hard to believe. There are some other alternatives, including a brute force attack, which seem even more unlikely.
[2]It's possible I was stupid enough to use the same or similar password on Bitcoinica as LastPass. Clearly, I was stupid enough to use the same Gmail pw as Bitcoinica. I no longer have history of what my old LP master password was before changing it.
[3]The attacker accidentally logged onto Gmail using Tor, without realizing Gmail has Tor mostly blacklisted. He was not expecting me to be alerted. Perhaps he did not expect me to wake up relatively soon. Had he been more clever, he would have used the AWS server in MI to begin with.
[4]The attacker then....? Well, I'm not really sure what he did from 6am to 1:30pm. Maybe took a nap.
[5]While the attacker was napping and I was alerted to the unauthorized use, I changed all of my passwords to sensitive sites, including GLBSE, and LastPass, obviously.
[6]I eventually emailed Nef (11:30am? I don't have access to that email account right now), asking him to freeze my account and release recent activity info to me. He did not respond, I assume because he was sleeping.
[7]I'm assuming the session the attacker had active from before I changed the password never expired on GLBSE, nor was revoked when I changed the pw. I did not think to enable 2FA for all activities until after the withdrawal. I did not have 2FA enabled prior to this attack because I'm too cheap to buy a cell phone -- that "frugality" has obviously bitten me in the ass. (Actually, I would've had an AT&T smartphone a few days ago if they allowed me to have a different shipping and billing address....)
[8]Around 1:45pm, I was alerted to BDK.BND being dumped. You can see https://bitcointalksearch.org/topic/m.1046806 for how much was withdrawn. The funds from the BTC account were withdrawn by dumping the few remaining securities I kept. No new securities were issued, but the attacker sold all securities in the account. At that time, it was obvious what happened. I emailed Nef somewhere between 1:45p and 2p, asking him to halt all withdrawals (withdrawals from GLBSE are not immediate). I assume he was still sleeping -- he's in the UK and works just about his entire day, so understandable. At least one other lender texted Nefario as an additional alert, but it was quickly too late, and the withdrawal was processed.
Currently, I am not aware of any losses outside of what I have already reported. I have moved all coins out of my possession in case the primary OS was compromised. Ideally, Nef will reverse the fraudulent transactions.
Current "hard" losses are 344.117BTC. "Soft" losses (currently non-reversed GLBSE transactions) could push total losses near or above 2kBTC, but I'm assuming Nef will reverse the unauthorized transactions. Either way, BDK is not at immediate risk of insolvency.
[1]Everything from Bitcoinica has been leaked, including credentials. I haven't been keeping up as much as I should have since I had nothing in there -- maybe that's already public knowledge. The other alternative is that EMC's credentials db was compromised, but I find that hard to believe. There are some other alternatives, including a brute force attack, which seem even more unlikely.
[2]It's possible I was stupid enough to use the same or similar password on Bitcoinica as LastPass. Clearly, I was stupid enough to use the same Gmail pw as Bitcoinica. I no longer have history of what my old LP master password was before changing it.
[3]The attacker accidentally logged onto Gmail using Tor, without realizing Gmail has Tor mostly blacklisted. He was not expecting me to be alerted. Perhaps he did not expect me to wake up relatively soon. Had he been more clever, he would have used the AWS server in MI to begin with.
[4]The attacker then....? Well, I'm not really sure what he did from 6am to 1:30pm. Maybe took a nap.
[5]While the attacker was napping and I was alerted to the unauthorized use, I changed all of my passwords to sensitive sites, including GLBSE, and LastPass, obviously.
[6]I eventually emailed Nef (11:30am? I don't have access to that email account right now), asking him to freeze my account and release recent activity info to me. He did not respond, I assume because he was sleeping.
[7]I'm assuming the session the attacker had active from before I changed the password never expired on GLBSE, nor was revoked when I changed the pw. I did not think to enable 2FA for all activities until after the withdrawal. I did not have 2FA enabled prior to this attack because I'm too cheap to buy a cell phone -- that "frugality" has obviously bitten me in the ass. (Actually, I would've had an AT&T smartphone a few days ago if they allowed me to have a different shipping and billing address....)
[8]Around 1:45pm, I was alerted to BDK.BND being dumped. You can see https://bitcointalksearch.org/topic/m.1046806 for how much was withdrawn. The funds from the BTC account were withdrawn by dumping the few remaining securities I kept. No new securities were issued, but the attacker sold all securities in the account. At that time, it was obvious what happened. I emailed Nef somewhere between 1:45p and 2p, asking him to halt all withdrawals (withdrawals from GLBSE are not immediate). I assume he was still sleeping -- he's in the UK and works just about his entire day, so understandable. At least one other lender texted Nefario as an additional alert, but it was quickly too late, and the withdrawal was processed.
Currently, I am not aware of any losses outside of what I have already reported. I have moved all coins out of my possession in case the primary OS was compromised. Ideally, Nef will reverse the fraudulent transactions.
Current "hard" losses are 344.117BTC. "Soft" losses (currently non-reversed GLBSE transactions) could push total losses near or above 2kBTC, but I'm assuming Nef will reverse the unauthorized transactions. Either way, BDK is not at immediate risk of insolvency.
I'd be taking a good look at any GLBSE accounts that just happened to place low-ball bids on those securities...
Yes, his GLBSE account was hacked and appears all the shares/assets were crashed into whatever bids were there. Expect some reversals. 14000 BDK.BND at basically zero price isn't reasonable.
Just noticed that the bidwall @BDK.BND is gone. 
From BTC: -41.98 13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr 2012-07-22 14:49:23
From BDK: -85.8435 13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr 2012-07-22 14:51:43
From BDK.BND: -216.2935 13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr 2012-07-22 14:54:19
From BDK: -85.8435 13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr 2012-07-22 14:51:43
From BDK.BND: -216.2935 13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr 2012-07-22 14:54:19
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Multiple logins were attempted in a personal email account from a Tor exit node and shortly after by an Amazon cloud server (which seems to have succeeded and has been reported to AWS). I am assuming all email data sent to [email protected] has been compromised. All other email accounts do not appear touched. The password is shared, but I only allow one "sensitive" website to use one shared password. My initial assumption is that this is related to the multiple Bitcoinica thefts, but this is certainly not certain. I'm not sure how I managed to let it slip my mind that I used the same password elsewhere. My MtGox account, Bitcoin Wallet, and various bank/CU accounts are not assumed to be at risk unless I left compromising information in my email account. There is currently no assumed risk for Bitcoins being stolen. There is currently no assumed risk for USD being stolen. It is assumed very likely that all information sent to my email address has been compromised, including contact information (which includes Paypal receipts) sent to that email account. It is assumed very likely the attacker has sensitive personally-identifying information.
Obvious security measures have been taken to prevent future attempts. Please do not contact me with sensitive information without using a known gpg key until I have everything locked down and resolved. Please do not assume communications from me are indeed from me unless I have signed them using a known gpg key until I say otherwise.
I will provide any important updates as I'm aware of them. I apologize for any potential inconvenience or damages caused by this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJQDCedAAoJEBR6Ov1xmEtJZDwH/iH2GTaFxyT5KjTxWAMmt5Ad
5bERY7FvLu7BSaYmTsnkv4MYA0COOsCKd/e22tOCO997ElcuEUjSdGUdpq+6OuiL
5GQGzzQsLHqc5JRQRQ4m//CQ2aqbGldDiYrBj5aZXLfmIUNBjcOTM5ijsUDJJSgY
PwCGYLAHR56O9Aa7aL0L78CBCDEVmLzG0gqEjmpczBnKXA34NCV1KUs8hLlLeNEq
zp/VQHE7FFmZLMW7fkrb/mhhWiT0p3Api/g25M7CAJsSp52ima4Z/HwAwmMcpqYD
atwTPQ6VoULi2762Pevinl546otec4NyxWjcD3i0T0zw5LVDe0EdncnH9YsMjYU=
=llL8
-----END PGP SIGNATURE-----
Hash: SHA1
Multiple logins were attempted in a personal email account from a Tor exit node and shortly after by an Amazon cloud server (which seems to have succeeded and has been reported to AWS). I am assuming all email data sent to [email protected] has been compromised. All other email accounts do not appear touched. The password is shared, but I only allow one "sensitive" website to use one shared password. My initial assumption is that this is related to the multiple Bitcoinica thefts, but this is certainly not certain. I'm not sure how I managed to let it slip my mind that I used the same password elsewhere. My MtGox account, Bitcoin Wallet, and various bank/CU accounts are not assumed to be at risk unless I left compromising information in my email account. There is currently no assumed risk for Bitcoins being stolen. There is currently no assumed risk for USD being stolen. It is assumed very likely that all information sent to my email address has been compromised, including contact information (which includes Paypal receipts) sent to that email account. It is assumed very likely the attacker has sensitive personally-identifying information.
Obvious security measures have been taken to prevent future attempts. Please do not contact me with sensitive information without using a known gpg key until I have everything locked down and resolved. Please do not assume communications from me are indeed from me unless I have signed them using a known gpg key until I say otherwise.
I will provide any important updates as I'm aware of them. I apologize for any potential inconvenience or damages caused by this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJQDCedAAoJEBR6Ov1xmEtJZDwH/iH2GTaFxyT5KjTxWAMmt5Ad
5bERY7FvLu7BSaYmTsnkv4MYA0COOsCKd/e22tOCO997ElcuEUjSdGUdpq+6OuiL
5GQGzzQsLHqc5JRQRQ4m//CQ2aqbGldDiYrBj5aZXLfmIUNBjcOTM5ijsUDJJSgY
PwCGYLAHR56O9Aa7aL0L78CBCDEVmLzG0gqEjmpczBnKXA34NCV1KUs8hLlLeNEq
zp/VQHE7FFmZLMW7fkrb/mhhWiT0p3Api/g25M7CAJsSp52ima4Z/HwAwmMcpqYD
atwTPQ6VoULi2762Pevinl546otec4NyxWjcD3i0T0zw5LVDe0EdncnH9YsMjYU=
=llL8
-----END PGP SIGNATURE-----
Ouch.
Just for curiosity's sake,
Why would one place greater emphasis on OTC than on eBay? Someone can have eBay history back to '98, I'm not sure about this other thing.. 2011?
I suppose eBay would be more prone to have stolen accts, but if you can verify the person's identity?
I would trade with someone with 1000's of feedbacks on eBay with account since 1998, rather than someone with 50 on bitcoin-otc, the second would be much more likely to be building up reputation for a massive take
Difficult to verify the owner of the eBay account is the person I'm talking to, and more prone to hacking attempts than OTC. If someone with an extensive eBay history would post an item from the account, then it would be considered acceptable "Proof of Reputation."Quote
You also need an extensive, positive business-related reputation on this forum or OTC. I don't care about your eBay rating.
Why would one place greater emphasis on OTC than on eBay? Someone can have eBay history back to '98, I'm not sure about this other thing.. 2011?
I suppose eBay would be more prone to have stolen accts, but if you can verify the person's identity?
I would trade with someone with 1000's of feedbacks on eBay with account since 1998, rather than someone with 50 on bitcoin-otc, the second would be much more likely to be building up reputation for a massive take
Ebay's feedback ratings were not very robust until 2007. Before that it was easy to build positive feedback without having any substance to back it up. Still now one could have thousands of penny auctions and still get quality feedback.
Just for curiosity's sake,
Why would one place greater emphasis on OTC than on eBay? Someone can have eBay history back to '98, I'm not sure about this other thing.. 2011?
I suppose eBay would be more prone to have stolen accts, but if you can verify the person's identity?
I would trade with someone with 1000's of feedbacks on eBay with account since 1998, rather than someone with 50 on bitcoin-otc, the second would be much more likely to be building up reputation for a massive take
Quote
You also need an extensive, positive business-related reputation on this forum or OTC. I don't care about your eBay rating.
Why would one place greater emphasis on OTC than on eBay? Someone can have eBay history back to '98, I'm not sure about this other thing.. 2011?
I suppose eBay would be more prone to have stolen accts, but if you can verify the person's identity?
I would trade with someone with 1000's of feedbacks on eBay with account since 1998, rather than someone with 50 on bitcoin-otc, the second would be much more likely to be building up reputation for a massive take
PM sent.
i am glad bitcoin forum allows people to lend BTChope this services not gone
Bank holiday today. Severe drought ended. Very rainy -- hasn't rained in a month, triple-digit heat, no good for me. But - it's rained and I'm going to take some time out with family.
Will get back with everyone before I go to sleep in ~12h.
Cheers,
Ben
Will get back with everyone before I go to sleep in ~12h.
Cheers,
Ben
Jump to: