Pages:
Author

Topic: Bitcoinica MtGox account compromised - page 25. (Read 156012 times)

member
Activity: 111
Merit: 10
July 13, 2012, 05:47:54 PM
sry to say nut... This is a scam!!!!
freaking thieves, rot in hell..
hero member
Activity: 504
Merit: 500
July 13, 2012, 05:46:32 PM
That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.

I don't belive you can brutforce lastpass on a computer that did not already have the lastpass account synced to it.
hero member
Activity: 686
Merit: 500
Wat
July 13, 2012, 05:44:01 PM
How did someone initiate a $40 000 transfer without AML warning bells going off at Mt Gox since they use this excuse if you usually try it with anything close to $10 000 or in combinations that are close to that ? One doesnt just transfer $40 000 out of Mordor.

We will open a police investigation and get this clear on the police's side. We will not however be able to share such details publicly while an investigation is in progress.


The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?
sr. member
Activity: 295
Merit: 250
July 13, 2012, 05:42:37 PM
That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.
hero member
Activity: 812
Merit: 1001
-
July 13, 2012, 05:39:16 PM
@DarkEmi @hatshepsut  and all others.
Sorry to put you up front with the hard truth, buth...
Rule #1: Don't invest money you cannot afford to lose.
I am pretty sure iam not the first one that tells you this right?
Blame the victim is never a good argument.
Will you say the same to those who will experience a loss once pirateat40 runs?
In general, yes.
BUT, with ponzi schemes this is a bit different. Coz some of the "victims" are more like co-conspirators.

I can remember you not being that sympathetic towards the victims of the MyBitcoin incident (you basically called them insane). What made you change your mind?

I still think anyone who gives lots of money to some anonymous stranger on the internet for safekeeping is insane. I do not blame them for the theft however. These are different things. And.. well... insane in Bitcoin (and on this forum) is like a wast majority of population anyway, so this might be even a compliment.

Ok, in that case I don't see how Grouver blamed the victims any more than you did back then? You both more or less pointed out that they shouldn't have put (that much) money there in the first place - which I basically agree with, but saying so now isn't really helping either.

While I didn't have anything on Bitcoinica, I feel very sorry for all those who have lost money and I hope that the real thief won't get away with it.

Your comparison is invalid. Mybitcoin was an obvious anonymous hack. Bitcoinica has created an impression of them being the most  reputable institution in the Bitcoin world, registered with NZ's financial regulation authorites, having CTO "with specialisation in information security", "never compromised", venture capital funded etc...  these are VERY different things.

Can a single person on this forum put an argument together without a dozen of logical fallacies in it?

 
vip
Activity: 608
Merit: 501
-
July 13, 2012, 05:36:12 PM
How did someone initiate a $40 000 transfer without AML warning bells going off at Mt Gox since they use this excuse if you usually try it with anything close to $10 000 or in combinations that are close to that ? One doesnt just transfer $40 000 out of Mordor.

We will open a police investigation and get this clear on the police's side. We will not however be able to share such details publicly while an investigation is in progress.
hero member
Activity: 504
Merit: 500
July 13, 2012, 05:30:00 PM
how can they know the current Gox user/pass was found out from LastPass? I guess to them it would seem obvious of the gox acct was a new pass that only the current controller of the gox acct had. But, these are still questions that all need to have answers to them in order to make better determinations.

I see that LastPass has a way to view history, which if that showed login from an unknown IP address, that would be a pretty good clue.

I just tried to view the history but the LastPass UI for the date picker is so horrible I could not use it successfully.  (Top-right is the Lastpass asterisk (starfish, ironically  Smiley ) , then click History)

aye. the other thing I'm not sure about as I have not tested it with my lastpass. Is if it will even sync the passwords to another computer without having the exported file with it..?? Have you tried it?
hero member
Activity: 686
Merit: 500
Wat
July 13, 2012, 05:29:33 PM
The thing I find so amazing is there is still no police report.
hero member
Activity: 686
Merit: 500
Wat
July 13, 2012, 05:22:27 PM
How did someone initiate a $40 000 transfer without AML warning bells going off at Mt Gox since they use this excuse if you usually try it with anything close to $10 000 or in combinations that are close to that ? One doesnt just transfer $40 000 out of Mordor.
legendary
Activity: 910
Merit: 1001
Revolutionizing Brokerage of Personal Data
July 13, 2012, 05:16:34 PM
@DarkEmi @hatshepsut  and all others.
Sorry to put you up front with the hard truth, buth...
Rule #1: Don't invest money you cannot afford to lose.
I am pretty sure iam not the first one that tells you this right?
Blame the victim is never a good argument.
Will you say the same to those who will experience a loss once pirateat40 runs?
In general, yes.
BUT, with ponzi schemes this is a bit different. Coz some of the "victims" are more like co-conspirators.

I can remember you not being that sympathetic towards the victims of the MyBitcoin incident (you basically called them insane). What made you change your mind?

I still think anyone who gives lots of money to some anonymous stranger on the internet for safekeeping is insane. I do not blame them for the theft however. These are different things. And.. well... insane in Bitcoin (and on this forum) is like a wast majority of population anyway, so this might be even a compliment.

Ok, in that case I don't see how Grouver blamed the victims any more than you did back then? You both more or less pointed out that they shouldn't have put (that much) money there in the first place - which I basically agree with, but saying so now isn't really helping either.

While I didn't have anything on Bitcoinica, I feel very sorry for all those who have lost money and I hope that the real thief won't get away with it.
hero member
Activity: 868
Merit: 1002
July 13, 2012, 05:15:49 PM
Companies like this will ruin bitcoin..

More accurate would be to say

Quote from: Vladmir
Bitcoin will ruin companies like these.

Yeah, not really.
legendary
Activity: 1106
Merit: 1004
July 13, 2012, 05:15:40 PM
Blame the victim is never a good argument.

That's what this whole thread is about, blaming the victim. Assuming OP is true, then Bitcoinica is the victim of a theft. Everybody here is blaming Bitcoinica, not the thief.

If I'm holding $100 that is yours and I get robbed, I'm the victim if I pay you back your $100 out of my own money. But if I say to you, "sorry buddy, your $100 is gone, I got robbed", then *you* are the victim.

Fair enough.
But not being the victim doesn't make you the criminal either...
legendary
Activity: 2506
Merit: 1010
July 13, 2012, 05:13:23 PM
how can they know the current Gox user/pass was found out from LastPass? I guess to them it would seem obvious of the gox acct was a new pass that only the current controller of the gox acct had. But, these are still questions that all need to have answers to them in order to make better determinations.

I see that LastPass has a way to view history, which if that showed login from an unknown IP address, that would be a pretty good clue.

I just tried to view the history but the LastPass UI for the date picker is so horrible I could not use it successfully.  (Top-right is the Lastpass asterisk (starfish, ironically  Smiley ) , then click History)
hero member
Activity: 812
Merit: 1001
-
July 13, 2012, 05:11:41 PM
Companies like this will ruin bitcoin..

More accurate would be to say

Quote from: Vladmir
Bitcoin will ruin companies like these.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 13, 2012, 05:06:08 PM
Blame the victim is never a good argument.

That's what this whole thread is about, blaming the victim. Assuming OP is true, then Bitcoinica is the victim of a theft. Everybody here is blaming Bitcoinica, not the thief.

If I'm holding $100 that is yours and I get robbed, I'm the victim if I pay you back your $100 out of my own money. But if I say to you, "sorry buddy, your $100 is gone, I got robbed", then *you* are the victim.

Unless Bitcoinica repays depositors from their own funds, Bitcoinca is not the victim of the theft. The depositors are. It was their money that was stolen, not Bitcoinica's.

The victim is whoever ultimately suffers the loss.


Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
July 13, 2012, 05:02:53 PM
MtGox support reminds me a lot of eGold support... they knew when the scams were going on, but they would never tell you cause they were in on them.
legendary
Activity: 1106
Merit: 1004
July 13, 2012, 04:55:42 PM
Blame the victim is never a good argument.

That's what this whole thread is about, blaming the victim. Assuming OP is true, then Bitcoinica is the victim of a theft. Everybody here is blaming Bitcoinica, not the thief.

If this is really a theft, and the thief wired money to accounts of his own, I really hope all this AML crap is for once put to good use and this asshole is caught, and forced to return everything he's stolen.
If it's not a theft*, then MtGox at least would know. I hope in this case they break the silence, otherwise they would be accomplices.

*EDIT: If it's not a theft done by a third party. Either way the costumers' money was stolen.

I disagree. The victims here are the people, Bitcoinica's depositors, who have their money "evaporated". Bitcoinica it appears at least complicit due to gross negligence if not worse, as some allege.

Criminal negligence (unintended crime) normally applies when your negligent action directly caused the crime. Like, if instead of paying attention to the road while driving you prefer to look to the tiny skirts of some lady passing by and you end up hitting someone, that's criminal negligence. If you are watching some woman's purse on an outside restaurant, and a thief grabs it and run away, you're not the criminal, the thief is. At least that's how I see it. It's not a crime to be stupid/naive or not to know good security practices. It's a crime to steal.

Anyways, I don't feel like defending Bitcoinica either. This was way too much fail.
I just hope the actual criminal is caught. If he withdrew USD, he did leave a clearer trail.
sd
hero member
Activity: 730
Merit: 500
July 13, 2012, 04:52:52 PM



This a thousand times. This last 'hack', if it happened at all, was the remnants of bitcoinica giving money away.

No-one could be so stupid as to get publicly hacked and not change all their passwords afterwards. It's just unbelievable anyone could be that dumb and still manage to dress themselves in the morning.


This reeks of misdirection to avoid or delay paying back the victims. Time to stop listening to excuses and look up a good lawyer in Singapore. If Zhou Tong can pass the buck at least he will have to tell you who the buck is passed to.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
July 13, 2012, 04:45:32 PM
Blame the victim is never a good argument.

That's what this whole thread is about, blaming the victim. Assuming OP is true, then Bitcoinica is the victim of a theft. Everybody here is blaming Bitcoinica, not the thief.

If this is really a theft, and the thief wired money to accounts of his own, I really hope all this AML crap is for once put to good use and this asshole is caught, and forced to return everything he's stolen.
If it's not a theft*, then MtGox at least would know. I hope in this case they break the silence, otherwise they would be accomplices.

*EDIT: If it's not a theft done by a third party. Either way the costumers' money was stolen.

I disagree. The victims here are the people, Bitcoinica's depositors, who have their money "evaporated". Bitcoinica it appears at least complicit due to gross negligence if not worse, as some allege.


Surely this ain't the guy responsible for both hacks: http://www.youtube.com/watch?v=pb3n0g2NenI (watch all the way through to get full impact and enjoyment)

~Cackling Bear~ (quick comic relief)
hero member
Activity: 504
Merit: 500
July 13, 2012, 04:42:30 PM
What makes this very different then the other hacks, is that what was stolen as USD.


aye, the fiat stolen changes things a lot...


I still think anyone who gives lots of money to some anonymous stranger on the internet for safekeeping is insane. I do not blame them for the theft however. These are different things.


me too..  Oh, btw, keep an eye out for my new venture.  Tongue
Pages:
Jump to: