Pages:
Author

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 18. (Read 224563 times)

aq
full member
Activity: 238
Merit: 100
If you get the consent to publish both in full please do. Realise that "cherry picking" though through a partial log might not be a smart long term strategy.

I have browsed through both. I have not responded you in the group. It's just a few consecutive complaints of you about my wrong-doing.

I received some advise from other people too, but the "advise" is irrelevant here.

We'll never have permission to post the group chat most likely. And you don't give me the permission to post the private chat. The private chat starts with a greeting and was never continued after the day. It's not partial log.

So the only person can shed some light on this all and is not bound by some NDA and has/had access to all the information is the very hacker. IIRC he has/had access to Patrick computer or at least his emails. Maybe we can convince him to publish Patricks email database. I am pretty sure he copied all of them, hackers usually do this.

BTW, am I the only one that feels a little strange that apparently Patrick does the claim thing alone? The very person that shared this computer with the hacker. Now I should send him all of private data?
hero member
Activity: 686
Merit: 500
Shame on everything; regret nothing.
I know everyone could be happier if I post the evaluation result of this Ruby statement here everyday:

["We are working on the claim process.", "You'll get paid very soon!", "Our team is working 24/7 to deliver our promise.", "We are working extremely hard.", "I'm very happy that the whole team is working together.", "You have been trusted Bitcoinica for over half a year, and we won't disappoint you this time."][(rand()*6).to_i]

But it's just not how PR works (in my opinion).


WOW, he even delivers on the previous request for quality comedy in this thread...

Zhou, you are indeed one stand-up dude!  (pun intended)
hero member
Activity: 812
Merit: 1001
-
LOL, Zhou is running a pro PR campain here (and winning this little PR war). Bravo! Something to learn for many parties involved.



Helps when you have truth, goodwill and honesty on your side:)

Indeed! If he does not have non-competition agreement. Zhou could should develop a new Bitcoinica in the next 4 days and many people would transfer deposits from old Bitcoinica to new one at the first opportunity.
hero member
Activity: 686
Merit: 500
Shame on everything; regret nothing.
LOL, Zhou is running a pro PR campain here (and winning this little PR war). Bravo! Something to learn for many parties involved.



Agreed.  Zhou Tong -- a person I hope to get to know better.
vip
Activity: 490
Merit: 502
I think security is hard and this happens to the best of us. A place that needs to be secured a security firm is, by its very nature, likely to be a target, and hence one is likely to find this kind of irony all over the place.

I also think phantomcircuit (EDIT: Patrick Strateman) really does know his stuff.

It's just the above content-less manager-speak from the consultancy that got to me.

Yep, security experts are being compromised all the time. They are on forefront so they get hit more often. The fact of compromise is not that important as how they prepare for it, assess the risks and mitigate them on ongoing basis.

I dread the moment any of my servers get compromised some day, for the first time.


I agree with you. I only have some experience in web security and that's why Bitcoinica didn't even take Bitcoins initially. (Remember the original FAQ sentence "There are no deliveries of Bitcoins"?) The entire security system was outsourced to Heroku and Mt. Gox at that time (and they did an extremely well job!).

We stopped doing that after some customers suggesting us not to over-rely on Mt. Gox, and we accepted the suggestions. And everything took off: internal matching, starfish, snowballs, interest system, and the hacks. The troubles started when we stopped being small and lean. I definitely bear some responsibility for the bad decisions.

Not a single cent from Mt. Gox account was stolen.
hero member
Activity: 812
Merit: 1001
-
LOL, Zhou is running a pro PR campain here (and winning this little PR war hands down). Bravo! Something to learn for many parties involved.

hero member
Activity: 812
Merit: 1001
-
I think security is hard and this happens to the best of us. A place that needs to be secured a security firm is, by its very nature, likely to be a target, and hence one is likely to find this kind of irony all over the place.

I also think phantomcircuit (EDIT: Patrick Strateman) really does know his stuff.

It's just the above content-less manager-speak from the consultancy that got to me.

Yep, security experts are being compromised all the time. They are on forefront so they get hit more often. The fact of compromise is not that important as how they prepare for it, assess the risks and mitigate them on ongoing basis.

I dread the moment any of my servers get compromised some day, for the first time.
vip
Activity: 490
Merit: 502
And instead of tending to the matters at hand that are truly important, I see childish bickering among partners(?!) in the forums

While the account is speaking for the group as a whole, it is the other two members which after many days of unrest thought it was best to break this silence. Patrick is working on the claims and right now we have to wait on Patrick before we can continue.

We agree that the statements we have had to release are not the ones we would have liked to, it was the only option at our disposal. It has come after over a week of silence where we were trying to resolve the misinformation issues in a more appropriate manner.

Yes, we are essentially the same. We have nothing to do here.

You don't know the technical stuff, and I can't touch the technical stuff. We are both disallowed to talk too much. And we are all waiting for the same things to happen.
vip
Activity: 490
Merit: 502
If you get the consent to publish both in full please do. Realise that "cherry picking" though through a partial log might not be a smart long term strategy.

I have browsed through both. I have not responded you in the group. It's just a few consecutive complaints of you about my wrong-doing.

I received some advise from other people too, but the "advise" is irrelevant here.

We'll never have permission to post the group chat most likely. And you don't give me the permission to post the private chat. The private chat starts with a greeting and was never continued after the day. It's not partial log.
vip
Activity: 490
Merit: 502
I have already apologised about the violation with a Skype message promise. And I confirm that all I stated was pure fact. (You are welcome to take legal actions against me if anything in the apology post in untrue.)  Sincerity is rather a subjective concern. I think I'm sincere.

If total transparency is ever granted, people will be able to answer all their questions and they will know that this is a complete lie. I urge people to wait until they have all the information. While it may appear as though Zhou is being more forthcoming please do not mistake it for honesty.

They only have one question: "When will I get my money back?"

The other questions are really not important.

You can blame me however you want on the troubles I have caused (and I did apologize for denying full responsibility), but I'm not in the dispute resolution team.

I'm here because I have nothing to do, I don't even know how many claims we have currently (I have to chat with Patrick to get some information). Am I associated with Bitcoinica at all? Well I don't know. Can I resign? No, because that will imply that you're unreasonable and such implication can damage your reputation, even though I have no such feeling.

I'm taking all the responsibility here. If customers are not getting their money back I'm the one being hurt, because a lot of people trusted me with their funds and they assumed that I have major controlling power over Bitcoinica.

I have honestly posted everything according to all the information I have. If there are more changes on the Bitcoinica's ownership structure beyond my information, and you identify the misinformation as "lie", please go ahead.

Here's the a list of statements that are currently verifiable without violating any NDAs:

1. I assume I don't have any control over Bitcoinica, at least over the dispute resolution process.
2. Some customers are blaming me for the problem (especially in first 20 pages of this thread).
3. I apologised and gave a self-criticism publicly (about my incompetency in security system).
4. Bitcoinica Consultancy is not paying for the losses directly.
5. Bitcoinica Consultancy's compromised system (which was already in production before Bitcoinica's transition period) is the direct cause (i.e. if the transition didn't start the problem wouldn't have happened, and the transition didn't cause the initial compromise on the email server).
6. Customers have waited 7 days for a claim form (please don't bring up the 3rd party form issue, I suggested that only because you are taking too much time. I could have done it must faster with same security features).
7. I was prohibited from expressing anything that may damage Bitcoinica Consultancy's reputation (this is from your long post recently [1]).
8. I have not officially resigned from Bitcoinica, and my current position is unknown.
9. I have not signed any NDA with any one in 2012.
10. I do not have access to the funds and the claims form.
11. I have suggested several ideas to speed up the claim process in Skype group chat, and Patrick has selectively adopted some. (Not really valuable ones I admit.)
12. I assume that I obtained the permission from the person who may grant you the transparency (I'm not sure) to post the apology.
13. I have been asked to co-author an apology in my name. (And my own one doesn't sound sincere enough. [2])
14. I'm neither an insider who has access to information, nor an outsider who is not liable for communicating information (which should be treated as pure speculation).
15. I have not been paid by Bitcoinica for any work since 1 April 2012 and I have voluntarily given up the payment.

I kindly ask whoever working on the dispute resolution to work more efficiently. My original intent was to deny the responsibility considering the customers are blaming me, who has no control over the dispute resolution for the unresponsiveness of the team. My words have damaged Bitcoinica Consultancy's reputation because I should take part of the responsibility.

Everything here is in no way criticism. I'm willing to take responsibility on anything that I'm involved.

But honestly, customers are not satisfied. That's the worst reputation damage you want to have. Again, I have nothing to do here. I know everyone could be happier if I post the evaluation result of this Ruby statement here everyday:

["We are working on the claim process.", "You'll get paid very soon!", "Our team is working 24/7 to deliver our promise.", "We are working extremely hard.", "I'm very happy that the whole team is working together.", "You have been trusted Bitcoinica for over half a year, and we won't disappoint you this time."][(rand()*6).to_i]

But it's just not how PR works (in my opinion).

I might be immature (I have no age privilege to disprove this). I might just suck at PR. I might be the 17-year-old kid causing endless troubles for you. I'm truly sorry.

My final suggestions:

- Return the money as soon as you can.
- Tell the truth.


[1]:
Quote
After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.


[2]:
Quote
He posted an insincere and politically worded apology.
newbie
Activity: 14
Merit: 0
And instead of tending to the matters at hand that are truly important, I see childish bickering among partners(?!) in the forums

While the account is speaking for the group as a whole, it is the other two members which after many days of unrest thought it was best to break this silence. Patrick is working on the claims and right now we have to wait on Patrick before we can continue.

We agree that the statements we have had to release are not the ones we would have liked to, it was the only option at our disposal. It has come after over a week of silence where we were trying to resolve the misinformation issues in a more appropriate manner.
hero member
Activity: 532
Merit: 500
And instead of tending to the matters at hand that are truly important, I see childish bickering among partners(?!) in the forums

Seriously, how professional can you get?

This is the same type of behaviour I saw in the logs of the 511BTC affair at intersango. Same tone, same voice. Same immature way of dealing with personal mistakes. When are you going to grow up, and stop with the idle attempts at intimidation? It doesn't become you, Patrick.

It's truly disappointing that you continue to engage each other in the forum instead of working on the claims process.


newbie
Activity: 14
Merit: 0
If you get the consent to publish both in full please do. Realise that "cherry picking" though through a partial log might not be a smart long term strategy.

please state a date when you plan to close the claim process and start to refund people.
i just want to know when i can expect to get my money back.

a simple "there where claims made just yesterday" is not enough. you can not proove that.

we already waited much too long for OUR money.

btw: if you are so sure that we all will get our money back: why dont you just buy my 100btc debt for 80btc?

We will try to stop the drama. It is secondary or tertiary to the claims process. As stated in the earlier post we can't give a definite date now. We will be providing information as we can with regards to the claims process and all else.


btw: if you are so sure that we all will get our money back: why dont you just buy my 100btc debt for 80btc?

This would potentially be illegal and certainly unethical.
legendary
Activity: 1428
Merit: 1000
If you get the consent to publish both in full please do. Realise that "cherry picking" though through a partial log might not be a smart long term strategy.

please state a date when you plan to close the claim process and start to refund people.
i just want to know when i can expect to get my money back.

a simple "there where claims made just yesterday" is not enough. you can not proove that.

we already waited much too long for OUR money.

btw: if you are so sure that we all will get our money back: why dont you just buy my 100btc debt for 80btc?
hero member
Activity: 686
Merit: 500
Wat
The owner of Bitcoinica is clearly Bernie Maddoff.
newbie
Activity: 14
Merit: 0
then post it already... he gave you permission...

He is a smart guy. He knows I wouldn't need his permission at all to post it. We do however need the permission of another person/other people. He knows this.
newbie
Activity: 14
Merit: 0
If you get the consent to publish both in full please do. Realise that "cherry picking" though through a partial log might not be a smart long term strategy.
newbie
Activity: 14
Merit: 0

I don't think there's any problem with the group conversation.

You only pointed out the problem to me privately, and the verbal promise is not in the group conversation later. i.e. If the private conversation didn't happen, I have done absolutely nothing wrong.

 Huh

The group conversation would establish essentially the entire history of what happened and would conflict with some of your forum posts.

The whole private conversation was founded on your gross misrepresentations and inaccurate statements.
donator
Activity: 29
Merit: 252



intersango and zhou should not be the target here...  
Correct. Intersango is just doing whatever the owner tells them to or NOT to. They are pawns.

The mysterious owner should be in focus here, ...not Intersango, not zhoutong.

+1
hero member
Activity: 686
Merit: 500
Shame on everything; regret nothing.

These statements are not directed to Bitcoinica Consultancy. They are directed to facts. I officially grant Donald Norman the right to disclose any private communication on Skype between Donald and me in recent 14 days.

Unfortunately, disclosing the skype conversations of our group would would largely be in violation of our NDA. You know this though. We would also like to give much greater detail as to the nature of the incident but are not able to due to our inability to disclose information.

I don't think there's any problem with the group conversation.

You only pointed out the problem to me privately, and the verbal promise is not in the group conversation later. i.e. If the private conversation didn't happen, I have done absolutely nothing wrong.

BOOM!

Bitcoinica took a lot of my money, and arguably all of it was due to my own gambling.  But I always believed in Zhou.  I know you'll do the right thing, buddy.
Pages:
Jump to: