Pages:
Author

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 20. (Read 224562 times)

vip
Activity: 490
Merit: 502
Let me start off by saying the information in this post is gathered from already public statements, separate knowledge or, in individual cases has been preapproved. We have been disgusted by the fact that we cannot speak liberally. Once the reclaims process is finished, if we are not allowed to speak publicly we will stop all activity with bitcoinica.

Right now, we believe the best thing for all parties involved is that we continue with the reclaims process. We have investigated many of the claims but have many left. There were still claims being filed as of at least yesterday. Our intention is to have a secure platform where users can claim their accounts and everyone will be able to claims their accounts once the claims process is finished. We cannot offer a concrete timeline for exactly when this will happen but we are working as fast as possible. Please be patient. We are truly sorry for the grave inconveniences.



As for recent incidents:

We first got involved with Bitcoinica after we discovered a security vulnerability where we could liberally withdraw and empty bitcoinica's live wallet. It became apparent to us that the site was a poorly constructed security nightmare. We started talks with bitcoinica in the hopes that they would see us as being an indispensable asset to help secure their site. The site currently is far more secure then previously.

While Zhou has made a lot of public statements, I assume his doing so has violated agreement(s) which he may have. He has stated publicly that he does have some non-disclosure agreement. Many of his posts were either untrue or certainly misleading. Many of these posts were directed at us. After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.

He posted an insincere and politically worded apology.

Within the apology he made it sound as though we were trying to stop him from posting. As if he had not respected some secrecy that we wished to maintain. This of course is entirely misleading. He also posted the link to the reclaims page before it was finished and without our consent. He also continued to make very important decisions without our consent which has effected our ability to recover. In fact, even as of the 17th, we were often still in the dark and learning things through Zhou's posts on the forums. We may decide later to take action against Zhou as he has offered no public recompense. He was the owner of bitcoinica, sold bitcoinica keeping earlier profits and it seems he was paid and that he was responsible for its security until at least very recently. We even hope to release our private conversations with him if there is deemed to be no liability for us doing so. These issues should never have been made public and we took many measures speaking with him many times so that it would not get to this level. Right now though this needs to be put on the back-burner. It is immaterial until the claims process if resolved.

As for the current owners of Bitcoinica, they have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved. I am not sure they knew how insecure the site was when they first bought it. We applaud their generosity. The inability to disclose pertinent information however we vehemently disagree with. We believe this information is critical to restoring the trust a business like bitcoinica requires.

The only agreement I have signed is in last year, with a non-disclosure clause.

I have already apologised about the violation with a Skype message promise. And I confirm that all I stated was pure fact. (You are welcome to take legal actions against me if anything in the apology post in untrue.)  Sincerity is rather a subjective concern. I think I'm sincere.

In the past few days, I have been quite supportive about the account claim issue. I have communicated some ideas with Patrick.

I admit that the security features of the site are not up to standard. But the compromised system belongs to Bitcoinica Consultancy, and I have neither knowledge nor control. Being a target is the worst thing to have in the security world, and no system is 100% secure. The uncompromised systems are simply not the targets. Bitcoinica was not the initial target of the hacker.

These statements are not directed to Bitcoinica Consultancy. They are directed to facts. I officially grant Donald Norman the right to disclose any private communication on Skype between Donald and me in recent 14 days.
legendary
Activity: 1428
Merit: 1000

I can understand that you are disappointed at zhou for revealing that it was your own server that got compromised. It can understandably be a bit embarrassing - a firm brought in for security itself leads to a compromise.

Sorry if I am having trouble understanding.


All good points. Not only Intersango was brought as consultant and failed miserably, but Patrick Strateman's (the Intersango "Security extraordinaire") email account was the single point of failure for this hack, which was accessed by his inability to secure his OWN mail server.

You gotta love his little bio at intersango:

"Patrick Strateman as CTO with a speciality in security, has led the way building up Intersango over the course of 3 months. "

LOLLLL ... to think some people in this thread was trying to argue with me when I suggested to pull funds out of Intersango fast.

personally i do like irony very much Wink
but i couldnt care less why they lost their money... its just their legal obligation to return it.

btw my offer "give me 80btc and get 100btc when bitconica pays" is still open
full member
Activity: 182
Merit: 100

I can understand that you are disappointed at zhou for revealing that it was your own server that got compromised. It can understandably be a bit embarrassing - a firm brought in for security itself leads to a compromise.

Sorry if I am having trouble understanding.


All good points. Not only Intersango was brought as consultant and failed miserably, but Patrick Strateman's (the Intersango "Security extraordinaire") email account was the single point of failure for this hack, which was accessed by his inability to secure his OWN mail server.

You gotta love his little bio at intersango:

"Patrick Strateman as CTO with a speciality in security, has led the way building up Intersango over the course of 3 months. "

LOLLLL ... to think some people in this thread was trying to argue with me when I suggested to pull funds out of Intersango fast.
donator
Activity: 29
Merit: 252
Doesn't your statement:

> Within the apology he made it sound as though we were trying to stop him from posting.

directly contradict this one:

> After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.


You are mad at zhou for taking emergency steps to save things (that apparently stemmed from your server) and for making an emergency announcement while you were asleep? And mad at him for making it sound as though you didn't want to post certain news? And, also mad at him for posting things (the truth, or was it a lie?) that were embarrassing?


You also keep claiming, in 2 posts now, that he posted misleading information. I didn't see anything misleading you identified. The only thing he did wrong that you identified is: (1) He posted without your consent. (2) He incorrectly seemed to imply that you didn't want to post.

Do you notice how (2) contradicts (1)? What am I missing here?

I can understand that you are disappointed at zhou for revealing that it was your own server that got compromised. It can understandably be a bit embarrassing - a firm brought in for security itself leads to a compromise.

Sorry if I am having trouble understanding.


    


legendary
Activity: 1162
Merit: 1000
DiabloMiner author
Because it seems very unlikely now that anyone is going to get their money back, I am still offering mining bond swaps for popular bonds on GLBSE in exchange for DMC shares.

https://bitcointalksearch.org/topic/diablo-mining-company-77469

~2/3rds of a BTC in bonds for 1 BTC of DMC.
legendary
Activity: 1050
Merit: 1000
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

Agreed, we would like to answer every important question and provide tons of information but we do not have that liberty. After the claims process however we will if we are not allowed to speak publicly we will stop all activity with bitcoinica. We believe this information is critical not only to restoring the trust a business like bitcoinica requires but answering many of the questions people have. In fact they go hand in hand.

So, basically, wait.  That's fine by me.  I know lots of posters are super uppity right now, and I'm not suggesting they have no reason to be, but, seriously guys, if you put a significant amount of money into this and/or, worse, money you needed or didn't even have to begin with, then your situation is every bit as much the result of your own poor judgment as it is Zhou's or these other guys' fault.  There's really nothing that can be done right now.  Just wait and see what happens.  Sorry.



As for me, in the meantime I'm going to buy back some of the coins I'm hoping aren't lost through this but very well might be, and I'm also moving significant portions of my bitcoin wealth into brainwallets.  My bitcoin initial investments are paid off.  I'm spending less time watching the charts because I'm willing to ride this thing out to whatever the end will be.  Work is busy.  The weather is nice.  So, go to zero.  That'll be a bummer.  Or stay the same.  Or go to the moon.  I'm prepared for whatever now.

yes, it seem the claims process is on hold for now
BCB
vip
Activity: 1078
Merit: 1002
BCJ
or it's the cracker
No need to bring race into it...

-- Smoov


LOLLLL I was just going to say "I am a cracker, but not THE cracker!".

As for me being Zhou, a cursory examination of his writing style and mine will pretty much clear that issue.



"Cursory"  - good choice.
full member
Activity: 182
Merit: 100
or it's the cracker
No need to bring race into it...

-- Smoov


LOLLLL I was just going to say "I am a cracker, but not THE cracker!".

As for me being Zhou, a cursory examination of his writing style and mine will pretty much clear that issue.

legendary
Activity: 2198
Merit: 1311
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

Agreed, we would like to answer every important question and provide tons of information but we do not have that liberty. After the claims process however we will if we are not allowed to speak publicly we will stop all activity with bitcoinica. We believe this information is critical not only to restoring the trust a business like bitcoinica requires but answering many of the questions people have. In fact they go hand in hand.

So, basically, wait.  That's fine by me.  I know lots of posters are super uppity right now, and I'm not suggesting they have no reason to be, but, seriously guys, if you put a significant amount of money into this and/or, worse, money you needed or didn't even have to begin with, then your situation is every bit as much the result of your own poor judgment as it is Zhou's or these other guys' fault.  There's really nothing that can be done right now.  Just wait and see what happens.  Sorry.



As for me, in the meantime I'm going to buy back some of the coins I'm hoping aren't lost through this but very well might be, and I'm also moving significant portions of my bitcoin wealth into brainwallets.  My bitcoin initial investments are paid off.  I'm spending less time watching the charts because I'm willing to ride this thing out to whatever the end will be.  Work is busy.  The weather is nice.  So, go to zero.  That'll be a bummer.  Or stay the same.  Or go to the moon.  I'm prepared for whatever now.
hero member
Activity: 504
Merit: 500
Scattering my bits around the net since 1980
or it's the cracker
No need to bring race into it...

-- Smoov
legendary
Activity: 1050
Merit: 1000
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

Well that is interesting, because according to NZ law, the general partner (Intersango) and NOT the limited partner (the investor) has the right to decide for the company. That is why the guy putting the money is the limited partner.

And you - shad0wbitz -  have to be Zhou using another nic.  Someone see if his and Zhou's (and Bitconica' Conslutancy's??) ip's are coming from multiple aws instances.

or it's the cracker
BCB
vip
Activity: 1078
Merit: 1002
BCJ
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

Well that is interesting, because according to NZ law, the general partner (Intersango) and NOT the limited partner (the investor) has the right to decide for the company. That is why the guy putting the money is the limited partner.

And you - shad0wbitz -  have to be Zhou using another nic.  Someone see if his and Zhou's (and Bitconica' Conslutancy's??) ip's are coming from multiple aws instances.
hero member
Activity: 504
Merit: 500
Scattering my bits around the net since 1980
Kinda funny how, it seems so far, that the only one who is putting out concrete information so far, is the hacker...

just sayin'...

-- Smoov
hero member
Activity: 1138
Merit: 523
Quote
So let me get this straight.  You pen test a 17 year old competitors' faulty site, fine vulnerabilities and use that knowledge to muscle your way into his business.  Then it blows up in your face and you spend 13 days crafting a carefully worded "statement" which basically establishes that you are now essentially in a pissing match with this kid.  How old are you 14?  This whole think stinks.  There are 18K BTC missing and a lot of user funds tied up with this and this is how you respond.  What a fucking disaster.  No wonder bitcoin can't establish any credibility.  Your lack of clarity and inability to take any responsibility for this situation only  serves to demolish any credibility you guys may have had in this community.



And apparently incapable of reading or going 2+2=?

legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
So basically what I said on my previous post of "be prepared for the blame-game" has now become a reality. Zhou shits on Bitcoin Consultancy. Bitcoin consultancy shits on Zhou AND the secret investor by vehemntly disagreeing with their silence ... an all out war basically between all parties involved.

Still some very important questions remain unanswered:

- Why was bitcoinconsultancy.com taken offline?
- Why is the sock puppet used on this forum named "Bitcoinica consultancy" and not "Bitcoin consultancy"?

Also, could you please confirm if you (intersango / bitcoin consultancy) are IN FACT the GENERAL PARTNER for Bitcoinica LP, or is Zhou lying on this post:

https://bitcointalksearch.org/topic/m.906647

Quote
Undoubtedly, I felt upset about some confusing commenters. I objectively disagreed with Intersango guys' ways of doing things and I think if Bitcoinica is still under my control, some of our customers' immediate issues can be addressed in a more timely manner.

However, I want to express my sincere apology to the General Partners of Bitcoinica LP, because I should not have criticized them when I should bear part of the responsibility by not doing my best in securing the system. The direct cause of the issue is not important, we shouldn't argue about "if someone didn't do X this thing wouldn't have happened", instead, we should say more about "if I did X this thing could be prevented". In this case, I can express these statements...

.....

I am also extremely grateful for the Limited Partner (an investment group) of Bitcoinica LP for exceeding their legal obligation to bear the full cost of both recent attacks. Without their active support, Bitcoinica couldn't have survived until today to serve our customers well.


Zhou seems to suggest that the mystery investor is the limited partner, while Bitcoin Consultancy is the general partner. Care to clarify?

Finally, Zhou claims he has not have had any access to the site, and has not even been officially recognized as a PR person for Bitcoinica for "quite some time now". You on the other hand, claim to have almost no control at all over Bitcoinica, and that have learned about a lot of what has transpired through Forum posts.

I hope you can see this sounds extremely psychotic, and it is incredibly confusing for Bitcoinica customers.


Your (this) post did come to mind and was going to quote it in my last post, but already saw you we here and did it.

~Bruno~
BCB
vip
Activity: 1078
Merit: 1002
BCJ
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

Agreed, we would like to answer every important question and provide tons of information but we do not have that liberty. After the claims process however we will if we are not allowed to speak publicly we will stop all activity with bitcoinica. We believe this information is critical not only to restoring the trust a business like bitcoinica requires but answering many of the questions people have. In fact they go hand in hand.


Then post official updates on the bitcoinica website and stop half responding to the speculation that has been generated in this shit storm of a thread.
Crisis Management 101. Look it up.

http://en.wikipedia.org/wiki/Crisis_management
hero member
Activity: 574
Merit: 500
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

But they can still play the blame game with Zhou? LOL
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
So let me get this straight.  You pen test a 17 year old competitors' faulty site, fine vulnerabilities and use that knowledge to muscle your way into his business.  Then it blows up in your face and you spend 13 days crafting a carefully worded "statement" which basically establishes that you are now essentially in a pissing match with this kid.  How old are you 14?  This whole think stinks.  There are 18K BTC missing and a lot of user funds tied up with this and this is how you respond.  What a fucking disaster.  No wonder bitcoin can't establish any credibility.  Your lack of clarity and inability to take any responsibility for this situation only  serves to demolish any credibility you guys may have had in this community.

I had a hard time reading the beginning of the statement due to its faulty grammar. And to think it was stated that said statement would be well crafted (paraphrased). With all due respect to the 3/4 seasoned users on this forum that seem to be involved in this quagmire, this episode does not bode well for Bitcoin.

~Bruno~
newbie
Activity: 14
Merit: 0
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

Agreed, we would like to answer every important question and provide tons of information but we do not have that liberty. After the claims process however we will if we are not allowed to speak publicly we will stop all activity with bitcoinica. We believe this information is critical not only to restoring the trust a business like bitcoinica requires but answering many of the questions people have. In fact they go hand in hand.
full member
Activity: 182
Merit: 100
I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.

Well that is interesting, because according to NZ law, the general partner (Intersango) and NOT the limited partner (the investor) has the right to decide for the company. That is why the guy putting the money is the limited partner.
Pages:
Jump to: