Author

Topic: Extortion attempts (Read 2322 times)

legendary
Activity: 1008
Merit: 1001
Out of crypto entirely and don't miss it
September 24, 2014, 01:47:00 PM
#21
I've added lickyb.it to the site for users to review.

http://bitcoinuserreview.com/casino-sites/luckyb-it-user-reviews/

I've also linked this forum thread to the review.

That's kind of you. Please adjust the link to the main Lucky Bit thread rather than this one:

https://bitcointalksearch.org/topic/luckybit-2m-bets-100000-btc-wagered-757624
newbie
Activity: 9
Merit: 0
September 24, 2014, 11:42:56 AM
#20
I've added lickyb.it to the site for users to review.

http://bitcoinuserreview.com/casino-sites/luckyb-it-user-reviews/

I've also linked this forum thread to the review.

hero member
Activity: 706
Merit: 519
Official LuckyBit Support
June 27, 2014, 06:45:43 AM
#19
Hahahaha, that is amazing. However, it could be that he is testing the LuckyBit security. I highly doubt it, but you never know, right?

Well, we're fully on-chain, which means that we do not hold any customer funds.
By playing, he tested nothing more than the security of Bitcoin...  Grin
full member
Activity: 214
Merit: 100
BTC Enthusiast - LuckyBit moderator
June 26, 2014, 01:49:03 PM
#18
Sad little kids trying to extort LB...
full member
Activity: 196
Merit: 100
June 26, 2014, 09:42:56 AM
#17
Do you all think the guy is a just really stupid, drunk, desperate or a combination of all ?
Maybe he is out of meds. Someone needs to write a "Dummies guide to scamming". Give him a free copy, he obviously can't afford to pay.
copper member
Activity: 3948
Merit: 2201
Verified awesomeness ✔
June 26, 2014, 08:29:13 AM
#16
Hahahaha, that is amazing. However, it could be that he is testing the LuckyBit security. I highly doubt it, but you never know, right?
legendary
Activity: 1008
Merit: 1001
Out of crypto entirely and don't miss it
sr. member
Activity: 448
Merit: 254
June 26, 2014, 06:06:59 AM
#14
I wish you luck dealing with this scammer.  I highly recommend reporting the script kiddie to law enforcement considering he was dumb enough to leave a trail.  Once they are done with him he gets to explain his actions to mummy and daddy.

A little trick i have used in the past is invest in a cheap OVH server and then run a VPN tunnel between the two servers with the sensitive stuff only on the second server.  OVH has the VAC system which defends you from a serious DDoS with ease and you dont need to spend megabucks to do it.  Security wise its also much easier to penetrate the edge server rather than the main server.  Especially if you dont know where to find the main server.
legendary
Activity: 1246
Merit: 1029
June 26, 2014, 04:32:54 AM
#13
Dear LB Support, I request you to support him by teaching some programming and hacking instead of sending him BTC to his wallet.  Wink Wink Wink Wink Wink Wink LOL.. He's a kiddo. Tried to send a dangerous message and got fucked up by adults.
hero member
Activity: 994
Merit: 1000
June 26, 2014, 04:29:44 AM
#12
Wow the nerve on some people. At least he was kind enough to give you enough info to report him to the police.
copper member
Activity: 3948
Merit: 2201
Verified awesomeness ✔
June 26, 2014, 04:25:00 AM
#11
Oh god, this is comedy gold. The first email sounds semi-professional, but the second one is definitely a little kid raging, because he got exposed. I wouldn't worry too much if I were you.
hero member
Activity: 706
Merit: 519
Official LuckyBit Support
June 26, 2014, 04:14:45 AM
#10
Continuing in the line of full disclosure:

Quote from: [email protected]
I saw you declined our offer in your public chat. We were very discrete about you checking your email, never sharing anything in chat from our side, but by publishing one of our stolen clients information we have, you have waged more than a public exploitation exposure. I hope you enjoy the "discrete" analysis of your petty servers over the weeks and months to come. I will make sure to share with my team your response in email and in your websites chat during our meeting.

     I surely hope you enjoy declining our offer to help you. As a personal note responding to your email, our small request isn't anything compared to whats to come.

and here:

Quote from: [email protected]
I was just notified by my friend that you stuck your fucking nose up in the air at the BTC community.
Do you know by running a random so called site that the visitors win? Ha I agree they don't.
I had to read the email because I didnt understand it at first, but you did really shit in my eggs an omlets.
Do you know how much money we have to buy and target DDoS and more to your site? What was the bounty like 1 bitcoin?
And we wanted to help, then you expose someone for extortion?
You might as well go back to digging ditches, we don't deal with Bitcoin scammers like you, especially when we were trying to help.
Smile  and enjoy.
hero member
Activity: 706
Merit: 519
Official LuckyBit Support
June 26, 2014, 04:11:58 AM
#9
In any case, you should make sure that your servers don't have direct access to considerable bitcoin amounts (keep the majority of your funds in cold storage) so that when an exploit actually happens, the losses are small.
Of course, now that an intent to attack has been published, it should be obvious that all services that are not directly necessary should be stopped or protected from outside access, and that continuous intrusion detection should be run on the servers/network.
Good luck, and hopefully you can still get some sleep...

Onkel Paul

Thank you. We're preparing. Smiley And of course, we have little money in the hotwallet.
legendary
Activity: 1039
Merit: 1005
June 26, 2014, 03:48:56 AM
#8
In any case, you should make sure that your servers don't have direct access to considerable bitcoin amounts (keep the majority of your funds in cold storage) so that when an exploit actually happens, the losses are small.
Of course, now that an intent to attack has been published, it should be obvious that all services that are not directly necessary should be stopped or protected from outside access, and that continuous intrusion detection should be run on the servers/network.
Good luck, and hopefully you can still get some sleep...

Onkel Paul
copper member
Activity: 3948
Merit: 2201
Verified awesomeness ✔
June 26, 2014, 03:34:50 AM
#7
I left our "friend" a nice little trust rating. You should do that as well OP.
EDIT: Nevermind, you already did Tongue
hero member
Activity: 706
Merit: 519
Official LuckyBit Support
June 26, 2014, 03:33:29 AM
#6
Our reply:

Code:
Hello,

thank you for your offer. We respectfully decline. Also, we published your attempt here:

https://bitcointalk.org/index.php?topic=666400.0

and here:

http://www.reddit.com/r/WTF/comments/28qucr/notice_of_extortion/

Additionally, we reported you to the moderators of bitcointalk.

Regards,
LuckyBit support
hero member
Activity: 706
Merit: 519
Official LuckyBit Support
June 26, 2014, 03:26:06 AM
#5
I may have found the person behind this, his name is "redhatcc" His bitcointalk profile address matched the one in the email. https://bitcointalksearch.org/user/redhatcc-344931  Tongue first post

Thanks for finding this! Smiley We've sent you a little something.  Cool

So the guy was stupid enough to use the same address as on his bitcointalk profile!

Reporting to moderators...
newbie
Activity: 4
Merit: 0
June 26, 2014, 03:22:29 AM
#4
I may have found the person behind this, his name is "redhatcc" His bitcointalk profile address matched the one in the email. https://bitcointalksearch.org/user/redhatcc-344931  Tongue first post
hero member
Activity: 706
Merit: 519
Official LuckyBit Support
June 26, 2014, 03:21:37 AM
#3
See below  Grin
hero member
Activity: 706
Merit: 519
Official LuckyBit Support
hero member
Activity: 706
Merit: 519
Official LuckyBit Support
June 26, 2014, 03:09:32 AM
#1
So, we at http://luckyb.it received another extortion attempt, mostly related to our latest "win 5 bitcoin if you guess the world-cup winner" promo. Smiley

We thought it's better to publish these things, so other site operators are warned.

We had an standard "vulnerability scan" this morning ~7 UTC, coming from 173.233.126.140 (dsl-140.pool2.5.e120.sumt.ftc-i.net).
Dynamic home IP - the whole scan came from the same IP, so it was easy to block and most likely just a kiddy that got hold of some webapp security scanner.

Short after that, we received the mail below, coming from 46.19.139.98.

We're of course not giving in to extortion attempts (especially not to such poorly executed ones).
We hope this helps some other site operators - let's get this idiots out in the open

LuckyBit support

Code:
Return-Path:
Delivered-To: [email protected]
Received: from spool.mail.gandi.net (mspool4-d.mgt.gandi.net [10.0.21.135])
by nmboxes10-dc2.mgt.gandi.net (Postfix) with ESMTP id DA70C40C8C
for ; Thu, 26 Jun 2014 09:25:20 +0200 (CEST)
Received: from mfilter20-d.gandi.net (mfilter20-d.gandi.net [217.70.178.148])
by spool.mail.gandi.net (Postfix) with ESMTP id CE53F1421EB;
Thu, 26 Jun 2014 09:25:20 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mfilter20-d.gandi.net
Received: from spool.mail.gandi.net ([10.0.21.135])
by mfilter20-d.gandi.net (mfilter20-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024)
with ESMTP id JCLGuk+ocRFX; Thu, 26 Jun 2014 09:25:19 +0200 (CEST)
Received: from tamar.safe-mail.net (tamar.safe-mail.net [212.29.227.229])
by spool.mail.gandi.net (Postfix) with ESMTPS id 184A4142235
for ; Thu, 26 Jun 2014 09:25:15 +0200 (CEST)
Received: by tamar.safe-mail.net with Safe-mail (Exim 4.66)
(envelope-from )
id 1X043G-0003Et-Ld
for [email protected]; Thu, 26 Jun 2014 03:24:58 -0400
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=N1-0105; d=Safe-mail.net;
b=q8tg9TIGwO/dhWOC37sNDuS08lFLO1GZrK9vHXdB2oV187Zdn1h5Cs0+7B1Kwj3e
YuPG/WP3e9pWt6M6S91QGecTkWgcVjj2r+8LqdwLgYlIpDjjG7UOCeEqeTHdxmA8
Mbw53/bZEs73yjYX/1wVGKiH4KpQovhO6YIdmtABE9I=;
Received: from pc ([46.19.139.98]) by Safe-mail.net with https
Subject: Security Findings - Exploits Discovered
Date: Thu, 26 Jun 2014 03:24:58 -0400
From: [email protected]
To: [email protected]
X-SMType: Regular
X-SMRef: N1B-FaLBugTE1n
Message-Id:
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SMSignature: NaFpzlw5r9KruAaXoi8A6cJduMZbfgJKuuZKFNVgo/XHd+Lc88Ibc654gAeDrz6f
qgFbtAUeTEUmFsk9a8edzFIM1GuAlHbqbhu5mtxX54g8tZkqFJPMizncezNpMrzT
d/wBKoKwAW9/wvaDANUYIre6UcJS3I7SUWVSYIE+pxI=



A recent penetration test of your site found the following:

     Confirmed High Risk: 3
     Confirmed Medium Risk: 122
     Confirmed Low Risk: 84
     Confirmed Informational (Information Gathering): 64

We want to help secure you and the BTC, torrent, and download services community. Our work is to exploit and report on the security of all Bitcoin, torrent, and download services online.


The following are your options:

1. Send 1.841 BTC to the following address: 16CTrB3BkSaQazoKeS3qKn9DgaofZP8p4J
- By doing so you ensure that you and ONLY you get the penetration and security report. It will be sent, then destroyed.
- You can help secure your servers from black hat hackers, and you can give a larger level of trust to your users.

2. Do nothing an ignore this email.
- The report will be published on several sites on the onion network, clearnet, torrent sites, and exploit sites such as exploitdb.
- You risk the immediate threat of having thousands of experienced hackers now targeting your site.
- If you received a High Risk notification, this indicates that you are in danger of complete compromise of your site, servers, and data.

If you decide to meet the bounty you will receive the following:
- The test ran.
- The applications used.
- Remediation tactics including OVAL & XCCDF class 4 scripts to fix your site.
- And support from us.


You have until 06/26/2014 to send 1.841 BTC to 16CTrB3BkSaQazoKeS3qKn9DgaofZP8p4J in order to gather the reports generated. Failure to do so will result in releasing the already obtained security flaws with detailed instructions on how to penetrate your site.

This is not a threat, this is securing the clearnet BTC community.

Note: Once payment has been sent, please respond to to this email with your sending address, as well as the address we can email you the reports. Typical archived size of the pdf files can exceed 10mb. Also, upon request we can send you our PGP if you wish to ask further questions, but the deadline will not be lifted nor extended.
Jump to: