Topic: [Full Disclosure] More likely MtGox Post-Mortem - page 2. (Read 22225 times)

More fun for many happy people!
History will record that MTux from MGox has done a "prove it" transfer of over 424,242BTC, so the original thread title ...More likely MtGox Post-Mortem, will most likely prove to be highly inaccurate.
http://blockexplorer.com/address/1eHhgW6vquBYhwMPhQ668HPjxTtpvZGPC

Great news for Bitcoin and the community.  

The only reason I mentioned IQ was due to the nature of his attack,and the way he called me stupid several times, plus he insulted my family in ways only a very sick mind would ever think of.

• This forum used to be a great place, nobody noticed how ridiculous, and over the top his attack was, and / or bothered to suggest to him he should cool it.

Gee, thanks a lot guys.

Please take your worthless insults and bickering over who has the higher IQ elsewhere.

Thanks.

seriously for every 1 good post, there's like 10-20 retarded ass flame wars going on

IMO I just want some god damned info and a straight story with some evidence to back it up

I feel like MT really hasn't handled this situation in the best manner

All we want are some freaking answers, and because of that and the extremists on either side, you guys just devolve everything into stupid flamewars.  At this point it's like fuck it, what the fuck is the point of arguing, we should be grabbing pitchforks and torches and start marching to MT or MtGox demanding some fucking answers because as a user of MtGox with my personal information leaked to the world and the site going down locking our funds out, the least we should be given is a fucking straight and sensibly answer/explanation.

This shit has gotten ridiculously out of hand

Are you guys done?

You would be amazed how high my IQ is, plus you need to look in the mirror and keep talking to yourself.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.

Just an update.

18 hours later. Still no response public or private.

This proves that MagicalTux is not only incompetent, but an asshole.

My first request was "socially acceptable", and then I escalated.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.

Thank you for your feedback finack.

Perhaps we live in entirely different worlds, but I can assure you that this excerpt is far from polite:


Imagine how bad things would be if everyone replied to anything they didn't understand in that demanding and accusatory tone.

Yes it is reasonable, thank you.



Misquoting the unfair, inaccurate feedback of someone else, is a waste of time, IMO.

From post #27
No it means I don't blindly believe it.


So in essence we agree, that has nothing to do with *others* "blindly believing a sensational headline"



From post #40
I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

LOL@!@!

More than 9 hours and still no response.

Classy.

Maybe he finally realised that he needs to seek legal counsel before mouthing off in public forums.

I have no connection to the poster or anyone else. But you should reconsider your attitude in my opinion. You're complaining that something wasn't explained to you in enough depth so that you could understand it. However, it was perfectly understandably to many of us. It's reasonable to ask for clarification if you don't understand and want to, but that has nothing to do with others "blindly believing a sensational headline".

People provide security disclosures of various types all the time. Some are very, very common. This XSS and the referred to SQL injections are examples of this. That means a very many people already understand the principles behind them. I'm sure you can imagine it would be very tedious to include a full explanation of each attack every time someone discusses one.  You got your explanation, you don't have to be a dick just because you don't understand something.

Also, the post is titled "Full Disclosure" because that is the name of the security mailing list it was sent to. When you send mail to that list, the subject line gets prepended to the subject you send, so that mailing list subscribers can easily identify where it came from. Don't read too much into it. see: http://seclists.org/fulldisclosure/2011/Jun/index.html

I posted this in IRC last night and had some good convo with MagicalTux and various others. Currently i'm at work so don't have the logs in front of me. Please have a look and tell me if you see some error in my analysis or basic understanding! This is not an accusation of any kind, just someone trying to get to the bottom of this thing.

After the claims by MT that Kevin's behaviour was 'suspicous' i started looking at the activity logs on the market when it crashed, specifically what happened right at the turn (i.e. the rise back up from 0.01 after the sell).

MT said many, many things, some in his post and some in IRC chat.

So according to MT:

1) Kevin logged in at 5:12, just a few minutes before the market started crashing (~5:15 onwards).
2) Since he bought at 0.01 he must have placed that large bid BEFORE the market crashed...thus implicating him (after all who would place a ~$3000 bid at 0.01 unless they knew it was comming).

According to MT this makes Kevin looks suspcious. But there is more useful info to consider:

4) When a BUY order is filled, the only log recorded is the time of the FILL and the time the order was PLACED gets wiped out completely. Thus Tux cannot be sure of anything really.
3) Also important to mention from MT we know that you cannot place a buy when a sell is in progress. So Kevin had to have placed that order before or after the sell, but could not have done so during.

Now check:

http://www.youtube.com/watch?v=T1X6qQt9ONg

This is a video of the market crashing live, it shows a ticker. The part we are interested in is at ~5.23 into the vid, right at the turn.

What we see are three things.

1) Orders being filled with a timecode of 13:15:xx

I guess this is the time that the mega sell order was created. Here we are seeing the order book being processed and then finally getting wiped out, 0.01 and then being emptied. This take a long time.

2) Then notice time change. Ticker goes from 13:15:xx to 13:51:xx instantly. More than 30 minute gap!

This is when NEW buy orders start arriving, /after the sell has wiped out the book/

3) The 6th order down from the time change is *the big one* 13:51:16  0.01  261383.76

4) From there the orders start increasing in value, until the market bounces right back to $14 or so fairly sharply/


So some important questions and conclusions really. Looks very plain to me from these logs that Kevin did indeed get very lucky. He watched the market crash, prepared his bid and hit go just at the right time -> managing to get the 6th BUY order after the turn, not the first, the 6th.

>>>>>> Kevin placed the BUY order after the SELL and the crash, not before as he was accused of.

The login time does not proove anything, what is important is the time of the buy order was placed. But we cannot get this from MTGox because of the log issue i've mentioned so we must relly on our own understanding.



If we assume as i now do, that Kevin's really is innocent, then what was the motivation of the Hacker? We all assumed the hacker was trying to crash the markets so he could cash out, but this clearly didn't work if kevin is innocent!!!!

a) placing a large buy just after the crash ....

... the problem with a is that how would anyone be sure he could get the order in at the right time. We all know that mgtox is slow at the best of times and any half descent brain would realise that after a major market event like that, the site was going to be absolutely hammered and thus impossible to reliably connect to - just as many of you here have reported.

So unless Hacker person messed this up badly, or Kevin beat him at his own game, it looks to me like they didn't have any real intention of cashing out like this..


b) placing a large buy before the crash ... (which didn't happen as the market activity ticker seems to show)

A better stratergy would have been to use several other compomised accounts (if guy had DB access, this should have been no problem) to place 0.01 BUY orders before the SELL, just at or under the equivalent $1000 usd limit. They would have been filled and if he had withdrawn the BTC very quickly he may well have gotten away with a much, much, much larger sum.

Why not do that? Was he stupid, a kid or did he just not care about the money that much and doing it for some other purpose.

In any sense Kevin does not look like a guilty party to me but a very lucky guy who now seems to think he should be entitled to keep the profits of a crime. I wonder what his mother would say.


MagicalTux: I appreciate how busy you are trying to bring MTGox back. However, a full, indepdent analysis of these events and the others mentioned in this thread, is the only realistic way to address the concerns of your user base. Diverting attention by blaming others with very sketchy.->zero evidence is absolutely not cool.

Presumably because they all knew about the security issues with the other major sites and didn't feel them to be interesting enough to discuss. Several of them have beeen mentioned on the forum if you know where to look. Tradehill does at least look superficially security-aware for the reasons stated in the log. (I can't confirm all of it but I can confirm that they do appear to be using Django anti-CSRF middleware.)

Both pastebin.com and pastebin.ca were down at the time this was posted and had been for about an hour or it would have been posted there.

It is. Right there. In the OP's post. (privatepaste. Though I'm not sure if they require JS, as I have it enabled.)

+1 on more exchanges
+1 on robust security
-10000 on FDIC insurance

Mediafire seems to require JavaScript turned on to download the fucking text file.

Someone should paste that to normal pastebin instead of this crap