Pages:
Author

Topic: HACKED THIS AFTERNOON! PLEASE HELP! (Read 616 times)

legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
April 20, 2019, 01:44:09 PM
#27
Which is incorrect. Windows is insecure regardless of your "configuration and management" bullshit.

[...]

You are posting false information and using fallacies which I utterly despise.

You are wrong.

Just because YOU can't manage a windows system / network properly, it doesn't mean that it is not possible.
While i agree that it takes way more effort to create a somewhat secure system running windows, it is - by far - not impossible.

We would have all of your governments and any other critical infrastructure compromised already.. The majority is using windows only..

You should keep away from the thought that not a single person can do things which YOU can't do..

You shouldn't take it to the extremes. Linux is much more secure by default, but its not perfect. It also depends on distro, some are more security oriented than others. Windows on the other hand, can be made safer, with work, but the end result isn't perfect either, and is not as good as a truly secured linux or bsd. You just can't do anything about secret backdoors/bombs/bugs hidden in code you have no access to, that is a fundamental difference you have to always live with when using closed source proprietary software.

Of course there is a lot of money to be made in this sector, some people are fool enough to insist on using windows and beg professionals to make it safer. One of the things usually done is put a firewall (with a secure os) in the gateway to the wild savage internet and their little windows Lan to at least contain the brunt of the attacks. You can also spend a lot of effort and time trying to secure as best as you can windows, within the limitations no access to the code will never let you surmount.

The irony here is that a simple user isn't going to make it, that is why they hire you in the first place. If windows was "secure by default", you would have to do a different job. And these are the typical targets, remember? Laziness.

Easy to use, easy to crack, you could say.
legendary
Activity: 1624
Merit: 2481
April 19, 2019, 11:20:37 AM
#26
Which is incorrect. Windows is insecure regardless of your "configuration and management" bullshit.

[...]

You are posting false information and using fallacies which I utterly despise.

You are wrong.

Just because YOU can't manage a windows system / network properly, it doesn't mean that it is not possible.
While i agree that it takes way more effort to create a somewhat secure system running windows, it is - by far - not impossible.

We would have all of your governments and any other critical infrastructure compromised already.. The majority is using windows only..

You should keep away from the thought that not a single person can do things which YOU can't do..


member
Activity: 378
Merit: 53
Telegram @keychainX
April 19, 2019, 08:21:53 AM
#25
Thanks for the reply HCP..

Sad day  : Embarrassed Embarrassed

Working on the gmail issues.. All of my recovery email addresses were compromised as well... hence me being pretty handcuffed on the email front..

I have reached out to Bittrex and Binance to freeze accounts.. Binance has done so but not in time.. KYC'd in both exchanges.

Here is the transaction out of my account: https://bitcoinwhoswho.com/address/1CenzCoKFoQyBdFbi1uYU1DEmyQFyM8cfm/urlid/13236721
This was a very very sophisticated attack.. I was simultaneously hacked at 2 email addresses.. I phone.. Multiple mac computers.. At&T (they changed my ssn and disconnected my phone!)..

At a loss.. total loss..



Any chance suing AT&T? Did they hi-jack your sim? There was several high-profile cases like this in california/miami last year.

legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
April 18, 2019, 02:06:15 PM
#24
@ Op how many KYC  did you do for crypto companies?

KYC at an exchange like Bittrex,Coinbase

KYC with bitmain
KYC with most anyone in crypto can be a big weakness.

Did you have any

yahoo accounts?
outlook accounts
live accounts?






legendary
Activity: 2674
Merit: 2965
Terminated.
April 18, 2019, 08:29:45 AM
#23
All i have said was that any system can get compromised and that no system is secure directly after installing.
It is the configuration which makes it more or less secure. The possibilities and simplicity of unix-based OS's are the reason linux can be made more secure in an easier way.
This has nothing to do with linux = secure; windows = horrible. It all depends on the configuration and the management.. always.
Which is incorrect. Windows is insecure regardless of your "configuration and management" bullshit.

Just because you didn't see X, it means X doesn't exist ? What kind of an argument is that ?

Also.. why are you hating so much ? There is not a single reason to be aggressive at all..
You are posting false information and using fallacies which I utterly despise. Thus you are directly, or indirectly, intentionally or unintentionally harming the readers. Here you go again, with a red herring. Just stop. Then again, you gotta earn your shitposting sig. money somehow. Roll Eyes This solves my own question why pseudo-randoms have been posting pseudo-science in this section for a while now; it's time to exclude it from everything.
legendary
Activity: 1624
Merit: 2481
April 18, 2019, 07:44:08 AM
#22
That is, again, nonsense. You were talking about the out of the box security. Windows is garbage, especially windows server. Luckily for that garbage OS this discussion does not involve performance. Roll Eyes

Yes, i were talking about out-of-the-box in one sentence:
Generally, yes. Linux is safer (out-of-the-box). And you are more secured against the day-to-day threats, yes.


All i have said was that any system can get compromised and that no system is secure directly after installing.
It is the configuration which makes it more or less secure. The possibilities and simplicity of unix-based OS's are the reason linux can be made more secure in an easier way.
This has nothing to do with linux = secure; windows = horrible. It all depends on the configuration and the management.. always.



What has me never seeing a linux system get compromised have to do with the existence of exploits? Strawman facepalm. I'm well familiar with exploits, especially those that were planted by NSA undercover contributors[1]. Read before you respond next time or just avoid responding at all (the later is the better option).

[1] Greetings to all american kool-aid drinkers again; you live in such a lovely country.

Just because you didn't see X, it means X doesn't exist ? What kind of an argument is that ?

Also.. why are you hating so much ? There is not a single reason to be aggressive at all..


Edit:
Just checked your post history and it seems you have a bad day today..
What about we stop the discussion here now and talk some other day about this topic (given that you want to properly discuss this topic) ?
legendary
Activity: 2674
Merit: 2965
Terminated.
April 18, 2019, 06:55:55 AM
#21
And dynamite will destroy both.

With proper network- / privileges-management and some common sense a windows network can be as secure as a linux network.

It all depends on the security mechanism / -management.
A miserably managed linux network is way more prone to being compromised than a moderately good managed windows network.
That is, again, nonsense. You were talking about the out of the box security. Windows is garbage, especially windows server. Luckily for that garbage OS this discussion does not involve performance. Roll Eyes


But saying linux is more secure per se, is kind of wrong.
Is not.

For the sake of reference: the last time anything running Linux that I've seen was compromised was never. The again, that might be partially because of proper security practices.
So.. you mean there never were linux kernel exploits, privilege escalations or any other exploits which only affected linux and were severe (*cough*  shellshock  *cough*) ?
What has me never seeing a linux system get compromised have to do with the existence of exploits? Strawman facepalm. I'm well familiar with exploits, especially those that were planted by NSA undercover contributors[1]. Read before you respond next time or just avoid responding at all (the later is the better option).

[1] Greetings to all american kool-aid drinkers again; you live in such a lovely country.
legendary
Activity: 1624
Merit: 2481
April 18, 2019, 06:52:57 AM
#20
Then you need to do a lot more reading. When compared: Windows = swiss cheese; Linux = brick wall.

And dynamite will destroy both.

With proper network- / privileges-management and some common sense a windows network can be as secure as a linux network.

It all depends on the security mechanism / -management.
A miserably managed linux network is way more prone to being compromised than a moderately good managed windows network.



But saying linux is more secure per se, is kind of wrong.
Is not.

For the sake of reference: the last time anything running Linux that I've seen was compromised was never. The again, that might be partially because of proper security practices.

So.. you mean there never were linux kernel exploits, privilege escalations or any other exploits which only affected linux and were severe (*cough*  shellshock  *cough*) ?


Just because the majority of malware doesn't work on linux, it doesn't mean that linux is more secure.

If you consider a non-techy guy who barely can open his browser and type into google.
Without any security practices, it is not harder to compromise his computer running linux than if he would use windows. Same applies to a MAC, iOS, android etc..

Most people using linux do have more clue regarding IT / security / etc.. And that's the reason why it is 'easier' to compromise a windows system. Most windows user just don't know what they are doing at all..
legendary
Activity: 2674
Merit: 2965
Terminated.
April 18, 2019, 04:10:53 AM
#19
While i agree that it is safer to use Linux, i would not agree that linux is a more secure OS per se.
Then you need to do a lot more reading. When compared: Windows = swiss cheese; Linux = brick wall.

But saying linux is more secure per se, is kind of wrong.
Is not.

For the sake of reference: the last time anything running Linux that I've seen was compromised was never. The again, that might be partially because of proper security practices.
legendary
Activity: 1624
Merit: 2481
April 18, 2019, 01:33:08 AM
#18
Of course you should run a secure OS always (ie. Linux).

While i agree that it is safer to use Linux, i would not agree that linux is a more secure OS per se.

It is the configuration of your computer, software, network which makes your system secure or not secure.

More than 90% of the malware is written for windows.. but this still doesn't mean that you are more secure (especially not in a targeted attack).
In a targeted attack it doesn't matter at all which OS you are using. Bugs and exploits exist (and can be found) for every OS / system setup.


Generally, yes. Linux is safer (out-of-the-box). And you are more secured against the day-to-day threats, yes.
But saying linux is more secure per se, is kind of wrong.



And your passwords shouldn't be trivial. Password managers have good random password generators, you should aim for (at least) 16 char long passwords using all char type groups first (ie. letters, numbers, caps, symbols).

Password managers are a good idea, yes.
But in some cases you need to memorize your password (e.g. for an account you need to log into from different devices from different networks).
In this case you need some password you can memorize.

Then, you can easily go without special chars by increasing the length.

An explanation on length beats complexity regarding password security: https://bitcointalksearch.org/topic/m.50625648



I would advise the OP to download a live linux iso and use that in a thumbdrive and boot the computer from it. always have one of those ready.

Definitely, but maybe not manjaro.

For a linux newbie, some easier-to-learn distro might be more helpful (e.g. ubuntu / mint).
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
April 17, 2019, 11:12:41 PM
#17
I understand that my case was completely my fault (same pass on every site), and the reason is laziness, ignorance, or thinking it will never happens to you. I can't say the OP was hacked the same way that I was, anyway, it could be his fault or a website leaking his data: once they have access to an email address, they got access to all other sites, it doesn't matters if you have one password for each one.

I recommend the same, Windows is a spyware for itself, they are more busy spying on your biometrical data than on bringing security. I'm a total Linux noob, but I started using Ubuntu this year, learned GIMP to replace Photoshop, and I still need to buy a BricsCAD license to replace Autocad, to fully get rid of Windows for ever. I also recommend Linux Tails in a thumbdrive for important transactions.

Email access doesn't necessarily means they can get you, many sites ask you security questions before sending you a new password to your email, it depends on the site. If you are smart, you don't use a normal answer to the security question, but instead use random generated passwords as response for each different security question (you can store those in your password manager the same way).

If the site simply sends you a new password over email when you request it, that site has a very poor design. In this day and age, that's unacceptable. Some form of challenge should be expected. Often a weakness here is people using dumb simple answers to the security questions.

Windows has a LONG history of security breaches. Problem is, its full of holes, several undocumented. Once a malicious individual finds one, it can keep it to himself until the day he wants to use it. In open source, the same thing can occur, BUT  more often than not a thid party finds it and alerts the community. This cannot happen with closed software where its impossible to audit the code, or can only be audited by too small a limited group for a short period of time; meaning several bugs and flaws remain hidden for decades. The software development model (open vs closed) is one of the main reasons for insecure software, but its not the only one. It is however harder to secure closed since its harder to find the flaws than open.

There is no such thing as security by obscurity. A common cryptography tradition is: show your algorithm, so the community as a whole can audit it and give its blessing or find its faults. you know, basic science. Keep it hidden, nobody will trust it as its likely full of flaws. Software is the same.
full member
Activity: 614
Merit: 124
April 17, 2019, 07:12:59 PM
#16
Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

This is why its critical to never repeat passwords anywhere. First thing they do when they obtain password databases is to try them elsewhere.

I understand that my case was completely my fault (same pass on every site), and the reason is laziness, ignorance, or thinking it will never happens to you. I can't say the OP was hacked the same way that I was, anyway, it could be his fault or a website leaking his data: once they have access to an email address, they got access to all other sites, it doesn't matters if you have one password for each one.


Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

I would advise the OP to download a live linux iso and use that in a thumbdrive and boot the computer from it. always have one of those ready.

Why, oh why is it only after people lose money that they start to pay attention? If you haven't been harmed yet, Do it now™; drop windows today, no more excuses.

I recommend the same, Windows is a spyware for itself, they are more busy spying on your biometrical data than on bringing security. I'm a total Linux noob, but I started using Ubuntu this year, learned GIMP to replace Photoshop, and I still need to buy a BricsCAD license to replace Autocad, to fully get rid of Windows for ever. I also recommend Linux Tails in a thumbdrive for important transactions.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
April 17, 2019, 06:54:32 PM
#15
Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

This is why its critical to never repeat passwords anywhere. First thing they do when they obtain password databases is to try them elsewhere. People can't remember a thousand sites passwords, but they can remember a very good password for a password manager running in a secure OS. Of course you should run a secure OS always (ie. Linux).

And your passwords shouldn't be trivial. Password managers have good random password generators, you should aim for (at least) 16 char long passwords using all char type groups first (ie. letters, numbers, caps, symbols).

I would advise the OP to download a live linux iso and use that in a thumbdrive and boot the computer from it. always have one of those ready.

Why, oh why is it only after people lose money that they start to pay attention? If you haven't been harmed yet, Do it now™; drop windows today, no more excuses.

Then, no "easy passwords", no repeating passwords. Careful with the 2FA, they are double edged swords, not universal protection. Keep major amounts in cold wallets, no excuses for that either. Exchanges learned that lesson the hard way, so should you...

So now its too late for (yet another) poster. Is it late for you the reader? Best OP can do now is report to authorities, probably will never see anything of it back again.

Remember this: When you use crypto, you are your own bank. Act responsibly.
full member
Activity: 614
Merit: 124
April 17, 2019, 04:46:05 PM
#14
Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.
hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
April 17, 2019, 04:23:24 PM
#13
If you follow the addresses they split transactions up on, 3BXTZHn8h7v69KoZTnnTU3Qj9TxBejLX9T is associated with BTC ransomware and blackmail scam. I've seen some of those spoofed emails have actual passwords in them to make them more worrisome, so there have definitely been database breaches. If you used the same email/password for everything it could be from whatever breach they obtained those passwords from or a simple phishing scam with fake login. Could have also been a more sophisticated, targeted attack, and only way to try and find out would be to do a full forensic examination of your computers and devices. I'd make forensic copies of everything and then wipe the originals before going back online.
You might be right about the computer issue cause the OP said he's using mac computers but the part of his phone also been hacked another thing and I believed it might be an inside job done by the person that knew the OP which I asked him the previous question but the OP was not online since his last reply.
full member
Activity: 265
Merit: 232
April 17, 2019, 03:54:22 PM
#12
If you follow the addresses they split transactions up on, 3BXTZHn8h7v69KoZTnnTU3Qj9TxBejLX9T is associated with BTC ransomware and blackmail scam. I've seen some of those spoofed emails have actual passwords in them to make them more worrisome, so there have definitely been database breaches. If you used the same email/password for everything it could be from whatever breach they obtained those passwords from or a simple phishing scam with fake login. Could have also been a more sophisticated, targeted attack, and only way to try and find out would be to do a full forensic examination of your computers and devices. I'd make forensic copies of everything and then wipe the originals before going back online.
legendary
Activity: 2506
Merit: 1113
There's no need to be upset
April 17, 2019, 02:07:44 PM
#11
I'm really sorry for your loss, hope you can make it back again double of what you have!

adding to posi, I'm really curious on how this attack happened and what was the security breach, since you had 2FA on all exchanges and on email.

did anybody had physical access to your mobile phone?
which was the version of your iphone and how do you think the 2FA got copromised?

any info on this can possibly save other people to suffer the same kind of hack
hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
April 16, 2019, 06:49:30 AM
#10
Thanks for the reply HCP..

Sad day  : Embarrassed Embarrassed

Working on the gmail issues.. All of my recovery email addresses were compromised as well... hence me being pretty handcuffed on the email front..

I have reached out to Bittrex and Binance to freeze accounts.. Binance has done so but not in time.. KYC'd in both exchanges.

Here is the transaction out of my account: https://bitcoinwhoswho.com/address/1CenzCoKFoQyBdFbi1uYU1DEmyQFyM8cfm/urlid/13236721
This was a very very sophisticated attack.. I was simultaneously hacked at 2 email addresses.. I phone.. Multiple mac computers.. At&T (they changed my ssn and disconnected my phone!)..

At a loss.. total loss..


I'm really sorry for your loss. I will advice you to do all the calling using a new phone but I was surprised all your phones, email and computer were hacked and would like to ask you some few question.
How many people know you holder some crypto?
Do you share your computer?
Do you expose your SSN in the last 3 months, save it on phone etc or apply an anonymous registration which require your private info?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
April 16, 2019, 05:21:25 AM
#9
Steamy27, I'm sorry for your loss, but you should have been a lot smarter and never hold such a quantity of coins on crypto exchanges. Simple desktop wallet would save you, and I do not have to mention how much security would you have with any hardware wallet which is cost 50$ or something like that.

By the way you are hacked it is obvious that you were the calculated target, so think who else is know that you hold such amount of coins? Did you tell your friends, acquaintances or family members? Although the chances are very small, maybe police can do something if you collect enough data and make a report.

The block explorer says you still have 24.6995 BTC at this address -- I'm taking it you don't have the private key to this address? If you did, the obvious thing to do would be to import it into another wallet; preferably on a device you know isn't connected to the hacking.

Unfortunately exchanges do not give the possibility of exporting private keys, and because of that coins stored there are not just owned by owner, but also by exchange and anyone who can hack such service.
legendary
Activity: 3010
Merit: 8114
April 16, 2019, 03:36:59 AM
#8
Thanks for the reply HCP..

Sad day  : Embarrassed Embarrassed

Working on the gmail issues.. All of my recovery email addresses were compromised as well... hence me being pretty handcuffed on the email front..

I have reached out to Bittrex and Binance to freeze accounts.. Binance has done so but not in time.. KYC'd in both exchanges.

Here is the transaction out of my account: https://bitcoinwhoswho.com/address/1CenzCoKFoQyBdFbi1uYU1DEmyQFyM8cfm/urlid/13236721
This was a very very sophisticated attack.. I was simultaneously hacked at 2 email addresses.. I phone.. Multiple mac computers.. At&T (they changed my ssn and disconnected my phone!)..

At a loss.. total loss..



The block explorer says you still have 24.6995 BTC at this address -- I'm taking it you don't have the private key to this address? If you did, the obvious thing to do would be to import it into another wallet; preferably on a device you know isn't connected to the hacking. If you don't, sorry to hear about your loss. That's truly awful and I hope you somehow recover at least some of it.
Pages:
Jump to: