Topic: Hashie.co - Cloud Mining from 0.0012 BTC / GH | NEW: AMHash | FREE 10 GH - page 10. (Read 160426 times)

Unfortunately, I don't all i found was chat logs from an old hack that was stored on http://btcfaucet.com/logs/TradeFortress_inputsio.txt just odd they use same email address. I don't know much about that hack other than that. I did use the coin chat back in 2013 [email protected] the only thing is they both enjoy freenode hashie mentioned to someone in chat about a btc faucet and seems to be more hostile to some members then others. there isn't much to do except question the people in the logs. seems if the person has control of the site and is indeed communicating from that email they either never lost control of that server after the hack or they ditched it and gave it to someone else. You would think that after a heist like that you would have money for a while now they want more from the looks of it.

Do you have any evidence to suggest that this crypt0queen has anything to do with Hashie apart from the Halloween costume? It seems just as likely to me that this whole Hashie/Frozen shite could just be an attempt to use her as scapegoat.

From a hacker standpoint this is what I would do use btc-otc or the bitcoin talk forum to find sites that are vulnerable then find out about said people that run site hijack it and make it your platform for spam scams or what have you. you learn enough to make website and use people that have a bitcoin related site to frame them for scams. the logs don't really explain but that is all I could really find it seems to be a one way conversation about dude asking for help because of hack. cryptoqueen bitch asks something server related. the frozen shit looks better in this contexts https://pbs.twimg.com/profile_images/435004744445087744/cIRFQusN_400x400.jpeg https://twitter.com/crypt0queen playing queen elsa

Well, I´m sure as hell not going to pay them .06 BTC to be able to withdraw .00158.

  queen elsa might have been responsible as her email is the same as one that had been compromised,

Enforcement Tips and Complaints

If you would like to provide us information about fraud or wrongdoing involving potential violations of the securities laws, which may include the conduct listed below, use the Tips, Complaints and Referrals Portal.

http://www.sec.gov/complaint/tipscomplaint.shtml

I was talking about the contract you'd have to purchase to be able to withdraw.


Inputs.io. It was a web wallet that got hacked last year or the year before. No idea why it's being posted here though.

Shucks, not even a fucking ice sculpture. Back to the drawing board.

In wich way is the posted log related to hashie? I can't get it

No, it´s not a question of buying. They send ice sculptures as payouts. Sounds good to me. I have the right shelf ready here for it.

I wouldn't hold your breath. the way this looks i that hashies new email addy was hijacked. pretty much members of btc-otc got compromised or became target as the log above sounds like dude was having issues with site and probably didn't get it back. All i know is this whole thing is fucking weird it doesn't really fit the profile of some 40 year old dude unless he wants you to think it's a kid. I Just don't think it's some guy in his 40's having a midlife crisis. it could be something like an ex wife/ girlfriend, daughter or my guess is crypt0queen. Depends on how long the person has been doing it but the easiest way would be to hack servers and put other members name in there. then once you get bored with the hacks you make hashie.co you pay out  4 3 months then dick people over and move on

Then go right ahead and buy one then. What's the worst that could happen?

So they´d send me an ice sculpture ? Sounds good, I could use a nice ice sculpture in my living room.

no it says you got a beautiful ice sculpture or some shit. from what others have mentioned. there was a reference in the automated support on hashie.

Yeah, I know. Obviously I can´t withdraw what a free miner earns unless I have a miner I paid for.

But are there any reports of people buying a miner now and then being able to withdraw ?

@galdur : you won't be able to withdraw them, try if you want, your Bitcoins (fake ?) will never go out of Hashie...

Hey, I got my 92670 satoshi back in full !

I had some hash at Hashie but got rid of it in early Nov. leaving only the free miner. It then disappeared along with the above accumulated dust. Then I got me a free Magic Miner which has mined 65755 satoshi and now my balance is : 0.00158425 BTC for what it´s worth.

crypto queen bitch from chat logs has a twitter you could ask her. kind of fits the whole queen elsa shit huh.

http://static1.nosis.com/glados.cc-/7501610/3 09:10 < TradeFortress> hi
09:12 < TradeFortress> I take full responsibility for leaving that much in the hot wallet.
09:13 < TradeFortress> The hacker tried resetting passwords for my email addresses, and was able to reset one which was created 6 years earlier, without phone / recovery email and gmail happily allowed resetting.
09:14 < TradeFortress> That compromised email account was the recovery for another hotmail email, which was also compromised.
09:15 < TradeFortress> BigBitz|wrk, read please.
09:15 < TradeFortress> I didn't use the old email account without MFA
09:15 < TradeFortress> That old email acc was the recovery email of another account
09:15 < TradeFortress> @gmail > @hotmail > @gmail (2, recv'd forwarding from [email protected])
09:16 < TradeFortress> BigBitz|wrk: yes
09:16 < TradeFortress> linode 2FA was bypassed
09:16 < TradeFortress> they seem to be aware of it and don't bother to fix it.
09:16 < TradeFortress> BigBitz|wrk: yes
09:17 < TradeFortress> the attacker also used a (compromised?) server close to my geographical location
09:17 < TradeFortress> I think that helped massively with email recovery
09:18 < TradeFortress> pbase: no. I want to be open and communcative about what has happened.
09:19 < TradeFortress> BigBitz|wrk: I took significant efforts in protecting Inputs' server, but I've never thought about old abandoned emails.
09:20 < TradeFortress> BCB: What do you want me to do then? Invent a magic wand?
09:20 < TradeFortress> I'm refunding as much as I can from all the BTC I have, and the assets I or CL owns.
09:21 < TradeFortress> 9536feebe3a50b94f85ca27d56e669a7209bd4188385d55c5b97227c95cf7f74
09:21 < TradeFortress> BTC was sent here, it's still unspent. https://blockchain.info/address/1EMztWbGCBBrUAHquVeNjWpJKcB8gBzAFx
09:24 < TradeFortress> Quite simply, I wasn't sure what to do, if I could acquire 4K btc so users are not at a loss, and as well as investigating the scope of the hack.
09:25 < TradeFortress> *sign*
09:26 < TradeFortress> BigBitz|wrk: the txid was the first inputs hack
09:26 < TradeFortress> the API was the second, done by the same attacker who dumped the user DB, and then used the API
09:27 < TradeFortress> TheButterZone, I can't see how that'd hurt.
09:28 < TradeFortress> bitsav3: 2x gmail, 1x hotmail
09:30 < TradeFortress> bitnumus, if you check the txid lots of deposits are recent
09:32 < TradeFortress> bitnumus: yes, there's cold storage, but there was more in the hot pocket than cold storage
09:34 < TradeFortress> viboracecata?
09:35 < TradeFortress> theboos, I'm very interested in what security vulns viboracecata claims to have on Inputs.
09:35 < TradeFortress> so has he followed up with the claim? and how long ago?
09:36 < TradeFortress> I'm not aware of any unsolved security vulnerabilities relating to Input's code and enviroment, other than the DB has been compromised. The attack was done through email resets and bypassing security features on Linode's side.
09:37 < TradeFortress> 2FA
09:38 < TradeFortress> BCB: no.
09:38 < TradeFortress> web server was bought from Linode, bitcoind server was on macminicolo
09:38 < TradeFortress> (I own the metal to the macminicolo)
09:39 < TradeFortress> crypt0queen: that's what was used
09:39 < TradeFortress> it wasn't compromised through a server vuln
09:40 < TradeFortress> Linode's position is that my account was not compromised. The attacker simply reset my Linode password through an email request, and then ssh'd into Linode's lish, and got console access to my Linode through lish with my linode account password.
09:40 < TradeFortress> linode lets you reset  root passwords..
09:42 < TradeFortress> the attacker copied certain files via FTP using mc, to another (I believe compromised server), and accessed the bitcoind server by pretending to make withdraw requests for an account with an inflated balance
09:42 < TradeFortress> BigBitz: NO
09:42 < TradeFortress> FTP WAS NOT ENABLED
09:42 < TradeFortress> yes
09:43 < TradeFortress> I have obtained the logs
09:43 < TradeFortress> (through Linode)
09:43 < TradeFortress> attacker installed mc
09:43 < TradeFortress> transferred files to 10;[email protected]:[email protected]
09:43 < TradeFortress> BigBitz|wrk: yes, internal ones
09:45 < TradeFortress> BigBitz|wrk, multiple files that relates to internal functions of Inputs, ie the controller.
09:46 < TradeFortress> I have no evidence of the bitcoind mac mini getting compromised. it didn't bark. I suspect the attacker also made one account have -4000 BTC
09:46 < TradeFortress> which allowed it to pass sanity checks
09:46 < TradeFortress> as the total balance as reported by the db matched.
09:46 < TradeFortress> BigBitz|wrk: I have the logs of what they did to the server.
09:47 < TradeFortress> on the server, via lish, I should say.
09:47 < TradeFortress> theboos: did it directly through the DB
09:47 < TradeFortress> wasn't logged.
09:47 < TradeFortress> as it copied DB access creds
09:48 < TradeFortress> BigBitz|wrk: not on the database
09:48 < TradeFortress> bitsav3, I think they're compromised hosts
09:48 < TradeFortress> like http://mastersearching.com/
09:48 < TradeFortress> theboos, of course I've audited the db
09:49 < TradeFortress> the DB doesn't log every single change
09:50 < TradeFortress> general_log wasn't enabled
09:50 < TradeFortress> nor binary logs
09:51 < TradeFortress> +infinity
09:53 < TradeFortress> BCB: it's not enabled.
09:54 < TradeFortress> I didn't disable them, I'm pretty sure they're not enabled by default.
09:55 < TradeFortress> yup BCB
09:55 < TradeFortress> coingenuity, yes, macmini bitcoind iplocked to the web linode
09:55 < TradeFortress> that's a surprise to me
09:56 < TradeFortress> pbase: no, I have saved disk images as soon as I detected the compromise
09:56 < TradeFortress> yep
09:56 < TradeFortress> BigBitz|wrk: installed the env myself.
09:57 < TradeFortress> pbase: definitely not publicly. I'd expect there to be quite a lot of sensitive information in RAM, such as cached mysql data.
09:58 < TradeFortress> actually, no, I didn't do a ram dump.
09:58 < TradeFortress> but the disk image includes db data
09:59 < TradeFortress> I am not aware of if it was forensically sound. I estimate not.
09:59 < TradeFortress> The disk image was dumped via cloning using linode manager.
09:59 < TradeFortress> took like half a hour too
10:01 < TradeFortress> no, not booted
10:01 < TradeFortress> it was cloned to another linode that have not been booted
10:01 < TradeFortress> another as in brand new.
10:02 < TradeFortress> first of all, I'll have to figure out how to transfer the disk image
10:03 < TradeFortress> then I'll have to boot the disk image and remove the db files?
10:04 < TradeFortress> user DB is sorta sensitive. while passwords are hashed w/ bcrypt, PINs are exposed, and there's emails
10:05 < TradeFortress> theboos, that sounds like a good idea
10:05 < TradeFortress> BCB: password reset for my emails, linode, yes.
10:06 < TradeFortress> bitsav3, I will
10:06 < TradeFortress> BCB: they're like typical resets, what do you want to see?
10:07 < TradeFortress> https://i.imgur.com/sQnXsx0.png
10:07 < TradeFortress> the second time the attacker tried to get in
10:08 < TradeFortress> apisnetworks (my shared host, attacker thought there was something useful in here)
10:09 < TradeFortress> pastebin?
10:09 < TradeFortress> http://pastebin.com/J7S9xWyT
10:10 < TradeFortress> BigBitz|wrk: yep, there was one from Oct 23 that I can't now find for some reason.
10:10 < TradeFortress> BigBitz|wrk: hence 'the second time'.
10:10 < TradeFortress> right
10:11 < TradeFortress> BigBitz|wrk: where did you get the impression that I 'didn't do anything'?
10:11 < TradeFortress> I didn't just disregard the password reset email, especially since I couldn't login to linode again
10:11 < TradeFortress> second reset was mine, to regain access
10:12 < TradeFortress> BCB: no
10:12 < TradeFortress> BigBitz|wrk: what?
10:12 < TradeFortress> look at the screenshot
10:12 < TradeFortress> look at the screenshot
10:12 < TradeFortress> how many emails do you see
10:12 < TradeFortress> 2
10:12 < TradeFortress> 1st one: second time attacker tried to get access
10:12 < TradeFortress> 2nd one: me regaining access
10:15 < TradeFortress> glados.cc is powered by google apps
10:15 < TradeFortress> btcfaucet, tried pass resets
10:16 < TradeFortress> btcfaucet, I do not know what they performed, I do not remember the answer to security questions myself.
10:16 < TradeFortress> BigBitz|wrk: when you have shell access you can easily disable that.
10:16 < TradeFortress> BCB: k
10:16 < TradeFortress> duh
10:17 < TradeFortress> with gmail account, I recovered access simply by entering my old (changed) password
10:17 < TradeFortress> probably due to that I usually sign in from that device
10:17 < TradeFortress> BCB: http://pastebin.com/MhKTa5zN
10:19 < TradeFortress> BCB: show original > I see this.
10:19 < TradeFortress> bitcoind was dedi, I own the metal to it.
10:19 < TradeFortress> web was xen
10:20 < TradeFortress> BCB: tell me how.
10:20 < TradeFortress> just like the apisnetworks?
10:20 < TradeFortress> I'm accessing it the same way
10:20 < TradeFortress> 'Show Original'
10:21 < TradeFortress> BCB: I copied the entirety
10:21 < TradeFortress> understatement :p
10:23 < TradeFortress> https://i.imgur.com/H0NEeI7.png
10:24 < TradeFortress> for the linode
10:25 < TradeFortress> balances were signed because it's POSSIBLE that someone would have a negative balance on inputs
10:25 < TradeFortress> but in normal operation it hsouldn't
10:25 < TradeFortress> btcfaucet, that won't work because the mini does some sanity checking, such as SUM(balance)
10:26 < TradeFortress> stqism: no
10:26 < TradeFortress> whitelisted
10:28 < TradeFortress> BCB: they are.
10:28 < TradeFortress> you asked for the second email
10:28 < TradeFortress> I sent you the original (as exposed by mail.google.com) and pastebinned & screenshotted it.
10:29 < TradeFortress> stqism: I thought tcp packets with a faked source won't be accepted.
10:30 < TradeFortress> BCB: haven't I already told this twice
10:30 < TradeFortress> the email, on the top, was the attacker's 2nd reset
10:30 < TradeFortress> then I was unable to login, so I had to reset it again
10:30 < TradeFortress> you asked for the SECOND
10:30 < TradeFortress> so I sent you the SECOND
10:30 < TradeFortress> ie the one at the bottom
10:31 < TradeFortress> you want the one on the top? ask for the FIRST then.
10:31 < TradeFortress> go look at the screenshots
10:31 < TradeFortress> BCB: of?
10:31 < TradeFortress> have you looked at the screenshot
10:31 < TradeFortress> look at the SECOND email because you asked for the 2nd's original.
10:32 < TradeFortress> check the scrollback
10:32 < TradeFortress> it's this, https://i.imgur.com/sQnXsx0.png, correct?
10:35 < TradeFortress> BigBitz|wrk: not after this.
10:35 < TradeFortress> BigBitz|wrk: to?
10:36 < TradeFortress> BigBitz|wrk: I exercise my right to reject it.
10:36 < TradeFortress> BCB: then why don't you ask.
10:38 < TradeFortress> https://i.imgur.com/pCtanaU.png
10:38 < TradeFortress> ever realize I might be screenshotting and uploading?
10:38 < TradeFortress> coingenuity, yep
10:39 < TradeFortress> BigBitz|wrk: gmail uses local time zones
10:39 < TradeFortress> BCB: did I? that's the full email.
10:41 < TradeFortress> kk, I've spent 1.5 hours or so here now.
10:42 < TradeFortress> I have another hundred emails to handle for Inputs.io
10:42 < TradeFortress> email me at [email protected] if you want to contact me, I'll try and pop in tomorrow.
10:43 < TradeFortress> what is wrong with you BCB
10:43 < TradeFortress> do you need glasses
10:43 < TradeFortress> they are different emails
10:44 < TradeFortress> BCB: post them, show where it was the same timestamp
10:48 < TradeFortress> BCB: nothing useful on apisnetworks
10:48 < TradeFortress> most you could do is change the index.html on http://glados.cc/!
19:35 <@gribble> TradeFortress was last seen in #bitcoin-otc 8 hours, 46 minutes, and 30 seconds ago: most you could do is change the index.html on http://glados.cc/!
    2010-09-20
Expires:    2015-09-20
Owner:    MARK RUSSELLS (.)
Hosting company:    Global Net Access, LLC
Registrar:    ENOM, INC.
IPs:    64.22.68.16   
DNS:    ns1.apisnetworks.com
ns2.apisnetworks.com