I'd bet good money you guys are looking at lost funds due to a death here, especially if the bitcoins haven't been moving from the MyBitcoin wallets.
probably looking for someone to buy them not in an exchange.
Topic: How to find "Tom Williams" ... - page 3. (Read 7938 times)
probably looking for someone to buy them not in an exchange.
I'd bet good money you guys are looking at lost funds due to a death here, especially if the bitcoins haven't been moving from the MyBitcoin wallets.
They may just both be VPSes that happen to be on the same host machine.
For any hosting provider I've been with, every VPS had one or two IPs of itself. They never shared one IP between multiple VPSes.It could be that both IPs belong to one VPS or physical server, it could be two different servers, it doesn't really matter. I do suspect they belong to the same person.
Considering Leaseweb is fairly popular for somewhat more questionable content (including TOR nodes) it is not unlikely there are simply two unrelated TOR nodes on the same physical server, purely by accident. Not to mention that, as far as I am aware, Blutmagie is a fairly well-known TOR node.
They may just both be VPSes that happen to be on the same host machine.
For any hosting provider I've been with, every VPS had one or two IPs of itself. They never shared one IP between multiple VPSes.It could be that both IPs belong to one VPS or physical server, it could be two different servers, it doesn't really matter. I do suspect they belong to the same person.
There's also another Bitcoin... TOR server in the same IP range
http://torstatus.blutmagie.de/
They also have the same uptime (!) so are probably owned by the same person. The other host has port 80 open but it always replies with "400 Bad Request".
At least the port 9999 that is open on the server is indeed TOR. Obviously, there is no way to scan whether it offers any hidden services, but it's interesting.
Somehow I don't really believe a scammer would close (firewall) port 80 and 443 but not nuke the entire server, as it's evidence...
They may just both be VPSes that happen to be on the same host machine. http://torstatus.blutmagie.de/
Quote
BitcoinForFreedom
4
63 d
83.149.112.137 [83.149.112.137]
9191 None
BitcoinIsAWESOME
2
63 d
83.149.112.133 [83.149.112.133]
9999 None
4
63 d
83.149.112.137 [83.149.112.137]
9191 None
BitcoinIsAWESOME
2
63 d
83.149.112.133 [83.149.112.133]
9999 None
They also have the same uptime (!) so are probably owned by the same person. The other host has port 80 open but it always replies with "400 Bad Request".
At least the port 9999 that is open on the server is indeed TOR. Obviously, there is no way to scan whether it offers any hidden services, but it's interesting.
Somehow I don't really believe a scammer would close (firewall) port 80 and 443 but not nuke the entire server, as it's evidence...
It seems that www.mybitcoin.com was using a CACert
http://bitcointalk.org/?topic=1043
cacert.org may have more information on record about who the certificate was issued to.
http://bitcointalk.org/?topic=1043
cacert.org may have more information on record about who the certificate was issued to.
I still consider it a reasonably likely scenario that the site was run by a privacy-advocate/cryptographer - who has simply died.
According to the "from the desk of Tom Williams" statement in June, two technicians have access to the server.
Quote
All disk keys are held off-site and were never generated anywhere near the internet. All server passwords are unique per server and per user, of course. Only two technicians have access to the secure servers. This access is over a VPN and we only use secured workstations running Linux and BSD to access them.
https://bitcointalksearch.org/topic/m.279396
You'd think that by now one of them would have realised that there's something wrong and that if something dramatic has happened to "Tom" they'd be trying to find a way to communicate with the users of the service.
If the other 'technician' was the dead person's spouse .. then maybe the whole thing just isn't of interest right now. The other technician might need physical access to fix it - and may not even be in the same country.
was the entire site really behind tor? if that is the case, i wish you guys the best of luck to find him,
It had a tor hidden service, but was also reachable through normal https... otherwise we wouldn't even know the IP address and hoster."normal https" is interesting..
Does anyone have any information about the issuer of the certificate that was used? Presumably if it was self-signed it would have been giving browser warnings.. so did the site actually have a commercial https certificate issued for 'www.mybitcoin.com'?
I still consider it a reasonably likely scenario that the site was run by a privacy-advocate/cryptographer - who has simply died.
According to the "from the desk of Tom Williams" statement in June, two technicians have access to the server.
Quote
All disk keys are held off-site and were never generated anywhere near the internet. All server passwords are unique per server and per user, of course. Only two technicians have access to the secure servers. This access is over a VPN and we only use secured workstations running Linux and BSD to access them.
https://bitcointalksearch.org/topic/m.279396
You'd think that by now one of them would have realised that there's something wrong and that if something dramatic has happened to "Tom" they'd be trying to find a way to communicate with the users of the service.
I still consider it a reasonably likely scenario that the site was run by a privacy-advocate/cryptographer - who has simply died.
should we start trying to crack the private keys then?
I still consider it a reasonably likely scenario that the site was run by a privacy-advocate/cryptographer - who has simply died.
was the entire site really behind tor? if that is the case, i wish you guys the best of luck to find him, otherwise if it wasn't just get the federal bureau of investigation or some other entity that cover cyber crime. they can force the hosting company to reveal the identity of the person/s. an incident this large is almost certain to get caught. and when he/she is caught, you might be lucky and get all your coins back assuming the logs were still in tact/obtainable, or at least be ordered to pay back the BC.
It's going to be hard to get any authorities to take this seriously unless the coins are actually moved. Right now the evidence of wrong-doing is limited to a website being down, something which I doubt is an offence in any First World nation.
Given that Mybitcoin went for maximum anonymity when creating the LLC and registering the domain, I'd be surprised if the hosting company has any details about the actual owner. It's most likely that was arranged through their company agents as well, which means law enforcement would hit a dead end unless they're willing to devote a huge amount of resources to sifting through the hosting company's records to try to determine where the unknown owner logged in from.
was the entire site really behind tor? if that is the case, i wish you guys the best of luck to find him,
It had a tor hidden service, but was also reachable through normal https... otherwise we wouldn't even know the IP address and hoster.then what is the problem. the FBI should be able to get his name and such np. unless he used fake details for registration.
That won't work if he was born with a fake name.
was the entire site really behind tor? if that is the case, i wish you guys the best of luck to find him,
It had a tor hidden service, but was also reachable through normal https... otherwise we wouldn't even know the IP address and hoster.then what is the problem. the FBI should be able to get his name and such np. unless he used fake details for registration.
was the entire site really behind tor? if that is the case, i wish you guys the best of luck to find him,
It had a tor hidden service, but was also reachable through normal https... otherwise we wouldn't even know the IP address and hoster.
was the entire site really behind tor? if that is the case, i wish you guys the best of luck to find him, otherwise if it wasn't just get the federal bureau of investigation or some other entity that cover cyber crime. they can force the hosting company to reveal the identity of the person/s. an incident this large is almost certain to get caught. and when he/she is caught, you might be lucky and get all your coins back assuming the logs were still in tact/obtainable, or at least be ordered to pay back the BC.
Time to get the torches and pitchforks this is the last blow we needed for bitcoins its time to take a stand....
So go ahead and lets list some resources how we can track down this mother eff'er ....
Does this work ?
http://www.domaintools.com/research/hosting-history/?q=mybitcoin.com
So go ahead and lets list some resources how we can track down this mother eff'er ....
Does this work ?
http://www.domaintools.com/research/hosting-history/?q=mybitcoin.com
Domain tools does work. I do not have a subscription but it can find previous whois information. This would only help if the owner registered to himself or some other valuable information, then changed it later to its current state. It is a shot in the dark but may provide information.
According to this thread, posted yesterday, there've been 62 changes to the whois record since the domain was registered and the original registrant was a William R Smart.
https://bitcointalksearch.org/topic/mybitcoincom-scammers-33815
A Tracey Williams-Morton is listed as is listed a contact for Meridian Trust but Meridian Trust and its affiliate Morning Star Holdings are licensed trustees and company agents respectively. It's likely that any name appearing in the whois records is that of a Meridian Trust or Morning Star employee rather than an owner or manager of Mybitcoin as there is no requirement for the identity of owners or beneficiaries to be disclosed when forming an LLC in Nevis.
You don't REALLY have to provide legitimate contact information for a domain when you purchase it. You're supposed to, but in the vast majority of domain providers the actual enforcement of that rule is spotty at best, and non-existent at worst. At least with a 'privatized' contact field its likely the owner at least put in real information before paying to have it hidden...
The email addresses associated with the OpenPGP certificate from 2010-04-27 are:
[email protected]
[email protected]
Perhaps it's worth trying those.. (the first presumably has to be done from within the i2p network)
[email protected]
[email protected]
Perhaps it's worth trying those.. (the first presumably has to be done from within the i2p network)
There's also another Bitcoin... TOR server in the same IP range
http://torstatus.blutmagie.de/
They also have the same uptime (!) so are probably owned by the same person. The other host has port 80 open but it always replies with "400 Bad Request".
At least the port 9999 that is open on the server is indeed TOR. Obviously, there is no way to scan whether it offers any hidden services, but it's interesting.
Somehow I don't really believe a scammer would close (firewall) port 80 and 443 but not nuke the entire server, as it's evidence...
http://torstatus.blutmagie.de/
Quote
BitcoinForFreedom
4
63 d
83.149.112.137 [83.149.112.137]
9191 None
BitcoinIsAWESOME
2
63 d
83.149.112.133 [83.149.112.133]
9999 None
4
63 d
83.149.112.137 [83.149.112.137]
9191 None
BitcoinIsAWESOME
2
63 d
83.149.112.133 [83.149.112.133]
9999 None
They also have the same uptime (!) so are probably owned by the same person. The other host has port 80 open but it always replies with "400 Bad Request".
At least the port 9999 that is open on the server is indeed TOR. Obviously, there is no way to scan whether it offers any hidden services, but it's interesting.
Somehow I don't really believe a scammer would close (firewall) port 80 and 443 but not nuke the entire server, as it's evidence...
Jump to: