Pages:
Author

Topic: How to find "Tom Williams" ... - page 4. (Read 7938 times)

legendary
Activity: 1330
Merit: 1000
Bitcoin
August 03, 2011, 11:20:17 PM
#16
Seems indeed that the IP was (or is?) running a tor router under the name "BitcoinIsAWESOME"

https://metrics.torproject.org/routerdetail.html?fingerprint=b643b9519360c62e6fba18ff2e47e028908595bd

Interesting thing is that it was "published   2011-08-04 03:00:25.0" so apparently there is still activity on the server?


Interesting ...it is still up  I suppose that can be a good sign in a sense  meaning there is activity on the server ....
legendary
Activity: 1218
Merit: 1000
August 03, 2011, 11:18:07 PM
#15
Seems indeed that the IP was (or is?) running a tor router under the name "BitcoinIsAWESOME"

https://metrics.torproject.org/routerdetail.html?fingerprint=b643b9519360c62e6fba18ff2e47e028908595bd


Still is and it's up
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
August 03, 2011, 11:16:22 PM
#14
Seems indeed that the IP was (or is?) running a tor router under the name "BitcoinIsAWESOME"

https://metrics.torproject.org/routerdetail.html?fingerprint=b643b9519360c62e6fba18ff2e47e028908595bd

Interesting thing is that it was "published   2011-08-04 03:00:25.0" so apparently there is still activity on the server?
legendary
Activity: 1386
Merit: 1004
August 03, 2011, 11:14:56 PM
#13
Time to get the torches and pitchforks this is the last blow we needed for bitcoins its time to take a  stand....

So go ahead and lets list some resources how we can track down this mother eff'er ....

Does this work ?

http://www.domaintools.com/research/hosting-history/?q=mybitcoin.com

Domain tools does work.  I do not have a subscription but it can find previous whois information.  This would only help if the owner registered to himself or some other valuable information, then changed it later to its current state.  It is a shot in the dark but may provide information.
legendary
Activity: 1330
Merit: 1000
Bitcoin
August 03, 2011, 11:14:50 PM
#12
People... can you leave at least one thread free of the images and irrelevant discussion for those who actually care about the mybitcoin incident?

Please make it this one.

Thanks.



I was thinking the same thing ... this is pretty serious stuff ... so please leave the funnies and photos for another thread thank you!
legendary
Activity: 1092
Merit: 1001
August 03, 2011, 11:13:29 PM
#11
People... can you leave at least one thread free of the images and irrelevant discussion for those who actually care about the mybitcoin incident?

Please make it this one.

Thanks.

hero member
Activity: 812
Merit: 1000
August 03, 2011, 11:11:06 PM
#10
In more important news, I am still laughing about the third site name in that list by nhodges.  Just check it.  I don't dare to actually point my web browser there.

i checked it out for you... it directs to a phone sex site titled Talk Sugar. New members get $5 free... register today Cheesy
full member
Activity: 169
Merit: 100
August 03, 2011, 11:07:58 PM
#9
Tom Williams is a fairly well-known celebrity in Australia.



but as others have mentioned, there are probably thousands of different Tom Williams.


That sunnabitch....  Grab me my overalls and gun, we are gonna have an old fashioned posse.

In more important news, I am still laughing about the third site name in that list by nhodges.  Just check it.  I don't dare to actually point my web browser there.
legendary
Activity: 1092
Merit: 1001
August 03, 2011, 11:07:26 PM
#8
I'd still like for someone who knew Len Sassaman to rule out the possibility that he was running it.

He killed himself on July 3rd I believe - so perhaps it was running via the tor/i2p networks from his personal system or something and someone switched it off in late July.


Yeah.. it's a stretch.   But Len Sassaman was a 'privacy champion' and was in to things like i2p..    just like 'Tom Williams'


legendary
Activity: 1330
Merit: 1000
Bitcoin
August 03, 2011, 11:05:53 PM
#7
Well the hoster (Leaseweb, in The Netherlands) would know his identity probably or at least who paid for it. Someone should sue him so that this information can be subpoenaed. If that doesn't work you can always take out the torches and pitchforks but please try to solve this civilly first...


The earliest reference I can find on the forum is this:

hello

i found these urls while surfing on i2p:

mybitcoin.i2p (resolves to nwpqc65o333ifqq7wqovo2ito5y3ca6rfygz3p6pusau26t6tpca.b32.i2p)
xqzfakpeuvrobvpj.onion (on tor. they advertise this url in the login area)
mybitcoin.com (loads the same site from the public internet. they use cacert for ssl.)

(some sort of web-based wallet for bitcoin)

privacyshark.com

(sells domain names for bitcoins)



It looks like 'komoto' signed up specifically to make this post.

On the i2p forums.. there is an announcement on may 1st 2010 - and this more interesting post in September:

http://forum.i2p2.de/viewtopic.php?t=4929&highlight=MyBitcoin

This guy has been seriously into privacy right from the beginning.  

I've tried hunting around a little within the i2p network - but well.. I doubt there's anything to find.












I found the same thing as I've been searching back also ...I'll post more what I find ...
sr. member
Activity: 322
Merit: 251
August 03, 2011, 10:58:49 PM
#6
From #bitcoin-police on Freenode concerning Tom Williams:

#######################################################

Greetings bitcoin community!

#bitcoin-police is operated by volunteers from the Bitcoin community at large to respond to fraud related activity within the community.  Although our powers of action are obviously as limited as any other internet denizen, we aim to collect as much information as possible in order to be capable of providing dossier information for legal action should it ever ensue.

###########   INFORMATION RELASE - MYBITCOIN.COM    #############

The following dossier has been compiled by #bitcoin-police in response to growing community debate over the current situation in relating to the online wallet provider MyBitcoin.com.

**IMMEDIATE SITUATION

Begining on Friday 29th July 2011 the site www.mybitcoin.com was reported as experienceing outages preventing transfer of funds to/from online wallets.  At this time further reports emerged alleging the failure of medium to large sums of Bitcoin failing to be transferred to target wallets.

related link:

https://bitcointalk.org/index.php?topic=32900.0;all

Historically, some question has been raised as to the operations of myBitcoin.com as early as mid june this year, spurring a repsonse from the alleged owner:

https://bitcointalk.org/index.php?topic=22221.0;all

* The use of GpG signature here should be noted as well as the name of the poster.
from this we can conclude that "official" communications from myBitcoin.com are GpG signed to:

http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin

** HISTORY

early indications of problems with mybitcoin operations emerged around June 29th/30th 2011:
with (verified) responses from mybitcoin operations team revealing key technical details of the workings of mybitcoin.

https://bitcointalk.org/index.php?topic=32900.0;all
https://bitcointalk.org/index.php?topic=24548.0;all

additional concerns emerged in early july (July 5th) implicating (most probably falsely) Bruce Wagner of Bitcoinme.com. (rapid cleansing of bitcoinme indicates no likely link to mybitcoin)

http://bitcointalk.org/index.php?topic=26224.0;all

with further issues and concerns raised throughout July 2011

http://bitcointalk.org/index.php?topic=26224.60
https://bitcointalksearch.org/topic/mybitcoin-lost-coins-29147
https://bitcointalksearch.org/user/toddbethell-8940
https://bitcointalk.org/index.php?topic=33458.0;all
http://www.reddit.com/r/Bitcoin/comments/imw0y/mybitcoin_is_a_disaster_waiting_to_happen/
http://www.blogger-index.com/feeds.php?feed_id=29159&&p=1 [Shitcoin]

**Investigative Resuls

Initial investigations into the ownership of myBitcoin.com reveal:

Registrant:
 MyBitcoin, LLC
 Main Street
 PO Box 556
 Charlestown, Nevis
 KN

 Administrative Contact:
    Williams, Tom 
    Main Street
    PO Box 556
    Charlestown, Nevis
    KN
    +6499518329

 Registrar of Record: TUCOWS, INC.
 Record last updated on 27-Mar-2011.
 Record expires on 25-Apr-2012.
 Record created on 25-Apr-2010.


Seemingly legitimate results with the exception that the listed address is well known.
Quick investigation shows that the address to which MyBitcoin.com is register is actually the same as
PrivacyShark.com

Registrant:
 Privacy Shark, LLC
 Main Street
 PO Box 556
 Charlestown, Nevis
 KN

 Domain name: PRIVACYSHARK.COM

 Administrative Contact:
    Privacy Protected Domain, Privacy Shark Domain Trust  [email protected]
    Main Street
 
    Charlestown, Nevis
    KN
    (202) 558-2876

PrivacyShark.com is a known anonymous Domain registrant providing "anonymous domain names, anonymous dns, and offshore whois information.

...

Privacy Shark, LLC (privacyshark.com) is a wholly-formed corporation that is governed and regulated by the courts of Nevis, West Indies."

_______
It appears that many other shell companies use this fake address, such as

http://panjiva.com/Envases-Globales/1081553
Envases Globales
P O Box 556 Main St Charlestown Nevis
or

King Zulu LLC.
P.O. Box 556 Charlestown, Nevis Last Updated on: 28-DEC-08


Of iteresting note is the information provided on PrivacyShark's About page:

"
Q. How do I order / make payments?
A. In order to be 100% anonymous, we only accept anonymous forms of payment. We accept Bitcoin (we recommend MyBitcoin). Order by clicking here.
" [http://www.privacyshark.com/about.html]

where a clear link promoting MyBitcoin.com is present, as is the information that normal clients registering through PrivacyShark will have a generic registration with the following format:

***

BEFORE Privacy Shark

Registrant:
John Smith
#123 Your Address
Sometown, CA 90210
US

Domain name: YOURDOMAIN.COM

Administrative Contact:
Smith, John [email protected]
#123 Your Address
Sometown, CA 90210
US
408-555-1212

Technical Contact:
Smith, John [email protected]
#123 Your Address
Sometown, CA 90210
US
408-555-1212


Domain servers in listed order:
NS1.YOURISP.COM
NS2.YOURISP.COM
AFTER Privacy Shark

Registrant:
Privacy Shark, LLC
Main Street
PO Box 556
Charlestown, Nevis
KN

Domain name: YOURDOMAIN.COM

Administrative Contact:
Privacy Protected Domain, Privacy Shark Domain Trust [email protected]
Main Street
PO Box 556
Charlestown, Nevis
KN
(202) 558-2876

Technical Contact:
Privacy Protected Domain, Privacy Shark Domain Trust [email protected]
Main Street
PO Box 556
Charlestown, Nevis
KN
(202) 558-2876


Domain servers in listed order:
ANONYMOUS-DNS1.PRIVACYSHARK.COM
ANONYMOUS-DNS2.PRIVACYSHARK.COM

***


At this point, the registration of MyBitcoin.com does NOT match the standard format for a site registered via PrivacyShark.

Further investigation shows at lest one known Bitcoin scam site registered via PrivacyShark that exhibit "normal" registration details [Bitcoin4Cash.com]:

http://bitcointalk.org/index.php?topic=8258.0;all
http://pastehtml.com/view/aui7tmtfe.html

Registrant:
 Privacy Shark, LLC
 Main Street
 PO Box 556
 Charlestown, Nevis
 KN

 Domain name: BITCOIN4CASH.COM

 Administrative Contact:
    Privacy Protected Domain, Privacy Shark Domain Trust 
    Main Street
    PO Box 556
    Charlestown, Nevis
    KN
    (202) 558-2876

____

Additional information reveals the following known sites registered via PrivacyShark:

phonefate.com
h410g3n.com
quiveringfuckholes.com
netwerked.net
voodoomachine.com
hackcanada.com <====****
6server.com
freeworldtel.com
daliwen.com
mybitcoin.net <====****
assserver.com
wwwmybitcoin.com <=====****
talksugar.com
bitcoinreserve.com <=====***
demeterscoffeevault.com
7upyours.com
dalinowen.com
6server.com
plusnethosting.com
talksugars.com
wwwtalksugar
diskhaven.com
1buckphonesluts
1hotphonebabe
anomaliesonline.com
1hotphonebabe4u.com
myfaveslave.com
pussyjuicegirls.com
sawtoothrc.com
phonefate.rog
talksugar.org
mule-coquine.info
hackcanada.org  <====****
cfraamail.org
plusnethosting.com
freeworldtel.com
pickup-test.com
test-depersonalidad.com
testbaleni.com
globalxxxhost.com
bitcoinia.com  <===***
phonecallgirl.com
sexiestserver.com
pimpdollar.com
dalinowen.com
dalinowen.com
plusnethosting.com
phonefate.net
1hotphonebabe4u.com
chicagobbwescort.com

[ty - http://privacyshark.blogspot.com/]
___

Of most interest here is the inclusion of HackCanada - an organisation with historical ties to the bitcoin community.

Investigation of the NETBLOCK upon which the mybitcoin servers operate shows that the servers are operated by LeaseWeb and the immedaite servers also host:

nanaimogold.com   -   United States   Nanaimo Gold   -
http://www.nanaimogold.com

pimpdollar.com   -   United States   -   -
Pimp dollar
http://www.pimpdollar.com

phonefate.com   -   -   Privacy Shark, LLC   -
Phonefate phone sex with talksugar
Talk sugar : livecam & phone sex : now with phonefate
http://www.phonefate.com

kinkybyphone.com   -   -   -   -
Kinkybyphone phone sex with talksugar
Talk sugar : livecam & phone sex : now with kinkybyphone
http://www.kinkybyphone.com

nettwerked.net   -   United States   -   -
Nettwerked; a web-site for the canadian undergr0und scene
Nettwerked
http://www.nettwerked.net

**NOTE this site is operated by a founding member of HackCanada

hackcanada.com   -   United States   -   -
Hack canada - it dont mean jack if it aint got that hack.
Hack canada : hacking, phreaking, and tempestuous technology. rewiring your world the way we want it.
http://www.hackcanada.com


LeaseWeb Complaint ==> http://www.webhostingtalk.com/showthread.php?p=7602128
                       https://bitcointalk.org/index.php?topic=33020.0;all

** Most Recent Activity

Of most recent note is an alleged post by the "owner" of mybitcoin.com which reveals contradictory technical information regarding the operation of mybitcoin:

https://bitcointalksearch.org/topic/troll-important-announcement-regarding-the-mybitcoincom-downtime-33646

This post is not GpG signed like any other communique from mybitcoin.com to date. Also the technical details and experience of staff elluded in this post would indicate that it is HIGHLY UNLIKELY this post originated from any real owner of mybitcoin.

Most recent scanning of the site revealed that Privoxy serevices hosting TOR hidden service were most recently halted and current nMap activity of the site shows:

Starting Nmap 5.51 ( http://nmap.org ) at 2011-08-03 01:18 E. Australia Standard Time

NSE: Loaded 57 scripts for scanning.

Initiating Parallel DNS resolution of 1 host. at 01:18

Completed Parallel DNS resolution of 1 host. at 01:18, 0.01s elapsed

Initiating SYN Stealth Scan at 01:18

Scanning www.mybitcoin.com (83.149.112.133) [1000 ports]

Increasing send delay for 83.149.112.133 from 0 to 5 due to 11 out of 11 dropped probes since last increase.

SYN Stealth Scan Timing: About 10.07% done; ETC: 01:23 (0:04:37 remaining)

Increasing send delay for 83.149.112.133 from 5 to 10 due to 11 out of 11 dropped probes since last increase.

SYN Stealth Scan Timing: About 19.10% done; ETC: 01:23 (0:04:18 remaining)

SYN Stealth Scan Timing: About 28.10% done; ETC: 01:23 (0:03:53 remaining)

SYN Stealth Scan Timing: About 37.17% done; ETC: 01:23 (0:03:25 remaining)

Discovered open port 9999/tcp on 83.149.112.133

SYN Stealth Scan Timing: About 46.03% done; ETC: 01:23 (0:02:57 remaining)

SYN Stealth Scan Timing: About 47.37% done; ETC: 01:24 (0:03:21 remaining)

SYN Stealth Scan Timing: About 48.73% done; ETC: 01:25 (0:03:42 remaining)

SYN Stealth Scan Timing: About 50.33% done; ETC: 01:26 (0:04:04 remaining)

SYN Stealth Scan Timing: About 52.77% done; ETC: 01:27 (0:04:29 remaining)

SYN Stealth Scan Timing: About 56.77% done; ETC: 01:29 (0:04:58 remaining)

SYN Stealth Scan Timing: About 70.23% done; ETC: 01:34 (0:04:53 remaining)

SYN Stealth Scan Timing: About 78.07% done; ETC: 01:36 (0:04:03 remaining)

SYN Stealth Scan Timing: About 84.27% done; ETC: 01:37 (0:03:07 remaining)

SYN Stealth Scan Timing: About 89.90% done; ETC: 01:39 (0:02:07 remaining)

SYN Stealth Scan Timing: About 95.17% done; ETC: 01:39 (0:01:03 remaining)

Completed SYN Stealth Scan at 01:40, 1356.93s elapsed (1000 total ports)

Initiating Service scan at 01:40

Scanning 1 service on www.mybitcoin.com (83.149.112.133)

Completed Service scan at 01:41, 44.61s elapsed (1 service on 1 host)

Initiating OS detection (try #1) against www.mybitcoin.com (83.149.112.133)

Retrying OS detection (try #2) against www.mybitcoin.com (83.149.112.133)

Initiating Traceroute at 01:42

Completed Traceroute at 01:42, 3.66s elapsed

Initiating Parallel DNS resolution of 21 hosts. at 01:42

Completed Parallel DNS resolution of 21 hosts. at 01:42, 12.05s elapsed

NSE: Script scanning 83.149.112.133.

Initiating NSE at 01:42

Completed NSE at 01:42, 0.71s elapsed

Nmap scan report for www.mybitcoin.com (83.149.112.133)

Host is up (0.28s latency).

Not shown: 998 filtered ports

PORT     STATE  SERVICE    VERSION

3300/tcp closed unknown

9999/tcp open   ssl/abyss?

Device type: general purpose

Running (JUST GUESSING): OpenBSD 4.X (87%), FreeBSD 7.X (85%)

Aggressive OS guesses: OpenBSD 4.0 (87%), FreeBSD 7.0-RELEASE-p5 (85%)

No exact OS matches for host (test conditions non-ideal).

Uptime guess: 0.001 days (since Wed Aug 03 01:41:33 2011)

TCP Sequence Prediction: Difficulty=261 (Good luck!)

IP ID Sequence Generation: Randomized


In closing, #bitcoin-police conclude that it is most likely that MyBitoin.com had suspicious origins and the ongoing failure of authenticated communication from the provider would allege some level of impropiety on behalf of the operator. This investigation is marked as OPEN with a high level of suspect indicators.

Any public information regarding this even tis welcom on the freenode #bitcoin-police channel, in Private Message to MrTiggr or GpG email to mr dot tiggr at gmail dot com

MrTiggr - Commander-in-Chief, Bitcoin Police
graingert - Pastebin hero
legendary
Activity: 1092
Merit: 1001
August 03, 2011, 10:56:17 PM
#5
Well the hoster (Leaseweb, in The Netherlands) would know his identity probably or at least who paid for it. Someone should sue him so that this information can be subpoenaed. If that doesn't work you can always take out the torches and pitchforks but please try to solve this civilly first...


The earliest reference I can find on the forum is this:

hello

i found these urls while surfing on i2p:

mybitcoin.i2p (resolves to nwpqc65o333ifqq7wqovo2ito5y3ca6rfygz3p6pusau26t6tpca.b32.i2p)
xqzfakpeuvrobvpj.onion (on tor. they advertise this url in the login area)
mybitcoin.com (loads the same site from the public internet. they use cacert for ssl.)

(some sort of web-based wallet for bitcoin)

privacyshark.com

(sells domain names for bitcoins)



It looks like 'komoto' signed up specifically to make this post.

On the i2p forums.. there is an announcement on may 1st 2010 - and this more interesting post in September:

http://forum.i2p2.de/viewtopic.php?t=4929&highlight=MyBitcoin

This guy has been seriously into privacy right from the beginning.  

I've tried hunting around a little within the i2p network - but well.. I doubt there's anything to find.









full member
Activity: 169
Merit: 100
August 03, 2011, 10:45:36 PM
#4
Do you even need to provide a real name when registering a domain?  I suppose there would be a name on the card used to pay for hosting, but couldn't someone grab a prepaid visa?  Tom Williams is an incredibly generic name, and I doubt hosting companies would give out client information to an angry mob.  That seems like bad business practice.  The only break I could imagine would be if someone new Mr. Williams personally and handed over the details.  Even then good luck trying to get any restitution through the courts.  
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
August 03, 2011, 10:42:52 PM
#3
Well the hoster (Leaseweb, in The Netherlands) would know his identity probably or at least who paid for it. Someone should sue him so that this information can be subpoenaed. If that doesn't work you can always take out the torches and pitchforks but please try to solve this civilly first...
member
Activity: 84
Merit: 10
August 03, 2011, 10:40:30 PM
#2
Bbit - From what I have heard he had change the whois info on the actual domain.

Has anyone had a response from the hosting company? Surely they would have some real info on this guy unless he used some fake ID for the hosting.
It won't be impossible to find this person in this day and age, I think if everyone can be serious about this matter and not Pop up with Fake Mr Williams accounts and rubbish, and all real information is bought forward, there are enough people, enough resources to find this person.

So, we need as much information as possible. What where the old domain details before the Whois information changed?
What has the hosting provider said so far? Have they released any information or accepted the payment to the backup idea??

legendary
Activity: 1330
Merit: 1000
Bitcoin
August 03, 2011, 10:35:37 PM
#1
Time to get the torches and pitchforks this is the last blow we needed for bitcoins its time to take a  stand....

So go ahead and lets list some resources how we can track down this mother eff'er ....

Does this work ?

http://www.domaintools.com/research/hosting-history/?q=mybitcoin.com

Has nobody ever even gotten one email from the slob ? or one response via the forum here? how is it possible that neither above has happened?

[update 1] I did find an old listing for a php programmer but it has since expired - something about a php programmer for mybitcoin.com   if we could get in touch with the programmer he might be able to shed some light on things...

[update 2] Might be worthy reaching out to Anonymous since this was a source of funding for them. Also, seems we are establishing some things regarding the server.

[update 3] Bounty on his head has been set up!  Smiley
https://bitcointalksearch.org/topic/bounty-for-the-mybitcoincom-hacker-25btc-34443
Pages:
Jump to: