Topic: Idea regarding DDoS attacks (Read 1150 times)

Exactly, they can fake that it the e-mail came from "[email protected]", and most of the times the domain of the phishing site is near the same like instead of mtgox, tmgox.

Even if an email says it's from Facebook, Google, or Yahoo it doesn't mean it necessarily is. Scammers can make an email appear to come from a legit source.

I didn't read your theory because your whole premise is wrong. Everybody gets those attempted-login-from-China emails. It is called "phishing". The emails are sent by scammers trying to trick people into using the email links to log in to fake sites in order to get your account and password. That is how they hacked your accounts.

I have to admit your english/description of what happened is fairly poor and it is difficult for me to interrupt what happened, my only advice don't ever use Third Parties to store your Bitcoin... Unless its a small amount your comfortable with losing as you don't have complete control and can lose control.

1) Stop using third parties to either: generate or store your private keys. If you generate your own private keys and transactions, you generate some peace of mind for yourself knowing your control is about as good as it can possibly be. Use computers without Network Cards and Drivers, backup the private keys/wallets to multiple secured un-networked physical devices either paper/metal.
2) Use 2 Factor Authentication when possible for all accounts and Email addresses, Emails are the weakest link it seems with online Bitcoin Wallets.
3) For passwords us an Interrupter/Langague to generate a Hash of a Hash as your password, instead of using a password that gets hashed by a site into a database use a password that's already hashed that gets hashed into a database. (You can even install Python Interrupter on Cellphones so you can generate hashes you need on the fly) hashlib.Sha256('random Character Passwords with no contiguous words, Upper/lower case characters, Numbers,Symbols').hexdigest()

So how much was stolen from you and when did the attack occur?

Not possibe. DDOS only floods with traffic and getting a host down.

@OP, your theory is wrong.
DDOS have nothing to do with data stealing.
You have probably been keylogged or injected by some trojan/virus/whoknowswhat.

Data stealers are present on internet with free content you wanna grab, so they grab you.
Do not take anything free. As even you scan file, it happens that it is undetected at the moment of scan, but you scan it in a month and it will show different results.

Other side, DDoS is used to get website/host/server down and that is the only usage of it.
Read more about DDOS here.

How does ddos steal user info?

Logging out is a good practice but only matters if someone else has physical or remote access to your own computer.

In a very very simplified nutshell the are three kinds of DDOS.
In the first (most crude) case the attacker keeps overloading the server's Internet connection with meaningless traffic to render that part of the network practically unreachable or to very slow. In this case the attacker not going to see any of to the stuff stored on that server, just clogs the connection.

In the second case the attacker keeps bombing the name servers where the server's DNS record (e.g. 192.168.1.1 = www.whatever.com) being stored.
In this case the server isn't compromised, it still working fine and accessible by IP address (192.168.1.1) but not accessible by it's name (www.whatever.com) and the attacker doesn't even goes close to the server.

In the third case as DeathAndTaxes wrote the attacker keeps bombing some vulnerable spot on the server itself for causing a partial crash to bring down the defences and getting real access to the stuff stored on that machine. In this case doesn't matter if you logged off or not because the attacker can do whatever he/she/it want to do.

BTW going through a firewall isn't that easy as you can see in movies . I would say no sensible hacker going to tinkering with the firewalls.

What you might referred with the logoff thingy is the case when there is a rat in the datacenter who already (at least) partially compromised the server and eavesdropping for account details. But in that case logging off is irrelevant again as the rat will get full access to your stuff with your already captured logon details. (BTW keyloggers, trojans and some viruses are working on a more or less similar way.)

Those logon attempts from outside the USA are quite common things as a lot of script kiddies are randomly trying to get access to FB, Google and Yahoo accounts by using some trivial passwords like 1234, password, Password1, the account name itself and so on. If you have a good password and you keep changing it regularly you can safely ignore these alerts.

You could have an impact on an asset if you ruin it's website for a while as that would show weakness. But other than that, a DDoS doesn't give you access to anything inside the website.

That is sound advice, but the reason for this is that someone could physically sneak into your office and could access information if you do not lock the system and/or log out of critical services.


So does everybody else. Bitcoin is open source and many services have a publicly known cold storrage address to proof solvency. There are also Satoshis coins, the FBI had some, etc. There even is a list somewhere for addresses with the most coins.


I doubt that. Attacks on systems typically are not the "bust through" kind, but more the "finding a tiny hole and poke around in it until you get a foot in" kind.


Sure its possible, but this would typically require some sort of vulnerability that is either not commonly known or not fixed.


Thats good, but that will only help against some very specific attacks.


IMHO the best you as a user can do to make sure accounts are safe is to make sure your account(s) and machine(s) are safe. Make sure you have strong and unique passwords for every service you use. Use a password manager to help you with that. No one expects you to memorize 20+ strong passwords. There are portable and open source solutions like keepass2 that work on every common OS. Use 2 factory authentication when possible so you have an extra layer of protection in case your password gets compromised regardless. Make sure you keep your online system updated with the latest patches. Be careful about the software you download and install. Almost all infected systems I had to clean in the last years have been infected due to user interaction. Be careful when opening mail attachments. If you store significant amounts of bitcoins, use cold storrage. Paper wallets, an old laptop, etc. Do not keep them with a service, no matter how reputable they are unless you have a very good reason (e.g. daytrading) and understand the risks involved.

Err...

Why do you think that a DDoS would be enough to steal the money from a website?
Do you really know what DDoS means?

That was a word salad and I don't 'think' you know what DDOS means.  In general offering advice on something that you admit you don't know or understand is not a good idea.

When an attacker attacks the site directly in general they compromise the security of the server which contains the hotwallet by exploiting a flaw in the operating system or software stack.  Once the attacker gains access to the hotwallet they transfer away all the 'coins'.  You being logged in or out of your account doesn't affect that outcome anymore than keeping your checkbook secure prevents an attacker from dynamiting the bank vault and walking away with the deposited cash.

I was thinking for a year, I guess that there has been a way for the network attackers to have hacked into my account and this is how they got the coins off the site. I know that sounds a bit paranoid. However, let me tell you, I got emails from sites such as Facebook, Google, and Yahoo regarding someone having attempted to log into my accounts from outside the USA. I live in the USA and this is not usual for someone to attempt to access my account from outside the USA.

I have recently developed a theory as to how these hackers have gotten the information necessary to log into these accounts. This theory also applies to how the DDoS attackers were able to break into these sites and steal the coins.

My Theory:

When a person does not sign out of his/her account the hacker(s) can retrieve personal information from the user. The hacker then takes a step further and manipulates the system to steal the account holders personal information, or the coins in cases such as DDoS attacks.

I once tried to start a MLM business. I was told at one of the meetings that pertaining to my back office is important information about my business. My business involves money and I would not leave my banks website without signing out of my account, therefore, I should not leave my back office without signing out of my account.

The hackers know the code for the network. The hackers know the sites that are the most popular and would have the most coins. The hackers would not need very much to take and bust through the sites firewall and look around for those users who did not sign out of an account. I do not suppose it would take a hacker too much longer from this point to wipe the site clean of coins. Is this possible?

I am going to be taking better precautions and start signing out of my accounts at each site. If there is a chance my theory is correct, or that I am on the correct path of figuring out how these sites are being hacked, I think everyone in the network should be informed of this and begin taking precautions also.

I hope I posted this in the correct spot. I do not think this post fits anywhere else. I think everyone who uses the BTC network should take better precautions, because this is money we are talking about. These users would not leave a banks website and not log out of their account. Most bank websites have an auto sign out when the page is closed out, or there is a certain amount of time that the page is open and there has been no activity by the user.

If it is something as simple as making these small changes to protect these sites and out investments/hard work in the future then we need to start making these changes and making them now.

Thank you for reading. I am sorry this post was quite long. Any insights from those who know a bit more about Internet and Network security would be greatly appreciated.