Author

Topic: LulzSec rogue suspected of Bitcoin hack - Guardian.co.uk - Biggest hitpiece yet (Read 2544 times)

legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
Well certainly MT Gox has not explained why 1 account holder would ever have that many bitcoins ON Mt Gox and why virgin coins were being moved right before the attack

http://www.reddit.com/r/Bitcoin/comments/i4xgc/follow_the_money_trail_part_2_1500btc_generated/

1 account holder would never have that many bitcoins ON Mt Gox, unless they were setting up to crash the market, IMO.
With the SQL injection, they just credit an account with 500,000 coins that never existed before, then launch the attack.

Has anyone studied the blockchain to find the max amount taken out before the site was pulled?
full member
Activity: 210
Merit: 100
firstbits: 121vnq
Well certainly MT Gox has not explained why 1 account holder would ever have that many bitcoins ON Mt Gox and why virgin coins were being moved right before the attack

http://www.reddit.com/r/Bitcoin/comments/i4xgc/follow_the_money_trail_part_2_1500btc_generated/
full member
Activity: 209
Merit: 100
If they do have control over so many hacked computers, it is still quite doubtful that they could cause those hacked computers to generate bitcoins without the legitimate owners of those computers knowing. 
full member
Activity: 168
Merit: 100
Quote
Some of most experienced members of the Anonymous and LulzSec hacker collectives are believed to have botnets of more than 100,000 compromised computers.

If that many machines were set to work generating Bitcoins, they could create up to $7,500 worth a day for as long as Bitcoins trade at current levels – meaning members of the hacker collectives could be among the biggest losers if Bitcoins' value does not recover as and when MtGox reopens.

 Angry
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
Correct me if I'm wrong: This is the most important line in the article:  "MTGox suffered an SQL injection..."

..."MTGox suffered an SQL injection [a form of hacking attack that creates direct access to databases and files] which means access to the site's funds were in the hands of the malicious hacker....

Sorry to say, the live DB attack using "SQL injection [a form of hacking attack that creates direct access to databases and files] which means access to the site's funds were in the hands of the malicious hacker" could be (already is) verified in another thread at this forum.   Undecided

If the above is true:
1) MtGox has lied a lot
2) All the BTC could be gone.

There is another thread here where "security experts" have been saying for days the SQL injection on the LIVE DB is true.


ps. Enter that thread with caution, they can be very rude to people who are not "security experts."
ius
newbie
Activity: 56
Merit: 0
The Guardian? I thought that was a reputable British paper..

So much cruft combined into one article, amazing.
full member
Activity: 210
Merit: 100
firstbits: 121vnq
Correct me if I'm wrong, but I thought lulzsec only dealt with DDoS attacks?

you're wrong Wink
sr. member
Activity: 371
Merit: 250
Step 1 to looking into bitcoins:

View forums. See constant conspiracy theorism.

Run away in fear of the... madness?

Have I uttered a bad word? Shall I be banned?

Quote
"James Ball - Illuminati, Bilderberg Mason Banker Bitch"
newbie
Activity: 14
Merit: 0
Correct me if I'm wrong, but I thought lulzsec only dealt with DDoS attacks?
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
So much drama over one little concept of decentralized currency. The spin doctors are paid and out in full aren't they?

Most headline news hacks are for the data/personal info, (possibly) stealing multi-millions of $$$ is dramatic.
Agreed they are spinning it.
full member
Activity: 182
Merit: 100
Finding Satoshi
So much drama over one little concept of decentralized currency. The spin doctors are paid and out in full aren't they?
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
..."MTGox suffered an SQL injection [a form of hacking attack that creates direct access to databases and files] which means access to the site's funds were in the hands of the malicious hacker....

Sorry to say, the live DB attack using "SQL injection [a form of hacking attack that creates direct access to databases and files] which means access to the site's funds were in the hands of the malicious hacker" could be (already is) verified in another thread at this forum.   Undecided
sr. member
Activity: 364
Merit: 251
I've never seen such a smear campaign to link bitcoin with hackers as the main proponent of bitcoins, especially the final sentence, which I found most suspicious, because it's such a blatent lie and impossibility.

"Lulzsec and Anonymous members stand to lose a significant amount of money if Bitcoins fail. Several members of both groups – speaking directly and through intermediaries – claim to know of others using thousands of hacked computers to generate Bitcoins."

----
James Ball - Illuminati, Bilderberg Mason Banker Bitch
guardian.co.uk, Wednesday 22 June 2011 11.48 BST

More than $9m of online currency was stolen in weekend attack on Bitcoin currency exchange that could cost members of Anonymous and LulzSec thousands of dollars each.

A rogue member of hacker group LulzSec is suspected to have been responsible for a hack last weekend which resulted in the theft of $9m worth of online currency.

The hack focussed around a "currency exchange" called MtGox, which provides a method for swapping Bitcoins – an untraceable, cryptographically-created online-only currency favoured by online activists and hackers – for real US dollars.

The attack – which could cost members of Anonymous and LulzSec thousands of dollars each – suggests other, more profit-focused hacking groups may be stepping up activity in response to the more high-profile politicised groups.

LulzSec has denied any involvement in the Bitcoin hack. The group has also denied any link to attacks on the websites of games company Sega and the UK Office for National Statistics.

Late on Sunday evening, MtGox was compromised when a hacker tried to sell more than 400,000 Bitcoins – 6% of all the virtual currency presently in circulation – for an initial price of $17.50 each, which would have netted $7m at a constant price.

But the attempt to sell such a large volume of coins at once drove the value of the currency down almost to zero, before trading on the site was suspended.

More than 60,000 users' details were compromised in the attack and have since been posted publicly in dozens of places across the internet. Trading on the MtGox site has still not been reinstated since the attack, leaving the future of the fledgling currency in doubt.

Bitcoins are produced without the involvement of any governments or banks; instead, they are generated by using software (also called Bitcoin). The idea was created in 2009 by a Japanese programmer.

Bitcoins are not issued by a central authority, but instead generated by a mathematical algorithm after computers complete a certain number of complex calculations.

Some of most experienced members of the Anonymous and LulzSec hacker collectives are believed to have botnets of more than 100,000 compromised computers.

If that many machines were set to work generating Bitcoins, they could create up to $7,500 worth a day for as long as Bitcoins trade at current levels – meaning members of the hacker collectives could be among the biggest losers if Bitcoins' value does not recover as and when MtGox reopens. In the hours before the hack, the total value of the currency in circulation was more than $150m.

Anonymity and security are the central propositions of the currency, which has attracted controversy after being used in sites selling drugs and pornography.

High-profile organisations accepting the coins include WikiLeaks and the US lobby group Electronic Frontiers Foundation, who have suspended their acceptance of Bitcoins in the wake of the hack.

MtGox says access to its site was gained after a financial auditor's computer was hacked, and insists its site was not compromised.

However, Amir Taaki, who runs the rival Bitcoin exchange Britcoin.co.uk, disputes this chain of events. Developers working on his site, which runs on much of the same software as MtGox, found a security hole several days before the hack was carried out. He says MtGox was notified publicly and privately of the issue.

"Due to the recent events at MTGox.com, we at Britcoin have decided to move our servers to a new location," read a Britcoin statement. "MTGox suffered an SQL injection [a form of hacking attack that creates direct access to databases and files] which means access to the site's funds were in the hands of the malicious hacker. As such, until we see evidence to the contrary, for security reasons we are assuming that MTGox has none of its clients' bitcoins."

Other senior coders in the Bitcoin community claim to have been offered the full database of MtGox users days before the hack was carried out. Though they had not verified whether the database was genuine, it came from the same intermediary who has been testing interest in selling or distributing details from the Sega Pass hack.

Members of Lulzsec, the hacker group whose alleged member Ryan Cleary was arrested in Essex on Tuesday, denied responsibility for the Sega Pass hack, as did several members of Anonymous.

The recent spate of hacks denied by both groups – neither of which usually seeks to hide from the limelight – raises the possibility of a third, as yet unnamed, group of hackers carrying out the attacks.

Lulzsec and Anonymous members stand to lose a significant amount of money if Bitcoins fail. Several members of both groups – speaking directly and through intermediaries – claim to know of others using thousands of hacked computers to generate Bitcoins.

Jump to: