Pages:
Author

Topic: Monitoring WannaCry hackers' bitcoin addresses in real time - page 5. (Read 22954 times)

legendary
Activity: 1372
Merit: 1252
How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer.

I would do the same. But for some reasons the hackers seem to use only a handful of Bitcoin addresses.
Maybe they don't even care who pays and who doesn't (did you hear of successful data recover after this ransomware, after paying the price?). Or maybe they don't know enough about Bitcoin?


My take is that they don't care if the hacked bitcoins get easily detected by curious people (basically the entire bitcoin community is monitoring how this evolves so im sure they knew they would get traced carefully by community members).

Even if they used thousands of addresses, that would be just more of an headache when trying to mix them.

All these criminals have to do once they got all the money they wanted, is to send it all at some mixing site over tor and that's it, you lose track of it all, and that's where unfortunately all the people that got infected will never see their money back.

But let this be an useful lesson for people to take more seriously their jobs.
hero member
Activity: 1862
Merit: 574
Leading Crypto Sports Betting & Casino Platform
For a global attack they have not collected a lot of bitcoin yet. Results as of 16:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

31 transactions = 4.65255659 BTC



Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

27 transactions = 3.10004389 BTC



Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

36 transactions = 6.53259945 BTC



~ 14.28 BTC x $1735.35 per BTC = $24,781 ransom paid thus far.



Add more addresses as you find them.
In the presence of this. Will have many positive and negative impacts that will occur to bitcoin. We can only hope the best lol
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer.

I would do the same. But for some reasons the hackers seem to use only a handful of Bitcoin addresses.
Maybe they don't even care who pays and who doesn't (did you hear of successful data recover after this ransomware, after paying the price?). Or maybe they don't know enough about Bitcoin?
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer. Im not sure how this works, but if this is the case, then there's 200,000 addresses you would need to keep track off which is nuts.

It's in any case surprising that companies are storing important info in windows machines... what a bunch of idiots

Let's hope that at least some of them will learn the lesson

And finally switch to using a decent operating system with no backdoors and open by default ports. Regarding 200k addresses, the virus is obviously calculating some checksum which the victim should then send to the hacker (otherwise it would be impossible to generate the key to decrypt the files), so the process can be easily automated via a database and a simple script linking together a Bitcoin address and a checksum provided
legendary
Activity: 1204
Merit: 1028
How do you even know those addresses? Also, aren't like 200,000 computers infected already? in my evil mind, if I was a smart hacker, I would use a different address per computer. Im not sure how this works, but if this is the case, then there's 200,000 addresses you would need to keep track off which is nuts.

It's in any case surprising that companies are storing important info in windows machines... what a bunch of idiots.
sr. member
Activity: 392
Merit: 250
It's $300 per computer, not per company.

Yeah and as it's supposed to spread in the whole company it can goes reaaaaaaaally fast Grin
legendary
Activity: 2954
Merit: 1155
Leading Crypto Sports Betting & Casino Platform
wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.

Yeah and what info will they give? The addresses of those altcoins?
Then they will have to check again where those altcoins went? By the time they finally get a bit closer to their target they will stumble on a shady exchange that is already gone Wink)).

Trust me, those guys will not get caught because of the bitcoin trail they leave behind.
And that is a good thing.
Otherwise the so called anonymity of btc would be considered a joke.





maybe only email address and some IPs that they use to log in because i have 1 experience ask exchanger legally when got problem with my acc they only give log in IP and not much information
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
In the beginning internet is not a safe place for everyone. Click, download, register etc. at your own risk. Grin

It has been revealed that this did not spread by clicking on any links.

See this link https://www.wsj.com/articles/cybersecurity-experts-first-task-find-out-how-virus-spread-1494868250

From the article:

Quote
Investigators have already ruled out phishing—tricking someone into opening a seemingly legitimate email attachment that actually contains the virus—as a possible tactic. One of their hypotheses centers on something called port 445, an outlet that isn’t supposed to be connected to the internet.

Port 445 is open by default in Windows. At least, on versions prior to Windows 7 (Windows XP is the last version that I am more or less familiar with). This port is required for Windows local networking (for file and printer sharing), so if it is open and computer is connected to Internet, it will be exposed as well. Personally, I think that here we have a case with a backdoor intentionally left by Microsoft and information of which (how to use it) got stolen from an Alphabet agency

Chickens always come home to roost
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.
 
Quote
I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that.

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus.  

Quote
Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.

I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.



It's $300 per computer, not per company.
legendary
Activity: 1582
Merit: 1019
011110000110110101110010
In the beginning internet is not a safe place for everyone. Click, download, register etc. at your own risk. Grin

It has been revealed that this did not spread by clicking on any links.

See this link https://www.wsj.com/articles/cybersecurity-experts-first-task-find-out-how-virus-spread-1494868250

From the article:

Quote
Investigators have already ruled out phishing—tricking someone into opening a seemingly legitimate email attachment that actually contains the virus—as a possible tactic. One of their hypotheses centers on something called port 445, an outlet that isn’t supposed to be connected to the internet.
hero member
Activity: 2814
Merit: 734
Bitcoin is GOD
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.
But since bubbles are created with the optimism of the people, this hack without a doubt has an impact since once again people see this as  a way for criminals to use bitcoin without anything being done, so I think this was a factor that stopped confidence and created the environment in which the price of bitcoin could go down once again.
full member
Activity: 235
Merit: 250
Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.

Maybe the market is just looking for a reason or reasons. Like you said people are afraid to jump.

20.95 BTC hardly seems like enough to manipulate the market. Fear could but I don't see the fearful affecting this market because I doubt that many have more than a cursory knowledge of bitcoin.

The ones without knowledge would be the ones that would dump over something relevant as this. maybe.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on

That depends on the public service

The one that I once was hired by as a "contractor" of sorts had strict policies in this regard. They had some enterprise level document management system in place (something like Lotus Domino at the time) and also had a guy specifically appointed to manage that system. I guess it was one of his duties to back up all documents that entered the system. Indeed, small hospitals and minor public services are as irresponsible in this regard as it could ever get
sr. member
Activity: 392
Merit: 250
That's funny, they made a global attack in my company.

To be fair you've got to be a bit stupid to actually fall for it...
Added to that the fact athat big companies all have data save of important files.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.

Yeah and what info will they give? The addresses of those altcoins?
Then they will have to check again where those altcoins went? By the time they finally get a bit closer to their target they will stumble on a shady exchange that is already gone Wink)).

Trust me, those guys will not get caught because of the bitcoin trail they leave behind.
And that is a good thing.
Otherwise the so called anonymity of btc would be considered a joke.




sr. member
Activity: 406
Merit: 252
Veni, Vidi, Vici
Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.
 
Quote
I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that.

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus. 

Quote
Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.

I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.
legendary
Activity: 1596
Merit: 1011
They ransomware seems dominating their victims and they already getting a lot of bitcoins from getting ransom of encrypted files. If this kind of problem will continue then we should be in panic because the risk for the other bitcoin users is the price of bitcoin that can go down and we could lose a lot of money if it ever happen.
This is really a worrying thing. Already a lot of users affected by this virus. I think even if each of the victims paid then this will make the perpetrators of this crime is getting excited. They think that their work has been successful.
hero member
Activity: 714
Merit: 501
wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

If they're smart they'll just sit on them for a decade or so, until most of the mixing services don't have their address on a blacklist. At that point, they'll sell.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250
Pages:
Jump to: