Pages:
Author

Topic: Public STATEMENT Regarding Bitcoinica account hack at MtGox - page 14. (Read 72924 times)

legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
Quote
The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

I had to back-pedal to hunt something I thought I read, and re-found the above. Here, I believe he's hinting at how his password could have been gleaned--via the LinkedIn hack. Also note he covers up as to why he uses the same password on several accounts because there're not publicly shared. What is stated in Passwords 101 again?

Will you guys quit posting for I can catch up?

~Bruno~
legendary
Activity: 1106
Merit: 1004
If I understand this correctly, the only "missing link" that would definitely prove Zhou to be guilty is the transfer from the LR account the hacker used to withdraw from Aurum to the LR account Zhou used the next day to deposit in Aurum and request the wire.

The only entity which can provide such information with authority is Liberty Reserve itself.
AurumExchange, MtGox and Bitinstant, please, try to contact Liberty Reserve, in an official manner. If they don't respond, try to reach them via lawyers or something. I know it's possible that they'll just ignore the requests, but you'll never be sure if you don't try.

Zhou Thong, if you are innocent as you claim, I guess the best take for you is to abandon your financial privacy and make it clear, at least for the 3 exchanges above, where did the funds come from, and where they were going to. If you can prove a clean source for this money, I guess your fine. Everybody knows you're rich, so you having such money is reasonable. It is just that there are so many coincidences in place that's perfectly natural everyone to be suspicious of you.
member
Activity: 113
Merit: 10
Is there anyway someone could "spoof" an IP Address to make it seem like it was coming from somewhere it really wasn't?
Highly unlikely, these are TCP/IP connections we are talking about.

But there's no particular guarantee that the person ultimately in control of the computer system is located in the same place as the computer furthest down the chain - so yes, if an exchange or an E-mail provider participates in a TCP/IP session with a computer that appears to be in China, it's very unlikely that the computer system at the other end of the TCP connection is really in Los Angeles or Moscow.

But we don't know if that computer in China is relaying packets for, or controlled by, someone who's sitting in another city on another continent and using SSH tunnels or VPN service or a rented VPS or an open (or secret) proxy to hide the origin of their activity.

The only way to figure that out is to walk up the chain, find out who was connected to the last server in the chain, then find out where that connection came from, then find out where that connection came from, and so forth.

For all we know it's going to end up at an open WiFi hotspot at some coffee shop or in some suburban neighborhood somewhere with absolutely no record of who was connected.

However, if the unknown person(s) appear to control resources that are known to be controlled by particular individuals, it's a pretty good clue that either that person was involved, or they have shitty security.

How many times will the "I guess the account got compromised, someone guessed/found my password" excuse be used?

vip
Activity: 490
Merit: 502
I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888
vip
Activity: 490
Merit: 502
I am not surprised that the hacker sent the money to Zhou, as soon as I heard that USD had been moved out my first thought was that the obvious place to move USD was to some sucker you want to incriminate, being as how USD is not all that easy to hide the movements of. Surely no sane hacker would move the USD to their own account? Maybe to some stolen accounts if the have a bunch, but do stolen accounts last long enough to move USD through them? Seems dubious. Far better to send them to Gavin's bank account if you know it, or who-ever's you do know that would be really lulzworthy to incriminate...

-MarkM-


The hacker didn't send the funds to me.

The hacker has done a transaction, sending $5000 to a Chinese bank account.

I have done another transaction, sending $40K to my own account, and it's perfectly legitimate and totally unrelated.

The popular confusion is pretty serious now...
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)
legendary
Activity: 2856
Merit: 1520
Bitcoin Legal Tender Countries: 2 of 206

For now, I don't have to convince people of my innocence. Just like what I have always been, I'm taking real actions to solve the puzzle. I discovered that the hacker used my email on various sites, including many e-commerce sites to attempt credit card fraud. It shouldn't be too hard to get his name and address because I control the email anyway.

And then you can give his name and address to the police when you report the credit card fraud.

Seriously, nobody involved with the Bitcoinica clusterfuck has done themselves any favours whatsoever by refusing to report these incidents to law enforcement.  Playing Nancy Drew is well and good but after all these incidents it actually starts to damage everyone's credibility because it make it appear like you're all afraid of outside investigation of these events.

+1
legendary
Activity: 2940
Merit: 1090
I am not surprised that the hacker sent the money to Zhou, as soon as I heard that USD had been moved out my first thought was that the obvious place to move USD was to some sucker you want to incriminate, being as how USD is not all that easy to hide the movements of. Surely no sane hacker would move the USD to their own account? Maybe to some stolen accounts if they have a bunch, but do stolen accounts last long enough to move USD through them? Seems dubious. Far better to send them to Gavin's bank account if you know it, or who-ever's you do know that would be really lulzworthy to incriminate...

-MarkM-
hero member
Activity: 868
Merit: 1000

For now, I don't have to convince people of my innocence. Just like what I have always been, I'm taking real actions to solve the puzzle. I discovered that the hacker used my email on various sites, including many e-commerce sites to attempt credit card fraud. It shouldn't be too hard to get his name and address because I control the email anyway.

And then you can give his name and address to the police when you report the credit card fraud.

Seriously, nobody involved with the Bitcoinica clusterfuck has done themselves any favours whatsoever by refusing to report these incidents to law enforcement.  Playing Nancy Drew is well and good but after all these incidents it actually starts to damage everyone's credibility because it make it appear like you're all afraid of outside investigation of these events or giving someone time to cover their tracks.
vip
Activity: 490
Merit: 502
Quote
About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

This proves very little in these days of VoIP. It's relatively simple to have any phone number ring anywhere on the planet that's got Internet connectivity.



As I said, +61 3 9015 7926 is mine and the number is posted on NameTerrific.
vip
Activity: 490
Merit: 502
I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Initially we were supposed to see legal action started by Bitcoinica, however nothing moved there.

I do hope that something is started soon before all those wild assumptions coming up from everywhere end causing even more harm. This means that the victims (Tihan, Bitcoin Consultancy, Bitcoinica LP, Bitcoinica users) must do the first step to declare themselves as victims before the legal machine can start moving. Unfortunately it seems that at this point, nobody has started anything.

I really appreciate your effort and I'm definitely co-operating with you in this matter.
member
Activity: 113
Merit: 10
Quote
About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

This proves very little in these days of VoIP. It's relatively simple to have any phone number ring anywhere on the planet that's got Internet connectivity.

vip
Activity: 490
Merit: 502
Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Zhou, you are not going to convince people of your innocence with forum posts.  Worry about getting exonerated by the legal system instead of trying to prove people on the internet wrong.

For now, I don't have to convince people of my innocence. Just like what I have always been, I'm taking real actions to solve the puzzle. I discovered that the hacker used my email on various sites, including many e-commerce sites to attempt credit card fraud. It shouldn't be too hard to get his name and address because I control the email anyway.
hero member
Activity: 868
Merit: 1000
Why would Zhou withdraw 40k USD via the banking system which leaves traces but then donate 5k BTC to the victims?

That makes no sense to me.

He could have easily kept the 5k BTC and foregone the 40k USD instead, thus leaving no traces at all.

It seems to me somebody is trying to frame Zhou.

Must be the Freemasons.
vip
Activity: 608
Merit: 501
-
I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Initially we were supposed to see legal action started by Bitcoinica, however nothing moved there.

I do hope that something is started soon before all those wild assumptions coming up from everywhere end causing even more harm. This means that the victims (Tihan, Bitcoin Consultancy, Bitcoinica LP, Bitcoinica users) must do the first step to declare themselves as victims before the legal machine can start moving. Unfortunately it seems that at this point, nobody has started anything.
hero member
Activity: 714
Merit: 500
Why would Zhou withdraw 40k USD via the banking system which leaves traces but then donate 5k BTC to the victims?

That makes no sense to me.

He could have easily kept the 5k BTC and foregone the 40k USD instead, thus leaving no traces at all.

It seems to me somebody is trying to frame Zhou.

^this
legendary
Activity: 1147
Merit: 1001
Why would Zhou withdraw 40k USD via the banking system which leaves traces but then donate 5k BTC to the victims?

That makes no sense to me.

He could have easily kept the 5k BTC and foregone the 40k USD instead, thus leaving no traces at all.

It seems to me somebody is trying to frame Zhou.
hero member
Activity: 868
Merit: 1000
Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Zhou, you are not going to convince people of your innocence with forum posts.  Worry about getting exonerated by the legal system instead of trying to prove people on the internet wrong.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
Yours or your friend's?
vip
Activity: 490
Merit: 502
Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Which classes? Just curious.

Math and Accounting. I scored 98% in both subjects for the previous exam, so my teachers won't be angry about this.
Pages:
Jump to: