SECURITY ISSUES - anyone interested in a manhunt?

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: flaxceed on May 17, 2012, 06:30:12 AM

Quote from: arby on May 11, 2012, 01:16:40 AM

As the other posters said, it is almost impossible to track down the person, law enforcement could track it down

how?

LE can contact the ISP of the IP where the attack originally came from and get details on that person, however, it'll likely be a TOR exit node or a proxy, and if the owner hasn't kept proper logs it can be very difficult/impossible to trace it back to the actual hackers IP. Even then, when there are TOR + proxies involved, getting a conviction in court can be quite difficult as it can be hard to prove that it wasn't just the exit node owner who initiated the attack, or somebody else along the chain.

flaxceed

sr. member

Activity: 389

Merit: 250

>>Note new email [email protected]<<

Quote from: arby on May 11, 2012, 01:16:40 AM

As the other posters said, it is almost impossible to track down the person, law enforcement could track it down

how?

check_status

full member

Activity: 196

Merit: 100

Web Dev, Db Admin, Computer Technician

Quote from: EuSouBitcoin on May 09, 2012, 03:15:58 PM

such a password can be cracked in less than 2 hours with a Massive Cracking Array Scenario.

Do pools count as 'Massive Cracking Arrays'? Maybe blocks aren't being found as often as they could be because some pools are cracking juicy passwords and then statistically attributing the artificial BTC drought to "Luck". Wink

If you only used a duplicate password on Google and the Pool then either you or the pool is suspect. Does your pool keep IP address sign in logs that you can view? If any BTC is missing you can trace it via the blockchain. Someone has done this for a few high profile thefts.
http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html
Figure 2 shows how the thief used the blockchain for command and control during the theft by monitoring a LulSec BTC address.

arby

donator

Activity: 112

Merit: 10

keybase.io/arblarg

As the other posters said, it is almost impossible to track down the person, law enforcement could track it down, but if it was just a proxy used by the attacker, it will be again harder, anyway I do not think anyone will bother to track anyone down because of a cracked password or what happened.

About the password, well a bit hard to crack a password that is 10 random characters, including digits, etc. There are a lot of protection mechanisms in place at reputable websites.

The most common way to steal passwords nowadays is using trojans that hook into browser functions.

But also in some cases, the websites that you use the same passwords at, small websites such as this pool, are vulnerable and attackers may phish the passwords from there, so it is better to use a different
password for each account, and well maybe keep them in an encrypted txt or something on your computer, but that depends on your situation.

Snowpea

member

Activity: 96

Merit: 10

i tested my password, and with the online scenario it's: 1.20 thousand centuries... i really doubt anyone with the ability to do 1 trillion a second would be targeting BTC.

EuSouBitcoin

sr. member

Activity: 490

Merit: 251

Quote from: Snowpea on May 09, 2012, 09:42:01 AM

dictionary attack wouldn't be able to guess my strong password, it's 10 characters long with symbols and no dictionary words

10 characters is not long enough. According to
https://www.grc.com/haystack.htm
such a password can be cracked in less than 2 hours with a Massive Cracking Array Scenario. Personally, I like DiceWare for making long passwords that are easy to remember. See
http://world.std.com/~reinhold/diceware.html

Uncurlhalo

full member

Activity: 238

Merit: 100

|Argus| Accounting and Auditing on the Blockchain

Yeah I had an attempted login from somewhere in Sweden on my gmail.

Andrew Bitcoiner

sr. member

Activity: 396

Merit: 250

Send correspondance to GPG key A372E7C6

Quote from: Snowpea on May 09, 2012, 09:42:01 AM

dictionary attack wouldn't be able to guess my strong password, it's 10 characters long with symbols and no dictionary words

10 characters is not enough. Brute forcing that is easy on todays hardware, you need to be 15 characters or longer. I know some people who choose 30 characters in length.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: Snowpea on May 09, 2012, 09:00:43 AM

So i wake up this morning, and shortly after, i start receiving multiple emails from my gmail account from suspicious attempted sign ins. Then i start seeing password recovery messages from my GLBSE and MtGox accounts.

Out of curiosity, was your e-mail address in the list of leaked passwords from the June 2011 hack at Mt. Gox (or similar list from one of the many breaches since)

Do you use the same username as is in your e-mail?
e.g. [email protected] and then the same username at Mt. Gox / GLBSE of "snowpea"?

Maged

legendary

Activity: 1204

Merit: 1015

Passwords at mining pools seem to get leaked on a daily basis. Few of these guys are any good at security.

REF

hero member

Activity: 529

Merit: 500

Quote from: ?? on ??

Your password was definitely phished, caught by spyware, or taken from the database of another site (by site owner or hackers). Most mail providers have strong captchas & usually stop allowing attempts after 3-5 failed ones.

Try entering your passwrod into Google and see if anything comes up, I once done that when my email address got hacked and found a hacker forum where a hacker had posted a list of email addresses + md5 hashes of passwords that were used to signup to a site, and people were trying to crack them and posting the passwords they cracked.

interesting. If that ever happens to I will be trying that in the future.

Snowpea

member

Activity: 96

Merit: 10

dictionary attack wouldn't be able to guess my strong password, it's 10 characters long with symbols and no dictionary words

bulanula

hero member

Activity: 518

Merit: 500

Quote from: ?? on ??

You probably won't be able to get the attacker from the IP address alone, it's most likely a TOR exit node, public proxy, botnet or a hacked server.

The IP that the biggest scammer on the forums posted is running a mail server that is sending spam, and has tried to dictionary attack something before:
http://www.projecthoneypot.org/ip_187.113.24.162

Yeah. Looks like the Russians are doing it from looking at that site above and the content of the spam messages :

187.113.24.162.static.host.gvt.net.br

http://webcache.googleusercontent.com/search?q=cache:E9qKWrLYArgJ:kadastr.perm.ru:8080/pflogsumm/current/13-11-2011+&cd=3&hl=en&ct=clnk

BTC-E exchange anything to do with this Huh

bulanula

hero member

Activity: 518

Merit: 500

Same here.

187.113.24.162 from Brazil Huh

WTF !

Snowpea

member

Activity: 96

Merit: 10

So i wake up this morning, and shortly after, i start receiving multiple emails from my gmail account from suspicious attempted sign ins. Then i start seeing password recovery messages from my GLBSE and MtGox accounts.
My account uses a strong password that i only use in one other place(a pool).

I'm not going to say what until i'm a bit more clear as to where the security issue is for the sake of the pool.

Anyway, gmail tells me that the IP is: 68.230.94.23 based in Tucson, Arizona. The ISP is Cox Communications.

Obviously, this attack was aimed at my BTC related accounts. Does anyone have any ideas how i can track down this person? or perhaps whatever malicious site/software is attacking the BTC community?

Topic: SECURITY ISSUES - anyone interested in a manhunt? (Read 2471 times)