Author

Topic: We need a standard template for "I was hacked" threads (Read 1288 times)

member
Activity: 112
Merit: 10
Flaming those posters to provide the appropriate info or stfu would either discourage the ones who are trolling, or if they are telling the truth, help everyone out by getting closer to figuring out the security mistakes they are making.
member
Activity: 112
Merit: 10
Why? If this is a crypto-currency that's designed from the ground up for anonymity, then threads about stolen Bitcoins are pointless. You'll never catch the person who stole the coins. If you do, you have no recourse to get them back.

1. The main point is to figure out how people are getting hacked (assuming the claims are true) so everyone in the community can benefit from the knowledge to make themselves more secure.

2. A possible secondary point is to find out as much as possible about the people stealing the BTC. Who knows, that info might end up being useful somehow, if only to expose those thieves.


full member
Activity: 237
Merit: 100
The threads can be instructive for others and scare people into taking more precautions.

Also, people are going to emote when they lose their life savings.  It's human nature, you aspy freaks!

Cheesy
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
I have a suggested method to make this very easy:

1. Write post to notepad.
2. Print completed post.
3. File printed post in file #13 (aka Trash Can)
4. Exit notepad. Be sure to click "don't save" when exiting.

I feel like most "I was hacked" posts are either trolls or people who made an obvious mistake and don't want to fess up to it (i.e. downloading a miner promising 3 million MH/s). And what the hell are we supposed to do when/if we find said hacker? Tell them to give it back (lol)?

+9000
newbie
Activity: 56
Merit: 0
I have a suggested method to make this very easy:

1. Write post to notepad.
2. Print completed post.
3. File printed post in file #13 (aka Trash Can)
4. Exit notepad. Be sure to click "don't save" when exiting.

I feel like most "I was hacked" posts are either trolls or people who made an obvious mistake and don't want to fess up to it (i.e. downloading a miner promising 3 million MH/s). And what the hell are we supposed to do when/if we find said hacker? Tell them to give it back (lol)?
newbie
Activity: 58
Merit: 0
Why? If this is a crypto-currency that's designed from the ground up for anonymity, then threads about stolen Bitcoins are pointless. You'll never catch the person who stole the coins. If you do, you have no recourse to get them back.
full member
Activity: 237
Merit: 100
+1

Sad that they are so common we need a template.
hero member
Activity: 630
Merit: 500
Posts: 69
member
Activity: 112
Merit: 10
Those threads go nowhere. The OP's never provide enough info, and the same back and forth questions get asked in each thread. THe OP's never seem to give enough info to figure out what happened.

This is common enough now that it's in everyone's best interest to adopt a standard template/script of how an "I was hacked" thread should look, and what info should be included in the OP of each one of those threads. I'm not a security expert at all but I will take a rough stab at starting it off:


Required Info:
Screenshot of wallet showing the unauthorized transactions, and the ones before and after it
Address(es) where BTC were stolen from
Address(es) where stolen BTC were transferred to

List of all places on which wallet.dat were stored, including:
OS of machine, version, bitness (32/64 bit), etc
Any software firewall on the machine? What kind of policies are in place?
Is the machine behind a router with hardware firewall? If so, describe security measures in place/ firewall policies.
Stored in plain text/truecrypt/protected zip/encrypted drive/etc?
Is the machine a VM?
Describe security software setup of the machine (AV, anti-malware, etc). Are these services doing real time protection?
What browser(s) do you use? What kind of security precautions are taken for browsing (noscript, adblock, private mode browsing, etc)?
What files have been downloaded recently? (Note, this is probably a useless question because your machine could have been compromised long before you got into bitcoin)


Has the hacked wallet ever been stored in the cloud (dropbox, google docs, transfered via any email service, etc)?
Are the passwords for any of the machines, or cloud services on which the wallet has ever been stored shared with any of your other passwords?
How strong are the passwords? Describe char length, and what mixture of chars are used
Was hacked PC on when the hack took place?

Can you check your bitcoin client Debug logs for more info?
Can you check your router/firewall logs for any suspicious traffic?


I doubt I will have time to maintain this, so I would appreciate if someone else would like to take over creating & maintaining an standard "I was hacked" post template.
Jump to: