|
Title: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Oldminer on June 25, 2011, 03:12:31 AM Just came across this message on https://www.mybitcoin.com :
----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From the desk of Tom Williams, operator of MyBitcoin.com For immediate release. There are a lot of unanswered questions floating around on the Bitcoin forum and other places about the recent Mtgox password leak, and theft from the MyBitcoin system. I will attempt to answer as many of the questions and concerns as best as I can in order to silence the rumor-mill once and for all. As many of you already know, Mtgox was hacked and its password file was leaked. As soon as we heard about the leak we were closely monitoring the system for abnormal activity, and we didn't see any. At first glance, we didn't see any hard evidence that a password leak had even occurred. There was just a lot of speculation to an SQL injection vulnerability in Mtgox's site. A few clients of ours had informed us of the forum threads, and we watched them carefully. The following morning a client of ours sent us the download link to the leaked Mtgox password file. We prompty downloaded the file, put up a warning on the main page, and disabled the login. We attempted to line up usernames from the leak, and we found a lot of matching ones. We started locking down all of those accounts using a script that we had to have written at a moment's notice. It was during this time that we noticed a flurry of spends happening. Yes, even with the site disabled. The attacker had active sessions open to the site. We quickly flushed them and the spends stopped abruptly. We disabled the SCI, all payment forwarding, and all receipt URL traffic on all of the usernames in the Mtgox leak. We proceeded to change the password on every account where the username matched our system's database. PGP-signed emails went out to all of the accounts that we changed the password on. If an account didn't have an email address or had already been compromised we put up a bulletin. (Email addresses were mandatory when we opened our service initially, but people complained that it wasn't truly anonymous so we made them optional. Unfortunately this makes contacting a security-compromised customer impossible.) An investigation was conducted at that time, and we determined that the attacker had opened up a session to each active user/password pair ahead of time, solved the captcha, and used some sort of bot to maintain a connection so our system wouldn't timeout on the session. It was likely his intent to gain access to more accounts than he did, but as soon as he noticed that we had changed the main page of the site he sprung into action by sending a flurry of spends. (Before you ask: no, we don't limit logins per IP address. We can't. We have a lot of users that come in from Tor and I2P that all appear to share the same source IP address.) We've concluded that around 1% of the users on the leaked Mtgox password file had their Bitcoins stolen on MyBitcoin. It is unfortunate, and a horrible experience for the Bitcoin community in general. The IP address that the attacker used was a Tor exit node and the spends were to an address that is outside of our system. Now to address the rumors: No, our database wasn't compromised. We had a 3rd party company audit our site for SQL injection attacks and we passed. (We did, however, have one XSS hole in the address book page last month that would allow an attacker to insert fake entries into a customer's address book. It was promptly fixed and offending address book entries were purged. Not a single customer had spent to the fake address book entries.) Every line of code was audited last month. Literally line by line audited by professionals, and it was deemed safe. No, this site isn't being ran by some amateur that just learned how to program computers. It was created by seasoned programmers that understand security. Yes, we use password encryption. We are currently using SHA-256, but since the recent Mtgox hack we will be upgrading that to something stronger. It's surprising how many sites still use MD5, even though it was broken years ago. It is my personal opinion that MD5 be deprecated from modern operating systems. We also use whole-disk level encryption on every single one of our servers. When you fail a disk in a NOC and a level 1 technician replaces it does he wipe the disk before the RMA/tossing it in the garbage? Not usually! We know these mistakes happen, so we take precautions. Any and all servers with an IP KVM on them are ran in secure console mode. The root passwords are required even for single user mode. All disk keys are held off-site and were never generated anywhere near the internet. All server passwords are unique per server and per user, of course. Only two technicians have access to the secure servers. This access is over a VPN and we only use secured workstations running Linux and BSD to access them. We use BSD servers with MAC, immutable flags, jails, PAX, SSP, randomized mmap, secure level, a WAF, a DDoS mitigation and alert system - -- the works. Like I said earlier. We are not amateurs. In fact, combined we have over 30 years of experience in the payment processing (credit card arena) industry. A large amount of the Bitcoin holding is in cold (offline) storage. We only have a percentage of the holding available hot. This is done for obvious reasons. Going forward we are implementing a 2-factor login system, user-configurable spend limits, better session token tumbling, and a bunch of new SCI features. Wishing the Bitcoin community all the best and a swift recovery, and sincerely yours, Tom Williams -----BEGIN PGP SIGNATURE----- Version: GnuPG/MBC v1.0 iQEcBAEBAgAGBQJOAki5AAoJEJ+5g06lAnqF3tcH/0QNKf7aBEg08vML9MCkwTjF VCoTAPzVaVsdbZOqiRwE2/6420tcFZrsWTXYZYbjXckEiYrl7/DQ2XsLyhk4W567 T1sOCmpH99Z2/VAvTfAd5obRTEGpMQ0SLIrfznyc8MmG4C1GvtVUr4jM79asPmRY jsIn7v53o9Ra1sN3QcvMskRUU1JmqfqU6MlJrYwXrtc/P9Tjm7D3AtsjfvJRX12Z 9g5y1N+zRGVpp7OK35VFnfmIKtOOtb3IMgG5EhiUllsoXKfz1eE08v4f4d0aQstL +HGMi3PktL1HBpIRni2n4MAaIXq/EyzxDSzkSHp6v032H70c1kkUibL//QNxQuM= =VaXC -----END PGP SIGNATURE----- Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: EricJ2190 on June 25, 2011, 03:50:15 AM I use the same username and email on MyBitcoin as I did on MtGox, and I was never contacted by MyBitcoin.
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: beeph on June 25, 2011, 03:54:26 AM uh uh mybitcoin users prepare to be....
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: d.james on June 25, 2011, 03:56:03 AM This is the new rickroll!
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: kseistrup on June 25, 2011, 04:04:02 AM I use the same username and email on MyBitcoin as I did on MtGox, and I was never contacted by MyBitcoin. +1 Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Lynzoi on June 25, 2011, 04:09:11 AM Yeah, I used the same name on mybitcoin and gox, and mybitcoin never contacted me or changed my password. However, I had different passwords for both sites anyway, and after the hack I changed my passwords for everything.
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Klestin on June 25, 2011, 05:17:02 AM Nvm, failure to read, etc. 1:21 AM = should be asleep. :-X
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: LittleGnome on June 25, 2011, 10:42:35 AM Okay, so Mr. Williams is saying he did his security 'due diligence' and for that I suppose he wants a gold star...
Alright, so one gold star for security competency. The trouble is, Mr. Williams, that you are at this point coming across as -Incompetent- at the other crucial aspect of secure financial services - Providing. Financial. Service. I'm assuming that I am one of those customers who did not have an email on file, as I don't remember ever being prompted for one, and I know I have not received an email with reset instructions. So it's great that you put up a 'bulletin' stating what you had done. What was lacking there was -any- instructions on how to get in contact with you for those of us for whom the 'bulletin' was intended. There was a PGP key listed, which is great because now I can write you an encoded message, put it in a bottle, flush it down the toilet and hope that it makes it's way from the Great Lakes, down the St. Lawrence Sea Way to the Atlantic, where a passing sea turtle can take it to your front door. There's no other way to contact you on your site, beyond a snail-mail postal box address. I had to look up your email address on Whois (it's [REDACTED], in case any spam bots are reading), and still that hasn't gotten a response. Likewise, setting up a second account, so I could post a support request has also gotten no response. I'm sure you've got So, Mr. Williams, I'm going to refrain from asking you if you are a THIEF for the time being, and ask instead - as I am left speculating wildly, due to a lack of any meaningful public or private response... Are you and INCOMPETENT KNOB? Sincerely, LittleGnome, ESQ. EDIT: I have now received an initial response to my support request sent through my second account. I intend to follow up with them, and if this leads to a solution for me I'll let you know. If it doesn't, I'll let you know that too. As a peace offering, I removed the email link to the address in the Whois database. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: billyjoeallen on June 25, 2011, 06:42:44 PM I have a different username than I do on mtGox and still my password was apparently changed as I cannot log in. I received no email. I'm not sure what recourse I have at this time.
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: fellowtraveler on June 25, 2011, 08:09:04 PM There is no reason why any of these security problems had to happen.
http://forum.bitcoin.org/index.php?topic=20377.msg278729#msg278729 Someday, enough money will be stolen that the Bitcoin community will consider using public key cryptography that was invented back in the 70s. As long as everyone is still storing passwords on the server, they deserve what they get. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: billyjoeallen on June 28, 2011, 01:04:13 PM Just an update: STILL no reply from MyBitcoin.com
I had a tiny amount of BTC there, so I consider myself lucky. I'm assuming it's gone for good now. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: phatsphere on June 28, 2011, 01:23:25 PM i tried to verify the signature, but i can't find the public key.
original message seems to be here, too: https://www.mybitcoin.com/downloads/incident-report-2011-06-22.txt Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: bitplane on June 28, 2011, 02:13:27 PM I have 1BTC in my MyBitcoin account, and when the MtGox hack happened I hardened all my passwords to ones generated by KeePass.
However, being new to this I lost my first KeePass database and had to manually recover a lot of my accounts, but there is no f*%@ing password recovery on MyBitcoin. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: foo on June 28, 2011, 02:44:58 PM i tried to verify the signature, but i can't find the public key. http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin&op=indexTitle: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: ius on June 28, 2011, 03:08:10 PM Yes, even with the site disabled. Either it was disabled, or it wasn't. Quote Yes, we use password encryption. We are currently using SHA-256, but since the recent Mtgox hack we will be upgrading that to something stronger. It's surprising how many sites still use MD5, even though it was broken years ago. It is my personal opinion that MD5 be deprecated from modern operating systems. Every time someone calls a (one-way) hash function 'encryption' the FSM kills a kitten. Yes, MD5 should be deprecated due to known weaknesses (collision attacks), but using one of the SHA variants isn't going to magically make things unbreakable. MtGox's crypt(md5) is alot more resitant to attacks than plain SHA-256. The keywords are salting and stretching (or: bcrypt/scrypt) - all general purpose cryptographic hash functions were designed to be fast. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: gigitrix on June 28, 2011, 03:11:39 PM Say what you want, but these guys seem to know their stuff. As always, the error (if it exists) in this system is human in that the accounts weren't shut down immediately, but lets be honest, the bitcoin community is so full of speculation and rumour and you can't be awake 24/7. I don't use MyBitcoin but it sounds like they've done their jobs here.
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: LittleGnome on June 29, 2011, 01:54:08 AM Say what you want, but these guys seem to know their stuff. As always, the error (if it exists) in this system is human in that the accounts weren't shut down immediately, but lets be honest, the bitcoin community is so full of speculation and rumour and you can't be awake 24/7. I don't use MyBitcoin but it sounds like they've done their jobs here. I'm sure they've been doing a fine job of keeping bad people out. I say this because, from first experience, they are doing a fantastic job of keeping legitimate users out. Still Waiting, Tom. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: billyjoeallen on June 29, 2011, 01:59:15 AM Say what you want, but these guys seem to know their stuff. As always, the error (if it exists) in this system is human in that the accounts weren't shut down immediately, but lets be honest, the bitcoin community is so full of speculation and rumour and you can't be awake 24/7. I don't use MyBitcoin but it sounds like they've done their jobs here. I'm sure they've been doing a fine job of keeping bad people out. I say this because, from first experience, they are doing a fantastic job of keeping legitimate users out. Still Waiting, Tom. Me too. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: theymos on June 29, 2011, 03:39:04 AM I have a hard time believing any of this without proof.
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: LittleGnome on June 29, 2011, 07:09:43 AM I have a hard time believing any of this without proof. What kind of proof are you looking for? Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: rebuilder on June 29, 2011, 07:37:16 AM theymos: Mybitcoin.com provides, as far as I can tell, no way for a user who can't log in to contact the site administrators for support. That's quite peculiar to me. I'll see if I can log in there and make a support ticket requesting some kind of contact info to be posted on the front page.
Edit: nevermind, LittleGnome says they've already tried this. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: LittleGnome on June 29, 2011, 07:46:49 AM theymos: Mybitcoin.com provides, as far as I can tell, no way for a user who can't log in to contact the site administrators for support. That's quite peculiar to me. I'll see if I can log in there and make a support ticket requesting some kind of contact info to be posted on the front page. Edit: nevermind, LittleGnome says they've already tried this. rebuilder, feel free to submit that as a support ticket. I've mostly confined my support requests to things such as "please give me access to my account", "how can I access my account", "why don't you reply?", "you realize I'm talking about you all over the internet, right?" and words to that effect. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: theymos on June 29, 2011, 05:39:02 PM What kind of proof are you looking for? For one thing, they should publish the results of the audit they claimed was performed. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: LittleGnome on June 30, 2011, 06:42:20 AM What kind of proof are you looking for? For one thing, they should publish the results of the audit they claimed was performed. Then I would agree with you, theymos. That would be enormously helpful. Right now All I'm seeing are myself and a few vocal parties who feel wronged by this, and this statement, which I might add was not made to the public at large. If Mybitcoin was even a third or fourth rate financial institution in the mainstream world we would expect more than what we've gotten. My point in all this, Mr. Williams, you owe your customers, anonymous or not, an explanation, and a way to reclaim their funds. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: billyjoeallen on June 30, 2011, 04:36:32 PM The market response to this would be to go somewhere else. I warn everybody away from myBitcoin at least until they remedy this situation, but the problem is: what other eWallet providers are there?
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Alex Beckenham on June 30, 2011, 04:48:51 PM The market response to this would be to go somewhere else. I warn everybody away from myBitcoin at least until they remedy this situation, but the problem is: what other eWallet providers are there? I feel the same... really dislike mybitcoin.com and wouldn't want my friends to use it, but then I have no alternative to recommend either. You can use many sites as an ewallet, although doing so won't give much functionality... i.e. Tradehill could be used as an ewallet. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: billyjoeallen on June 30, 2011, 05:00:38 PM The market response to this would be to go somewhere else. I warn everybody away from myBitcoin at least until they remedy this situation, but the problem is: what other eWallet providers are there? I feel the same... really dislike mybitcoin.com and wouldn't want my friends to use it, but then I have no alternative to recommend either. You can use many sites as an ewallet, although doing so won't give much functionality... i.e. Tradehill could be used as an ewallet. instawallet.org -just got one. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Alex Beckenham on June 30, 2011, 05:29:14 PM The market response to this would be to go somewhere else. I warn everybody away from myBitcoin at least until they remedy this situation, but the problem is: what other eWallet providers are there? I feel the same... really dislike mybitcoin.com and wouldn't want my friends to use it, but then I have no alternative to recommend either. You can use many sites as an ewallet, although doing so won't give much functionality... i.e. Tradehill could be used as an ewallet. instawallet.org -just got one. Yeah, that's a good site... what I meant by 'much functionality' was mainly merchant integration. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: theymos on July 01, 2011, 01:31:47 AM MyBitcoin is still accepting payments with only 1 confirmation. This is insane for a bank. Any miner capable of mining two blocks in a row can steal money from MyBitcoin pretty easily. I'm surprised no one has attempted it yet.
There's another attack made possible by accepting payments with less than 6 confirmations that would allow you to see exactly which coins MyBitcoin has, and possibly do other damage. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: just_someguy on July 01, 2011, 02:06:53 AM MyBitcoin is still accepting payments with only 1 confirmation. This is insane for a bank. Any miner capable of mining two blocks in a row can steal money from MyBitcoin pretty easily. I'm surprised no one has attempted it yet. There's another attack made possible by accepting payments with less than 6 confirmations that would allow you to see exactly which coins MyBitcoin has, and possibly do other damage. Don't leave us hanging! As long as it doesn't allow someone to go right out and do it what is the < 6 block attack? Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: theymos on July 01, 2011, 02:49:00 AM It's pretty simple, which is why I didn't mention it. The client will only send coins with >6 confirmations unless you have none of those left. So you just keep depositing and withdrawing lots of coins and MyBitcoin will quickly send every coin they have. Once the same coins start to be resent, you know you've seen them all. Now you know how many coins MyBitcoin has with high accuracy as well as exactly which coins make up that balance. You've also "brought to the surface" all of MyBitcoin's coins, which might allow other attacks.
I haven't tried this. Maybe MyBitcoin limits site-wide BTC movements, which might make it more difficult. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: da2ce7 on August 04, 2011, 09:21:47 AM Code: -----BEGIN PGP SIGNED MESSAGE----- Public Key "MyBitcoin LLC (SCI Verification Key) <nobody@mybitcoin.com>": Code: -----BEGIN PGP PUBLIC KEY BLOCK----- Result (gpg -v): Code: gpg: Signature made 06/23/11 05:55:37 AUS Eastern Standard Time using RSA key ID A5027A85 Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: BitcoinPorn on August 04, 2011, 11:38:46 AM Fake PGP key was known already or did I just read your post wrong?
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: julz on August 04, 2011, 11:53:19 AM Fake PGP key was known already or did I just read your post wrong? Not the way I read it That post seems legit. I also did a gpg verify on a mybitcoin deposit email someone posted online and got a similar result The signature isn't 'trusted' in that it's not verified by a certifying agency - but I think we can know that it's the same person who had control of the mybitcoin response email system. I found the same public key in some python software which interfaced with mybitcoin. Interestingly.. that key does seem to have been certified on 2011-04-02 and 2011-04-12 by one Tobias LLoyd and there are a couple of email addresses for him. As far as I know.. you shouldn't certify unless you've met and properly verified the person.. so maybe Tobias has some information? Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: wumpus on August 04, 2011, 11:55:10 AM As far as I know.. you shouldn't certify unless you've met and properly verified the person.. so maybe Tobias has some information? Yes he might, do you have his mail address? Maybe send him a polite mail...Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: julz on August 04, 2011, 12:00:42 PM As far as I know.. you shouldn't certify unless you've met and properly verified the person.. so maybe Tobias has some information? Yes he might, do you have his mail address? Maybe send him a polite mail...I have just done so. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: wumpus on August 04, 2011, 12:11:14 PM I have just done so. This seems a genuine web of trust, the keys his key are signed with are also signed by others etc... Let's hope this turns op something.Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: julz on August 04, 2011, 02:48:19 PM Tobias was very helpful but doesn't have any further information regarding Tom Williams.
Quote I believe the only certificate for mybitcoin.com I would have verified would have been the PGP cert that was used to sign all of the emails. With PGP (or GPG in the OpenSource community) there is no need to meet each other face to face to exchange certificates. All encryption and signing is done through a public and private key pair. So, mybitcoin.com would sign all of their correspondence with their private key. Then through use of their public key, I can validate that it was actually them who signed it. Now, in regards to my validation of the mybitcoin.com public key. When I received a message from mybitcoin.com that was signed AND I confirmed that the data contained within was correct (I.E. the transaction listed matched one I had just placed) I knew the message was authentic, so I would have signed their public key indicating that I trusted this key as an authentic key. So anything signed with that particular key, I knew I could trust. All of the verification was done from right here at my desk, so I'm sorry to say, I did not have to meet anyone in person in order to verify the key. I probably gave the key too high of a signing rating though. Usually when I'm signing keys I go all or nothing. So sorry if I mis-led you. I know this doesn't help you in your search, but I wish the best of luck to you! Tobias Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Cryptoman on August 04, 2011, 02:55:05 PM Who exactly is Tobias Lloyd, and could he be Tom Williams?
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: wumpus on August 04, 2011, 02:59:43 PM Too bad, another dead end. It was worth a try!
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: julz on August 04, 2011, 03:10:31 PM Who exactly is Tobias Lloyd, and could he be Tom Williams? He could be Tom Williams as much as you or I could be. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Cryptoman on August 04, 2011, 03:24:52 PM Who exactly is Tobias Lloyd, and could he be Tom Williams? He could be Tom Williams as much as you or I could be.Well, even more so since he would have a reason to certify his own key. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: julz on August 04, 2011, 03:36:22 PM Who exactly is Tobias Lloyd, and could he be Tom Williams? He could be Tom Williams as much as you or I could be.Well, even more so since he would have a reason to certify his own key. True. But anyone could have done so and it wasn't at all necessary for Tom Williams to have that additional certification in order to sign his messages. The fact that there is so much readily available information on Tobias Lloyd is in complete contrast with all the steps we can see 'Tom Williams' has taken to hide his identity. It was always a long shot that Tobias might be someone who knew him. Judging by Tom's use of i2p and the efforts to hide the whois information - he's not going to be found so easily. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: error on August 05, 2011, 08:32:30 PM Tobias was very helpful but doesn't have any further information regarding Tom Williams. Quote I believe the only certificate for mybitcoin.com I would have verified would have been the PGP cert that was used to sign all of the emails. With PGP (or GPG in the OpenSource community) there is no need to meet each other face to face to exchange certificates. All encryption and signing is done through a public and private key pair. So, mybitcoin.com would sign all of their correspondence with their private key. Then through use of their public key, I can validate that it was actually them who signed it. Now, in regards to my validation of the mybitcoin.com public key. When I received a message from mybitcoin.com that was signed AND I confirmed that the data contained within was correct (I.E. the transaction listed matched one I had just placed) I knew the message was authentic, so I would have signed their public key indicating that I trusted this key as an authentic key. So anything signed with that particular key, I knew I could trust. All of the verification was done from right here at my desk, so I'm sorry to say, I did not have to meet anyone in person in order to verify the key. I probably gave the key too high of a signing rating though. Usually when I'm signing keys I go all or nothing. So sorry if I mis-led you. I know this doesn't help you in your search, but I wish the best of luck to you! Tobias Security fail. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Phinnaeus Gage on August 05, 2011, 09:32:06 PM I win the bounty! I win the bounty! There was a bounty for finding his desk, wasn't there?
From the Desk of Tom Williams http://t1.gstatic.com/images?q=tbn:ANd9GcTsSGe8VApjYsyZ2xUoegIiBobYYKSub6boIfpsqxF20rCI2E18 Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Stalin-chan on September 01, 2011, 05:12:43 AM I win the bounty! I win the bounty! There was a bounty for finding his desk, wasn't there? From the Desk of Tom Williams http://t1.gstatic.com/images?q=tbn:ANd9GcTsSGe8VApjYsyZ2xUoegIiBobYYKSub6boIfpsqxF20rCI2E18 So are you saying Tom Williams is a school child? We have been had. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Phinnaeus Gage on September 01, 2011, 05:51:29 AM I win the bounty! I win the bounty! There was a bounty for finding his desk, wasn't there? From the Desk of Tom Williams http://t1.gstatic.com/images?q=tbn:ANd9GcTsSGe8VApjYsyZ2xUoegIiBobYYKSub6boIfpsqxF20rCI2E18 So are you saying Tom Williams is a school child? We have been had. Thank you, SA. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Stalin-chan on September 01, 2011, 05:56:16 AM Mystery solved.
Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Phinnaeus Gage on August 11, 2012, 07:56:18 AM I have a hard time believing any of this without proof. I give! I now firmly believe the relic story. I haven't had a good night sleep since my ignore link turned firecracker orange. My hope is that with this post it will return back to normal. ~Bruno~ Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: finkleshnorts on August 11, 2012, 08:27:31 AM I have a hard time believing any of this without proof. I give! I now firmly believe the relic story. I haven't had a good night sleep since my ignore link turned firecracker orange. My hope is that with this post it will return back to normal. ~Bruno~ *proxy quote^ Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: Phinnaeus Gage on May 14, 2019, 09:16:19 PM I win the bounty! I win the bounty! There was a bounty for finding his desk, wasn't there? From the Desk of Tom Williams http://t1.gstatic.com/images?q=tbn:ANd9GcTsSGe8VApjYsyZ2xUoegIiBobYYKSub6boIfpsqxF20rCI2E18 Here to claim the bounty once again (maybe this time for real) ... https://en.wikipedia.org/wiki/Paul_Le_Roux Quote Paul Calder Le Roux Born 24 December 1972 (age 46) Bulawayo, Rhodesia (now Zimbabwe) Other names Alexander Benny John Bernard Bowlins, Bernard John Bowlins Johan, John Paul Leroux (or Leraux) Johan William Smit William Vaughn Inspired by https://www.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.187.0.pdf and: https://news.ycombinator.com/item?id=11381625 and: https://ylilauta.org/kryptovaluutat/99793976 Quote A few days ago, Craig Wright's court case posted a redacted document where the Craig described a crime boss. https://www.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.187.0.pdf Most of the Mentions were censored, but they missed one on page 4 from page 3). Over the last few days I've been out-and-out, and I've figured it out. Here's the real crypto black pill: Bitcoin was a project of a Evil Genius whose full name is Paul Solotshi Calder Le Roux. They are the ones who want to use the Crypto Capital. Unfortunately, they are still in the midst of a law enforcement, and they are going to spend the rest of their lives. But how does Craig Wright fit into all this? Craig Wright was an employee of Le Roux, who was a vaguely aware of the Bitcoin project. Craig was an Informant who helped bring down Le Roux, Craig managed (Dave Kleiman) of Solotshi's coins are locked away in secure TrueCrypt volumes (TrueCrypt being another software that Le Roux developed). They have been trying to crack them but with no success. Another of Craig's long-time friends, Calvin Ayre, has a set of warehouses for computers to try to crack the counter fortunes; his mining activity is simply the first thing to do. Craig is being set up as 'The Real Satoshi' so that when the coins are finally unlocked, they can legitimately sell them off. Title: Re: From the desk of Tom Williams, operator of MyBitcoin.com Post by: AGD on August 29, 2019, 09:18:09 AM I win the bounty! I win the bounty! There was a bounty for finding his desk, wasn't there? From the Desk of Tom Williams http://t1.gstatic.com/images?q=tbn:ANd9GcTsSGe8VApjYsyZ2xUoegIiBobYYKSub6boIfpsqxF20rCI2E18 Here to claim the bounty once again (maybe this time for real) ... https://en.wikipedia.org/wiki/Paul_Le_Roux Quote Paul Calder Le Roux Born 24 December 1972 (age 46) Bulawayo, Rhodesia (now Zimbabwe) Other names Alexander Benny John Bernard Bowlins, Bernard John Bowlins Johan, John Paul Leroux (or Leraux) Johan William Smit William Vaughn Inspired by https://www.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.187.0.pdf and: https://news.ycombinator.com/item?id=11381625 and: https://ylilauta.org/kryptovaluutat/99793976 Quote A few days ago, Craig Wright's court case posted a redacted document where the Craig described a crime boss. https://www.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.187.0.pdf Most of the Mentions were censored, but they missed one on page 4 from page 3). Over the last few days I've been out-and-out, and I've figured it out. Here's the real crypto black pill: Bitcoin was a project of a Evil Genius whose full name is Paul Solotshi Calder Le Roux. They are the ones who want to use the Crypto Capital. Unfortunately, they are still in the midst of a law enforcement, and they are going to spend the rest of their lives. But how does Craig Wright fit into all this? Craig Wright was an employee of Le Roux, who was a vaguely aware of the Bitcoin project. Craig was an Informant who helped bring down Le Roux, Craig managed (Dave Kleiman) of Solotshi's coins are locked away in secure TrueCrypt volumes (TrueCrypt being another software that Le Roux developed). They have been trying to crack them but with no success. Another of Craig's long-time friends, Calvin Ayre, has a set of warehouses for computers to try to crack the counter fortunes; his mining activity is simply the first thing to do. Craig is being set up as 'The Real Satoshi' so that when the coins are finally unlocked, they can legitimately sell them off. The Paul Calder Le Roux / CSW connection is pretty interesting. I can literally smell the stinky root of this story. Edit: Good read - https://magazine.atavist.com/an-arrogant-way-of-killing Some more stuff: https://www.facebook.com/globe.trotter.7587 (Dennis Gögel - one of the hitmen, that was arrested in Phuket |