Bitcoin Forum

I'm freaking out.  I just checked my mtgox account and all my bitcoins are gone.  It's says they were withdrawn to paypal.  I think it got hacked.  Anybody else?

I have all my bitcoins and USD, all .11 and .49 respectively. I hope that you weren't hacked - how much did you have?

That sucks man, I hope you get your coins back. Looks like the price was lowered again - I checked the mega chart and the .9 range sales seem to be missing.

mike: I don't think that's really possible. Due to its very nature Bitcoin is likely to be used for a lot of transactions where people don't exactly want to advertise that they're buying something. Voluntary reporting systems would therefore be too inaccurate.

cryptofo: "withdrawn to Paypal"? Literally? That makes little sense for two reasons - Paypal doesn't support Bitcoins,  and AFAIK Mt. Gox doesn't support Paypal.

I know totally, I'm freaking out.  Can I print screen shots?  It looks like someone got into my account sold all my bitcoins and then somehow withdrew them through paypal.  AAjhhhhhh

Just take a screenshot and post it, I'm interested.

http://graphicssoft.about.com/cs/general/ht/winscreenshot.htm

I tried to post it, but it said it was too big so I uploaded it here.

http://www.urbanethanol.com/wp-content/uploads/2011/01/bitcoins.jpg

This is crazy, I would think if someone hacked my account they would just send themself my bitcoins, but they actually sold them then withdrew money in a way that you can't withdraw through paypal.  Worse they sold them when they were at .42. 

this is the email I just got from someone at mtgox:

Looks like you sold them and sent them to Liberty reserve account: U0764959

On Mon, Jan 31, 2011 at 4:45 PM,  <xx> wrote:

[Hide Quoted Text]
xx

Quoting Jed McCaleb <admin@mtgox.com>:
What is your username?

On Mon, Jan 31, 2011 at 4:22 PM,  <xx> wrote:

I just logged into mtgox and all my bitcoins are gone.  I'm freaking out.
 What happened, please respond.

mt gox doesnt do paypal withdrawals.

How strong was your password?  Does anyone else who has a clue about Bitcoin have access to your computer?

No one has access to my computer, but my password wasn't very strong.  It looks like it came from this ip address 77.222.42.204 from st. petersberg russia.

Mtgox just told me someone was running a dictionary attack. 

Account Information

Account Number U0764959

Account Name Cyber

Account Type User

Created On 11/22/2010 02:41

Balance (USD) hidden

Balance (Euro) hidden

Balance (Gold Grams) hidden

I'm so depressed, imagine my surprise to log in and see that the price had almost doubled then to realize my bitcoins were gone.  Almost funny when you think about it.

It's possible that the owners of the two sites might be able to fix it, I'm not sure. They're not irreversible like bitcoin transactions, so it might happen.

I'm still worried about the suddenly disappearing entries in the orders book. There also was an entry with price 'NaN' (not a number) which could indicates a bug in data validation.
About the dictionary attack: protecting the login using a captcha might be a good idea but in my opinion doesn't replace a good password (12+ chars, good entropy).

Btw, this is my first post. Hi everybody :)

My account have nothing to attack.  ;)

Yeah, I specifically don't keep anything in my mtgox account because it seems insecure, same reason I don't trust mybitcoin. I keep my own computer secured, and past that, so if I keep my wallet on my computer and have an encrypted backup, I should be good.

Unless every password looks something like this one you'll be vulnerable.  :)

k[vUOK1=p9y2'P4y(6,]dx1=\#\Qm1BPI@c{{D+fOvGr~tww4^Yfl/CiP%N|WWE%uuJ\(|$$9,p%,5eIm"nk'I%P79P=*>d&'Sb.ihiDyqfETkyG.%Jl3gmZ]/W2R;<<3~iZoe1)ND;S}$Ds2D`(ejDZ$!pk4M]13hWsMxZ#DCK5]~PXYpzJtVbkxyKr;x=;uc9P""8$S.JZXlXB%EOXN%5W"8D&9ZqYin'6wX`t.nzVGA1!


vladamir is right. Keepass is easy to use .

True, but I'm not worth attacking. Somone intent on stealing bitcoins would go after mtgox and mybitcoin accounts before trying to find me.

Okay, but then you need to store your passwords somewhere, and you'll want to encrypt them... then you need a password-protected key... in a moment you'll have to remember one good password at least...

But yeah, having generated password for sites seems a good idea...

Normally security-sensitive sites like banks block an account after a number of unsuccessful login attempts, and then require some sort of positive identification to unblock.
Another interesting thing is doing like facebook, which asks several questions each time you login form an "unusual" IP... it would probably be useless for Tor users as they would not have an "usual" IP in the first place, but it's something.

These things are annoying but it's quite less annoying than having your account stolen like that...

Offtopic: For easy to remember and secure passwords https://www.pwdhash.com/ works pretty good. There are browser extensions for most browsers.

MtGox could/should also implement Facebook/Google logins. These companies provide "industrial strength" authentication systems that are secure against things like dictionary attacks, password theft etc. Might as well reuse their investment.

Good idea. OpenID, in other words.

Google even offers two-factor authentication to some of its users (password plus mobile phone confirmation).

please explain as many are more proficient than myself in this area:
using facebook login? that is the facebook connect thing? so that you could login to mtgox using fb credentials? doesn't sound very appealing... does that mean that :
a) fb can login to your mtgox as they authenticate your credentials?
b) prone to censorship if fb decides a site is no good and does not let you login?
c) same password for all sites, thus you compromise all accounts if one pwd is lost?

thank you for your help in understanding;

Or he should not use passwords at all an use gpgauth.

http://www.curetheitch.com/projects/gpgauth/

Right now there is no working plugin for browser but there should be soon, from what I have read. It is also not just a technology, program but a process, protocol for authentication.

Password based authentication has many weaknesses, a move to keypair based authentication is the better thing to do. Then things like dictionary attacks, stealing passwords after breaking in, and rainbow attacks, and storing passwords will not be a problem.

Any news from mtgox and getting his bitcoins back?

> Any news from mtgox and getting his bitcoins back?

Yeah it is unfortunate. I've contacted Liberty Reserve about it. I fixed it so they can't use this attack anymore. I think his and one other account (I've emailed you) were the only two compromised. Anyone with a decent password would be safe.

a) Yes

b) Yes

c) Yes

However, a lot of account hijacking takes place because third party sites are compromised. Facebook is very, very unlikely to be hacked in the same way that MtGox or PlentyOfFish is hacked. If you have a robust password and use a major ID provider to log into sites with, you're at risk of malware and maybe if you don't pay attention phishing, but otherwise you won't be hit by third party site breakins. That's what you want.

Of course you can also create a new password for every single website, but most people don't do that, it's too inconvenient.

I'm not paranoic, but don't trust anyone's security just because it's big player. Facebook logins can be hacked, too. Personally I also use facebook login to some pages, but I'll think twice to use it for my bank account login (which mtgox is)...

Yes, although in practice most people already compromise (almost) all accounts if they lose the password to their email account, due to the easy availability of password reminder/reset facilities.

A bank does need something more than most other sites. I would be happy to pay a fee to have two-factor authentication on my MtGox account.

My bank snail mails lists of 300 one-use keys you need when logging in. A quicker but perhaps more expensive option is to send the keys in SMS.

So were the hacked accounts and the extremely high-value Bitcoin transactions related or not?

It seems unlikely, because the hacker apparently sold bitcoins. This would have tended to lower the MtGox price, not raise it.

An application for your mobile phone that generates a lot of one time passwords, and then encrypts using the servers public key and sends the list to the server to be used. You can then use the passwords when you need, as long as you don't lose your phone.

But I think authentication using public/private keys is better, as long as you don't lose your key or let it get compromised.

When was this bruteforcing done? I have a weird (I think) transaction on my mt gox account:

Me too: (Where it says "Withdraw Paypal" I actually withdrew some LRUSD to Liberty Reserve..)

Alright, who do we go to for an accurate exchange rate now?

Any site that stores or trades bitcoins should implement the option of some kind of security token or OTP technology.  I've had good success with Yubikeys.

http://www.yubico.com/yubikey

You _never_ lock based on an accunt. You _lock_ based on an IP address the request came from.(Look into the account lockout denial of service attack)

Locking an IP doesn't protect against distributed attacks. A temporary lock of the account seems preferable to a loss of hundreds of bitcoins. Simply locking an account for one minute makes it horribly slow to try a brute force attack.

What if my goal is just to stop you for participating in the market? If I just want to kick you I just let some bruteforcers on forever and you would never be able to enter again. Even if it is just 1 minute, then in 0.000001 seconds you are blocked again and again and again. :/

No, that doesn't work. Instead of trying 100,000 passwords on one account, the attacker simply tries one password on 100,000 accounts. Same chance of success.

Hi everyone,
I'm sorry for not introducing me before, but guess we have much more important things to talk about right now.
Considering the actual situation (I'm sorry for the user using a common dictionary word as his "bank" account password, and mtgox not having any dictionary attack protection implementation ... ), I just noticed a great drop of the BTC available for free at http://freebitcoins.appspot.com (http://freebitcoins.appspot.com). It dropped about 300BTC in 36hrs. Should we worry?

Now I'm paranoid. I just tried to login to mtgox from my iPad and got an invalid certificate error. The issuer is certificates.godaddy.com. Has anyone else gotten this? I suspect it is a misconfiguration of the mtgox server a la http://blog.boxedice.com/2009/05/11/godaddy-ssl-certificates-and-cannot-verify-identity-on-macsafari/ (http://blog.boxedice.com/2009/05/11/godaddy-ssl-certificates-and-cannot-verify-identity-on-macsafari/).

I can not find my orders in the Depth Table! Does anybody else? :-\

It seem that I'll have to change my security practice too.

Of course, it shouldn't be the only security measure, but that's a very helpful one. Trying a password on 100k accounts is slighly more difficult, because you need 100k user names.

Don't we all... funny how the times are sync'd though.

Yeah, what is that?

Well, I didn't have a dictionary password. I used numbers, and a symbol. Maybe it wasn't long enough? In any case, this is a terrible thing to happen.

Bitcoiners from IRC channel reported that their password are randomly generated but their accounts are still compromised.

That's the problem. As you have already stated, this was not a "weak password" hack.
Guess Vladimir is wrong. Could the whole MtGox platform be compromised? Looks so.

[edit]
A brute force/dictionary attack would lead to many "errors" in the platform log.
You are logging failed login attempts, right MtGox?
[/edit]

I'm no security expert nor am I knowledgeable of mtgox's code, but as a coder when I see my account being stripped of 0.005 coins, which you can't see on the UI unless you look at history and do some math... well, it sounds like the actual server was compromised and DB's scraped.

Just saying.

MtGox said that the event on 1/24 was people merely accessing my account for name.

In other words, it wasn't compromised, maybe?

Even so, I do not feel safe.

Have a look at https://mtgox.com/support/tradeAPI
User credentials are passed along in clear text with GET method, not POST method.
That's sad man, anyone able to sniff the server traffic would have all the credentials.

My bad, that's false.
Didn't read the "The following take your Mt Gox username and password as parameters. They must be sent as a POST. " part.

Sorry man, didnt meant to treat you bad :P
MtGox should put the whole stuff offline before more BTC are stolen.
And then investigate further.

Maybe you could start a bitcoin security company in which you certify sites for following security protocols?

POST is also easily-readable plaintext... GET is just visible in the URL. GET parameters are encrypted when using HTTPS.

Just to add another statement: I too am seeing the Payment Process united transaction, with exactly the same time, looks a lot more like a cron job to me. If the database were compromised as some people suggested there would not be any entry, they'd just sent the money off without being so polite as to inform the users where the money went. Same for the platform compromised discussion.

My best guess is that it was in fact a dictionary attack. Could the affected people please share the strength of their password using http://www.passwordmeter.com/ to not publish real passwords on the Forum?

My account doesn't seem to be compromised since it still shows me my dollar balance like I left it a few weeks ago.

Still waiting for an official statement by MtGox :D

My account is one that was compromised. My password is randomly generated and strength is 100% according to that site.

My password is above and beyond safer than necessary. A dictionary attack is very unlikely.

Next best guess: sniffing traffic. Are you using the HTTP or the HTTPS URL to log in?

Thank you vladimer for your support and kind words from all.  These are the emails to mtgox.

Jeb,
I've contacted Liberty Reserve abuse and recieved their standard shpeal.  I'm really
upset, I've been collecting these bitcoins for over a year.  I think this is unfortunate
because MTGOX is one of the primary sources for liquidity and market price, but this type
of insecurity is a vulnerability to the bitcoin community.  This was not caused by
complete neglegence on my part.  My computer was not compromised.  My username and
password are specific to this site.  This is a specific attack that was directed at
mtgox.  My password may have been weak ( 8 characters, numbers and letters), but it was a
vulnerability on your end that allowed someone to use a dictionary attack.  It is
important to know that mtgox is willing to make their best efforts to reconcile a
compromise of this nature.  If there is anyway you can replace some if not all of the
900+ bitcoins that were stolen from me, I think it would stand as a gesture of support
from mtgox and instill some faith in mtgox from the bitcoin community.


Quoting Jed McCaleb <admin@mtgox.com>:

[Hide Quoted Text]
I'm not sure how they got your username. From the bitcoin forum maybe?
Are you going to make a statement on the bitcoin forum with some  information?
I'm not sure what I would say there. I made the attack impossible now and I don't think anyone else's account was compromised.
Are you going to contact Liberty Reserve?
I can but you should also. The more people complaining about that account the better.



On Mon, Jan 31, 2011 at 6:19 PM,  <XXXXXXXXXXXXX> wrote:
I understand this is somewhat out of your control and I should not have had
a password that started with a, but how did they know my username?  Are you
going to make a statement on the bitcoin forum with some information?  Are
you going to contact Liberty Reserve?

Quoting Jed McCaleb <admin@mtgox.com>:
I checked that IP and that was from the person running the attack. So
he must have guessed your password. I'm sorry...
How do you know someone was running a dictionary attack?
I saw the repeated login attempts. But I changed the login page so
they can't do it now.

Liberty Reserve has a contact form on their site.



On Mon, Jan 31, 2011 at 5:14 PM,  <XXXXXXXXXXXX> wrote:

How do you know someone was running a dictionary attack?  On your end?
 Do
you know how I can get in touch with liberty reserve?

Quoting Jed McCaleb <admin@mtgox.com>:
This will tell you:
http://www.ip2location.com/demo.aspx

Well someone was running a dictionary attack so if your password was
simple he may have gotten it.
You could try writing Liberty Reserve and see if they can help since
they have the money now.
Sorry,
Jed.

On Mon, Jan 31, 2011 at 5:06 PM,  <XXXXXXXXXXXX> wrote:

Anything's possible, this seems like a rather specific attack.  I can't
believe this.  Can you tell where these Ip addresses are?

Quoting Jed McCaleb <admin@mtgox.com>:
Could someone have got your password somehow?

XXX.XXX.64.10
77.222.42.204
XXX.XXX.64.10
XXX.XXX.56.44

These are the IPs that have logged into your account
Jed.

On Mon, Jan 31, 2011 at 4:54 PM,  <XXXXXXXXX> wrote:

Someone hacked my account and did this.

Quoting Jed McCaleb <admin@mtgox.com>:
Looks like you sold them and sent them to Liberty reserve account:
U0764959

On Mon, Jan 31, 2011 at 4:45 PM,  <###########> wrote:

XXXXXXX

Quoting Jed McCaleb <admin@mtgox.com>:
What is your username?

On Mon, Jan 31, 2011 at 4:22 PM,  <##########> wrote:

I just logged into mtgox and all my bitcoins are gone.  I'm
freaking
out.
 What happened, please respond.

You are automatically redirected to https, just checked.

Whoa, whoa, whoa. Are we sure those odd "united" transactions on the 24th have anything to do with the unauthorized access? I have that too, as pretty much everyone seems to, but haven't lost any BTC or USD. Cryptofo, on the other hand, did have funds stolen, and that happened on the 28th, 4 days later. Everyone who's saying their accounts were compromised, did you lose something or are you referring to the odd transaction on the 24th. I'd like to hear what mtgox has to say on the events on the 24th before concluding those are related to any kind of foul play at all. For all we know it was some kind of cleanup operation related to the rounding errors reported before. I know I had a negative balance on mtgox at some point due to those.

I'm only referring to the Jan 24th incident personally. Sorry for the confusion. And yes, I always use HTTPS as you are redirected automatically.

They are merely fishing for names.

I have a 7 random(Generated) + a salt of at least 5 chars and I still see an odd transaction. The good thing is that I didn't had any funds at that time. So, anything official about what happened yet?

So until now we have 1 confirmed compromised account (cryptofo) and several other reporting some strange transaction 4 days earlier.

IMHO that transaction has nothing to do with the attack at all. Could cryptofo please check the strength of the used password?

Just trying to keep panic down and get the matter resolved :D

Dunno, maybe you can get a sell on short while you have chance. :P

As of the 24th incident it could show that there was indeed a compromise or MtGox checking something.

Almost everyone had transactions from "united". It does NOT mean that your account was compromised. It does mean that the attacker has your username. It was just them using the merchant API to send you 0 BTC.

There were only two accounts that had money stolen from them as far as I can tell.

It was a dictionary attack since I saw it happening.

I plugged the vulnerability that allowed them to run the attack so your weak passwords will be safe again.

I'm still working out with cryptofo if/how to reimburse him.

Ideally Liberty Reserve would help us since they can easily fix the issue. But they don't seem to be cooperating. Anyone have ideas there?

Finally, your answer is much appreciated.
Guess you both share the responsibility for the story, vulnerability+weakpassword= 50:50

Sorry for the ones that lost coins.

But weak passwords on a site that has ANYTHING to do with finances?

http://lastpass.com/
http://keepass.info/
http://strongpasswordgenerator.com/
http://www.passwordchart.com/


They all work great, depending on what you need.

So, has anyone identified the attacker? I had been checking the IP with no luck.

libertyreserve doesn't ever reverse transactions. they're trying to be a 'hard currency'. so you're pretty much SOL there.

Don't forget what paypal did to mtgox and to the bitcoin economy. Hard currency are a better alternative.

What we're going to do? Call the police?

I don't know, but they're in st. petersberg Russia.  I'm boycotting Vodka!!

Yep, that ip address is shared by some russian websites.
http://bgp.he.net/net/77.222.40.0/22
spaceweb.ru, russian web space provider.

A question for people here: Did everyone who has the "united" transaction have a MtGox account name that is also a Forum username? Because it's easy enough to get a list of Forum names.

I have the "united" transaction, and my MtGox account name also happens to be a Forum username (although it's not 'ribuck').

Weak passwords are never safe. Mine is 71% according to the Password Meter (http://www.passwordmeter.com/), and I'll be improving it.

Mine has absolutely no relation to my forum nick and I have that weird entry, too.

I do not know what you guys will do, but I just withdrew all my funds to my bitcoin wallet and to my LR account.

Mt.Gox does not seem reliable to me now.

sure that sounds nice and all....but what happens when:

1. create mtgox account
2. load up with BTCs
3. give russian friend credentials and have them spam other failed attempts first to make it look legit
4. create forum pressure for mtgox to reimburse
5. profit !

While I agree there is some site responsibility, no way he should cover some guy with a password of 'password'

I think it should be safer: using login attempts limit, binding to a range of IP, requesting PIN, using OpenID, etc.

Yes, I have the same account name.

I'm with you Vladimir   :) , that's what I was trying to get across in my email to him.  Still haven't heard back.  

cusipzz - I hear what you are saying, but that was not the case here.  There was a clear vulnerability at mtgox and my password wasn't "password"  It was a combinatinon of 8 letters and numbers.  Not a dolphins butt I know, but mtgox stated that there was a whole that he fixed.  And I have to pay the price.  The site also accepted it as a valid password.

cyrpto - because the site accepted it doesn't mean a lot.

There has to be some user responsibility in all of these cases. Not sure what the % is in this case, just saying.

My password could be 'pWf32fWSf@35%@#4f@#4', perfectly secure, but if i use that same password on a Russian PS3 hacking forum, is it mtgox's fault you account later gets taken from Russia? Sure, you may say it was unique to mtgox, but how does he know? Just playing a little devil's advocate, that's all.

I guess common sense comes to play here. I for one fully trust Jed, so if he told me someone used my account by trying out 3 different passwords I'd pretty much accept full responsibility. But that is not the case here, there was a dictionary attack so either the site doesn't allow weak passwords or it has to have measures to prevent these attacks. Or it is the site owner responsibility.
Of course we are all grown ups and I'm glad to see that the parties here are talking to each other trying to find a solution.

I hear ya.  I'm not pointing the finger at mtgox and demanding they accept all responsibility.  The reality is a bug was found in a system that we all  want to trust.  Bugs get discovered and bugs get patched.  It could have been a lot worse.  Suppose they gained control of more than just my bitcoins and began to manipulate the market.  Bitcoin as a whole is very experimental at this point.  The anonymous nature of leaves little accountability to anyone other than ourselves.  At this point and up to this point it doesn't look like MTGOX wants to take any responsibility.  That's cool, just a year and a half of generating down the tubes.

I trust Jeb too, I don't think anyone in the bitcoin community is out to get anyone.  We all want what's best for bitcoin.  If this tightens up security at mtgox and makes bitcoin stronger and we all learned a lesson then I guess that's good for bitcoin.  Just sucks to be the one takin it on the chin for it.

If the story is as it was told on the forum, I'm sure Jed will come around. It does sound like you were not to blame in any way for what happened, an 8 char numbers and symbols password might not be a 'strong password' but it is still much better than most other passwords there, I bet. It was certainly better than the one I had (and have now changed to something more realistic).

It's not the site owner responsibility. I don't want to blame the victim either (only the criminals are to blame), but MtGox doesn't have any obligation whatsoever of refunding him. Unless they had explicitly sold such guarantees, they don't have any obligation in keeping our funds protected at all. It's our choice to trust or not in their capacity to do so.

They should have, of course, interest in protecting their site and maybe even refunding our friend here. But that opens dangerous precedents for them as somebody else has already noticed... this case seems true, but who knows about the next that might come...

The whole problem with this is that the bitcoin world is still too small to have professional insurances behind everything. Normally insurance companies would refund such losses, and these same insurances audit the platform for security flaws etc.

 :D You can't be serious...

It would be good to get the exchanges to a level of other exchanges / bank accounts where you can trade.

On most of the accounts, you get transaction numbers as one time codes for each transaction, on top of your normal username and password veryfication.

establsihing those transaction numbers on bitcoin exchanges would make it much much more secure.

It is still the site owner responsibility. I'm not saying there's an obligation of refunding any losses, that's where the contracts, insurances and premiums come in, but rather that only the site owner could have prevented this, and I'm sure in this case Jed has already closed this particular hole.

If there's any obligation, legal, moral or otherwise, I'm in no position to say. Having happened to me, I would ask for a refund but not require one, as you put it, and very well, I'm the one that trusted the site in the first place. I would go so far as to say Jed should have an opt-in system that would raise the fee per transaction for those who chose to allow it, and the extra fees would go to a fund to cover just these situations, but then it would become very hard to separate real cases from scams, and I don't think Jed wants to become a lawyer (assuming  he's not one already) :)

The result would probably that if the police ever did investigate, they would report you to the IRS for tax fraud or something like that.

Somewhat off-topic, but regarding this from a few pages earlier:


The faucet is now empty. 

I see 200BTC there, and when I read you previous message it was 208BTC (give or take). One of us is looking at the wrong place :)

Yeah I dunno what happened.  Upon refreshing the page I now see 200.78, though I do promise you that when I posted it indeed said "The faucet is now empty, try again tomorrow, maybe some kind person will donate some" or something to that effect.  Must have been a glitch in the site or something.  My apologies for the minor panic and off-topic chatter.

By choosing to be involved in the bitcoin experiment and trading $ for btc in the first place we expose our to inherent risk.  This is something we all understand.  By trusting that a particular site is secure I mtake the risk I get that.  I understand the "what happens in the future when..." argument, but this is the case right now. Mtgox had a security hole.  As an ancillary benefit to the attack, Jed has discovered a hole and fixed it.  Mtgox is now more secure.  The bitcoin community is more secure.  I am out 900 btc.  I in effect was used to expose a flaw in their security and never compensated for it.  I'm clearly biased in my opinion, but this should be considered a cost of doing business on Jed's part.  I'm not saying that mtgox should be responsible for any and all situations and possibilities, but honestly If I was running the site and this had happened I would make it a point to see that the user was made good.

It's a cost for the group as a whole and this time you took the hit;
so thank you and I'll happily share some of the cost and donate a few coins to the amount of 55BTC

Not much but I don't have that many yet- but I made a copy of my wallet ;)

People keep asking me so...

The only accounts that were compromised were cryptofo and one other who I emailed. No other accounts were compromised. If you are still worried about it simply change your password.

I've paid out a lot to fraudsters since I started mtgox. But I admit I should have had something in place to prevent successive login attempts. But also a password such as abcd1234 is 4 letters and 4 numbers but would be found very quickly by any attack like this. 
Anyway it seems fair to restore half your coins.

Wow, bitdragon that really warms my heart.  I would really appreciate that.  I think this might be a good time to share a little more about myself and the project I have been working on and what led me to bitcoin in the first place.  It's a bit off topic and something I wasn't planning to share for a while as the project has been on the backburner while I've been busy with another project, but here goes.

I believe that what draws most of us to Bitcoin is an inherent desire for freedom and independence.  It is this same desire that drove me to invest many many hours and months into another project.  To some it may seem unrelated, but I have ideas and plans that could benefit both bitcoin as well my project.  At first there may seem to be no corelation, but as we dig deeper you will discover some very exciting possibilities.  They are lofty ambitions, but I'm building a framework for the future.  It's in it's infancy, but there is some core information on a video on my page openalcohol.org.  

To anyone who may want to donate some bitcoins to the project and/or to myself as I have just been robbed of 900+ there is a link to donate some bitcoins on this page.  http://openalcohol.org/node/25

At this point I won't dedicate to much about it here as this is a bitcoin forum, but if people are interested contact me at info@openalcohol.com and I will start doing my best to build up the site.

Thank you for your time and support
-Cryptofo

I think that would be incredibly fair also.  Thank you mtgox.

What is openalcohol?

mtgox, how much have fraudsters cost you so far? And are you still making profit?

Openalcohol.org is to be the homepage for a project I am starting.  There is a video on it that I think you will find very interesting and the basis for my project.

Falling off? I am waiting for MtGox to implement several major security reform or something like that.

20btc sent. It looks like an interesting project.

We can change annoying topic

QFT.

I do not understand why anyone would keep their bitcoins w/ mtgox. An encrypted wallet.dat is the only way I will ever store mine.

That means you will never be able to use any services that anyone provides.

cryptofo:
Would you be willing to tell us the password you used, that the thief managed to guess? I assume you no longer use it anywhere. :-)

mtgox:
Could you tell us approximately how many login attempts were made by the thief before successfully guessing cryptofo's password? If it was less than say 10000, then we'd know it was just a really weak/guessable password.

I notice that there's now a delay when logging into mtgox.com, which I think is a great way to prevent major brute-force/dictionary attacks. But I'm wondering if you've implemented any additional login protections, such as longer delays after a certain number of failed attempts from a single IP?

I ask because although "8 characters, numbers and letters" isn't very strong, it would take a huge number of attempts to purely brute-force if it were random. Or is the point here that it was a single word and a couple digits, easily broken by a dictionary attack? How weak was it really?

I use unique random 16-character passwords (upper, lower, and digits) most places. I assume I'm totally safe from the kind of attack that compromised cryptofo's account.

Ok, it's just a semantics misunderstanding then... I find the word "responsibility" a strong one. If you say somebody was responsible for a criminal act like this one, I understand that s/he is guilty of it. And if you're guilty of a crime, you must pay for it.
MtGox is obviously not guilty of what happened, that's why I say they have no responsibility.


This would be cool, but as you noticed, it's quite difficult... they would need to contract a external service probably, and I don't think there's enough volume for that.

Better, tell him to switch to an open source backend, so everyone will be able to inspect his source :)

Speaking of inspecting source, I inspected yours and am still waiting for you to use a safer password hashing function :-)

(For those not in the know: davout's Bitcoin Central platform hashes passwords with SHA256($pass.$salt). Although safer than the way most people hash passwords, this method is not safe enough because it does not implement iterated hashing to slow down bruteforce attacks. In a scenario where an attacker gains access to BC's hashes via SQL injection for example, the attacker would be able to bruteforce passwords at a rate of 1+ billion per second with one HD 5970. Iterated hashing like Linux's standard MD5-crypt slows this attack by multiple orders of magnitude.)

Cool. What bank does this? If you don't mind sharing...

You can submit a patch if you'd like :)

If it was as simple as that I would've done it already, the hard part is not to replace the hash function, the hard part is update the passwords that are recorded in the database if you see what I mean :)

The traditional way to handle a change of hashing algo is to have a transitional phase where 2 algos are supported in parallel in the DB. Whenever a user logs in and you detect an old hash format in the DB, just update it (you can because you have the pass during authentication). I would be glad to submit a patch but I am unlikely to find the time to do it.

No one even answered me, what the hell :)
Anyway, the faucet is closed for maintenance.
"Faucet closed for repairs

Sorry, the Bitcoin Faucet is temporarily closed for repairs. It should reopen in a day or two. Thanks for your patience."

Not a really good comparison since you'd have to have the hash of the password, and we could compile a rainbow table for almost anything. One way to defeat Rainbow tables is salting the password hashes (you are salting your passwords MtGox aren't you?) :D

You havent seen the double rainbow attack yet.  :P

Every bank in Finland. Also, all banks here support instant, irrevocable online payments from their customers with a simple interface. There are 3rd party services that have accounts in every bank, let the customer choose which to use, and forward the payment to the merchant. It would be very useful if there was an international service like that.

But then you have to write the passwords down, which kind of defeats the purpose. Sure, you can store them encrypted on your computer, but what about when you are travelling?

I use a fairly strong basic password, plus a rule to modify it for each site. This just gives me two things to remember: the password and the rule. The rule is not straightforward to apply, but I can do it in my head if I have to.

The only thing that messes this up is the occasional site that has some stupid password rule (e.g. no punctuation allowed).

What about public key infrastructure?

I use the portable version of Keepass for the passwords I need if traveling. Very useful and I always have my USB on me. You could also have lastpass save your passwords and they would be available anywhere with an internet connection.


I just rather have one master password than passwords with any sort of pattern. Some of my passwords are 50 characters long for paranoia sake. It would be good if I had a password I could memorize, but I usually think if a password is easy enough to remember, it's just not good enough.

 

Yeah, todays encryption capabilities can make your home a digital Fort Knox, so why use banks ?
This is exactly the reason why bitcoin is so awesome.

Because I don't want to sign a transaction with five PGP keys, a fingerprint and a sample of my DNA each time i want to buy some coffee.

Hi Friends,
I just wanted to let everyone know that Jed replaced half my bitcoins.  He is a scholar and a gentleman.  He didn't have to, but he did.  50/50 split responsibility.  Much respect and gratitude to Jed and all the work he has done to support the bitcoin community.  I have learned a valuable lesson in when it comes to not using bonehead passwords.  Thank you to everyone who has chimed in on this topic and extra extra thanks to bitdragon and freemarketagenda and anyone else who donated a few bitcoins to my openalcohol.org project.  Thank you all.  Me loves Bitcoin.

Some of the "traffic exchanges" would reject the very password I had still in my paste buffer and upon looking more closely at the plaintext email I saw it wasn't working because they had lowercased it. Ouch.

It was actually a while before passwords longer than 8 characters were even allowed in many programs. Even some Minix or Unix or Linux cant remember which types of things (maybe that Atari unix) used to only actually use the first so many characters, though they were at least consistent in that they chopped them when you tried to use them too instead of making you guess how many characters they actually had chosen to use.

I have seen that latter though at least once I just can't remember where.

Three failures and you're out a minute or more only allows about 1440 * 3 tries on any given account per day of brute force. Luckily for the brutes there are so many sites out there that three tries on each account at each site that has login can keep them busy a minute probably easy. (?)

Your bank doesn't tell you to use the last 4 digits of your social insurance number as your PIN so you'll remember it easily???

-MarkM-

The Linux/Unix "default" behavior is to use crypt() to DES-encrypt a truncated password as you described. Probably almost all Linux distros modify this behavior to something more secure, though.

How did they guess she'd tell the truth? Isn't she some kind of political figure? Hahaha.

No but seriously, keeping track of which pet I had and what school I was at according to which place other than MI5 who likely can find out the true info gets to be a lot to keep track of.

-MarkM- (That's a "five" not a "bee", by the way. :) :D)

(And since I can put the burden of knowing the right answer on them, why tell them either? Hahaha cool. ;))

Does this mean the merchant API has/had a way of discovering account names? And this involved sending a dummy transaction of 0 to each account? Has this been fixed?

I was just going to ask the same question.

Do you know of any software that can utilize a GPU to do brute-force password cracking (such as john the ripper, but GPU-capable)?

You should ask this in another forum. Otherwise we will have a bad reputation.

Ah, sorry I didn't quite realize how that would come out. I'm not wanting something like that to actually compromise accounts, more for enforcing password strength policies. but yeah, I can see how my message could be seen as sketchy!

MTGOX! WAKEUP!!!

Is it really a problem, having the password in the url when https is used? I thought that the browser checks the certificate and starts encrypting before the url is transmitted.

Yes it is.

However, this kind of URL is easily used in CSRF exploits.

OMG, this is serious.
These are security basics...

but this GET does not work....
the javascript behind the login page is clearly using POST:
        var name=$("#username").val();
   var pass=$('#password').val();
   $.post("/code/login.php", { "name": name , "pass": pass  }, onServer , "json" );
where/how did you get your URL?

I hope so. I got it in my address bar while I pressed the Login button.

Maybe you should contact mtgox before spreading FUD like this.
It is all documented in the API page, requires a POST (not very clean but well...) to be sent and the path is encrypted.

And you seem not to have a clue about them :)

Heh nice. However... it does at least LOOK bad, and that will always be enough to make someone sound the alarms once in a while. I would highly encourage cleaning that up, if only to look a little more... "professional", but also to avoid freaking people out.

Yeah, you are right. Sorry for that. It just looks quite scary.

I did notice this several days ago - mentioned the same thing in an e-mail to Jed - because I observed this in my address bar.  Jed replied that indeed the site indeed uses POST, but I indeed still see this in my address bar.

Is it secure?  Well... depends.  Sure, it goes over HTTPS.  But what about any toolbar that looks at your URL's and silently sends them somewhere (common).  Even IE in its most basic configuration sends URL's you visit to Microsoft for the purpose of "smart screen" filtering.  Also it sits in your browser history, and can be seen by later users of the machine if they type the beginning of the URL.  So that is why indeed it's a concern.  I have only observed this within IE, if I use for example Safari, I don't see this.

If you're seeing this, and I'm seeing it too, then it's a problem, and not FUD.

Also a concern is the password retrieval feature.  Anyone who can read your e-mail can access your account and there is no apparent way to control this.

I saw it using Firefox, but did not see it within Chrome. Seems that WebKit does not show it.

Worth noting is that the variables on the query string are "username" and "password", which differ from the variable names passed in the call to $.post ("name" and "pass").  The $.post call is then apparently unrelated to the problem.  (I confirmed that I see "username" and "password" in my address bar as well).

This problem is EASILY reproduced just by going into MSIE 8 and submitting an incorrect username and password.

As a workaround, would adding method="POST" to the form help?  (currently it is not specified, it relies on onsubmit returning false, but if this is misunderstood by some browsers, at least an accidental POST would be far cleaner than an accidental GET which I understand is the default?)

Thanks. Every once in a while, I need to be reminded there's a browser called "IE" that people still use, sorry.

Because you seem to have said so of course...

FYI, i would NEVER EVER put something like this in URL, because just from the looks of it it's scary as hell.
FYI-2 i know "something" about security, but i have no need to explain myself to you.

so, why are you coming back, and edit your posts if you don't care ? :)

point 1, explanation
point 2, fuck you thats why!  :D

You are putting things on my keyboard that i din't write.
I never said that i don't care HERE. Perhaps i didn't care in some other thread.

PS.
SERIOUSLY dude. What is your problem ? Just to remind you - it was you who started insulting me.
We could have a polite conversation but no - you like shitfight better.

Is there any reason for this dispute? Shake hands with each other, okay?

hey, I wish I can afford one like this too: (everybody with bitcoin seems to have one)

http://mickeymalta.files.wordpress.com/2010/04/high_horse.jpg

just kidding.

Is this thread still alive?
I've seen this just now.
I would like to ask what is a dictionary attack. If that is what I know, it is really unlikely that it could have happened.

Firstly a dictionary attack means that somebody has used a dictionary word for his password. Or maybe 2 dictionary words sticked together. Already with 3 sticked together it's really unlikely that it could be completed in any reasonable time. Consider an english dictionary of 3000 words (that's low, let's assume just common/simple words and english language), you use 3 of them sticked together, suppose you even use all noncapitals characters, no digits and no spaces, it still means the attacker has to bruteforce 3000^3 = 27000000000 combinations. The attacker needs to try half of those combinations on average, to crack the password.

Over the network, with SSL authentication (that's overhead) I don't think the attacker could really try more than 1000 passwords per second; after that it becomes a bandwidth and CPU attack against mtgox resulting in DoS. even at this speed it would take an average of 10 years of continuous attempts to crack one single password, and nobody noticing anything in the meantime. I don't see this likely *at all*.

A different thing is if the attacker was able to download the file of hashed passwords by first hacking the mtgox website database with mysql injection. After that he could perform the dictionary attack locally on his PC (as opposed to over the network). At this point 3 words sticked together becomes feasible and 4 words is so-so. Also, I read people speaking about rainbow attacks: again, these are feasible only if the attacker could download the hashed passwords file.

But at this point one wonders, if the hacker is able to hack the DB and download the hashed passwords file from the website, why isn't he able to just login to the victim's account or change the victim's password to something known to him?

So I don't really see this clear. How did this attack really happen?

The people who got their account hacked (who hopefully changed their password by now) would they be willing to disclose their old password so we have an idea of how weak that was, and how could this hack actually happen?

Generally a dictionary attack would be done with a pregenerated list of common passwords sorted by frequency of use.

Well kinda. Firstly, stringing words together isn't the most common of things people do. Shit, even I use one word dictionary passwords in some places. Common is a dictironary word, word with numbers at the end, more likely than not all lower case.... some words are more common than others... in any case, there are optimizations that reduce effective keyspace.

Also, hashes can have collisions. Technically, you don't need to guess THE password, just something that hashes to the same value (unlikely but, no way to rule out collisions). Then there is the number of accounts. Maybe instead of scanning one account for all possible good passwords, you just try lots of different accounts in the set of bad ones?

Remember, even the HBGary hacks, a security company, BOTH founder and CEO had 6 char, all lower case passwords with numbers at the end (or so the claim goes).

All that said, I am skeptical of dictionary attacks. More likely attacks, to my mind? Well, again back tot he HBGary hack... same password on multiple accounts anyone? I almost garauntee that you go to ANY forum on the net, including this one, post a link to a site you own, with some reason to register, and you will get a list of usernames and passwords that are probably valid on other sites.

Do it here, and the chances they work on mtgox.... well.... you get the picture.

I generate passwords with:


:D

I prefer pwgen -s 60 (less to type) :)

This thread was quite an interesting read. One thing that seems to have become unnoticed is Liberty Reserve's part in the stolen Bitcoins. I think that in the case of large transactions like the ones that happened in this thread there really needs to be an obligation to check whether the Bitcoins are stolen or not. MtGox took the right approach to trace how the funds were stolen and where they went. In fact I think that if Liberty Reserve was not so quick to trade the Bitcoins into cash then there would have been a larger chance to catch the thief with the Bitcoins.

I think in the end all avenues need to be checked and not simply the ones that deal with password security or server security. Simply sweeping this problem under the rug isn't going to solve anything and when problems like these do happen they need to be documented in their fullest. This is the second time I've read a thread where a lot of money was stolen and I can only imagine this problem escalating as Bitcoin becomes more known to the general people and especially to those that do not take security seriously.

I started using mnemonics for passwords years ago. Take some phrase from a song, movie, or anything you like.... then make a string out of it. Something like "I started using mnemonics years ago"

Can become a string like:
I<um4PYA

Reduces the time it takes before I can type them from memory, and makes it much easier to recall them later, sometimes even years later.

Ah, but all of the password I generate are stored on my encrypted drive, and the drive password is, well, longer than my screen. That one I remember completely. :D

So this all makes me wonder if there is a way to create a central database about fraudulent transactions, and associated addresses. Someone would make an entry into such a database and provide contact information or other community based details, perhaps sign them with a key that they use as a part of transactions on bitcoin-otc/IRC.  Then, when someone else who cares and receives a payment with these bitcoins from someone else, they can contact the original person to get details and perhaps deny the sender the goods/services they're trying to purchase with the stolen bitcoins.

Yes, it would take an outside database, and yes it would take a strong community with reputation and social trust, but it could be helpful.

One example of such a database for Laptops/computers is: http://www.stolencomputers.org/home.html. 

Access to a database for bitcoins would come as a plugin or add on for a user to install on their bitcoin server.

It's nearly impossible to mark certain Bitcoins as stolen or dirty because they can be so easily laundered.  For example, send the stolen coins to an account at MyBitcoin.com, withdraw the coins to a new Bitcoin address.  The withdrawn coins are completely clean and other MyBitcoin.com users end up with the "dirty" coins.

Though, realize if "bitcoincop" is a real "cop" then he may be thinking that is easy. Once you find one of those users, you question him, and when he tells you that he uses mybitcoin, then you go to mybitcoin and try to get them to release their records, afterall, they should be able to make the connection with the account that they were deposited into.

That said, if mybitcoin can be convinced (or compelled) to help, then this should be a trivial step. Of course, since you can access them as a location hidden service, and they require no real information to sign up, it could easily be a dead end too.... and that is before we even consider other possibilities.... like coin tumbler (or similar). Unless the thief was the only person using it at the time, and not particularly clever about it, simply going from one service like mybitcoin or mtgox to another, through coin tumbler with multiple addresses well... I hope you get the picture.

hell, I recall even seeing someone on Silk Road who was offering pre-laundered bitcoins for sale. They claim to do some sort of escrow, so its not even like that person could cheat and send back the same coins (not that it would be hard to determine, but as a scam, i bet would work most of the time) and wouldn't even know the buyers real name.... though, I guess if you were sure that he did it, again, its no better or worst than mybitcoin in terms of, you could at least ask him to help you pick the trail back up. (assuming that he keeps records)

Though, how you convince an anonymous people, running services intended to gaurd your anonymity, to voluntarily cooperate in compromising someones anonymity, even in an indeterminate way like this, is an open question. I guess its possible that accusations of thievery may sway them to help, but, they may want you to prove it before they are willing to help.

Afterall, its not like you can pull them into an interrogation room and get out the rubber hoses. That is, unless you can compromise their identities first.

Tracing bitcoins is basically the same as tracing cash:  if you catch the original person spending the cash directly you have them, otherwise the bills will just show up at banks after having been passed through multiple organisations with no way to track them.  A smart enough criminal can keep from getting caught after a cash heist, and similarly a smart enough criminal can keep from getting caught after a bitcoin heist.  Fortunately, many criminals are stupid and get caught anyways through some small slip-up.  Gaining expertise in the entire system and how to catch those tiny slipups will give law enforcement the same edge with regards to bitcoin that they have with cash.  Some criminals will get away, and some will get caught; expertise on the part of law enforcement will increase the proportion caught.

The same thing happened to me too. I login my account today and found I lost 42.9$ in my account, and I have no idea about the latest two trade in my trade history. I mean even my account is week, the hacker shouldn't know my username. Someone in the office must be leaking user's information.

Now, we know that 1765 of the MtGox password hashes leaked today were not salted. :-(

well... my mtgox password was ªç!¼:Üý\†€BZ*Š”TbŠòê  unique for this site, moreover I never sent them a single penny, bit or fiat.

Learn from the pros, kids.

I am still pissed off by finding my email in that damn list.

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.

Same here, getting some really fucked up spam now.

So true.

History books?  Hell, I feel like I've been living inside a Bruce Sterling sci-fi novel for the last month.

Today topped them all, as an especially Islands-In-The-Net kind of day.  Damn those data pirates!

/wants razorgirl bodyguard

HIS POST IS FROM JUNE 10.

you fail.

mea culpa.