Bitcoin Forum

Time to get the torches and pitchforks this is the last blow we needed for bitcoins its time to take a  stand....

So go ahead and lets list some resources how we can track down this mother eff'er ....

Does this work ?

http://www.domaintools.com/research/hosting-history/?q=mybitcoin.com (http://www.domaintools.com/research/hosting-history/?q=mybitcoin.com)

Has nobody ever even gotten one email from the slob ? or one response via the forum here? how is it possible that neither above has happened?

[update 1] I did find an old listing for a php programmer but it has since expired - something about a php programmer for mybitcoin.com   if we could get in touch with the programmer he might be able to shed some light on things...

[update 2] Might be worthy reaching out to Anonymous since this was a source of funding for them. Also, seems we are establishing some things regarding the server.

[update 3] Bounty on his head has been set up!  :)
https://bitcointalk.org/index.php?topic=34443.0

Bbit - From what I have heard he had change the whois info on the actual domain.

Has anyone had a response from the hosting company? Surely they would have some real info on this guy unless he used some fake ID for the hosting.
It won't be impossible to find this person in this day and age, I think if everyone can be serious about this matter and not Pop up with Fake Mr Williams accounts and rubbish, and all real information is bought forward, there are enough people, enough resources to find this person.

So, we need as much information as possible. What where the old domain details before the Whois information changed?
What has the hosting provider said so far? Have they released any information or accepted the payment to the backup idea??

Well the hoster (Leaseweb, in The Netherlands) would know his identity probably or at least who paid for it. Someone should sue him so that this information can be subpoenaed. If that doesn't work you can always take out the torches and pitchforks but please try to solve this civilly first...

Do you even need to provide a real name when registering a domain?  I suppose there would be a name on the card used to pay for hosting, but couldn't someone grab a prepaid visa?  Tom Williams is an incredibly generic name, and I doubt hosting companies would give out client information to an angry mob.  That seems like bad business practice.  The only break I could imagine would be if someone new Mr. Williams personally and handed over the details.  Even then good luck trying to get any restitution through the courts.  

The earliest reference I can find on the forum is this:


It looks like 'komoto' signed up specifically to make this post.

On the i2p forums.. there is an announcement on may 1st 2010 - and this more interesting post in September:

http://forum.i2p2.de/viewtopic.php?t=4929&highlight=MyBitcoin

This guy has been seriously into privacy right from the beginning.  

I've tried hunting around a little within the i2p network - but well.. I doubt there's anything to find.

From #bitcoin-police on Freenode concerning Tom Williams:

#######################################################

Greetings bitcoin community!

#bitcoin-police is operated by volunteers from the Bitcoin community at large to respond to fraud related activity within the community.  Although our powers of action are obviously as limited as any other internet denizen, we aim to collect as much information as possible in order to be capable of providing dossier information for legal action should it ever ensue.

###########   INFORMATION RELASE - MYBITCOIN.COM    #############

The following dossier has been compiled by #bitcoin-police in response to growing community debate over the current situation in relating to the online wallet provider MyBitcoin.com.

**IMMEDIATE SITUATION

Begining on Friday 29th July 2011 the site www.mybitcoin.com was reported as experienceing outages preventing transfer of funds to/from online wallets.  At this time further reports emerged alleging the failure of medium to large sums of Bitcoin failing to be transferred to target wallets.

related link:

https://bitcointalk.org/index.php?topic=32900.0;all

Historically, some question has been raised as to the operations of myBitcoin.com as early as mid june this year, spurring a repsonse from the alleged owner:

https://bitcointalk.org/index.php?topic=22221.0;all

* The use of GpG signature here should be noted as well as the name of the poster.
from this we can conclude that "official" communications from myBitcoin.com are GpG signed to:

http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin

** HISTORY

early indications of problems with mybitcoin operations emerged around June 29th/30th 2011:
with (verified) responses from mybitcoin operations team revealing key technical details of the workings of mybitcoin.

https://bitcointalk.org/index.php?topic=32900.0;all
https://bitcointalk.org/index.php?topic=24548.0;all

additional concerns emerged in early july (July 5th) implicating (most probably falsely) Bruce Wagner of Bitcoinme.com. (rapid cleansing of bitcoinme indicates no likely link to mybitcoin)

http://bitcointalk.org/index.php?topic=26224.0;all

with further issues and concerns raised throughout July 2011

http://bitcointalk.org/index.php?topic=26224.60
http://bitcointalk.org/index.php?topic=29147.0
http://bitcointalk.org/index.php?action=profile;u=8940;sa=showPosts
https://bitcointalk.org/index.php?topic=33458.0;all
http://www.reddit.com/r/Bitcoin/comments/imw0y/mybitcoin_is_a_disaster_waiting_to_happen/
http://www.blogger-index.com/feeds.php?feed_id=29159&&p=1 [Shitcoin]

**Investigative Resuls

Initial investigations into the ownership of myBitcoin.com reveal:

Registrant:
 MyBitcoin, LLC
 Main Street
 PO Box 556
 Charlestown, Nevis
 KN

 Administrative Contact:
    Williams, Tom 
    Main Street
    PO Box 556
    Charlestown, Nevis
    KN
    +6499518329

 Registrar of Record: TUCOWS, INC.
 Record last updated on 27-Mar-2011.
 Record expires on 25-Apr-2012.
 Record created on 25-Apr-2010.


Seemingly legitimate results with the exception that the listed address is well known.
Quick investigation shows that the address to which MyBitcoin.com is register is actually the same as
PrivacyShark.com

Registrant:
 Privacy Shark, LLC
 Main Street
 PO Box 556
 Charlestown, Nevis
 KN

 Domain name: PRIVACYSHARK.COM

 Administrative Contact:
    Privacy Protected Domain, Privacy Shark Domain Trust  cHJpdmFjeXNoYXJrLmNvbQ==@privacyshark.com
    Main Street
 
    Charlestown, Nevis
    KN
    (202) 558-2876

PrivacyShark.com is a known anonymous Domain registrant providing "anonymous domain names, anonymous dns, and offshore whois information.

...

Privacy Shark, LLC (privacyshark.com) is a wholly-formed corporation that is governed and regulated by the courts of Nevis, West Indies."

_______
It appears that many other shell companies use this fake address, such as

http://panjiva.com/Envases-Globales/1081553
Envases Globales
P O Box 556 Main St Charlestown Nevis
or

King Zulu LLC.
P.O. Box 556 Charlestown, Nevis Last Updated on: 28-DEC-08


Of iteresting note is the information provided on PrivacyShark's About page:

"
Q. How do I order / make payments?
A. In order to be 100% anonymous, we only accept anonymous forms of payment. We accept Bitcoin (we recommend MyBitcoin). Order by clicking here.
" [http://www.privacyshark.com/about.html]

where a clear link promoting MyBitcoin.com is present, as is the information that normal clients registering through PrivacyShark will have a generic registration with the following format:

***

BEFORE Privacy Shark

Registrant:
John Smith
#123 Your Address
Sometown, CA 90210
US

Domain name: YOURDOMAIN.COM

Administrative Contact:
Smith, John jsmith@yourisp.com
#123 Your Address
Sometown, CA 90210
US
408-555-1212

Technical Contact:
Smith, John jsmith@yourisp.com
#123 Your Address
Sometown, CA 90210
US
408-555-1212


Domain servers in listed order:
NS1.YOURISP.COM
NS2.YOURISP.COM
AFTER Privacy Shark

Registrant:
Privacy Shark, LLC
Main Street
PO Box 556
Charlestown, Nevis
KN

Domain name: YOURDOMAIN.COM

Administrative Contact:
Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.com
Main Street
PO Box 556
Charlestown, Nevis
KN
(202) 558-2876

Technical Contact:
Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.com
Main Street
PO Box 556
Charlestown, Nevis
KN
(202) 558-2876


Domain servers in listed order:
ANONYMOUS-DNS1.PRIVACYSHARK.COM
ANONYMOUS-DNS2.PRIVACYSHARK.COM

***


At this point, the registration of MyBitcoin.com does NOT match the standard format for a site registered via PrivacyShark.

Further investigation shows at lest one known Bitcoin scam site registered via PrivacyShark that exhibit "normal" registration details [Bitcoin4Cash.com]:

http://bitcointalk.org/index.php?topic=8258.0;all
http://pastehtml.com/view/aui7tmtfe.html

Registrant:
 Privacy Shark, LLC
 Main Street
 PO Box 556
 Charlestown, Nevis
 KN

 Domain name: BITCOIN4CASH.COM

 Administrative Contact:
    Privacy Protected Domain, Privacy Shark Domain Trust 
    Main Street
    PO Box 556
    Charlestown, Nevis
    KN
    (202) 558-2876

____

Additional information reveals the following known sites registered via PrivacyShark:

phonefate.com
h410g3n.com
quiveringfuckholes.com
netwerked.net
voodoomachine.com
hackcanada.com <====****
6server.com
freeworldtel.com
daliwen.com
mybitcoin.net <====****
assserver.com
wwwmybitcoin.com <=====****
talksugar.com
bitcoinreserve.com <=====***
demeterscoffeevault.com
7upyours.com
dalinowen.com
6server.com
plusnethosting.com
talksugars.com
wwwtalksugar
diskhaven.com
1buckphonesluts
1hotphonebabe
anomaliesonline.com
1hotphonebabe4u.com
myfaveslave.com
pussyjuicegirls.com
sawtoothrc.com
phonefate.rog
talksugar.org
mule-coquine.info
hackcanada.org  <====****
cfraamail.org
plusnethosting.com
freeworldtel.com
pickup-test.com
test-depersonalidad.com
testbaleni.com
globalxxxhost.com
bitcoinia.com  <===***
phonecallgirl.com
sexiestserver.com
pimpdollar.com
dalinowen.com
dalinowen.com
plusnethosting.com
phonefate.net
1hotphonebabe4u.com
chicagobbwescort.com

[ty - http://privacyshark.blogspot.com/]
___

Of most interest here is the inclusion of HackCanada - an organisation with historical ties to the bitcoin community.

Investigation of the NETBLOCK upon which the mybitcoin servers operate shows that the servers are operated by LeaseWeb and the immedaite servers also host:

nanaimogold.com   -   United States   Nanaimo Gold   -
http://www.nanaimogold.com

pimpdollar.com   -   United States   -   -
Pimp dollar
http://www.pimpdollar.com

phonefate.com   -   -   Privacy Shark, LLC   -
Phonefate phone sex with talksugar
Talk sugar : livecam & phone sex : now with phonefate
http://www.phonefate.com

kinkybyphone.com   -   -   -   -
Kinkybyphone phone sex with talksugar
Talk sugar : livecam & phone sex : now with kinkybyphone
http://www.kinkybyphone.com

nettwerked.net   -   United States   -   -
Nettwerked; a web-site for the canadian undergr0und scene
Nettwerked
http://www.nettwerked.net

**NOTE this site is operated by a founding member of HackCanada

hackcanada.com   -   United States   -   -
Hack canada - it dont mean jack if it aint got that hack.
Hack canada : hacking, phreaking, and tempestuous technology. rewiring your world the way we want it.
http://www.hackcanada.com


LeaseWeb Complaint ==> http://www.webhostingtalk.com/showthread.php?p=7602128
                       https://bitcointalk.org/index.php?topic=33020.0;all

** Most Recent Activity

Of most recent note is an alleged post by the "owner" of mybitcoin.com which reveals contradictory technical information regarding the operation of mybitcoin:

https://bitcointalk.org/index.php?topic=33646.0

This post is not GpG signed like any other communique from mybitcoin.com to date. Also the technical details and experience of staff elluded in this post would indicate that it is HIGHLY UNLIKELY this post originated from any real owner of mybitcoin.

Most recent scanning of the site revealed that Privoxy serevices hosting TOR hidden service were most recently halted and current nMap activity of the site shows:

Starting Nmap 5.51 ( http://nmap.org ) at 2011-08-03 01:18 E. Australia Standard Time

NSE: Loaded 57 scripts for scanning.

Initiating Parallel DNS resolution of 1 host. at 01:18

Completed Parallel DNS resolution of 1 host. at 01:18, 0.01s elapsed

Initiating SYN Stealth Scan at 01:18

Scanning www.mybitcoin.com (83.149.112.133) [1000 ports]

Increasing send delay for 83.149.112.133 from 0 to 5 due to 11 out of 11 dropped probes since last increase.

SYN Stealth Scan Timing: About 10.07% done; ETC: 01:23 (0:04:37 remaining)

Increasing send delay for 83.149.112.133 from 5 to 10 due to 11 out of 11 dropped probes since last increase.

SYN Stealth Scan Timing: About 19.10% done; ETC: 01:23 (0:04:18 remaining)

SYN Stealth Scan Timing: About 28.10% done; ETC: 01:23 (0:03:53 remaining)

SYN Stealth Scan Timing: About 37.17% done; ETC: 01:23 (0:03:25 remaining)

Discovered open port 9999/tcp on 83.149.112.133

SYN Stealth Scan Timing: About 46.03% done; ETC: 01:23 (0:02:57 remaining)

SYN Stealth Scan Timing: About 47.37% done; ETC: 01:24 (0:03:21 remaining)

SYN Stealth Scan Timing: About 48.73% done; ETC: 01:25 (0:03:42 remaining)

SYN Stealth Scan Timing: About 50.33% done; ETC: 01:26 (0:04:04 remaining)

SYN Stealth Scan Timing: About 52.77% done; ETC: 01:27 (0:04:29 remaining)

SYN Stealth Scan Timing: About 56.77% done; ETC: 01:29 (0:04:58 remaining)

SYN Stealth Scan Timing: About 70.23% done; ETC: 01:34 (0:04:53 remaining)

SYN Stealth Scan Timing: About 78.07% done; ETC: 01:36 (0:04:03 remaining)

SYN Stealth Scan Timing: About 84.27% done; ETC: 01:37 (0:03:07 remaining)

SYN Stealth Scan Timing: About 89.90% done; ETC: 01:39 (0:02:07 remaining)

SYN Stealth Scan Timing: About 95.17% done; ETC: 01:39 (0:01:03 remaining)

Completed SYN Stealth Scan at 01:40, 1356.93s elapsed (1000 total ports)

Initiating Service scan at 01:40

Scanning 1 service on www.mybitcoin.com (83.149.112.133)

Completed Service scan at 01:41, 44.61s elapsed (1 service on 1 host)

Initiating OS detection (try #1) against www.mybitcoin.com (83.149.112.133)

Retrying OS detection (try #2) against www.mybitcoin.com (83.149.112.133)

Initiating Traceroute at 01:42

Completed Traceroute at 01:42, 3.66s elapsed

Initiating Parallel DNS resolution of 21 hosts. at 01:42

Completed Parallel DNS resolution of 21 hosts. at 01:42, 12.05s elapsed

NSE: Script scanning 83.149.112.133.

Initiating NSE at 01:42

Completed NSE at 01:42, 0.71s elapsed

Nmap scan report for www.mybitcoin.com (83.149.112.133)

Host is up (0.28s latency).

Not shown: 998 filtered ports

PORT     STATE  SERVICE    VERSION

3300/tcp closed unknown

9999/tcp open   ssl/abyss?

Device type: general purpose

Running (JUST GUESSING): OpenBSD 4.X (87%), FreeBSD 7.X (85%)

Aggressive OS guesses: OpenBSD 4.0 (87%), FreeBSD 7.0-RELEASE-p5 (85%)

No exact OS matches for host (test conditions non-ideal).

Uptime guess: 0.001 days (since Wed Aug 03 01:41:33 2011)

TCP Sequence Prediction: Difficulty=261 (Good luck!)

IP ID Sequence Generation: Randomized


In closing, #bitcoin-police conclude that it is most likely that MyBitoin.com had suspicious origins and the ongoing failure of authenticated communication from the provider would allege some level of impropiety on behalf of the operator. This investigation is marked as OPEN with a high level of suspect indicators.

Any public information regarding this even tis welcom on the freenode #bitcoin-police channel, in Private Message to MrTiggr or GpG email to mr dot tiggr at gmail dot com

MrTiggr - Commander-in-Chief, Bitcoin Police
graingert - Pastebin hero

I found the same thing as I've been searching back also ...I'll post more what I find ...

I'd still like for someone who knew Len Sassaman to rule out the possibility that he was running it.

He killed himself on July 3rd I believe - so perhaps it was running via the tor/i2p networks from his personal system or something and someone switched it off in late July.


Yeah.. it's a stretch.   But Len Sassaman was a 'privacy champion' and was in to things like i2p..    just like 'Tom Williams'

That sunnabitch....  Grab me my overalls and gun, we are gonna have an old fashioned posse.

In more important news, I am still laughing about the third site name in that list by nhodges.  Just check it.  I don't dare to actually point my web browser there.

i checked it out for you... it directs to a phone sex site titled Talk Sugar. New members get $5 free... register today :D

People... can you leave at least one thread free of the images and irrelevant discussion for those who actually care about the mybitcoin incident?

Please make it this one.

Thanks.

I was thinking the same thing ... this is pretty serious stuff ... so please leave the funnies and photos for another thread thank you!

Domain tools does work.  I do not have a subscription but it can find previous whois information.  This would only help if the owner registered to himself or some other valuable information, then changed it later to its current state.  It is a shot in the dark but may provide information.

Seems indeed that the IP was (or is?) running a tor router under the name "BitcoinIsAWESOME"

https://metrics.torproject.org/routerdetail.html?fingerprint=b643b9519360c62e6fba18ff2e47e028908595bd

Interesting thing is that it was "published   2011-08-04 03:00:25.0" so apparently there is still activity on the server?

Still is and it's up

Interesting ...it is still up  I suppose that can be a good sign in a sense  meaning there is activity on the server ....

There's also another Bitcoin...  TOR server in the same IP range

http://torstatus.blutmagie.de/

They also have the same uptime (!) so are probably owned by the same person. The other host has port 80 open but it always replies with "400 Bad Request".

At least the port 9999 that is open on the server is indeed TOR. Obviously, there is no way to scan whether it offers any hidden services, but it's interesting.

Somehow I don't really believe a scammer would close (firewall) port 80 and 443 but not nuke the entire server, as it's evidence...

The email addresses associated with the OpenPGP certificate from 2010-04-27 are:

mybitcoin@mail.i2p
mybitcoin@i2pmail.org


Perhaps it's worth trying those..  (the first presumably has to be done from within the i2p network)

You don't REALLY have to provide legitimate contact information for a domain when you purchase it. You're supposed to, but in the vast majority of domain providers the actual enforcement of that rule is spotty at best, and non-existent at worst. At least with a 'privatized' contact field its likely the owner at least put in real information before paying to have it hidden...

According to this thread, posted yesterday, there've been 62 changes to the whois record since the domain was registered and the original registrant was a William R Smart.

https://bitcointalk.org/index.php?topic=33815.0

A Tracey Williams-Morton is listed as is listed a contact for Meridian Trust but Meridian Trust and its affiliate Morning Star Holdings are licensed trustees and company agents respectively.  It's likely that any name appearing in the whois records is that of a Meridian Trust or Morning Star employee rather than an owner or manager of Mybitcoin as there is no requirement for the identity of owners or beneficiaries to be disclosed when forming an LLC in Nevis.

was the entire site really behind tor? if that is the case, i wish you guys the best of luck to find him, otherwise if it wasn't just get the federal bureau of investigation or some other entity that cover cyber crime. they can force the hosting company to reveal the identity of the person/s.  an incident this large is almost certain to get caught. and when he/she is caught, you might be lucky and get all your coins back assuming the logs were still in tact/obtainable, or at least be ordered to pay back the BC.

It had a tor hidden service, but was also reachable through normal https... otherwise we wouldn't even know the IP address and hoster.

then what is the problem. the FBI should be able to get his name and such np. unless he used fake details for registration.

That won't work if he was born with a fake name.

It's going to be hard to get any authorities to take this seriously unless the coins are actually moved.  Right now the evidence of wrong-doing is limited to a website being down, something which I doubt is an offence in any First World nation.

Given that Mybitcoin went for maximum anonymity when creating the LLC and registering the domain, I'd be surprised if the hosting company has any details about the actual owner.  It's most likely that was arranged through their company agents as well, which means law enforcement would hit a dead end unless they're willing to devote a huge amount of resources to sifting through the hosting company's records to try to determine where the unknown owner logged in from. 

I still consider it a reasonably likely scenario that the site was run by a privacy-advocate/cryptographer  - who has simply died.

should we start trying to crack the private keys then?

According to the "from the desk of Tom Williams" statement in June, two technicians have access to the server.


https://bitcointalk.org/index.php?topic=22221.msg279396#msg279396

You'd think that by now one of them would have realised that there's something wrong and that if something dramatic has happened to "Tom" they'd be trying to find a way to communicate with the users of the service.

"normal https" is interesting..

Does anyone have any information about the issuer of the certificate that was used?  Presumably if it was self-signed it would have been giving browser warnings.. so did the site actually have a commercial https certificate issued for 'www.mybitcoin.com'?  

If the other 'technician' was the dead person's spouse ..   then maybe the whole thing just isn't of interest right now. The other technician might need physical access to fix it - and may not even be in the same country.

It seems that www.mybitcoin.com was using a CACert

http://bitcointalk.org/?topic=1043

cacert.org may have more information on record about who the certificate was issued to.

They may just both be VPSes that happen to be on the same host machine.

For any hosting provider I've been with, every VPS had one or two IPs of itself. They never shared one IP between multiple VPSes.

It could be that both IPs belong to one VPS or physical server, it could be two different servers, it doesn't really matter. I do suspect they belong to the same person.

Of course, every VPS will have its own IP (if it doesn't, I suggest you start looking for a different provider). However, these IPs were not identical, they were just in the same range. Almost every VPS provider will have the different VMs on one machine, all in the same range (at least for IPv4 addresses), to keep it easier to oversee what VM is hosted on what physical server.

Considering Leaseweb is fairly popular for somewhat more questionable content (including TOR nodes) it is not unlikely there are simply two unrelated TOR nodes on the same physical server, purely by accident. Not to mention that, as far as I am aware, Blutmagie is a fairly well-known TOR node.

I'd bet good money you guys are looking at lost funds due to a death here, especially if the bitcoins haven't been moving from the MyBitcoin wallets.

probably looking for someone to buy them not in an exchange.

PrivacyShark is a company older than bitcoin, who had once created a profile in this forum to answer some criticisms.

I still suspect that this whole problem isn't a scam, but rather that Tom Williams suffered some serious accident or even passed away, and there's currently nobody capable of maintaining the site.
If at least this could be verified, those with money in MyBitcoin could make a bounty to pay for one more month of hostage in leaseweb - if they haven't deleted all the account's data - just in the hope of bringing the MyBitcoin system alive once more and allow everybody to withdraw. But if the claim once done by Tom Williams that most of the coins are on cold storage is true, and if he hadn't told the password to these coins to anybody of his trust, then it's game over.

This fits my impression of the whole thing.
Given that back when mybitcoin was set up - It was far from obvious that speculation would drive such high values, it seems unlikely that this sophisticated privacy arrangement was put in place with the intent to defraud from the outset.  It's far more likely someone who is 'into' cryptography and privacy in the geek/political sense.

I suspect now that the leaseweb server was probably little more than a front-end.. and the real server was somewhere inside the i2p network.

I'm sorry to bring Len Sassaman's name into this again without evidence - but the fact is that he was
a) into cryptography and was a privacy advocate (knew of/used i2p tor etc)
b) at least knew of and has commented on bitcoins (hence having his ascii image imortalized as a tribute in the blockchain - very cool)
c) died at approximately the right time. (3rd july) -  perhaps mybitcoin was running on autopilot til something went catastrophically wrong on about the 29th.

Now it's a big planet with big interwebs - so one shouldn't read much into coincidences (unless you want a career as a conspiracy nut)..  but It'd be great for someone who knew Len to make some gentle enquiries amongst his friends to either rule this out, or see what they can find.

Yeah, right... they are both called Bitcoin*something*, have the same uptime, and the servers have quite a lot of similar properties. Sure there's a small chance they are unrelated, but I wouldn't bet on it.
The Blutmagie site has a list of TOR nodes (which I linked to). It is completely unrelated to their own TOR node.
This name pops up quite a lot. Now is he Satoshi or the mybitcoin owner? Or both? :)

Yes, people have been trying to contact MyBitcoin admin for a while now, since weeks before the outage, with no success. "Something went catastrophically" could just be failure to pay for hosting, and having your server shut down.

This really seems the most likely explanation.

No, that's not it. The server is still running and routing TOR. Have you read the rest of the topic?

But you don't know which server the underlying HTTPD service (let alone the wallet/database) was on.  It's highly likely to have been a tor hidden service, or an i2p 'eepsite' running who-knows-where. That the leaseweb server has some TOR stuff on it doesn't tell us it was the HTTPD (does it??)

(edit: the leaseweb server may have simply been the HTTPD for static content - the dynamic stuff coming from the other end of the tunnel.
The 'failure' - be it payment or whatever, could be on an entirely different system. maybe even a home desktop.
)

That's true... it could be only a proxy. Though I suspect the site would be very slow if it piped everything though I2P/TOR.

I've never used mybitcoin so I don't know what their speed was.

Being the same uptime and having similar properties is one of the main characteristics of two VMs on the same host machine. If the host machine gets restarted, so will the VMs, meaning they all have the same uptime if they are on the same machine. A lot of similar characteristics would also be logical if they were two VMs on the same host machine. Of course it's possible that they are from the same owner, and my theory may indeed be unlikely - however, unlikely is not the same as impossible. And in my opinion my theory is reasonable enough to at least consider it, and not blindly assume they are from the same owner. I'm not saying I'm right, just that it may be a possibility :)
Sorry, I should have said 'fairly often used' rather than 'fairly well-known'. I see people connecting to my own IRC network and other places rather often from Blutmagie, along with formlessnetworking and torservers.net. Probably because they have most bandwidth.

When I tried some i2p services the speed was tolerable - but I also never used mybitcoin, so I don't know if it's plausible that it was at least partly run over a tunnel.

I guess the problem with the conjecture that some site at the remote end just fell over, is that theoretically that wouldn't stop the frontend listening on port 443 - and it appears that it's not.   It could be that the frontend automatically closed that off when the backend disappeared though.

I'd still like to know if there is any way to research the information associated with the CACert certificate for 'www.mybitcoin.com'
They have an organisation assurance policy which states things like:
# The organisation named within is identified.
# The organisation has been verified according to this policy.
# The organisation is within the jurisdiction and can be taken to Arbitration.

If it turns out that they haven't done this properly - and have allowed a truly anonymous use of an organisational certificate - then CACert may have a stain on it's reputation.   Does anyone know how to proceed with this?  I may just email them and ask about it..

CACert is incorporated in my state - New South Wales, Australia.  I wouldn't count on many of its members being within New south Wales jurisdiction.

Unlikely. I have never seen a reverse proxy or tunneling solution that stopped listening on a local port if the backend/network was not reachable. There would also be no reason to do so.

My understanding is that the 'jurisdiction' here they are talking about is whatever jurisdiction the identified entity has been certified for - not where CACert is based.
I suspect this will just lead us in a circle back to Nevis though :(


I am also in NSW by the way :)

I've posted to the list cacert@lists.cacert.org

I've pretty much given up my own semi-anonymity now by doing this.. oh well. mtgox leaked my email anyway :P

You're probably right, and it will probably just lead back to the Netherlands or Nevis (and I seriously doubt that Tom Williams is located in either).

I wouldn't pay attention to his security procedures much.  He outright lied about hashing passwords in the database. 

Quote from that Thread:

We had a password reset issue months ago in which we needed access to our account.  After about a month of lack of communication we finally received access to our account through the original password that was sent to us in plain text from mybitcoin.com .  We "remembered" the password after seeing it again and were shocked that mybitcoin stored passwords in plain text.

Now I'm wondering if MyBitcoin was the one that hacked Mt. Gox.

Very good chance this i the case sense everyone used the same username/password between the 2.

Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. >:(

the best chance we got is get a court order to force his domain registrar and hosting company to give up his contact information.

Anyone up for a nice week-long vacation in the tropical island of Nevis?

Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you?


Idle thought here, but has anyone sent a tweet or anything to Anonymous?  They stuck up for Wikileaks out of principal.  And ironically, preventing bitcoin from getting hacked and collapsing protects their potential source of anonymous donations.

Not a bad idea to see if they could help.

So... no lounging/tanning by the P.O. box then?  :'(

We would just set up lawn chairs by the P.O box and wait.

If it helps find him, here is one of my mybitcoin recieving addresses that I did a fair number of transactions on:
http://blockexplorer.com/address/15qEeifQfkkgThE81PzaZsEkA79dvaMMXE

I traced the last coins sent by hand through a few seemingly automated transfers, and the coins are now sitting here:
1CCYXczyjvPfRxcppV3Pzg8ppyYxQi49Lw
http://blockexplorer.com/address/1CCYXczyjvPfRxcppV3Pzg8ppyYxQi49Lw

mixed in with some other coins

we should pursue all avenues of investigation.
starting with finding the person who paid for the hosting of the site.

maybe we should put a bounty on his head
We can ask Bruce Wagner to setup a bitcoin wallet that we can all donate to.
the more money is in this wallet the more intensive poeple have for coming forward.
turn his friends against him using btc!

Hmmmm that isn't a bad idea ....set up a "Reward" if he is caught sort of thing ...that way people who are close to him can turn him in ...good thinking :)

I lost 0.5 bitcoins in this ordeal, but I'm willing to pledge 5 bitcoins into this reward pot.

PO Box appears to belong to a company agent which sets up shell companies for people wishing to remain anonymous.  There's a shitload of companies using both the PO Box and the street address as their point of contact.  It looks like Nevis law prohibits the disclosure of any information about the actual owners/managers/beneficiaries of those companies and they're very cheap to set up (complete with off-shore bank accounts in various safe havens).

ok
i have setup a wallet, which will remain offline on a usb key until the reward for "Tom Williams" is claimed

if you wish to donate to this bounty, post on the new thread 'Bounty for "Tom Williams"'s capture' and send your bitcoins to : 1CLgQM4RDPD7FPVhAXfEcvcCLtfFdFe4r

in the event that the Bounty is never claimed. we can discus how to use these funds to help bitcoin itself.

I find it great how MrTiggr of #bitcoin-police just did 10x the work and 10x the help that this jokester Matthew N. Wright has done.  All without arguing with people on the forum about his resume and trying to start/heavily market a questionable business.  Bravo!

I suggested getting 4 chan involved but people do need to realise that if anonymous or 4 chan starts poking around they'll make public whatever they find regardless of whether it's about their "target" or someone else entirely. 

More info?  What did he find?

Weird I thought you were banned ?

Get him!!

+1 thank you for doing this!

You're assuming that the technicians in question know about bitcoins and MyBitcoin and have authorization to act on their own without specific orders from Tom Williams. I suspect that neither is the case; he's probably talking about hosting company staff rather than anyone he actually employs himself, even if he's not outright lying.

August 02, 2011, 07:02:26 am
Tom Williams announces to the world that we was "in shock" for a few days  because his site was hacked

i believe that in between the date the site went down and this post was posted. he sold all the bitcoin! and that's why bitcoin was slowly going down all week

That was a troll and proved so by the fact that the account claiming to be the real owner PGP signed all his previous messages.  Haven't seen an official post since the event.

There's a new announcement on Mybitcoin itself.  There's a sticky thread about it at the top of the forum.