Bitcoin Forum

Open response to the e-mail below:

Dear anonymous John Smith,

Thank you for the interest you have shown in the coins I've been producing.

While it's disappointing that you're interested in attacking my service, I find it to be a highly novel application that Bitcoin can be used for anonymous extortion.  You and I are both aware that I can pay you, and can never identify you, nor can I ever know whether the next person to demand a fee from me is the same you.  For the technology's sake, I will be highly amused if one day in the future I hear in the news that a ship is being held ransom and the demand is in Bitcoins.  If it happens, you could call yourself a pioneer.

While you clearly have the genius to see this novel application for Bitcoin, I also think you may misunderstand my purpose in creating and offering physical Bitcoins for sale.

My purpose in promoting physical Bitcoins is to promote the concept of Bitcoin and other ways it can be used by the public, without needing a software program that's only useful for geeks and which puts them at risk for theft from hackers.  If you try to disrupt my physical Bitcoin sales with attacks, you will probably succeed.  I probably will not go to much effort to try and counter a serious effort to attack it.  I am not persuaded that paying the fee you have asked will serve to stop the attacks.

I should qualify how you might succeed.  You might succeed in shutting my site down or diverting people to a phishing site, but you won't succeed in stealing any of the value on physical Bitcoins, or my bitcoins which I keep on paper wallets virtually full time.  You will probably agree, offline private keys are immune to pretty much all online attacks.

Further, you should know there is a limit to how many coins I can produce right now - I really can't sustain a very large volume in sales, so it is very possible I may be "DDoSed" in the near future simply by the legitimate business interest that is probably an indirect result of your scam site.  Either way, I have clearly succeeded in evangelizing the idea of physical cryptocurrency (with all due respect to BitBills), and I hope the community takes the idea a step further and does a better job than me at some point.

I don't believe that these attacks are damaging my personal reputation.  I do believe, however, they damage the reputation of Bitcoin and make it unattractive to those not involved with technology.  That's unfortunate, but that's one of its features - anonymous really means anonymous.  I would prefer not to have another round of media coverage telling the world yet again another reason why using Bitcoin is risky.  But that's under your control.  Since you've clearly taken the time to understand how Bitcoin works, I assume and hope you would prefer that Bitcoin grow and succeed, than to attack its public perception.

I would be happy to send you two or three of my coins free of charge to any physical address you choose at my own expense, just for having taken an interest.  Perhaps you can find a way to attack the physical coins, I'll be interested to hear if you manage to succeed.  Give me the address of a trusted stranger or acquaintance who will safely forward them to you with the same "txt" method you have used below, and I will oblige.

Respectfully,

Mike Caldwell


Headers:

Such a shame. What a loser.

Just change the website name to something else and grab all the variations. Not enough people really know about them yet, do they?

Yeah, I never liked the name Casascius anyway. It's too much of a tongue twister.

This.  I would continue to sell your existing coins but if/when you decide to go for round 2 come up with a completely different name and this time spend the $80 or so to bulk register alternate versions.

Call me vindictive, but if I got an extortion letter it would inspire me to go on the offensive. Instead of sending him 300BTC, I would pay 600BTC to a very bad man willing to get vengeance for me.
Getting even is one area that I split from logical cost/benefit analysis.   8)

They would have fun trying to ddos google appspot fwiw.

If youre manufacturing the coins and they are sold on numerous websites wtf can they do about it ?

Mike - I liked your response to him. Well-written and pretty clever =)

ROFL WTF, do all these stalkers get their material from the same fill-in-the-blanks template or something?

What I don't get... I've posted significant bounties for development things I'd like to see happen in Bitcoin.

Someone with lots of skills and no idea what to do with them ought to consider implementing some features I think will help bitcoin, like sweepprivkey (as described in Wiki).

Well someone is hitting at the right time.  Look Mike, you are on CNET!

http://news.cnet.com/8301-17938_105-20125470-1/are-physical-bitcoins-legal/

Edit: Yesterdays news it seems, just caught it in my news feed though.  You should contact CNET and let them know of your issues regarding this.  See if they want to spin a story on Bitcoin and anonymous attackers.

Sounds like it's time to do an ICANN domain dispute (http://www.icann.org/en/udrp/udrp-policy-24oct99.htm) or an ACPA expedited domain name dispute (http://en.wikipedia.org/wiki/Anticybersquatting_Consumer_Protection_Act#Overview_of_the_ACPA), they were hosting your copyrighted material, committing fraud, and now extortion.

In determining whether the domain name registrant has a bad faith intent to profit a court may consider many factors including nine that are outlined in the statute:

-whether the domain name contains the registrant’s legal or common name;
-the registrant’s prior use of the domain name in connection with the bona fide offering of goods or services;
-the registrant’s bona fide noncommercial or fair use of the mark in a site accessible by the domain name;
-the registrant’s intent to divert customers from the mark owner’s online location that could harm the goodwill represented by the mark, for commercial gain or with the intent to tarnish or disparage the mark;
-the registrant’s offer to transfer, sell, or otherwise assign the domain name to the mark owner or a third party for financial gain, without having used the mark in a legitimate site;
-the registrant’s providing misleading false contact information when applying for registration of the domain name;
-the registrant’s registration or acquisition of multiple domain names that are identical or confusingly similar to marks of others; and
the extent to which the mark in the domain is distinctive or famous.[11]

The scammers have now met every requirement. Plus you get to find out their registration info so fellow Russian bitcoiners can go kick them in the nuts.

For reference, this phishing issue first documented here (https://bitcointalk.org/index.php?topic=49826)


Do it!


Do it!

casascius, there is definitely some interesting options here.  That CNET idea sounds better the more I think about it.  As you could easily contact a few news sources regarding this.  All the news reports of the big hacking incidents with Bitcoin after the fact, Gox, Mybitcoin, whatever.   This time the news can possibly take care of some of the investigating.   Might expose some flaws in Bitcoin we aren't seeing without that outside perspective being more hands on with what is going on, as they always do seem to report well after things are done, and usually misreported.

  +1 +1. But I kinda liked RodeoX's idea as well. ;p

It's a bluff. That guy is not able to do anything. Ignore.
.

Revenge does not strike me as illogical from a cost/benefit analysis given that the same scam could happen again and again and end up costing a lot.  But it is something of a slippery slope which could easily land a person in one (or more) of several pools of hot liquid.  Probably best avoided unless one is quite savvy with such things.

A friend of mine who knew a lot about big cats once explained what to me was a mystery about why leopard would risk life and limb to 'get even' with a park ranger who poked him with a stick.  He says that with overlapping ranges, competing animals (hyenas, leopards, etc) will run across the same individual numerous times.  So there is a distinct net benefit to having it be known that a specific individual is not to be fucked with.  I could see such a thing happening in the Bitcoin Serengeti at these early times.

Phishing site shows up hosted at a Russian hosting company, someone starts demanding extortion fees, and all the sudden BitcoinExpress shows up. I may have been born in the day but it wasn't yesterday.

 :-X

I'm a bit inclined to agree.  If they had something real up their sleeve and wanted to give you an incentive to pay then they should have given you a demonstration of their ability to attack you directly.  Instead they set up a fake website to scam people - something which requires very little technical ability.

Good luck casascius!

This John Smith character is a loser.

Chrome knows it's a phishing site and conveniently redirects to https://www.casascius.com/

I like the idea of changing the name, regardless of the ransom. ;)

Also, basically, Casascius doesn't have to sell coins through its own website, and maybe shouldn't even do it (e.g. http://www.memorydealers.com/one-physical-bitcoin.html)

I'll be honest i just got interested in the physical bitcoins AFTER reading about this scam site(yeah i knew about them earlier but i was all meeh)..and now i actually want a few...btw casascius you got pm :)

I have contacted the internet.bs registrar (where the .net is registered), who said they will forward this information to their abuse department. It is possible that they will pull the domain ownership themselves instead of needing to get an ICANN dispute done, as the use of the domain has materially violated their own terms and agreements:

a. Revocation by us. We reserve the right to immediately suspend, cancel, transfer, modify, or terminate your Registration for any reason, including, without limitation, (i) your material breach of this Agreement; (ii) your use of any services, including, without limitation, the Domain registered to you, that is in contradiction of applicable laws or customarily acceptable usage policies of the Internet, including, without limitation, sending unsolicited commercial advertisements (including, without limitation, spamming) or sending threats, harassments, and obscenities; (iii) your use of your Domain in connection with unlawful or unethical activity; (iv) our receipt of an order from a court of competent jurisdiction or an arbitration award; or (iv) any other grounds for suspension, cancellation, transfer, modification, or termination that is determined by our sole discretion. You understand and agree that you will not receive any refund whatsoever for any such suspension, cancellation, transfer, modification, or termination of your Registration for any reason.

  Well how bout dem biscuits.  It will be nice to see if they follow through accordingly then.

They didn't care much when that NY lawyer sent them a C&D because of my domain calling him a scammer, but this case is on a different level, so maybe they'll act on it.

Digging on my mail found their response to him, in a message they sent as BCC to me

Hope they take the domain down for you, Mike.

How do we know the guy who wrote the note is the guy who owns the site?

  Unless the goal is to actually track down 'the guy' then it really doesn't matter, does it?

  My troll senses are tingling though and wonder if you are trying to suggest 'the guy' or the site, one or the other, or both could be 'shills' of the real Casascius?

  Its probably just the coffee...... 

http://en.wikipedia.org/wiki/ICANN


Oh really?  ICANN says otherwise.

link to this please

  Thats Wiki...
They enforce the RAA. Not sure what the complaint was you sent them, but it must have been too soft.  Read the RAA.

not at all. I'm a Casascius fan. Just pointing out that anyone could have sent that e-mail.

  No worries, m8. Good to know my assumptions were wrong. Yea, that was one of the caveats pointed out to giving in to extortion, in that one would have no way to verify if the extortioner is who they claim to be.

The sender did put his bitcoin address in the DNS record of the casascius.net domain as evidence that he controlled the domain.

It's not THAT clever... Some day the market cap will be so high, and laundering so effortless, that scum like this will even use Bitcoin when kidnapping human beings. I'm sure I'm not the first one to realize this.

I realize Bitcoin has the potential to bring much more good to the world, but early on this was hard for me to accept.

The anonymity aspect of bitcoin isn't so important. The best part of bitcoin is the fact that we can outsource the bankers and replace them with machines in foreign countries.

Although largely pointless, you could message webmail.co.za and inform them of the user account in breach of their terms of service - engaging in extortion would probably count in most jurisdictions as illegal.

I speak Russian. I think the OP could've summarized his reply to the scammer in just three words

Ёб твoю мaть

and left it at that, instead of writing up such a big email. Doubt the Russian could understand half of it anyway.

You have definitely profited from this.  Just ordered up a 25btc I wouldn't have known about without this thread.  Change the name though, because I have no idea how to pronounce this.

+1

I thought I knew how to pronounce this - until I saw the video with Plato and Casascius at the gas station, where Plato pronounced it:
kasaysh-ee-us   - ie the first a is as in 'cat' and the second a is as in 'baby'

As casascius didn't comment when Plato pronounced it that way.. I guess that's the correct way :(

I would have pronounced it 'kasask-ee-us'   - where both 'a's are pronounced as in 'cat'.

It's "ca-SAY-shuss"... rhymes with "so spacious"... and it is a name I made up.

It may suck, but I am selling more coins faster than I can produce them, so I'm not terribly worried.

I like it if it's pronounced my way :/

Let's just call them Cash-Ass coins as a nod to buttcoin ;)

Well DiarrheaCoin would certainly imply a fast, slick service.

You guys have been reading the fetlife thread on SomethingAwful, haven't you?

Physicoin!

Physicoin!  :D

PhysiPhysi!

I hope whoever is suggesting new names aren't the same that said it needs a new name, cause your suggestions suck, really...

is there a nickname for a unit of 25btc?

Suggestions:
1BTC:

• Bitbuck
• Brass
• Crypt

25BTC:

• Plate (reference to their goldplatedness)
• Halfblock
• Quartz

I myself like Crypt and Plate.

BTC -- I'd just go with "coin" :P
For larger amounts -- 50 BTC = a block.

For 1 BTC, I was looking for something similar to "a buck". But I guess that may evolve by itself over time.
50 BTC being a block, I agree with. We don't have any physical 50 BTC coins though :P

These names for bigger chunks of bitcoin makes me think we're expecting prices to keep going down instead of up...

Well, I was just suggesting names for the Casascius coins, which already exist, and 50 BTC being a block is obvious.

More suggestions then:
0.01 BTC

• Ferm (screw "cent". Fermium is the 100th element in the periodic table)
• Boil (100°C is the boiling point of water)
• Bang (more bang for your buck)

0.001 BTC

• m (just "m". As in, I've got three em in my pocket.)
• Bip (no reason)
• Leap (The year 1000 was a leap year. Also, cryptocurrency is a great leap forward in monetary exchange.)

25BTC - A GoldBit?

That sounds like it's keyed to gold…

25 BTC should be a "Jesus."  As in, "Jesus, that's a lot of money."  Also, it was his birthday.

I am strongly against using religious names for bitcoin. Unless we call 50 BTC a "Darwin", since it's obviously worth more ::)

Or we could just call a ScamCoin a "god".

LOL.  I am not religious in the least - just a comedian.

As long as it is qualified with a set point in time, I suppose it is.

I think that Bitcoin might be as good an opportunity as any to get people using scientific notation.  That could be shortened to something like:

    ' 20 neg-threes'   (e.g., 20E-03, 20x10^-3)

half a pound?