|
Title: MITM attacks and how to avoid them Post by: juilla on June 10, 2011, 07:17:59 PM [Mods if this is in the wrong place please move it appropriately, if it is in the right place please delete this text ^^]
There has been an increase in Man In The Middle attacks (herein known as MITM) which are sorely affecting multiple users - both the buyer, seller and also new comers to #Bitcoin-OTC. The attacks seem to go as such: Buyer = buyer of btc, Seller = seller of btc Fakebuyer = scammer buying and Fakeseller = scammer selling SCAMMER creates two IRC accounts on #bitcoin-otc Fakebuyer and Fakeseller both belong to SCAMMER 1--Fakebuyer arrives on IRC looking to buy coins at a great, above the market rate. Seller falls in to the trap. 2--Fakeseller arrives, looking to sell at a great below market rate. Buyer will likely fall in to the trap. 3--Fakeseller comes to a deal with Buyer; Fakebuyer comes to a deal with Seller . 4--Seller will give Fakebuyer the Paypal address to send payment to. Fakeseller will give this PP address to Buyer, who sends payment to that PP address 5--Seller receives the money believing it is from Fakebuyer. So releases the bitcoins to Fakebuyer. 6--SCAMMER logs both Fakeseller and Fakebuyer from IRC. His work is done and he has effectively stolen and laundered money in to bitcoin. ....later... 7--Buyer realises he has been scammed and issues a charge back on Seller, thinking it is Fakeseller. 8--Seller sees this and thinks that Buyer is a scammer. 9--End of story, Buyer and Seller think each other are scammers when in fact the scammer hit them both, they should then go to the #bitcoin-court to resolve the issue infront of the tribunal. Both events 1,2 occur concurrently. So the thing to look out for is someone is buying at a great rate while another is selling at a great rate. Both users will likely be unrated although there may be hijacked usernames. Use ;;getrating and ;;ident to check. Remember - if the price is too good, it is probably a scam. If they are a seller and selling below BTC Exchange rates then chances are it is a scam. If the trade doesn't feel right, use an escrow service such as clear coin or ask a trusted member of -otc to act as escrow. Or do not trade with the person at all. There are other buyers and sellers and exchanges such as MtGox, BCM, Britcoin ... Here are some logs of real scams: A Fakebuyer -- http://pastebin.com/JTnDZxdZ If you have any more logs or think I should add anything to this post let me know. a) As LobsterMan said, ;;ident and ;;getrating are not necessarily good indicators. Checking the ;;trust rating (I have no idea what this is btw) and getting an email from the Paypal address you are buying from / selling to may also help. b) Be wary if you're being stalled for no reason by the buyer or seller c) Never EVER send Bitcoin first. It is a one way payment and can not be charged back. It is best to receive payment first or simply not to use Paypal at all. Bitraider, RaidinYoBits since 2011 Donate: 1H8dJCwrvKQN2eBztuR9L26sssEE8YeqZr Title: Re: MITM attacks and how to avoid them Post by: LobsterMan on June 10, 2011, 07:25:59 PM This has been popping up a lot lately in #bitcoin-otc and #bitcoin-court, I would suggest that this topic be stickied so that we may prevent others from falling victim to this deviously clever scam :(
Also check the ratings thoroughly. Just because someone is rated high and ident'd does not mean they are legit, there have been speculations about people pumping up their own ratings with multiple accounts Title: Re: MITM attacks and how to avoid them Post by: xf2_org on June 11, 2011, 12:09:15 AM Also check the ratings thoroughly. Just because someone is rated high and ident'd does not mean they are legit, there have been speculations about people pumping up their own ratings with multiple accounts That is what Code: ;;gettrust USERNAME is there for. A simple rating does not tell you whether or not that person is connected to your trust network. Title: Re: MITM attacks and how to avoid them Post by: Tyran on June 11, 2011, 12:41:13 AM The scam itself may be clever but it still relies on 2 people doing trades with untrusted members or failing to use ;;ident properly, so it's easily avoided.
If people fall for this the scammer could have achieved the same result by just buying bitcoins with paypal and doing the chargeback himself. Title: Re: MITM attacks and how to avoid them Post by: juilla on June 11, 2011, 09:12:57 AM The scam itself may be clever but it still relies on 2 people doing trades with untrusted members or failing to use ;;ident properly, so it's easily avoided. but in this case the scammer would have to handle the money and is traceable to his paypal. I'd assume the reason MITM is done is to be practically untraceable, especially as BTC is anonymous If people fall for this the scammer could have achieved the same result by just buying bitcoins with paypal and doing the chargeback himself. Title: Re: MITM attacks and how to avoid them Post by: LobsterMan on June 11, 2011, 04:07:40 PM The scam itself may be clever but it still relies on 2 people doing trades with untrusted members or failing to use ;;ident properly, so it's easily avoided. but in this case the scammer would have to handle the money and is traceable to his paypal. I'd assume the reason MITM is done is to be practically untraceable, especially as BTC is anonymous If people fall for this the scammer could have achieved the same result by just buying bitcoins with paypal and doing the chargeback himself. Yeah....the way this works out the scammer can conduct his scam without even having any capital of his own |