Bitcoin Forum

With this strange activity going on with MTgox and now ABCPool has gone down I have to wonder if we are dealing with a co-ordinated attack on the community. This could also be behind the big dump in price. It would seem someone has a beef with bitcoins and my bet is on either someone who lost a lot of money or the government.

This with the "MITM attacks" from you...makes you sound like a terrible conspiracy theorist.

The orders showed as being executed then were later removed from charting sites. If you look at charts people posted during the swings it was different. How many other pools are down right now?

probably would be a good idea to stop the trading bots

So you think...someone got into MtGox and is pushing fake data out it's API and other sources to multiple exchanges and charting websites to cause massive swings in the markets ?

Pool ops deal with botnets all the time, they aren't being attacked.  Why does one 400 GH pool being down have on an 9.1 TH network immediately signal some type of coordinated attack LOL ?

And your guess the attacker being "either someone who lost a lot of money or the government"...no comment.

honey badger arbitrage bot continues unconcerned.

Trades at Gox, TradeHill, and CampBx all happening as normal.

Charts not working? Honey badger bot dont give a fuck.

If you know what MITM stands for they didnt have to get into bitcoinica just in between them and their ISP. Then the packets could be dropped and replaced or spoofed. Someone could have spoofed the address and syntax from the API sending false information to the charting sites.

As for the pool I just thought it was interesting timing. That 500Ghash (what it has been lately) is a pretty good chunk of the global hash rate. I was wondering if other pools were not responding but it certainly would be one way to try and cause damage within the bitcoin community.

I see deepbit is still up so I guess I will be using them until ABC comes back online.

@Eveofwar
Heh, everyone has a panic threshold.

Not too long ago I was at work. Not having enough work to do I checked bitcoinwatch. It showed a ridiculously low number of blocks/hour, something like 2.1
This got me thinking: wtf, better check the forums. Needless to say, the forums were down.
When I realized that MtGox was also down a red light went off and I immediately sent an alarming message to Gavin himself, describing the situation :)
Heck, when you're not at home you can't just take your time and research the situation carefully.

Just between Bitcoinica and their ISP...this would allow for switching/rejecting of packets to/from Bitcoinica only...has no effect over MtGox's API that servers the rest of the charting sites.  Unless you're saying they also got in between Bitcoinica <-> MtGox and MtGox <-> Charting websites ?!  Highly unlikely to me.  Just trying to piece together your theory here...

500 Ghash of 9.1 Thash is only 5.5%, and that's rounded up.  Maybe our definitions of "pretty good chunk" aren't the same on this.

I'm still quite intrigued on how you think MITM plays out in all of this, because I just don't see it.

I mistyped. I meant between Gox and ISP. This would explain what was going on with the charts.

It must be hell to be alive today with no clue about how anything at all really works.

MtGox's HTTPS will prevent any MITM attack unless the attacker compromises a CA or something.

Just curious theymos, what is your take on what was going on with all the charts when it was cycling in a loop between 6 and 7? After about 25 minutes those cycles were erased and the market sat at 6 until orders that were placed during the swings on the charts were executed.  Anything is possible and I have never seen anything like what happened today.

OP exists and is here to spread FUD. That is all I have ever seen, and all I shall ever expect to see.
He is not the only one.

I wasn't watching it, but it just sounds like bots were behaving strangely and maybe some MtGox slowness made it worse. Everything seems to be more or less back to normal now, so I'm not concerned.

Anyone who has a viewpoint different than you is spreading FUD. Very weak.

Well, it could just be a flaw in the trading engine.


Source code should've been reviewed by 3rd part skilled devs.

Last time I remember MtGox employing a 3rd party...

They got read-only access to the user database and it got leaked out to the internet.  3rd parties are awesome !

So I just read the pool thread and ABCPool is being DDOS'd. Do you retract your comment about me spreading FUD yet  because this seems to fit within my theory.

You didn't know that before? When you mentioned "gone down" I assumed you knew it was being DDOSed. Unfortunately, DDOS seems to be a fact of life for pool operators these days. In case you weren't around a few months ago, the same thing was happening - except to Slush, Deepbit, BTC Guild, and others - all at the same time. It was so bad that Slush was forced to move to a different hosting provider - the existing one kicked him out because it was taking their network down.

It comes with the territory.

I do not retract my comment, because it still appears to be valid - starting threads with fiery titles and noisy proclamations of doom and gloom with no real reason or research - stinks of weasel to me.

Just coincidentally corroborated. Still FUD. Oh and DDOS < MITM. way.

I am aware that a 5 year old could pull off a DDOS and it is much simpler than a MITM. MITM is still not all that difficult and can be done with anyone using backtrack and googling how to do it.

If you notice the thread has a question mark and is a question, not a statement. I was asking and it was just weird that what I use to both mine and sell/buy bitcoin went down around the same time.

It's funny when people say all I do is spread FUD because the majority of my posts are about being bullish which would be counter productive.

Please explain how a 5 year old does a MITM on an https host.  I would love to hire that 5 year old for some network security work.

You have to use Google to find Backtrack and learn how to use it...hurry, you have 52 minutes before Wikipedia and Google resources are null.

I said a 5 year old could DDOS. There is a reason they call them script kiddies and thats because its so simple. A MITM is a little more difficult and i probably could have done it at 14. At that time I was hacking/hijacking corporate networks. I don't use my computer skills for such purposes anymore but its not as difficult as people make it out to be.

I didn't say that a 5 year old could DDOS so there was no need to answer his question. You made a very inappropriate and irrelevant comment. Do not post in my thread if you are going to be an idiot.

A DDOS can be done from a downloadable program. If you want someone to teach you to hack I won't be the one telling you directly. I probably already said too much by saying backtrack.

I am lol'ing so hard right now. Thanks for the laugh.

p.s. - http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Is bittenbob being irresponsible for spreading hacking tips on these forums and claiming to own the threads he starts?

See...it's just a question...and I didnt say you were a five year old.

 ;)

SSL is not the be all and end all. Handshakes can be captured and faked quite easily. Spoofing mac addresses is also very easy.

If all this was 100% there would never be any hacking.

I never said anyone was a five year old if thats what you were implying and you were a little more polite than the other posters. I haven't given any direct information on hacking with the exception of something that someone could google on their own. All I said is that a 5 year old could pull off a DDOS.

What does spoofing MAC addresses have to do with SSL and Handshakes ?

You know, I'd almost feel like you didn't know WTF you were talking about if the SOPA Blackout was in place and Wikipedia was not a tool for you.

LOL

I haven't googled anything and am going completely by memory. I rarely ever use wikipedia and especially not for technical matters. If you want to fake a handshake you will need to spoof IP and mac addresses. I am afraid it is you who doesn't know WTF you are talking about.

By the way Theymos, this thread is getting out of control and has nothing to do with the OP so feel free to lock it.

a year from now the last poster on this thread is gonna be bittenbob

y'all know that, right?

Please cite your source.

I think I'm OK with that.  But I hope he teaches me more about how to hack the whole internet before this winds down.

This isn't a hacking lesson folks and I will not teach you a damn thing. This thread was supposed to be asking if we were under attack as a community.

As a note here ABC is still under DDOS and no reprieve is in sight.

Then maybe you should start using Google. First off, just to get past the TCP handshake you need to be able to capture the response. As for the SSL handshake, you need the site's private key, otherwise all you'll get back is gibberish. And without knowing what that gibberish decrypts to, you can't send a response that will make any sense to the client. Since you are apparently good at cracking private keys, why don't you just start taking bitcoins?

Edit: I think my SSL is actually backward, and it's the client that sends their encryption key using the site's pubic key to encrypt it. But, that's just semantics.

http://www.metasploit.com/ takes care of most of that I thought.  Includes most of those already :D

This is all irrelevant to the OP once again. It would be possible to fake if someone got the cert from MTGox. They were hacked in the past and stolen certs is part of how the Stuxnet virus worked. I haven't hacked in a while and have no intention to do so any time soon. Stealing Bitcoins is a lot harder than MTIM for MTGox API and if someone could do it, it would have been done by now. I am not a thief either so even if I could I wouldn't out of morality.

It would be nice if MTGox put out a statement directly saying what happened when the API was cycling between 6 and 7 then disappeared. It would also put any speculation to rest.

I was worried while that was happening that the site was being hacked in some way and was shitting my pants about the relatively small amount of money and bitcoins i have on there. I still have them on there if that tells you something.

http://img10.imageshack.us/img10/5190/roflmfao.jpg

Can anyone say... Certificate Revocation Lists (CRLs)! Hardware-based token storage! Fingerprints! Dedicated SSL appliances!
This is fun, I can go on all day. ;D

I will tell you exactly what happened today.  Ready?


I gave a much longer answer to (more or less) this same question several months ago.  Feel free to dig it out of my post history.  And, just to repeat myself:

Those swings were not real since they did not show up on the chart after. There was something that happened and it wasnt that. If it was simply that they were old the lines from the back and forth would be there. They disappeared as soon as trading became active again.

Why would you bother Gavin?  He surely would find out himself anyway.  He's done so much, don't pester the poor man!

Yeah which is why I asked how one could easily MITM a https site.  I guess it was too subtle.

LOL!

CRL's would only work if they knew it had been hijacked. Kind of like how a 0day exploit will usually only work once since it will be found and patched after it has been used.