Thus, with a strong salt making anything but huge rainbow tables ineffective, while some users might have relatively weak passwords that could be solved in reasonable amounts of time, the attackers wouldn't know which they are and would have to attack the entire DB looking for them. How long would it take with a reasonable GPU farm (say 4 5970s) a 6 character case sensitive Latin alphabet password? It depends on the work-level but lets assume a work level of 10. That means a single core of server can verify a password in ~ 3 ms or 300 p/s. A 5970 would be ~30x as fast (optimistic) so your might be getting ~ 9kp/s or 36kp/s for 4x5970 rig. If your password can't be found in a dictionary or easy password list to brute force all 6 char passwords would require alphabet only (53 values) 53^6 /36000 / 60 /60 /24 = 7 days alphanumeric (63 values) 63^6 36000 / 60 /60 /24 = 20 days printable symbols on keyboard (95 values) 95^6 /36000 / 60 /60 /24 = 236 days If the salt is random per account that means each account must be cracked separately. Of course the attacker could use multiple GPUs so a good way to think of it is in time value. A single 5970 can generate ~0.5 BTC per day. So cracking a 10 BTC account is worth ~ 20 GPU days. Cracking a 1000 BTC account is worth ~200 GPU days. Adding 1 more character significantly increases the time value cost. A 7 char (all printable keys) password is ~ 90,000 GPU days (5970s). The time value is worth 45,000 BTC meaning if someone had sufficient GPU they could make 45,000 BTC simply mining instead of hacking your account. Given the attacker has no idea if he will ever crack it (maybe your password is a purely random 14 character string "pOQs9jb!su3gp@") it doesn't really make sense to even try. 6 is likely "good enough" if your password is complex but 7 or 8 makes it so expensive the thief isn't going to even try. In the time it takes to brute force a single 8 char password he could brute force 86,000 other accounts trying all passwords length 1 to 5. Thanks for the information. Bitcoinica uses a work level of 20 and forces at least 8 character passwords. |
|
|
|
Err, pull the plug for the whole dedicated server is that hard?
If I'm not mistaken, it was hosted on RS Cloud Servers (similar to AWS), and I assume that shutting it down would destroy valuable evidence that could remain in memory. They pulled the plug (suspend the servers), but the hacker was still in session. Thus the hacker is able to re-create cloud servers using our backup images. Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response. |
|
|
|
The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.
Almost. Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents. And he ought only have hashes of passwords. Link me to more detail on the "EXPECT MASS LEAK" message? This is an address some of the stolen money was sent to Notice the transaction amounts: 1.01100101 BTC 2.01111 BTC 3.0111 BTC 4.01100101 BTC 5.01100011 BTC 6.011101 BTC 7.001 BTC 8.01101101 BTC 9.01100001 BTC 10.01110011 BTC 11.01110011 BTC 12.001 BTC 13.011011 BTC 14.01100101 BTC 15.01100001 BTC 16.01101011 BTC 17.001 BTC 18.01110011 BTC 19.01101111 BTC 20.01101111 BTC 21.0110111 BTC The part after the decimal point is ascii binary, and it converts to: expect mass leak soon Also, the address starts with 1 EMLExpect Mass Leak Converter: http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp(for amounts that don't have 8 decimal places you need to add in more 0's, the 116BTC transaction is irrelevant I think) Great find Blazr! I wonder if the attackers are planning to leak the database in the open? Transaction information, etc. Another point that I don't know if people thought about is, what happens with those generated MtGox codes on the database that haven't been redeemed by the users yet? Could the attacker cash them out at will (and probably already did) to hundreds of MtGox accounts, or even instantly exchange them to LR or other currencies using services like the one we offer? What is interesting is, Friday RIGHT before Bitcoinica went down we were trying to withdraw several thousands using MtGox (this is common practice for us since as funding partners, we usually get more Bitcoinica than what we sell, and eventually we need to turn it back into fiat). What is interested is that I was hitting the "MtGox limit temporarily reached" a lot of the times, even with small test amounts such as $100. I wonder if at that point, the attacker indeed emptied the bitcoinica MtGox account from funds. I mean, think about it: with full access to the server, what would have prevented the hacker from issuing a whole bunch of MtGox redeemable codes and completely empty their account? No, I was online for the entire duration of the hacking. I revoked the keys immediately. The withdrawal limit had already been reached due to normal withdrawals. The terrible thing is, Rackspace refused to log the hacker out. They don't know how to do it. |
|
|
|
Almost.
Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents.
Then everybody who's email account password was the same as their Bitcoinica password better change their password pretty damn quick. We use BCrypt with a pretty high difficulty number. So it will take a long time for the hacker to crack the passwords, possibly months for a moderately complex password. |
|
|
|
Brilliant idea, now the hacker can get at all of Bitcoinica's funds.
The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.
No, we require email confirmations. |
|
|
|
How can we be sure this page is legit? No official post here, and not even a link to it on www.bitcoinica.com. I don't feel good giving this information to anyone who might be able to divert a DNS record. -coinft If they could divert a DNS record .... wouldn't that mean they could also spoof the www.bitcoinica.com page only?  They didn't divert a DNS record. The hacker manipulated our load balancer (which acts like a reverse proxy) to some site that I'm not supposed to access. What? Is this site safe to submit a claim or not? Because after your post in the apology thread I already did. @DnT: www points to a blogspot google IP. -coinft. This is safe now because we no longer point to the load balancer. The domain is being controlled by a single reliable team member. Just make sure that it's https. (There's no way to get a SSL certificate without proving the domain ownership. Please do not trust any SSL certificate for bitcoinica.com issued before May 10, 2012.) |
|
|
|
How can we be sure this page is legit? No official post here, and not even a link to it on www.bitcoinica.com. I don't feel good giving this information to anyone who might be able to divert a DNS record. -coinft If they could divert a DNS record .... wouldn't that mean they could also spoof the www.bitcoinica.com page only? They didn't divert a DNS record. The hacker manipulated our load balancer (which acts like a reverse proxy) to some site that I'm not supposed to access. |
|
|
|
We have already assured you the full compensation.
So that means no forced liquidations. The team has not confirmed the settlement price yet. But you can expect these arguments: - I have unrealized profits and I should have them! - I have unrealized loss and I should wait until I recover! We have open interest of 100,000 BTC so the conflict of interest is huge. I will leave this for the team to decide but my general suggestion is to use the highest price as the settlement price for longs and lowest price as the settlement price for shorts. You can continue to hedge your position elsewhere (and get some one-time settlement free money from Bitcoinica). It'll be fair for Bitcoinica and the user. |
|
|
|
- If I have spent enough time on the re-implementation of the bitcoin client, this thing could be prevented.
This is the second time you've suggested that the Bitcoin reference code is responsible for your robbery. I inquired about this claim before and I don't believe I got a reply: https://bitcointalk.org/index.php?topic=81045.msg899922#msg899922 Luke-jr also expressed skepticism: https://bitcointalk.org/index.php?topic=81045.msg899911#msg899911 I fail to see how any system which has private keys for online realtime 'hot wallet' usage could be defended against an attacker which has root access to the selfsame systems. Even if you used a multisignature wallet and machines inside separate security domains an attacker with that level of access could simply impersonate the web application's legitimate withdraws. That said— if there is some flaw or omission in the reference client which could make high value installations more secure all the developers would love to hear about it. What I am reasonably confident of is that while you're quite possibly smarter and have more time on your hands than any one of the people developing the publicly available reference software, you're not smarter than all of them combined. ... And a bug that sends 18kBTC into a black hole (as MTGOX's custom code did with a few thousand BTC) is no better than having code stolen. There are significant advantages in working with a larger user base to test out and harden code before putting it on mission critical systems, and those advantages almost certainly outweigh the many troubles and limitations in the reference client. Moreover, many aspects of Bitcoin security require that you be a part of the majority clique— even if the majority is "wrong"—, if you can be moved onto a minority chain you can be robbed. Because the significant super-majority of the network (users and miners) are using the reference client, its critical that any client be bug for bug compatible with the block rejection rules in the reference client or be at increased risk. So it very much is in your own interest to invest resources in improving the publicly available software than reinventing the wheel. Thanks for the idea. This is what I wanted to do: - Drop the Bitcoin official client and re-implement one. - Store private keys in the database, AES encrypted with a master key (that is associated with the user). - Store master key in the database, AES encrypted with another hash of the user password (such as the SHA512 hash in place of the BCrypt hash). This will be effectively a segregated account for the user. Of course we need to solve some problems (like forget password and forced settlements) but this is the general idea. I'm a web developer so I feel much more comfortable securing the database rather than the wallet.dat. I never trust direct filesystem operations. |
|
|
|
I have violated my promise (of "not to post anything [about Bitcoinica]") yesterday, by posting this in the emergency announcement thread: Thanks in advance to all the wonderful people of this forum, and at the risk of biting the hand that once sort of fed me, Bitcoinica, wtf dudes? at least put up a place holderpage at bitcoinica.com to explain your position, very unprofessional, is this show still being run by a 17 year old? Cause I remember 17, I wasn't a financial wizard, I was in the back of a night club dry humping some girl I barley know.
Nope. I wouldn't handle things like this. Undoubtedly, I felt upset about some confusing commenters. I objectively disagreed with Intersango guys' ways of doing things and I think if Bitcoinica is still under my control, some of our customers' immediate issues can be addressed in a more timely manner. However, I want to express my sincere apology to the General Partners of Bitcoinica LP, because I should not have criticized them when I should bear part of the responsibility by not doing my best in securing the system. The direct cause of the issue is not important, we shouldn't argue about "if someone didn't do X this thing wouldn't have happened", instead, we should say more about "if I did X this thing could be prevented". In this case, I can express these statements: - If I have firewalled the wallet server properly (like web production servers), this thing could be prevented. - If I have spent enough time on the re-implementation of the bitcoin client, this thing could be prevented. - If I have set up strict access policies, and proactively communicate with Rackspace to disable certain insecure features, this thing could be prevented. Respect for teammates is extremely crucial to achieve productivity. Everyone's reputation has been damaged badly in this event, and we shouldn't criticize each other due to the differences in the way we work. Even though I have announced that I would leave the Bitcoin economy a few days ago, I'm still actively monitoring our customers' feelings and communicating with the General Partners about the progress. I am also extremely grateful for the Limited Partner (an investment group) of Bitcoinica LP for exceeding their legal obligation to bear the full cost of both recent attacks. Without their active support, Bitcoinica couldn't have survived until today to serve our customers well. In the end, I would like to request everyone who cares about the community to be objective about this matter. I am no longer legally associated with Bitcoinica and I had no control over the attacked system. However, other team members are working in their greatest ability to deliver a fair solution to everyone. I have the advantage in understanding our customers (because I'm more familiar everyone using Bitcoinica) so I keep contributing some ideas as well. Please appreciate their hard work and understand the difficulties in resolving a serious security attack. We have already assured you the full compensation. Thank you everyone for showing your support, understanding and patience. PS. You can claim your Bitcoinica account at https://claims.bitcoinica.com/ now. |
|
|
|
Thanks in advance to all the wonderful people of this forum, and at the risk of biting the hand that once sort of fed me, Bitcoinica, wtf dudes? at least put up a place holderpage at bitcoinica.com to explain your position, very unprofessional, is this show still being run by a 17 year old? Cause I remember 17, I wasn't a financial wizard, I was in the back of a night club dry humping some girl I barley know.
Nope. I wouldn't handle things like this. |
|
|
|
Nice   Can the current owner(s) of bitcoinica comment on these transactions that took place today? I'm not an owner, but I know what happened. We have a fallback node called fallback.nodes.bitcoinica.com. It's still running in Linode. That was initially set up to provide external connections for our secure vault server (which can only access trusted nodes). Since the network conditions are great, the node has always maintained hundreds of connections and it's very likely to be the first one to relay new transactions. |
|
|
|
I think everyone should keep in mind that the real person/group to be angry with is the hackers, not Bitcoinica.
Anyone who is smart enough to figure out how to steal 18K BTC from Bitcoinica is more than smart enough to do honest work. I hope Zhou goes on to have a long successful career while the hackers and other thieves burn in hell.
Direct your anger towards the hackers!
My anger is directed at the incompetent staff of Bitcoinica, ESPECIALLY their new hires/owners (or w/e the fuck is going on!) My anger is directed at those, who through their incompetence, will make me lose money on my position You thieves should be returning everyone's money AT THEIR BASE PRICE and eatin shit yourselves, Bitcoinica. You're making your customers eat shit for your negligence and incompetence. Can you say "criminal" or are we too busy congratulating the bitcoinica team members on such a job well done Sorry, ZT, I don't wish you well until you PAY BACK ALL THE FUCKING MONEY YOU'RE STEALING. Returning my current account balance is BULLSHIT since you're keeping the unrealized P/L. That's actually criminal in most jurisdictions, and I will be pursuing it in mine since bitcoinica has served Americans. We are returning all balances AND your unrealized P/L. And we are glad to settle at a negative-spread price, i.e. if you have a profitable position, your get even more; if you have a losing position, you lose less. I have emphasized this more than once. If you are too impatient to read the posts carefully please don't be so angry. |
|
|
|
Thanks for the update. - Later we found out that Patrick's email server was compromised, and since he is in our mailing list, all emails sent to info@bitcoinica.com were delivered to his compromised email account. I normally don't go in for mud slinging, but Patrick has history. This is "Patrick the self-proclaimed security expert"? This is "Patrick who released all the emails of Intersango's customer base"? - How hard is it to secure an email server? Jeez, the days of ten sendmail hacks a month are long behind us.
- Again: emails are postcards; can all you supposed security experts stop treating them as if they are secure point-to-point communications? Why wasn't gpg used for these reset emails?
- What raving lunatic has a password reset system going to a mailing list?
- A "security expert" with a compromised email server doesn't sound good to me. In all the time he was penetration testing all the other exchanges, he couldn't have done a bit to secure his own servers?
- How long has this server been compromised? Is it the Intersango email server? Have all Intersango communications been compromised too?
- Is this more than just an email server? What other services were running on this compromised machine?
- We are now working on a settlement plan. Patrick is in charge of the claim page.
You'll forgive me if, given the current situation, that that doesn't inspire me with confidence. So much so, that I think we should all start asking for considerably more detail about how Intersango is organised internally? How much is in the hot wallet there? How is that hot wallet secured? Is Intersango VPS hosted as well? Is it Rackspace too? We don't have control over the password reset emails. They are sent by Rackspace. Basically, if you have access to one's email, you have access to all his Rackspace servers and Cloud Files. We use a mailing list for info@bitcoinica.com for an obvious reason, everyone of us wants to know any email sent to this address. We are registering every single web service with this email address. It's like an automatic mail forwarder that forwards to multiple recipients. It's hosted by Google Apps for Business and Patrick is the only external recipient. |
|
|
|
Update: How the hacker hacked BitcoinicaI don't think this should be a secret, so I would just share my version of the story. - I received several emails regarding password reset and finding out the username for our Rackspace account. - I initially thought it was Patrick, because he did a password reset a few days ago, but I became suspicious when I realized that someone forgets the username of the account! (So it must not be Bitcoinica team member.) - I immediately set the password back, and log in to the account. I SSH'd into the Bitcoin wallet server and found that everything is gone. - This thread was posted and I tried to contact Rackspace the lock down the account. - They suspended all servers, so that the hacker couldn't log in. However, despite two password changes and server suspension, the hacker is still in the session. I asked Rackspace to terminate his session but it seems that they don't know how to do it. - The hacker recreated the server using our database backup, and possibly got the database successfully. - Later we found out that Patrick's email server was compromised, and since he is in our mailing list, all emails sent to info@bitcoinica.com were delivered to his compromised email account. - We are now working on a settlement plan. Patrick is in charge of the claim page. If anything of the following happened this would be prevented: - Patrick's email was not added to the mailing list, and he used Bitcoinica email instead. - Rackspace should just terminate the sessions then at least the database would be safe. - We should not use the official Bitcoin client because it's very hard to secure it without large investments and affecting instant withdrawals in large amounts. I hope this insight can help some of you understand our situation right now.
|
|
|
|
In November, an investor approached me to acquire Bitcoinica. Due to regulatory concerns, I agreed to the deal and signed the agreement. Bitcoinica was sold for a good price. However, since the investor is unable to arrange for a replacement team, I continued to become the sole operator until Team Intersango took over two weeks ago. The investor let me keep all profits until late January, the official handover time. After handover, he continued to offer generous salary and performance bonus every month.
Did you not retain any share in bitcoinica? It would have been a useful way of keeping an interest in the company while enabling you to detatch from anything related to the daily running of it. I could choose to but I didn't. There is regulatory risk and I want to avoid it as much as possible. |
|
|
|
|
Two BTWs:
1. Besides the 1,000 BTC coin, I'm also keeping 130 shares of GIGAMINING and 160 shares of BITBOND on GLBSE to support Bitcoin mining. I'm not planning to cash out any time soon.
2. I'm still waiting for my Bitcoin magazine.
|
|
|
|
Don't be a fool. It's not all or nothing in life. The older you get the more you realize that. Don't throw all away. You can stick to Bitcoin and do whatever you want at the same time.
I'm a student at the moment and I can't do many things concurrently. (I hated working with a few American kids that came up with one project every week.) I may go back to Bitcoin when it's accepted by mainstream users. I know this sounds harsh, as I'm supposed to be someone building the community instead of "enjoying the results". Again, I realized the importance of passion. It's like eating fruits, Apple tastes nice but sometimes I'm just passionate about strawberries. |
|
|
|
Ok, I will tell you how it will be During next 20 years you will be building Facebooks 2, Instagrams 3, Friendfinders 4 etc... All these projects will fail miserably... One day you will sit down and tell to yourself - "Oh my God, how stupid I was when I was 19 years old... I had everything - money, name, new technology and I blew it off for some stupid startups that next year nobody remembers of..." I think passion is the most important thing. I was very passionate about Bitcoin trading and that's why I achieved whatever I wanted. To be honest, I believe that I was making easy money. Bitcoin economy is really a gold mine. But I find it not very challenging and exciting. If I'm in my 30s, I wouldn't choose to leave. But I'm young. I want to experience something else that I'm passionate about, and possibly do something good for the world. |
|
|
|
And what about the book you we're going to write on bitcoin ?
Make sure you settle all things before leaving Zhou or else people will not remember pleasantly about you, if you know what i mean.
Sure. I will work together with the rest of Bitcoinica team and make sure everyone is satisfied. This post is just my honest thought from my heart, not something meant to deny responsibility. |
|
|
|
|
Show Posts
