About the recent server compromise

[RoadStress]

Theymos please make the notice for changing the password more visible. Maybe bold it or put it in red. Right now I find it very easy to miss it.

[TheButterZone]

If anyone wants to change their IP address exposed in the hack, the method I just used was to edit the MAC ID that my modem sees, and rebooted everything. A new WAN IP was issued. Check https://whatismyip.com before and after this procedure.

Even if you have a dynamically-assigned IP, you will likely get the same one again, if all you do is reboot without changing your MAC ID.

[alani123]

What's the limit for passwords? I tried using an unreasonably large string as my password and didn't receive any error messages (despite the load time after I press the login button being huge). Were the last characters of the string cut off for it to fit a certain limit?

No, the last characters are not cut off, at least not at any "reasonable" password length.  My password here is over 60 characters, and it still cares about whether the last character is entered. 

I used a 2024 character string though. Not the most reasonable password length eh? I was pretty surprised to see that there wasn't any warning or error message and that's why I came here to ask if there's any limit.

[Cryddit]

Over the last four days attempts to log into the email address I use here have been up about 20% relative to the average 4-day period over the previous month. I do not use the same password I used here for anything else but for what it's worth I hope they burn every bit of comp time they've got trying to crack it.    

I've also gotten some very good spear-phishing recently, one of which took the "message from your ISP" thing to the next level by using the name/e-mail address of an actual real employee at my ISP, and another of which used an address that is held by a family member.  That's a lot more upsetting to me than the fake-login attempts.  

I have no idea whether the bump in activity has anything to do with the recent breach here.  But it's interesting.

Theymos: Good job.  I know exactly how hard it is keeping something up when the environment turns hostile, and these people saying this number of breaches is unacceptable - have no idea what it's like dealing with an "advanced, persistent, targeted threat."  The level of attacks and attempts something like this attracts is beyond what most ISP's are willing and able to deal with, and beyond a certain level of complexity all software leaks.   This forum having a public face means taking a lot of stuff head-on, and given that your up-time record is acually pretty awesome.

[redsn0w]

Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now .   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).


PS: however good luck with the search.

[erikalui]

Now I started receiving spam emails from maximeco******@gma and some vayne*****@gmail.com. Any way to report these emails or ban these users' accounts as they seem to be the hackers.

[hilariousandco]

Now I started receiving spam emails from maximeco******@gma and some vayne*****@gmail.com. Any way to report these emails or ban these users' accounts as they seem to be the hackers.

Of course they can be reported to your email provider but blocking out the emails doesn't do much good for the forum to be able to do anything about it not that they could anyway as they likely wont be linked to accounts here.

[Welsh]

Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now .   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).


PS: however good luck with the search.

You'd probably be suprised by how easy some people can trick others into giving them sensitive information. I've seen it done on a much smaller scale and all it took was a little bit of confidence. There's also been reports over the years of simple techniques used against big companies and much more sensitive data.

[MadGamer]

Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ? Probably not the IP range but well

[Slaine]

Well I couldn't get into my account and for a while it looked like the password recovery wasn't working.

Thankfully I don't reuse passwords, but it's always a good wake up call to just go through and refresh your passwords on anything vaguely important once in a while..

[erikalui]

Now I started receiving spam emails from maximeco******@gma and some vayne*****@gmail.com. Any way to report these emails or ban these users' accounts as they seem to be the hackers.

Of course they can be reported to your email provider but blocking out the emails doesn't do much good for the forum to be able to do anything about it not that they could anyway as they likely wont be linked to accounts here.

I have reported the emails to theymos and hope that he can track those accounts and take an action soon. I don't know how to report it to my email provider. I just clicked "Report Spam."

[redsn0w]

Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now .   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).


PS: however good luck with the search.

You'd probably be suprised by how easy some people can trick others into giving them sensitive information. I've seen it done on a much smaller scale and all it took was a little bit of confidence. There's also been reports over the years of simple techniques used against big companies and much more sensitive data.

Yes I am surprised and I know that a 100% security doesn't really exist but c'mon... we are talking about a big service provider and it should not be easy to trick them (in my honest opinion) but everything is possible. The real problem is always the people, you can build the security that you want but you are fuc**ed if an employee will reset the pwd .

[alani123]

Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ? Probably not the IP range but well

This depends on your ISP. Having your modem/router closed overnight usually does the job. If you didn't login during the short time that the forum was back up but then went offline again then I'm guessing that you most certainly should have a new IP address than the one last used to login.

[MadGamer]

Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now .   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).


PS: however good luck with the search.

You'd probably be suprised by how easy some people can trick others into giving them sensitive information. I've seen it done on a much smaller scale and all it took was a little bit of confidence. There's also been reports over the years of simple techniques used against big companies and much more sensitive data.

Yes I am surprised and I know that a 100% security doesn't really exist but c'mon... we are talking about a big service provider and it should not be easy to trick them (in my honest opinion) but everything is possible. The real problem is always the people, you can build the security that you want but you are fuc**ed if an employee will reset the pwd .

Well Seems like It dosen't matter how big the service provider is anymore .
I mean look how big Amazon and famous it is . and you can trick them in less them 60 seconds . "Oh empty box" => "GG , refunded" and people are doing it all the time .

[Welsh]

Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ? Probably not the IP range but well

If having a IP address was that big of an issue, nobody would be safe. Just imagine the amount of websites you've connected to over the years. If you have open ports it can slightly more concerning, but it would likely require a number of things to be truley concerened. For example, vunerable software. Keep up to date with the latest patches is normally advised. If the hacker was interested in using the IP to exploit, it would more than likely be on highly ranked members with a large presensce within the Bitcoin community.

An issue some users may find, is that the hacker may have your IP address, which is a place to start exploiting. Your hash of your password. So if he/she does crack it then they know of one possible password you might use or varations of it. Or have a general idea of the passwords you use. They may also have a secret question and answer. But, I always recommend not using them, or if you must make it completely random.

Of course, if you are concerned. Then you should get started in cranking up your security. A lot of users will be doing this, just to keep it fresh.

[opieum2]

Theymos,

Check your PMs. I sent you some info on something that might get the ball rolling. That said there are obvious suspects which info I already provided to CCN. Some press coverage might get the right wheels greased to get an actual investigation going.

[Lauda]

I am not sure why anyone would consider not using a VPN. They are really not very expensive to use and they provide a lot of added privacy.

If you believe that the majority of the users here use a VPN you are wrong.

For most people it doesn't matter if their IP address is now in the hands of the hacker, they will most likely target those with the highest ranks and based on how important that person is in the community.

Then I should have posted less I guess. Although a high post count is quite useless. I'm going to assume that the most likely targets would be people on the default trust list and people with a lot of trust (100+).

Have others received an email from the forum? I took a quick peek. Just want to verify if isn't something fishy.

[dogie]

What's the limit for passwords? I tried using an unreasonably large string as my password and didn't receive any error messages (despite the load time after I press the login button being huge). Were the last characters of the string cut off for it to fit a certain limit?

No, the last characters are not cut off, at least not at any "reasonable" password length.  My password here is over 60 characters, and it still cares about whether the last character is entered. 

I used a 2024 character string though. Not the most reasonable password length eh? I was pretty surprised to see that there wasn't any warning or error message and that's why I came here to ask if there's any limit.

Aaaaaand now we know the reason why the server lags every now and then, you're signing in For the sake of the servers might want to set it to a reasonable 50 or so, which has the same strength of 2048 = not worth bruting = just as likely to be social'ed or reset.

Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now .   XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it).
PS: however good luck with the search.

From what I saw it wasn't a new virtual identity that was used in the attack.

[dogie]

Theymos,

Check your PMs. I sent you some info on something that might get the ball rolling. That said there are obvious suspects which info I already provided to CCN. Some press coverage might get the right wheels greased to get an actual investigation going.

I don't think a witchhunt + grease is a good combination, it just ends up in a "everyone is Satoshi" shitstorm that gets innocent people caught up. Those that aren't yet aware of the hacking yet probably don't have the expertise to work it out, so let those that do get on with it.

[Gervais]

I am not sure why anyone would consider not using a VPN. They are really not very expensive to use and they provide a lot of added privacy.

If you believe that the majority of the users here use a VPN you are wrong.

I don't think he stated or insinuated that, just that people should consider using them.

Have others received an email from the forum? I took a quick peek. Just want to verify if isn't something fishy.

Yes, they were sent out by theymos en masse, though that doesn't mean you might not have recieved a phishing mail. I'm sure the hacker will try something with our emails.