Bitcoin Forum
December 10, 2019, 12:52:04 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
Author Topic: I've just been robbed :-(  (Read 18901 times)
paulie_w
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
September 29, 2012, 01:13:16 AM
 #41

wow, 8000+ btc, that must hurt. sorry man!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BC12345
Newbie
*
Offline Offline

Activity: 57
Merit: 0


View Profile
September 29, 2012, 01:13:41 AM
 #42

My humble advice:

- log off, go to bed, try to sleep and get your head clear

- tomorrow, try to figure out what happened.
Insu Dra
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
September 29, 2012, 01:30:48 AM
 #43

agh sorry to hear ...

Just wanted to repeat my self again,
we need a easy to use Multi Sig implementation asap ...

Funds like these do not belong on a one to one transaction address.
 Roll Eyes

"drugs, guns, and gambling for anyone and everyone!"
kangasbros
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1006



View Profile
September 29, 2012, 01:36:07 AM
 #44

I'm sorry for the accident Sad

Care to share the details of your exact setup? I still didn't pick up what OS you were using etc.

BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1002


firstbits:1MinerQ


View Profile WWW
September 29, 2012, 01:37:09 AM
Last edit: September 29, 2012, 02:32:35 AM by BkkCoins
 #45

That ssh log message indicates they accessed using your public key. How on earth did they get that? Did you access from some other systems that they may have also got access to? This is pretty common. This means you need to check all other computers that previously you used to connect to your laptop. A public key is not more safe than a password if it's left laying around on various systems.

People often use a key for automated access (scripts etc). If you do that it should be for a different, limited user that can only do the very limited functions you intent to automate.
I don't understand it either, apparently they got first into my home machine (with password auth enabled), grabbed the private key for my work machine and logged in there. No idea as to how.
Any possibility of physical access at home? Roommate, neighbor, wandering gypsy, anyone who has physical access can gain root without password and then access your key - unless you use encrypted home or an encrypted hard disk.

Do you have remote access methods open at home, eg. VNC, or run a web server or other service? These are things that can get compromised. Java based web apps/servers seem to be open like swiss-cheese nowadays going by reading the news anyway.

Even someone with brief access to your laptop could simply run ssh-copy-id to some remote server they control. That would give your key to their server for later re-access. I wouldn't fully believe this was a Russian user. It could just as easily be your next door neighbor using a proxy.
Check whether an additional key has been added to your laptop's ~/.ssh/authorized_keys file. This could be done by anyone with even a few moments access to your laptop.

Another thing I noticed - your sshd log msg indicates the user used sftp to login since it happened at the same exact same second as the ssh login. Hence, it wasn't a user logging in to the console and then choosing to use sftp. Have there been machines where you used sftp to view files? This uses ssh as a transport layer but you may have thought differently about how you connected since the client would not be console but Nautilus or any number of file browser apps.

caffeinewriter
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


It's been a while


View Profile WWW
September 29, 2012, 02:13:55 AM
 #46

Thanks caffeinewriter, any help is appreciated. I will file a report on Monday, and see what they say.

As for the cleaning up I think I'm OK. Just running clamscan over all the files, rkhunter had nothing to complain, but I don't know whether an eventual rootkit wouldn't be smart enough to fool them, any experience about that?

Let me put it this way. There is nothing more annoying than Rootkits. They hide in every dark corner of your system. I'd recommend a specific rootkit detector/remover. Here are some I know of.

1. http://www.gmer.net (Windows)

2. https://www.pcworld.com/product/946306/f-secure-blacklight-rootkit-eliminator.html (Windows)

3. http://www.rootkit.nl/projects/rootkit_hunter.html (Linux)

4. http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx (Windows)

If you still think you might have a rootkit, wipe your system clean. It's really the only surefire way to get rid of a rootkit.

Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
September 29, 2012, 02:21:15 AM
 #47

Even someone with brief access to your laptop could simply run ssh-copy-id to some remote server they control.
ssh-copy-id transfers the public key.  That is fine.  Your public key can be public.  It's the private key that you have to protect and often have encrypted.

Stories like this make me want to change all my passwords and move to new hot wallets.  This is why I keep my large stash in an offline Armory wallet.

BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1002


firstbits:1MinerQ


View Profile WWW
September 29, 2012, 02:33:52 AM
 #48

Even someone with brief access to your laptop could simply run ssh-copy-id to some remote server they control.
ssh-copy-id transfers the public key.  That is fine.  Your public key can be public.  It's the private key that you have to protect and often have encrypted.
You're right - I got turn around. It's someone adding a public key to your authorized_keys file that you would need to be wary of.

GernMiester
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250


View Profile
September 29, 2012, 03:28:50 AM
 #49

BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!!
It gets taken and you get told go to hell and I get yet another laugh...
If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1002


firstbits:1MinerQ


View Profile WWW
September 29, 2012, 04:06:19 AM
 #50

BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!!
It gets taken and you get told go to hell and I get yet another laugh...
If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...

Yes, now print a paper wallet (key) and you can say exactly the same thing about Bitcoin.

caffeinewriter
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


It's been a while


View Profile WWW
September 29, 2012, 04:15:27 AM
 #51

BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!!
It gets taken and you get told go to hell and I get yet another laugh...
If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...

Yes, now print a paper wallet (key) and you can say exactly the same thing about Bitcoin.

+1 GernMiester, I respect your opinion and respectfully reject it and maintain my own.

squid
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
September 29, 2012, 04:30:43 AM
 #52

Separate money into multiple offline backup wallets. Everything in 1 pot is silly =/

Sorry about your loss.
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1002


firstbits:1MinerQ


View Profile WWW
September 29, 2012, 05:02:46 AM
 #53

BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!!
It gets taken and you get told go to hell and I get yet another laugh...
If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...


Ban this troll.

By the way, they don't need to physically steal your FIAT to rob you, they simply print more.
Indeed. They may do it slowly but it is surely. At 3%/year it'll take them, what, about 20 years to take half of it but guns in both hands and bars on the doors won't stop them.

So far with Bitcoin, excepting a week when everyone went bananas last summer, you would very likely be much ahead, maybe even very much ahead.

cedivad
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001



View Profile
September 29, 2012, 05:23:26 AM
Last edit: September 29, 2012, 05:34:16 AM by cedivad
 #54

Please explain us how the hell they got access to your private key.

My anger against what is wrong in the Bitcoin community is productive:
Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)
Hashfast.org - Wiki for screwed customers
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000

Let the chips fall where they may.


View Profile WWW
September 29, 2012, 05:53:22 AM
 #55

I don't understand it either, apparently they got first into my home machine (with password auth enabled), grabbed the private key for my work machine and logged in there. No idea as to how.

Does you home machine password have more or less than 60 bits of information (10 character, letters, numbers ,symbols)?

You may want to check the logs for failed login attempts.

I think the lesson here (which I did not know) is that you are going to move to key-based authentication, you should do it everywhere at the same time. Do you log into you home machine from Public computers? is that why you were not using Key based authentication?

Note: until recently, I was using password authentication with about 17 bits of information. Half my security was obscurity (two logins required with different usernames and passwords).

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
nomnomnom
Sr. Member
****
Offline Offline

Activity: 313
Merit: 250



View Profile
September 29, 2012, 08:08:15 AM
 #56

Thanks caffeinewriter, any help is appreciated. I will file a report on Monday, and see what they say.

As for the cleaning up I think I'm OK. Just running clamscan over all the files, rkhunter had nothing to complain, but I don't know whether an eventual rootkit wouldn't be smart enough to fool them, any experience about that?

Let me put it this way. There is nothing more annoying than Rootkits. They hide in every dark corner of your system. I'd recommend a specific rootkit detector/remover. Here are some I know of.

1. http://www.gmer.net (Windows)

2. https://www.pcworld.com/product/946306/f-secure-blacklight-rootkit-eliminator.html (Windows)

3. http://www.rootkit.nl/projects/rootkit_hunter.html (Linux)

4. http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx (Windows)

If you still think you might have a rootkit, wipe your system clean. It's really the only surefire way to get rid of a rootkit.

I think after a disaster like this the only secure method is to reinstall all affected computers, make some images
of the harddisk so you can still analyze what happend.
Insu Dra
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
September 29, 2012, 08:37:51 AM
Last edit: September 29, 2012, 09:02:45 AM by Insu Dra
 #57



If you still think you might have a rootkit, wipe your system clean. It's really the only surefire way to get rid of a rootkit.

I think after a disaster like this the only secure method is to reinstall all affected computers, make some images of the harddisk so you can still analyze what happend.

+1, don't try to fix a os if you think it might have a root kit.
Root kit cleaners are like anti virus software, they only clean what they know and recognize ....

"drugs, guns, and gambling for anyone and everyone!"
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
September 29, 2012, 08:54:44 AM
 #58

Well, just to prove that even long time members are not secure from being stupid. My wallet has just been cleared out:


At first I thought maybe it's just an old transaction that has only now been submitted, but I can't find any wallet of mine that owns those keys.

I had my wallet encrypted, but this was apparently an old backup of my wallet that I must have stored somewhere.

Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow?
8000 btc in a hotwallet... Was that necessary? Why didn't you consider cold storage?

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
Gyrsur
Legendary
*
Offline Offline

Activity: 2338
Merit: 1211


I, Quant


View Profile
September 29, 2012, 09:07:04 AM
 #59

Well, just to prove that even long time members are not secure from being stupid. My wallet has just been cleared out:


At first I thought maybe it's just an old transaction that has only now been submitted, but I can't find any wallet of mine that owns those keys.

I had my wallet encrypted, but this was apparently an old backup of my wallet that I must have stored somewhere.

Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow?
8000 btc in a hotwallet... Was that necessary? Why didn't you consider cold storage?
advise, advise, advise... it's to late to blame him! I'm looking forward to get clear instructions from here:

Quote
Our Goals for 2013

So, what will we be doing in 2013 with the Bitcoin Foundation? We’ve set our eyes on accomplishing the following things:

Begin to pay Gavin’s salary and get him some budget for the core development team
Run a payments-oriented Silicon Valley Bitcoin Conference in the spring (Bitcoin 2013)
Publish a set of best practices for businesses transacting in Bitcoin, covering topics from accounting to physical and digital security
Create an opt-in certification process for Bitcoin businesses

Derivatives like Futures and Options are part of the formation of BTC prices since some time. Whether we like it or not the best way to adapt it is to learn how they are working and how we can profit from them.
SuperHakka
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
September 29, 2012, 10:43:09 AM
 #60

Really sorry for the OP. There's not much one can say to help the situation. These kind of problems have got to be sorted out before BTC hits the mainstream. I get the feeling that on the average, we are here are quite tech savvy compared to the the normal guy. But if a granny had her wallet.dat stolen and the tabloid newspapers get hold of it, that would be a serious blow to the credibility of bitcoin and might be irreversible.

'First they ignore you. Then they laugh at you. Then they attack you. Then you win.' - Mohandas Gandhi
"Whenever I'm about to do something, I think, 'Would an idiot do this?' and if he would, I do not do that thing." - Dwight Schrute
Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!