Bitcoin Forum
December 11, 2016, 02:38:55 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MITM attacks and how to avoid them  (Read 2789 times)
juilla
Newbie
*
Offline Offline

Activity: 6


View Profile
June 10, 2011, 07:17:59 PM
 #1

[Mods if this is in the wrong place please move it appropriately, if it is in the right place please delete this text ^^]

There has been an increase in Man In The Middle attacks (herein known as MITM) which are sorely affecting multiple users - both the buyer, seller and also new comers to #Bitcoin-OTC. The attacks seem to go as such:
Buyer = buyer of btc, Seller = seller of btc
Fakebuyer = scammer buying and Fakeseller = scammer selling


SCAMMER creates two IRC accounts on #bitcoin-otc
Fakebuyer and Fakeseller both belong to SCAMMER

1--Fakebuyer arrives on IRC looking to buy coins at a great, above the market rate. Seller falls in to the trap.
2--Fakeseller arrives, looking to sell at a great below market rate. Buyer will likely fall in to the trap.
3--Fakeseller comes to a deal with Buyer; Fakebuyer comes to a deal with Seller .
4--Seller will give Fakebuyer the Paypal address to send payment to. Fakeseller will give this PP address to Buyer, who sends payment to that PP address
5--Seller receives the money believing it is from Fakebuyer. So releases the bitcoins to Fakebuyer.
6--SCAMMER logs both Fakeseller and Fakebuyer from IRC. His work is done and he has effectively stolen and laundered money in to bitcoin.
....later...
7--Buyer realises he has been scammed and issues a charge back on Seller, thinking it is Fakeseller.
8--Seller sees this and thinks that Buyer is a scammer.
9--End of story, Buyer and Seller think each other are scammers when in fact the scammer hit them both, they should then go to the #bitcoin-court to resolve the issue infront of the tribunal.


Both events 1,2 occur concurrently. So the thing to look out for is someone is buying at a great rate while another is selling at a great rate. Both users will likely be unrated although there may be hijacked usernames. Use ;;getrating and ;;ident to check.
Remember - if the price is too good, it is probably a scam. If they are a seller and selling below BTC Exchange rates then chances are it is a scam.
If the trade doesn't feel right, use an escrow service such as clear coin or ask a trusted member of -otc to act as escrow. Or do not trade with the person at all. There are other buyers and sellers and exchanges such as MtGox, BCM, Britcoin ...

Here are some logs of real scams:
A Fakebuyer -- http://pastebin.com/JTnDZxdZ
If you have any more logs or think I should add anything to this post let me know.

a)  As LobsterMan said, ;;ident and ;;getrating are not necessarily good indicators. Checking the ;;trust rating (I have no idea what this is btw) and getting an email from the Paypal address you are buying from / selling to may also help.
b)  Be wary if you're being stalled for no reason by the buyer or seller
c)  Never EVER send Bitcoin first. It is a one way payment and can not be charged back. It is best to receive payment first or simply not to use Paypal at all.


Bitraider,
RaidinYoBits since 2011
Donate: 1H8dJCwrvKQN2eBztuR9L26sssEE8YeqZr
1481423935
Hero Member
*
Offline Offline

Posts: 1481423935

View Profile Personal Message (Offline)

Ignore
1481423935
Reply with quote  #2

1481423935
Report to moderator
1481423935
Hero Member
*
Offline Offline

Posts: 1481423935

View Profile Personal Message (Offline)

Ignore
1481423935
Reply with quote  #2

1481423935
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481423935
Hero Member
*
Offline Offline

Posts: 1481423935

View Profile Personal Message (Offline)

Ignore
1481423935
Reply with quote  #2

1481423935
Report to moderator
1481423935
Hero Member
*
Offline Offline

Posts: 1481423935

View Profile Personal Message (Offline)

Ignore
1481423935
Reply with quote  #2

1481423935
Report to moderator
1481423935
Hero Member
*
Offline Offline

Posts: 1481423935

View Profile Personal Message (Offline)

Ignore
1481423935
Reply with quote  #2

1481423935
Report to moderator
LobsterMan
Member
**
Offline Offline

Activity: 74


View Profile
June 10, 2011, 07:25:59 PM
 #2

This has been popping up a lot lately in #bitcoin-otc and #bitcoin-court, I would suggest that this topic be stickied so that we may prevent others from falling victim to this deviously clever scam  Sad


Also check the ratings thoroughly. Just because someone is rated high and ident'd does not mean they are legit, there have been speculations about people pumping up their own ratings with multiple accounts
xf2_org
Member
**
Offline Offline

Activity: 70


View Profile
June 11, 2011, 12:09:15 AM
 #3

Also check the ratings thoroughly. Just because someone is rated high and ident'd does not mean they are legit, there have been speculations about people pumping up their own ratings with multiple accounts

That is what

Code:
;;gettrust USERNAME

is there for.  A simple rating does not tell you whether or not that person is connected to your trust network.

Tyran
Jr. Member
*
Offline Offline

Activity: 40


View Profile
June 11, 2011, 12:41:13 AM
 #4

The scam itself may be clever but it still relies on 2 people doing trades with untrusted members or failing to use ;;ident properly, so it's easily avoided.
If people fall for this the scammer could have achieved the same result by just buying bitcoins with paypal and doing the chargeback himself.
juilla
Newbie
*
Offline Offline

Activity: 6


View Profile
June 11, 2011, 09:12:57 AM
 #5

The scam itself may be clever but it still relies on 2 people doing trades with untrusted members or failing to use ;;ident properly, so it's easily avoided.
If people fall for this the scammer could have achieved the same result by just buying bitcoins with paypal and doing the chargeback himself.
but in this case the scammer would have to handle the money and is traceable to his paypal. I'd assume the reason MITM is done is to be practically untraceable, especially as BTC is anonymous
LobsterMan
Member
**
Offline Offline

Activity: 74


View Profile
June 11, 2011, 04:07:40 PM
 #6

The scam itself may be clever but it still relies on 2 people doing trades with untrusted members or failing to use ;;ident properly, so it's easily avoided.
If people fall for this the scammer could have achieved the same result by just buying bitcoins with paypal and doing the chargeback himself.
but in this case the scammer would have to handle the money and is traceable to his paypal. I'd assume the reason MITM is done is to be practically untraceable, especially as BTC is anonymous

Yeah....the way this works out the scammer can conduct his scam without even having any capital of his own
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!