Alex Zee (OP)
|
|
April 17, 2013, 07:31:46 AM |
|
I will repost from the Ripple forum: Amazing the number of dormant accounts that never ever posted in BITCOINTALK.ORG that have come alive so that they can get Ripples. Look for any user with "JR.Member" and see how many post they have done. These accounts were created years ago and never had a single post until after the giveaway.
Almost half of the giveaway addresses on page 58 are from 2011 and never had a posting until today.
This approach to a giveaway is falling apart due to this abuse. Also results in a ton of spam postings.
An example: (easy to find)
RaducuIulianu Registered Date: June 16, 2011, 09:23:04 AM #Post: 6 (All on March 1st) Ripple Account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5 Immediately moved to another account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5 which has a ton of 40K transfers to it.
What the...? This means Bitcointalk is either compromised or one of its admins got really low. Maybe this has to do with the old hack that leaked some passwords and attacker has access to old accounts now? This guy just gathers money from all acounts into this one: raRuz7se7tqNQJECUWjJdqSnEAR3F2PgcK and then caches them out to BTC via Bitstamp. Anyway, I think this fraud has to stop. Both OpenCoin and Bitcointalk guys should do something about it! Ripple has enough negative attitude towards it without such fraudulent, shady affairs. EDIT: Sorry, the original post is 1.5 months old, didn't notice the date so I guess it's not that urgent. But still - was anything done about that? Did you try to figure out who the bad guy is?
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
April 17, 2013, 07:48:25 AM |
|
I will repost from the Ripple forum: Amazing the number of dormant accounts that never ever posted in BITCOINTALK.ORG that have come alive so that they can get Ripples. Look for any user with "JR.Member" and see how many post they have done. These accounts were created years ago and never had a single post until after the giveaway.
Almost half of the giveaway addresses on page 58 are from 2011 and never had a posting until today.
This approach to a giveaway is falling apart due to this abuse. Also results in a ton of spam postings.
An example: (easy to find)
RaducuIulianu Registered Date: June 16, 2011, 09:23:04 AM #Post: 6 (All on March 1st) Ripple Account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5 Immediately moved to another account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5 which has a ton of 40K transfers to it.
What the...? This means Bitcointalk is either compromised or one of its admins got really low. Maybe this has to do with the old hack that leaked some passwords and attacker has access to old accounts now? This guy just gathers money from all acounts into this one: raRuz7se7tqNQJECUWjJdqSnEAR3F2PgcK and then caches them out to BTC via Bitstamp. Anyway, I think this fraud has to stop. Both OpenCoin and Bitcointalk guys should do something about it! Ripple has enough negative attitude towards it without such fraudulent, shady affairs. EDIT: Sorry, the original post is 1.5 months old, didn't notice the date so I guess it's not that urgent. But still - was anything done about that? Did you try to figure out who the bad guy is? No, the forum itself was not compromised. Many old accounts were under the control of a few users who probably planned to use them to scam in the near future,(old accounts seem more credible to newbies) as there's no registering restrictions on the board.
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
April 17, 2013, 07:49:27 AM |
|
I highly doubt the forum is compromised, someone just made a lot of accounts in 2011.
This is a OpenCoin Inc's giveaway rules problem, not the forum's.
|
|
|
|
Alex Zee (OP)
|
|
April 17, 2013, 07:55:33 AM |
|
I see. Then I guess it is indeed OpenCoin's problem of not filtering accounts properly.
Thanks for clarifying this.
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
April 17, 2013, 08:09:06 PM |
|
I have seen an unusual amount of 2011 accounts in the whitelist thread in the past day, so something is up. I'll put in an IP lookup request.
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
April 17, 2013, 08:45:22 PM |
|
Great work, everyone!
The following accounts have all been compromised and will be marked as a scammer until the real owner reclaims them: anonameous, matthewdowns1128A1F5, williamsnider72, sarajasie0C2C, kellyhuta64, CrowdCrackingGroup, bryankfurw05, btclaw, Sandragutierre24Y, Bitcoinmaker, jeraldftizt65, SusanaMenor23, carsonchassy5, milardistone41, fiveletterword, min0r, iamstimpy, bitcento, pandapeluche, DigiZ, trusturtechnolust, AshShep, terrence, SwimsuitPaul, Miss_Magenta, ymfeeling, cspalmer2, Robert William Bonzi, uAbbieBartonq, pooraich, Powercoiner, leahsandes, AaronBreillat, susanakaul, cocopuffs1003, TheRonPaulKid, rockstarshorty21, chevo, errtest, jimmi12, miguelvuc
|
|
|
|
Alex Zee (OP)
|
|
April 17, 2013, 08:52:38 PM |
|
Great work, everyone!
The following accounts have all been compromised and will be marked as a scammer until the real owner reclaims them: anonameous, matthewdowns1128A1F5, williamsnider72, sarajasie0C2C, kellyhuta64, CrowdCrackingGroup, bryankfurw05, btclaw, Sandragutierre24Y, Bitcoinmaker, jeraldftizt65, SusanaMenor23, carsonchassy5, milardistone41, fiveletterword, min0r, iamstimpy, bitcento, pandapeluche, DigiZ, trusturtechnolust, AshShep, terrence, SwimsuitPaul, Miss_Magenta, ymfeeling, cspalmer2, Robert William Bonzi, uAbbieBartonq, pooraich, Powercoiner, leahsandes, AaronBreillat, susanakaul, cocopuffs1003, TheRonPaulKid, rockstarshorty21, chevo, errtest, jimmi12, miguelvuc
Wow, thanks!
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
April 17, 2013, 09:40:47 PM |
|
More: brigitte2378sack, balmut051, joan48ellis, lfelicols12t, emoryyrer96, conradinoz76, stevguthie7, diegospensi7, headhunter, edwinaphan7, hilarioprnce7, bitboy999, Lavada, Lang, azerty6757, MSTRKRFT, KatiHahnA, AreYouCereal, ndawg4554, DrZaius
Let us know if you find more accounts that might be compromised and we'll look into it.
|
|
|
|
pekv2
|
|
April 17, 2013, 11:12:42 PM |
|
Great work, everyone!
The following accounts have all been compromised and will be marked as a scammer until the real owner reclaims them: anonameous, matthewdowns1128A1F5, williamsnider72, sarajasie0C2C, kellyhuta64, CrowdCrackingGroup, bryankfurw05, btclaw, Sandragutierre24Y, Bitcoinmaker, jeraldftizt65, SusanaMenor23, carsonchassy5, milardistone41, fiveletterword, min0r, iamstimpy, bitcento, pandapeluche, DigiZ, trusturtechnolust, AshShep, terrence, SwimsuitPaul, Miss_Magenta, ymfeeling, cspalmer2, Robert William Bonzi, uAbbieBartonq, pooraich, Powercoiner, leahsandes, AaronBreillat, susanakaul, cocopuffs1003, TheRonPaulKid, rockstarshorty21, chevo, errtest, jimmi12, miguelvuc
More: brigitte2378sack, balmut051, joan48ellis, lfelicols12t, emoryyrer96, conradinoz76, stevguthie7, diegospensi7, headhunter, edwinaphan7, hilarioprnce7, bitboy999, Lavada, Lang, azerty6757, MSTRKRFT, KatiHahnA, AreYouCereal, ndawg4554, DrZaius
Let us know if you find more accounts that might be compromised and we'll look into it.
Holy shit, O.O. That is a ton of cleaning you did there. Great job. That's nuts.
|
|
|
|
Raize
Donator
Legendary
Offline
Activity: 1419
Merit: 1015
|
|
April 18, 2013, 04:14:25 PM |
|
Has anyone run all of our MtGox-hack reverse engineered passwords on user accounts created pre-August 2011? My guess is some of those may be sleeper-scammers...
I know the hash list was posted, but no doubt many crackers have a list of the passwords that were simple 10-character alpha-numeric or less, or is selling it. If such a list was obtained, theymos or another admin could run an offline-pass on them to make sure none of these old accounts are using an easily-compromised password?
|
|
|
|
LanYu
Jr. Member
Offline
Activity: 54
Merit: 10
|
|
April 19, 2013, 07:02:23 PM |
|
Reposting this here. I had the following exchange tony with a man named Tony coming from the e-mail tonycicc@gmail.comI received the following email today, to an email that is not even the one listed on my forum account. Hi I saw you are on bitcointalk.org forum and wondered if you would be willing to sell me your account for $15? I see you haven’t been on there in quite a while, so perhaps you don’t need the account.
I could make a new acct, but I don’t want to go through the newbie waiting period before I can post in the main forums, so I would like an active account. Let me know and I could Paypal you the money or send you the equivalent in BTC. Just let me know. Thanks. I sent the following follow up email I am a bit curious, what leads you to conclude that I am on the bitcointalk.org forum? And he replied back with the following Hi, I believe your email address was listed on the site as being someone who registered but hadn't used their account much, at least recently. So I just looked through the member list and emailed a few people from there. But can send the funds if you no longer need that acct or just want to make a new one. Thanks. Very curious...
|
|
|
|
FreddyFender
Full Member
Offline
Activity: 215
Merit: 100
Shamantastic!
|
|
April 19, 2013, 07:11:15 PM |
|
This was the troll-pile from June 11-19, 2011 or the Cosby Caper compromise? Did we not narrow the culprits down to SA or other known affiliates?
|
|
|
|
Alex Zee (OP)
|
|
April 19, 2013, 07:33:28 PM |
|
Not sure if this would help in any way, but these are Ripple addresses of those accounts: rDhVzGdgqFXSrfrN8KKZQB2pX4xKh3iVyC (bitboy999) r9svLtQiemyWcFg6vPn24qhs2Sht33s5cR (conradinoz76) rB8RWdnR55NfgZtShdjhXCK3xGUYj3vexf (brigitte2378sack) rKt4ekuGetbXA7q6JrZm7QEQHtbFhGktz1 (MSTRKRFT) rJKAcretphkuRbKDB3DTpGnL6nMuyLHMb (hilarioprnce7) rMXDo4eStcmfUxsXRX2f5ZoNNothQsjhx4 (joan48ellis) r9mtCWNFv1MxgFRSet1D61pLfygCCPrtWj (balmut051) r45T1nnNs3NDt4YHFXBzF51dbruB8p5Jhb (lfelicols12t) rsC1p9rw141YhhPCDfrZZARcHp2ndXdebD (Lang) rQE4DkEvt5Qq3dsAPMLwKf56zqHFfdNHGH (emoryyrer96) r325Q2BxE6t9cvGXA92uFDyz8C3M9xfaZg (williamsnider72) rBPj5VfS2waceRPJPLDFkN9mfQ9bo9zQXC (stevguthie7) r372dvURUzhPSvbn5K3q8inJJVVb2z95JE (diegospensi7) r3Mdx8bT9uALRLSK71xdKNZpd7v25rEDrg (headhunter) rEb4nthyGnAPk78sJx4idMVhwxNMDWLVXp (edwinaphan7) rMBGtDiR1F1uH9nwqE7N8KaRkpXsfXf7cL (KatiHahnA) rMvf6AgUxN3bhFD46t7bmR289Jy63xaHFM (azerty6757) raFiQmqTqs2XNcjwcerN7be2WfjttBsBnC (Lavada) rfXEx4zne69Z2x7ReEtWAeztJLZKix4zQS (Miss_Magenta) r3fjAaRqdfFyHQx4UxVzBWRe1WFHcbjN1P (uAbbieBartonq) razBoFtQUpKbHxrxWMDqYF5ZtS8UJU1sRW (milardistone41) rKSzNoRgQJqZUPmEkuJpk4f3mgyJLb3GYL (terrence) rNxU8S7bXN4UhZbXZ5xg4Aj3n7DbsvarUt (TheRonPaulKid) rfiyDF4eLVEeuvUeN41vNwLhuk2JsFP6Je (carsonchassy5) ra7mx76b7EZW1tYf3U9rZy9mhMs834Wbep (fiveletterword) rwK6AfyK3xeK9z7zGw5Gg32i36ZhtYemvu (btclaw) rMafHLLeAGP3kfF3pC1mLAmFe5yLjV6hce (AshShep) rwd3oJyjDrPDJBsErgGUewXct2Zau2FT98 (trusturtechnolust) rDVKnGmdAEhhc8Z7HEGgXZKvZeJQ5VfmGU (Powercoiner) rD7cNJuRaJ4FETfGLzD59DsxVHarVQF7Yd (iamstimpy) rMgHwn8wsbpwNHE7kpmracsj4tKeY2BScZ (Bitcoinmaker) rUmeNtAhArrXcjHgCqRAREndj17dwpDuzX (matthewdowns1128A1F5) rB9tVCg26Cg5uWdcUqJwgESQ77daU1FKrT (sarajasie0C2C) rwg9WdYkEjB53FV3mvmhf3zJ6JaNxxQv6M (kellyhuta64) rJeu3rujHHpjw6Naip38dbE7eCMQX9sgq3 (bryankfurw05) rwynwQCh7NrcZrtxF3t5BhWGEUkCQ18NSX (Sandragutierre24Y) rfGdFc1oAHGAHTWkuwsgUk8h7mThQ4j97Y (jeraldftizt65) rDQ41x6AGCYrKDW3urdk2hhdvTh4umcJ1S (jimmi12) rpMw3EhdL22dYdgD5PrpFGpzPQjsMG9hqH (Robert William Bonzi) rN9TidskfqEFoo24KWEjLDMnaqNUK5Qns4 (anonameous) ra4vvH2QN9WBFwLbVsNwxoeSo6UxgRsypW (errtest) r3E7BAh2y6hn78qr9sfVjbwomcJ5rkf1sH (CrowdCrackingGroup) r499UL6MtkiaM2Ed2KkVyWoWDj3G3a9MT1 (min0r) rB3M9ok35xFTpvvmXdCPsJedXJ3EwDwKCv (DigiZ) rNrwLxNysdcVDZkN4z5XY9fSQ3T5X4Vsxr (SwimsuitPaul) rKUYBZuPSqtAHW1NUNSTQkoht4qww6uyME (pandapeluche) rHQQCaoGLYPHRiJqCiijqKqCACFRMZEGDw (chevo) rfVVEVuL7jsmmrPVFEPXbeU6TpDnArN3Q5 (leahsandes) rMeWMDEQC14J7VAPFaGSD2RGJPPkSM94Dq (AaronBreillat) rLA9W5T5D6SHQ6ytwiwPNcaPsQnrtJFeJJ (SusanaMenor23) rE1hqUzyZ8jHX3SrUvuPHaNpAky65H9zEU (cspalmer2) rUSYXJ9KtBVBeM9HBh6xTxT5EQYmUF5gMQ (pooraich) rLzyiamW4zuxugtxQv3zLz6EG73XEJdKje (rockstarshorty21) rf6fwW4NJuFBFJtzXNRr9ea5LH2zkdLicn (ymfeeling) rDATKR6K3ab774sjxiSTb3aV1qVLnuhLq8 (cocopuffs1003) rnwGcAVEBPeihFBSS2PcHYH8GBatpRJ3oc (bitcento)
|
|
|
|
deedee_1987@hotmail.com
Newbie
Offline
Activity: 21
Merit: 0
|
|
April 19, 2013, 10:27:55 PM |
|
Hi, please some administator contact me. Susana tryed to talk with theymos a few days but he hasn't answer. She sent PM.
I also requested the ripple giveaway, and I'm sure in the same IP that some of these guys (already received)
If you run a simple TRACE on the IP you understand why we have the same IP....it is from our UNIVERSITY CAMPUS, and I think I don't need to explain why the out IP is the same.
One of the guys told us to reactivate the accounts to ask the ripple giveaway, so we did it... we are all in the same campus, and created during the time of BTC, but were never active. Now that we had the chance to get some free ripples to exchange (what some have already made with BTC), we activated again... nothing illegal I think :\
Please some moderator give me a contact, you can contact each and any of the persons that they will answer you. we can send ID on all of us to a admin, just tell what you need.
Sorry for the long text.
regards
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
April 19, 2013, 11:52:30 PM |
|
Hi, please some administator contact me. Susana tryed to talk with theymos a few days but he hasn't answer. She sent PM.
I also requested the ripple giveaway, and I'm sure in the same IP that some of these guys (already received)
If you run a simple TRACE on the IP you understand why we have the same IP....it is from our UNIVERSITY CAMPUS, and I think I don't need to explain why the out IP is the same.
One of the guys told us to reactivate the accounts to ask the ripple giveaway, so we did it... we are all in the same campus, and created during the time of BTC, but were never active. Now that we had the chance to get some free ripples to exchange (what some have already made with BTC), we activated again... nothing illegal I think :\
Please some moderator give me a contact, you can contact each and any of the persons that they will answer you. we can send ID on all of us to a admin, just tell what you need.
Sorry for the long text.
regards
No, all of those accounts were used by the same person. I personally checked each account to prevent this exact problem from happening. For example, please tell me how this account wasn't compromised: https://bitcointalk.org/index.php?action=profile;u=31850;sa=showPostsAnd yes, I'm sure you have plenty of fake IDs. You probably got them from the same place you got these accounts. Now, you could argue that you bought these accounts legitimately (since we allow that here), but since they all posted in the Ripple thread and were owned by a single person, that still qualifies for a scammer tag.
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
April 20, 2013, 12:00:42 AM |
|
deedee_1987@ : another account registered in 2010 with NO posts until now - the same slimeball attempting to social engineer.
One does wonder the vector here - are these accounts hacked, or did one entity just make many forum users? The creating IP address should let someone determine their sockiness.
|
|
|
|
scintill
|
|
April 20, 2013, 12:22:19 AM |
|
I agree it's suspicious, but anyone care to point out what's particularly damning about the post history? I noticed the second-to-last "ok thanks" post was surrounded by other short, useless replies with scammer tags in that thread. Also curious, if it's appropriate to reveal, was the IP really owned by a university?
|
1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
|
|
|
deedee_1987@hotmail.com
Newbie
Offline
Activity: 21
Merit: 0
|
|
April 20, 2013, 12:41:17 AM |
|
I'm sorry to say, but what is the problem of having that spam posts saying hello? all of the guys sayed something with no sence since there were restrictions on the forum and we could not post in the ripple giveaway. I don't know what is the forum problem in us having a free ripple offer. It doesn't qualify as a scam, does it? And we sure don't spam the rest of the forum. this was supposed to be a FREE forum, open, and not like a government. (my opinion) thanks
|
|
|
|
myrkul
|
|
April 20, 2013, 12:46:31 AM |
|
this was supposed to be a FREE forum, open, and not like a government. (my opinion) Yup, it's not like a government. Which means you don't get a vote. This is private property. And not yours.
|
|
|
|
deedee_1987@hotmail.com
Newbie
Offline
Activity: 21
Merit: 0
|
|
April 20, 2013, 01:01:09 AM |
|
i know it's not mine, it's of the community
at least it was why the founder made it, dont you agree?
Where can we send our ID's ? real members, not spam or scam
|
|
|
|
|