Bitcoin Forum
December 15, 2024, 01:30:17 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Is Bitcointalk forum compromised?  (Read 3060 times)
Alex Zee (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile WWW
April 17, 2013, 07:31:46 AM
 #1

I will repost from the Ripple forum:

Quote
Amazing the number of dormant accounts that never ever posted in BITCOINTALK.ORG that have come alive so that they can get Ripples. Look for any user with "JR.Member" and see how many post they have done. These accounts were created years ago and never had a single post until after the giveaway.

Almost half of the giveaway addresses on page 58 are from 2011 and never had a posting until today.

This approach to a giveaway is falling apart due to this abuse. Also results in a ton of spam postings.

An example: (easy to find)

RaducuIulianu
Registered Date: June 16, 2011, 09:23:04 AM
#Post: 6 (All on March 1st)
Ripple Account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5
Immediately moved to another account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5 which has a ton of 40K transfers to it.

What the...? This means Bitcointalk is either compromised or one of its admins got really low.

Maybe this has to do with the old hack that leaked some passwords and attacker has access to old accounts now?

This guy just gathers money from all acounts into this one:

raRuz7se7tqNQJECUWjJdqSnEAR3F2PgcK

and then caches them out to BTC via Bitstamp.

Anyway, I think this fraud has to stop. Both OpenCoin and Bitcointalk guys should do something about it!

Ripple has enough negative attitude towards it without such fraudulent, shady affairs.

EDIT:
Sorry, the original post is 1.5 months old, didn't notice the date Smiley so I guess it's not that urgent.

But still - was anything done about that? Did you try to figure out who the bad guy is?



BTC Monitor - systray price ticker
RipTalk.org - new Ripple forum
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
April 17, 2013, 07:48:25 AM
 #2

I will repost from the Ripple forum:

Quote
Amazing the number of dormant accounts that never ever posted in BITCOINTALK.ORG that have come alive so that they can get Ripples. Look for any user with "JR.Member" and see how many post they have done. These accounts were created years ago and never had a single post until after the giveaway.

Almost half of the giveaway addresses on page 58 are from 2011 and never had a posting until today.

This approach to a giveaway is falling apart due to this abuse. Also results in a ton of spam postings.

An example: (easy to find)

RaducuIulianu
Registered Date: June 16, 2011, 09:23:04 AM
#Post: 6 (All on March 1st)
Ripple Account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5
Immediately moved to another account: rEiUFmQbeEJKmHdSTuCTfBwUAck6A8jfT5 which has a ton of 40K transfers to it.

What the...? This means Bitcointalk is either compromised or one of its admins got really low.

Maybe this has to do with the old hack that leaked some passwords and attacker has access to old accounts now?

This guy just gathers money from all acounts into this one:

raRuz7se7tqNQJECUWjJdqSnEAR3F2PgcK

and then caches them out to BTC via Bitstamp.

Anyway, I think this fraud has to stop. Both OpenCoin and Bitcointalk guys should do something about it!

Ripple has enough negative attitude towards it without such fraudulent, shady affairs.

EDIT:
Sorry, the original post is 1.5 months old, didn't notice the date Smiley so I guess it's not that urgent.

But still - was anything done about that? Did you try to figure out who the bad guy is?



No, the forum itself was not compromised. Many old accounts were under the control of a few users who probably planned to use them to scam in the near future,(old accounts seem more credible to newbies) as there's no registering restrictions on the board.
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
April 17, 2013, 07:49:27 AM
 #3

I highly doubt the forum is compromised, someone just made a lot of accounts in 2011.

This is a OpenCoin Inc's giveaway rules problem, not the forum's.
Alex Zee (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile WWW
April 17, 2013, 07:55:33 AM
 #4

I see. Then I guess it is indeed OpenCoin's problem of not filtering accounts properly.

Thanks for clarifying this.

BTC Monitor - systray price ticker
RipTalk.org - new Ripple forum
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
April 17, 2013, 08:09:06 PM
 #5

I have seen an unusual amount of 2011 accounts in the whitelist thread in the past day, so something is up. I'll put in an IP lookup request.

Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
April 17, 2013, 08:45:22 PM
 #6

Great work, everyone!

The following accounts have all been compromised and will be marked as a scammer until the real owner reclaims them:
anonameous, matthewdowns1128A1F5, williamsnider72, sarajasie0C2C, kellyhuta64, CrowdCrackingGroup, bryankfurw05, btclaw, Sandragutierre24Y, Bitcoinmaker, jeraldftizt65, SusanaMenor23, carsonchassy5, milardistone41, fiveletterword, min0r, iamstimpy, bitcento, pandapeluche, DigiZ, trusturtechnolust, AshShep, terrence, SwimsuitPaul, Miss_Magenta, ymfeeling, cspalmer2, Robert William Bonzi, uAbbieBartonq, pooraich, Powercoiner, leahsandes, AaronBreillat, susanakaul, cocopuffs1003, TheRonPaulKid, rockstarshorty21, chevo, errtest, jimmi12, miguelvuc

Alex Zee (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile WWW
April 17, 2013, 08:52:38 PM
 #7

Great work, everyone!

The following accounts have all been compromised and will be marked as a scammer until the real owner reclaims them:
anonameous, matthewdowns1128A1F5, williamsnider72, sarajasie0C2C, kellyhuta64, CrowdCrackingGroup, bryankfurw05, btclaw, Sandragutierre24Y, Bitcoinmaker, jeraldftizt65, SusanaMenor23, carsonchassy5, milardistone41, fiveletterword, min0r, iamstimpy, bitcento, pandapeluche, DigiZ, trusturtechnolust, AshShep, terrence, SwimsuitPaul, Miss_Magenta, ymfeeling, cspalmer2, Robert William Bonzi, uAbbieBartonq, pooraich, Powercoiner, leahsandes, AaronBreillat, susanakaul, cocopuffs1003, TheRonPaulKid, rockstarshorty21, chevo, errtest, jimmi12, miguelvuc

Wow, thanks!

BTC Monitor - systray price ticker
RipTalk.org - new Ripple forum
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
April 17, 2013, 09:40:47 PM
 #8

More:
brigitte2378sack, balmut051, joan48ellis, lfelicols12t, emoryyrer96, conradinoz76, stevguthie7, diegospensi7, headhunter, edwinaphan7, hilarioprnce7, bitboy999, Lavada, Lang, azerty6757, MSTRKRFT, KatiHahnA, AreYouCereal, ndawg4554, DrZaius

Let us know if you find more accounts that might be compromised and we'll look into it.

pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
April 17, 2013, 11:12:42 PM
 #9

Great work, everyone!

The following accounts have all been compromised and will be marked as a scammer until the real owner reclaims them:
anonameous, matthewdowns1128A1F5, williamsnider72, sarajasie0C2C, kellyhuta64, CrowdCrackingGroup, bryankfurw05, btclaw, Sandragutierre24Y, Bitcoinmaker, jeraldftizt65, SusanaMenor23, carsonchassy5, milardistone41, fiveletterword, min0r, iamstimpy, bitcento, pandapeluche, DigiZ, trusturtechnolust, AshShep, terrence, SwimsuitPaul, Miss_Magenta, ymfeeling, cspalmer2, Robert William Bonzi, uAbbieBartonq, pooraich, Powercoiner, leahsandes, AaronBreillat, susanakaul, cocopuffs1003, TheRonPaulKid, rockstarshorty21, chevo, errtest, jimmi12, miguelvuc

More:
brigitte2378sack, balmut051, joan48ellis, lfelicols12t, emoryyrer96, conradinoz76, stevguthie7, diegospensi7, headhunter, edwinaphan7, hilarioprnce7, bitboy999, Lavada, Lang, azerty6757, MSTRKRFT, KatiHahnA, AreYouCereal, ndawg4554, DrZaius

Let us know if you find more accounts that might be compromised and we'll look into it.

Holy shit, O.O. That is a ton of cleaning you did there. Great job. That's nuts.
Raize
Donator
Legendary
*
Offline Offline

Activity: 1419
Merit: 1015


View Profile
April 18, 2013, 04:14:25 PM
 #10

Has anyone run all of our MtGox-hack reverse engineered passwords on user accounts created pre-August 2011? My guess is some of those may be sleeper-scammers...

I know the hash list was posted, but no doubt many crackers have a list of the passwords that were simple 10-character alpha-numeric or less, or is selling it. If such a list was obtained, theymos or another admin could run an offline-pass on them to make sure none of these old accounts are using an easily-compromised password?
LanYu
Jr. Member
*
Offline Offline

Activity: 54
Merit: 10


View Profile
April 19, 2013, 07:02:23 PM
 #11

Reposting this here. I had the following exchange tony with a man named Tony coming from the e-mail tonycicc@gmail.com

I received the following email today, to an email that is not even the one listed on my forum account.


Quote
Hi I saw you are on bitcointalk.org forum and wondered if you would be willing to sell me your account for $15?   I see you haven’t been on there in quite a while, so perhaps you don’t need the account.

 

I could make a new acct, but I don’t want to go through the newbie waiting period before I can post in the main forums, so I would like an active account.   Let me know and I could Paypal you the money or send you the equivalent in BTC.  Just let me know.  Thanks.

I sent the following follow up email


Quote
I am a bit curious, what leads you to conclude that I am on the
bitcointalk.org forum?

And he replied back with the following


Quote
Hi, I believe your email address was listed on the site as being someone who
registered but hadn't used their account much, at least recently.  So I just
looked through the member list and emailed a few people from there.   But
can send the funds if you no longer need that acct or just want to make a
new one.  Thanks.


Very curious...
FreddyFender
Full Member
***
Offline Offline

Activity: 215
Merit: 100


Shamantastic!


View Profile
April 19, 2013, 07:11:15 PM
 #12

This was the troll-pile from June 11-19, 2011 or the Cosby Caper compromise? Did we not narrow the culprits down to SA or other known affiliates?

Alex Zee (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile WWW
April 19, 2013, 07:33:28 PM
 #13

Not sure if this would help in any way, but these are Ripple addresses of those accounts:

Quote
rDhVzGdgqFXSrfrN8KKZQB2pX4xKh3iVyC (bitboy999)
r9svLtQiemyWcFg6vPn24qhs2Sht33s5cR (conradinoz76)
rB8RWdnR55NfgZtShdjhXCK3xGUYj3vexf (brigitte2378sack)
rKt4ekuGetbXA7q6JrZm7QEQHtbFhGktz1 (MSTRKRFT)
rJKAcretphkuRbKDB3DTpGnL6nMuyLHMb (hilarioprnce7)
rMXDo4eStcmfUxsXRX2f5ZoNNothQsjhx4 (joan48ellis)
r9mtCWNFv1MxgFRSet1D61pLfygCCPrtWj (balmut051)
r45T1nnNs3NDt4YHFXBzF51dbruB8p5Jhb (lfelicols12t)
rsC1p9rw141YhhPCDfrZZARcHp2ndXdebD (Lang)
rQE4DkEvt5Qq3dsAPMLwKf56zqHFfdNHGH (emoryyrer96)
r325Q2BxE6t9cvGXA92uFDyz8C3M9xfaZg (williamsnider72)
rBPj5VfS2waceRPJPLDFkN9mfQ9bo9zQXC (stevguthie7)
r372dvURUzhPSvbn5K3q8inJJVVb2z95JE (diegospensi7)
r3Mdx8bT9uALRLSK71xdKNZpd7v25rEDrg (headhunter)
rEb4nthyGnAPk78sJx4idMVhwxNMDWLVXp (edwinaphan7)
rMBGtDiR1F1uH9nwqE7N8KaRkpXsfXf7cL (KatiHahnA)
rMvf6AgUxN3bhFD46t7bmR289Jy63xaHFM (azerty6757)
raFiQmqTqs2XNcjwcerN7be2WfjttBsBnC (Lavada)
rfXEx4zne69Z2x7ReEtWAeztJLZKix4zQS (Miss_Magenta)
r3fjAaRqdfFyHQx4UxVzBWRe1WFHcbjN1P (uAbbieBartonq)
razBoFtQUpKbHxrxWMDqYF5ZtS8UJU1sRW (milardistone41)
rKSzNoRgQJqZUPmEkuJpk4f3mgyJLb3GYL (terrence)
rNxU8S7bXN4UhZbXZ5xg4Aj3n7DbsvarUt (TheRonPaulKid)
rfiyDF4eLVEeuvUeN41vNwLhuk2JsFP6Je (carsonchassy5)
ra7mx76b7EZW1tYf3U9rZy9mhMs834Wbep (fiveletterword)
rwK6AfyK3xeK9z7zGw5Gg32i36ZhtYemvu (btclaw)
rMafHLLeAGP3kfF3pC1mLAmFe5yLjV6hce (AshShep)
rwd3oJyjDrPDJBsErgGUewXct2Zau2FT98 (trusturtechnolust)
rDVKnGmdAEhhc8Z7HEGgXZKvZeJQ5VfmGU (Powercoiner)
rD7cNJuRaJ4FETfGLzD59DsxVHarVQF7Yd (iamstimpy)
rMgHwn8wsbpwNHE7kpmracsj4tKeY2BScZ (Bitcoinmaker)
rUmeNtAhArrXcjHgCqRAREndj17dwpDuzX (matthewdowns1128A1F5)
rB9tVCg26Cg5uWdcUqJwgESQ77daU1FKrT (sarajasie0C2C)
rwg9WdYkEjB53FV3mvmhf3zJ6JaNxxQv6M (kellyhuta64)
rJeu3rujHHpjw6Naip38dbE7eCMQX9sgq3 (bryankfurw05)
rwynwQCh7NrcZrtxF3t5BhWGEUkCQ18NSX (Sandragutierre24Y)
rfGdFc1oAHGAHTWkuwsgUk8h7mThQ4j97Y (jeraldftizt65)
rDQ41x6AGCYrKDW3urdk2hhdvTh4umcJ1S (jimmi12)
rpMw3EhdL22dYdgD5PrpFGpzPQjsMG9hqH (Robert William Bonzi)
rN9TidskfqEFoo24KWEjLDMnaqNUK5Qns4 (anonameous)
ra4vvH2QN9WBFwLbVsNwxoeSo6UxgRsypW (errtest)
r3E7BAh2y6hn78qr9sfVjbwomcJ5rkf1sH (CrowdCrackingGroup)
r499UL6MtkiaM2Ed2KkVyWoWDj3G3a9MT1 (min0r)
rB3M9ok35xFTpvvmXdCPsJedXJ3EwDwKCv (DigiZ)
rNrwLxNysdcVDZkN4z5XY9fSQ3T5X4Vsxr (SwimsuitPaul)
rKUYBZuPSqtAHW1NUNSTQkoht4qww6uyME (pandapeluche)
rHQQCaoGLYPHRiJqCiijqKqCACFRMZEGDw (chevo)
rfVVEVuL7jsmmrPVFEPXbeU6TpDnArN3Q5 (leahsandes)
rMeWMDEQC14J7VAPFaGSD2RGJPPkSM94Dq (AaronBreillat)
rLA9W5T5D6SHQ6ytwiwPNcaPsQnrtJFeJJ (SusanaMenor23)
rE1hqUzyZ8jHX3SrUvuPHaNpAky65H9zEU (cspalmer2)
rUSYXJ9KtBVBeM9HBh6xTxT5EQYmUF5gMQ (pooraich)
rLzyiamW4zuxugtxQv3zLz6EG73XEJdKje (rockstarshorty21)
rf6fwW4NJuFBFJtzXNRr9ea5LH2zkdLicn (ymfeeling)
rDATKR6K3ab774sjxiSTb3aV1qVLnuhLq8 (cocopuffs1003)
rnwGcAVEBPeihFBSS2PcHYH8GBatpRJ3oc (bitcento)

BTC Monitor - systray price ticker
RipTalk.org - new Ripple forum
deedee_1987@hotmail.com
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile WWW
April 19, 2013, 10:27:55 PM
 #14

Hi,
please some administator contact me.
Susana tryed to talk with theymos a few days but he hasn't answer. She sent PM.

I also requested the ripple giveaway, and I'm sure in the same IP that some of these guys (already received)

If you run a simple TRACE on the IP you understand why we have the same IP....it is from our UNIVERSITY CAMPUS, and I think I don't need to explain why the out IP is the same.

One of the guys told us to reactivate the accounts to ask the ripple giveaway, so we did it... we are all in the same campus, and created during the time of BTC, but were never active. Now that we had the chance to get some free ripples to exchange (what some have already made with BTC), we activated again... nothing illegal I think :\

Please some moderator give me a contact, you can contact each and any of the persons that they will answer you.
we can send ID on all of us to a admin, just tell what you need.

Sorry for the long text.

regards
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
April 19, 2013, 11:52:30 PM
 #15

Hi,
please some administator contact me.
Susana tryed to talk with theymos a few days but he hasn't answer. She sent PM.

I also requested the ripple giveaway, and I'm sure in the same IP that some of these guys (already received)

If you run a simple TRACE on the IP you understand why we have the same IP....it is from our UNIVERSITY CAMPUS, and I think I don't need to explain why the out IP is the same.

One of the guys told us to reactivate the accounts to ask the ripple giveaway, so we did it... we are all in the same campus, and created during the time of BTC, but were never active. Now that we had the chance to get some free ripples to exchange (what some have already made with BTC), we activated again... nothing illegal I think :\

Please some moderator give me a contact, you can contact each and any of the persons that they will answer you.
we can send ID on all of us to a admin, just tell what you need.

Sorry for the long text.

regards
No, all of those accounts were used by the same person. I personally checked each account to prevent this exact problem from happening. For example, please tell me how this account wasn't compromised:
https://bitcointalk.org/index.php?action=profile;u=31850;sa=showPosts

And yes, I'm sure you have plenty of fake IDs. You probably got them from the same place you got these accounts. Now, you could argue that you bought these accounts legitimately (since we allow that here), but since they all posted in the Ripple thread and were owned by a single person, that still qualifies for a scammer tag.

deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
April 20, 2013, 12:00:42 AM
 #16

deedee_1987@ : another account registered in 2010 with NO posts until now - the same slimeball attempting to social engineer.

One does wonder the vector here - are these accounts hacked, or did one entity just make many forum users? The creating IP address should let someone determine their sockiness.
scintill
Sr. Member
****
Offline Offline

Activity: 448
Merit: 254


View Profile WWW
April 20, 2013, 12:22:19 AM
 #17

No, all of those accounts were used by the same person. I personally checked each account to prevent this exact problem from happening. For example, please tell me how this account wasn't compromised:
https://bitcointalk.org/index.php?action=profile;u=31850;sa=showPosts

I agree it's suspicious, but anyone care to point out what's particularly damning about the post history?  I noticed the second-to-last "ok thanks" post was surrounded by other short, useless replies with scammer tags in that thread.

Also curious, if it's appropriate to reveal, was the IP really owned by a university?

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
deedee_1987@hotmail.com
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile WWW
April 20, 2013, 12:41:17 AM
 #18

I'm sorry to say, but what is the problem of having that spam posts saying hello?

all of the guys sayed something with no sence since there were restrictions on the forum and we could not post in the ripple giveaway.

I don't know what is the forum problem in us having a free ripple offer. It doesn't qualify as a scam, does it?
And we sure don't spam the rest of the forum.

this was supposed to be a FREE forum, open, and not like a government. (my opinion) Smiley

thanks
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
April 20, 2013, 12:46:31 AM
 #19

this was supposed to be a FREE forum, open, and not like a government. (my opinion) Smiley

Yup, it's not like a government. Which means you don't get a vote.

This is private property. And not yours.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
deedee_1987@hotmail.com
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile WWW
April 20, 2013, 01:01:09 AM
 #20

i know it's not mine, it's of the community

at least it was why the founder made it, dont you agree?

Where can we send our ID's ? real members, not spam or scam
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!