Mt. Gox Dump Analysis...

[LehmanSister]

I am in a rush to leave the computer for a bit, but doing a quick scan of the dump file, it looks like things began to get interesting around here:

Code:

5424,asdf<script>alert(\'hi!\')</scri,,
5358,buttcoin,dfdf<script>alert(\'hi\')</script>asf,
11476,\'\",,$
11486,\"\'<script>alert(1);</script>xx,,
11488,\"\'<script>alert(1);</script>xx,
11489,\'<script>alert(1);</script>xxx,,
11573,\\\'abc,,

(solid attempts here)
12550,hehehe16235e4255951b319c0b4251,,$1$cItuRw49$iqqj0GL8gbrGXaIBRH3UZ0
12551,hehehe\',,$1$USDebpwM$4No7PaNkFl2uQjo6VYt2F1
12552,hehehe%27,,$1$Z8VXZePd$v6i3MZaIRBqAmSka.9eWC1
12553,hehehe\0\',,$1$5G.DrQ9A$IC/7j46weU8GRFoNZSFBy/
12554,hehehe\'waitfor delay\'0:0:20\'--,,$1$T6yRted3$bmSQXQSYrVKqq0JWLyOMJ.
12555,hehehe\')waitfor delay\'0:0:20\'-,,$1$OzcLllL9$ZbXFPAB.Pfjak/VxOIOeE0
12556,hehehe\',0)waitfor delay\'0:0:20,,$1$ZJVxD1Xi$8MuO2/IEK2ITAOiRVH8nD/
12557,hehehe\',0,0)waitfor delay\'0:0:,,$1$TVk6yuVk$IKj5636wmFDwul0J2mtw8.
12558,hehehe\',0,0,0)waitfor delay\'0:,,$1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0
12559,hehehe13505493\' or 1=1-- ,,$1$eD2QR9wb$n2ES9mryOwb39m07EdVja1
12560,hehehe13505493\' or 1=2-- ,,$1$yh5tknjZ$5Pi3E44d9lC6jmlwtL5250
12561,hehehe\' and 1=1-- ,,$1$7OR.qKMW$M1gLES96gr6a/fb/o1ToL.
12562,hehehe\' and 1=2-- ,,$1$W/mj92FN$SeBF1uKItpztF0Gcpgha71
12563,hehehe\",,$1$Xclf9zYB$kGurv/zPglRMJB1r9mLos1
12564,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$wfWxEq/f$hVs96YAc3f6T5HtBpZnGt.
12565,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$J0YW1ZtL$UglwEbkD0t076yqUckM5h1
12566,hehehe../../../../../../../../,,$1$mDA8RuIk$MbA2/jDB2e6.JjjIEnIN/0
12567,hehehe../../../../../../../../,,$1$tYEuSw6j$PcXJwu4onY8bhxQG.SMNb/
12568,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$RoVqlFLH$78g0BmMgcLmAiSsgusdd90
12569,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$23k9YpGs$IyF2bEcQAZFffDd5.9a1O/
12570,hehehe../../../../../../../../,,$1$SbzGxMYr$G8p9GJSavED0gJ.B0MQ8m/
12571,hehehe../../../../../../../../,,$1$kPJWfKEm$c01Ga/ZKxFzw5HZJwr438/


47196,test\'test\"test,,
49848,\'\"`,,
57815,\'1=1=0,,
60500,\\zxzx1984,,

I'm sure there is more. Considering the age of those users, and it's not quite all that easy to see how sucessful the attempts were. I can poke around more upon my return.

[bitrebel]

so buttcoin had something to do with it, huh?
Someone should find out where buttcoin first appeared online, and then trace it back to it's creator.

[LehmanSister]

so buttcoin had something to do with it, huh?
Someone should find out where buttcoin first appeared online, and then trace it back to it's creator.

I've heard so many buttcoin jokes, I don't know how unique it would be, heh.

[kw71]

The buttcoin clown is almost as prolific as Harold Camping.  There is no reason he should not be held responsible for this.

[JTaBitCoinKing]

hehehe
hehehe
hehehe

It's too bad we have no idea what this function dose. You think the client software is infected? Or the people behind the attack are bitcoins founders?

This is like something out of a movie.

[bitrebel]

Evan Schmidt is all I can find that is remotely associated with buttcoin.
He is a computer programmer, and owner of the domains walletinspector and registered under the name bitguard.  I think he has a few other names registered. He looks innocent enough. lol
Registered walletinspector on June 16.

I find the name walletinspector a little suspicious considering the circumstances of what took place, but it's no evidence of anything.

Page on facebook - http://www.facebook.com/pages/Buttcoin-P2P-Cryptobutt/214676848554523
Buttcoin P2P Cryptobutt

he also owns buttcoin.org registered on May 26.

Why so much emphasis on Buttcoins by this person?
Why is buttcoin in the header of the hack attack?

Just wondering....

Maybe someone wants to tell me how http://walletinspector.info/ benefits anyone?

Now I found this on another thread and i'm pretty sure we have our clown.
http://forum.bitcoin.org/index.php?action=search2

[cablepair]

a the hashes are very real.

I took a small sample (about 30 usernames) and was able to crack about 4 passwords right off the jump using nothing more than john the ripper and a intel core 2 duo cpu.

[LehmanSister]

Evan Schmidt is all I can find that is remotely associated with buttcoin.

By that logic, "hehehe" is a guilty party. No, I've heard that phrase used plenty of times. I wouldn't go lynching just yet. It's Mt. Gox's responsibility to follow up, that's what transaction fees are paid for. If they are having difficulty (and it seems that they are, given how long some of these names have been in there), then they should do their own investigation. Or they can pay any number of computer forensics people on the board to do so.

It's not that big a deal, I think they did a decent job of protecting the integrity of the back end, and like all frontends, there are mistakes. There are various ways to lock up your client facing sites, but it's difficult to meet a BOOMING market, while also providing excellent security and functionality. The only thing that comes out of this is more support for local bitcoin trading (which I support) and stronger online trading houses. Nothin' wrong with that.

[iCEBREAKER]

hehehe
hehehe
hehehe

It's too bad we have no idea what this function dose. You think the client software is infected? Or the people behind the attack are bitcoins founders?

This is like something out of a movie.

It would seem that hehehe is how you call the Lulz function.

[onesalt]

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.

[bitrebel]

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.

It's not just satire. He is all about hating on bitcoins. If he supported them, he would not spend his time doing this. It's more than a joke. It's vicious

[iCEBREAKER]

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.

It's not just satire. He is all about hating on bitcoins. If he supported them, he would not spend his time doing this. It's more than a joke. It's vicious

From Gulliver's Travels to South Park, good satire is nothing if not vicious.

Calling them shitcoins would be vicious; buttcoin is merely a hilarious spoof.

By taking everything so seriously, you play into their smarmy critique, and make it funnier to boot.

[Sukrim]

a the hashes are very real.

I took a small sample (about 30 usernames) and was able to crack about 4 passwords right off the jump using nothing more than john the ripper and a intel core 2 duo cpu.

Salted or unsalted ones?

[bitrebel]

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.

It's not just satire. He is all about hating on bitcoins. If he supported them, he would not spend his time doing this. It's more than a joke. It's vicious

From Gulliver's Travels to South Park, good satire is nothing if not vicious.

Calling them shitcoins would be vicious; buttcoin is merely a hilarious spoof.

By taking everything so seriously, you play into their smarmy critique, and make it funnier to boot.

Okay, you make good points. Maybe I just love the idea of bitcoins a lot. Many of us feel a need to protect them, and what it is all about, and maybe I fall into that category. I really don't mean to accuse Evan of anything, but just to forewarn everyone of the potential harm. Especially if he is baiting viruses or malware or trojans or anything malicious. It is at least a good idea to publicize it. His site, after all, has been linked to some problems, right?