[ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off

[ius]

Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.

I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades.

Then please disclose your password - if it was anything but totally random & a-z/A-Z/0-9/special & >9 chars you were definately at risk.

[1715064680]

1715064680

[mewantsbitcoins]

Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.

I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades.

Then please disclose your password - if it was anything but totally random & a-z/A-Z/0-9/special & >9 chars you were definately at risk.

You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.
Like I said - hash is up there. If you think my password could have been cracked in couple of days - go ahead and try. If you're serious about it, I'll even add few of my 5870s to your hardware to prove it was good enough for this particular application

[ius]

- If you maintain proper password policies, you shouldn't have to worry about disclosing a password which you're not using anymore (you weren't reusing it anywhere, were you?)
- If it was actually 'random' and 'long' enough you should be able to determine the average time required to crack it - ie. the feasibility of a brute force attack (dictionary should be useless) given am average set of cracking hardware (GPUs).

All that, without having to resort to calling me retarded.

[makomk]

I'm glad they posted this. I trust them a lot more after seeing this. The only thing missing is the exact number of coins stolen and the address they were sent to. I can't imagine why they didn't make that public.

Ah. One major thing that's bugging me is this - if the person doing this had so much access, why couldn't they change their limits and withdraw a large chunk of their freshly-created bitcoin balance? The original Mt Gox statement said that the withdrawal limits stopped them, but we now know that statement's stuffed full of BS. Whether they were just attempting to damage trust in bitcoins or were actually trying to make money, this would be a much more effective way of doing it.

Still, at least Mt Gox eventually admitted what's been obvious for a while: they've been lying to us. It was fairly clear that the total amount of bitcoins they had was less than the amount they were claiming was in the "single large account" that got compromised, and they had to have known that all along too. Which in turn meant that their claims of "read-only" access to the database must've been wrong.

[bitsalame]

- If you maintain proper password policies, you shouldn't have to worry about disclosing a password which you're not using anymore (you weren't reusing it anywhere, were you?)
- If it was actually 'random' and 'long' enough you should be able to determine the average time required to crack it - ie. the feasibility of a brute force attack (dictionary should be useless) given am average set of cracking hardware (GPUs).

All that, without having to resort to calling me retarded.

Wrong ius.
Even if the password is cryptographically strong, it doesn't mean that it can't actually allow you to predict his future passwords by the style of it.
For example, I have a specific method to remember passwords without storing it anywhere.

I know that my passwords would never be cracked within a millenium since it is base96+1 (alphanumeric+upper/lower case+symbols+foreign language characters) even in a Class F which is the highest level of cracking possible (1,000,000,000 Passwords/sec) normally possible with supercomputers and distributed cracking.

I know that my passwords are not in dictionaries.
But I am not a computer so I can't memorize random characters, therefore I use some heuristics and mnemonics to remember them.

If you saw my password, you could deduce from my style the rules I set for myself for all the passwords I am using on every single site and the future ones I'll generate.
You might not guess it right away, but you could tailor an attack for me, launching a statistical attack, or just making a password generating algorithm based on what type of rules I set up in my mind for new passwords.
It would considerably narrow down the possible passwords and accelerating considerably the cracking speed with a extremely higher degree of success.

Yes, it is security through obscurity, but this obscurity is in my brain, and as long as you don't have a mind reader the password will remain cryptographically secure.
(for the record, my password wasn't cracked, and I am also cracking it myself to test it out. I got more than 2000+ passwords cracked mine is still holding up pretty well and it should remain that way)

Therefore I totally agree with mewantsbitcoins, telling your password is stupid.
It can be really secure and be impossible to crack with current means, but knowing his mindset it might reveal everything.

[Horkabork]

I'm glad to see this release, only I wish it was made a week ago. Hopefully it'll put to bed at least some of the conspiracy theories and accusations.

I'm wondering why they couldn't have be more forthright, however. Was there an NDA or gag order involved, or did they just want to be sure to have fully investigated and sealed the security holes before informing us?

An NDA might make sense, as many website and software sales that involve residual payments also have a holding period during which the previous owner is somewhat liable for certain issues (Previous patent claims, undisclosed legal or security issues, etc). Revealing anything about the residuals and the former owner's involvement post-sale might have been in their contract, which would ostensibly include talking too much about the hacked account.

(I'm not a lawyer. I only know some of this because my stepbrother just sold his software company)

[rebuilder]

This is more or less what I've figured all along (although it's interesting to hear that the admin account could just grant himself arbitrary bitcoins; I reckoned instead that somebody had used an admin account to collect bitcoins together from other accounts).

Those are quite possibly the same thing. The blurb is, perhaps intentionally, unclear on the exact details. Where it says "was able to arbitrarily assign himself a large number of Bitcoins" it could be that that large number is the total number of Bitcoins in the system, which would effectively be a pooling of all user balances (not necessarily zeroing out user balances, just a sum/view).

You quoted part of where they explained it, the full quote being:

We would like to note that the Bitcoins sold were not taken from other users’ accounts—they were simply numbers with no wallet backing. For a brief period, the number of Bitcoins in the Mt. Gox exchange vastly outnumbered the Bitcoins in our wallet.

Which to me says pretty clearly the attacker assigned themselves coins out of thin air.

[makomk]

I'm glad to see this release, only I wish it was made a week ago. Hopefully it'll put to bed at least some of the conspiracy theories and accusations.

Hah. It actually confirms several of them and leaves several more at least as plausible as they were before. In particular, it confirms the allegations that Mt Gox did actually have a SQL injection vulnerability and the theory that the attacker had somehow managed to gain write access to the database and created themselves a whole bunch of coins from thin air, both of which contradicted Mt Gox's previous statements.

[vectorvictor]

Has anybody checked whether jed's password was one that's been publicly leaked yet? I'm interested in how strong it was...

There is some indication that the password file was stolen more than two weeks before the break-in.  At least one person has said that their (cracked and exposed) password was in effect 17 days prior.  The hacker(s) apparently had lots of time to break many passwords.

I've found four sets of cracked passwords from the master list so far.  Two of the files were made by some *serious* crackers, with each file having over 3000 cracked passwords.


The user jed (user #1) was _not_ among the cracked passwords that I've seen so far.

There were no users with a @mtgox.com email address among the cracked passwords so far.

The user mewantsbitcoins was _not_ among the cracked passwords so far.

All of those passwords must have been reasonably strong, at minimum.


Many of the passwords that *have* been cracked look pretty damn strong.  Like, 14 characters long with alpha/numeric/symbol and no obvious patterns or weaknesses.  Scads of them are 12-characters long.  It's pretty scary, actually.

People: you really need to re-think what it means to have a strong password these days.  A billion attempts per second really adds up.  The cracking programs aren't just picking sequentially -- they are clever.  For example, if you think Leet-speak (e.g. subbing @ for a, 3 for E, and so on) is smart, you're wrong -- the good cracking programs try all of those variations as alternate spellings of words or partial words.  If you think an arcane non-word and keyboard pattern is smart, you're wrong -- trogdor321!!!~ was much easier than some of the other passwords that have been cracked... (it was strong-bad

It's time to move over to strong *pass phrases* -- several unrelated words strung together.  Go to a place like diceware.com and get some serious entropy on your side.  Or use a password manager and generator like 1password, LastPass, KeePass, etc.

Humans are humans, and it will always be the case that most passwords are way too weak.  The question is whether you want to be part of the herd.

[cypherdoc]

I'm glad they posted this. I trust them a lot more after seeing this. The only thing missing is the exact number of coins stolen and the address they were sent to. I can't imagine why they didn't make that public.

Ah. One major thing that's bugging me is this - if the person doing this had so much access, why couldn't they change their limits and withdraw a large chunk of their freshly-created bitcoin balance?

precisely what i've been thinking.  i truly think a major financial institution or gov't related entity hacked the system with its sole purpose to drive down the price of btc.

stealing the btc outright which would have been the logical and easiest first move for an individual.  why go to the trouble of creating a selloff lasting 30 min?  stealing the btc for an institution or gov't would have been an international crime whereas a creating a selloff could just be considered "national security".  stealing the DB would also be information gathering.

[Dynotor]

Thanks MagicalTux for this explanation.  It really helps build back the trust, and it seems like you've got a good idea of how things should be secure.  I 100% trust your intentions, and theoretical understanding of what should be done from a security standpoint.  I don't have enough trust in your followthru or trust you'll have the bandwidth to provide excellent service, but you've got opportunities in the future to earn that too. 

Even if the password is cryptographically strong, it doesn't mean that it can't actually allow you to predict his future passwords by the style of it.
For example, I have a specific method to remember passwords without storing it anywhere.

I know that my passwords would never be cracked within a millenium since it is base96+1 (alphanumeric+upper/lower case+symbols+foreign language characters) even in a Class F which is the highest level of cracking possible (1,000,000,000 Passwords/sec) normally possible with supercomputers and distributed cracking.

I know that my passwords are not in dictionaries.
But I am not a computer so I can't memorize random characters, therefore I use some heuristics and mnemonics to remember them.

If you saw my password, you could deduce from my style the rules I set for myself for all the passwords I am using on every single site and the future ones I'll generate.
You might not guess it right away, but you could tailor an attack for me, launching a statistical attack, or just making a password generating algorithm based on what type of rules I set up in my mind for new passwords.
It would considerably narrow down the possible passwords and accelerating considerably the cracking speed with a extremely higher degree of success.

Yes, it is security through obscurity, but this obscurity is in my brain, and as long as you don't have a mind reader the password will remain cryptographically secure.
(for the record, my password wasn't cracked, and I am also cracking it myself to test it out. I got more than 2000+ passwords cracked mine is still holding up pretty well and it should remain that way)

Therefore I totally agree with mewantsbitcoins, telling your password is stupid.
It can be really secure and be impossible to crack with current means, but knowing his mindset it might reveal everything.

There is a *BIG* flaw in your logic, bitsalame.  If disclosing just one of your passwords can enable an attacker to tailor attacks against your other passwords, you have to trust *all* the sites that you use that style of passwords to not store plaintext passwords and intentionally be evil.  That, in my opinion, is a really risky assumption.  Also with your method it's more easily possible to truely forget a password.  For these reasons, I think it is less risky to use a password manager to create truely random passwords.  (There's risk there too... but I think less risk.)

[mrb]

You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.

This statement indicates that your password was insecure.

If all it takes to risk guessing your password is to know your password generation logic, then the breach of any of the dozens of websites on which you have a password-protected account, may have helped the attacker in guessing your password. What happens when a password hash leak occur is that attackers generate candidate passwords based on bruteforcing results from previous leaks (Gawker, phpbb, MySpace, etc). They read them, try to understand how users picked them, and they adjust the mangling rules in their bruteforcers.

Also you would not be the first one to think your password was relatively secure when in fact it turned out to be complete crap (this guy claimed his password was secure, and even lied about its length, when it was in fact "rascal101").

[mrb]

Many of the passwords that *have* been cracked look pretty damn strong.  Like, 14 characters long with alpha/numeric/symbol and no obvious patterns or weaknesses.  Scads of them are 12-characters long.  It's pretty scary, actually.

Indeed...

Code:

# Pairs of hash, password from http://www.nanaimogold.com/microlionsec.txt
$1$etIDyZ49$n26Qa/PPbQ5f3I8GIJhQM.         \(]|A>9{&jp013
$1$77SRs6hW$XCXcyCNwraMZ3QY8L2eRT.         hkjkGR^&$EOI(*&T
$1$WCha0X9J$71nHggA.X8/RhAB.gjY//1         vfp7U0fdl"v"LgK
$1$e/mzYsP.$H5DNwD4Njp6JNt1Kv2N.Y0         Y!m4g6s3j*

There is no way the passwords above have been bruteforced by conventional mechanisms. MD5-based crypt() can be theoretically attacked at 10 Mpw/s on an HD 6990 (the best public bruteforcer, oclHashcat, only achieves 5 Mpw/s on this card). Given a search space of length 10 and random printable ASCII chars (and the passwords above are even stronger), and a private tool doing 10 Mpw/s, it would take on average 948 years on a cluster of 100 HD 6990 to bruteforce only one of them! Therefore, there are only a few possible theories:

• Theory 1: The attacker compromised MtGox.com and logged the passwords on the server side, for every authentication attempt. This would be very serious. MagicalTux has not hinted this was a possibility. (But who knows? He doesn't seem very good at investigating breaches, eg. he first denied evidence of SQL injection, then confirmed there was one, etc).
  
• Theory 2: The attacker phished passwords or keylogged them in targeted attacks against specific individuals. This seems possible given previous reports of individuals having had their Bitcoins stolen from their personal computers.
  
• Theory 3: Inside Job. MtGox had to scale up very rapidly these past few months. They may have hired one individual, without proper background checks, who is stealing passwords and money from the MtGox infrastructure.
  
• Theory 4: The MtGox password hashes were compromised before April 2011, when raw MD5 hashing was in use (MagicalTux said he started migrating to salted MD5-crypt only 2 months ago). This would have made bruteforcing 1000x faster for a single password, and doable in parallel on all hashes instead of one at a time (thanks to the absence of a salt). It would have taken the same cluster of 100 HD 6990 described above about a year to cover a 10-char random printable ASCII search space. However, given the large number of hashes (65k), a fraction of them would have been broken after 2 months of bruteforcing. However theory 3 is not very likely, after all the passwords shown above are even longer than 10 chars.
  

[mewantsbitcoins]

You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.

This statement indicates that your password was insecure.

If all it takes to risk guessing your password is to know your password generation logic, then the breach of any of the dozens of websites on which you have a password-protected account, may have helped the attacker in guessing your password. What happens when a password hash leak occur is that attackers generate candidate passwords based on bruteforcing results from previous leaks (Gawker, phpbb, MySpace, etc). They read them, try to understand how users picked them, and they adjust the mangling rules in their bruteforcers.

Also you would not be the first one to think your password was relatively secure when in fact it turned out to be complete crap (this guy claimed his password was secure, and even lied about its length, when it was in fact "rascal101").

That statement does not indicate shit.
I don't have any account with your mentioned sites or sites that have been hacked. I am extremely paranoid and use one time identities and one time passwords for different sites/forums/communities. Even if some site was hacked that we don't know about, attackers would never be able to tie them to this one. Go ahead and try to find info about mewantsbitcoins or any other identifies tied to it.
The reason why I don't post my password is because if someone really wanted to target me, this would give them advantage, however small. Anyone with half a brain and basic understanding of IT security would do the same.

Anyway, I'm not here to argue about security practices. I don't think my password was secure - I know it was. I only came back here and posted what I thought because people seem to be mislead by this "clarification" bs.

From what I've seen I can conclude with certainty that Mark is incompetent and greedy and it is just a matter of time before this will happen again. It is unfortunate that some people are too thick to realize they are going to lose their money. But I am not even very worried about them - they deserve everything they get. What I'm worried about is the image of bitcoin and articles in press. It is very difficult to bring in new, serious people, when our major exchange is a joke.

[hashman]

I'm glad they posted this. I trust them a lot more after seeing this. The only thing missing is the exact number of coins stolen and the address they were sent to. I can't imagine why they didn't make that public.

Ah. One major thing that's bugging me is this - if the person doing this had so much access, why couldn't they change their limits and withdraw a large chunk of their freshly-created bitcoin balance?

precisely what i've been thinking.  i truly think a major financial institution or gov't related entity hacked the system with its sole purpose to drive down the price of btc.

stealing the btc outright which would have been the logical and easiest first move for an individual.  why go to the trouble of creating a selloff lasting 30 min?  stealing the btc for an institution or gov't would have been an international crime whereas a creating a selloff could just be considered "national security".  stealing the DB would also be information gathering.

If you believe the individual was still subject to the withdrawl limits, the selloff makes sense and enabled him/her/them to escape with 2000BTC.  It is conceivable that the limits were 'hard coded'.  Why would a financial institution or gov't related entity want to drive down the price?  AFAIK there are not many short sales in play at the moment.   

The statement from MtGox is helpful, however it doesn't address some of the anomalies identified in the transaction ledger.  Why the sudden motion of 500k BTC immediately after the selloff?  Why the sudden play of the very old accounts with 50BTC each? 


   

[cypherdoc]

I'm glad they posted this. I trust them a lot more after seeing this. The only thing missing is the exact number of coins stolen and the address they were sent to. I can't imagine why they didn't make that public.

Ah. One major thing that's bugging me is this - if the person doing this had so much access, why couldn't they change their limits and withdraw a large chunk of their freshly-created bitcoin balance?

precisely what i've been thinking.  i truly think a major financial institution or gov't related entity hacked the system with its sole purpose to drive down the price of btc.

stealing the btc outright which would have been the logical and easiest first move for an individual.  why go to the trouble of creating a selloff lasting 30 min?  stealing the btc for an institution or gov't would have been an international crime whereas a creating a selloff could just be considered "national security".  stealing the DB would also be information gathering.

If you believe the individual was still subject to the withdrawl limits, the selloff makes sense and enabled him/her/them to escape with 2000BTC.  It is conceivable that the limits were 'hard coded'.  Why would a financial institution or gov't related entity want to drive down the price?  AFAIK there are not many short sales in play at the moment.  

The statement from MtGox is helpful, however it doesn't address some of the anomalies identified in the transaction ledger.  Why the sudden motion of 500k BTC immediately after the selloff?  Why the sudden play of the very old accounts with 50BTC each?  


  

from the above comments, it seems this hacker was extremely talented or had access to significant processing power.  to me changing the withdrawal limit and then stealing the btc would have been easiest and most logical first step.

the limits are not hard coded.  my own limits have been changed by Mark.  Kevin Day also described a bug in the daily limit which allowed sequential withdrawals of $1000 from the same acct.

if i have to explain why a financial inst or gov't would want to drive down the price of btc to you heaven help you.  

this was the financial market equivalent of naked short selling btc into oblivion.  this is why  i have argued against implementing short selling at this stage by mtgox.

[mrb]

That statement does not indicate shit.
I don't have any account with your mentioned sites or sites that have been hacked. I am extremely paranoid and use one time identities and one time passwords for different sites/forums/communities. Even if some site was hacked that we don't know about, attackers would never be able to tie them to this one. Go ahead and try to find info about mewantsbitcoins or any other identifies tied to it.

Attackers don't need to tie identities. Previously broken passwords are added to dictionary lists and are blindly tried against all newly leaked accounts.

Anyway, I'm not here to argue about security practices. I don't think my password was secure - I know it was.

This contradicts your first post which says "my password was not the most secure". So which is it?

Don't be so negative with me. I am just trying to help you understand how your account was hacked. Multiple possibilities:
1) The majority of MtGox users who were hacked were knowingly using insecure passwords. Not your case.
2) A smaller but still considerable fraction of users had a misconception of what a secure password is. May be your case.
3) Finally, a minority were using perfectly secure passwords (see examples in my last post). These users either shared passwords with other sites that have been hacked, or were phished (eg. even experienced IT security professionals may fall for tabnabbing!), or were the victim of targeted attacks on their personal computers (eg. malware installing a keylogger). May be your case.

[mewantsbitcoins]

Attackers don't need to tie identities. Previously broken passwords are added to dictionary lists and are blindly tried against all newly leaked accounts.

Previously broken passwords - yes, but I'm not talking about reusing passwords. I'm talking about patterns that help to derive passwords and remember them. And while some analyze these and add to their attacks, this is the case only in highly targeted attacks. Which this wasn't!
Adding such patterns to general password cracking is just a waste of time and resources.

This contradicts your first post which says "my password was not the most secure". So which is it?

No it doesn't. I said it wasn't the most secure because it was not a random >60characters password I normally use which would take thousands of years to crack. This was the kind of password which could be broken in several decades.

Don't be so negative with me. I am just trying to help you understand how your account was hacked. Multiple possibilities:
1) The majority of MtGox users who were hacked were knowingly using insecure passwords. Not your case.
2) A smaller but still considerable fraction of users had a misconception of what a secure password is. May be your case.
3) Finally, a minority were using perfectly secure passwords (see examples in my last post). These users either shared passwords with other sites that have been hacked, or were phished (eg. even experienced IT security professionals may fall for tabnabbing!), or were the victim of targeted attacks on their personal computers (eg. malware installing a keylogger). May be your case.

1) No
2) I know it was secure. Even if attacker got my hash the day I registered they would not had the time to crack it.
3) My home network is monitored by snort 24/7, firewalls on my router and computers are properly configured to allow just the traffic I require. There are no unnecessary services running -  I even disabled dhcp. Most of the browsing is done in VMs which are then shutdown and destroyed. So please keep your security 101 to yourself.

I am not negative - I'm just realist. If you read my previous posts, you'll find that I was advocating Mt.gox and dismissing people complaining on this board about stolen funds from Mt.gox. At the time I had blind faith in Mark, but I was wrong.

Go listen to the interview after the hack, read his statements - he was blatantly lying. And I believe he is still lying. While a move to this inferior and buggy platform and testing on production server maybe considered normal by such incompetent individual I think it indicates that Mt.gox is desperate and still has no fucking clue how attacker got in. Hiding this is irresponsible and will lead to disaster.
Time will show

[mrb]

As one of the few users with ~1k posts on this forum, therefore a likely valuable Bicoin-rich target, I think you should envisage the possibility that you have been the victim of a targeted attack (not necessarily via an MtGox flaw). You wouldn't be the first one --you remember allinvain and his 25k BTC stolen... Even Snort + fw + browsing in a VM would not have protected you against, say, a tabnabbing phishing attempt. (I mention this example again because of how deceptively efficient it is...)

On the other hand, I have no idea how security-proficient you really are. You know Snort and firewalls, but the fact you exaggerate (few sites/apps accept "random >60characters password") makes it difficult for me to evaluate you. You say your MtGox pw was shorter than usual; would you mind sharing its exact length?

[mewantsbitcoins]

As one of the few users with ~1k posts on this forum, therefore a likely valuable Bicoin-rich target, I think you should envisage the possibility that you have been the victim of a targeted attack (not necessarily via an MtGox flaw). You wouldn't be the first one --you remember allinvain and his 25k BTC stolen... Even Snort + fw + browsing in a VM would not have protected you against, say, a tabnabbing phishing attempt. (I mention this example again because of how deceptively efficient it is...)

On the other hand, I have no idea how security-proficient you really are. You know Snort and firewalls, but the fact you exaggerate (few sites/apps accept "random >60characters password") makes it difficult for me to evaluate you. You say your MtGox pw was shorter than usual; would you mind sharing its exact length?

22

I am aware of most type of attacks and know how to protect myself. I keep up to date with current exploits and am Backtrack user familiar and proficient with most tools in that distro.