This message is also available at http://secupost.net
Alright, the messages sent out a few days ago are starting to expire now. It's time for everyone to learn what the purpose of secupost.net is.
As many of you guessed, this is indeed a Bitmessage address to IP address mapper. Yes, the only thing that webserver would send was a 500 message.
It did alright too, gathering nearly 500 bitmessage users information after sending 15000 messages. Double what I expected.
I've included both a log of each address detected and the first thing to hit it including IP, reverse DNS and useragent as well as raw logs for every valid request. If you need to confirm this signature so you can verify messages from me when bitmessage is down, please see the bitmessage general chan for a copy from my bitmessage address.
So, future lessons:
- - - Yes, all bitmessage addresses are public and can be read from your messages.dat file using a small script.
- - - Don't click links. Even if it looks like a security-related site and uses some technical terms. I am not a nice person, I will publish any information I can gather about you and I don't care if you get lit on fire by terrorists because of it.
- - - Bitmessage does _not_ scale. It took me around 3.5 hours to send ~15k messages but it took the bitmessage network over 18 hours to fully propogate them.
Some of you were smart enough to use tor or VPN providers, but many of these are direct home or server IPs. The information below is more than enough for any government to come after you or any script kiddie to DDoS you. Be more careful next time.
Some of you tried to use scripts to claim addresses which weren't yours and skew the data, of course, you didn't even change your user-agent.
Even without accouting for that your attacks were ineffective because the IDs were generated in a non-linear fashion using a cropped HMAC-SHA256. To find your id:
mac = hmac.new("fuck you", addr, hashlib.sha256).digest()
return unpack('>I', mac[0:4])
This simple deterministic method means that you would have had to try... (2^32/15000)/2 = 143165 times on average just to get a single collision. Thanks for playing, but no luck this time.
This service has been operated completely anonymously thanks to Tor and Bitcoin. I hope you enjoy the result.
Robert White (BM-2D8yr4fzoMzwndqPwLMVyzUcdfK9LWZXjY)
BM-2DA3TCHz21eZ7ptJYV4y1ZjgWbM67DuwuW 18.104.22.168 cpe-172-249-2-119.socal.res.rr.com. "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-2D7wBdwEUB4WxyxtRnofy7xh3hswdeTbs6 22.214.171.124 et-0-nat-1.gw-nat-a.spb.muc.de.oneandone.net. "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-2D8EWs8RgMcDevKoBQTABeiVQHrfofNUTk 126.96.36.199 81-27-53-57.domolink.elcom.ru. "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16"
BM-GtojGUv6ibnhc45TdT8yri3q1wgaUQMY 188.8.131.52 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-GtWLbsErzqpJ12hcimbNkdmSjx4uPBLi 184.108.40.206 "Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-2D9zAMrTt9SatQmsnpwHKwgwYQWTftDouT 220.127.116.11 75-42-21-21.lightspeed.renonv.sbcglobal.net. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-2D92wxSMTiydW5i2v2LsuCGEU4RvyFx5xv 18.104.22.168 c-76-26-149-161.hsd1.dc.comcast.net. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-Gu9E1bH1AbquayZbM56jZ3oxQTBJNNh5 22.214.171.124 hosted-by.leaseweb.com. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-2DAWJ3LkFLyPhQW9MZ9wPSNyAtvUsBzWnG 126.96.36.199 host86-140-205-124.range86-140.btcentralplus.com. "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/28.0.1500.71 Chrome/28.0.1500.71 Safari/537.36"
BM-GuJXmEFP5svk656Qcb2BhMxX7qxoXzDM 188.8.131.52 67-42-161-132.bois.qwest.net. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
BM-GuBfb4KrhEUGF2MfdrqkAuTNeUBXa4ke 184.108.40.206 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; InfoPath.1)"
BM-Gty5A4E2yeuWM2FkgnJGgagJ8aYXCz1F 220.127.116.11 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36"
BM-2DBZScRMbpNB5xYsWwFsCTS1sm8CaKiq9L 18.104.22.168 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"