I know who's been hacking btce accounts

[jargoman]

I know who's been hacking btce accounts, but I have no proof. My ripples were recently stolen, funds from another ripple address were emptied into the attackers account as well. The other ripple account can be linked to user darkneo. He is probably a victim as well. He has an account here and at btce. So I'm assuming the exploit happened at one of those sites. Btce, hotmail and ripple.com were the only places I used that password. I think someone stole my credentials from BTCE. There were a string of thefts at btce months ago so I left the exchange. The rumors back then was that it was antichat.ru hackers posting malicious links.

After my funds were stolen, I wondered why the attacker didn't bother reading my posts saying that I was about to purchase a large number of xrp. I started to ponder if the attacker might not speak english. keep in mind that btce is based in russia and so is antichat.ru website.

On a hunch. I decided to check the russian part of ripple.com/forum for someone asking to sell xrp. Sure enough. User Andreipup posted in russian that he wanted to sell xrp. He wrote that he had been trying for 3 days. The exact amount of days since the theft. He wrote that getting them was easy but what to do with them? But the address he had posted on his account was empty. He has signed up for no giveaways. How did he get the ripples so easily but he doesn't know what to do with them?

A quick google search of andreipup lead to his account at antichat.ru russian hacking website, where I found threads he participated in relating to ip scanning, trojans, antivirus, credit card theft ect. He even posted in one thread where another user has taken pictures of himself using a bank machine in the middle of the night wearing gloves to mask the fingerprints. idiots lol.

I know it was him but I know there is not much I can do. I figured I should come say this here though. I only lost $3-4 grand. Others have lost tens of thousands from this hacker. I have his real name.  Rustam Avday or Avday Rustam

[r3wt]

I will make full disclosure that I am the antichat.ru member, Xakepэкcпpecc

The prosecution rests...

[Dabs]

Russian Loan Shark: Don't stand up. You take this money, you are mine. Okay? You understand?
Borrower: Okay.
Russian Loan Shark: You know what we do if you don't pay up? I take your skin and wrap it over your head. Very painful. Or something similar.
Borrower: uh... okay.
Russian Loan Shark: Good luck.

Borrower just got 100k cash in a paper bag from loan shark.

Or something like that. It's from a movie scene I saw recently.

[franky1]

stage one of failure
accessing known hacker websites using the computer you use for internet banks and/or bitcoin trading. you might aswell have a text file with your credit card details and life history, scans of ID and put it into a zip file named "steal this and be rich" and have that on your desktop

stage two of failure.

The rumors back then was that it was antichat.ru hackers posting malicious links.

clicking links

stage three of failure

Btce, hotmail and ripple.com were the only places I used that password

the key logger you probably downloaded gets your password easily, especially if your typing it many times per day

dabs: limitless... great movie

[jargoman]

Just so you guys know. I run no script. two firewalls. My own custom distro based on arch linux with zenkrnel, I didn't go looking for hackling websites, I accessed the site through a caching proxie with no script installed from a livecd. They compromised computers left and right on btce. I'm a application developer and I went to school for telecommunications technology. Just because it hasn't happened to you doesn't mean that you are immune. And no level of proficiency is enough to guarantee security. This very site was just hacked recently. I expect that the average user here is above average in computer skills yet still we see many people getting hacked constantly.

I'm not accusing antichat.ru users or website owners of anything. Only the one user who asked where to sell his xrp.

If by practicing poor security I deserve to get hacked, then by that same logic the guys who take pictures of themselves stealing peoples money and post it publicly deserve to be the subject of investigation.

[🏰 TradeFortress 🏰]

Seriously, did you really post this? uh yeah, if an idiot takes a selfie ripping someone off and post it publicly, HELL YEAH they should be busted... Yep, reusing the same PW's on an exchange is about on the same level of stupidity.

That doesn't mean theft is justifiable.

These aren't nice guys or amateurs you're screwing with.

Nah, someone who uses the same username on antichat.ru as other websites is a tard & amateur.

----

How'd you find his real name? Try contacting him and buy some of his ripples (he'll sell them eventually), see where it comes from. If you somehow get his non-proxy/VPN IP, send me an email.

[jargoman]

Seriously, did you really post this? uh yeah, if an idiot takes a selfie ripping someone off and post it publicly, HELL YEAH they should be busted... Yep, reusing the same PW's on an exchange is about on the same level of stupidity.

Someone with your expertise knows better, admit it.

I'm not sure if I even used the same password. I had different levels of passwords. My ripple password was "high trust" meaning I wouldn't have used it an any other sites unless I fully trusted them. I trust btce so it's possible I used the ripple password there in the past but it was changed a few times since. Other accounts at other sites with different passwords have not been withdrawn. And my "low hanging fruit" / honey pot type accounts weren't accessed.

I had strange event happen months back while developing a java application. I think an exploit or payload launched in my debugging environment. I probably still have the stack trace. After reading the stack trace I assumed the exploit had failed. It threw a buffer overflow exception. I assumed this was the debugger stopping the attack by throwing an exception before data could be written. I looked for evidence of intrusion but a buddy of mine who's into that sort of thing said now days you wouldn't find anything suspect. I did find that my init file was modified on a certain day but my package manager log showed no installs or updates for that day. I replaced the hard drive and assume I was infected with a root kit.

[jargoman]

How'd you find his real name? Try contacting him and buy some of his ripples (he'll sell them eventually), see where it comes from. If you somehow get his non-proxy/VPN IP, send me an email.

I got his real name by searching andreipup then filtering out the ones that were computer security, networking and telecommunications related. Found this
http://freeworkwebprogrammer.blogspot.ca/2008/10/site-on-sending-of-sms.html

then I cross referenced the name against hacking related sites and found this
http://translate.google.com/translate?hl=en&sl=ru&u=http://forum.antichat.ru/printthread.php%3Ft%3D70184%26page%3D2%26pp%3D40&prev=/search%3Fq%3Drustam%2Bandreipup

People should keep in mind he is a suspect and not proven guilty. He has rights. I'm just putting this out there incase there is another someone out there investigating their own crime.

The attacker hurt the community because I planned on writing many open source applications for virtual trading. I probably still will but It's not as fun when I'm not holding coins

[anonameous]

That doesn't mean theft is justifiable.

It's justifiable if the person you are stealing from is the following:

* Practices poor security
* Ignores all attempts by other people to teach them how to prevent the theft
* Refuses to learn from their mistake and continues to practice poor security after the theft

People like that shouldn't have the right to own possessions.

[greyhawk]

Xakepэкcпpecc

LOL, ok this is funny. 

[bnjmnkent]

@jargoman, have you tried to contact the btce-support here? It looks like they did a good job
reimbursing users after the last security breach.

@greyhawk: what does this Xakepэкcпpecc mean?

[greyhawk]

@greyhawk: what does this Xakepэкcпpecc mean?

Hacker-Express

[bnjmnkent]

Thank you!