Bitcoin Forum
March 28, 2024, 08:27:30 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Dwolla Fraud - How it happened  (Read 7957 times)
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 30, 2011, 04:49:49 AM
 #21

I dont know how much data a router logs, but they might log the mac of all connected devices. so if they see that a specific ip was used in an attack, they simply go to the wifi hot spot and take their router and look up the logs.
Which proves only that the computer that made that transaction was using that MAC address at that time.

Quote
even then, going back with a mac address to find the owner would be very difficult. so just buy a cheap laptop at a pawn shop with cash from change and you should be safe.
Or use a random MAC address.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
1711657650
Hero Member
*
Offline Offline

Posts: 1711657650

View Profile Personal Message (Offline)

Ignore
1711657650
Reply with quote  #2

1711657650
Report to moderator
1711657650
Hero Member
*
Offline Offline

Posts: 1711657650

View Profile Personal Message (Offline)

Ignore
1711657650
Reply with quote  #2

1711657650
Report to moderator
1711657650
Hero Member
*
Offline Offline

Posts: 1711657650

View Profile Personal Message (Offline)

Ignore
1711657650
Reply with quote  #2

1711657650
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711657650
Hero Member
*
Offline Offline

Posts: 1711657650

View Profile Personal Message (Offline)

Ignore
1711657650
Reply with quote  #2

1711657650
Report to moderator
1711657650
Hero Member
*
Offline Offline

Posts: 1711657650

View Profile Personal Message (Offline)

Ignore
1711657650
Reply with quote  #2

1711657650
Report to moderator
BitVapes
Full Member
***
Offline Offline

Activity: 140
Merit: 100


BitVapes.com


View Profile WWW
July 30, 2011, 05:17:27 AM
 #22

the deposit size guessing 'sample size' might be even smaller, if they don't truly use a random number from 1-12 cents.  For all I know they use the same 2 numbers for everyone.  I mean that would be incredibly stupid but stupider things have happened.

I don't remember what mine were, but a friend just recently did a dwolla bank account verification and said the amounts were 1 and 2 cents, I remember because he instant messaged me saying he was pissed because he wanted 12+12 cents and said dwolla was being a cheapskate.  Grin

Buy Electronic Cigarettes with Bitcoin @ http://bitvapes.com
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
July 30, 2011, 05:32:01 AM
 #23

I dont know how much data a router logs, but they might log the mac of all connected devices. so if they see that a specific ip was used in an attack, they simply go to the wifi hot spot and take their router and look up the logs.

even then, going back with a mac address to find the owner would be very difficult. so just buy a cheap laptop at a pawn shop with cash from change and you should be safe.
MAC addresses are changeable in most wireless ethernet drivers anyway;
Code:
ifconfig wlan0 hw ether ba:aa:ad:f0:00:0d
SolarSilver
Legendary
*
Offline Offline

Activity: 1112
Merit: 1000


View Profile
July 30, 2011, 12:03:30 PM
 #24

12*12 / two attempts = 72.

So potentially, for every 72 bank accounts you have access to, you can steal from Dwolla?

I think you guys are making it way too complicated... It's a common scam (in Europe) where you find somebody who sells something online, that only works with bank transfer (second hand stuff or a trader that does not take credit cards). You tell him you seriously want to buy his EUR 100 cucko clock but you have a new bank and as you are not in the same country, you want to do a test transfer first to see how much money the bank is keeping as a fee for a cross border transaction (IBAN is free but for example some French and Greek banks still charge a fee). You tell him to look for the two deposits and he will tell you.

No keylogger or dumpster diving required....

As the guy is happy to see money arrive onto his account, he is not suspicious that he will get scammed later.

(as seen on Dutch TV http://www.opgelicht.nl/dossiers/detail/paypal/ )
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
July 30, 2011, 02:00:02 PM
 #25

I think you guys are making it way too complicated... It's a common scam (in Europe) where you find somebody who sells something online, that only works with bank transfer (second hand stuff or a trader that does not take credit cards). You tell him you seriously want to buy his EUR 100 cucko clock but you have a new bank and as you are not in the same country, you want to do a test transfer first to see how much money the bank is keeping as a fee for a cross border transaction (IBAN is free but for example some French and Greek banks still charge a fee). You tell him to look for the two deposits and he will tell you.
This is brilliant!
Ekaros
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500



View Profile
July 30, 2011, 02:15:46 PM
 #26

Gotta love US banking standards...

Atleast here you can leave message with transfer, not sure if this is still in SEPA...

Still, it's Dwolla's problem and if TradeHills post are right they just deleted past records and not mark those reversed or anything like...

12pA5nZB5AoXZaaEeoxh5bNqUGXwUUp3Uv
http://firstbits.com/1qdiz
Feel free to help poor student!
coinage
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
July 30, 2011, 05:14:50 PM
 #27

Tradehill is correct that the Dwolla blog suggests transactions are free of chargeback concerns.

But unfortunately, Dwolla's (current at least) "Terms & Conditions" -- which includes clauses overruling anything they might say anywhere else -- states the following, in sharp conflict to the Dwolla blog entry:

Quote
Returns -- The receiving party of a transaction may be subject to chargebacks occurring within the account if claims are made by the sending party or by the financial institution. In the event fraud occurs, funds may be reversed and arbitration will begin with both parties.

Abuse -- At any time Dwolla retains the right to close, suspend, or limit account activity. Dwolla may, in the event of excess returns, chargebacks, or suspected illegal activity revoke access to the account for 90 days.

Dwolla wants to depend on ACH (Automated Clearing House), which is inherently reversible.  MtGox & Tradehill want to depend on Dwolla.  And we want to depend on them for fast, convenient transactions.

There is a problem here which may ultimately force us to revert to bank wires, bank checks, money orders, and other cashlike transfers.  To buy a non revocable currency might take a non revocable transaction.

Does anyone know how exchanges for Pecunix, Liberty Reserve, etc. handle this issue?

One way might be to limit the size of transfers for new customers of exchanges ... while absorbing a certain amount of new-user fraud as inevitable.  I would be sad to see that happen, because it would raise exchange fees, reducing one of the great advantages BTC exchanges have over traditional markets.

As a compromise, higher fees could be assessed only on revocable deposits: users would pay more for convenience & speed.  Exchanges could thereby self-insure or obtain insurance against losses to fraud, without eliminating rapid transfers.



Sources:

Dwolla blog, http://www.dwolla.org/blog/retail-merchants-rejoice-web-kiosk-online/ which currently says "Remember, these are cash-based transactions! No credit card fees, chargeback concerns, or signing necessary!"

"Terms & Conditions" link on the registration page at https://www.dwolla.com/register.aspx#
coinage
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
July 30, 2011, 07:35:00 PM
 #28

As far as I know Pecunix, Liberty Reserve, etc. don't handle the issue. All deposits/withdrawals occur through intermediary exchangers, leaving a layer between them and the ACH system.

Right.  And I was asking about how those exchangers handle it.  Bitcoin itself takes the place of a Pecunix or Liberty Reserve currency, but still needs viable exchangers.

(All 3 currencies are non-revocable.)
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!