[TROLL] Important Announcement Regarding the Mybitcoin.com Downtime

[TomWilliams]

Edit by Maged:
The below is a confirmed troll. I apologize to everyone for whitelisting this guy, but given that extreme lack of communication from MyBitCoin, I was really hoping that this was him. I apologize to MyBitCoin for any damaged this might have caused to your reputation, although you did bring it on yourselves by being so silent.

Greetings Everyone,
 
This is Tom Williams, and as you probably know, I'm the current owner of MyBitcoin.com.  As you've noticed at this point, our site has been down for several days now.  It is with great sadness that I announce that the current downtime has been caused by a major security breach in our network.  The attackers seem to have been completely indiscriminate, deleting everything that they could get their hands on, including the wallet.dat files stored on the network.
 
At this point I've been essentially paralyzed with shock for the last several days and sick to my stomach with the realization of what happened.  I have completely lost access to the files that were hosted on the website and did not have a local backup of that data.  The FBI have been contacted and they have instructed me to leave the site untouched while they conduct their investigation.  Hopefully they'll be able to recover the lost files and find the culprit.  If they can't, then I don't know what to do.  I'm a simple computer science major who had planned to use the site as part of my senior project and I can't even get close to covering the losses on my own.
 
I plan to get in touch with my lawyer in the coming days and I will post more information when I have a better understanding of my responsibilities regarding the situation.  Hopefully at that point I will have an update regarding the FBI investigation as well, though they seemed somewhat less than interested in recovering the bitcoins themselves when I spoke with them.
 
Regards,
Thomas Williams

[1715167449]

1715167449

[1715167449]

1715167449

[1715167449]

1715167449

[1715167449]

1715167449

[1715167449]

1715167449

[1715167449]

1715167449

[MagicalTux]

If I quote https://bitcointalk.org/index.php?topic=22221.0 ...

We use BSD servers with MAC, immutable flags, jails, PAX, SSP,
randomized mmap, secure level, a WAF, a DDoS mitigation and alert system
- -- the works. Like I said earlier. We are not amateurs. In fact,
combined we have over 30 years of experience in the payment
processing (credit card arena) industry.

Against

I'm a simple computer science major who had planned to use the site as part of my senior project and I can't even get close to covering the losses on my own.

That leaves a large difference.

[theymos]

Prove that you are the owner of MyBitcoin.

[enmaku]

Is this a system you have physical access to? Chances are you could use something like recuva or encase to recover a wallet.dat file since in most cases "deleting" something doesn't really delete anything at all... Depends on the filesystem/OS/etc of course, and it certainly wouldn't count as "touching" the system since you're only reading data. What kind of backups *were* you keeping and is there any similar method by which you could recover the wallet from those systems?

[kwaaak]

FBI

cool story bro

[wolftaur]

That is quite different from the text on https://bitcointalk.org/index.php?topic=22221.0 explaining how MyBitcoin was secure and everything~

Considering Mt. Gox's woes, aren't you the last person who should be opening your mouth to make fun of someone else for being hacked?

I mean, seriously. They apparently at least tried to be secure, you decided to give everyone's emails and passwords to a third party who didn't need them.

What little respect I still actually had for you is now gone forever...

[GeniuSxBoY]

Hey guys, no use bashing him. What's done is done and it's not going to bring anything back.
I suggest you use the five stages of grief:  DABDA  (denial, anger, bargain, depression, acceptance) and move on to acceptance because the first four stages are pointless.

[MagicalTux]

Considering Mt. Gox's woes, aren't you the last person who should be opening your mouth to make fun of someone else for being hacked?

I mean, seriously. They apparently at least tried to be secure, you decided to give everyone's emails and passwords to a third party who didn't need them.

What little respect I still actually had for you is now gone forever...

We have never said we had 30 years of experience and made fun of other people who got hacked. People around here do not understand the kind of "bad" people who are around here and just go "oh look, mtgox got hacked, but we won't, we are too good for that"... now look at that. I know I shouldn't answer, but I'm tired of being made fun of by people who claim to be better, but end not being better I'd like to know HOW this happened. We need to know how this could happen.

[julz]

Why would you list your email address as    Webmaster@mybitcoin.com in your profile if you really were the owner of mybitcoin.com - as you would surely know that there is no MX record for this domain - so that email address cannot currently work?

I call shenanigans.

Who can vouch for this user being who he says he is?

[Jine]

I want proof.

Also, it's not IMPOSSIBLE to recover data on ANY system except it's excessively overwritten.
So shut it down now, pay a couple of thousand usd and get back your data.

There is serious companys that does this kind of work.

And also, are you serious that you didn't have any offsite backup, at all?

[wolftaur]

We have never said we had 30 years of experience and made fun of other people who got hacked. People around here do not understand the kind of "bad" people who are around here and just go "oh look, mtgox got hacked, but we won't, we are too good for that"... now look at that. I know I shouldn't answer, but I'm tired of being made fun of by people who claim to be better, but end not being better.

No, you never said you had 30 years of experience, but you did just make fun of someone for getting hacked. The fact you were taunted and made fun of and accused of being a thief and all the other crap associated with the intrusion to Mt.Gox, though, means that maybe you should actually understand what it feels like, and be an adult. Instead of taking the first opportunity you get to try and publicly humiliate someone else to get yourself a little payback.

[Jine]

Why would you list your email address as    Webmaster@mybitcoin.com in your profile if you really were the owner of mybitcoin.com - as you would surely know that there is no MX record for this domain - so that email address cannot currently work?

Wrong, default behavior of MTA's is to delivier to the A-record if no MX is found.

[enmaku]

Considering Mt. Gox's woes, aren't you the last person who should be opening your mouth to make fun of someone else for being hacked?

I mean, seriously. They apparently at least tried to be secure, you decided to give everyone's emails and passwords to a third party who didn't need them.

What little respect I still actually had for you is now gone forever...

We have never said we had 30 years of experience and made fun of other people who got hacked. People around here do not understand the kind of "bad" people who are around here and just go "oh look, mtgox got hacked, but we won't, we are too good for that"... now look at that. I know I shouldn't answer, but I'm tired of being made fun of by people who claim to be better, but end not being better.

I'm going to respectfully say that we all make mistakes but it's waaaaay too soon. You had a major breach not very long ago and maybe next year some time we can talk about growing from experience blah blah blah, but it's too fresh right now to criticize the security of others just yet.

As for "being made fun of" just be the bigger man. All you do by kicking MyBitcoin when they're down is prove you're no better than they are.

[deepceleron]

A real mybitcoin post could/would be signed: http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin

Deleted wallets would also mean copied and emptied wallets...

[GeniuSxBoY]

I'm on Mt Gox's side.


They got fucked, but they didn't get completely fucked.


And even after getting fucked, they are still #1.


Big props.

[MagicalTux]

As for "being made fun of" just be the bigger man. All you do by kicking MyBitcoin when they're down is prove you're no better than they are.

Ok, sorry, I shouldn't have posted too fast. We do not even have proof this post was indeed made by Tom Williams.

Still, if this is truth I would very much like to know how this could happen, especially after they claimed to be secure (see quote in 2nd post) so everyone in the community can learn from this, including ourselves.

[julz]

Why would you list your email address as    Webmaster@mybitcoin.com in your profile if you really were the owner of mybitcoin.com - as you would surely know that there is no MX record for this domain - so that email address cannot currently work?

Wrong, default behavior of MTA's is to delivier to the A-record if no MX is found.

I already tested whether port 25 was listening  - it isn't.  So it still can't work.

[GeniuSxBoY]

Mybitcoin was hacked from the beginning.


The hackers just sat on it.

[enmaku]

A real mybitcoin post could/would be signed: http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin

Deleted wallets would also mean copied and emptied wallets...

Very true, all the more reason to try to recover the wallet.dat quickly. If there IS still any balance, it should be transferred to a fresh wallet immediately. Balances and such can be worked out after the fact, we can deal with that craziness later, but if there is still money in that wallet it needs to be transferred ASAP.

It honestly worries me more that Mr. Williams apparently just sat there in shock for days instead of responding to the problem directly... If we're even talking to Mr. Williams at all...

[wolftaur]

Ok, sorry, I shouldn't have posted too fast. We do not even have proof this post was indeed made by Tom Williams.

Still, if this is truth I would very much like to know how this could happen, especially after they claimed to be secure (see quote in 2nd post) so everyone in the community can learn from this, including ourselves.

That, in my opinion, is perfectly reasonable, and I'd like to know how such a thing happened as well. Herd immunity.

Unfortunately, no system is impenetrable, no matter how many security precautions are taken ... you can make the system pretty much completely unusable by trying, and there's still going to be some way in.