From #bitcoin-police on Freenode concerning Tom Williams:
#######################################################
Greetings bitcoin community!
#bitcoin-police is operated by volunteers from the Bitcoin community at large to respond to fraud related activity within the community. Although our powers of action are obviously as limited as any other internet denizen, we aim to collect as much information as possible in order to be capable of providing dossier information for legal action should it ever ensue.
########### INFORMATION RELASE - MYBITCOIN.COM #############
The following dossier has been compiled by #bitcoin-police in response to growing community debate over the current situation in relating to the online wallet provider MyBitcoin.com.
**IMMEDIATE SITUATION
Begining on Friday 29th July 2011 the site
www.mybitcoin.com was reported as experienceing outages preventing transfer of funds to/from online wallets. At this time further reports emerged alleging the failure of medium to large sums of Bitcoin failing to be transferred to target wallets.
related link:
https://bitcointalk.org/index.php?topic=32900.0;allHistorically, some question has been raised as to the operations of myBitcoin.com as early as mid june this year, spurring a repsonse from the alleged owner:
https://bitcointalk.org/index.php?topic=22221.0;all* The use of GpG signature here should be noted as well as the name of the poster.
from this we can conclude that "official" communications from myBitcoin.com are GpG signed to:
http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin** HISTORY
early indications of problems with mybitcoin operations emerged around June 29th/30th 2011:
with (verified) responses from mybitcoin operations team revealing key technical details of the workings of mybitcoin.
https://bitcointalk.org/index.php?topic=32900.0;allhttps://bitcointalk.org/index.php?topic=24548.0;alladditional concerns emerged in early july (July 5th) implicating (most probably falsely) Bruce Wagner of Bitcoinme.com. (rapid cleansing of bitcoinme indicates no likely link to mybitcoin)
http://bitcointalk.org/index.php?topic=26224.0;allwith further issues and concerns raised throughout July 2011
http://bitcointalk.org/index.php?topic=26224.60http://bitcointalk.org/index.php?topic=29147.0http://bitcointalk.org/index.php?action=profile;u=8940;sa=showPostshttps://bitcointalk.org/index.php?topic=33458.0;allhttp://www.reddit.com/r/Bitcoin/comments/imw0y/mybitcoin_is_a_disaster_waiting_to_happen/http://www.blogger-index.com/feeds.php?feed_id=29159&&p=1 [Shitcoin]
**Investigative Resuls
Initial investigations into the ownership of myBitcoin.com reveal:
Registrant:
MyBitcoin, LLC
Main Street
PO Box 556
Charlestown, Nevis
KN
Administrative Contact:
Williams, Tom
Main Street
PO Box 556
Charlestown, Nevis
KN
+6499518329
Registrar of Record: TUCOWS, INC.
Record last updated on 27-Mar-2011.
Record expires on 25-Apr-2012.
Record created on 25-Apr-2010.
Seemingly legitimate results with the exception that the listed address is well known.
Quick investigation shows that the address to which MyBitcoin.com is register is actually the same as
PrivacyShark.com
Registrant:
Privacy Shark, LLC
Main Street
PO Box 556
Charlestown, Nevis
KN
Domain name: PRIVACYSHARK.COM
Administrative Contact:
Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ==@privacyshark.com
Main Street
Charlestown, Nevis
KN
(202) 558-2876
PrivacyShark.com is a known anonymous Domain registrant providing "anonymous domain names, anonymous dns, and offshore whois information.
...
Privacy Shark, LLC (privacyshark.com) is a wholly-formed corporation that is governed and regulated by the courts of Nevis, West Indies."
_______
It appears that many other shell companies use this fake address, such as
http://panjiva.com/Envases-Globales/1081553Envases Globales
P O Box 556 Main St Charlestown Nevis
or
King Zulu LLC.
P.O. Box 556 Charlestown, Nevis Last Updated on: 28-DEC-08
Of iteresting note is the information provided on PrivacyShark's About page:
"
Q. How do I order / make payments?
A. In order to be 100% anonymous, we only accept anonymous forms of payment. We accept Bitcoin (we recommend MyBitcoin). Order by clicking here.
" [http://www.privacyshark.com/about.html]
where a clear link promoting MyBitcoin.com is present, as is the information that normal clients registering through PrivacyShark will have a generic registration with the following format:
***
BEFORE Privacy Shark
Registrant:
John Smith
#123 Your Address
Sometown, CA 90210
US
Domain name: YOURDOMAIN.COM
Administrative Contact:
Smith, John
jsmith@yourisp.com#123 Your Address
Sometown, CA 90210
US
408-555-1212
Technical Contact:
Smith, John
jsmith@yourisp.com#123 Your Address
Sometown, CA 90210
US
408-555-1212
Domain servers in listed order:
NS1.YOURISP.COM
NS2.YOURISP.COM
AFTER Privacy Shark
Registrant:
Privacy Shark, LLC
Main Street
PO Box 556
Charlestown, Nevis
KN
Domain name: YOURDOMAIN.COM
Administrative Contact:
Privacy Protected Domain, Privacy Shark Domain Trust
cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.comMain Street
PO Box 556
Charlestown, Nevis
KN
(202) 558-2876
Technical Contact:
Privacy Protected Domain, Privacy Shark Domain Trust
cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.comMain Street
PO Box 556
Charlestown, Nevis
KN
(202) 558-2876
Domain servers in listed order:
ANONYMOUS-DNS1.PRIVACYSHARK.COM
ANONYMOUS-DNS2.PRIVACYSHARK.COM
***
At this point, the registration of MyBitcoin.com does NOT match the standard format for a site registered via PrivacyShark.
Further investigation shows at lest one known Bitcoin scam site registered via PrivacyShark that exhibit "normal" registration details [Bitcoin4Cash.com]:
http://bitcointalk.org/index.php?topic=8258.0;allhttp://pastehtml.com/view/aui7tmtfe.htmlRegistrant:
Privacy Shark, LLC
Main Street
PO Box 556
Charlestown, Nevis
KN
Domain name: BITCOIN4CASH.COM
Administrative Contact:
Privacy Protected Domain, Privacy Shark Domain Trust
Main Street
PO Box 556
Charlestown, Nevis
KN
(202) 558-2876
____
Additional information reveals the following known sites registered via PrivacyShark:
phonefate.com
h410g3n.com
quiveringfuckholes.com
netwerked.net
voodoomachine.com
hackcanada.com <====****
6server.com
freeworldtel.com
daliwen.com
mybitcoin.net <====****
assserver.com
wwwmybitcoin.com <=====****
talksugar.com
bitcoinreserve.com <=====***
demeterscoffeevault.com
7upyours.com
dalinowen.com
6server.com
plusnethosting.com
talksugars.com
wwwtalksugar
diskhaven.com
1buckphonesluts
1hotphonebabe
anomaliesonline.com
1hotphonebabe4u.com
myfaveslave.com
pussyjuicegirls.com
sawtoothrc.com
phonefate.rog
talksugar.org
mule-coquine.info
hackcanada.org <====****
cfraamail.org
plusnethosting.com
freeworldtel.com
pickup-test.com
test-depersonalidad.com
testbaleni.com
globalxxxhost.com
bitcoinia.com <===***
phonecallgirl.com
sexiestserver.com
pimpdollar.com
dalinowen.com
dalinowen.com
plusnethosting.com
phonefate.net
1hotphonebabe4u.com
chicagobbwescort.com
[ty -
http://privacyshark.blogspot.com/]
___
Of most interest here is the inclusion of HackCanada - an organisation with historical ties to the bitcoin community.
Investigation of the NETBLOCK upon which the mybitcoin servers operate shows that the servers are operated by LeaseWeb and the immedaite servers also host:
nanaimogold.com - United States Nanaimo Gold -
http://www.nanaimogold.compimpdollar.com - United States - -
Pimp dollar
http://www.pimpdollar.comphonefate.com - - Privacy Shark, LLC -
Phonefate phone sex with talksugar
Talk sugar : livecam & phone sex : now with phonefate
http://www.phonefate.comkinkybyphone.com - - - -
Kinkybyphone phone sex with talksugar
Talk sugar : livecam & phone sex : now with kinkybyphone
http://www.kinkybyphone.comnettwerked.net - United States - -
Nettwerked; a web-site for the canadian undergr0und scene
Nettwerked
http://www.nettwerked.net**NOTE this site is operated by a founding member of HackCanada
hackcanada.com - United States - -
Hack canada - it dont mean jack if it aint got that hack.
Hack canada : hacking, phreaking, and tempestuous technology. rewiring your world the way we want it.
http://www.hackcanada.comLeaseWeb Complaint ==>
http://www.webhostingtalk.com/showthread.php?p=7602128 https://bitcointalk.org/index.php?topic=33020.0;all** Most Recent Activity
Of most recent note is an alleged post by the "owner" of mybitcoin.com which reveals contradictory technical information regarding the operation of mybitcoin:
https://bitcointalk.org/index.php?topic=33646.0This post is not GpG signed like any other communique from mybitcoin.com to date. Also the technical details and experience of staff elluded in this post would indicate that it is HIGHLY UNLIKELY this post originated from any real owner of mybitcoin.
Most recent scanning of the site revealed that Privoxy serevices hosting TOR hidden service were most recently halted and current nMap activity of the site shows:
Starting Nmap 5.51 (
http://nmap.org ) at 2011-08-03 01:18 E. Australia Standard Time
NSE: Loaded 57 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 01:18
Completed Parallel DNS resolution of 1 host. at 01:18, 0.01s elapsed
Initiating SYN Stealth Scan at 01:18
Scanning
www.mybitcoin.com (83.149.112.133) [1000 ports]
Increasing send delay for 83.149.112.133 from 0 to 5 due to 11 out of 11 dropped probes since last increase.
SYN Stealth Scan Timing: About 10.07% done; ETC: 01:23 (0:04:37 remaining)
Increasing send delay for 83.149.112.133 from 5 to 10 due to 11 out of 11 dropped probes since last increase.
SYN Stealth Scan Timing: About 19.10% done; ETC: 01:23 (0:04:18 remaining)
SYN Stealth Scan Timing: About 28.10% done; ETC: 01:23 (0:03:53 remaining)
SYN Stealth Scan Timing: About 37.17% done; ETC: 01:23 (0:03:25 remaining)
Discovered open port 9999/tcp on 83.149.112.133
SYN Stealth Scan Timing: About 46.03% done; ETC: 01:23 (0:02:57 remaining)
SYN Stealth Scan Timing: About 47.37% done; ETC: 01:24 (0:03:21 remaining)
SYN Stealth Scan Timing: About 48.73% done; ETC: 01:25 (0:03:42 remaining)
SYN Stealth Scan Timing: About 50.33% done; ETC: 01:26 (0:04:04 remaining)
SYN Stealth Scan Timing: About 52.77% done; ETC: 01:27 (0:04:29 remaining)
SYN Stealth Scan Timing: About 56.77% done; ETC: 01:29 (0:04:58 remaining)
SYN Stealth Scan Timing: About 70.23% done; ETC: 01:34 (0:04:53 remaining)
SYN Stealth Scan Timing: About 78.07% done; ETC: 01:36 (0:04:03 remaining)
SYN Stealth Scan Timing: About 84.27% done; ETC: 01:37 (0:03:07 remaining)
SYN Stealth Scan Timing: About 89.90% done; ETC: 01:39 (0:02:07 remaining)
SYN Stealth Scan Timing: About 95.17% done; ETC: 01:39 (0:01:03 remaining)
Completed SYN Stealth Scan at 01:40, 1356.93s elapsed (1000 total ports)
Initiating Service scan at 01:40
Scanning 1 service on
www.mybitcoin.com (83.149.112.133)
Completed Service scan at 01:41, 44.61s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against
www.mybitcoin.com (83.149.112.133)
Retrying OS detection (try #2) against
www.mybitcoin.com (83.149.112.133)
Initiating Traceroute at 01:42
Completed Traceroute at 01:42, 3.66s elapsed
Initiating Parallel DNS resolution of 21 hosts. at 01:42
Completed Parallel DNS resolution of 21 hosts. at 01:42, 12.05s elapsed
NSE: Script scanning 83.149.112.133.
Initiating NSE at 01:42
Completed NSE at 01:42, 0.71s elapsed
Nmap scan report for
www.mybitcoin.com (83.149.112.133)
Host is up (0.28s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
3300/tcp closed unknown
9999/tcp open ssl/abyss?
Device type: general purpose
Running (JUST GUESSING): OpenBSD 4.X (87%), FreeBSD 7.X (85%)
Aggressive OS guesses: OpenBSD 4.0 (87%), FreeBSD 7.0-RELEASE-p5 (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 0.001 days (since Wed Aug 03 01:41:33 2011)
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Randomized
In closing, #bitcoin-police conclude that it is most likely that MyBitoin.com had suspicious origins and the ongoing failure of authenticated communication from the provider would allege some level of impropiety on behalf of the operator. This investigation is marked as OPEN with a high level of suspect indicators.
Any public information regarding this even tis welcom on the freenode #bitcoin-police channel, in Private Message to MrTiggr or GpG email to mr dot tiggr at gmail dot com
MrTiggr - Commander-in-Chief, Bitcoin Police
graingert - Pastebin hero
