Tom Williams ~ The Smoking Gun(s) or Phin's Pholly

[Raoul Duke]

Maybe you could edit the OP with all the info and what connects the dots, so people don't need to read 6 7 pages to get some juice.

[cypherdoc]

I have an honest question for you, BitcoinPorn, and simply give me an honest answer. Do you think I'm just spreading gossip?

Not at all, I was saying that to cypherdoc's comment, which came off that way the way he said it.  I am seeing all your info, it is not gossipy, I could have separated my sentences into paragraphs there.

i gave the straight facts initially but then he asked me how i interpreted it.

[Phinnaeus Gage]

Maybe you could edit the OP with all the info and what connects the dots, so people don't need to read 6 7 pages to get some juice.

Good idea, psy. I'm on it.

[NF6X]

Most of the players (not just what I've listed so far, but many more) have hacking backgrounds with the main exception being BW, who just so happens to have a pretty mouth.

I've highlighted the key points.

I don't understand what the connection between those accounts is supposed to be. Can you spell it out for me, using small, simple words?   

[Phinnaeus Gage]

Most of the players (not just what I've listed so far, but many more) have hacking backgrounds with the main exception being BW, who just so happens to have a pretty mouth.

I've highlighted the key points.

I don't understand what the connection between those accounts is supposed to be. Can you spell it out for me, using small, simple words?   

I'm spelling it now and you can see it a little better in the original post where I'm editing it. When I'm done, I'll post it again. Sorry for the mess. It makes sense in my head. Great place to visit but you don't want to live there.

[NF6X]

It's not that much of a stretch to see that weusecoins.com and Tom Williams registered the same day, and probably at the same time on the same computer.

That's where you're losing me. I'll say that those two accounts appear to have been registered consecutively, but I don't see anything else that suggests that they were registered by the same person, and/or from the same computer, or even on the same day. Without IP logs and timestamps of registrations, how do you know that those accounts weren't registered from different addresses a few hours apart? Can we also assume that Tom Williams registered his fribit.no account a moment later?

[Phinnaeus Gage]

It's not that much of a stretch to see that weusecoins.com and Tom Williams registered the same day, and probably at the same time on the same computer.

That's where you're losing me. I'll say that those two accounts appear to have been registered consecutively, but I don't see anything else that suggests that they were registered by the same person, and/or from the same computer, or even on the same day. Without IP logs and timestamps of registrations, how do you know that those accounts weren't registered from different addresses a few hours apart? Can we also assume that Tom Williams registered his fribit.no account a moment later?

Patterns!

667,brucewagner,bruce@brucewagner.com,$1$... (purposely waited till the 666th member joined so that he wouldn't be it)
668,Almad,prace@almad.net,ad8... (note password--not starting with $1$)
669,SergGT,serg_gt@rambler.ru,$1$... (Russian)
670,iamiam,ed@edwardgel.com,71b... (note password--not starting with $1$)

Different day?


This account could easily be a day earlier----------BUT (still connected, I say)

603,justmoon,moon@justmoon.ch,$1$...     (registered just up prior to BW & EG registering) (an early Mt.Gox member)

[cypherdoc]

surely you aren't suggesting Stefan Thomas is Tom Williams?  Stefan has done some great work for the community and was one of the key speakers at Bitcon.  i've seen him interviewed by BW and he seems like a very cheerful fellow and dedicated Bitcoin enthusiast in his own words.

[Phinnaeus Gage]

The anonymous guy was the user that went by the nickname of noagendamarket

how do u know this?

I'll explain it real slow: There's...this...thing...called...the...internet...

That, and 'noagendamarket' on a ton of posts on the forum turned to 'Anonymous' in a different color (because it's not a link) when the mods deleted noagendamarket's account here after he made a post threatening another group of users with harm.

A teaser! https://bitcointalk.org/index.php?topic=1735.msg21444#msg21444

[NF6X]

Patterns!

667,brucewagner,bruce@brucewagner.com,$1$... (purposely waited till the 666th member joined so that he wouldn't be it)
668,Almad,prace@almad.net,ad8... (note password--not starting with $1$)
669,SergGT,serg_gt@rambler.ru,$1$... (Russian)
670,iamiam,ed@edwardgel.com,71b... (note password--not starting with $1$)

The human mind is wonderful at detecting patterns... even if there's nothing there but random noise.

(purposely waited till the 666th member joined so that he wouldn't be it)

That seems like a big stretch to me to discern purpose from a password file. How would he even know that the 666th person had just registered, unless Bruce Wagner and MagicalTux are the same person?  I could just as easily conclude that Bruce deliberately tried to be user 666, but was a second too late.

(note password--not starting with $1$)

I'm no expert on the MtGox password file leak, but if I recall correctly what I had read back then, a password not starting with $1$ indicates that it wasn't changed by the user at some point after MtGox changed their hashing algorithm. Or more accurately, the $1$ passwords in that region of the file belong to people who did change their password at some point after the hashing algorithm changed. If I was going to draw any conclusions from that at all, I'd say that two actively-used accounts in which one has a $1$ password and the other doesn't, are less likely to belong to the same person, since a given person would probably revise the passwords of all of their actively-used accounts on a site if they were going to revise any of them.

[Phinnaeus Gage]

surely you aren't suggesting Stefan Thomas is Tom Williams?  Stefan has done some great work for the community and was one of the key speakers at Bitcon.  i've seen him interviewed by BW and he seems like a very cheerful fellow and dedicated Bitcoin enthusiast in his own words.

No I was not claiming that at all. I was stating that the name and the name associated with the email account is different. BTW, do have a picture of him?

[owner-c] handle: 668732
[owner-c] type: PERSON
[owner-c] title:
[owner-c] fname: Stefan
[owner-c] lname: Thomas      (If the owner's name is Stefan Thomas, then why does email link to another name)
[owner-c] org:
[owner-c] address: Sommerhofenstr. 136
[owner-c] city: Sindelfingen
[owner-c] pcode: 71067
[owner-c] country: DE
[owner-c] state: DE
[owner-c] phone: +49-7031-7853000
[owner-c] fax: +49-7031-700935
[owner-c] email: moon@justmoon.de   Here  (same website design as justmoon.ch and justmoon.net)
[owner-c] protection: B
[owner-c] remarks: 32086495
[owner-c] updated: 2011-07-21 03:19:14

[BitcoinPorn]

surely you aren't suggesting Stefan Thomas is Tom Williams?

My mind is blown.

[Phinnaeus Gage]

Patterns!

667,brucewagner,bruce@brucewagner.com,$1$... (purposely waited till the 666th member joined so that he wouldn't be it)
668,Almad,prace@almad.net,ad8... (note password--not starting with $1$)
669,SergGT,serg_gt@rambler.ru,$1$... (Russian)
670,iamiam,ed@edwardgel.com,71b... (note password--not starting with $1$)

The human mind is wonderful at detecting patterns... even if there's nothing there but random noise.

(purposely waited till the 666th member joined so that he wouldn't be it)

That seems like a big stretch to me to discern purpose from a password file. How would he even know that the 666th person had just registered, unless Bruce Wagner and MagicalTux are the same person?   I could just as easily conclude that Bruce deliberately tried to be user 666, but was a second too late.

(note password--not starting with $1$)

I'm no expert on the MtGox password file leak, but if I recall correctly what I had read back then, a password not starting with $1$ indicates that it wasn't changed by the user at some point after MtGox changed their hashing algorithm. Or more accurately, the $1$ passwords in that region of the file belong to people who did change their password at some point after the hashing algorithm changed. If I was going to draw any conclusions from that at all, I'd say that two actively-used accounts in which one has a $1$ password and the other doesn't, are less likely to belong to the same person, since a given person would probably revise the passwords of all of their actively-used accounts on a site if they were going to revise any of them.

LMMFAO That was better than Muskie fishing. I got you to bite! I was joking about the 666th member to see if you would take the bait.

Your last point is valid except: Why did BW or EG not change their password, but one of them did?

and this:

253, macrohard ,robert@mckay.com,42d...
311,robert@mckay.com,robert@mckay.com,42d...(same password as above)

Let me ask you this: Do you think my whole theory is hogwash? A yes or no will suffice.

[indicasteve]

Man... I still think you are going on a wild goose chase...

This address is also in that password file:

31479,tien.dat79,tien.dat79@yahoo.com,$1$YvOM9Q00$FuInXK.RW36tX33fKh8pJ0

That is the SAME emaill address of that wildtigon listed as the mybitoin.com owner on the bitcoinfeedback page.

Incidentally, the owner of the feedback site has the IP address of wildtigon.  I'll bet the IP address is in Vietnam.

[NF6X]

I'm not ready to call your whole story hogwash-or-not yet, but many of the assumptions and conclusions you're making seem like big stretches to me, so far.

I see that robert @ mckay.com has more than one account registered there, but I noticed lots of instances of more than one account from the same person last time I perused the MtGox leak file for interesting tidbits. I don't see how that email address is connected to any of this yet, nor do I see a plausible connection to edwardgel or some (*gasp*) Russian person, aside from their accounts being registered at about the same time. With over 60k accounts registered over the relatively short period of time between MtGox's inception and the leaking of their password file, there are bound to be lots of weird-looking coincidences in there.

Ok, I'm going to tell you a secret. Very few people know this, so don't spread it around: NF6X is not the name I was given at birth. I hope that you don't think any less of me because I'm posting here under an alias. 

[Phinnaeus Gage]

Hang on to your hats gain, I just found something else. Going to make a pot of coffee and take a leak. Back in a couple minutes. Possibly, the SIGTHTF!

[NF6X]

My hat is now securely fastened atop my head. I'll be back after I go feed the horse, if you know what I mean.

[Phinnaeus Gage]

Now, I will admit that this could be a wild goose chase, for I didn't do DD yet. That said, here it is nonetheless:

Don’t give the Fed a new job: http://blogs.reuters.com/great-debate/tag/mark-t-williams

http://en.wikipedia.org/wiki/Mark_T._Williams



The following quote is from the end of a comment left by Sergey (remember that name)

Banks and even insurers became vehicles to extract profit at any cost without thoughts beyond next bonus.
Capitalism failed there. Society cannot allowed bad guys to fall.
In your abbreviation SROB the key letter ‘I’ stays for ‘independent’ and it is absent.
Don’t forget every bank including Lehman had/has Risk controllers. They all failed badly. So the body must be independent.
FED doesn’t have infrastructure and expertise in measuring risk. But the truth is that nobody has.
Posted by Sergey | Report as abusive

[Phinnaeus Gage]

My hat is now securely fastened atop my head. I'll be back after I go feed the horse, if you know what I mean.

Yep, I do. I saw that episode of South Park.

[Phinnaeus Gage]

It's not that much of a stretch to see that weusecoins.com and Tom Williams registered the same day, and probably at the same time on the same computer.

50730,haakjes,frank@root66.org,$1$9...    
50731,hammerfortyfour,t.williams@bankofamerica.com,$1$9...   (account created prior to Mt.Gox getting hacked--possibly EG)



major edit job here (by me, BRUNO)




253, macrohard ,robert@mckay.com,42d...
311,robert@mckay.com,robert@mckay.com,42d...(same password as above)
966, macro ,robert@mckay.com,$1$l...

46342,nayryakcm,rmckay2003@yahoo.com,$1$...

254,Warhammer,Warhammer@li.ru,$1$... (Russian)

667,brucewagner,bruce@brucewagner.com,$1$...
668,Almad,prace@almad.net,ad8... (note password--not starting with $1$)
669,SergGT,serg_gt@rambler.ru,$1$... (Russian)
670,iamiam,ed@edwardgel.com,71b... (note password--not starting with $1$)

5699,edwardgel,ed@edwardgel.com,$1$... (note he opted to not create his own password this time)