bitsalame
Donator
Hero Member
Offline
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
|
|
May 10, 2014, 02:42:05 AM Last edit: May 10, 2014, 05:27:09 AM by bitsalame |
|
Sorry if this will sound harsh, but that's not how it should be done. Circumstantial evidence or baseless hunches are useless. Let's get disciplined, let's follow only the evidence: 1) Bitcoin Address 2) Bitcoin address linked to user TheMad2403 @HackerForums -confirmed-3) User TheMad2403 @Hackerforums linked with email TheMad2403@live.com -confirmed- ( http://www.hackforums.net/showthread.php?tid=4028421&pid=38049637#pid38049637) 4) Email themad2403@live.com linked to several phishing sites of Latinamerican banks (all registered with bogus information, I checked them all) -confirmed-5) (your next lead... Must be linked to any of the previous points) For now the best course of action is: 1) Get Live.com subpoenaed. 2) Get the registrars subpoenaed. Considering that this guy doesn't seem to be a newbie in these activities, he probably used stolen credit card data to register those domains, and probably he used proxies to use live.com if that address was used solely for scams. But who knows, he could had been sloppy. Something we can be very confident about is that the guy is most definitely a Hispanic, but we can't infer yet his nationality or ancestry.
|
|
|
|
jc01480
|
|
May 10, 2014, 03:18:59 AM |
|
Subpoenas? Waste of time in the short term. There are certain police agencies within each state that have the specific power to issue an administrative demand to turn over the information you need to at least localize this individual and focus local authorities on him. I did this all the time and the information gleaned often led nowhere. But it is possible. (AT&T was a pain in the ass.). This is one of those moments where you have to ask yourself, is the EFF helping or hurting.
However, he is in IT and he is mining for crypto. There are others in that forum who know of him and shipped material items to him. Get them to help and you are in to something. (For the record, the email address is confirmed.).
|
|
|
|
bitsalame
Donator
Hero Member
Offline
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
|
|
May 10, 2014, 03:57:47 AM |
|
Subpoenas? Waste of time in the short term. There are certain police agencies within each state that have the specific power to issue an administrative demand to turn over the information you need to at least localize this individual and focus local authorities on him. I did this all the time and the information gleaned often led nowhere. But it is possible. (AT&T was a pain in the ass.). This is one of those moments where you have to ask yourself, is the EFF helping or hurting.
However, he is in IT and he is mining for crypto. There are others in that forum who know of him and shipped material items to him. Get them to help and you are in to something. (For the record, the email address is confirmed.).
Hi jc01480, thanks for your input. Could you tell us how the address is confirmed? Did he post it somewhere from his account?
|
|
|
|
jc01480
|
|
May 10, 2014, 04:08:11 AM |
|
Subpoenas? Waste of time in the short term. There are certain police agencies within each state that have the specific power to issue an administrative demand to turn over the information you need to at least localize this individual and focus local authorities on him. I did this all the time and the information gleaned often led nowhere. But it is possible. (AT&T was a pain in the ass.). This is one of those moments where you have to ask yourself, is the EFF helping or hurting.
However, he is in IT and he is mining for crypto. There are others in that forum who know of him and shipped material items to him. Get them to help and you are in to something. (For the record, the email address is confirmed.).
Hi jc01480, thanks for your input. Could you tell us how the address is confirmed? Did he post it somewhere from his account? He listed it in the forum he is a member of.
|
|
|
|
vabtc
Jr. Member
Offline
Activity: 55
Merit: 4
|
|
May 10, 2014, 04:51:58 AM |
|
I never saw Slater being the bitcoin-stealing type. Zach and Screech, maybe. Lisa Turtle mined before it was cool, doesn't need to steal.
|
|
|
|
vabtc
Jr. Member
Offline
Activity: 55
Merit: 4
|
|
May 10, 2014, 04:53:34 AM |
|
I thought it was Lopez
*awkwardly walks away*
|
|
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
May 10, 2014, 10:10:26 AM |
|
That's tough. If he wasn't running a full node then only the first nodes that relayed his transactions would have a record of his public IP address. Even that may just be a TOR exit node or VPN egress point.
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2380
Merit: 1209
The revolution will be digital
|
|
May 10, 2014, 04:39:59 PM |
|
That's tough. If he wasn't running a full node then only the first nodes that relayed his transactions would have a record of his public IP address. Even that may just be a TOR exit node or VPN egress point. He may use a web wallet as well. I think, then there is no chance to track his IP. Till now, I think the people on hackforum, who have shipped items to him can provide us the best trace. I think Danny is already over there.
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
May 10, 2014, 08:03:35 PM |
|
I hope my contribution helped yesterday, bud. Don't want anything in return.
~Bruno Kucinskas
|
|
|
|
|
LouReed
|
|
May 10, 2014, 11:14:36 PM |
|
I don't know if you ever figured out how the coins were stolen, but it sounds exactly like what happened to me a few weeks back, I clicked on a phishing link: https://bitcointalk.org/index.php?topic=531047.0I foolishly opened a link that was a Google add for Blockchain.info. It was the very top search result, and I never second guessed it, just clicked it and entered my credentials, and went to send coins, clicked the Shared Coins option, and when the page loaded, my coins were gone!
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
May 10, 2014, 11:28:00 PM |
|
<putting on tin foil hat, with apologies>
Any chance that the person who bought BTC from you, Dan, could have been the person who owned the wallet address where the BTC went to, with the hope some, if not all the $ were returned to him?
<off, again with apologies>
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
May 10, 2014, 11:37:42 PM |
|
According to this tx https://blockchain.info/tx/0deb4161fef89393a66ee3bd2abfa94a2fbce1dd9188de2a577f3bbd2b435d4a he mines on Cloudhashing, for he received funds from 1ALA5v7h49QT7WYLcRsxcXqXUqEqaWmkvw. Greetings, Here are two address which may add to Bitcoin's blockchain.info or equivalent to monitor if they does the thing
1. 1ALA5v7h49QT7WYLcRsxcXqXUqEqaWmkvw (Cloudhashing,which I am very sure as I have received the first payment today)
2. Ghash.io (1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC), which is default labled by blockchain.info
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
May 11, 2014, 12:06:40 AM |
|
what does this have to do with themad2403?
|
|
|
|
DannyHamilton (OP)
Legendary
Offline
Activity: 3472
Merit: 4798
|
|
May 11, 2014, 12:14:19 AM |
|
<putting on tin foil hat, with apologies>
Any chance that the person who bought BTC from you, Dan, could have been the person who owned the wallet address where the BTC went to, with the hope some, if not all the $ were returned to him?
<off, again with apologies>
It's a legitimate concern, but in this case I'm as certain as I can be that it isn't the case. The user "themad2403" over at hackforums.net has admitted to being the thief, and it has been determined with relative certainty that he is hispanic. He has refused to return the bitcoins to the victim. I've dealt with the guy who bought from me in the past, he isn't hispanic, and I'm certain that he doesn't have the skills to pull of a such a scam right in front of me on his own. While a possibility could exist that he was working with someone else who was not there and was waiting for the bitcoins to be deposited so they could quickly sweep them out, he'd have had to be a pretty impressive actor and have worked out some pretty good timing. Given how many scams we see on a daily basis, I think we all carry tin foil hats around with us. In this case, I don't think its warranted.
|
|
|
|
DannyHamilton (OP)
Legendary
Offline
Activity: 3472
Merit: 4798
|
|
May 11, 2014, 12:16:38 AM |
|
what does this have to do with themad2403?
themad2403 at hackforums.net? He stole the bitcoins. He admitted to it. Even if he hadn't it wouldn't matter. It is quite clear that he owns the bitcoin address where the bitcoins were transferred to when they were stolen.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
May 11, 2014, 12:28:16 AM |
|
what does this have to do with themad2403?
themad2403 at hackforums.net? He stole the bitcoins. He admitted to it. Even if he hadn't it wouldn't matter. It is quite clear that he owns the bitcoin address where the bitcoins were transferred to when they were stolen. no, i mean what does phinneas gage's post have to do with the thief? those images from hackforums are different users
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
May 11, 2014, 12:30:15 AM |
|
The user "themad2403" over at hackforums.net has admitted to being the thief
So whats the next step? Any chance of getting him prosecuted?
|
|
|
|
|