If this account was hijacked. How did you gain access to it so fast?
LOGS, EMAILS
The attacker never gained access to the dev email account, so I reset the password with an SMS message. Then I attempted the reset the pass on bitcointalk, but the email had been changed. So i asked the rogue guy in IRC if i could have the pass back, and surprisingly he gave it, but we are still locked out of the original github because of his 2FA.
Here is the email to github support and the emails we got when he attacked:
Hi, I have a cryptocurrency repo and have it hosted on your site.
One of our members went rogue and took over our forum account and this github.
I still control the email so i changed the password.
ccryptcoin user on github. my old password was ---------------------
i also connect to your server from the same IP as --------------------- github user.
They have added SSH keys and 2fa authentication to the account and I cannot recover it.
Please, can you fix this for me. If you need to contact me call ------------------------
Thank you.
Not starred
GitHub
[GitHub] Please reset your password - We heard that you lost your GitHub password. Sorry about that! But don't worry! You can use the
10:17 pm
Not starred
no-reply
Google Account password changed - Count Cryptcoin Hi Count, The password for your Google Account -
ccryptcoin@gmail.com - was recently
Attachment 10:15 pm
Not starred
GitHub
[GitHub] A new public key was added to your account - The following SSH key was added to your account: vm2 90:a8:f3:9c:4c:79:01:25:57:8d:5e:fb:8f:a3:f4:ea
9:22 pm
Not starred
GitHub
[GitHub] Two-factor authentication enabled - Hey ccryptcoin! You've just enabled two-factor authentication on your ccryptcoin GitHub account.
8:29 pm
And the logs of when I first found out:[10:01:44 PM] RRLP: yo
[10:01:45 PM] RRLP: you here?
[10:09:38 PM] Cryptcoin: hey
[10:10:08 PM] RRLP: does attious ahve the git password
[10:10:12 PM] Cryptcoin: just got back
[10:10:12 PM] RRLP: if you’re that insecure man
[10:10:16 PM] RRLP: i’m really going to shit myself
[10:10:18 PM] RRLP: like for real
[10:10:22 PM] Cryptcoin: hmm
[10:10:27 PM] RRLP: talk to me brother
[10:10:33 PM] Cryptcoin: did something happen?
[10:10:35 PM] RRLP: yes
[10:10:38 PM] RRLP: he hijacked the thread
[10:10:39 PM] RRLP: the irc
[10:10:41 PM] RRLP: and the git
[10:10:56 PM] Cryptcoin: wow
[10:10:59 PM] Cryptcoin: ill reset the passwords
[10:11:02 PM] RRLP: we need you to start hitting trollboxes
[10:11:03 PM] Cryptcoin: sorry i forgot
[10:11:06 PM] RRLP: and get control of this
[10:11:08 PM] RRLP: do it now
[10:11:11 PM] RRLP: hurry man
[10:11:13 PM] Cryptcoin: ok
[10:11:17 PM] RRLP: oh, and you can reset without issue right?
[10:11:23 PM] RRLP: he doesnt have reset pass to email or some shit
[10:11:25 PM] RRLP: correct?
[10:11:43 PM] Cryptcoin: wtf
[10:11:50 PM] Cryptcoin: 50k SAT??
[10:11:53 PM] RRLP: yea man
[10:11:57 PM] RRLP: just do your thing man
[10:12:00 PM] RRLP: reset those passes
[10:12:18 PM] Cryptcoin: ok
[10:13:40 PM] Cryptcoin: i think he took the email too, but im resetting it now with my phone
[10:13:45 PM] RRLP: Ok
[10:13:47 PM] RRLP: you need 2fa brother
[10:13:49 PM] RRLP: thats newb shit
[10:14:27 PM] Cryptcoin: i just had everything open
[10:14:32 PM] Cryptcoin: so anyone in group could edit
[10:14:59 PM] RRLP: Ok, is it locked down?
[10:15:02 PM] RRLP: get it back man
[10:15:04 PM] RRLP: we need it back right now
[10:15:12 PM] Cryptcoin: working on it
[10:15:51 PM] RRLP: you’re back in?
[10:16:21 PM] Cryptcoin: no
[10:16:24 PM] Cryptcoin: i need help
[10:16:30 PM] RRLP: hes changed all your shit hasn’t he
[10:16:36 PM] Cryptcoin: i need you to contact btctalk admins and i will contact github admins
[10:16:46 PM] RRLP: I don’t even have an account there
[10:16:48 PM] RRLP: I cant
[10:17:00 PM] RRLP: whats wrong with your email man? did you not have 2fa on it?
[10:17:06 PM] RRLP: Hes not around
[10:17:31 PM] Cryptcoin: its not my email
[10:17:35 PM] Cryptcoin: they didnt get into that i dont think
[10:17:41 PM] Cryptcoin: its the dev one
[10:17:48 PM] Cryptcoin: my own shit is secure but we were sharing that before
[10:17:54 PM] RRLP: ok so how do we get in?
[10:17:59 PM] RRLP: is there a means of resetting?
[10:18:38 PM] Cryptcoin: ok
[10:18:47 PM] Cryptcoin: i changed github pass
[10:18:53 PM] Cryptcoin: but they turned 2fa on
[10:18:58 PM] RRLP: ok
[10:19:01 PM] RRLP: so they cant get in it
[10:19:04 PM] RRLP: but neither can you?
[10:19:06 PM] Cryptcoin: they can push to it
[10:19:10 PM] Cryptcoin: they added an SSH key
[10:19:18 PM] Cryptcoin: but this stalls them from taking it over completely
[10:19:21 PM] Cryptcoin: now i need to contact github
[10:19:22 PM] RRLP: contact admins
[10:19:24 PM] RRLP: yes
[10:19:27 PM] RRLP: ok just focus on that
[10:19:30 PM] Cryptcoin: ok
