Snowpea (OP)
Member
 Offline
Activity: 96
Merit: 10
|
 |
May 09, 2012, 02:00:43 PM |
|
So i wake up this morning, and shortly after, i start receiving multiple emails from my gmail account from suspicious attempted sign ins. Then i start seeing password recovery messages from my GLBSE and MtGox accounts.
My account uses a strong password that i only use in one other place(a pool).
I'm not going to say what until i'm a bit more clear as to where the security issue is for the sake of the pool.
Anyway, gmail tells me that the IP is: 68.230.94.23 based in Tucson, Arizona. The ISP is Cox Communications.
Obviously, this attack was aimed at my BTC related accounts. Does anyone have any ideas how i can track down this person? or perhaps whatever malicious site/software is attacking the BTC community?
|
|
|
|
|
|
|
|
|
|
|
"With e-currency based on cryptographic proof, without the need to
trust a third party middleman, money can be secure and transactions
effortless." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
bulanula
|
|
May 09, 2012, 02:04:14 PM |
|
Same here. 187.113.24.162 from Brazil  WTF ! |
|
|
|
|
|
|
Snowpea (OP)
Member
Offline
Activity: 96
Merit: 10
|
|
May 09, 2012, 02:42:01 PM |
|
dictionary attack wouldn't be able to guess my strong password, it's 10 characters long with symbols and no dictionary words
|
|
|
|
|
REF
|
|
May 09, 2012, 02:54:09 PM |
|
Your password was definitely phished, caught by spyware, or taken from the database of another site (by site owner or hackers). Most mail providers have strong captchas & usually stop allowing attempts after 3-5 failed ones.
Try entering your passwrod into Google and see if anything comes up, I once done that when my email address got hacked and found a hacker forum where a hacker had posted a list of email addresses + md5 hashes of passwords that were used to signup to a site, and people were trying to crack them and posting the passwords they cracked.
interesting. If that ever happens to I will be trying that in the future. |
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
May 09, 2012, 05:01:48 PM |
|
Passwords at mining pools seem to get leaked on a daily basis. Few of these guys are any good at security.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
May 09, 2012, 08:00:39 PM |
|
So i wake up this morning, and shortly after, i start receiving multiple emails from my gmail account from suspicious attempted sign ins. Then i start seeing password recovery messages from my GLBSE and MtGox accounts.
Out of curiosity, was your e-mail address in the list of leaked passwords from the June 2011 hack at Mt. Gox (or similar list from one of the many breaches since) Do you use the same username as is in your e-mail? e.g. snowpea@gmail.com and then the same username at Mt. Gox / GLBSE of "snowpea"? |
|
|
|
|
Andrew Bitcoiner
|
|
May 09, 2012, 08:03:23 PM |
|
dictionary attack wouldn't be able to guess my strong password, it's 10 characters long with symbols and no dictionary words
10 characters is not enough. Brute forcing that is easy on todays hardware, you need to be 15 characters or longer. I know some people who choose 30 characters in length. |
|
|
|
Uncurlhalo
Full Member
Offline
Activity: 238
Merit: 100
|Argus| Accounting and Auditing on the Blockchain
|
|
May 09, 2012, 08:04:47 PM |
|
Yeah I had an attempted login from somewhere in Sweden on my gmail.
|
Argus the revolution in making
|
|
|
|
EuSouBitcoin
|
|
May 09, 2012, 08:15:58 PM |
|
dictionary attack wouldn't be able to guess my strong password, it's 10 characters long with symbols and no dictionary words
10 characters is not long enough. According to https://www.grc.com/haystack.htmsuch a password can be cracked in less than 2 hours with a Massive Cracking Array Scenario. Personally, I like DiceWare for making long passwords that are easy to remember. See http://world.std.com/~reinhold/diceware.html |
You can't win if you don't play. But you can't play if you lose all your chips. First I found bitcoin (BTC). Then I found something better, Monero (XMR). See GetMonero.org
|
|
|
Snowpea (OP)
Member
Offline
Activity: 96
Merit: 10
|
|
May 10, 2012, 03:09:05 AM |
|
i tested my password, and with the online scenario it's: 1.20 thousand centuries... i really doubt anyone with the ability to do 1 trillion a second would be targeting BTC.
|
|
|
|
arby
Donator
Member
Offline
Activity: 112
Merit: 10
keybase.io/arblarg
|
|
May 11, 2012, 06:16:40 AM |
|
As the other posters said, it is almost impossible to track down the person, law enforcement could track it down, but if it was just a proxy used by the attacker, it will be again harder, anyway I do not think anyone will bother to track anyone down because of a cracked password or what happened.
About the password, well a bit hard to crack a password that is 10 random characters, including digits, etc. There are a lot of protection mechanisms in place at reputable websites.
The most common way to steal passwords nowadays is using trojans that hook into browser functions.
But also in some cases, the websites that you use the same passwords at, small websites such as this pool, are vulnerable and attackers may phish the passwords from there, so it is better to use a different
password for each account, and well maybe keep them in an encrypted txt or something on your computer, but that depends on your situation.
|
|
|
|
check_status
Full Member
Offline
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
|
|
May 13, 2012, 05:29:00 PM |
|
such a password can be cracked in less than 2 hours with a Massive Cracking Array Scenario.
Do pools count as 'Massive Cracking Arrays'? Maybe blocks aren't being found as often as they could be because some pools are cracking juicy passwords and then statistically attributing the artificial BTC drought to "Luck".  If you only used a duplicate password on Google and the Pool then either you or the pool is suspect. Does your pool keep IP address sign in logs that you can view? If any BTC is missing you can trace it via the blockchain. Someone has done this for a few high profile thefts. http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.htmlFigure 2 shows how the thief used the blockchain for command and control during the theft by monitoring a LulSec BTC address. |
For Bitcoin to be a true global currency the value of BTC needs always to rise. If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76. P2Pool Server List | How To's and Guides Mega List | 1 EndfedSryGUZK9sPrdvxHntYzv2EBexGA |
|
|
flaxceed
Sr. Member
Offline
Activity: 389
Merit: 250
>>Note new email flaxceed@tormail.org<<
|
|
May 17, 2012, 11:30:12 AM |
|
As the other posters said, it is almost impossible to track down the person, law enforcement could track it down
how? |
////////////////////////////////////////////// >>>>>> flaxceed@tormail.org<<<<<< \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ >>> NOTE: This is a new email address. It is now tormail.org, and no longer tormail.net! <<< |
|
|
|
Blazr
|
|
May 17, 2012, 02:16:45 PM |
|
As the other posters said, it is almost impossible to track down the person, law enforcement could track it down
how? LE can contact the ISP of the IP where the attack originally came from and get details on that person, however, it'll likely be a TOR exit node or a proxy, and if the owner hasn't kept proper logs it can be very difficult/impossible to trace it back to the actual hackers IP. Even then, when there are TOR + proxies involved, getting a conviction in court can be quite difficult as it can be hard to prove that it wasn't just the exit node owner who initiated the attack, or somebody else along the chain. |
|
|
|
|
