Bitcoin Forum
December 09, 2016, 09:28:04 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: A public apology to Donald, Patrick and Amir ("Intersango guys")  (Read 7489 times)
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1092


Will read PM's. Have more time lately


View Profile
May 18, 2012, 02:39:38 PM
 #41

The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.

Almost.
Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents.

And he ought only have hashes of passwords.

Link me to more detail on the "EXPECT MASS LEAK" message?

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

This is an address some of the stolen money was sent to

Notice the transaction amounts:

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

The part after the decimal point is ascii binary, and it converts to: expect mass leak soon

Also, the address starts with 1EML

Expect Mass Leak

Converter:
http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

(for amounts that don't have 8 decimal places you need to add in more 0's, the 116BTC transaction is irrelevant I think)

Great find Blazr! I wonder if the attackers are planning to leak the database in the open? Transaction information, etc.

Another point that I don't know if people thought about is, what happens with those generated MtGox codes on the database that haven't been redeemed by the users yet? Could the attacker cash them out at will (and probably already did) to hundreds of MtGox accounts, or even instantly exchange them to LR or other currencies using services like the one we  offer?

What is interesting is, Friday RIGHT before Bitcoinica went down we were trying to withdraw several thousands using MtGox (this is common practice for us since as funding partners, we usually get more Bitcoinica than what we sell, and eventually we need to turn it back into fiat). What is interested is that I was hitting the "MtGox limit temporarily reached" a lot of the times, even with small test amounts such as $100. I wonder if at that point, the attacker indeed emptied the bitcoinica MtGox account from funds.

I mean, think about it: with full access to the server, what would have prevented the hacker from issuing a whole bunch of MtGox redeemable codes and completely empty their account?


No, I was online for the entire duration of the hacking. I revoked the keys immediately. The withdrawal limit had already been reached due to normal withdrawals.

The terrible thing is, Rackspace refused to log the hacker out. They don't know how to do it.

Err, pull the plug for the whole dedicated server is that hard?

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481318884
Hero Member
*
Offline Offline

Posts: 1481318884

View Profile Personal Message (Offline)

Ignore
1481318884
Reply with quote  #2

1481318884
Report to moderator
1481318884
Hero Member
*
Offline Offline

Posts: 1481318884

View Profile Personal Message (Offline)

Ignore
1481318884
Reply with quote  #2

1481318884
Report to moderator
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 18, 2012, 02:45:33 PM
 #42

Err, pull the plug for the whole dedicated server is that hard?
If I'm not mistaken, it was hosted on RS Cloud Servers (similar to AWS), and I assume that shutting it down would destroy valuable evidence that could remain in memory.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
May 18, 2012, 05:11:07 PM
 #43

Err, pull the plug for the whole dedicated server is that hard?
If I'm not mistaken, it was hosted on RS Cloud Servers (similar to AWS), and I assume that shutting it down would destroy valuable evidence that could remain in memory.

They pulled the plug (suspend the servers), but the hacker was still in session. Thus the hacker is able to re-create cloud servers using our backup images.

Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
elux
Legendary
*
Offline Offline

Activity: 1454



View Profile
May 18, 2012, 05:27:57 PM
 #44


Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response.

http://www.rackspace.co.uk/managed-hosting/solutions-for-business/type-of-business/finance/

Quote
Your business demands that you have 24/7/365 access to your trading systems, email, back-office applications and websites.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 18, 2012, 05:57:57 PM
 #45

The terrible thing is, Rackspace refused to I didn't log the hacker out. They I (still) don't know how to do it.

Fixed that shit for you.

Was that a managed server? How much did you pay monthly/yearly to Rackspace for managing the server for you?

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 18, 2012, 06:01:36 PM
 #46

The terrible thing is, Rackspace refused to I didn't log the hacker out. They I (still) don't know how to do it.

Fixed that shit for you.

Was that a managed server? How much did you pay monthly/yearly to Rackspace for managing the server for you?
Um psy, do you know how a cloud works? Virtual machines. Suspend it, and it stops responding - same as physical hardware being put into sleep mode.
Even though this was done, the cracker had access to the RS admin console, which is something that they have hosted on their own infrastructure. Apparently they don't know how to invalidate a php session, and so the cracker was able to spin up a new VM instance and load a backup and away goes Mabel with all the data.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 18, 2012, 06:06:48 PM
 #47

The terrible thing is, Rackspace refused to I didn't log the hacker out. They I (still) don't know how to do it.

Fixed that shit for you.

Was that a managed server? How much did you pay monthly/yearly to Rackspace for managing the server for you?
Um psy, do you know how a cloud works? Virtual machines. Suspend it, and it stops responding - same as physical hardware being put into sleep mode.
Even though this was done, the cracker had access to the RS admin console, which is something that they have hosted on their own infrastructure. Apparently they don't know how to invalidate a php session, and so the cracker was able to spin up a new VM instance and load a backup and away goes Mabel with all the data.

Apparently, Zhou Tong, which had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and by their I don't mean Rackspace Roll Eyes

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 18, 2012, 06:10:26 PM
 #48

Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, create backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 18, 2012, 06:12:26 PM
 #49

Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

blah blah blah... Stop kissing Zhou Tongs ass, dude. First it was php sessions, now you're telling me that Zhou Tong couldn't send a halt command to his instance? GTFO
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?

Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
May 18, 2012, 06:14:13 PM
 #50

...

PS. You can claim your Bitcoinica account at https://claims.bitcoinica.com/ now.

This link's doing nothing, I tried yesterday too.
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
May 18, 2012, 06:15:49 PM
 #51

Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, create backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

The main question, why did they remain on VPS hosting after the linode VPS hack. They can buy or even rent a high powered dedicated server for peanuts nowadays.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 18, 2012, 06:16:19 PM
 #52

Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

blah blah blah... Stop kissing Zhou tongs ass, dude.
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?
Jesus Christ, I am not responsible for how badly Rackspace fails at server administration, I'm just telling you how the fucking setup WORKS. If you can't comprehend how it works, you have no right to be placing blame.

Now obviously, using cloud services in this manner was not a good idea, and there should have been some actual dedicated hardware in use, in a locked cage, "blah blah blah", but it's too late for that now.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
May 18, 2012, 06:24:07 PM
 #53

How about the claim page start with asking me my user - password then ask for OTP ?

I had not used bitcoinica for ... 3 months ... I can't recall what positions or how much I had.

Hint : I'm not going to bother filling a page full of infos I don't know about, or I never gave them, other than my email. ... on a 173.45.224.244 that could be anything.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 18, 2012, 06:44:28 PM
 #54

Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

blah blah blah... Stop kissing Zhou tongs ass, dude.
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?
Jesus Christ, I am not responsible for how badly Rackspace fails at server administration, I'm just telling you how the fucking setup WORKS. If you can't comprehend how it works, you have no right to be placing blame.

Now obviously, using cloud services in this manner was not a good idea, and there should have been some actual dedicated hardware in use, in a locked cage, "blah blah blah", but it's too late for that now.

It seems you are the one not to understand how things work. Not even going to argue this with you. It's really not worth it lol

I still want Zhou Tong to tell me how much did he pay Rackspace for a FULLY managed server...
For people who understand 1 word is more than enough. You're not such a person, rjk...

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 18, 2012, 06:52:00 PM
 #55

It seems you are the one not to understand how things work. Not even going to argue this with you. It's really not worth it lol
Oh? You have your own Rackspace account, and you can log in and tell me how it works?
I do, but I am not going to waste any more of my time explaining things to a brick wall.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
May 18, 2012, 06:54:08 PM
 #56


That is really bizarre.  Behavior like this speaks allot about the nature of the one behind it's premeditation.  Juvenile for one, and why those three words?  Designed to instill fear in the minds of those that find the message.  Allot went into them being embedded in the transaction.  More than likely a troll shunned by the community here.  If this heist had been done by some group within TPTB in-order to derail BitCoin progress, I doubt they would go to all this trouble, no this is the mind of a Jack The Ripper type personality, and my guess a solo individual.  


It's heartening to know that we've got Dayle Hinman on the case!


allten
Sr. Member
****
Offline Offline

Activity: 447



View Profile
May 18, 2012, 07:36:27 PM
 #57

If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.

Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.

From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!

Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
May 18, 2012, 07:46:34 PM
 #58

Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first.  If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess.  At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.

(gasteve on IRC) Does your website accept cash? https://bitpay.com
superfastkyle
Sr. Member
****
Offline Offline

Activity: 437


View Profile
May 18, 2012, 07:50:23 PM
 #59

claim page doesnt work for me I click submit and nothing happens
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
May 18, 2012, 07:51:42 PM
 #60

If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.

Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.

From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!


One of the things I've admired most about Zhou Tong's work is that he seems to make good estimates of fair dispute resolution, then further errors on the customers side even when it costs him personally.  If the new owners to not share this mode of operation, being a 'team player' could make ZT a lot of things but I could certainly understand if 'proud' was not one of them.


Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!