Bitcoin Forum
December 10, 2016, 01:00:46 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 »  All
  Print  
Author Topic: 135 BTC Stolen from my Deepbit account!!!!!!!!  (Read 13204 times)
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1006



View Profile WWW
May 14, 2011, 05:07:29 PM
 #41

A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.


I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.

1481374846
Hero Member
*
Offline Offline

Posts: 1481374846

View Profile Personal Message (Offline)

Ignore
1481374846
Reply with quote  #2

1481374846
Report to moderator
1481374846
Hero Member
*
Offline Offline

Posts: 1481374846

View Profile Personal Message (Offline)

Ignore
1481374846
Reply with quote  #2

1481374846
Report to moderator
1481374846
Hero Member
*
Offline Offline

Posts: 1481374846

View Profile Personal Message (Offline)

Ignore
1481374846
Reply with quote  #2

1481374846
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 14, 2011, 05:12:28 PM
 #42

We are not talking about you, but about security practices and how dumb some people are revealing their personal data on public forums without even realizing it

But you are talking about me since I'm the dummy who revealed the personal data that my deepbit password is over 20 characters long.  Now, in a matter of months, if not sooner, any sufficiently crafty scriptkiddie could have access to my deepbit account.

You must be a genius

I must.
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
May 14, 2011, 05:17:28 PM
 #43

My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 14, 2011, 05:22:58 PM
 #44

My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.
VTCarter
Newbie
*
Offline Offline

Activity: 14



View Profile
May 14, 2011, 05:58:31 PM
 #45

A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.


I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.


this is why I like poclbm-gui it also hides the worker password, but thanks for the heads up I wasn't aware of this HTTP header transparency myself

Love me , Hate me, want to toss off a couple coins? : 1KNZSyAYKAZzFZC2pBWt3D4jGu5uJZCWSr

and , oh yes... the Pool is most Defiantly Open!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 14, 2011, 06:08:34 PM
 #46

I have since changed the password,  and I am currently the only person on the planet who knows it.

Does deepbit have any sort of a log of what IP addresses log into each account?
I think that might be my only chance of having any info at all as to who took my bitcoins.
If the IP address is one in the same town as my business,  I will know the theft was related to one of the employees who knew the password.

If the IP address is in some far off country,  then I know it was just some random hacker.

Any other thoughts on how I can find additional information?

Or someone using a proxy or tor...  Undecided

ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
May 14, 2011, 07:13:39 PM
 #47

I still think the most likely is that a browser window was left unattended while logged in.
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1006



View Profile WWW
May 14, 2011, 07:19:35 PM
 #48

I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

AntiVigilante
Member
**
Offline Offline

Activity: 98



View Profile
May 14, 2011, 07:21:12 PM
 #49

I hope that people can build extensions of block explorers to watch where these funds get sent and when they get sent to a known entity we can slowly backtrack and narrow down who the scoundrel was who did this.  Bitcoin isn't anonymous as people think---Its got Lojack built in.  Using some good old fashioned Link Analysis, thefts on a grand scale can be monitored.   I'd like to see something built into the Bitcoin user interface that would check a database of reported stolen bitcoins and send an alert when some were received from an address in the database.  We can all be Big Brother collectively.

The Anonymous of Bitcoin. I love it.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126


View Profile
May 14, 2011, 07:21:22 PM
 #50

I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

Are your mining computers on a wireless network?

Edit: depending of what kind of logging deepbit uses, they maybe able to provide user agents, which in turn may help to narrow your search down
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1006



View Profile WWW
May 14, 2011, 07:24:49 PM
 #51

I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

Are your mining computers on a wireless network?

No,  they are hardwired.

new_in_this
Member
**
Offline Offline

Activity: 82


View Profile
May 14, 2011, 07:34:06 PM
 #52

I don't know, but could this error i receive be related to this somehow?
There is nothing to steal in my account as my daily BTC is ~0.8-1.1, but i started to wonder because i can't access to Deepbit :/


http://bitcointalk.org/index.php?topic=3889.msg120901#msg120901


And sorry if this is totally OT to this thread.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2030



View Profile
May 14, 2011, 09:59:05 PM
 #53

I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.

Every worker is frequently sending their password in clear over the internet, anyone with access to sniff the network between you and the other end at any point can easily get it. Also, deepbit doesn't use https for the management screens either, so a similar (if somewhat reduced) risk exist there.

This is why services which have no accounts are good.


MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1006



View Profile WWW
May 14, 2011, 10:14:30 PM
 #54

I just heard that:
The money was taken by someone logged in from:

94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

It shows up as being in Holland.

Any other ideas on how I could track this down any further?

Tha Feds
Newbie
*
Offline Offline

Activity: 9


View Profile
May 14, 2011, 10:21:05 PM
 #55

My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.

You shouldn't take this personally; in fact, you should be gracious. I was reminded to be more aware of accidentally revealing personal info online.
Tha Feds
Newbie
*
Offline Offline

Activity: 9


View Profile
May 14, 2011, 10:25:15 PM
 #56

I just heard that:
The money was taken by someone logged in from:

94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

It shows up as being in Holland.

Any other ideas on how I could track this down any further?


Is this info from deepbit?
VTCarter
Newbie
*
Offline Offline

Activity: 14



View Profile
May 14, 2011, 10:29:00 PM
 #57

I just heard that:
The money was taken by someone logged in from:

94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

It shows up as being in Holland.

Any other ideas on how I could track this down any further?


Holland? probably a proxy then , I'd really want to take a close look at the employees  myself as that looks like the most obvious rout, and usually the most obvious is the most likely.

Love me , Hate me, want to toss off a couple coins? : 1KNZSyAYKAZzFZC2pBWt3D4jGu5uJZCWSr

and , oh yes... the Pool is most Defiantly Open!
mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126


View Profile
May 14, 2011, 10:36:50 PM
 #58

It belongs to http://www.leaseweb.com/en

It's probably a proxy, tor node or a compromised box. I'd be looking for a tech savvy employee

Try writing to the admin
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1006



View Profile WWW
May 14, 2011, 10:41:42 PM
 #59

The IP address information was provided by the Admin from deepbit.

VTCarter
Newbie
*
Offline Offline

Activity: 14



View Profile
May 14, 2011, 10:49:09 PM
 #60

This whole situation brings , to my mind at least, a fair question : What can we do about this sort of thing when BC's entire basis is one of semi-anonymity? Block explorer ( http://blockexplorer.com/ ) provides some tools for tracking transaction.. perhaps a RiSKAPI of some sort for merchants? Flagging accounts with odd behaviors (though how would you define odd?)  I don't know myself I'm simply tossing the idea out for discussion. As it stands though even a RiSKAPI would be limited as one wallet.dat / user can contain many many keys.

Love me , Hate me, want to toss off a couple coins? : 1KNZSyAYKAZzFZC2pBWt3D4jGu5uJZCWSr

and , oh yes... the Pool is most Defiantly Open!
Pages: « 1 2 [3] 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!