135 BTC Stolen from my Deepbit account!!!!!!!!

[MemoryDealers]

A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.

I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.

[proudhon]

We are not talking about you, but about security practices and how dumb some people are revealing their personal data on public forums without even realizing it

But you are talking about me since I'm the dummy who revealed the personal data that my deepbit password is over 20 characters long.  Now, in a matter of months, if not sooner, any sufficiently crafty scriptkiddie could have access to my deepbit account.

You must be a genius

I must.

[vuce]

My deepbit password is now over 20 characters long with caps and symbols.

That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

[proudhon]

My deepbit password is now over 20 characters long with caps and symbols.

That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.

[VTCarter]

A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.

I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.

this is why I like poclbm-gui it also hides the worker password, but thanks for the heads up I wasn't aware of this HTTP header transparency myself

[Raoul Duke]

I have since changed the password,  and I am currently the only person on the planet who knows it.

Does deepbit have any sort of a log of what IP addresses log into each account?
I think that might be my only chance of having any info at all as to who took my bitcoins.
If the IP address is one in the same town as my business,  I will know the theft was related to one of the employees who knew the password.

If the IP address is in some far off country,  then I know it was just some random hacker.

Any other thoughts on how I can find additional information?

Or someone using a proxy or tor... 

[ribuck]

I still think the most likely is that a browser window was left unattended while logged in.

[MemoryDealers]

I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

[AntiVigilante]

I hope that people can build extensions of block explorers to watch where these funds get sent and when they get sent to a known entity we can slowly backtrack and narrow down who the scoundrel was who did this.  Bitcoin isn't anonymous as people think---Its got Lojack built in.  Using some good old fashioned Link Analysis, thefts on a grand scale can be monitored.   I'd like to see something built into the Bitcoin user interface that would check a database of reported stolen bitcoins and send an alert when some were received from an address in the database.  We can all be Big Brother collectively.

The Anonymous of Bitcoin. I love it.

[mewantsbitcoins]

I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

Are your mining computers on a wireless network?

Edit: depending of what kind of logging deepbit uses, they maybe able to provide user agents, which in turn may help to narrow your search down

[MemoryDealers]

I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

Are your mining computers on a wireless network?

No,  they are hardwired.

[new_in_this]

I don't know, but could this error i receive be related to this somehow?
There is nothing to steal in my account as my daily BTC is ~0.8-1.1, but i started to wonder because i can't access to Deepbit :/


http://bitcointalk.org/index.php?topic=3889.msg120901#msg120901


And sorry if this is totally OT to this thread.

[gmaxwell]

I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.

Every worker is frequently sending their password in clear over the internet, anyone with access to sniff the network between you and the other end at any point can easily get it. Also, deepbit doesn't use https for the management screens either, so a similar (if somewhat reduced) risk exist there.

This is why services which have no accounts are good.

[MemoryDealers]

I just heard that:
The money was taken by someone logged in from:

94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

It shows up as being in Holland.

Any other ideas on how I could track this down any further?

[Tha Feds]

My deepbit password is now over 20 characters long with caps and symbols.

That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.

You shouldn't take this personally; in fact, you should be gracious. I was reminded to be more aware of accidentally revealing personal info online.

[Tha Feds]

I just heard that:
The money was taken by someone logged in from:

94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

It shows up as being in Holland.

Any other ideas on how I could track this down any further?

Is this info from deepbit?

[VTCarter]

I just heard that:
The money was taken by someone logged in from:

94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

It shows up as being in Holland.

Any other ideas on how I could track this down any further?

Holland? probably a proxy then , I'd really want to take a close look at the employees  myself as that looks like the most obvious rout, and usually the most obvious is the most likely.

[mewantsbitcoins]

It belongs to http://www.leaseweb.com/en

It's probably a proxy, tor node or a compromised box. I'd be looking for a tech savvy employee

Try writing to the admin

[MemoryDealers]

The IP address information was provided by the Admin from deepbit.

[VTCarter]

This whole situation brings , to my mind at least, a fair question : What can we do about this sort of thing when BC's entire basis is one of semi-anonymity? Block explorer ( http://blockexplorer.com/ ) provides some tools for tracking transaction.. perhaps a RiSKAPI of some sort for merchants? Flagging accounts with odd behaviors (though how would you define odd?)  I don't know myself I'm simply tossing the idea out for discussion. As it stands though even a RiSKAPI would be limited as one wallet.dat / user can contain many many keys.