Bitcoin Bouny Hunter: Bitalo DDOS attacker discussion

[MemoryDealers]

Please use this thread for discussion of the Bitalo DDOS attacker case specifically: http://bitcoinbountyhunter.com/bitalo.html

For general discussion about BitcoinBountyHunter.com,  please use: https://bitcointalk.org/index.php?topic=784520

[1715576964]

1715576964

[1715576964]

1715576964

[1715576964]

1715576964

[1715576964]

1715576964

[1715576964]

1715576964

[Bitalo_Martin]

Here is the full initial email communication. I will add more attack logfiles asap.                         
                                                                                                                                                                                                                                     
Delivered-To: martin@bitalo.com
Received: by 10.140.16.43 with SMTP id 40csp270558qga;
        Mon, 3 Nov 2014 06:33:55 -0800 (PST)
X-Received: by 10.60.68.108 with SMTP id v12mr602259oet.69.1415025235205;
        Mon, 03 Nov 2014 06:33:55 -0800 (PST)
Return-Path: <dd4bc@outlook.com>
Received: from SNT004-OMC1S8.hotmail.com (snt004-omc1s8.hotmail.com. [65.55.90.19])
        by mx.google.com with ESMTPS id 21si18495325oin.129.2014.11.03.06.33.53
        for <multiple recipients>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Mon, 03 Nov 2014 06:33:55 -0800 (PST)
Received-SPF: pass (google.com: domain of dd4bc@outlook.com designates 65.55.90.19 as permitted sender) client-ip=65.55.90.19;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of dd4bc@outlook.com designates 65.55.90.19 as permitted sender) smtp.mail=dd4bc@outlook.com;
       dmarc=pass (p=NONE dis=NONE) header.from=outlook.com
Received: from SNT146-W55 ([65.55.90.9]) by SNT004-OMC1S8.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
    Mon, 3 Nov 2014 06:33:53 -0800
X-TMN: [IyzY3qwIBGGm2XlnVY5tp8RicYKI1Pj8]
X-Originating-Email: [dd4bc@outlook.com]
Message-ID: <SNT146-W55B111E126F9274BA539C3E9990@phx.gbl>
Return-Path: dd4bc@outlook.com
Content-Type: multipart/alternative;
   boundary="_991179ca-6b3d-4765-8753-5bcd7337b00c_"
From: DD4BC TEAM <dd4bc@outlook.com>
To: Martin Albert <martin@bitalo.com>
CC: "fabio@bitalo.com" <fabio@bitalo.com>, "antti@bitalo.com"
   <antti@bitalo.com>, "pawel@bitalo.com" <pawel@bitalo.com>, "mauro@bitalo.com"
   <mauro@bitalo.com>, "michael@bitalo.com" <michael@bitalo.com>,
   "isaac@bitalo.com" <isaac@bitalo.com>, "maciej@bitalo.com"
   <maciej@bitalo.com>, "lilia@bitalo.com" <lilia@bitalo.com>,
   "felix@bitalo.com" <felix@bitalo.com>, "peter@bitalo.com" <peter@bitalo.com>,
   "sebastian@bitalo.com" <sebastian@bitalo.com>, "trevin@bitalo.com"
   <trevin@bitalo.com>, "christian@bitalo.com" <christian@bitalo.com>,
   "michaelg@bitalo.com" <michaelg@bitalo.com>, "fabiob@bitalo.com"
   <fabiob@bitalo.com>, "support@bitalo.com" <support@bitalo.com>,
   "martin.albert@gmx.net" <martin.albert@gmx.net>
Subject: RE: DDOS ATTACK!
Date: Mon, 3 Nov 2014 15:33:53 +0100
Importance: Normal
In-Reply-To: <SNT146-W27EAE07C4902DE6896E211E99B0@phx.gbl>
References:
 <SNT146-W199CA9C530BBEE76D4BB1E99F0@phx.gbl>,<SNT146-W698F7ECDB0BFB431B9CFF0E99F0@phx.gbl>,<SNT146-W86C2E73DC98A683683AFC7E99F0@phx.gbl>,<SNT146-W83C2ACB65C5F2E0722AFDEE99F0@phx.gbl>,<SNT146-W947131BCC73C0BD6528E1E99C0@phx.gbl>,<SNT146-W37B7611425909EBDAE1E87E99D0@phx.gbl>,<SNT146-W722383831A32387AF3DEE9E99B0@phx.gbl>,<CAJobRfdW+46S2E5A9SJhXiy_wbJ+TSgK_H7HLPurdXyc4=o-FA@mail.gmail.com>,<SNT146-W95268ECC0E0271350B6C3AE99B0@phx.gbl>,<SNT146-W14B29293D971DA042CFA42E99B0@phx.gbl>,<SNT146-W27EAE07C4902DE6896E211E99B0@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 03 Nov 2014 14:33:53.0817 (UTC) FILETIME=[3157C890:01CFF773]

--_991179ca-6b3d-4765-8753-5bcd7337b00c_
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Let me know if you are interested.=20

From: dd4bc@outlook.com
To: martin@bitalo.com
CC: fabio@bitalo.com=3B antti@bitalo.com=3B pawel@bitalo.com=3B mauro@bital=
o.com=3B michael@bitalo.com=3B isaac@bitalo.com=3B maciej@bitalo.com=3B lil=
ia@bitalo.com=3B felix@bitalo.com=3B peter@bitalo.com=3B sebastian@bitalo.c=
om=3B trevin@bitalo.com=3B christian@bitalo.com=3B michaelg@bitalo.com=3B f=
abiob@bitalo.com=3B support@bitalo.com=3B martin.albert@gmx.net
Subject: RE: DDOS ATTACK!
Date: Sat=2C 1 Nov 2014 13:47:16 +0100

=0A=
=0A=
=0A=
To end this and because I'm in a good mood today=2C I will offer you a disc=
ounted price of 0.5 BTC=2C so we end this and I move further.

If yes: 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiyEsp

If not=2C this is my last email to you and we will both be doing what we mu=
st...


From: dd4bc@outlook.com
To: martin@bitalo.com
Subject: RE: DDOS ATTACK!
Date: Sat=2C 1 Nov 2014 12:59:43 +0100

=0A=
=0A=
=0A=
Let me go back to important part:

In a first mail I have told you that I'm offering info how to properly prot=
ect your site. And that's true.

I'm not script kiddie and I know how this works=2C I can bypass =0A=
almost any protection (except Prolexic)=2C because I know every protection=
=0A=
 and their weaknesses - I'm regulary DDoS-ing sites behind CloudFlare and I=
ncapsula=2C Blacklotus=2C Staminus and OVH.

I know what I can't bypass and if I can't - nobody can.=20

When I say info how to properly setup=2C I mean how to do it for a good pri=
ce. Yes=2C you can always go for Prolexic and pay 10K per month.

From: dd4bc@outlook.com
To: martin@bitalo.com
Subject: RE: DDOS ATTACK!
Date: Sat=2C 1 Nov 2014 12:39:33 +0100

=0A=
=0A=
=0A=
OMG=2C no! That hurts!

What am I going to do if I lose my Outlook account... LOL.=20


You know what's funny?

This morning I dreamed that somebody=2C somehow=2C found  my real name and =
published it in a press release... And there was my name all over the Inter=
net... When I woke up=2C I laughed.

Because it's possible only in a dream.

DDoS attacks are impossible to trace back to origin. You can try over email=
 logins like you are doing=2C but there are two things:

- Microsoft will not give you my IPs just like that. You need to report me =
to your local police in Finland=2C then THEY must ask for my login directly=
 from Microsoft or through FBI.

- Once they (and IF=2C because they probably won't care) get my login IPs=
=2C they will point to TOR...


And third=2C probably most important=2C you are not helping yourself doing =
this.


Date: Sat=2C 1 Nov 2014 12:58:11 +0200
Subject: Fwd: DDOS ATTACK!
From: martin@bitalo.com
To: dd4bc@outlook.com=3B abuse@Outlook.com

Dear outlook team=2C
we want to report a criminal abuse of your mail system (see mail below) and=
 would like to request all login data from the user so that we can forward =
these to the local police authorities
---------- Forwarded message ----------
From: DD4BC TEAM <dd4bc@outlook.com>
Date: Sat=2C Nov 1=2C 2014 at 4:57 AM
Subject: DDOS ATTACK!
To: "martin@bitalo.com" <martin@bitalo.com>=2C "fabio@bitalo.com" <fabio@bi=
talo.com>=2C "antti@bitalo.com" <antti@bitalo.com>=2C "pawel@bitalo.com" <p=
awel@bitalo.com>=2C "mauro@bitalo.com" <mauro@bitalo.com>=2C "michael@bital=
o.com" <michael@bitalo.com>=2C "isaac@bitalo.com" <isaac@bitalo.com>=2C "ma=
ciej@bitalo.com" <maciej@bitalo.com>=2C "lilia@bitalo.com" <lilia@bitalo.co=
m>=2C "felix@bitalo.com" <felix@bitalo.com>=2C "peter@bitalo.com" <peter@bi=
talo.com>=2C "sebastian@bitalo.com" <sebastian@bitalo.com>=2C "trevin@bital=
o.com" <trevin@bitalo.com>=2C "christian@bitalo.com" <christian@bitalo.com>=
=2C "michaelg@bitalo.com" <michaelg@bitalo.com>=2C "fabiob@bitalo.com" <fab=
iob@bitalo.com>=2C "support@bitalo.com" <support@bitalo.com>=2C "martin.alb=
ert@gmx.net" <martin.albert@gmx.net>


=0A=
=0A=
=0A=

=0A=
=0A=
=0A=
=0A=
=0A=

HelloYour site is extremely vulnerable to ddos attacks.I want to offer you =
info how to properly setup your protection=2C so that you can't be ddosed!M=
y price is 1 Bitcoin only.Right now I will star small (very small) attack w=
hich will not crash your server=2C but you should notice it in logs. Just c=
heck it.I want to offer you  info on how I did it and what you have to do t=
o prevent it. If interested pay me 1 BTC to 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiy=
EspThank you.    =20
=0A=
                                            =0A=

                                                                                        =

--_991179ca-6b3d-4765-8753-5bcd7337b00c_
Content-Type: text/html; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'>Let me know if you are intereste=
d. <br><br><div><hr id=3D"stopSpelling">From: dd4bc@outlook.com<br>To: mart=
in@bitalo.com<br>CC: fabio@bitalo.com=3B antti@bitalo.com=3B pawel@bitalo.c=
om=3B mauro@bitalo.com=3B michael@bitalo.com=3B isaac@bitalo.com=3B maciej@=
bitalo.com=3B lilia@bitalo.com=3B felix@bitalo.com=3B peter@bitalo.com=3B s=
ebastian@bitalo.com=3B trevin@bitalo.com=3B christian@bitalo.com=3B michael=
g@bitalo.com=3B fabiob@bitalo.com=3B support@bitalo.com=3B martin.albert@gm=
x.net<br>Subject: RE: DDOS ATTACK!<br>Date: Sat=2C 1 Nov 2014 13:47:16 +010=
0<br><br>=0A=
=0A=
<style><!--=0A=
.ExternalClass .ecxhmmessage P {=0A=
padding:0px=3B=0A=
}=0A=
=0A=
.ExternalClass body.ecxhmmessage {=0A=
font-size:12pt=3B=0A=
font-family:Calibri=3B=0A=
}=0A=
=0A=
--></style>=0A=
<div dir=3D"ltr">To end this and because I'm in a good mood today=2C I will=
 offer you a discounted price of 0.5 BTC=2C so we end this and I move furth=
er.<br><br>If yes: 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiyEsp<br><br>If not=2C this=
 is my last email to you and we will both be doing what we must...<br><span=
 style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetic=
a=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:=
normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=
=3Btext-align:start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:n=
ormal=3Bword-spacing:0px=3Bdisplay:inline !important=3Bbackground-color:rgb=
(250=2C250=2C250)=3B"><br></span><br><div><hr id=3D"ecxstopSpelling">From: =
dd4bc@outlook.com<br>To: martin@bitalo.com<br>Subject: RE: DDOS ATTACK!<br>=
Date: Sat=2C 1 Nov 2014 12:59:43 +0100<br><br>=0A=
=0A=
<style><!--=0A=
.ExternalClass .ecxhmmessage P {=0A=
padding:0px=3B=0A=
}=0A=
=0A=
.ExternalClass body.ecxhmmessage {=0A=
font-size:12pt=3B=0A=
font-family:Calibri=3B=0A=
}=0A=
=0A=
=0A=
--></style>=0A=
<div dir=3D"ltr">Let me go back to important part:<br><br>In a first mail I=
 have told you that I'm offering info how to properly protect your site. An=
d that's true.<br><br>I'm not script kiddie and I know how this works=2C I =
can bypass =0A=
almost any protection (except Prolexic)=2C because I know every protection=
=0A=
 and their weaknesses - I'm regulary DDoS-ing sites behind CloudFlare and I=
ncapsula=2C Blacklotus=2C Staminus and OVH.<br><br>I know what I can't bypa=
ss and if I can't - nobody can. <br><br>When I say info how to properly set=
up=2C I mean how to do it for a good price. Yes=2C you can always go for Pr=
olexic and pay 10K per month.<br><br><div><hr id=3D"ecxstopSpelling">From: =
dd4bc@outlook.com<br>To: martin@bitalo.com<br>Subject: RE: DDOS ATTACK!<br>=
Date: Sat=2C 1 Nov 2014 12:39:33 +0100<br><br>=0A=
=0A=
<style><!--=0A=
.ExternalClass .ecxhmmessage P {=0A=
padding:0px=3B=0A=
}=0A=
=0A=
.ExternalClass body.ecxhmmessage {=0A=
font-size:12pt=3B=0A=
font-family:Calibri=3B=0A=
}=0A=
=0A=
=0A=
--></style>=0A=
<div dir=3D"ltr">OMG=2C no! That hurts!<br><br>What am I going to do if I l=
ose my Outlook account... LOL. <br><br><br>You know what's funny?<br><br>Th=
is morning I dreamed that somebody=2C somehow=2C found&nbsp=3B my real name=
 and published it in a press release... And there was my name all over the =
Internet... When I woke up=2C I laughed.<br><br>Because it's possible only =
in a dream. <br><br>DDoS attacks are impossible to trace back to origin. =
You can try over email logins like you are doing=2C but there are two thing=
s:<br><br>- Microsoft will not give you my IPs just like that. You need to =
report me to your local police in Finland=2C then THEY must ask for my logi=
n directly from Microsoft or through FBI.<br><br>- Once they (and IF=2C bec=
ause they probably won't care) get my login IPs=2C they will point to TOR..=
.<br><br><br>And third=2C probably most important=2C you are not helping yo=
urself doing this. <br><br><br><div><hr id=3D"ecxstopSpelling">Date: Sat=
=2C 1 Nov 2014 12:58:11 +0200<br>Subject: Fwd: DDOS ATTACK!<br>From: martin=
@bitalo.com<br>To: dd4bc@outlook.com=3B abuse@Outlook.com<br><br><div dir=
=3D"ltr"><div>Dear outlook team=2C</div><div><br></div><div>we want to repo=
rt a criminal abuse of your mail system (see mail below) and would like to =
request all login data from the user so that we can forward these to the lo=
cal police authorities</div><br><div class=3D"ecxgmail_quote">---------- Fo=
rwarded message ----------<br>From: <b class=3D"ecxgmail_sendername">DD4BC =
TEAM</b> <span dir=3D"ltr">&lt=3B<a href=3D"mailto:dd4bc@outlook.com">dd4bc=
@outlook.com</a>&gt=3B</span><br>Date: Sat=2C Nov 1=2C 2014 at 4:57 AM<br>S=
ubject: DDOS ATTACK!<br>To: "<a href=3D"mailto:martin@bitalo.com">martin@bi=
talo.com</a>" &lt=3B<a href=3D"mailto:martin@bitalo.com">martin@bitalo.com<=
/a>&gt=3B=2C "<a href=3D"mailto:fabio@bitalo.com">fabio@bitalo.com</a>" &lt=
=3B<a href=3D"mailto:fabio@bitalo.com">fabio@bitalo.com</a>&gt=3B=2C "<a hr=
ef=3D"mailto:antti@bitalo.com">antti@bitalo.com</a>" &lt=3B<a href=3D"mailt=
o:antti@bitalo.com">antti@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:pawel@=
bitalo.com">pawel@bitalo.com</a>" &lt=3B<a href=3D"mailto:pawel@bitalo.com"=
>pawel@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:mauro@bitalo.com">mauro@b=
italo.com</a>" &lt=3B<a href=3D"mailto:mauro@bitalo.com">mauro@bitalo.com</=
a>&gt=3B=2C "<a href=3D"mailto:michael@bitalo.com">michael@bitalo.com</a>" =
&lt=3B<a href=3D"mailto:michael@bitalo.com">michael@bitalo.com</a>&gt=3B=2C=
 "<a href=3D"mailto:isaac@bitalo.com">isaac@bitalo.com</a>" &lt=3B<a href=
=3D"mailto:isaac@bitalo.com">isaac@bitalo.com</a>&gt=3B=2C "<a href=3D"mail=
to:maciej@bitalo.com">maciej@bitalo.com</a>" &lt=3B<a href=3D"mailto:maciej=
@bitalo.com">maciej@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:lilia@bitalo=
.com">lilia@bitalo.com</a>" &lt=3B<a href=3D"mailto:lilia@bitalo.com">lilia=
@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:felix@bitalo.com">felix@bitalo.=
com</a>" &lt=3B<a href=3D"mailto:felix@bitalo.com">felix@bitalo.com</a>&gt=
=3B=2C "<a href=3D"mailto:peter@bitalo.com">peter@bitalo.com</a>" &lt=3B<a =
href=3D"mailto:peter@bitalo.com">peter@bitalo.com</a>&gt=3B=2C "<a href=3D"=
mailto:sebastian@bitalo.com">sebastian@bitalo.com</a>" &lt=3B<a href=3D"mai=
lto:sebastian@bitalo.com">sebastian@bitalo.com</a>&gt=3B=2C "<a href=3D"mai=
lto:trevin@bitalo.com">trevin@bitalo.com</a>" &lt=3B<a href=3D"mailto:trevi=
n@bitalo.com">trevin@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:christian@b=
italo.com">christian@bitalo.com</a>" &lt=3B<a href=3D"mailto:christian@bita=
lo.com">christian@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:michaelg@bital=
o.com">michaelg@bitalo.com</a>" &lt=3B<a href=3D"mailto:michaelg@bitalo.com=
">michaelg@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:fabiob@bitalo.com">fa=
biob@bitalo.com</a>" &lt=3B<a href=3D"mailto:fabiob@bitalo.com">fabiob@bita=
lo.com</a>&gt=3B=2C "<a href=3D"mailto:support@bitalo.com">support@bitalo.c=
om</a>" &lt=3B<a href=3D"mailto:support@bitalo.com">support@bitalo.com</a>&=
gt=3B=2C "<a href=3D"mailto:martin.albert@gmx.net">martin.albert@gmx.net</a=
>" &lt=3B<a href=3D"mailto:martin.albert@gmx.net">martin.albert@gmx.net</a>=
&gt=3B<br><br><br>=0A=
=0A=
=0A=
<div><div dir=3D"ltr"><br>=0A=
=0A=
=0A=
<div><div dir=3D"ltr">=0A=
=0A=
<div dir=3D"ltr"><br><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'=
Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-st=
yle:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:norm=
al=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-trans=
form:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inline !importa=
nt=3Bbackground-color:rgb(250=2C250=2C250)=3B">Hello</span><br style=3D"col=
or:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Cs=
ans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont=
-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:=
start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-s=
pacing:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"color:r=
gb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-=
serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-wei=
ght:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:star=
t=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spaci=
ng:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><span style=3D"color:rgb=
(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-se=
rif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weigh=
t:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=
=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacin=
g:0px=3Bdisplay:inline !important=3Bbackground-color:rgb(250=2C250=2C250)=
=3B">Your site is extremely vulnerable to ddos attacks.</span><br style=3D"=
color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=
=2Csans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3B=
font-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-al=
ign:start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bwo=
rd-spacing:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"col=
or:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Cs=
ans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont=
-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:=
start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-s=
pacing:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><span style=3D"color=
:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csan=
s-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-w=
eight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:st=
art=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spa=
cing:0px=3Bdisplay:inline !important=3Bbackground-color:rgb(250=2C250=2C250=
)=3B">I want to offer you info how to properly setup your protection=2C so =
that you can't be ddosed!</span><br style=3D"color:rgb(51=2C51=2C51)=3Bfont=
-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=
=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-sp=
acing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3B=
text-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-co=
lor:rgb(250=2C250=2C250)=3B"><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-=
family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=
=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-sp=
acing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3B=
text-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inlin=
e !important=3Bbackground-color:rgb(250=2C250=2C250)=3B">My price is 1 Bitc=
oin only.</span><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helveti=
ca Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:nor=
mal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bli=
ne-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transform:no=
ne=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rgb(250=2C250=
=2C250)=3B"><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica N=
eue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:normal=
=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bline-=
height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transform:none=
=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rgb(250=2C250=
=2C250)=3B"><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica=
 Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:norma=
l=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bline=
-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transform:none=
=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inline !important=3Bback=
ground-color:rgb(250=2C250=2C250)=3B">Right now I will star small (very sma=
ll) attack which will not crash your server=2C but you should notice it in =
logs. Just check it.</span><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-fami=
ly:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfon=
t-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:=
normal=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-t=
ransform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rg=
b(250=2C250=2C250)=3B"><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'=
Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-st=
yle:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:norm=
al=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-trans=
form:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rgb(25=
0=2C250=2C250)=3B"><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'He=
lvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-styl=
e:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=
=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transfo=
rm:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inline !important=
=3Bbackground-color:rgb(250=2C250=2C250)=3B">I want to offer you&nbsp=3B in=
fo on how I did it and what you have to do to prevent it. If interested pay=
 me 1 BTC to 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiyEsp</span><br style=3D"color:rg=
b(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-s=
erif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weig=
ht:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=
=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacin=
g:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"color:rgb(51=
=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=
=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:n=
ormal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=3Bt=
ext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacing:0p=
x=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"color:rgb(51=2C5=
1=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bf=
ont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:norma=
l=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-=
indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3B=
background-color:rgb(250=2C250=2C250)=3B"><span style=3D"color:rgb(51=2C51=
=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfo=
nt-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=
=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-i=
ndent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bd=
isplay:inline !important=3Bbackground-color:rgb(250=2C250=2C250)=3B">Thank =
you. &nbsp=3B &nbsp=3B<span> <br></span></span></div>=0A=
                      </div></div>                      </div></div>=0A=
</div><br></div></div>                      </div></div>                      </div></div>           =
           </div></div>                      </div></body>
</html>=

--_991179ca-6b3d-4765-8753-5bcd7337b00c_--

[bitcomsec]

Hi Roger,

My name is Mike and I'm with the BITCOMSEC (Bitcoin Community Secuity) Project. Our aim is to provide the community security services free of charge, and we're donation based. In the last year we've extensively audited exchanges, pools and merchants for security issues and provided the research to each of them respectively. Recently we've focused more on investigative research into these thieves:

Tracking down the CryptoRush.in hacker:
https://bitcomsec.true.io/bitcomsec/tracking-a-bitcoin-thief-cryptorush-hack/

Exposing and shutting down an elaborate Coinbase.com/Blockchain.info phishing network:
https://bitcomsec.true.io/bitcomsec/coinbase_com-and-blockchain_info-bitcoin-wallet-phishing-scam-exposed/

With that being said we are in the business of tracking down and exposing Bitcoin thieves to the community.

- Is there an archived copy of the extortion email + headers?

Thanks. Looking into this immediately.

Mike

[Bitalo_Martin]

Initial "small" ddos

i will have more logfiles from the follow ups

Direction IN
Internal 176.9.38.40
Threshold FlowsDiff 40 flows/s, Diff: 239 flows/s
Sum 71.841 flows/300s (239 flows/s), 71.881.000 packets/300s (239.603 packets/s), 2,738 GByte/300s (74 MBit/s)
External 211.153.8.169, 4 flows/300s (0 flows/s), 24.000 packets/300s (80 packets/s), 0,011 GByte/300s (0 MBit/s)
External 94.231.81.38, 3 flows/300s (0 flows/s), 3.000 packets/300s (10 packets/s), 0,001 GByte/300s (0 MBit/s)
External 173.74.75.83, 3 flows/300s (0 flows/s), 3.000 packets/300s (10 packets/s), 0,001 GByte/300s (0 MBit/s)
External 58.142.206.194, 2 flows/300s (0 flows/s), 3.000 packets/300s (10 packets/s), 0,000 GByte/300s (0 MBit/s)
External 67.55.209.73, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 177.47.16.130, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 78.97.94.244, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 219.124.114.1, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 199.58.240.1, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 196.23.6.234, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 58.210.9.222, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 219.159.39.58, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 61.97.9.100, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 194.185.38.14, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 205.171.93.37, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 120.83.5.152, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 72.13.143.84, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 186.219.240.68, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 58.240.213.254, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 207.240.120.138, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 111.195.28.4, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 183.232.148.17, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 112.214.75.254, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 89.137.112.222, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 46.36.35.180, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 111.12.150.169, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 4.26.50.58, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 37.252.196.14, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 78.84.22.172, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 183.232.112.18, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 12.89.10.34, 2 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 211.140.203.109, 1 flows/300s (0 flows/s), 3.000 packets/300s (10 packets/s), 0,001 GByte/300s (0 MBit/s)
External 213.192.9.248, 1 flows/300s (0 flows/s), 3.000 packets/300s (10 packets/s), 0,000 GByte/300s (0 MBit/s)
External 120.202.108.54, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 212.104.156.25, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 206.248.145.38, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 189.125.26.74, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 207.238.95.11, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 78.111.125.156, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 92.223.139.56, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 202.56.129.90, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 67.107.71.162, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,001 GByte/300s (0 MBit/s)
External 98.243.106.47, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 71.244.53.219, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 41.223.26.2, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 218.62.10.197, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 219.92.58.165, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 96.10.249.186, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,000 GByte/300s (0 MBit/s)
External 98.214.231.148, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)
External 8.198.132.105, 1 flows/300s (0 flows/s), 1.000 packets/300s (3 packets/s), 0,000 GByte/300s (0 MBit/s)

[bitcomsec]

Martin,

Great information. Thanks!

Mike @ BITCOMSEC

[Marc_addict]

I have all the information on DD4BC, someone responsible for the bounty pm me so we can discuss further on skype!

[DD4BC]

I have all the information on DD4BC, someone responsible for the bounty pm me so we can discuss further on skype!

No, please, no!

[DD4BC]

http://qrzcq.com/call/DD4BC <<< check here

Yes, that's me.

[GBBG|Ware]

Is it possible to get someone to look into this person:

Bernd Willmann; Rattinghauser Weg 6; 49324 Melle
Germany

[Marc_addict]

I have all the information on DD4BC, someone responsible for the bounty pm me so we can discuss further on skype!

No, please, no!

You can run, but you can't hide

jk lol, you can hide in mexico , you will blend in just right...

[Marc_addict]

Is it possible to get someone to look into this person:

Bernd Willmann; Rattinghauser Weg 6; 49324 Melle
Germany

where did you get the address from? its not correct.

[DD4BC]

I have all the information on DD4BC, someone responsible for the bounty pm me so we can discuss further on skype!

No, please, no!

You can run, but you can't hide

jk lol, you can hide in mexico , you will blend in just right...

Mexico?!

No, you are wrong... We, Germans, hide in Argentina.

[Marc_addict]

idk man seems like a long shot,

btw contacting the authorities is a big hassle,

so im going to offer you a deal ill give you 20BTC from the bounty that i collect  after you serve time in jail if you turn yourself in.

deal?

[Kimax]

Thats a cute Little DDOS. Can't do any harm.

[Bitalo_Martin]

savagedegod@gmail.com just sent the following email:

Hi martin,


you made me and my home boy DD4BC very mad when you set a 100BTC bounty on him

so this is how it's going to go now we will hit the website off for 1 week straight
unless we are paid 20BTC to this wallet 1xEagymjSEnxgSwzd2Y7ZagMQ2AGhJx4C

we will start the attack at 4PM PST

you know the drill, we dont get paid we ddos for 1 week and next week same thing happens but double the price

[DD4BC]

savagedegod@gmail.com just sent the following email:

Ignore that fool.

We are not related in any way (except that he is bothering me with stupid emails too ).

[semidead]

savagedegod@gmail.com just sent the following email:

Ignore that fool.

We are not related in any way (except that he is bothering me with stupid emails too ).

i need your help, sent you a pm

[DD4BC]

bump

[snitch]

refer to next post.

[Bitalo_Martin]

proof of existence shows that you are the first one with a time stamp that submitted the identity with the chain of proof.


The attack was recently, we do not have a full file prepared to start conviction. Also, public police are bureaucrats that did not even start doing something. But since we have the bounty in third party escrow with the highly reputable and well known Roger Ver you should not experience any problems with the payout of the bounty

[snitch]

Ok. I am going to pm you so watch for it in a few!

[snitch]

done

[Bitalo_Martin]

OK so our server team finally came up with some full log files

https://files.slack.com/files-pri/T02LX3L4D-F030BMV6G/download/ddos.log.zip

Maybe someone can go back via these logs. 100 BTC should be worth some digging :-)


thanks and good hunting.

[cheekychap]

Who raised the 100 BTC for the bounty?

[sherbyspark]

Who raised the 100 BTC for the bounty?

Its probably from people, who want to put an end to his threats of DDosing their sites.

[Bitalo_Martin]

It is a "private" bounty from one of the Bitalo founders, as he considers it a key objective to show that extortion and blackmail will not be tolerated and to remove malicious idiots from the net that could slow down the progress of Bitcoin as technology as soon as possible.

[DD4BC]

Since "private" bounty from one of the Bitalo founders, sissy boy Martin Albert, will never be paid and he knows it, the only reason for it is a free publicity.

[cheekychap]

It is a "private" bounty from one of the Bitalo founders, as he considers it a key objective to show that extortion and blackmail will not be tolerated and to remove malicious idiots from the net that could slow down the progress of Bitcoin as technology as soon as possible.

But how would you guys go about proving, that he was reponsible for the DDOs attacks on those sites?

[Bitalo_Martin]

thats indeed tricky, and this is what the bounty hunters can do now :-)

[Bitalo_Martin]

Indeed I agree with DD4BC, the bounty will probably never have to be paid, since DD4BC has probably really no friends to talk with,
BUT, and that is our hope, in some other scenario he told a "friend" about his super cool action and the "friend" can now decide if his friendship to cover up a petty criminal is worth 100 BTC ;-)

[snitch]

It is a "private" bounty from one of the Bitalo founders, as he considers it a key objective to show that extortion and blackmail will not be tolerated and to remove malicious idiots from the net that could slow down the progress of Bitcoin as technology as soon as possible.

But how would you guys go about proving, that he was reponsible for the DDOs attacks on those sites?

I've already expressed this to Martin earlier. You can spoof an IP but you can't spoof stupid.

@dd4bc, I'm pretty sure you are wrong and that he will pay the bounty. If he didn't, his reputation would be completely ruined and that would defeat the original purpose of his bounty. If he didn't want to protect his entity and reputation, he would not give a rats ass about you, nor care to pay someone else to find you.

You are a little cocky dd4bc, as if you thought of yourself to be some type of invisible virtual god, or something. Weird.

[🏰 TradeFortress 🏰]

It is a "private" bounty from one of the Bitalo founders, as he considers it a key objective to show that extortion and blackmail will not be tolerated and to remove malicious idiots from the net that could slow down the progress of Bitcoin as technology as soon as possible.

But how would you guys go about proving, that he was reponsible for the DDOs attacks on those sites?

I've already expressed this to Martin earlier. You can spoof an IP but you can't spoof stupid.

@dd4bc, I'm pretty sure you are wrong and that he will pay the bounty. If he didn't, his reputation would be completely ruined and that would defeat the original purpose of his bounty. If he didn't want to protect his entity and reputation, he would not give a rats ass about you, nor care to pay someone else to find you.

You are a little cocky dd4bc, as if you thought of yourself to be some type of invisible virtual god, or something. Weird.

Interested in following this

[hashie]

We'll contribute 10 BTC to this bounty.

Should we send it to 1MmoevQactzxkTLvsgrKccZcHUiXLHqLXR ?

In the event that the bounty is not claimed in by the end of 2015, please donate the BTC to a Bitcoin accepting charity.

@Snitch: Can you forward us (support@hashie.co) what you have found? We might be able to 'get more' out of it Your bounty is safe and we won't claim anything, we're interested in justice.

[DD4BC]

@dd4bc, I'm pretty sure you are wrong and that he will pay the bounty. If he didn't, his reputation would be completely ruined and that would defeat the original purpose of his bounty. If he didn't want to protect his entity and reputation, he would not give a rats ass about you, nor care to pay someone else to find you.

He would have to pay it if somebody really finds me, but he knew from the beginning that it will not happen, so he created this bounty just to get some publicity for his useless site without members. I hope that he got a few from all those articles on the web.

[DD4BC]

We'll contribute 10 BTC to this bounty.

Should we send it to 1MmoevQactzxkTLvsgrKccZcHUiXLHqLXR ?

In the event that the bounty is not claimed in by the end of 2015, please donate the BTC to a Bitcoin accepting charity.

@Snitch: Can you forward us (support@hashie.co) what you have found? We might be able to 'get more' out of it Your bounty is safe and we won't claim anything, we're interested in justice.

And here comes the admin of ponzi scheme "interested in justice".

I have a better idea: By the end of 2015 (even before) you will stop paying your members, so with 10 BTC (of your members money) let's create another bounty - to find you.

[snitch]

We'll contribute 10 BTC to this bounty.

Should we send it to 1MmoevQactzxkTLvsgrKccZcHUiXLHqLXR ?

In the event that the bounty is not claimed in by the end of 2015, please donate the BTC to a Bitcoin accepting charity.

@Snitch: Can you forward us (support@hashie.co) what you have found? We might be able to 'get more' out of it Your bounty is safe and we won't claim anything, we're interested in justice.

I've only uploaded info to blockchain. I have not even sent it to Martin yet.

I asked him if he would be willing to negotiate on lowering bounty for the actual ID...instead of using the conviction as the end determinant of collecting the bounty. So many factors influence that outcome, many beyond my control and his - even with a correct ID the criminal process cant guarantee a conviction, especially internationally. He had reservations about this type of negotiation, and I understand them completely.

I think my only option here really is to contact law enforcement myself and provide them with the same info i uploaded to blockchain; and hope that the end results in the required conviction for Martin. Martin has given me info on the LE entity he originally reported to.

@dd4bc, I'm pretty sure you are wrong and that he will pay the bounty. If he didn't, his reputation would be completely ruined and that would defeat the original purpose of his bounty. If he didn't want to protect his entity and reputation, he would not give a rats ass about you, nor care to pay someone else to find you.

He would have to pay it if somebody really finds me, but he knew from the beginning that it will not happen, so he created this bounty just to get some publicity for his useless site without members. I hope that he got a few from all those articles on the web.

If someone really finds you?
LOLOLOLOLOLOLOLOL

wait hold on....


LOLOLLOOOLLLLLOOOOOOOL

[hashie]

Got you

Depending on the jurisdiction, there might be a more thorough response if a citizen/resident contacts law enforcement. Do you feel comfortable disclosing the jurisdiction of DD4BC privately?

[Bitalo_Martin]

@dd4bc, I'm pretty sure you are wrong and that he will pay the bounty. If he didn't, his reputation would be completely ruined and that would defeat the original purpose of his bounty. If he didn't want to protect his entity and reputation, he would not give a rats ass about you, nor care to pay someone else to find you.

He would have to pay it if somebody really finds me, but he knew from the beginning that it will not happen, so he created this bounty just to get some publicity for his useless site without members. I hope that he got a few from all those articles on the web.

Have you ever looked into the site? ;-)

Bitalo is the most secure bitcoin service with most secure technlogy fully implemented. We use multi-signature wallets where private keys are fully encrypted on user-side and coins are fully protected by backup tansactions so that you get the coins out, even when the site is completely offline. On top of that coins are covered up to 50.000 EUR for losses. As to mandatory two-factor authentication you can even setup a wallet on a fully compromised computer and you will never lose a single coin.

But, as we said multiple times, the site is not finished yet, we will release the full User interface and the various services (product market, airbnb module etc) only end of the year.

[ruggedinbox.com]

Hi, same here, target: ruggedinbox.com

Original text:

Hi, we just received this message:

You are going under DDoS attack unless you pay me 1 BTC in next 30 minutes to 1MRFFgSexGzyWgbLEhX1Bi3YXR6FaaebV8

Do not ignore me, as it will just increase the price. Smiley

 

Once you pay me you are free from me for lifetime of your site.

If you think that I'm bluffing, Google my name. Smiley


Thank you.


(sender: dd4bc@unseen.is)

Our answer:
this is a volunteer based project, which provides an anonymous, Tor friendly email service, 100% free and ad free.
You may want to direct your energies somewhere else, since you'll not see a penny from us.

[ruggedinbox.com]

Follow up:

we contacted our server farm and after short time they enabled their anti-DDOS filter.

Now our services are up and running!

[ForgottenPassword]

There is a major problem with these bounties, and it is that in order for the bounty to be paid out the person needs to be convicted.

In most developed countries, there needs to be a clear chain of evidence in order to secure a conviction, essentially, law enforcement need to prove that all of the evidence was obtained legally and through the proper channels. It's quite likely any evidence obtained by a bounty hunter would be inadmissable as it would be difficult for LE to prove all of it was obtained legally, and for that reason its highly unlikely prosecutors would move ahead on a case like this.

See:
https://en.wikipedia.org/wiki/Fruit_of_the_poisonous_tree

It would be much better if the bounty was paid for providing the identity of the person along with proof that is acceptable enough for the escrower.

[snitch]

There is a major problem with these bounties, and it is that in order for the bounty to be paid out the person needs to be convicted.

In most developed countries, there needs to be a clear chain of evidence in order to secure a conviction, essentially, law enforcement need to prove that all of the evidence was obtained legally and through the proper channels. It's quite likely any evidence obtained by a bounty hunter would be inadmissable as it would be difficult for LE to prove all of it was obtained legally, and for that reason its highly unlikely prosecutors would move ahead on a case like this.

See:
https://en.wikipedia.org/wiki/Fruit_of_the_poisonous_tree

It would be much better if the bounty was paid for providing the identity of the person along with proof that is acceptable enough for the escrower.

^ This has been mentioned.
(side bar, I don't think the burden of proof should be placed on the third party escrow to verify the tips "acceptability" or validity. Verification needs to be more concrete than that.  )

The trouble is that it's still tricky to verify if bounty was changed to just an ID.
I personally mentioned to lower the bounty in exchange for verified identity.
It's just still tricky to do.

Martin needs to protect his bounty from scammers and inaccurate tips.
But the informant also needs to be able to protect their tip.
It's kind of hard to verify this kind of tip and keep both parties protected.
To verify it in public here, the informant is risking posting inaccurate info on an innocent person, publicly.
To verify it privately between informant and Martin would in turn protect the accused identity till it was verified,
but there would be no third party witness to observe the interaction and the validity of the communication that took place - or the status of the case as it relates back to the informant.
I'm sure there is some method of trade and verification that I have not considered yet,
but so far I keep spinning in circles with the options of how that would all go down.

Now, if both parties were on American soil, a conviction would be much more likely - and the probability that Law Enforcement would pursue it is high. But this is not the case, which yes, leaves the conviction requirement almost impossible to obtain on many counts - while also leaving the informant in a situation where their work is publicly noted and utilized - but they don't ever get paid for it due to extraneous circumstances.

I understand both sides of this coin. I can put myself in Martins shoes and see his side, and I can see the side of the informant.
I am getting the impression that Martin does not fully understand the situation himself and his limitations.

On the other hand,
When I asked about the Id of hacker vs Conviction, Martin replied: "when his identity is proven he will be convicted 100%"
- I don't know what to make of this comment beyond possibly that it reveals Martin never actually spoke with any lawyers before he placed this bounty, and is misjudging the situation a great deal based upon a simple report he made with his local law enforcement.

I am also a little conflicted on the official terms of the bounty because when I have asked about them, I get conflicting responses.

Per the bitcoinbounty page, the steps include:

1. upload to block chain,
2. Report to law enforcement (DO NOT SUBMIT INFO TO US).
3. Wait for law enforcement to make an arrest that leads to a conviction in the case.
4. Contact us with the original document submitted to Proof of Existence, proving you provided the correct information to law enforcement.
5. Get Bounty

But when I submitted my info to blockchain, and told Martin it was done, he replied for me to email him a copy of this information directly - which contradicts step 2.

"hi,
thanks

yes please send me a copy to martin@bitalo.com"

I was kind of considering just sending this to him on good faith - but I was still unclear about it. Plus it was the first time I had ever used blockchain so I was trying to understand how it worked. I assumed it would be publicly viewable on blockchain at first than I realized it wasn't, so i asked him If he needed a copy and that was his response. Afterwards, I looked at the bounty steps and it hit me that in bold letters it instructs me NOT to submit to martin directly. So that's where I got confused.

When I started to discuss exchanging ID vs a Conviction, he kind of implied that I would not actually need a conviction saying:

"If you can PROVE identity and you have info, you will get the full bounty, if you dont have anything, you dont get anything"
So I'm not sure if I'm just misunderstanding our dialogue or what...but I'm not clear on it.

I have a chain of evidence that was obtained legally.
I could literally type out the steps I took in acquiring this information, and it could be mirrored and verified.
I can prove his other online identities too and even connect those names to other crimes he did under different names.
Which all tie back to his real life identity. All obtained legally.

I've also spoken to a couple Attorneys about this situation to get a better understanding of all the limitations and possibilities.
(I'm am lucky to have a few close friends in my circle)

To approach this hacker internationally from the get-go will only result frustration and walls in terms of prosecution and conviction. Although, his case would be helped by getting this hacker for a crime he committed in the country he lives first - than shifting over to Europe.

Even if Martin video screen capped hacker confessing in video on skype - he would most likely never get a conviction internationally because the crime is relatively minimal and he would most likely have to rely on the American police to find a way to convict him for something here. Under those circumstances, at most, Hacker would just have to avoid traveling to Bialos home country to avoid those charges.

TBH, this whole case would hold more weight if a ransom had actually been paid. Not paying the ransom actually minimized the damage done to him as the victim, and minimized the actual criminal act which was committed. This minimizes the potential for law enforcement to see value in pursing the case internationally. The end results in Martin paying a drastically higher amount of bitcoin than he would have been victimized for, while dramatically decreasing the probability of his desired end results. Instead, he could have paid the smaller amount of ransom one time and in turn increased the probability to effectively pursue the crime. He could have offered the difference amount in bounty afterwards for the tips.

[I'm not in any way suggesting to pay out ransoms to hackers, I'm just repeating what was explained to me in context of the situation - and chances are I would have done the same thing refusing to pay the ransom]


SO!  One thing I could potentially do is work from inside the boundaries of the US and attempt to have him arrested for unrelated crimes he participated in while in using the other alts. Once he is actually arrested and in custody for the other crimes it will verify that I have the correct person. This is because I can prove a link between those other alts and him here as dd4bc.

At that point, I can share my tip publicly and the proof linking this criminal who was arrested for "unrelated crimes" to "dd4bc" hacker (and the proof of existence I uploaded to blockchain previously). At this point, I can choose to reveal to Martin the link between this "unrelated case" and his own hacker...he can verify the legitimacy of my information - and be free to use it for his own case and hopefully pay out a bounty maybe. 

The US would also be more sympathetic to his case at this point because they would have already caught the hacker for similar crimes here.

This is the best I can come up with at this point.
If Martin wants the ID sooner rather than later - and without the conviction requirement,
he already knows that I'd be willing to work with him on a safe exchange for a lesser reward.
I just don't think he's interested in it, nor have I been able to think of a legit way for it to go down.

One extra thing I just noticed:
Before I continue, I just suddenly realized something. God I'm so sleep deprived here.
The bounty is in third party escrow - but the escrow is Roger Ver. Martin told me that the 100btc bounty was a combined reward from both Roger and Martin in my PM here. But they are actually listed seperatly on the bitcoinbounty page - so that confuses me. His is listed for 37btc, while Martins is listed for 100btc. Earlier, I had asked martin about the two bounties and Martin said to me via PM "No, it is one bounty. Roger Ver is doing the escrow for our bounty and acts as referee and also guarantuees that we have the coins for the bounty etc etc." - I stand here a little confused with that too atop of everything else above.
Also a little unclear why Roger Ver would be escrowing his own bounty. Am I misunderstanding this?

[Bitalo_Martin]

arrghg..

No, it is OUR bounty. Roger Ver is just doing the escrow service, because he is a well respected and neutral member of the bitcoin community and as a proof that the coins will really be paid.

I also recommend everybody to please contact Roger directly for technicalities like bounty payouts.


But why are you all talking so theoretically. In case you really have some useful information about his identity, then you should also know in which jurisdiction he is located and you can easily see via google if this would be convicted or not. The blockchain timestamp is just to prove that you had the evidence first.

In case you dont even know the jurisdiction, then I would assume that you have anything.

But seriously, what do you have to lose. The important part is just to prove the identity. If you HAVE it why should you not make it public in the blockchain and see what happens, why should he not be convicted? In case he is a minor or whatever I am sure Roger would still count this as a full finding. Someone else will take care of him in a different way, I am sure about that, if not his mum. :-)

[hashie]

Per the bitcoinbounty page, the steps include:

1. upload to block chain,
2. Report to law enforcement (DO NOT SUBMIT INFO TO US).
3. Wait for law enforcement to make an arrest that leads to a conviction in the case.
4. Contact us with the original document submitted to Proof of Existence, proving you provided the correct information to law enforcement.
5. Get Bounty

But when I submitted my info to blockchain, and told Martin it was done, he replied for me to email him a copy of this information directly - which contradicts step 2.

"US" is Roger Ver who runs Bitcoin Bounty Hunter. They don't want to receive evidence because they won't do anything with it.

Martin wants the evidence, and if you read the bounty page you'll see: "Bounty for full and proven identity of DD4BC"

So the instructions on the page are generic instructions, whereas in this case it seems only proving the identity is required to get the bounty. Roger Ver is the person that will decide bounty payouts (probably in consultation with martin).

[snitch]

arrghg..

No, it is OUR bounty. Roger Ver is just doing the escrow service, because he is a well respected and neutral member of the bitcoin community and as a proof that the coins will really be paid.

I also recommend everybody to please contact Roger directly for technicalities like bounty payouts.


But why are you all talking so theoretically. In case you really have some useful information about his identity, then you should also know in which jurisdiction he is located and you can easily see via google if this would be convicted or not. The blockchain timestamp is just to prove that you had the evidence first.

In case you dont even know the jurisdiction, then I would assume that you have anything.

But seriously, what do you have to lose. The important part is just to prove the identity. If you HAVE it why should you not make it public in the blockchain and see what happens, why should he not be convicted? In case he is a minor or whatever I am sure Roger would still count this as a full finding. Someone else will take care of him in a different way, I am sure about that, if not his mum. :-)

I've clearly said numerous times. Your hacker is in the united states. I think I've said that to you least 10 times.
That is not theoretical. And I HAVE uploaded to the blockchain. Why do you keep referring to "if's"?
You know I submitted it because we talked about that in our PM and I sent you this link:
http://www.proofofexistence.com/detail/b2427aa196f7b9ceefa30f200ed84830e5e1c37ce3062e659e8b6aa3605fe500

You have not really addressed anything in my post above about the bounty. You are not even clarifying the things you have said in relationship to the bitcoinbounty instructions.

I still don't understand why you are escrowing your own bounty - this defeats the actual purpose of an escrow. Basically you are saying there is no actual escrow because Roger Ver is funding the bounty and escrowing it...You also did not clarify why these bounties are listed separately on the bitcoin bounty hunter page. You can clearly see here that your bounty for 100btc, and a separate bounty for 37btc via Roger Ver. I told you a couple days ago that I had proof that these two cases were related to the same hacker, anyway - but you don't even want to talk about what that would mean in terms of the bounty. Would the informant get both bounties when they prove it's the same guy in both instances?

You also never clarified why the directions on the bounty say clearly NOT TO SUBMIT the info to you,
and then why you asked me to send you a direct copy of it to your email, despite these directions.

You are not really being clear about anything at all. And to tell ya the truth, I've seen at least one other poster maybe two, also ask about the reliability of how the bounty is set up. let me break this down for you. no american agency is going to extradite your hacker to Europe to face charges in a foreign country for a small timer ddos attack on you. the conviction requirement on your bounty is nearly impossible to attain.

"what have you got to loose".... um, let's not be condescending here. You are asking for help, not vice versa. This is not the bitalo lottery. Any informant risks retribution from this hacker after he is snitched on. Obviously that sucks & is probable. Let's be real here.

Plus you are starting to appear a little bit like you are intending to be unclear when you speak.
I apologize if I am misjudging you right now, but honestly I've asked you numerous times to be clear about specific things and you don't seem to make any effort to meet me half way in that conversation - and I actually find that quite odd.


Didn't I see some email somewhere that dd4bc only requested 1 whole bitcoin from you? But you turn around with a combined bounty of 100 bitcoin?
MAYBE, you assumed that the only person who would respond to your bounty would be the criminal himself or the criminals accomplice or friend. Perhaps you assumed you could TRICK the hacker/hackers into snitching on each other - and this is why you set the bounty so dramatically high in comparison to what the hacker tried to hijack you for.

Perhaps you thought under those circumstances, you would never have to pay the bounty to the informant. Maybe this is why you seem so reluctant to want to work with me on understanding your bounty and how we can make a fair effective trade. I have no idea what to think. I would hate to think that but you do seem to evade direct concerns about things.

NOTHING about this bounty makes sense to me.

[Bitalo_Martin]

arrghg..

No, it is OUR bounty. Roger Ver is just doing the escrow service, because he is a well respected and neutral member of the bitcoin community and as a proof that the coins will really be paid.

I also recommend everybody to please contact Roger directly for technicalities like bounty payouts.


But why are you all talking so theoretically. In case you really have some useful information about his identity, then you should also know in which jurisdiction he is located and you can easily see via google if this would be convicted or not. The blockchain timestamp is just to prove that you had the evidence first.

In case you dont even know the jurisdiction, then I would assume that you have anything.

But seriously, what do you have to lose. The important part is just to prove the identity. If you HAVE it why should you not make it public in the blockchain and see what happens, why should he not be convicted? In case he is a minor or whatever I am sure Roger would still count this as a full finding. Someone else will take care of him in a different way, I am sure about that, if not his mum. :-)

I've clearly said numerous times. Your hacker is in the united states. I think I've said that to you least 10 times.
That is not theoretical. And I HAVE uploaded to the blockchain. Why do you keep referring to "if's"?
You know I submitted it because we talked about that in our PM and I sent you this link:
http://www.proofofexistence.com/detail/b2427aa196f7b9ceefa30f200ed84830e5e1c37ce3062e659e8b6aa3605fe500

You have not really addressed anything in my post above about the bounty. You are not even clarifying the things you have said in relationship to the bitcoinbounty instructions.

I still don't understand why you are escrowing your own bounty - this defeats the actual purpose of an escrow. Basically you are saying there is no actual escrow because Roger Ver is funding the bounty and escrowing it...You also did not clarify why these bounties are listed separately on the bitcoin bounty hunter page. You can clearly see here that your bounty for 100btc, and a separate bounty for 37btc via Roger Ver. I told you a couple days ago that I had proof that these two cases were related to the same hacker, anyway - but you don't even want to talk about what that would mean in terms of the bounty. Would the informant get both bounties when they prove it's the same guy in both instances?

You also never clarified why the directions on the bounty say clearly NOT TO SUBMIT the info to you,
and then why you asked me to send you a direct copy of it to your email, despite these directions.

You are not really being clear about anything at all. And to tell ya the truth, I've seen at least one other poster maybe two, also ask about the reliability of how the bounty is set up. let me break this down for you. no american agency is going to extradite your hacker to Europe to face charges in a foreign country for a small timer ddos attack on you. the conviction requirement on your bounty is nearly impossible to attain.

"what have you got to loose".... um, let's not be condescending here. You are asking for help, not vice versa. This is not the bitalo lottery. Any informant risks retribution from this hacker after he is snitched on. Obviously that sucks & is probable. Let's be real here.

Plus you are starting to appear a little bit like you are intending to be unclear when you speak.
I apologize if I am misjudging you right now, but honestly I've asked you numerous times to be clear about specific things and you don't seem to make any effort to meet me half way in that conversation - and I actually find that quite odd.


Didn't I see some email somewhere that dd4bc only requested 1 whole bitcoin from you? But you turn around with a combined bounty of 100 bitcoin?
MAYBE, you assumed that the only person who would respond to your bounty would be the criminal himself or the criminals accomplice or friend. Perhaps you assumed you could TRICK the hacker/hackers into snitching on each other - and this is why you set the bounty so dramatically high in comparison to what the hacker tried to hijack you for.

Perhaps you thought under those circumstances, you would never have to pay the bounty to the informant. Maybe this is why you seem so reluctant to want to work with me on understanding your bounty and how we can make a fair effective trade. I have no idea what to think. I would hate to think that but you do seem to evade direct concerns about things.

NOTHING about this bounty makes sense to me.

The only thing that does not make sense is this discussion.

-It is OUR bounty (paid by me) that is hosted on Bitcoinbountyhunter as a neutral and objective host.

-When he is in the US, I really dont see any problem that conviction would fail. I dont require that he is persecuted in Europe, if he gets a 50 dollar fine in the US thats already a conviction.

-In case any conviction is not possible for OBVIOUS reasons (like he is a minor child or the highly immune president himself) then I am sure Roger will acknlowledge that.

-All questions should please go to Roger Ver directly, since he will ultimatively decide if the proof is sufficient.

-Third party escrow is the fairest method ever. Coins are locked for us and you have a neutral escrow for all kind of questions. And no, there will be no bounty splitups or outside payments from our side outside of the official bounty programme.

[Bitalo_Martin]

and which separate bounty for 37 BTC are you talking about

[hashie]

and which separate bounty for 37 BTC are you talking about

He's referring to the Roger Verr hacker. He's implying they are the same person.

It's entirely unreasonable to expect that WE would know this, so you're just confusing everyone.

"You also never clarified why the directions on the bounty say clearly NOT TO SUBMIT the info to you, "

The directions on the WEBSITE say to not submit it to Blockchain.info. The directions are generic and not applying to the specific bounty.

Martin isn't blockchain.info. There's nothing wrong with submitting the evidence to Martin, you have already posted it on Proof of Existence.

[DD4BC]

Scammer trying to scam the scammers.

This thread is awesome!

[ForgottenPassword]

The kid is quite obviously in the US (east coast). Thats not the issue, the issue is that even when the kid is found, LE won't be able to do a whole lot with the info, they'll still need to do an independant investigation and find the evidence on their own. It's almost certain we'll find his identity as the kids clearly made a lot of mistakes, but that doesn't mean he'll be convicted of a criminal offense.

This is why I don't see the point wasting my time looking into this, because the chances of a conviction are low and a conviction is required to claim the bounty. Instead of being set on securing a conviction, you could publicly post his information in order to let his friends, family and future potential employers know what he did. That would also be more likely to discourage others from doing the same thing.

[Bitalo_Martin]

why dont you talk with Roger, i am 100% SURE in these kind of minor cases you will still get the bounty, even without any "real" conviction

[snitch]

-When he is in the US, I really dont see any problem that conviction would fail. I dont require that he is persecuted in Europe, if he gets a 50 dollar fine in the US thats already a conviction.

No, I think the problem is that I assumed someone with 100btc bounty out would have legally prepared before they invested 100btc on an informants tip.

Considering (from your end) your hacker could be 1 person in billions of people who exist...no lawyer would have told you to expect a conviction in the end because from your end there are way to many unknown variables. If a lawyer had actually sat down with you already, he would have explained that to you during a basic consultation.

So, I think what you actually did was place a simple police report - and since they did not value your case as priority, you decided to put out 100btc bounty hoping that someone would finally get motivated to pay attention to it. Weather that was a friend of the hacker, someone like me who is skilled in locating absconded individuals online, or the Law Enforcement who didn't pursue this from the start.

I'm also confident that the agency you reported to did absolutely no investigation (or a minimal one). If they had, it would have taken them less than 24 hour to identify DD4BC from his outlook address he used to make threats, than connect him to a thousand other things that validate your case and other peoples cases.

If you had an attorney, he would have helped you file a court order with Microsoft to provide you with the inner details of the person using that email address to harass you. Then you could have also court ordered twitter, since he used the same email address to sign up for an account there - and also admitted his crime there. You don't need an informant for that. Your attorney could have done those things, it would have cost drastically less than 100btc.

-When he is in the US, I really dont see any problem that conviction would fail. I dont require that he is persecuted in Europe, if he gets a 50 dollar fine in the US thats already a conviction.

I'm sorry that you don't see any problem where a conviction would fail. Probably because you never spoke to an attorney about it.
I assumed that someone putting out a 100btc bounty would have at minimum spoken to an actual attorney about it, but it's clear you never did. I was told word for word "Since the guy is in America, they probably won't even bother making the long distance call - and vice versa"

You don't require that he is persecuted in Europe? You would settle for a fifty dollar fine in the states?  
I don't think you have a good grasp on how the law works in prosecuting crimes. Or you are being vague again.

1. Are you saying if I get him for any hacking crime in the US, and a fifty dollar fine, you will pay the bounty?
2. or do you mean that if he get's a fifty dollar fine in US for committing a crime with you as a documented victim?
two different things. lets be clear when we say things. and clarity would be important here in terms of the bounty you are offering.

Number 1 is way dooable. But I have a feeling that's not what you were meaning to say.

Number 2 is not going to happen.
The US is not going to spend American tax dollars processing this guy through the system for a fifty dollar fine in reaction to a Victim in Europe. Nor would they spend the time contacting your local agency to transfer your little police report from Europe to America to press charges for you. You would have to report that crime to American law enforcement, not European ones, to have a chance in that context.  


See, I would have asked my lawyer
"Hey lawyer, I am considering to offer 100btc for info on my case. Do you think it would be worth while in my situation to do this?"

Any attorney would have told you to do so at your own risk.
That it would be improbable to convict anyone for this minimal crime outside of your country.
That the probability of the hacker actually being in your own country is small (since from your end you don't know who he is).

There is also the ethical concern here that all informants should uphold. Any informant who gives you this personal information to identify this guy, is also doing this on good faith. Trusting that you will not use it for any unethical purposes. Say, in retaliation.

I don't want to be connected to something like that - and there is no way for me to predict, or know, if that could happen in the future. If I had the impression that you actually prepared for this bounty and had a lawyer involved...I would feel more confident about passing that info along to you directly. But you don't. (actually I wish I would have figured this out prior to working on this, because if I had I probably would have never gone through the time or effort here).

I also question why you would spend 36grand on a bounty instead of just getting a lawyer. Court orders are pretty easy to obtain.
I know someone who got one last week to reveal the private whois of a website. Now he is suing the owner of the website for something.

So yeah, none of this makes sense...its not the discussion. This discussion is completely valid and legit. It's also what seems to be your apprehension about this discussion that also makes no sense.

So this is my offer....

If and when you can prove that you have an attorney on retainer, I'll send himall of the information directly.

I will require at that point a guarantee that you will use the information ethically, and ONLY for legal purposes.
At that point, your attorney will get all the evidence I have linking everything,
AND all the contact details for the hackers local police agency and local FBI field office.

Afterwards, once you guys verify that I had the right person - with or without the conviction like you said- you can choose to pay me the bounty.

I'll take a portion for my time. The rest can be split amongst certain victims of crimes who might have paid dd4bc already so they can get their money back.  

Otherwise, this concludes my involvement in this situation. I dont want your time wasted, nor do i want mine wasted.

Respectfully.
me

[snitch]

Scammer trying to scam the scammers.

This thread is awesome!

It's way more awesome how willing you are to fully admit your crimes online. =)
High ^5

Next time though, you might just want to keep your mouth shut after you hack and extort your victims.
Also, avoid twitter.

Oh, and you should also consider photos you put online using different handles which are connected to you.
That exif data is a bitch. Not every website wipes it like Facebook does.

=)

[DD4BC]

bump

[DD4BC]

bump

[DD4BC]

We'll contribute 10 BTC to this bounty.

Should we send it to 1MmoevQactzxkTLvsgrKccZcHUiXLHqLXR ?

In the event that the bounty is not claimed in by the end of 2015, please donate the BTC to a Bitcoin accepting charity.

@Snitch: Can you forward us (support@hashie.co) what you have found? We might be able to 'get more' out of it Your bounty is safe and we won't claim anything, we're interested in justice.

And here comes the admin of ponzi scheme "interested in justice".

I have a better idea: By the end of 2015 (even before) you will stop paying your members, so with 10 BTC (of your members money) let's create another bounty - to find you.

I was wrong - he already stopped paying.

But at least, Bitalo is still here. Mainly because they have no members - nobody to scam. Yet.

[MemoryDealers]

bitmaintech.com has added an additional 10 BTC to this bounty.
http://coinfire.io/2015/03/12/bitmain-fights-back-against-ddos-group/

110 BTC total currently.  (About $32,000 USD)

[nicehashdev]

You can fight this attacker by null routing UDP traffic. Since stratum servers don't need any other traffic but TCP, this is nice solution. If anyone knows a company, ISP or whoever who can set BGP null route rule, let me know.

[Bitalo_Martin]

@DD4BC,

how about earning our bounty of 2 BTC with something CONSTRUCTIVE? Twice as much as the (initial) ransom you tried to extort ;-))

https://bitcointalk.org/index.php?topic=999414.new#new

[nicehashdev]

@DD4BC,

how about earning our bounty of 2 BTC with something CONSTRUCTIVE? Twice as much as the (initial) ransom you tried to extort ;-))

https://bitcointalk.org/index.php?topic=999414.new#new

Script kiddies do not know how to code, they only know how to use existing tools to create attacks. If they knew how to code, they would earn money with coding, not extortions.

[RocketSingh]

@DD4BC,

how about earning our bounty of 2 BTC with something CONSTRUCTIVE? Twice as much as the (initial) ransom you tried to extort ;-))

https://bitcointalk.org/index.php?topic=999414.new#new

Script kiddies do not know how to code, they only know how to use existing tools to create attacks. If they knew how to code, they would earn money with coding, not extortions.

How come those, who are using CloudFlare are vulnerable to this attack ? I think CloudFlare works well against DDOS ...is not it ?

[Bitalo_Martin]

well the cloudflare can be passed when the real IP behind is identified via some tricks like mails etc.

[nicehashdev]

In our case, attacker simply targeted stratum IPs. There is no such service as CloudFlare for stratum and no ISP/provider can do null route of UDP therefore you cannot really fight 300gbps UDP flood.

It is not so hard to protect web server. You can move mail server to another server/IP.

[RocketSingh]

well the cloudflare can be passed when the real IP behind is identified via some tricks like mails etc.

Generally mail server IPs remain different from web server IPs. But, I'm not sure whether attacking mail server also affects the web server in some way.

[RocketSingh]

In our case, attacker simply targeted stratum IPs. There is no such service as CloudFlare for stratum and no ISP/provider can do null route of UDP therefore you cannot really fight 300gbps UDP flood.

It is not so hard to protect web server. You can move mail server to another server/IP.

So, how come someone protect his mail server ? I never heard Gmail to be down due to DDOS. There must be some way to hide the Mail Server IP as well...

[defcon23]

@DD4BC,

how about earning our bounty of 2 BTC with something CONSTRUCTIVE? Twice as much as the (initial) ransom you tried to extort ;-))

https://bitcointalk.org/index.php?topic=999414.new#new

Script kiddies do not know how to code, they only know how to use existing tools to create attacks. If they knew how to code, they would earn money with coding, not extortions.

+1 

[nicehashdev]

In our case, attacker simply targeted stratum IPs. There is no such service as CloudFlare for stratum and no ISP/provider can do null route of UDP therefore you cannot really fight 300gbps UDP flood.

It is not so hard to protect web server. You can move mail server to another server/IP.

So, how come someone protect his mail server ? I never heard Gmail to be down due to DDOS. There must be some way to hide the Mail Server IP as well...

Mail server is not so critical to protect. In worst case scenario, sending/receiving of mails will not work, which is not equal as crippling entire service. For attacker is usually not worth to attack only your mail server, because with such attack he doesn't gain much leverage.

[RocketSingh]

In our case, attacker simply targeted stratum IPs. There is no such service as CloudFlare for stratum and no ISP/provider can do null route of UDP therefore you cannot really fight 300gbps UDP flood.

It is not so hard to protect web server. You can move mail server to another server/IP.

So, how come someone protect his mail server ? I never heard Gmail to be down due to DDOS. There must be some way to hide the Mail Server IP as well...

Mail server is not so critical to protect. In worst case scenario, sending/receiving of mails will not work, which is not equal as crippling entire service. For attacker is usually not worth to attack only your mail server, because with such attack he doesn't gain much leverage.

Is CloudFlare Free plan strong enough for DDOS protection ? If yes, is there any tuning in settings are required ?

[snewman8771]

Here is the full initial email communication. I will add more attack logfiles asap.                         
                                                                                                                                                                                                                                     
Delivered-To: martin@bitalo.com
Received: by 10.140.16.43 with SMTP id 40csp270558qga;
        Mon, 3 Nov 2014 06:33:55 -0800 (PST)
X-Received: by 10.60.68.108 with SMTP id v12mr602259oet.69.1415025235205;
        Mon, 03 Nov 2014 06:33:55 -0800 (PST)
Return-Path: <dd4bc@outlook.com>
Received: from SNT004-OMC1S8.hotmail.com (snt004-omc1s8.hotmail.com. [65.55.90.19])
        by mx.google.com with ESMTPS id 21si18495325oin.129.2014.11.03.06.33.53
        for <multiple recipients>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Mon, 03 Nov 2014 06:33:55 -0800 (PST)
Received-SPF: pass (google.com: domain of dd4bc@outlook.com designates 65.55.90.19 as permitted sender) client-ip=65.55.90.19;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of dd4bc@outlook.com designates 65.55.90.19 as permitted sender) smtp.mail=dd4bc@outlook.com;
       dmarc=pass (p=NONE dis=NONE) header.from=outlook.com
Received: from SNT146-W55 ([65.55.90.9]) by SNT004-OMC1S8.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
    Mon, 3 Nov 2014 06:33:53 -0800
X-TMN: [IyzY3qwIBGGm2XlnVY5tp8RicYKI1Pj8]
X-Originating-Email: [dd4bc@outlook.com]
Message-ID: <SNT146-W55B111E126F9274BA539C3E9990@phx.gbl>
Return-Path: dd4bc@outlook.com
Content-Type: multipart/alternative;
   boundary="_991179ca-6b3d-4765-8753-5bcd7337b00c_"
From: DD4BC TEAM <dd4bc@outlook.com>
To: Martin Albert <martin@bitalo.com>
CC: "fabio@bitalo.com" <fabio@bitalo.com>, "antti@bitalo.com"
   <antti@bitalo.com>, "pawel@bitalo.com" <pawel@bitalo.com>, "mauro@bitalo.com"
   <mauro@bitalo.com>, "michael@bitalo.com" <michael@bitalo.com>,
   "isaac@bitalo.com" <isaac@bitalo.com>, "maciej@bitalo.com"
   <maciej@bitalo.com>, "lilia@bitalo.com" <lilia@bitalo.com>,
   "felix@bitalo.com" <felix@bitalo.com>, "peter@bitalo.com" <peter@bitalo.com>,
   "sebastian@bitalo.com" <sebastian@bitalo.com>, "trevin@bitalo.com"
   <trevin@bitalo.com>, "christian@bitalo.com" <christian@bitalo.com>,
   "michaelg@bitalo.com" <michaelg@bitalo.com>, "fabiob@bitalo.com"
   <fabiob@bitalo.com>, "support@bitalo.com" <support@bitalo.com>,
   "martin.albert@gmx.net" <martin.albert@gmx.net>
Subject: RE: DDOS ATTACK!
Date: Mon, 3 Nov 2014 15:33:53 +0100
Importance: Normal
In-Reply-To: <SNT146-W27EAE07C4902DE6896E211E99B0@phx.gbl>
References:
 <SNT146-W199CA9C530BBEE76D4BB1E99F0@phx.gbl>,<SNT146-W698F7ECDB0BFB431B9CFF0E99F0@phx.gbl>,<SNT146-W86C2E73DC98A683683AFC7E99F0@phx.gbl>,<SNT146-W83C2ACB65C5F2E0722AFDEE99F0@phx.gbl>,<SNT146-W947131BCC73C0BD6528E1E99C0@phx.gbl>,<SNT146-W37B7611425909EBDAE1E87E99D0@phx.gbl>,<SNT146-W722383831A32387AF3DEE9E99B0@phx.gbl>,<CAJobRfdW+46S2E5A9SJhXiy_wbJ+TSgK_H7HLPurdXyc4=o-FA@mail.gmail.com>,<SNT146-W95268ECC0E0271350B6C3AE99B0@phx.gbl>,<SNT146-W14B29293D971DA042CFA42E99B0@phx.gbl>,<SNT146-W27EAE07C4902DE6896E211E99B0@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 03 Nov 2014 14:33:53.0817 (UTC) FILETIME=[3157C890:01CFF773]

--_991179ca-6b3d-4765-8753-5bcd7337b00c_
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Let me know if you are interested.=20

From: dd4bc@outlook.com
To: martin@bitalo.com
CC: fabio@bitalo.com=3B antti@bitalo.com=3B pawel@bitalo.com=3B mauro@bital=
o.com=3B michael@bitalo.com=3B isaac@bitalo.com=3B maciej@bitalo.com=3B lil=
ia@bitalo.com=3B felix@bitalo.com=3B peter@bitalo.com=3B sebastian@bitalo.c=
om=3B trevin@bitalo.com=3B christian@bitalo.com=3B michaelg@bitalo.com=3B f=
abiob@bitalo.com=3B support@bitalo.com=3B martin.albert@gmx.net
Subject: RE: DDOS ATTACK!
Date: Sat=2C 1 Nov 2014 13:47:16 +0100

=0A=
=0A=
=0A=
To end this and because I'm in a good mood today=2C I will offer you a disc=
ounted price of 0.5 BTC=2C so we end this and I move further.

If yes: 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiyEsp

If not=2C this is my last email to you and we will both be doing what we mu=
st...


From: dd4bc@outlook.com
To: martin@bitalo.com
Subject: RE: DDOS ATTACK!
Date: Sat=2C 1 Nov 2014 12:59:43 +0100

=0A=
=0A=
=0A=
Let me go back to important part:

In a first mail I have told you that I'm offering info how to properly prot=
ect your site. And that's true.

I'm not script kiddie and I know how this works=2C I can bypass =0A=
almost any protection (except Prolexic)=2C because I know every protection=
=0A=
 and their weaknesses - I'm regulary DDoS-ing sites behind CloudFlare and I=
ncapsula=2C Blacklotus=2C Staminus and OVH.

I know what I can't bypass and if I can't - nobody can.=20

When I say info how to properly setup=2C I mean how to do it for a good pri=
ce. Yes=2C you can always go for Prolexic and pay 10K per month.

From: dd4bc@outlook.com
To: martin@bitalo.com
Subject: RE: DDOS ATTACK!
Date: Sat=2C 1 Nov 2014 12:39:33 +0100

=0A=
=0A=
=0A=
OMG=2C no! That hurts!

What am I going to do if I lose my Outlook account... LOL.=20


You know what's funny?

This morning I dreamed that somebody=2C somehow=2C found  my real name and =
published it in a press release... And there was my name all over the Inter=
net... When I woke up=2C I laughed.

Because it's possible only in a dream.

DDoS attacks are impossible to trace back to origin. You can try over email=
 logins like you are doing=2C but there are two things:

- Microsoft will not give you my IPs just like that. You need to report me =
to your local police in Finland=2C then THEY must ask for my login directly=
 from Microsoft or through FBI.

- Once they (and IF=2C because they probably won't care) get my login IPs=
=2C they will point to TOR...


And third=2C probably most important=2C you are not helping yourself doing =
this.


Date: Sat=2C 1 Nov 2014 12:58:11 +0200
Subject: Fwd: DDOS ATTACK!
From: martin@bitalo.com
To: dd4bc@outlook.com=3B abuse@Outlook.com

Dear outlook team=2C
we want to report a criminal abuse of your mail system (see mail below) and=
 would like to request all login data from the user so that we can forward =
these to the local police authorities
---------- Forwarded message ----------
From: DD4BC TEAM <dd4bc@outlook.com>
Date: Sat=2C Nov 1=2C 2014 at 4:57 AM
Subject: DDOS ATTACK!
To: "martin@bitalo.com" <martin@bitalo.com>=2C "fabio@bitalo.com" <fabio@bi=
talo.com>=2C "antti@bitalo.com" <antti@bitalo.com>=2C "pawel@bitalo.com" <p=
awel@bitalo.com>=2C "mauro@bitalo.com" <mauro@bitalo.com>=2C "michael@bital=
o.com" <michael@bitalo.com>=2C "isaac@bitalo.com" <isaac@bitalo.com>=2C "ma=
ciej@bitalo.com" <maciej@bitalo.com>=2C "lilia@bitalo.com" <lilia@bitalo.co=
m>=2C "felix@bitalo.com" <felix@bitalo.com>=2C "peter@bitalo.com" <peter@bi=
talo.com>=2C "sebastian@bitalo.com" <sebastian@bitalo.com>=2C "trevin@bital=
o.com" <trevin@bitalo.com>=2C "christian@bitalo.com" <christian@bitalo.com>=
=2C "michaelg@bitalo.com" <michaelg@bitalo.com>=2C "fabiob@bitalo.com" <fab=
iob@bitalo.com>=2C "support@bitalo.com" <support@bitalo.com>=2C "martin.alb=
ert@gmx.net" <martin.albert@gmx.net>


=0A=
=0A=
=0A=

=0A=
=0A=
=0A=
=0A=
=0A=

HelloYour site is extremely vulnerable to ddos attacks.I want to offer you =
info how to properly setup your protection=2C so that you can't be ddosed!M=
y price is 1 Bitcoin only.Right now I will star small (very small) attack w=
hich will not crash your server=2C but you should notice it in logs. Just c=
heck it.I want to offer you  info on how I did it and what you have to do t=
o prevent it. If interested pay me 1 BTC to 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiy=
EspThank you.    =20
=0A=
                                            =0A=

                                                                                        =

--_991179ca-6b3d-4765-8753-5bcd7337b00c_
Content-Type: text/html; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'>Let me know if you are intereste=
d. <br><br><div><hr id=3D"stopSpelling">From: dd4bc@outlook.com<br>To: mart=
in@bitalo.com<br>CC: fabio@bitalo.com=3B antti@bitalo.com=3B pawel@bitalo.c=
om=3B mauro@bitalo.com=3B michael@bitalo.com=3B isaac@bitalo.com=3B maciej@=
bitalo.com=3B lilia@bitalo.com=3B felix@bitalo.com=3B peter@bitalo.com=3B s=
ebastian@bitalo.com=3B trevin@bitalo.com=3B christian@bitalo.com=3B michael=
g@bitalo.com=3B fabiob@bitalo.com=3B support@bitalo.com=3B martin.albert@gm=
x.net<br>Subject: RE: DDOS ATTACK!<br>Date: Sat=2C 1 Nov 2014 13:47:16 +010=
0<br><br>=0A=
=0A=
<style><!--=0A=
.ExternalClass .ecxhmmessage P {=0A=
padding:0px=3B=0A=
}=0A=
=0A=
.ExternalClass body.ecxhmmessage {=0A=
font-size:12pt=3B=0A=
font-family:Calibri=3B=0A=
}=0A=
=0A=
--></style>=0A=
<div dir=3D"ltr">To end this and because I'm in a good mood today=2C I will=
 offer you a discounted price of 0.5 BTC=2C so we end this and I move furth=
er.<br><br>If yes: 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiyEsp<br><br>If not=2C this=
 is my last email to you and we will both be doing what we must...<br><span=
 style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetic=
a=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:=
normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=
=3Btext-align:start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:n=
ormal=3Bword-spacing:0px=3Bdisplay:inline !important=3Bbackground-color:rgb=
(250=2C250=2C250)=3B"><br></span><br><div><hr id=3D"ecxstopSpelling">From: =
dd4bc@outlook.com<br>To: martin@bitalo.com<br>Subject: RE: DDOS ATTACK!<br>=
Date: Sat=2C 1 Nov 2014 12:59:43 +0100<br><br>=0A=
=0A=
<style><!--=0A=
.ExternalClass .ecxhmmessage P {=0A=
padding:0px=3B=0A=
}=0A=
=0A=
.ExternalClass body.ecxhmmessage {=0A=
font-size:12pt=3B=0A=
font-family:Calibri=3B=0A=
}=0A=
=0A=
=0A=
--></style>=0A=
<div dir=3D"ltr">Let me go back to important part:<br><br>In a first mail I=
 have told you that I'm offering info how to properly protect your site. An=
d that's true.<br><br>I'm not script kiddie and I know how this works=2C I =
can bypass =0A=
almost any protection (except Prolexic)=2C because I know every protection=
=0A=
 and their weaknesses - I'm regulary DDoS-ing sites behind CloudFlare and I=
ncapsula=2C Blacklotus=2C Staminus and OVH.<br><br>I know what I can't bypa=
ss and if I can't - nobody can. <br><br>When I say info how to properly set=
up=2C I mean how to do it for a good price. Yes=2C you can always go for Pr=
olexic and pay 10K per month.<br><br><div><hr id=3D"ecxstopSpelling">From: =
dd4bc@outlook.com<br>To: martin@bitalo.com<br>Subject: RE: DDOS ATTACK!<br>=
Date: Sat=2C 1 Nov 2014 12:39:33 +0100<br><br>=0A=
=0A=
<style><!--=0A=
.ExternalClass .ecxhmmessage P {=0A=
padding:0px=3B=0A=
}=0A=
=0A=
.ExternalClass body.ecxhmmessage {=0A=
font-size:12pt=3B=0A=
font-family:Calibri=3B=0A=
}=0A=
=0A=
=0A=
--></style>=0A=
<div dir=3D"ltr">OMG=2C no! That hurts!<br><br>What am I going to do if I l=
ose my Outlook account... LOL. <br><br><br>You know what's funny?<br><br>Th=
is morning I dreamed that somebody=2C somehow=2C found&nbsp=3B my real name=
 and published it in a press release... And there was my name all over the =
Internet... When I woke up=2C I laughed.<br><br>Because it's possible only =
in a dream. <br><br>DDoS attacks are impossible to trace back to origin. =
You can try over email logins like you are doing=2C but there are two thing=
s:<br><br>- Microsoft will not give you my IPs just like that. You need to =
report me to your local police in Finland=2C then THEY must ask for my logi=
n directly from Microsoft or through FBI.<br><br>- Once they (and IF=2C bec=
ause they probably won't care) get my login IPs=2C they will point to TOR..=
.<br><br><br>And third=2C probably most important=2C you are not helping yo=
urself doing this. <br><br><br><div><hr id=3D"ecxstopSpelling">Date: Sat=
=2C 1 Nov 2014 12:58:11 +0200<br>Subject: Fwd: DDOS ATTACK!<br>From: martin=
@bitalo.com<br>To: dd4bc@outlook.com=3B abuse@Outlook.com<br><br><div dir=
=3D"ltr"><div>Dear outlook team=2C</div><div><br></div><div>we want to repo=
rt a criminal abuse of your mail system (see mail below) and would like to =
request all login data from the user so that we can forward these to the lo=
cal police authorities</div><br><div class=3D"ecxgmail_quote">---------- Fo=
rwarded message ----------<br>From: <b class=3D"ecxgmail_sendername">DD4BC =
TEAM</b> <span dir=3D"ltr">&lt=3B<a href=3D"mailto:dd4bc@outlook.com">dd4bc=
@outlook.com</a>&gt=3B</span><br>Date: Sat=2C Nov 1=2C 2014 at 4:57 AM<br>S=
ubject: DDOS ATTACK!<br>To: "<a href=3D"mailto:martin@bitalo.com">martin@bi=
talo.com</a>" &lt=3B<a href=3D"mailto:martin@bitalo.com">martin@bitalo.com<=
/a>&gt=3B=2C "<a href=3D"mailto:fabio@bitalo.com">fabio@bitalo.com</a>" &lt=
=3B<a href=3D"mailto:fabio@bitalo.com">fabio@bitalo.com</a>&gt=3B=2C "<a hr=
ef=3D"mailto:antti@bitalo.com">antti@bitalo.com</a>" &lt=3B<a href=3D"mailt=
o:antti@bitalo.com">antti@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:pawel@=
bitalo.com">pawel@bitalo.com</a>" &lt=3B<a href=3D"mailto:pawel@bitalo.com"=
>pawel@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:mauro@bitalo.com">mauro@b=
italo.com</a>" &lt=3B<a href=3D"mailto:mauro@bitalo.com">mauro@bitalo.com</=
a>&gt=3B=2C "<a href=3D"mailto:michael@bitalo.com">michael@bitalo.com</a>" =
&lt=3B<a href=3D"mailto:michael@bitalo.com">michael@bitalo.com</a>&gt=3B=2C=
 "<a href=3D"mailto:isaac@bitalo.com">isaac@bitalo.com</a>" &lt=3B<a href=
=3D"mailto:isaac@bitalo.com">isaac@bitalo.com</a>&gt=3B=2C "<a href=3D"mail=
to:maciej@bitalo.com">maciej@bitalo.com</a>" &lt=3B<a href=3D"mailto:maciej=
@bitalo.com">maciej@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:lilia@bitalo=
.com">lilia@bitalo.com</a>" &lt=3B<a href=3D"mailto:lilia@bitalo.com">lilia=
@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:felix@bitalo.com">felix@bitalo.=
com</a>" &lt=3B<a href=3D"mailto:felix@bitalo.com">felix@bitalo.com</a>&gt=
=3B=2C "<a href=3D"mailto:peter@bitalo.com">peter@bitalo.com</a>" &lt=3B<a =
href=3D"mailto:peter@bitalo.com">peter@bitalo.com</a>&gt=3B=2C "<a href=3D"=
mailto:sebastian@bitalo.com">sebastian@bitalo.com</a>" &lt=3B<a href=3D"mai=
lto:sebastian@bitalo.com">sebastian@bitalo.com</a>&gt=3B=2C "<a href=3D"mai=
lto:trevin@bitalo.com">trevin@bitalo.com</a>" &lt=3B<a href=3D"mailto:trevi=
n@bitalo.com">trevin@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:christian@b=
italo.com">christian@bitalo.com</a>" &lt=3B<a href=3D"mailto:christian@bita=
lo.com">christian@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:michaelg@bital=
o.com">michaelg@bitalo.com</a>" &lt=3B<a href=3D"mailto:michaelg@bitalo.com=
">michaelg@bitalo.com</a>&gt=3B=2C "<a href=3D"mailto:fabiob@bitalo.com">fa=
biob@bitalo.com</a>" &lt=3B<a href=3D"mailto:fabiob@bitalo.com">fabiob@bita=
lo.com</a>&gt=3B=2C "<a href=3D"mailto:support@bitalo.com">support@bitalo.c=
om</a>" &lt=3B<a href=3D"mailto:support@bitalo.com">support@bitalo.com</a>&=
gt=3B=2C "<a href=3D"mailto:martin.albert@gmx.net">martin.albert@gmx.net</a=
>" &lt=3B<a href=3D"mailto:martin.albert@gmx.net">martin.albert@gmx.net</a>=
&gt=3B<br><br><br>=0A=
=0A=
=0A=
<div><div dir=3D"ltr"><br>=0A=
=0A=
=0A=
<div><div dir=3D"ltr">=0A=
=0A=
<div dir=3D"ltr"><br><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'=
Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-st=
yle:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:norm=
al=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-trans=
form:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inline !importa=
nt=3Bbackground-color:rgb(250=2C250=2C250)=3B">Hello</span><br style=3D"col=
or:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Cs=
ans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont=
-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:=
start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-s=
pacing:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"color:r=
gb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-=
serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-wei=
ght:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:star=
t=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spaci=
ng:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><span style=3D"color:rgb=
(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-se=
rif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weigh=
t:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=
=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacin=
g:0px=3Bdisplay:inline !important=3Bbackground-color:rgb(250=2C250=2C250)=
=3B">Your site is extremely vulnerable to ddos attacks.</span><br style=3D"=
color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=
=2Csans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3B=
font-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-al=
ign:start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bwo=
rd-spacing:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"col=
or:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Cs=
ans-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont=
-weight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:=
start=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-s=
pacing:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><span style=3D"color=
:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csan=
s-serif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-w=
eight:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:st=
art=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spa=
cing:0px=3Bdisplay:inline !important=3Bbackground-color:rgb(250=2C250=2C250=
)=3B">I want to offer you info how to properly setup your protection=2C so =
that you can't be ddosed!</span><br style=3D"color:rgb(51=2C51=2C51)=3Bfont=
-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=
=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-sp=
acing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3B=
text-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-co=
lor:rgb(250=2C250=2C250)=3B"><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-=
family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=
=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-sp=
acing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3B=
text-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inlin=
e !important=3Bbackground-color:rgb(250=2C250=2C250)=3B">My price is 1 Bitc=
oin only.</span><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helveti=
ca Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:nor=
mal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bli=
ne-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transform:no=
ne=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rgb(250=2C250=
=2C250)=3B"><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica N=
eue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:normal=
=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bline-=
height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transform:none=
=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rgb(250=2C250=
=2C250)=3B"><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'Helvetica=
 Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-style:norma=
l=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=3Bline=
-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transform:none=
=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inline !important=3Bback=
ground-color:rgb(250=2C250=2C250)=3B">Right now I will star small (very sma=
ll) attack which will not crash your server=2C but you should notice it in =
logs. Just check it.</span><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-fami=
ly:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfon=
t-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:=
normal=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-t=
ransform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rg=
b(250=2C250=2C250)=3B"><br style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'=
Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-st=
yle:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:norm=
al=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-trans=
form:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bbackground-color:rgb(25=
0=2C250=2C250)=3B"><span style=3D"color:rgb(51=2C51=2C51)=3Bfont-family:'He=
lvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfont-size:14px=3Bfont-styl=
e:normal=3Bfont-variant:normal=3Bfont-weight:normal=3Bletter-spacing:normal=
=3Bline-height:21.875px=3Btext-align:start=3Btext-indent:0px=3Btext-transfo=
rm:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bdisplay:inline !important=
=3Bbackground-color:rgb(250=2C250=2C250)=3B">I want to offer you&nbsp=3B in=
fo on how I did it and what you have to do to prevent it. If interested pay=
 me 1 BTC to 17aLGgw8AwJdqiBtMMG1QtQJgNQQkiyEsp</span><br style=3D"color:rg=
b(51=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-s=
erif=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weig=
ht:normal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=
=3Btext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacin=
g:0px=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"color:rgb(51=
=2C51=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=
=3Bfont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:n=
ormal=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=3Bt=
ext-indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacing:0p=
x=3Bbackground-color:rgb(250=2C250=2C250)=3B"><br style=3D"color:rgb(51=2C5=
1=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bf=
ont-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:norma=
l=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-=
indent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3B=
background-color:rgb(250=2C250=2C250)=3B"><span style=3D"color:rgb(51=2C51=
=2C51)=3Bfont-family:'Helvetica Neue'=2CHelvetica=2CArial=2Csans-serif=3Bfo=
nt-size:14px=3Bfont-style:normal=3Bfont-variant:normal=3Bfont-weight:normal=
=3Bletter-spacing:normal=3Bline-height:21.875px=3Btext-align:start=3Btext-i=
ndent:0px=3Btext-transform:none=3Bwhite-space:normal=3Bword-spacing:0px=3Bd=
isplay:inline !important=3Bbackground-color:rgb(250=2C250=2C250)=3B">Thank =
you. &nbsp=3B &nbsp=3B<span> <br></span></span></div>=0A=
                      </div></div>                      </div></div>=0A=
</div><br></div></div>                      </div></div>                      </div></div>           =
           </div></div>                      </div></body>
</html>=

--_991179ca-6b3d-4765-8753-5bcd7337b00c_--

The fact of the matter is:  You got what you deserved.  You programmed a website with vulnerabilities and vulnerabilities still exist in it according to a recent scan.  You are stupid, bitcoin wallets should be kept on your PC not online.  Dumbass, if you are that dumb to program a insecure website then in my opinion you got what you deserved.  Take it as a life lesson