How 999dice.com is stealing your coins, and exactly why you won't believe me

[keepinquiet]

I read most of it.

Why not do something about, rather than telling people not to use it? Why not...talk to authorities, or crowdfund a hacker to take it down?

This IS doing something about it. The more people know, the more people are aware they are being stolen from, the less they will use the site and hopefully, shuts down.

The authorities not only don't care, what authorities? The site is hosted in germany (I believe), and the possible owner lives in California. He emails through tor. I'm sure he admins the site through tor also. Prove what? It's not silk road and heroin where the FBI gives a shit. It's gambling with magic internet money.

As for crowdfunding a hacker, that's actually MORE illegal than what 999dice is doing. It's also childish and accomplishes nothing. Makes him a martyr. Site gets hacked, he comes back up with the sympathy of his loyal customer base.

My goal is to destroy the loyal customer base. That is worth doing.

[1714144591]

1714144591

[mailmansDOGE]

It has been proven long long time ago that 999dice is a scam!
Even now tomatocage has put in his signature that "999dice.com is a scam" .
There is nothing new in this.
just mantain distance from them.

[camelson]

Any one know where i can report fraud ? They must catch noah matisoff

[mailmansDOGE]

Any one know where i can report fraud ? They must catch noah matisoff

who noah?
is he the owner of 999dice?

You can go to the court and see what they can do.

[monkeygang]

There is a million scams out there its the godforsaken wild west, sometimes there's a faster gunslinger or a band of manure thieves prowling about??

Sorry for your loss

I would though like a copy of this script (or system) that made you the 60 bitcoins in 14 hours. Why not use it en mass and put a beating on the website. Im sure many here would be happy to help with the project

[keepinquiet]

There is a million scams out there its the godforsaken wild west, sometimes there's a faster gunslinger or a band of manure thieves prowling about??

Sorry for your loss

I would though like a copy of this script (or system) that made you the 60 bitcoins in 14 hours. Why not use it en mass and put a beating on the website. Im sure many here would be happy to help with the project

The admin threatening to confiscate any deposits I make is a good reason to not do that.

As far as a copy of it, won't do you much good unless you've got 50 BTC to deposit and can stomach risking the loss of it. It's not foolproof by any means. Anyone who tells you their system IS, is lying to you.

[monkeygang]

Well at least I know about this morningale dealio.

Youve also piqued my interest in gambling and might have ruined my young life.
just kidding but it does sound like interesting stuff. Sorry for your loss, take that energy and
go on a warpath. Some people deserve to be taught a lesson..

[fred.perth]

Disclaimer: 999dice is a scam, fuck them.

You managed to lose 200btc on a shady site that was widely regarded as a scam. You did not due diligence before you went on your degenerated streak (not a gambler). You are a fucking idiot.

[AGD]

Any one know where i can report fraud ? They must catch noah matisoff

http://www.ic3.gov/default.aspx
https://crimestoppers-uk.org/

[camelson]

Any one know where i can report fraud ? They must catch noah matisoff

http://www.ic3.gov/default.aspx
https://crimestoppers-uk.org/

I send couple months ago request on ic3.gov but they dont make nothing.
And he is from USA crimestoppers-UK they will help?

[trixter]

I wouldn't say with certanty that "Jake" is Noah Matisoff, but... haha... I'd lay a bet on it

be sure to get the server hash before you place that bet

[alani123]

OP if you seriously picked the most shady of the dice websites to bet tens of thousands volume of bitcoins, that was well deserved. For someone that lost ~200 Bitcoin though, posting on a forum doesn't seem like the most appropriate action. I refuse to believe this.

[feedthedogs]

Similar to JustDice who used to have server provided client hashes unless you forced a randomization on your client
https://bitcointalk.org/index.php?topic=482855.0

[trixter]

I did not see this mentioned so I am gonna do it ...

999dice generates a hash out of some input data (client seed which the client can control, along with other data).  It then processes that hash to get a pseudorandom number.  

999dice does track the users balance as well as wager size in a easy to prove way.  When auto betting it will bet faster if  you have a large deposited balance as well as a larger wager.  The larger the wager the faster it bets.  The larger your balance the faster it bets (or so it appears).

If the OP is correct in his assertion (correlation != causation and all that) this means either they broke sha256 (or do they use 512?  I forget) or they are just brute forcing a loss.  It is highly unlikely that they broke SHA256 or 512.  Therefore they would have to use the wager size tracking and brute force a loss when they decide they want a losing wager.

If they are brute forcing a loss then the response times from the server for larger wager losing bets would vary because it would have to do more operations to return the response.  A technique like http://seclists.org/bugtraq/2001/Mar/182 could possibly be used to detect the jitter in the response times, if tcp timestamps are passed from the end server (I think they proxy through cloudflare but I am unsure, and I am unsure if they pass that).  Short of that you would have to rely on received packet responses which has more network delay than using tcp timestamps so greater variances.

A clever person would plot the time differential between wager placed and response given both when tracking the server hash and when not to see if there is a greater deviation on losing bets when not watching.  That would help to ascertain if the correlation the OP observed is actually due to causation or just random chance.

Side channel attacks like timing based attacks are a known standard method for attacking crypto systems.  Anyone who is really into crypto should be thinking about them.  Some crypto systems have been defeated by using timing  attacks (like poor HMAC implementations that compare before they finish doing everything and short circuit abort on mismatch) This has presented itself in authentication applications (rlogin, ftpd, etc by guessing valid usernames or passwords) and other programs in the past.  Detecting TOR hidden service can use this technique as well as detecting virtual honeypots. 

It feels good to breathe new life into a paper I wrote 14 years ago.  It hasnt been cited in followup work enough in the last few years

[prophetx]

Sounds like "Jake" will be getting nailed by the FBI soon enough...  these scammers never learn...

[prophetx]

Any one know where i can report fraud ? They must catch noah matisoff

http://www.ic3.gov/default.aspx
https://crimestoppers-uk.org/

I send couple months ago request on ic3.gov but they dont make nothing.
And he is from USA crimestoppers-UK they will help?

It really doesn't matter, he is doing business with US clients.  FBI will get his ass at some point when years later he wants to visit Disney World with his kids, or whatever.

[oldmate]

Op check this thread.
You have name of admin on it.
Jake is Noah Matisoff from los angeles.
https://bitcointalk.org/index.php?topic=376783.0

I read that the other night, and while I cannot say for sure that is him, I found some pretty interesting coincidences that tell me it is.

First off, when you pull the whois info for 999dice.com, you get this:
Domain Name: 999DICE.COM
Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Whois Server: whois.enom.com
Referral URL: http://www.enom.com

The rest of the data is pretty worthless as it's all been privatized.

If you do some googling on Noah Matisoff, you find he has this site:
http://matisoff.me/

Whois information on that domain:
Domain ID:D8874866-ME
Domain Name:MATISOFF.ME
Domain Create Date:02-Aug-2013 22:41:52 UTC
Domain Last Updated Date:10-Aug-2014 05:42:14 UTC
Domain Expiration Date:02-Aug-2015 22:41:52 UTC
Last Transferred Date:
Sponsoring Registrar:eNom Inc R32-ME (48)
Created by:eNom Inc R32-ME (48)
Last Updated by Registrar:eNom Inc R32-ME (48)

Same registrar.

Another interesting little tidbit. Look at the email headers in the OP. I commented that I found it funny that a legitimate site owner would use privateemail.com instead of something a little more professional, and access said webmail through tor. (kaputte.li [194.150.168.95] is a tor exit node).

Now, lets scroll down for the mx record for matisoff.me:


privateemail.com

Before 2 days ago I'd never even heard of privateemail.com, yet 999dice and Noah Matisoff both registered their domains through the same registrar (also one I've never heard of) and both use the same email host? Yeah, a coincidence, but a pretty odd one.

I wouldn't say with certanty that "Jake" is Noah Matisoff, but... haha... I'd lay a bet on it

I also believe 999Dice is a scam, but unfortunately none of this is really evidence. Privateemail.com is the private email hosting service that Namecheap uses. Namecheap is the most popular domain registrar which accepts BTC payment, and thus anonymous registration. I use Namecheap and privateemail.com but I am not "Jake".

[prophetx]

I read most of it.

Why not do something about, rather than telling people not to use it? Why not...talk to authorities, or crowdfund a hacker to take it down?

This IS doing something about it. The more people know, the more people are aware they are being stolen from, the less they will use the site and hopefully, shuts down.

The authorities not only don't care, what authorities? The site is hosted in germany (I believe), and the possible owner lives in California. He emails through tor. I'm sure he admins the site through tor also. Prove what? It's not silk road and heroin where the FBI gives a shit. It's gambling with magic internet money.

As for crowdfunding a hacker, that's actually MORE illegal than what 999dice is doing. It's also childish and accomplishes nothing. Makes him a martyr. Site gets hacked, he comes back up with the sympathy of his loyal customer base.

My goal is to destroy the loyal customer base. That is worth doing.

it is good that you documented all this on a public forum.  yes it may not have the priority of a silk road, but they will catch up to his ass sooner or later.

[trixter]

It really doesn't matter, he is doing business with US clients.  FBI will get his ass at some point when years later he wants to visit Disney World with his kids, or whatever.

On what charge though?  If its 999dice there has to be proof a crime was actually committed and I am unconvinced that a string of losses vs a string of wins with a correlation between the two is proof.  

Technically any gambling site that does not blacklist US people could go down if the gambling is illegal in any state AND there is some US based person involved other than the gambler (31 U.S.C. §§ 5361–5367).  Lack of age verification makes it illegal (as well as other things).  Its illegal to run the site, not illegal to gamble there.  I have not seen a single case where 100% of everything was outside the US and they still tried to go after the site operators.  It is a RICO case which lets them parasitically go after a whole bunch of people and assets, well its RICO if anyone gets any profit from the site.  

I suspect that unless and until cheating is proved (which could be a wire fraud case) or he gets big enough to matter they wont bother with the resources though.  It is far more likely that a state attorney general with aspirations of being a federal senator or perhaps president will be the one that goes after such things.  That is why NY is going after all the ponzi sites of late.  Remember, if at least one person in the state could be harmed by the illegal acts of someone external to the state then they can indict.  If its a foreign national they can request extradition although that is handled federally in most cases (often with the State Department running point).  Once they are in the US then they can be told to take a seat over there.

[trixter]

As for crowdfunding a hacker, that's actually MORE illegal than what 999dice is doing. It's also childish and accomplishes nothing. Makes him a martyr. Site gets hacked, he comes back up with the sympathy of his loyal customer base.

No it isnt.  18 USC 1030 is the hacking statute and that has a lesser penalty than the RICO case for an illegal internet gambling site.  Illegal is a very loose term in that act it means if the laws of *any* US state are violated it is illegal, age verification is a required attribute to make it legal under that act.  There are other reasons it would be illegal.  

Not only does the RICO charge have at least twice the penalty (20 years instead of 10 as a maximum) but it exposes more people to more criminal liability because it parasitically infests a group of people.  Wire fraud if they went that route would be a 5 year max, so there it would be a lesser crime (unless they raised that since the last time I read it).  Wire fraud would not be the typical way to go when there is an internet gambling act passed in 2006 though.  He could also be charged with individual counts for each occurrence of cheating (if he is cheating) but proving which ones were cheats and which were not might be difficult and without that there is no crime.  Internet gambling can be proved by just visiting the site, no cheating or anything else to prove.  Issue subpoenas to get the real IP of the server and  then more subpoenas to get the identity (or potentially wiretaps to monitor who is accessing the site, possibly track the coins to see who is spending them and potentially cashing them out, etc).  It is not illegal to be a gambler though so if he is clever in how he pays himself he could make it look like gambling winnings which at most carry a tax liability and the IRS can go after him.  

It is a French IP owned by a German company.  Would France cooperate?  Is this even illegal there?  If it isnt they may not be able to cooperate and short of following the coins and proving who the site operator is then it would be difficult at best to do anything.  People on this site have just as much ability to track the coins and see if they can discern who is getting paid and who is just winning.  I mean sure maybe the gov can subpoena the domain registrar records to get the wallet address used to pay for the domain and see if they can trace it that way but  that might not pan out either.

They use google tracking so presumably they could subpoena google to get the AdSense or Analytics or whatever customer info and see who is accessing that and if its a linked account and chase the rabbit down that hole.

The use a Comodo ssl cert so another potential target to subpoena to try to get info.  Comodo is US and UK based so presumably there would be a hook there.

Crookservers.net is the hosting provider (who appears to have leased the FR IP).  Based on their legal style I would say US based edited by a non-lawyer (I say that as someone currently in law school in the US).  It also uses American spelling not British in the TOS.  "Sales Inquiry" is Americanized.  Inquiry is more for investigations while Enquiry is more for um well Sales Enquiries, at least from what I heard.  They do not have the required business identification for much of Europe on their page.  In fact they do not really identify who they are as a corporate entity or have telephone numbers at all.  Not surprising with all the cheap hosting providers out there doing the same though.  I bet money they are US based though, and I *will* check the server hash before placing that bet

Crookservers lists by default prices in pounds but does not mention VAT anywhere on their page (via google).  I believe that the UK requires VAT numbers to be published so there can be verification of them. The carnival fraud or whatever it is called.  Much recordkeeping.

It appears to be a windows machine as well.  I just find it odd that anyone would host anything on windows but I am biased.  God I hated working at Intel and all their stupid windows machines.  


I do agree with the rest of what you said though