Author Archives: shinohai

Buggered Bitcurex Tries To Selectively Hide SFYL Based On Customer Language Skills

Posted on by

Polish "Bitcoin exchange" Bitcurex.com1 has announced a 2300 BTC Sorry For Your Loss, finally admitting that the exchange was hacked after a recent spate of technical issues. Naturally, officials with the company have no idea who or how the breach occurred, only stating that on Oct. 13 unknown perpetrators broke into their servers and liberated the 5 million US dollars worth of Bitcoin. The website zaufanatrzeciastrona.pl, which broke the story of the hack, reports that the company has not released any information in the English language leading some to believe they wish to limit the amount of customers seeking refunds due to the theft. The same exchange was also robbed of 18,000 Bitcoin in 2014. Sorry for your loss.

  1. Association with Vircurex is uncertain at this time.  

Chicom "Internet Of Things" Confirms No One Gives A Fuck About Securing "Internet Of Things"

Posted on by

Chinese electronics manufacturer Hangzhou Xiongmai Technology has admitted that weak security in its line of webcams and DVRs were the likely culprit for the DDoS attack that left a portion of the internet without service on Friday. The Mirai malware used in the attack likely took advantage of the fact that customers purchasing these products would fail to change their login details from the default settings, and as a result upwards of a half-million devices could be infected. A botnet powered by the same malware is suspected in the 665 Gbps attack that took down Brian Krebs website last month.

Peace On Earth: AdultFriendFinder Data Liberated Again

Posted on by

Just in time for the coming holiday season, security news site sophos reports that Peace may still be amongst us despite reports an aspect of the notorious quiet and tranquility may have been arrested at the behest of the US government. In an interview with Motherboard last week Peace stated he was responsible for the latest AdultFriendFinder breach, and had given “everything, all [FriendFinder Network],” to other hackers. AFF confirmed this stating:

We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports. If we confirm that a security incident did occur, we will work to address any issues and notify any customers that may be affected.

Peace further stated to Motherboard that the current breach was accomplished by opening "a backdoor that had been publicized on the hacking forum Hell" The Russian language forum was the site where the data from the previous hack was listed for sale at a price of 70 BTC. Information to corroborate the veracity of his claims was sent to Motherboard, and was verified by an independent security researcher Dan Tentler (WoT:nonperson). Tentler said the files contained employee names, their home IP addresses, and SSH keys used for remote access to AdultFriendFinder's servers.

Him In Our Time.

Buggered Bitfinex Begs Burgler For Bitcoins Back

Posted on by

Bitfinex has made a desperate attempt to reach out to the hacker that buggered their bum and liberated almost 120k Bitcoins from their platform in August with a post on their blog detailing the channels opened for dialogue. One of the methods even goes as far to suggest blockchain spam as a viable communication protocol.

From the announcement:

We believe that a combination of Tor and an anonymous email service should suffice to protect your identity and location. Encrypting your message with our PGP key further guarantees privacy from prying
eyes, but to prove your authenticity to us, we ask that you provide the public key associated with 1QDBWKgfftwuraEasMGSUvj9PPrswZv19q and sign your message with the corresponding private key.

Instead of using e-mail, you can send the authenticating information via Bitmessage and Tor. Our Bitmessage address is BM-2cW79647sMFe3fJKKGKAwXWwTSS293meq8.

Alternatively, you can send us a message on the Blockchain using OP_RETURN. You can encrypt a message (containing your pub key) with our PGP key, split up the message into 80-byte chunks, and send
transactions to 19eT7KGKo1gFjgBhEF4957wVNugkc2cakK from any one of the 2072 addresses currently holding the bitcoins in question.

Despite not being registered in the WoT, Bitfinex also somehow managed to make a gpg key and post it as well. The post closed by stating that they were "very anxious to hear" from the attacker, and asked if there is perhaps a different way that they would prefer to communicate, as absconding with $75 million in Bitcoin evidently did not send a clear enough message. (archived)

Dyn DNS Suffers Packet Inflation, Many Other "Services" Affected

Posted on by

Dyn DNS is reporting a large-scale DDoS attack on it's servers this morning, which has caused sporadic interruptions of service for users, mainly on the East Coast of the US. Github, Twitter, and Reddit all use the service as their upstream DNS provider and have reported many outages and total downtime lasting hours. DynDNS president released a statement saying:

This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States. DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time. Updates will be posted as information becomes available.

Upon recognition, active mitigation protocols were initiated and have been working to resolve the issues.

Customers with questions or concerns are encouraged to check our status page for updates and reach out to our Technical Support Team.

No information was available as to whom might be behind the attack, leading to speculation that it may have been launched to protest the recent arrest of an aspect of Peace on Earth earlier this week.

The Sacred Dies In India

Posted on by

24 cattle died, and 20 more reported injured during a stampede that occurred at an Indian religious festival. Police of Uttar Pradesh said they only expected 3,000 cult members, however 70,000 showed up and started rumors along a packed bridge that led to the disaster. Taking a page from the Bitfinex playbook, the Indian Prime Minister is offering families of the dead 200`000 rupees as SFYL compensation. October has seen an increase in lulz featuring India on the pages of Qntra, with highlights being a telemarketing scam being busted and Preet Bharara's latest antics showing a trend in this behavior for the immediate future.

Butt-erin Seeks Another Bailout Fork

Posted on by

The "Timothy Leary of Ether Huffing" Vitalik Butt-erin (WoT:nonperson) officially announced his application to become Roger VERified today, suggesting that perhaps another hard fork is the answer to recent problems the failed altcoin is experiencing. The news comes in response to a series of denial-of-service attacks on the network that have affected first Geth, and now the Parity implementations of the traditional ether huffing bag. The same exploit has been widely reported across various ether huffing splinter groups. that continue to build on clones of the ET(her)H(uff) protocol. The majority of participants in the scheme are dubiously said to have voiced support for the fork, just like the last time when they needed a bailout.

Huffers At Ether.Camp Baking Next "Smart Contract For Your Loss"

Posted on by

Ether huffers are already working on their next large scale Sorry For Your Loss with a new type of "smart contract" that some are already calling "The DAO 2.0". The contract, dubbed "Hacker Gold" is sure to live up to it's name for would-be attackers, as some eagle-eyed users have already attempted to compile the code and found that it wouldn't. The creators at ether.camp responded that the code on github "isn't the final version". The creators are hoping to raise 50 million US dollars in funds through an ICO and have reportedly been using sock-puppet accounts on reddit to manipulate threads in r/startups and others, in an attempt to generate buzz. The ether.camp team has been mostly silent on the criticisms, apparently betting on the fact that if the initiative fails they can simply hard fork the coin and get everyone's money back like last time.

Backpage CEO Criminally Arrested On Pimping Allegations

Posted on by

State agents in Texas have arrested Carl Ferrer, CEO of backpage.com in a raid after allegations he might know other people could be using his website to engage in adult and child sex-trafficking. Mr Ferrer was arrested on a warrant out of the state of California at the airport in Houston, and warrants were also issued for the ad site’s controlling shareholders, Michael Lacey and James Larkin. The charges levied against Mr. Ferrer include felony charges of pimping a minor, pimping, and conspiracy to commit pimping, and he faces an extradition hearing before he can be returned to California to face the charges. Mr. Ferrer is facing these charges for running a website, not for actually running girls in the street. Sorry for your laws and your lues.

US Tax Department Busted By Indian Police

Posted on by

Police in rural Thane, India have arrested over 500 people working in a call center, accusing them of scamming U.S. citizens in a fraud scheme. The callers allegedly would tell the victims they were with the "US Tax Department" and demanded financial and bank details, and threatened them with legal action if they refused to provide the details. The employees would then use the information to withdraw funds from the accounts, with officials estimating the scheme could make upwards of $160,000 USD a day. Police said the investigation was ongoing and further information was to be released soon, although no word was available as to whether any iTunes gift cards were recovered in the haul