Silk Road forums
Discussion => Security => Topic started by: lokiju on April 10, 2013, 11:13 pm
-
From the recent BTC manipulation, when BTC was down to $110 or even lower (it appears to be about $175 now at 3:30 Pacific time according to the lousy trader BitFloor) was anybody able to 'get in'?
They didn't bother to answer my emails and I wasn't going to trust BitFloor with any more of my money. And as for MtGox, their ID requirements are not for me either.
So does anybody know that if MtGox was on a TOR server would they be immune from this DDOS attack? I understood SR is immune from DDOS.
In my opinion, if the dealers/traders are using technology that is manipulable from stupid common technologies like a DDOS attack, and that recently MtGox SAID they were vulnerable, that means their either so incompetent or are using incompetence as a shield for dishonesty.
Obviously, I have a 'ax to grind' but I still think that my comments are true, and would welcome discussion.
THIS is a comment from a MtGox employee in 2011
<snip>
Hello everyone, MagicalTux is busy getting everything back in order on mtgox so he asked me to post here and answer any questions people have.
First, only a small amount of BTC was stolen. MtGox will refund the stolen BTC to the compromised user.
Everyone's bitcoins are safe on the site. We still are holding all the coins safely in reserve. The vast majority of the coins are stored offline so they are impossible to compromise.
He understands the rollback won't be popular with people who were able to pick up coins for .10 or whatever but none of those trades were legitimate so mtgox has a legal obligation to reverse the trades.
I'm sure when you think about it you don't actually want to buy stolen coins and take advantage of the situation.
Things have been very hectic with mtgox since MagicalTux took over. He has simultaneously been trying to fend off persistent ddos attacks, hire more staff, deal with the huge increase in users, improve the code to support the much larger trade volume, ensure regulatory compliance and deal with various security issues. Obviously things haven't gone as smoothly as we would like but we can see the light at the end of the tunnel with more people being hired and the backend changes done. MtGox will hopefully be able to regain your trust in the coming weeks.
<snip>
The next post was written about a week ago, the pertinent part DDOS attack is in the second paragraph, but I thought the FBI comment in the first paragraph would be of concern to people perhaps not 'comfortable' with PGP, or using their work computers to place SR orders, etc.
<snip>
April 5, 2013
Real-time online surveillance law is FBI’s ‘priority’
Andrew Weissman, the FBI’s general counsel, has announced that a modernisation of American surveillance laws is the FBI’s ‘top priority’ for this year. A suggested new policy would allow authorities to monitor the internet activities of crime suspects in real time – in much the same way that they can already listen in on phone calls. Weissman argued that the existing 1994 law that applies to telecommunications companies has failed to keep up with advances in technology, stating that new legislation was needed to specifically target the internet. The proposal, which would let authorities monitor people’s email accounts, for instance, is unlikely to go down too well with online privacy campaigners.
Bitcoin exchange rates plummet after hacking attack (remember this was written April 5th)
Online currency Bitcoin has seen its exchange rates plummet after a hacking attack caused online trade problems. The MTGox exchange site – the main trading place for the Bitcoin currency – struggled to keep up with demand on Wednesday, as it was bombarded with a DDoS attack (seemingly the flavour of the month as far as hacking goes). The value of Bitcoins had hit a new high this week, with each coin worth $142 (£94) – a rapid increase from last week’s value of $90 – but the figure plunged to $120 within hours of news breaking about delays in trading. MTGox suggested that the attack was the work of hackers attempting to ‘game’ the system – buying Bitcoins when they’re cheap and selling them at a high, before causing the price to crash again – and urged people to remain calm and not to sell.
<snip>
On the positive side, the sign that BTC is quickly getting back to 'normal' levels within a few hours is encouraging, at least to me. I don't doubt that we will continue to see these DDOS attacks on MtGox, and others that are vulnerable to it though. I'm NOW glad that I didn't sell at about $180 as it was going down, and I guess the people who did, and didn't buy back in on the way up are SOL, at least partly to blame from financial malpractice (IMO) of MtGox. Their volume should ensure that they do their best to ensure honest trading. But I guess they are so busy in meeting privacy standards of the FBI (sarcasm) that little things like currency manipulation aren't as important.
-
I lost thousands on the way down.. made thousands on the way up.. and bought mad coin in the mean while.
-
From the recent BTC manipulation, when BTC was down to $110 or even lower (it appears to be about $175 now at 3:30 Pacific time according to the lousy trader BitFloor) was anybody able to 'get in'?
They didn't bother to answer my emails and I wasn't going to trust BitFloor with any more of my money. And as for MtGox, their ID requirements are not for me either.
So does anybody know that if MtGox was on a TOR server would they be immune from this DDOS attack? I understood SR is immune from DDOS.
In my opinion, if the dealers/traders are using technology that is manipulable from stupid common technologies like a DDOS attack, and that recently MtGox SAID they were vulnerable, that means their either so incompetent or are using incompetence as a shield for dishonesty.
Obviously, I have a 'ax to grind' but I still think that my comments are true, and would welcome discussion.
THIS is a comment from a MtGox employee in 2011
<snip>
Hello everyone, MagicalTux is busy getting everything back in order on mtgox so he asked me to post here and answer any questions people have.
First, only a small amount of BTC was stolen. MtGox will refund the stolen BTC to the compromised user.
Everyone's bitcoins are safe on the site. We still are holding all the coins safely in reserve. The vast majority of the coins are stored offline so they are impossible to compromise.
He understands the rollback won't be popular with people who were able to pick up coins for .10 or whatever but none of those trades were legitimate so mtgox has a legal obligation to reverse the trades.
I'm sure when you think about it you don't actually want to buy stolen coins and take advantage of the situation.
Things have been very hectic with mtgox since MagicalTux took over. He has simultaneously been trying to fend off persistent ddos attacks, hire more staff, deal with the huge increase in users, improve the code to support the much larger trade volume, ensure regulatory compliance and deal with various security issues. Obviously things haven't gone as smoothly as we would like but we can see the light at the end of the tunnel with more people being hired and the backend changes done. MtGox will hopefully be able to regain your trust in the coming weeks.
<snip>
The next post was written about a week ago, the pertinent part DDOS attack is in the second paragraph, but I thought the FBI comment in the first paragraph would be of concern to people perhaps not 'comfortable' with PGP, or using their work computers to place SR orders, etc.
<snip>
April 5, 2013
Real-time online surveillance law is FBI’s ‘priority’
Andrew Weissman, the FBI’s general counsel, has announced that a modernisation of American surveillance laws is the FBI’s ‘top priority’ for this year. A suggested new policy would allow authorities to monitor the internet activities of crime suspects in real time – in much the same way that they can already listen in on phone calls. Weissman argued that the existing 1994 law that applies to telecommunications companies has failed to keep up with advances in technology, stating that new legislation was needed to specifically target the internet. The proposal, which would let authorities monitor people’s email accounts, for instance, is unlikely to go down too well with online privacy campaigners.
Bitcoin exchange rates plummet after hacking attack (remember this was written April 5th)
Online currency Bitcoin has seen its exchange rates plummet after a hacking attack caused online trade problems. The MTGox exchange site – the main trading place for the Bitcoin currency – struggled to keep up with demand on Wednesday, as it was bombarded with a DDoS attack (seemingly the flavour of the month as far as hacking goes). The value of Bitcoins had hit a new high this week, with each coin worth $142 (£94) – a rapid increase from last week’s value of $90 – but the figure plunged to $120 within hours of news breaking about delays in trading. MTGox suggested that the attack was the work of hackers attempting to ‘game’ the system – buying Bitcoins when they’re cheap and selling them at a high, before causing the price to crash again – and urged people to remain calm and not to sell.
<snip>
On the positive side, the sign that BTC is quickly getting back to 'normal' levels within a few hours is encouraging, at least to me. I don't doubt that we will continue to see these DDOS attacks on MtGox, and others that are vulnerable to it though. I'm NOW glad that I didn't sell at about $180 as it was going down, and I guess the people who did, and didn't buy back in on the way up are SOL, at least partly to blame from financial malpractice (IMO) of MtGox. Their volume should ensure that they do their best to ensure honest trading. But I guess they are so busy in meeting privacy standards of the FBI (sarcasm) that little things like currency manipulation aren't as important.
I read WAR & PEACE in less time than it took yo read your post. How could you possibly have more to say than Tolstoy?
-
*Sighs and thinks back to a simpler time when Btc were $5 a piece last year*
-
It seems that MtGox pays Prolexic, a supposed "has never failed to block a DoS attack," security firm, to make sure they don't suffer from Denial of Service attacks -- no matter how big they are. Prolexic's site claims this (among many other things): "More peace of mind: No attacker has been too smart and no denial of service attack has been too big or complex for Prolexic’s protection."
Yet they regularly suffer from them, while Prolexic continues to claim they've never failed to eliminate a DoS on a customer within 20 minutes of it starting.
So you tell me: are they really saying they've managed to alter the fabric of reality so that it's possible to both suffer from crippling DoS attacks, while simultaneously never failing to defend against one -- or are they full of shit and helping the rich get richer.
Tor would just make matters worse, though, frankly. It would also be illegal: they have laws and regulations they have to adhere to, which includes knowing who you just paid $100,000.00 to.
-
There was ABSOLUTELY massive manipulation going on in the forms of DDOS attacks and bots etc. Just because MT Gox said there wasn't means fuckall to me. It's obvious.
I was able to grab about a grand in USD when it hit $120ish. Oh well. It's recovering quite fast. It's steady at $174ish for the past couple of hours. It will climb back up slowly, worry not people.
Patience. I lost a fuckton on the way down, but didn't budge and panic. Watch, by the weekend we will be well into the $200s.