Silk Road forums

Support => Customer support => Topic started by: alexcutter on May 15, 2013, 01:05 pm

Title: Hacked Passphrase?
Post by: alexcutter on May 15, 2013, 01:05 pm
Hi all,

Per scout's suggestion, I'm cross posting this here from the newbie thread.

__________________________

SF was working fine earlier this morning (14th), until I was "disconnected".

I tried to reconnect several times without success. I noticed that the Tor update icon was flashing, and updated.

Still no luck logging in. I tried on my other computer (both are Macs running latest OS and latest Tor). No luck.

I tried creating a new SR account, and have been able to log in successfully.

I'm assuming someone figured out my passphrase, switched it out, and has locked my out of my account. Is that a fair assumption to make?

If so, do I have any recourse?

thx in advance.

EDIT: Since that time, I've messaged Support requesting to have my passphrase reset, and am currently awaiting a response.

Thanks!
Title: Re: Hacked Passphrase?
Post by: Libertas on May 15, 2013, 03:47 pm
Hi all,

Per scout's suggestion, I'm cross posting this here from the newbie thread.

__________________________

SF was working fine earlier this morning (14th), until I was "disconnected".

I tried to reconnect several times without success. I noticed that the Tor update icon was flashing, and updated.

Still no luck logging in. I tried on my other computer (both are Macs running latest OS and latest Tor). No luck.

I tried creating a new SR account, and have been able to log in successfully.

I'm assuming someone figured out my passphrase, switched it out, and has locked my out of my account. Is that a fair assumption to make?

If so, do I have any recourse?

thx in advance.

EDIT: Since that time, I've messaged Support requesting to have my passphrase reset, and am currently awaiting a response.

Thanks!

Hi alexcutter,

If you were able to log in successfully on a new account but not on your old account then that narrows it down to an account-specific problem. Whilst its highly unlikely that someone figured out your passphrase (if it was in any complex), it is a possibility. There is also a minor possibility that there is an issue with your login credentials on Silk Road's end. It is more likely, however, that you entered your details into a site other the Silk Road and were the victim of phishing. If you have ever entered your PIN at login, that is what happened.

There is a page on the SR Wiki about phishing here:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing

Please ensure that you ONLY access Silk Road at its correct URL:
silkroadvb5piz3r.onion

The only way this site will change is if DPR puts out a PGP signed message to that effect (which you should personally verify).

If you were a victim of phishing I'm afraid there is no recourse as Bitcoin transactions are irreversible by design and each member is responsible for their own security. Please ensure that your system is free from keyloggers / dataloggers and that you only ever enter your details into the URL above. Silk Road will NEVER ask you for your PIN.

You may be waiting a while for Support to get back to you due to a backlog; please see DPR's statement regarding that here:
http://dkn255hz262ypmii.onion/index.php?topic=159668.0

Libertas
Title: Re: Hacked Passphrase?
Post by: alexcutter on May 15, 2013, 04:56 pm
Hi alexcutter,

If you were able to log in successfully on a new account but not on your old account then that narrows it down to an account-specific problem. Whilst its highly unlikely that someone figured out your passphrase (if it was in any complex), it is a possibility. There is also a minor possibility that there is an issue with your login credentials on Silk Road's end. It is more likely, however, that you entered your details into a site other the Silk Road and were the victim of phishing. If you have ever entered your PIN at login, that is what happened.

There is a page on the SR Wiki about phishing here:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing

Please ensure that you ONLY access Silk Road at its correct URL:
silkroadvb5piz3r.onion

The only way this site will change is if DPR puts out a PGP signed message to that effect (which you should personally verify).

If you were a victim of phishing I'm afraid there is no recourse as Bitcoin transactions are irreversible by design and each member is responsible for their own security. Please ensure that your system is free from keyloggers / dataloggers and that you only ever enter your details into the URL above. Silk Road will NEVER ask you for your PIN.

You may be waiting a while for Support to get back to you due to a backlog; please see DPR's statement regarding that here:
http://dkn255hz262ypmii.onion/index.php?topic=159668.0

Libertas
[/quote]

Thanks for the reply...

Quote
Whilst its highly unlikely that someone figured out your passphrase (if it was in any complex), it is a possibility.

My passphrase was fairly complex.

Quote
There is also a minor possibility that there is an issue with your login credentials on Silk Road's end.

Not sure what this means?

Quote
If you have ever entered your PIN at login, that is what happened.

Certain this hasn't happened, as I'd read several warnings about this before even setting up my original account.

Quote
You may be waiting a while for Support to get back to you due to a backlog;

That's fine.

Do you see any harm in loading BC's into my new account, and continuing to purchase? Or should I just stand pat until the issue with my original account gets sorted out?

Thanks again!
Title: Re: Hacked Passphrase?
Post by: Libertas on May 15, 2013, 05:19 pm
Thanks for the reply...

Quote
Whilst its highly unlikely that someone figured out your passphrase (if it was in any complex), it is a possibility.

My passphrase was fairly complex.

Quote
There is also a minor possibility that there is an issue with your login credentials on Silk Road's end.

Not sure what this means?

There is a small possibility that there is an issue validating your login details against the details stored on the Silk Road servers. This is unlikely, but possible if there is a technical fault.

Quote
If you have ever entered your PIN at login, that is what happened.

Certain this hasn't happened, as I'd read several warnings about this before even setting up my original account.

Please check your system for keyloggers / dataloggers and rootkits. There are many guides on how to do this on the clearweb.

Quote
You may be waiting a while for Support to get back to you due to a backlog;

That's fine.

Do you see any harm in loading BC's into my new account, and continuing to purchase? Or should I just stand pat until the issue with my original account gets sorted out?

Thanks again!

I would wait until I have checked my system completely for keyloggers etc.; if your system is clean (and your password / PIN are sufficiently complex) then sending Bitcoin to your new account should be just fine.

Libertas
Title: Re: Hacked Passphrase?
Post by: kimjongill on May 15, 2013, 05:41 pm
Had exactly the same problem - http://dkn255hz262ypmii.onion/index.php?topic=158263.0

Email SR Support (you have to create a new account and you can find their link in the bottom right of the SR page) and tell them the wallet address you last deposited BTC from. They use this to verify your account. Do this at the start otherwise they'll ask you to do it and you'll wait at least another day for a reply.

I got my account back today but all my BTC is gone. I think (I fucking hope) this is SR security being careful, but I am awaiting a reply.

Let me know if you have your cash when you log in.
Title: Re: Hacked Passphrase?
Post by: alexcutter on May 15, 2013, 05:51 pm
Had exactly the same problem - http://dkn255hz262ypmii.onion/index.php?topic=158263.0

Email SR Support (you have to create a new account and you can find their link in the bottom right of the SR page) and tell them the wallet address you last deposited BTC from. They use this to verify your account. Do this at the start otherwise they'll ask you to do it and you'll wait at least another day for a reply.

I got my account back today but all my BTC is gone. I think (I fucking hope) this is SR security being careful, but I am awaiting a reply.

Let me know if you have your cash when you log in.

Will do. I purchased my coins through a vendor on SR (CoinXchange), and passed the info along to support.
Title: Re: Hacked Passphrase?
Post by: scout on May 15, 2013, 07:00 pm
Sounds like you've done what you can for now!  Be sure to come back and let us know when this has been resolved!
Title: Re: Hacked Passphrase?
Post by: alexcutter on May 15, 2013, 10:30 pm
Hi all,

I received the following "form" reply from support:

"Thank you for submitting your question to the Silk Road support staff. The answer to your question can be found by reading the Wiki, found here: (dkn255hz262ypmii.onion/wiki)."

The subject header said to read the FAQ. Which I already had. The link included in the message isn't working.

Is this just some automated response that precedes a real message?

thx again
Title: Re: Hacked Passphrase?
Post by: Libertas on May 15, 2013, 11:04 pm
Hi all,

I received the following "form" reply from support:

"Thank you for submitting your question to the Silk Road support staff. The answer to your question can be found by reading the Wiki, found here: (dkn255hz262ypmii.onion/wiki)."

The subject header said to read the FAQ. Which I already had. The link included in the message isn't working.

Is this just some automated response that precedes a real message?

thx again

No, that's not an automated response. They are describing the PIN reset process. The process for resetting your passphrase can be found here:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Frequently_Asked_Questions#I_forgot_my_passphrase.

Is there any chance that you perhaps asked them to reset your PIN instead of your passphrase?

Libertas

Title: Re: Hacked Passphrase?
Post by: alexcutter on May 15, 2013, 11:23 pm
Hi all,

I received the following "form" reply from support:

"Thank you for submitting your question to the Silk Road support staff. The answer to your question can be found by reading the Wiki, found here: (dkn255hz262ypmii.onion/wiki)."

The subject header said to read the FAQ. Which I already had. The link included in the message isn't working.

Is this just some automated response that precedes a real message?

thx again

No, that's not an automated response. They are describing the PIN reset process. The process for resetting your passphrase can be found here:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Frequently_Asked_Questions#I_forgot_my_passphrase.

Is there any chance that you perhaps asked them to reset your PIN instead of your passphrase?

Libertas

Hi,

Here are the exact messages I sent:

Message 1:

Hi,

SR was working fine today until I updated the Tor software. Since then, I haven't been able to log on using three different computers.

I was concerned that someone had used my passphrase to login and lock me out, but the SR subreddit thought that was unlikely, and suggested I have the passphrase reset.

This is a request to do so. I have created this new account so that I could contact support. My locked-up account is "alexcutter", and as of this morning, had about $130 in the account.

Please let me know if you need any additional info from me to get the process going.

thanks in advance.


Message 2:

I purchased Bitcoins from CoinXchange if that helps.
Title: Re: Hacked Passphrase?
Post by: Libertas on May 15, 2013, 11:34 pm
Hi,

Here are the exact messages I sent:

Message 1:

Hi,

SR was working fine today until I updated the Tor software. Since then, I haven't been able to log on using three different computers.

I was concerned that someone had used my passphrase to login and lock me out, but the SR subreddit thought that was unlikely, and suggested I have the passphrase reset.

This is a request to do so. I have created this new account so that I could contact support. My locked-up account is "alexcutter", and as of this morning, had about $130 in the account.

Please let me know if you need any additional info from me to get the process going.

thanks in advance.


Message 2:

I purchased Bitcoins from CoinXchange if that helps.

Ah, I think I see the problem. SR Support directed you back to the F.A.Q. as they require the following:

http://dkn255hz262ypmii.onion/wiki/index.php?title=Frequently_Asked_Questions#I_forgot_my_passphrase.
Quote
I forgot my passphrase.

You must create a new account and message support with the last address you deposited bitcoins to, along with any other information that can help us connect you to the account.

Telling them that the last deposit came from CoinXchange doesn't help at all as all Bitcoin addresses are random - there is no way to tell where addresses originate.

If you haven't been able to login from three different computers then it is unfortunately highly likely that your account has been compromised. :(

What you'll need to do is find the last SR deposit address that you sent Bitcoin to, along with any other information that may help prove that you are who you say you are (such as recent transaction dates / amounts / items etc.) and send all of that back to SR Support in response to the message they sent back to you.

Libertas
Title: Re: Hacked Passphrase?
Post by: alexcutter on May 15, 2013, 11:44 pm
Hi,

Here are the exact messages I sent:

Message 1:

Hi,

SR was working fine today until I updated the Tor software. Since then, I haven't been able to log on using three different computers.

I was concerned that someone had used my passphrase to login and lock me out, but the SR subreddit thought that was unlikely, and suggested I have the passphrase reset.

This is a request to do so. I have created this new account so that I could contact support. My locked-up account is "alexcutter", and as of this morning, had about $130 in the account.

Please let me know if you need any additional info from me to get the process going.

thanks in advance.


Message 2:

I purchased Bitcoins from CoinXchange if that helps.

Ah, I think I see the problem. SR Support directed you back to the F.A.Q. as they require the following:

http://dkn255hz262ypmii.onion/wiki/index.php?title=Frequently_Asked_Questions#I_forgot_my_passphrase.
Quote
I forgot my passphrase.

You must create a new account and message support with the last address you deposited bitcoins to, along with any other information that can help us connect you to the account.

Telling them that the last deposit came from CoinXchange doesn't help at all as all Bitcoin addresses are random - there is no way to tell where addresses originate.

If you haven't been able to login from three different computers then it is unfortunately highly likely that your account has been compromised. :(

What you'll need to do is find the last SR deposit address that you sent Bitcoin to, along with any other information that may help prove that you are who you say you are (such as recent transaction dates / amounts / items etc.) and send all of that back to SR Support in response to the message they sent back to you.

Libertas

Understood.

I think I'll just eat the money, and move on with the new account. It seems clear that the money will be gone (assuming I can get access), and as a new user, I only had a few transactions on my record.

Is there some reason why this would be a bad idea?

Thanks again for all of the help.
Title: Re: Hacked Passphrase?
Post by: Libertas on May 15, 2013, 11:56 pm
Understood.

I think I'll just eat the money, and move on with the new account. It seems clear that the money will be gone (assuming I can get access), and as a new user, I only had a few transactions on my record.

Is there some reason why this would be a bad idea?

Thanks again for all of the help.

Personally, if it were me, I would want to make sure that the account was indeed compromised so as I have some idea what happened. If you didn't go to a phishing site then it's possible that there is a keylogger on your system. Again, if it were me, I'd scan for loggers and rootkits, then completely format my hard-drive, do a clean install of my operating system and create another brand new account.

If it is indeed a logger then it is still there and somebody has access to your new account too. If it was the case that you accessed a phishing site then that worry is no longer there with your new account, but I still wouldn't feel 100% safe until I'd done a clean install of my operating system and created a brand new account.

Sometimes when we're playing around with Bitcoin it doesn't seem like 'real' money - but if your system is compromised, you WILL lose more in the future.

Backup all your important data to an external hard drive, scan it with as many different anti-virus / anti-malware / anti-spyware / anti-rootkit programs as possible (preferably portable versions), then re-install your OS and create a new account; that might seem overkill but that's what I would do if it were me.

Libertas
Title: Re: Hacked Passphrase?
Post by: alexcutter on May 16, 2013, 12:44 am
Understood.

I think I'll just eat the money, and move on with the new account. It seems clear that the money will be gone (assuming I can get access), and as a new user, I only had a few transactions on my record.

Is there some reason why this would be a bad idea?

Thanks again for all of the help.

Personally, if it were me, I would want to make sure that the account was indeed compromised so as I have some idea what happened. If you didn't go to a phishing site then it's possible that there is a keylogger on your system. Again, if it were me, I'd scan for loggers and rootkits, then completely format my hard-drive, do a clean install of my operating system and create another brand new account.

If it is indeed a logger then it is still there and somebody has access to your new account too. If it was the case that you accessed a phishing site then that worry is no longer there with your new account, but I still wouldn't feel 100% safe until I'd done a clean install of my operating system and created a brand new account.

Sometimes when we're playing around with Bitcoin it doesn't seem like 'real' money - but if your system is compromised, you WILL lose more in the future.

Backup all your important data to an external hard drive, scan it with as many different anti-virus / anti-malware / anti-spyware / anti-rootkit programs as possible (preferably portable versions), then re-install your OS and create a new account; that might seem overkill but that's what I would do if it were me.

Libertas

I completely appreciate what you're saying, and understand that I should be as thorough as possible in cleaning up my drive.

However, I'm on a Mac, and use Time Machine constantly. Could I simply revert the state of my computer to a date prior to having ever visited SR?

If it seems like I'm trying to avoid the tedious work you described above, you're right. I'm totally up for wiping everything, but not unless it's necessary.

thx again.
Title: Re: Hacked Passphrase?
Post by: Libertas on May 16, 2013, 01:20 am
I completely appreciate what you're saying, and understand that I should be as thorough as possible in cleaning up my drive.

However, I'm on a Mac, and use Time Machine constantly. Could I simply revert the state of my computer to a date prior to having ever visited SR?

If it seems like I'm trying to avoid the tedious work you described above, you're right. I'm totally up for wiping everything, but not unless it's necessary.

thx again.

I haven't used my Mac in quite a long time so I'm unsure of what process you should employ in that case. Perhaps do a search on the clearweb for "keylogger mac time machine" etc. and see what information you can come up with?

Sorry I can't help more with that! :-\

Libertas
Title: Re: Hacked Passphrase?
Post by: Libertas on May 16, 2013, 02:16 pm
Locking this as clear instruction has been given as to how to resolve the issue; alexcutter, please feel free to PM me if you need me to reopen this.

Libertas