1. Greetings bitcoin community!
  2.  
  3. #bitcoin-police is operated by volunteers from the Bitcoin community at large to respond to fraud related activity within the community. Although our powers of action are obviously as limited as any other internet denizen, we aim to collect as much information as possible in order to be capable of providing dossier information for legal action should it ever ensue.
  4.  
  5. ########### INFORMATION RELASE - MYBITCOIN.COM #############
  6.  
  7. The following dossier has been compiled by #bitcoin-police in response to growing community debate over the current situation in relating to the online wallet provider MyBitcoin.com.
  8.  
  9. **IMMEDIATE SITUATION
  10.  
  11. Begining on Friday 29th July 2011 the site www.mybitcoin.com was reported as experienceing outages preventing transfer of funds to/from online wallets. At this time further reports emerged alleging the failure of medium to large sums of Bitcoin failing to be transferred to target wallets.
  12.  
  13. related link:
  14.  
  15. https://bitcointalk.org/index.php?topic=32900.0;all
  16.  
  17. Historically, some question has been raised as to the operations of myBitcoin.com as early as mid june this year, spurring a repsonse from the alleged owner:
  18.  
  19. https://bitcointalk.org/index.php?topic=22221.0;all
  20.  
  21. * The use of GpG signature here should be noted as well as the name of the poster.
  22. from this we can conclude that "official" communications from myBitcoin.com are GpG signed to:
  23.  
  24. http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin
  25.  
  26. ** HISTORY
  27.  
  28. early indications of problems with mybitcoin operations emerged around June 29th/30th 2011:
  29. with (verified) responses from mybitcoin operations team revealing key technical details of the workings of mybitcoin.
  30.  
  31. https://bitcointalk.org/index.php?topic=32900.0;all
  32. https://bitcointalk.org/index.php?topic=24548.0;all
  33.  
  34. additional concerns emerged in early july (July 5th) implicating (most probably falsely) Bruce Wagner of Bitcoinme.com. (rapid cleansing of bitcoinme indicates no likely link to mybitcoin)
  35.  
  36. http://bitcointalk.org/index.php?topic=26224.0;all
  37.  
  38. with further issues and concerns raised throughout July 2011
  39.  
  40. http://bitcointalk.org/index.php?topic=26224.60
  41. http://bitcointalk.org/index.php?topic=29147.0
  42. http://bitcointalk.org/index.php?action=profile;u=8940;sa=showPosts
  43. https://bitcointalk.org/index.php?topic=33458.0;all
  44. http://www.reddit.com/r/Bitcoin/comments/imw0y/mybitcoin_is_a_disaster_waiting_to_happen/
  45. http://www.blogger-index.com/feeds.php?feed_id=29159&&p=1 [Shitcoin]
  46.  
  47. **Investigative Resuls
  48.  
  49. Initial investigations into the ownership of myBitcoin.com reveal:
  50.  
  51. Registrant:
  52. MyBitcoin, LLC
  53. Main Street
  54. PO Box 556
  55. Charlestown, Nevis
  56. KN
  57.  
  58. Administrative Contact:
  59. Williams, Tom
  60. Main Street
  61. PO Box 556
  62. Charlestown, Nevis
  63. KN
  64. +6499518329
  65.  
  66. Registrar of Record: TUCOWS, INC.
  67. Record last updated on 27-Mar-2011.
  68. Record expires on 25-Apr-2012.
  69. Record created on 25-Apr-2010.
  70.  
  71.  
  72. Seemingly legitimate results with the exception that the listed address is well known.
  73. Quick investigation shows that the address to which MyBitcoin.com is register is actually the same as
  74. PrivacyShark.com
  75.  
  76. Registrant:
  77. Privacy Shark, LLC
  78. Main Street
  79. PO Box 556
  80. Charlestown, Nevis
  81. KN
  82.  
  83. Domain name: PRIVACYSHARK.COM
  84.  
  85. Administrative Contact:
  86. Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ==@privacyshark.com
  87. Main Street
  88.  
  89. Charlestown, Nevis
  90. KN
  91. (202) 558-2876
  92.  
  93. PrivacyShark.com is a known anonymous Domain registrant providing "anonymous domain names, anonymous dns, and offshore whois information.
  94.  
  95. ...
  96.  
  97. Privacy Shark, LLC (privacyshark.com) is a wholly-formed corporation that is governed and regulated by the courts of Nevis, West Indies."
  98.  
  99. _______
  100. It appears that many other shell companies use this fake address, such as
  101.  
  102. http://panjiva.com/Envases-Globales/1081553
  103. Envases Globales
  104. P O Box 556 Main St Charlestown Nevis
  105. or
  106.  
  107. King Zulu LLC.
  108. P.O. Box 556 Charlestown, Nevis Last Updated on: 28-DEC-08
  109.  
  110.  
  111. Of iteresting note is the information provided on PrivacyShark's About page:
  112.  
  113. "
  114. Q. How do I order / make payments?
  115. A. In order to be 100% anonymous, we only accept anonymous forms of payment. We accept Bitcoin (we recommend MyBitcoin). Order by clicking here.
  116. " [http://www.privacyshark.com/about.html]
  117.  
  118. where a clear link promoting MyBitcoin.com is present, as is the information that normal clients registering through PrivacyShark will have a generic registration with the following format:
  119.  
  120. ***
  121.  
  122. BEFORE Privacy Shark
  123.  
  124. Registrant:
  125. John Smith
  126. #123 Your Address
  127. Sometown, CA 90210
  128. US
  129.  
  130. Domain name: YOURDOMAIN.COM
  131.  
  132. Administrative Contact:
  133. Smith, John jsmith@yourisp.com
  134. #123 Your Address
  135. Sometown, CA 90210
  136. US
  137. 408-555-1212
  138.  
  139. Technical Contact:
  140. Smith, John jsmith@yourisp.com
  141. #123 Your Address
  142. Sometown, CA 90210
  143. US
  144. 408-555-1212
  145.  
  146.  
  147. Domain servers in listed order:
  148. NS1.YOURISP.COM
  149. NS2.YOURISP.COM
  150. AFTER Privacy Shark
  151.  
  152. Registrant:
  153. Privacy Shark, LLC
  154. Main Street
  155. PO Box 556
  156. Charlestown, Nevis
  157. KN
  158.  
  159. Domain name: YOURDOMAIN.COM
  160.  
  161. Administrative Contact:
  162. Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.com
  163. Main Street
  164. PO Box 556
  165. Charlestown, Nevis
  166. KN
  167. (202) 558-2876
  168.  
  169. Technical Contact:
  170. Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.com
  171. Main Street
  172. PO Box 556
  173. Charlestown, Nevis
  174. KN
  175. (202) 558-2876
  176.  
  177.  
  178. Domain servers in listed order:
  179. ANONYMOUS-DNS1.PRIVACYSHARK.COM
  180. ANONYMOUS-DNS2.PRIVACYSHARK.COM
  181.  
  182. ***
  183.  
  184.  
  185. At this point, the registration of MyBitcoin.com does NOT match the standard format for a site registered via PrivacyShark.
  186.  
  187. Further investigation shows at lest one known Bitcoin scam site registered via PrivacyShark that exhibit "normal" registration details [Bitcoin4Cash.com]:
  188.  
  189. http://bitcointalk.org/index.php?topic=8258.0;all
  190. http://pastehtml.com/view/aui7tmtfe.html
  191.  
  192. Registrant:
  193. Privacy Shark, LLC
  194. Main Street
  195. PO Box 556
  196. Charlestown, Nevis
  197. KN
  198.  
  199. Domain name: BITCOIN4CASH.COM
  200.  
  201. Administrative Contact:
  202. Privacy Protected Domain, Privacy Shark Domain Trust
  203. Main Street
  204. PO Box 556
  205. Charlestown, Nevis
  206. KN
  207. (202) 558-2876
  208.  
  209. ____
  210.  
  211. Additional information reveals the following known sites registered via PrivacyShark:
  212.  
  213. phonefate.com
  214. h410g3n.com
  215. quiveringfuckholes.com
  216. netwerked.net
  217. voodoomachine.com
  218. hackcanada.com <====****
  219. 6server.com
  220. freeworldtel.com
  221. daliwen.com
  222. mybitcoin.net <====****
  223. assserver.com
  224. wwwmybitcoin.com <=====****
  225. talksugar.com
  226. bitcoinreserve.com <=====***
  227. demeterscoffeevault.com
  228. 7upyours.com
  229. dalinowen.com
  230. 6server.com
  231. plusnethosting.com
  232. talksugars.com
  233. wwwtalksugar
  234. diskhaven.com
  235. 1buckphonesluts
  236. 1hotphonebabe
  237. anomaliesonline.com
  238. 1hotphonebabe4u.com
  239. myfaveslave.com
  240. pussyjuicegirls.com
  241. sawtoothrc.com
  242. phonefate.rog
  243. talksugar.org
  244. mule-coquine.info
  245. hackcanada.org <====****
  246. cfraamail.org
  247. plusnethosting.com
  248. freeworldtel.com
  249. pickup-test.com
  250. test-depersonalidad.com
  251. testbaleni.com
  252. globalxxxhost.com
  253. bitcoinia.com <===***
  254. phonecallgirl.com
  255. sexiestserver.com
  256. pimpdollar.com
  257. dalinowen.com
  258. dalinowen.com
  259. plusnethosting.com
  260. phonefate.net
  261. 1hotphonebabe4u.com
  262. chicagobbwescort.com
  263.  
  264. [ty - http://privacyshark.blogspot.com/]
  265. ___
  266.  
  267. Of most interest here is the inclusion of HackCanada - an organisation with historical ties to the bitcoin community.
  268.  
  269. Investigation of the NETBLOCK upon which the mybitcoin servers operate shows that the servers are operated by LeaseWeb and the immedaite servers also host:
  270.  
  271. nanaimogold.com - United States Nanaimo Gold -
  272. http://www.nanaimogold.com
  273.  
  274. pimpdollar.com - United States - -
  275. Pimp dollar
  276. http://www.pimpdollar.com
  277.  
  278. phonefate.com - - Privacy Shark, LLC -
  279. Phonefate phone sex with talksugar
  280. Talk sugar : livecam & phone sex : now with phonefate
  281. http://www.phonefate.com
  282.  
  283. kinkybyphone.com - - - -
  284. Kinkybyphone phone sex with talksugar
  285. Talk sugar : livecam & phone sex : now with kinkybyphone
  286. http://www.kinkybyphone.com
  287.  
  288. nettwerked.net - United States - -
  289. Nettwerked; a web-site for the canadian undergr0und scene
  290. Nettwerked
  291. http://www.nettwerked.net
  292.  
  293. **NOTE this site is operated by a founding member of HackCanada
  294.  
  295. hackcanada.com - United States - -
  296. Hack canada - it dont mean jack if it aint got that hack.
  297. Hack canada : hacking, phreaking, and tempestuous technology. rewiring your world the way we want it.
  298. http://www.hackcanada.com
  299.  
  300.  
  301. LeaseWeb Complaint ==> http://www.webhostingtalk.com/showthread.php?p=7602128
  302. https://bitcointalk.org/index.php?topic=33020.0;all
  303.  
  304. ** Most Recent Activity
  305.  
  306. Of most recent note is an alleged post by the "owner" of mybitcoin.com which reveals contradictory technical information regarding the operation of mybitcoin:
  307.  
  308. https://bitcointalk.org/index.php?topic=33646.0
  309.  
  310. This post is not GpG signed like any other communique from mybitcoin.com to date. Also the technical details and experience of staff elluded in this post would indicate that it is HIGHLY UNLIKELY this post originated from any real owner of mybitcoin.
  311.  
  312. Most recent scanning of the site revealed that Privoxy serevices hosting TOR hidden service were most recently halted and current nMap activity of the site shows:
  313.  
  314. Starting Nmap 5.51 ( http://nmap.org ) at 2011-08-03 01:18 E. Australia Standard Time
  315.  
  316. NSE: Loaded 57 scripts for scanning.
  317.  
  318. Initiating Parallel DNS resolution of 1 host. at 01:18
  319.  
  320. Completed Parallel DNS resolution of 1 host. at 01:18, 0.01s elapsed
  321.  
  322. Initiating SYN Stealth Scan at 01:18
  323.  
  324. Scanning www.mybitcoin.com (83.149.112.133) [1000 ports]
  325.  
  326. Increasing send delay for 83.149.112.133 from 0 to 5 due to 11 out of 11 dropped probes since last increase.
  327.  
  328. SYN Stealth Scan Timing: About 10.07% done; ETC: 01:23 (0:04:37 remaining)
  329.  
  330. Increasing send delay for 83.149.112.133 from 5 to 10 due to 11 out of 11 dropped probes since last increase.
  331.  
  332. SYN Stealth Scan Timing: About 19.10% done; ETC: 01:23 (0:04:18 remaining)
  333.  
  334. SYN Stealth Scan Timing: About 28.10% done; ETC: 01:23 (0:03:53 remaining)
  335.  
  336. SYN Stealth Scan Timing: About 37.17% done; ETC: 01:23 (0:03:25 remaining)
  337.  
  338. Discovered open port 9999/tcp on 83.149.112.133
  339.  
  340. SYN Stealth Scan Timing: About 46.03% done; ETC: 01:23 (0:02:57 remaining)
  341.  
  342. SYN Stealth Scan Timing: About 47.37% done; ETC: 01:24 (0:03:21 remaining)
  343.  
  344. SYN Stealth Scan Timing: About 48.73% done; ETC: 01:25 (0:03:42 remaining)
  345.  
  346. SYN Stealth Scan Timing: About 50.33% done; ETC: 01:26 (0:04:04 remaining)
  347.  
  348. SYN Stealth Scan Timing: About 52.77% done; ETC: 01:27 (0:04:29 remaining)
  349.  
  350. SYN Stealth Scan Timing: About 56.77% done; ETC: 01:29 (0:04:58 remaining)
  351.  
  352. SYN Stealth Scan Timing: About 70.23% done; ETC: 01:34 (0:04:53 remaining)
  353.  
  354. SYN Stealth Scan Timing: About 78.07% done; ETC: 01:36 (0:04:03 remaining)
  355.  
  356. SYN Stealth Scan Timing: About 84.27% done; ETC: 01:37 (0:03:07 remaining)
  357.  
  358. SYN Stealth Scan Timing: About 89.90% done; ETC: 01:39 (0:02:07 remaining)
  359.  
  360. SYN Stealth Scan Timing: About 95.17% done; ETC: 01:39 (0:01:03 remaining)
  361.  
  362. Completed SYN Stealth Scan at 01:40, 1356.93s elapsed (1000 total ports)
  363.  
  364. Initiating Service scan at 01:40
  365.  
  366. Scanning 1 service on www.mybitcoin.com (83.149.112.133)
  367.  
  368. Completed Service scan at 01:41, 44.61s elapsed (1 service on 1 host)
  369.  
  370. Initiating OS detection (try #1) against www.mybitcoin.com (83.149.112.133)
  371.  
  372. Retrying OS detection (try #2) against www.mybitcoin.com (83.149.112.133)
  373.  
  374. Initiating Traceroute at 01:42
  375.  
  376. Completed Traceroute at 01:42, 3.66s elapsed
  377.  
  378. Initiating Parallel DNS resolution of 21 hosts. at 01:42
  379.  
  380. Completed Parallel DNS resolution of 21 hosts. at 01:42, 12.05s elapsed
  381.  
  382. NSE: Script scanning 83.149.112.133.
  383.  
  384. Initiating NSE at 01:42
  385.  
  386. Completed NSE at 01:42, 0.71s elapsed
  387.  
  388. Nmap scan report for www.mybitcoin.com (83.149.112.133)
  389.  
  390. Host is up (0.28s latency).
  391.  
  392. Not shown: 998 filtered ports
  393.  
  394. PORT STATE SERVICE VERSION
  395.  
  396. 3300/tcp closed unknown
  397.  
  398. 9999/tcp open ssl/abyss?
  399.  
  400. Device type: general purpose
  401.  
  402. Running (JUST GUESSING): OpenBSD 4.X (87%), FreeBSD 7.X (85%)
  403.  
  404. Aggressive OS guesses: OpenBSD 4.0 (87%), FreeBSD 7.0-RELEASE-p5 (85%)
  405.  
  406. No exact OS matches for host (test conditions non-ideal).
  407.  
  408. Uptime guess: 0.001 days (since Wed Aug 03 01:41:33 2011)
  409.  
  410. TCP Sequence Prediction: Difficulty=261 (Good luck!)
  411.  
  412. IP ID Sequence Generation: Randomized
  413.  
  414.  
  415. In closing, #bitcoin-police conclude that it is most likely that MyBitoin.com had suspicious origins and the ongoing failure of authenticated communication from the provider would allege some level of impropiety on behalf of the operator. This investigation is marked as OPEN with a high level of suspect indicators.
  416.  
  417. Any public information regarding this even tis welcom on the freenode #bitcoin-police channel, in Private Message to MrTiggr or GpG email to mr dot tiggr at gmail dot com
  418.  
  419. MrTiggr - Commander-in-Chief, Bitcoin Police
  420. graingert - Pastebin hero