Greetings bitcoin community! #bitcoin-police is operated by volunteers from the Bitcoin community at large to respond to fraud related activity within the community. Although our powers of action are obviously as limited as any other internet denizen, we aim to collect as much information as possible in order to be capable of providing dossier information for legal action should it ever ensue. ########### INFORMATION RELASE - MYBITCOIN.COM ############# The following dossier has been compiled by #bitcoin-police in response to growing community debate over the current situation in relating to the online wallet provider MyBitcoin.com. **IMMEDIATE SITUATION Begining on Friday 29th July 2011 the site www.mybitcoin.com was reported as experienceing outages preventing transfer of funds to/from online wallets. At this time further reports emerged alleging the failure of medium to large sums of Bitcoin failing to be transferred to target wallets. related link: https://bitcointalk.org/index.php?topic=32900.0;all Historically, some question has been raised as to the operations of myBitcoin.com as early as mid june this year, spurring a repsonse from the alleged owner: https://bitcointalk.org/index.php?topic=22221.0;all * The use of GpG signature here should be noted as well as the name of the poster. from this we can conclude that "official" communications from myBitcoin.com are GpG signed to: http://pgp.mit.edu:11371/pks/lookup?search=mybitcoin ** HISTORY early indications of problems with mybitcoin operations emerged around June 29th/30th 2011: with (verified) responses from mybitcoin operations team revealing key technical details of the workings of mybitcoin. https://bitcointalk.org/index.php?topic=32900.0;all https://bitcointalk.org/index.php?topic=24548.0;all additional concerns emerged in early july (July 5th) implicating (most probably falsely) Bruce Wagner of Bitcoinme.com. (rapid cleansing of bitcoinme indicates no likely link to mybitcoin) http://bitcointalk.org/index.php?topic=26224.0;all with further issues and concerns raised throughout July 2011 http://bitcointalk.org/index.php?topic=26224.60 http://bitcointalk.org/index.php?topic=29147.0 http://bitcointalk.org/index.php?action=profile;u=8940;sa=showPosts https://bitcointalk.org/index.php?topic=33458.0;all http://www.reddit.com/r/Bitcoin/comments/imw0y/mybitcoin_is_a_disaster_waiting_to_happen/ http://www.blogger-index.com/feeds.php?feed_id=29159&&p=1 [Shitcoin] **Investigative Resuls Initial investigations into the ownership of myBitcoin.com reveal: Registrant: MyBitcoin, LLC Main Street PO Box 556 Charlestown, Nevis KN Administrative Contact: Williams, Tom Main Street PO Box 556 Charlestown, Nevis KN +6499518329 Registrar of Record: TUCOWS, INC. Record last updated on 27-Mar-2011. Record expires on 25-Apr-2012. Record created on 25-Apr-2010. Seemingly legitimate results with the exception that the listed address is well known. Quick investigation shows that the address to which MyBitcoin.com is register is actually the same as PrivacyShark.com Registrant: Privacy Shark, LLC Main Street PO Box 556 Charlestown, Nevis KN Domain name: PRIVACYSHARK.COM Administrative Contact: Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ==@privacyshark.com Main Street Charlestown, Nevis KN (202) 558-2876 PrivacyShark.com is a known anonymous Domain registrant providing "anonymous domain names, anonymous dns, and offshore whois information. ... Privacy Shark, LLC (privacyshark.com) is a wholly-formed corporation that is governed and regulated by the courts of Nevis, West Indies." _______ It appears that many other shell companies use this fake address, such as http://panjiva.com/Envases-Globales/1081553 Envases Globales P O Box 556 Main St Charlestown Nevis or King Zulu LLC. P.O. Box 556 Charlestown, Nevis Last Updated on: 28-DEC-08 Of iteresting note is the information provided on PrivacyShark's About page: " Q. How do I order / make payments? A. In order to be 100% anonymous, we only accept anonymous forms of payment. We accept Bitcoin (we recommend MyBitcoin). Order by clicking here. " [http://www.privacyshark.com/about.html] where a clear link promoting MyBitcoin.com is present, as is the information that normal clients registering through PrivacyShark will have a generic registration with the following format: *** BEFORE Privacy Shark Registrant: John Smith #123 Your Address Sometown, CA 90210 US Domain name: YOURDOMAIN.COM Administrative Contact: Smith, John jsmith@yourisp.com #123 Your Address Sometown, CA 90210 US 408-555-1212 Technical Contact: Smith, John jsmith@yourisp.com #123 Your Address Sometown, CA 90210 US 408-555-1212 Domain servers in listed order: NS1.YOURISP.COM NS2.YOURISP.COM AFTER Privacy Shark Registrant: Privacy Shark, LLC Main Street PO Box 556 Charlestown, Nevis KN Domain name: YOURDOMAIN.COM Administrative Contact: Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.com Main Street PO Box 556 Charlestown, Nevis KN (202) 558-2876 Technical Contact: Privacy Protected Domain, Privacy Shark Domain Trust cHJpdmFjeXNoYXJrLmNvbQ@privacyshark.com Main Street PO Box 556 Charlestown, Nevis KN (202) 558-2876 Domain servers in listed order: ANONYMOUS-DNS1.PRIVACYSHARK.COM ANONYMOUS-DNS2.PRIVACYSHARK.COM *** At this point, the registration of MyBitcoin.com does NOT match the standard format for a site registered via PrivacyShark. Further investigation shows at lest one known Bitcoin scam site registered via PrivacyShark that exhibit "normal" registration details [Bitcoin4Cash.com]: http://bitcointalk.org/index.php?topic=8258.0;all http://pastehtml.com/view/aui7tmtfe.html Registrant: Privacy Shark, LLC Main Street PO Box 556 Charlestown, Nevis KN Domain name: BITCOIN4CASH.COM Administrative Contact: Privacy Protected Domain, Privacy Shark Domain Trust Main Street PO Box 556 Charlestown, Nevis KN (202) 558-2876 ____ Additional information reveals the following known sites registered via PrivacyShark: phonefate.com h410g3n.com quiveringfuckholes.com netwerked.net voodoomachine.com hackcanada.com <====**** 6server.com freeworldtel.com daliwen.com mybitcoin.net <====**** assserver.com wwwmybitcoin.com <=====**** talksugar.com bitcoinreserve.com <=====*** demeterscoffeevault.com 7upyours.com dalinowen.com 6server.com plusnethosting.com talksugars.com wwwtalksugar diskhaven.com 1buckphonesluts 1hotphonebabe anomaliesonline.com 1hotphonebabe4u.com myfaveslave.com pussyjuicegirls.com sawtoothrc.com phonefate.rog talksugar.org mule-coquine.info hackcanada.org <====**** cfraamail.org plusnethosting.com freeworldtel.com pickup-test.com test-depersonalidad.com testbaleni.com globalxxxhost.com bitcoinia.com <===*** phonecallgirl.com sexiestserver.com pimpdollar.com dalinowen.com dalinowen.com plusnethosting.com phonefate.net 1hotphonebabe4u.com chicagobbwescort.com [ty - http://privacyshark.blogspot.com/] ___ Of most interest here is the inclusion of HackCanada - an organisation with historical ties to the bitcoin community. Investigation of the NETBLOCK upon which the mybitcoin servers operate shows that the servers are operated by LeaseWeb and the immedaite servers also host: nanaimogold.com - United States Nanaimo Gold - http://www.nanaimogold.com pimpdollar.com - United States - - Pimp dollar http://www.pimpdollar.com phonefate.com - - Privacy Shark, LLC - Phonefate phone sex with talksugar Talk sugar : livecam & phone sex : now with phonefate http://www.phonefate.com kinkybyphone.com - - - - Kinkybyphone phone sex with talksugar Talk sugar : livecam & phone sex : now with kinkybyphone http://www.kinkybyphone.com nettwerked.net - United States - - Nettwerked; a web-site for the canadian undergr0und scene Nettwerked http://www.nettwerked.net **NOTE this site is operated by a founding member of HackCanada hackcanada.com - United States - - Hack canada - it dont mean jack if it aint got that hack. Hack canada : hacking, phreaking, and tempestuous technology. rewiring your world the way we want it. http://www.hackcanada.com LeaseWeb Complaint ==> http://www.webhostingtalk.com/showthread.php?p=7602128 https://bitcointalk.org/index.php?topic=33020.0;all ** Most Recent Activity Of most recent note is an alleged post by the "owner" of mybitcoin.com which reveals contradictory technical information regarding the operation of mybitcoin: https://bitcointalk.org/index.php?topic=33646.0 This post is not GpG signed like any other communique from mybitcoin.com to date. Also the technical details and experience of staff elluded in this post would indicate that it is HIGHLY UNLIKELY this post originated from any real owner of mybitcoin. Most recent scanning of the site revealed that Privoxy serevices hosting TOR hidden service were most recently halted and current nMap activity of the site shows: Starting Nmap 5.51 ( http://nmap.org ) at 2011-08-03 01:18 E. Australia Standard Time NSE: Loaded 57 scripts for scanning. Initiating Parallel DNS resolution of 1 host. at 01:18 Completed Parallel DNS resolution of 1 host. at 01:18, 0.01s elapsed Initiating SYN Stealth Scan at 01:18 Scanning www.mybitcoin.com (83.149.112.133) [1000 ports] Increasing send delay for 83.149.112.133 from 0 to 5 due to 11 out of 11 dropped probes since last increase. SYN Stealth Scan Timing: About 10.07% done; ETC: 01:23 (0:04:37 remaining) Increasing send delay for 83.149.112.133 from 5 to 10 due to 11 out of 11 dropped probes since last increase. SYN Stealth Scan Timing: About 19.10% done; ETC: 01:23 (0:04:18 remaining) SYN Stealth Scan Timing: About 28.10% done; ETC: 01:23 (0:03:53 remaining) SYN Stealth Scan Timing: About 37.17% done; ETC: 01:23 (0:03:25 remaining) Discovered open port 9999/tcp on 83.149.112.133 SYN Stealth Scan Timing: About 46.03% done; ETC: 01:23 (0:02:57 remaining) SYN Stealth Scan Timing: About 47.37% done; ETC: 01:24 (0:03:21 remaining) SYN Stealth Scan Timing: About 48.73% done; ETC: 01:25 (0:03:42 remaining) SYN Stealth Scan Timing: About 50.33% done; ETC: 01:26 (0:04:04 remaining) SYN Stealth Scan Timing: About 52.77% done; ETC: 01:27 (0:04:29 remaining) SYN Stealth Scan Timing: About 56.77% done; ETC: 01:29 (0:04:58 remaining) SYN Stealth Scan Timing: About 70.23% done; ETC: 01:34 (0:04:53 remaining) SYN Stealth Scan Timing: About 78.07% done; ETC: 01:36 (0:04:03 remaining) SYN Stealth Scan Timing: About 84.27% done; ETC: 01:37 (0:03:07 remaining) SYN Stealth Scan Timing: About 89.90% done; ETC: 01:39 (0:02:07 remaining) SYN Stealth Scan Timing: About 95.17% done; ETC: 01:39 (0:01:03 remaining) Completed SYN Stealth Scan at 01:40, 1356.93s elapsed (1000 total ports) Initiating Service scan at 01:40 Scanning 1 service on www.mybitcoin.com (83.149.112.133) Completed Service scan at 01:41, 44.61s elapsed (1 service on 1 host) Initiating OS detection (try #1) against www.mybitcoin.com (83.149.112.133) Retrying OS detection (try #2) against www.mybitcoin.com (83.149.112.133) Initiating Traceroute at 01:42 Completed Traceroute at 01:42, 3.66s elapsed Initiating Parallel DNS resolution of 21 hosts. at 01:42 Completed Parallel DNS resolution of 21 hosts. at 01:42, 12.05s elapsed NSE: Script scanning 83.149.112.133. Initiating NSE at 01:42 Completed NSE at 01:42, 0.71s elapsed Nmap scan report for www.mybitcoin.com (83.149.112.133) Host is up (0.28s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 3300/tcp closed unknown 9999/tcp open ssl/abyss? Device type: general purpose Running (JUST GUESSING): OpenBSD 4.X (87%), FreeBSD 7.X (85%) Aggressive OS guesses: OpenBSD 4.0 (87%), FreeBSD 7.0-RELEASE-p5 (85%) No exact OS matches for host (test conditions non-ideal). Uptime guess: 0.001 days (since Wed Aug 03 01:41:33 2011) TCP Sequence Prediction: Difficulty=261 (Good luck!) IP ID Sequence Generation: Randomized In closing, #bitcoin-police conclude that it is most likely that MyBitoin.com had suspicious origins and the ongoing failure of authenticated communication from the provider would allege some level of impropiety on behalf of the operator. This investigation is marked as OPEN with a high level of suspect indicators. Any public information regarding this even tis welcom on the freenode #bitcoin-police channel, in Private Message to MrTiggr or GpG email to mr dot tiggr at gmail dot com MrTiggr - Commander-in-Chief, Bitcoin Police graingert - Pastebin hero