I thought it would be really cool to have an ultimate guide for those new to crypto currencies and the terms used. I made this mostly for beginner’s and veterans alike. I’m not sure how much use you will get out of this. Stuff gets lost on Reddit quite easily so I hope this finds its way to you. Included in this list, I have included most of the terms used in crypto-communities. I have compiled this list from a multitude of sources. The list is in alphabetical order and may include some words/terms not exclusive to the crypto world but may be helpful regardless. 2FA
Two factor authentication. I highly advise that you use it. 51% Attack:
A situation where a single malicious individual or group gains control of more than half of a cryptocurrency network’s computing power. Theoretically, it could allow perpetrators to manipulate the system and spend the same coin multiple times, stop other users from completing blocks and make conflicting transactions to a chain that could harm the network. Address (or Addy):
A unique string of numbers and letters (both upper and lower case) used to send, receive or store cryptocurrency on the network. It is also the public key in a pair of keys needed to sign a digital transaction. Addresses can be shared publicly as a text or in the form of a scannable QR code. They differ between cryptocurrencies. You can’t send Bitcoin to an Ethereum address, for example. Altcoin (alternative coin):
Any digital currency other than Bitcoin. These other currencies are alternatives to Bitcoin regarding features and functionalities (e.g. faster confirmation time, lower price, improved mining algorithm, higher total coin supply). There are hundreds of altcoins, including Ether, Ripple, Litecoin and many many others. AIRDROP:
An event where the investors/participants are able to receive free tokens or coins into their digital wallet. AML:
Defines Anti-Money Laundering laws**.** ARBITRAGE:
Getting risk-free profits by trading (simultaneous buying and selling of the cryptocurrency) on two different exchanges which have different prices for the same asset. Ashdraked:
Being Ashdraked is essentially a more detailed version of being Zhoutonged. It is when you lose all of your invested capital, but you do so specifically by shorting Bitcoin. The expression “Ashdraked” comes from a story of a Romanian cryptocurrency investor who insisted upon shorting BTC, as he had done so successfully in the past. When the price of BTC rose from USD 300 to USD 500, the Romanian investor lost all of his money. ATH (All Time High):
The highest price ever achieved by a cryptocurrency in its entire history. Alternatively, ATL is all time low Bearish:
A tendency of prices to fall; a pessimistic expectation that the value of a coin is going to drop. Bear trap:
A manipulation of a stock or commodity by investors. Bitcoin:
The very first, and the highest ever valued, mass-market open source and decentralized cryptocurrency and digital payment system that runs on a worldwide peer to peer network. It operates independently of any centralized authorities Bitconnect:
One of the biggest scams in the crypto world. it was made popular in the meme world by screaming idiot Carlos Matos, who infamously proclaimed," hey hey heeeey” and “what's a what's a what's up wasssssssssuuuuuuuuuuuuup, BitConneeeeeeeeeeeeeeeeeeeeeeeect!”. He is now in the mentally ill meme hall of fame. Block:
A package of permanently recorded data about transactions occurring every time period (typically about 10 minutes) on the blockchain network. Once a record has been completed and verified, it goes into a blockchain and gives way to the next block. Each block also contains a complex mathematical puzzle with a unique answer, without which new blocks can’t be added to the chain. Blockchain:
An unchangeable digital record of all transactions ever made in a particular cryptocurrency and shared across thousands of computers worldwide. It has no central authority governing it. Records, or blocks, are chained to each other using a cryptographic signature. They are stored publicly and chronologically, from the genesis block to the latest block, hence the term blockchain. Anyone can have access to the database and yet it remains incredibly difficult to hack. Bullish:
A tendency of prices to rise; an optimistic expectation that a specific cryptocurrency will do well and its value is going to increase. BTFD:
Buy the fucking dip. This advise was bestowed upon us by the gods themselves. It is the iron code to crypto enthusiasts. Bull market:
A market that Cryptos are going up. Consensus:
An agreement among blockchain participants on the validity of data. Consensus is reached when the majority of nodes on the network verify that the transaction is 100% valid. Crypto bubble:
The instability of cryptocurrencies in terms of price value Cryptocurrency:
A type of digital currency, secured by strong computer code (cryptography), that operates independently of any middlemen or central authoritie Cryptography:
The art of converting sensitive data into a format unreadable for unauthorized users, which when decoded would result in a meaningful statement. Cryptojacking:
The use of someone else’s device and profiting from its computational power to mine cryptocurrency without their knowledge and consent. Crypto-Valhalla:
When HODLers(holders) eventually cash out they go to a place called crypto-Valhalla. The strong will be separated from the weak and the strong will then be given lambos. DAO:
Decentralized Autonomous Organizations. It defines A blockchain technology inspired organization or corporation that exists and operates without human intervention. Dapp (decentralized application):
An open-source application that runs and stores its data on a blockchain network (instead of a central server) to prevent a single failure point. This software is not controlled by the single body – information comes from people providing other people with data or computing power. Decentralized:
A system with no fundamental control authority that governs the network. Instead, it is jointly managed by all users to the system. Desktop wallet:
A wallet that stores the private keys on your computer, which allow the spending and management of your bitcoins. DILDO:
Long red or green candles. This is a crypto signal that tells you that it is not favorable to trade at the moment. Found on candlestick charts. Digital Signature:
An encrypted digital code attached to an electronic document to prove that the sender is who they say they are and confirm that a transaction is valid and should be accepted by the network. Double Spending:
An attack on the blockchain where a malicious user manipulates the network by sending digital money to two different recipients at exactly the same time. DYOR:
Means do your own research. Encryption:
Converting data into code to protect it from unauthorized access, so that only the intended recipient(s) can decode it. Eskrow:
the practice of having a third party act as an intermediary in a transaction. This third party holds the funds on and sends them off when the transaction is completed. Ethereum:
Ethereum is an open source, public, blockchain-based platform that runs smart contracts and allows you to build dapps on it. Ethereum is fueled by the cryptocurrency Ether. Exchange:
A platform (centralized or decentralized) for exchanging (trading) different forms of cryptocurrencies. These exchanges allow you to exchange cryptos for local currency. Some popular exchanges are Coinbase, Bittrex, Kraken and more. Faucet:
A website which gives away free cryptocurrencies. Fiat money:
Fiat currency is legal tender whose value is backed by the government that issued it, such as the US dollar or UK pound. Fork:
A split in the blockchain, resulting in two separate branches, an original and a new alternate version of the cryptocurrency. As a single blockchain forks into two, they will both run simultaneously on different parts of the network. For example, Bitcoin Cash is a Bitcoin fork. FOMO:
Fear of missing out. Frictionless:
A system is frictionless when there are zero transaction costs or trading retraints. FUD:
Fear, Uncertainty and Doubt regarding the crypto market. Gas:
A fee paid to run transactions, dapps and smart contracts on Ethereum. Halving:
A 50% decrease in block reward after the mining of a pre-specified number of blocks. Every 4 years, the “reward” for successfully mining a block of bitcoin is reduced by half. This is referred to as “Halving”. Hardware wallet:
Physical wallet devices that can securely store cryptocurrency maximally. Some examples are Ledger Nano S**,** Digital Bitbox and more**.** Hash:
The process that takes input data of varying sizes, performs an operation on it and converts it into a fixed size output. It cannot be reversed. Hashing:
The process by which you mine bitcoin or similar cryptocurrency, by trying to solve the mathematical problem within it, using cryptographic hash functions. HODL:
A Bitcoin enthusiast once accidentally misspelled the word HOLD and it is now part of the bitcoin legend. It can also mean hold on for dear life. ICO (Initial Coin Offering):
A blockchain-based fundraising mechanism, or a public crowd sale of a new digital coin, used to raise capital from supporters for an early stage crypto venture. Beware of these as there have been quite a few scams in the past. John mcAfee:
A man who will one day eat his balls on live television for falsely predicting bitcoin going to 100k. He has also become a small meme within the crypto community for his outlandish claims. JOMO:
Joy of missing out. For those who are so depressed about missing out their sadness becomes joy. KYC:
Know your customer(alternatively consumer). Lambo:
This stands for Lamborghini. A small meme within the investing community where the moment someone gets rich they spend their earnings on a lambo. One day we will all have lambos in crypto-valhalla. Ledger:
Away from Blockchain, it is a book of financial transactions and balances. In the world of crypto, the blockchain functions as a ledger. A digital currency’s ledger records all transactions which took place on a certain block chain network. Leverage:
Trading with borrowed capital (margin) in order to increase the potential return of an investment. Liquidity:
The availability of an asset to be bought and sold easily, without affecting its market price.
of the coins. Margin trading:
The trading of assets or securities bought with borrowed money. Market cap/MCAP:
A short-term for Market Capitalization. Market Capitalization refers to the market value of a particular cryptocurrency. It is computed by multiplying the Price of an individual unit of coins by the total circulating supply. Miner:
A computer participating in any cryptocurrency network performing proof of work. This is usually done to receive block rewards. Mining:
The act of solving a complex math equation to validate a blockchain transaction using computer processing power and specialized hardware. Mining contract:
A method of investing in bitcoin mining hardware, allowing anyone to rent out a pre-specified amount of hashing power, for an agreed amount of time. The mining service takes care of hardware maintenance, hosting and electricity costs, making it simpler for investors. Mining rig:
A computer specially designed for mining cryptocurrencies. Mooning:
A situation the price of a coin rapidly increases in value. Can also be used as: “I hope bitcoin goes to the moon” Node:
Any computing device that connects to the blockchain network. Open source:
The practice of sharing the source code for a piece of computer software, allowing it to be distributed and altered by anyone. OTC:
Over the counter. Trading is done directly between parties. P2P (Peer to Peer):
A type of network connection where participants interact directly with each other rather than through a centralized third party. The system allows the exchange of resources from A to B, without having to go through a separate server. Paper wallet:
A form of “cold storage” where the private keys are printed onto a piece of paper and stored offline. Considered as one of the safest crypto wallets, the truth is that it majors in sweeping coins from your wallets. Pre mining:
The mining of a cryptocurrency by its developers before it is released to the public. Proof of stake (POS):
A consensus distribution algorithm which essentially rewards you based upon the amount of the coin that you own. In other words, more investment in the coin will leads to more gain when you mine with this protocol In Proof of Stake, the resource held by the “miner” is their stake in the currency. PROOF OF WORK (POW)
The competition of computers competing to solve a tough crypto math problem. The first computer that does this is allowed to create new blocks and record information.” The miner is then usually rewarded via transaction fees. Protocol:
A standardized set of rules for formatting and processing data. Public key / private key:
A cryptographic code that allows a user to receive cryptocurrencies into an account. The public key is made available to everyone via a publicly accessible directory, and the private key remains confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a public key may only be decrypted by its corresponding private key. Pump and dump:
Massive buying and selling activity of cryptocurrencies (sometimes organized and to one’s benefit) which essentially result in a phenomenon where the significant surge in the value of coin followed by a huge crash take place in a short time frame. Recovery phrase:
A set of phrases you are given whereby you can regain or access your wallet should you lose the private key to your wallets — paper, mobile, desktop, and hardware wallet. These phrases are some random 12–24 words. A recovery Phrase can also be called as Recovery seed, Seed Key, Recovery Key, or Seed Phrase. REKT:
Referring to the word “wrecked”. It defines a situation whereby an investor or trader who has been ruined utterly following the massive losses suffered in crypto industry. Ripple:
An alternative payment network to Bitcoin based on similar cryptography. The ripple network uses XRP as currency and is capable of sending any asset type. ROI:
Return on investment. Safu:
A crypto term for safe popularized by the Bizonnaci YouTube channel after the CEO of Binance tweeted
“Funds are safe." “the exchage I use got hacked!”“Oh no, are your funds safu?” “My coins better be safu!”
The smallest fraction of a bitcoin is called a “satoshi” or “sat”. It represents one hundred-millionth of a bitcoin and is named after Satoshi Nakamoto. Satoshi Nakamoto:
This was the pseudonym for the mysterious creator of Bitcoin. Scalability:
The ability of a cryptocurrency to contain the massive use of its Blockchain. Sharding:
A scaling solution for the Blockchain. It is generally a method that allows nodes to have partial copies of the complete blockchain in order to increase overall network performance and consensus speeds. Shitcoin:
Coin with little potential or future prospects. Shill:
Spreading buzz by heavily promoting a particular coin in the community to create awareness. Short position:
Selling of a specific cryptocurrency with an expectation that it will drop in value. Silk road:
The online marketplace where drugs and other illicit items were traded for Bitcoin. This marketplace is using accessed through “TOR”, and VPNs. In October 2013, a Silk Road was shut down in by the FBI. Smart Contract:
Certain computational benchmarks or barriers that have to be met in turn for money or data to be deposited or even be used to verify things such as land rights. Software Wallet:
A crypto wallet that exists purely as software files on a computer. Usually, software wallets can be generated for free from a variety of sources. Solidity:
A cryptocoin with an extremely low volatility that can be used to trade against the overall market. Staking:
Staking is the process of actively participating in transaction validation (similar to mining) on a proof-of-stake (PoS) blockchain. On these blockchains, anyone with a minimum-required balance of a specific cryptocurrency can validate transactions and earn Staking rewards. Surge:
When a crypto currency appreciates or goes up in price. Tank:
The opposite of mooning. When a coin tanks it can also be described as crashing. Tendies
For traders , the chief prize is “tendies” (chicken tenders, the treat an overgrown man-child receives for being a “Good Boy”) . Token:
A unit of value that represents a digital asset built on a blockchain system. A token is usually considered as a “coin” of a cryptocurrency, but it really has a wider functionality. TOR:
“The Onion Router” is a free web browser designed to protect users’ anonymity and resist censorship. Tor is usually used surfing the web anonymously and access sites on the “Darkweb”. Transaction fee:
An amount of money users are charged from their transaction when sending cryptocurrencies. Volatility:
A measure of fluctuations in the price of a financial instrument over time. High volatility in bitcoin is seen as risky since its shifting value discourages people from spending or accepting it. Wallet:
A file that stores all your private keys and communicates with the blockchain to perform transactions. It allows you to send and receive bitcoins securely as well as view your balance and transaction history. Whale:
An investor that holds a tremendous amount of cryptocurrency. Their extraordinary large holdings allow them to control prices and manipulate the market. Whitepaper:
A comprehensive report or guide made to understand an issue or help decision making. It is also seen as a technical write up that most cryptocurrencies provide to take a deep look into the structure and plan of the cryptocurrency/Blockchain project. Satoshi Nakamoto was the first to release a whitepaper on Bitcoin, titled “Bitcoin: A Peer-to-Peer Electronic Cash System” in late 2008.
And with that I finally complete my odyssey. I sincerely hope that this helped you and if you are new, I welcome you to crypto. If you read all of that I hope it increased, you in knowledge.
my final definition: Crypto-Family:
A collection of all the HODLers and crypto fanatics. A place where all people alike unite over a love for crypto.
We are all in this together as we pioneer the new world that is crypto currency. I wish you a great day and Happy HODLing.
feel free to comment words or terms that you feel should be included or about any errors I made.
Edit1:some fixes were made and added words.
First, a bit of introduction before we get into the living drama that is Brian Krebs.
Brian Krebs has been a journalist for decades, starting in the late 90s. He got his start at The Washington Post
, but what he's most famous for are his exposes on criminal businesses and individuals who perpetuate cyber crime worldwide. In 2001, he got his interest in cybercrime piqued when a computer worm locked him out of his own computer. In 2005, he shifted from working as a staff writer at The Washington Post's
tech newswire to writing for their security blog, "Security Wire". During his tenure there, he started by focusing on the victims of cybercrime, but later also started to focus on the perpetrators of it as well. His reporting helped lead to the shutdown of McColo, a hosting provider who provided service to some of the world's biggest spammers and hackers. Reports analyzing the shutdown of McColo estimated that global spam volume dropped by between 40 and 70 percent. Further analysis revealed it also played host to child pornography sites, and the Russian Business Network, a major Russian cybercrime ring.
In 2009, Krebs left to start his own site, KrebsOnSecurity
. Since then, he's been credited with being the first to report on major events such as Stuxnet and when Target was breached, resulting in the leakage of 40 million cards. He also regularly investigates and reveals criminals' identities on his site. The latter has made him the bane of the world of cybercrime, as well as basically a meme, where criminals will include references like Made by Brian Krebs in their code, or name their shops full of stolen credit cards after him
One of his first posts on his new site was a selection of his best work
. While not particularly dramatic, they serve as an excellent example of dogged investigative work, and his series reveal the trail of takedowns his work has documented, or even contributed to.
And now, a selection of drama involving Krebs. Note, all posts are sarcastically-tinged retellings of the source material which I will link throughout. I also didn't use the real names in my retellings, but they are in the source material. This took way too long to write, and it still does massively condense the events described in the series. Krebs has been involved with feuds with other figures, but I'd argue these tales are the "main" bits of drama that are most suited for here.
Fly on the Wall
By 2013, Krebs was no stranger to cybercriminals taking the fight to the real world. He was swatted previously
to the point where the police actually know to give him a ring and see if there'd actually
been a murder, or if it was just those wacky hackers at it again. In addition, his identity was basically common knowledge to cybercriminals, who would open lines of credit in his name, or find ways to send him money using stolen credit cards.
However, one particular campaign against him caught his eye
. A hacker known as "Fly" aka "Flycracker" aka "MUXACC1" posted on a Russian-language fraud forum he administered about a "Krebs fund". His plan was simple. Raise Bitcoin to buy Heroin off of a darknet marketplace, address it to Krebs, and alert his local police via a spoofed phone call. Now, because Krebs is an investigative journalist, he develops undercover presences on cybercrime forums, and it just so happened he'd built up a presence on this one already.
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!
Fly had first caught Krebs' attention by taunting him on Twitter, sending him Tweets including insults and abuse, and totally-legit looking links. Probably either laced with malware, or designed to get Krebs' IP. He also took to posting personal details such as Krebs' credit report, directions to his house, and pictures of his front door on LiveJournal, of all places.
So, after spotting the scheme, he alerted his local police that he'd probably have someone sending him some China White. Sure enough, the ne'er-do-wells managed to raise 2 BTC, which at the time was a cool $200 or so. They created an account on the premiere darknet site at the time, The Silk Road
under the foolproof name "briankrebs7". They found one seller who had consistently high reviews, but the deal fell through for unknown reasons. My personal theory is the seller decided to Google where it was going, and realized sending a gram of dope into the waiting arms of local law enforcement probably wasn't the best use of his time. Still, the forum members persevered, and found another seller who was running a buy 10 get 2 free promotion. $165 of Bitcoin later, the drugs were on their way to a new home. The seller apparently informed Fly that the shipment should arrive by Tuesday, a fact which he gleefully shared with the forum.
While our intrepid hero had no doubt that the forum members were determined to help him grab the tail of the dragon, he's not one to assume without confirmation, and enlisted the help of a graduate student at UCSD who was researching Bitcoin and anonymity on The Silk Road
, and confirmed the address shared by Fly was used to deposit 2 BTC into an account known to be used for money management on the site.
By Monday, an envelope from Chicago had arrived, containing a copy of Chicago confidential. Taped inside were tiny baggies filled with the purported heroin. Either dedicated to satisfied customers, or mathematically challenged, the seller had included thirteen baggies instead of the twelve advertised. A police officer arrived to take a report and whisked the baggies away.
Now, Fly was upset that Krebs wasn't in handcuffs for drug possession, and decided to follow up his stunt by sending Krebs a floral arrangement shaped like a cross, and an accompanying threatening message addressed to his wife, the dire tone slightly undercut by the fact that it was signed "Velvet Crabs"
. Krebs' curiosity was already piqued from the shenanigans with the heroin, but with the arrival of the flowers decided to dive deeper
into the сука behind things.
He began digging into databases from carding sites that had been hacked, but got his first major breakthrough to his identity from a Russian computer forensics firm. Fly had maintained an account on a now-defunct hacking forum, whose database was breached under "Flycracker". It turns out, the email Flycracker had used was also
hacked at some point, and a source told Krebs that the email was full of reports from a keylogger Fly had installed on his wife's computer. Now, because presumably his wife wasn't part of, or perhaps even privy to her husband's illicit dealings, her email account happened to be her full legal name, which Krebs was able to trace to her husband. Now, around this time, the site Fly maintained disappeared from the web, and administrators on another major fraud forum started purging his account. This is a step they typically take when they suspect a member has been apprehended by authorities. Nobody knew for sure, but they didn't want to take any chances.
More research by Krebs revealed that the criminals' intuition had been correct, and Fly was arrested in Italy, carrying documents under an assumed name. He was sitting in an Italian jail, awaiting potential extradition to the United States, as well as potentially facing charges in Italy. This was relayed to Krebs by a law enforcement official who simply said "The Fly has been swatted". (Presumably while slowly removing a pair of aviator sunglasses)
While Fly may have been put away, the story between Krebs and Fly wasn't quite over. He did end up being extradited to the US for prosecution
, but while imprisoned in Italy, Fly actually started sending Krebs letters. Understandably distrustful after the whole "heroin" thing, his contacts in federal law enforcement tested the letter, and found it to be clean. Inside, there was a heartfelt and personal letter, apologizing for fucking with Krebs in so many ways. He also forgave Krebs for posting his identity online, leading him to muse that perhaps Fly was working through a twelve-step program. In December, he received another letter, this time a simple postcard with a cheerful message wishing him a Merry Christmas and a Happy New Year. Krebs concluded his post thusly:
Cybercrooks have done some pretty crazy stuff to me in response to my reporting about them. But I don’t normally get this kind of closure. I look forward to meeting with Fly in person one day soon now that he will be just a short train ride away. And he may be here for some time: If convicted on all charges, Fly faces up to 30 years in U.S. federal prison.
Fly ultimately was extradited. He plead guilty
and was sentenced to 41 months in jail
vDOS and Mirai Break The Internet
Criminals are none too happy when they find their businesses and identities on the front page of KrebsOnSecurity
. It usually means law enforcement isn't far behind. One such business was known as vDOS.
A DDOS-for-hire (also known as a "booter" or a "stresser") site that found itself hacked, with all their customer records still in their databases leaked. Analysis of the records found that in a four-month time span, the service had been responsible for about 8.81 years worth of attack time, meaning on average at any given second, there were 26 simultaneous attacks running. Interestingly, the hack of vDOS came about from another DDOS-for-hire site, who as it turns out was simply reselling services provided by vDOS. They were far from the only one. vDOS appeared to provide firepower to a large number of different resellers.
In addition to the attack logs, support messages were also among the data stolen. This contained some complaints from various clients who complained they were unable to launch attacks against Israeli IPs. This is a common tactic by hackers to try and avoid unwanted attention from authorities in their country of residence. This was confirmed when two men from Israel
were arrested for their involvement in owning and running vDOS. However, this was just the beginning for this bit of drama.
The two men arrested went by the handles "applej4ck" and "Raziel". They had recently published a paper on DDOS attack methods in an online Israeli security magazine. Interestingly, on the same day the men were arrested, questioned, and released on bail, vDOS went offline. Not because it had been taken down by Israeli authorities, not because they had shut it down themselves, but because a DDOS protection firm, BackConnect Security, had hijacked the IP addresses belonging to the company. To spare a lot of technical detail, it's called a BGP hijack, and it basically works by a company saying "Yeah, those are our addresses." It's kind of amazing how much of the internet is basically just secured by the digital equivalent of pinky swears. You can read some more technical detail on Wikipedia
. Anyway, we'll get back to BackConnect.
Following the publication of the story uncovering the inner workings of vDOS, KrebsOnSecurity
was hit with a record breaking DDOS attack
, that peaked at 620/Gbps, nearly double the most powerful DDOS attack previously on record. To put that in perspective, that's enough bandwidth to download 5 simultaneous copies of Interstellar
in 4K resolution every single second, and still have room to spare. The attack was so devastating, Akamai, one of the largest providers of DDOS protection in the world had to drop Krebs as a pro bono client. Luckily, Google was willing to step in and place his site under the protection of Google's Project Shield, a free service designed to protect the news sites and journalists from being knocked offline by DDOS attacks.
This attack was apparently in retaliation for the vDOS story, since some of the data sent in the attack included the string "freeapplej4ck". The attack was executed by a botnet of Internet of Things (or IoT) devices. These are those "smart" devices like camera systems, routers, DVRs. Basically things that connect to the cloud. An astounding amount of those are secured with default passwords that can be easily looked up from various sites or even the manufacturers' websites. This was the start of a discovery of a massive botnet that had been growing for years.
Now time for a couple quick side stories:
Dyn, a company who provides DNS to many major companies including Twitter, Reddit, and others came under attack
, leaving many sites (including Twitter and Reddit) faltering in the wake of it. Potentially due to one of their engineers' collaboration with Krebs on another story. It turned out that the same botnet that attacked Krebs' site was at least part of the attack on Dyn
And back to BackConnect, that DDOS protection firm that hijacked the IP addresses from vDOS. Well it turns out BGP Hijacks are old hat
for the company. They had done it at least 17 times before. Including at least once (purportedly with permission) for the address 22.214.171.124. Aka, "leet". It turns out one of the co-founders of BackConnect actually posted screenshots of him visiting sites that tell you your public IP address in a DDOS mitigation industry chat, showing it as 126.96.36.199. They also used a BGP Hijack against a hosting company and tried to frame a rival DDOS mitigation provider.
Finally, another provider, Datawagon was interestingly implicated in hosting DDOS-for-hire sites while offering DDOS protection
. In a Skype conversation where the founder of Datawagon wanted to talk about that time he registered dominos.pizza and got sued for it, he brings up scanning the internet for vulnerable routers completely unprompted. Following the publication of the story about BackConnect, in which he was included in, he was incensed about his portrayal, and argued with Krebs over Skype before Krebs ultimately ended up blocking him. He was subsequently flooded with fake contact requests from bogus or hacked Skype accounts. Shortly thereafter, the record-breaking DDOS attack rained down upon his site.
Back to the main tale!
So, it turns out the botnet of IoT devices was puppeteered by a malware called Mirai. How did it get its name? Well, that's the name its creator gave it, after an anime called Mirai Nikki
. How did this name come to light? The creator posted the source code online
. (The name part, not the origin. The origin didn't come 'til later.) The post purported that they'd picked it up from somewhere in their travels as a DDOS industry professional. It turns out this is a semi-common tactic when miscreants fear that law enforcement might come looking for them, and having the only copy of the source code of a malware in existence is a pretty strong indicator that you have something to do with it. So, releasing the source to the world gives a veneer of plausible deniability should that eventuality come to pass. So who was this mysterious benefactor of malware source? They went by the name "Anna-senpai".
As research on the Mirai botnet grew, and more malware authors incorporated parts of Mirai's source code into their own attacks, attention on the botnet increased, and on the people behind it. The attention was presumably the reason why Hackforums, the forum where the source code was posted, later disallowed ostensible "Server Stress Tester" services from being sold on it
. By December, "Operation Tarpit"
had wrought 34 arrests and over a hundred "knock and talk" interviews
questioning people about their involvement.
By January, things started to come crashing down. Krebs published an extensive exposé on Anna-senpai
detailing all the evidence linking them to the creation of Mirai. The post was so big, he included a damn glossary. What sparked the largest botnet the internet had ever seen? Minecraft. Minecraft servers are big business. A popular one can earn tens of thousands of dollars per month from people buying powers, building space, or other things. It's also a fiercely competitive business, with hundreds of servers vying for players. It turns out that things may have started, as with another set of companies, two rival DDOS mitigation providers competing for customers. ProTraf was a provider of such mitigation technology, and a company whose owner later worked for ProTraf had on at least one occasion hijacked addresses belonging to another company, ProxyPipe. ProxyPipe had also been hit with DDOS attacks they suspected to be launched by ProTraf.
While looking into the President of ProTraf, Krebs realized he'd seen the relatively uncommon combination of programming languages and skills posted by the President somewhere else. They were shared by Anna-senpai on Hackforums. As Krebs dug deeper and deeper into Anna-senpai's online presence, he uncovered other usernames, including one he traced to some Minecraft forums where a photoshopped picture of a still from Pulp Fiction
contained the faces of BackConnect, which was a rival to ProTraf's DDOS mitigation business, and another face. A hacker by the name of Vyp0r, who another employee of ProTraf claimed betrayed his trust and blackmailed him into posting the source of another piece of malware called Bashlite. There was also a third character photoshopped into the image. An anime character named "Yamada" from a movie called B Gata H Hei
Interestingly, under the same username, Krebs found a "MyAnimeList" profile which, out of 9 titles it had marked as watched, were B Gata H Hei
, as well as Mirai Nikki
, the show from which Mirai derived its name. It continues on with other evidence, including DDOS attacks against Rutgers University, but in short, there was little doubt in the identity of "Anna-senpai", but the person behind the identity did contact Krebs to comment. He denied any involvement in Mirai or DDOS attacks.
"I don’t think there are enough facts to definitively point the finger at me," [Anna-senpai] said. "Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behavior. Which is what the author is, a sociopath."
He did, however, correct Krebs on the name of B Gata H Kei
Needless to say, the Mirai botnet crew was caught, but managed to avoid jailtime
thanks to their cooperation with the government. That's not to say they went unpunished. Anna-senpai was sentenced to 6 months confinement, 2500 hours of community service, and they may have to pay up to $8.6 million in restitution
for their attacks on Rutgers university.
I don't have the time or energy to write another effortpost, and as is I'm over 20,000 characters, so here's a few other tidbits of Krebs' clashes with miscreants.
FBI Director Wray took the lead in answering the question, saying that cryptocurrencies already present a problem for the agency. He stated: He stated: “For us, cryptocurrency is already a significant issue and we can project out pretty easily that it’s going to become a bigger and bigger one. With the rising price and popularity of bitcoin come numerous scams. Bitcoin Superstar and Bitcoin Era are two investment schemes that have recently gained much attention. News.Bitcoin.com took a ... FBI Used Bitcoin Trail to Catch Russian Rapper Accused of Money Laundering. By CryptoNews Apr 03, 2020. 1 Views The Federal Bureau of Investigation (FBI) used bitcoin wallet activity and an old exchange account as key evidence to arrest … Coinbase. AT&T Files for Dismissal in $24M Phone Hack Case, Claims Crypto Exec Didn’t Read Terms . By CryptoNews Apr 02, 2020. 1 Views U.S. mobile ... Subculture Status Confirmed Type: Company Year 2009 Origin Bitcoin Foundation Tags money, currency, coin, cryptocurrency, satoshi nakamoto, blockchain, digital currency, fiat currency, economy, wei dai, cypherpunks, nick colas Additional References Encyclopedia Dramatica Facebook Meme Generator Reddit Twitter Urban Dictionary Wikipedia About. Bitcoin is a virtual cryptocurrency regulated by a ... Le FBI. Le FBI est l'un des plus grands détenteurs de Bitcoin. En septembre 2013, ils ont mis à terre le site internet Silk Road, une place de marché qui hébergeait des activités illégales sur le Dark Web. Ils ont alors saisi 144.000 BTC appartenant au propriétaire du site : Ross Ulbricht. Si on additionne toutes les saisies effectuées par le FBI, cela place cette entité étatique au ...
Bitcoin Mongolia Videos; Playlists; Community; Channels; About ; Home Trending History Get YouTube Premium Get YouTube TV Best of YouTube Music Sports Gaming Movies & Shows News Live Fashion ... Sources: Who Owns the World's Biggest Bitcoin Wallet? The FBI, Wired http://www.wired.com/wiredenterprise/2013/12/fbi_wallet/?cid=15955134 BitCOin Suicide Pr... The messages, which were part of the texts given to Congress by the Department of Justice, show how Peter Strzok and his partner FBI attorney Lisa Page discussed Strzok’s relationship with U.S ... Le Crypto Trade De La Semaine - La Bulle du Bitcoin éclate - USD / BTC mes formations gratuites : Réaliser des trades de 50 pips en Scalpant le forex et les ... Wheedl is a new bitcoin-powered social network that that uses “wemes”, an easy-to-use user-generated content format for communicating thoughts more effectively than in traditional message posts.