What is claimed to be a copy of eBay's stolen database is offered for sale via anonymous text file site Pastebin Ebay says that a database being offered for sale online by a hacker who claims it contains details of the auction site's users – which were compromised in a cyberattack that was revealed on Wednesday – is not authentic.Someone claiming to have a copy of eBay's stolen database is offering to sell it for 1.45 bitcoin (about £447) via the anonymous text file site Pastebin.But eBay denied that an extract linked from the site belonged to its users.The hacker provided a 3,000-row extract from a database with Asian-Pacific user names, addresses, phone numbers and dates of birth as proof that they are in possession of the full 145 million user database."The published lists we have checked so far are not authentic eBay accounts," said an eBay spokesperson talking to the Guardian.Security experts have begun trying to narrow down the source of the extract.UK cyber security company Digital Shadows said that cross-referencing the leaked data with publicly available information on Facebook appears to confirm that the names are real, even if they did not come from eBay.

"It is always tough to tell whether the data is genuine in situations like this," explained Rik Ferguson, global vice president of security research at security software firm Trend Micro."The email addresses I have tested so far do not appear to be sourced from previous breaches," said Ferguson who later confirmed that the database was likely fake.Ebay took two months to discover it had been hacked because no "unusual activity" was detected until May, the company has revealed.bitcoin eigenes wallet“One or two” eBay employee company identities were stolen between the end of February and the beginning of March, but it wasn’t until repeated attempts were made to access a database – which those identities were not authorised to access – that the intrusion attempt was discovered, a company spokesperson explained to the Guardian.bitcoin explained pdf

The stolen identities could not be used to access other companies owned by the auction site, including PayPal or GumTree, the spokesman said.The e-commerce site, which listed 233 million total registered accounts, has 145 million active users, all of whom have been asked to change their passwords after the company discovered that its customer database had been broken into.Ebay has 14 million users in the UK.Ebay would not comment on whether the database exposed in the hack contained the private data of all 145 million active users globally, which helped the company process $212bn in commerce in 2013.bitcoin ensayoSecurity experts have criticised the company for not encrypting all private customer information it held, which includes customer names, email addresses, physical addresses, phone numbers and dates of birth.“We use different levels of security based on different types of information we’re storing, and all financial information across all of eBay’s businesses is encrypted,” the company spokesman said.

“It is inexcusable for a company the size of eBay with the amount of data it holds to not encrypt all personal information held,” said Ferguson.Despite eBay seemingly not putting importance on personal information like postal addresses and dates of birth, the repercussions of this data theft could be felt for a long time after the break-in.“I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth.This is serious from an identity theft perspective,” said Hugh Boyes from the Institution of Engineering and Technology.“The only item they are missing is mother's maiden name and they have sufficient information to impersonate an individual when dealing with many financial organisations,” Boyes said.User passwords exposed in the break-in were encrypted, however, and were “hashed and salted” with “no evidence shown that the encryption on passwords has been broken,” according to the company’s Twitter account.

Ebay is “aggressively investigating” the intrusion with law enforcement, but has seen no evidence that user accounts have been abused.Ebay hack Q&A: should I change my password?How to protect your personal data from the next hack attack like eBayYes, The NSA Tracked Mobile Phone Locations... >> << New Encrypted Email Services Coming From Kim...Legal Issues by Mike MasnickWed, Oct 2nd 2013 11:10am Filed Under: bitcoin, cfaa, doj, fbi, murder for hire, ross ulbricht, silk road Companies: silk road Permalink.Short link.FBI's Case Against Silk Road Boss Is A Fascinating Readfrom the for-you-breaking-bad-junkies dept It's been known for quite some time that the feds were desperately trying to hunt down the folks behind Silk Road, the somewhat infamous "dark web" e-commerce site, accessible only via Tor, which was famous mainly for selling drugs in a slightly anonymous fashion.Of course, when the news came out recently that the FBI had used malware to reveal Tor Browser users, many believed that this was part of an attempt to track down Silk Road, and that seems increasingly likely after the FBI announced this morning that it has arrested Silk Road's owner, Ross William Ulbricht, who went by the moniker "Dread Pirate Roberts" online.

Turns out that Ulbricht was based in San Francisco and was arrested at the public library, of all places.The case against him (pdf) is interesting, because beyond just going after him for helping to distribute illegal drugs, they claim that he solicited a Silk Road user in a murder-for-hire request (though he's not charged with that), to potentially go after a different Silk Road user who was threatening to reveal the identities of people on the site (the user claimed to have hacked a large vendor's account, and demanded $500,000 to not reveal names).They also go after him (of course) with a CFAA violation claim and a money laundering claim.Of course, we've seen the DOJ inflate and pile on charges against people in the past, so it will be worth watching to see what details come out of this -- but soliciting a murder, if true, seems like a fairly big deal.In addition, the complaint against him claims that Silk Road generated 9.5 million Bitcoins in revenue, leading to 600,000 Bitcoins in commissions (or roughly $1.2 billion in sales and $79.8 million in commissions).

Of course, that seems noticeably higher than previous research had suggested.It also notes that the FBI itself made over 100 purchases on Silk Road -- including ecstasy, cocaine, heroin, LSD and others.Apparently, they wanted a lot of evidence.And, in case you were wondering, the FBI informs us that their orders "have typically shown high purity levels of the drug the item was advertised to be on Silk Road."While the details in the complaint seem pretty thorough, there are some tidbits that stand out as questionable.The complaint clearly states that Bitcoin and Tor are both legal and have legitimate purposes, but it also says that Silk Road's use of proxies to "hide the identities of those that run Silk Road... reflect his awareness of the illegal nature of the Silk Road enterprise."I don't quite see how wanting to be anonymous automatically suggests that you're engaged in illegal behavior.Later in the complaint, the FBI agent spends an awful lot of time talking about how Ulbricht was interested in the Mises Institute, the well-known libertarian think tank.

I'm not sure what that has to do with anything.The FBI notes that Dread Pirate Roberts' defense of Silk Road included quoting Ludwig von Mises and Murray Rothbard (two economists closely associated with the Mises Institute), but lots of people follow the Mises Institute, so that seems like a stretch.Another questionable tidbit: the FBI notes that Ulbricht posted a question to Stack Overflow using his real name, but "less than one minute later, Ulbricht changed his username at Stack Overflow from 'Ross Ulbricht' to 'frosty.'"and then the FBI agent noted "I know that criminals seeking to hide their identity online will often use pseudononymous usernames to conceal their identity." -- an invalid email address -- the FBI agent similarly notes that "criminals seeking to hide their identity online will often use fictitious e-mail addresses."Well, yes, but the same is true of people with perfectly legitimate reasons to be anonymous, or those who don't want spam.While there does appear to be plenty of actual evidence, the use of these tidbits seems highly questionable.

The whole extortion/murder for hire story is a bit crazy.As noted above, one user contacted Dread Pirate Roberts, claiming to have hacked another vendor and obtained the details of users, which he'd release if not given $500,000 to pay off another drug supplier.Ulbricht asked the guy who was threatening him, a user who went by the name FriendlyChemist, to put him in touch with that supplier.After FriendlyChemist did so, Ulbricht used the opportunity to try to get that supplier to sell drugs via Silk Road.There was a further discussion, and when FriendlyChemist started getting anxious, the complaint says Ulbricht asked FriendlyChemist's supplier how much "would be an adequate amount" in order to "put a bounty on his head."After being quoted a price of $150,000 to $300,000 (rate dependent on "clean" or "not clean") Ulbricht allegedly complained that the price was high, and noted that he'd previously hired someone to kill someone for $80,000.They eventually agreed to a price of $150,000 (16710 Bitcoins), and Ulbricht was told that the job was done: "Your problem has been taken care of.

. . . Rest easy though, because he won't be blackmailing anyone again.Apparently a photo was supplied.The FBI notes that while this supposedly happened in Canada, Canadian law enforcement says that it didn't happen.The complaint also notes that Ulbricht has a LinkedIn page which includes a bit of a rant about "using economic theory as a means to abolish the use of coercion and aggression amongst mankind."It also notes "I am creating an economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force."Not sure how one squares that with trying to hire someone to commit murder, but we'll let others debate that.It appears that while Ulbricht was mostly careful to cover his tracks, he wasn't always that careful.The complaint notes that Silk Road was first advertised on different forums by a user named "altoid," in a manner that indicated altoid was connected with the site.And, voila, the FBI had a name.Also, later, when Homeland Security officials intercepted a package that contained a bunch of fake IDs for Ulbricht, they showed up at his home in July.

While he generally refused to answer questions, he did tell them that "'hypothetically' anyone could go onto a website named 'Silk Road' on 'Tor' and purchase any drugs or fake identity documents...."There was also the above mentioned Stack Overflow account, which (briefly) used his real name and email address, which indicated that he was working on a Tor hidden service, and posted some code that (in a modified form) was also found on Silk Road.All in all, there does seem to be a fairly compelling case built against Ulbricht based on this (though, again, we've seen in previous DOJ cases where things aren't always as they seem).At a first glance, they have a lot of evidence on him.However, some questions do remain.At the beginning of the post, we mentioned the whole thing where the FBI was using malware to identify Tor users... but, of course, that doesn't show up anywhere in the complaint.Instead, the big "breakthrough" was when a "random border search" by DHS turned up those fake identities intended for Ulbricht.