Check your DXAccount and Console

darwish · #1 03-10-2005, 07:53 PM

Quote:

This involves all DXGold Members - get this info spread across all DXGroups NOW:

I'm writing to DXGold Support about this issue...

Everyone needs to check two things right now:

1. Their listed OutXchanges
2. The DXConsole Details

** You are looking for changes to the e-currency accounts that are specified for the receipt of
e-currency on both listed OutX's and DXConsole e-currency account entries.

Apparently, for the first time in perhaps 7 months, someone (a thief) has managed to get into
someone else's account and change their e-currency account entries, at least on the Console Details,
if not also for listed OutXchanges.

It is a very smart trick to change Console Details (e-currency accounts), because Members are not
currently informed by direct email receipts of changes made to their e-currency account entries on
the Details page. This means that whoever the thief is, instead of just trying to force an
exchange to happen right away, they are setting Consoles up so that auto-InX's are sent directly to their
own accounts, whenever those auto-InX's happen next.

Since Merchants don't tend to check their e-currency account listings on their Details page [daily
or better], they may not notice the change for some time -- the next time that an auto-InX has
been sent to them, and they notice that their Float has dropped but their own e-currency account has
not received the funds.

This *MAY* be the reason for all the mispaid E-Bullion transactions that have occured just
recently... and if so, then it would mean this:

1. The thief has managed to crack other persons' passcodes for their DXGold Account and/or
Console, and log in that way to make changes...

AND/OR:

2. The thief has managed to actually crack DXGold's database directly, and enter into various
Consoles/accounts to make changes that way.

Again, we're writing Support about this post-haste.

IF the first (#1 just above) problem is the case, then the Merchant must be gathering DXMerchant
ID's somehow, such as when making spends via E-Gold, since that payment processing page lists the
DXMerchant ID of the receiver of that E-Gold payment. The thief changed an E-Gold account entry in
the Details setting of one Merchant's Console, which supports this view.

Obviously the thief is aware of how the Consoles operate.

Else, the thief has managed to do something like go through a list of DXMerchant ID's, and somehow
pinpoint their IP addresses, and try cracking all Consoles of Merchants who do not use their
Virtual Keyboard to log in... meaning computers that can be keylogged/have weak computer security...
thus exposing their logon information.

However, this latter case is not so clear: the first report I received of someone who noticed a
change to his Console Details uses very strong computer security, and claims emphatically that he
ALWAYS uses his VK to log onto both his Console and Account.

At any rate, if the OTHER issue is the case: that is, someone managed to crack DXGold's database,
then the only way to fight that issue currently is to consistently check your own Console Details:
at least daily or better. The thief, currently, is only known to have made changes to the EB and
EG account entries on the compromised Console(s).

WHEN YOU CHECK YOUR DETAILS... if any of your account entries have been changed, then BEFORE you
correct the entry/entries, NOTE the thief's account numbers/name. Write them down, and get them to
me: I'm forming a list for DXGold Support. Also, contact DXGold Support immediately with the 'bad'
account #/names and type (EG, EB, etc.)

The known thief's entry that we have on record:

E-Bullion: B58848 Ebullion [Marius Neziniukas]

The E-Gold entry had been changed also, but the Merchant who discovered the change panicked and
changed the EG entry before writing it down.

Thinking everything through:

1. You are not currently emailed when you list OutX's. So if others list OutX's for you, then you
would only see that by checking your 'Pending' entries and discovering an entry that you did not
put in... or a change to an entry for a same amount (same pending total... but the entries changed
to different account numbers).

2. You ARE emailed for approval if you try to change your DXGold Account 'passcode'... so a thief
would have to have your email address/passcode to get into your email account and 'verify' the
change, and then delete the emails hurriedly before you realize it.

3. Question: ARE you emailed if you change your Console passcode? Apparently you still have to go
through DXGold Support to note those changes.

4. A thief who 'knows better' would not change your passcodes, because you will surely discover
that and contact Support from the default contact link on the background 'Contact Support' page if
you can't log in, to inform them of the compromising of your account... this would lessen the
chance that a thief could get OutX's processed from your account in time, because he/she would have to
list 'new' OutX's, which end up (of course) at the 'back of the queue.'

5. So far, this thief is not known to be changing passcodes... and again, *we have NOT been able
to identify whether* more than one account/Console has been compromised by a thief, though this is
plausible, owing to the sudden high volume of 'wrong account receipts.'

6. If everyone checks their Console details regularly, then this thief cannot win, and will
inevitably quit trying.

7. If you have been logging in with your VK every time, then DXGold WILL refund you for any
losses, since this would be an issue where DXGold is responsible for the breach, and would need to
tighten up security on their end. DXGold does not have to refund losses for accounts that are not using
the VK regularly to logon, but that will be case-by-case, at DXGold's discretion.

8. Somehow, this thief has been able to get Console Merchant info, but the compromised account was
not listed on our 'Member Account List' details... which signals that the thief probably had to
have gotten the Console Details by processing EG OutX's for Merchants, since all EG payments note
the receiving Merchant's ID for DXM's in the system. EB payments do not carry a notation of who the
Merchant is, if the EB payment is being sent to a Merchant.

9. It is possible that this thief is getting in through UIN's... that is, through DXGold accounts
directly. And again, we have no idea yet how many (if even more than one) account has been
compromised until the reports of other breaches come in.

10. The last time this happened, which was perhaps 7 months ago, all balances were repaired (there
were not many, and I believe the person who did not use his VK to log onto his Console was NOT
reimbursed, because DXGold is not responsible for losses for folks who do not use their VK to log
on)... and by telling everyone to check their own Console Details consistently, and verify that their
OutX's are still correct and pending processing (rather than, say, under 'Admin Review'), the
thief stopped entirely. At that time, the issue was seen as Members not using their VK, or Members who
stored their logon info on their computers -- say, in a 'text or word' file, were at risk of being
compromised.

So: check your OutX's. Check your Console Details. Change your DXGold Account passcodes (confirm
from your email receipts).

For all 'compromised' accounts/Console Details: SEND THE BAD ACCOUNT ENTRIES YOU FIND, IF ANY, TO:
SONJEKA@MSN.COM . Also, let's start a thread in the 'day to day messages' forum called
'Compromised Accounts/DXC's!', where everyone can post any changes made to their Consoles/accounts in one
place for everyone to see, until this issue is corrected.

Again, DXGold Support is receiving a copy of this info as an overview, and will be watching for
Members to message them with compromised accounts. ** Make your messages to Support start with the
subject line, 'COMPROMISED DXC/GEB!' so that Support can locate all such breaches as quickly as
possible, and start running queries of the transaction histories and accounts looking for trends that
finger the thief.

It's too bad we have to go through this again, after for so long not having had to think about
it... remember to go through our Security Forum to see what you can do to increase protection of your
computer and accounts; we have very much info there, and a 'Basic System Security' link at the
bottom of the left margin. These are ACCOUNTS, with YOUR MONEY... think well of computer security and
VK's! That's what they're for: to protect your balances.

Again, DXGold will refund losses for issues like this if they find that their own security has
been breached and you have been logging in correctly. I cannot speak for them 'finally', so let it be
known that they will make adjustment/refund decisions on a case-by-case basis.

____________________

1. Check your listed OutX's.
2. Check your Console Details.
3. Report bad info on the day-to-day forum for the 'Compromised Accounts' thread in the
'stickies.'
4. Let me know which e-currency accounts your entries have been changed to. Note: the last time,
the 'recipient' of the funds was actually not the thief! The thief was using several 'proxy'
accounts to send money to, for which the thief had been able to get into... and get the money out after
it was exchanged. This was another layer of 'protection against getting caught' for the thief.
This simply means to report the e-currency account entries you see: we'll have to pinpoint the
thieves after reviewing the entries. Again, it's possible that any changes are not being sent directly
to the thief responsible, but through a proxy account -- someone innocent, who is also being
cracked somehow (due most likely to poor internal computer security).

All in all, we are unaware if this is actually a rampant issue at this time, or if several
accounts/Consoles have been compromised at all. But we always take the 'conservative' approach just in
case, until we can clear the issues directly.

Go to it, and let's compile this data!

Best Regards, Dave Bennett [DXG-UIN 10922] (USA: 616-842-8372)

worryabout · #2 03-10-2005, 11:17 PM

Darwish

How much loss have you know up to now?

oshokala · #3 03-10-2005, 11:42 PM

Checked console 'details' and list of outxchange for their corresponding accounts and found okay. Thanks for the information.

regards - yatry

kib1974 · #4 03-11-2005, 12:30 AM

Dang...that suckzzzz.Hope it all works out.

**SevenFigureIncomes** · #5 03-11-2005, 01:37 AM

Wouldn't ya know with all the money you can make legitimately with dxgold console there has to be some " bastard " or " ***** " out there that has to try to screw up a good thing because they're so dam overly greedy! I hope they're caught soon castrated, and then burned at the stake!!!!!!

darwish · #6 03-11-2005, 06:47 PM

Quote:

Originally Posted by worryabout

Darwish

How much loss have you know up to now?

I don't have any specific info on that but Dave's second post might answer your question:

Quote:

So it may well be that this is not very widespread, and just coincidental that this is happening at the same time as many EB exchanges are apparently getting into the wrong accounts.

It's such a pain to have to double-check against these things once in awhile; again, it was perhaps 7 months since the last such issue. Hopefully this is not going to turn out to be serious, and we'll just have to keep digging to figure out the mis-sent EB exchanges.

In the meantime, everyone has been made to catch up/double-check their Console Details and think once again about 'computer security.'

I suppose that it's worth keeping newer Members up on this issue by going over it once/twice yearly...!

lazerxias · #7 03-11-2005, 07:29 PM

Hypothetically, let's say someone hasn't been using their VK for quite some time, if they were to change their password, and then, from that point on, use their VK 100% of the time, would DXGold then be responsible for any losses they would incur if their account was hacked?

eagle9 · #8 03-11-2005, 08:42 PM

I would say that is totally up to the Admin of DX Gold and they are the only ones that can really give you an answer to that one.