Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Telegram Chat compromised !!!

Discussion in 'General Discussion' started by tungfa, Mar 10, 2018.

  1. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    [​IMG]

    out telegram chat seems compromised
    somebody took over my account and kicked all admins from the group
    there is some rogue tungfa out there !!

    do NOT trust him !!
    (need to run out but will sort this out later )
     
    #1 tungfa, Mar 10, 2018
    Last edited: Mar 14, 2018
    • Informative Informative x 5
  2. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    okay shutting down all Dash Telegram !

    Do NOT use any Dash telegram group anymore
    do NOT trust any 'News" postings there and such
    and do NOT trust any TUNGFA !!
    (ping me here or on other outlets until this is solved !!!)
     
    • Informative Informative x 3
  3. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    https://t.me/dashnews
    is still posting !
    please consider anything posted there a SCAM / FUD / nonsense / ....
     
  4. Figlmüller

    Figlmüller Member

    Joined:
    Sep 2, 2014
    Messages:
    74
    Likes Received:
    44
    Trophy Points:
    58
    ...but what if the tungfa forum account has been compromised? Are you in posession of any GPG keys or some sort, so you could publish news digitally signed?
     
    • Agree Agree x 1
  5. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    good thinking
    tbh this is a good excuse / exersice to re-evaluate our OpSec
    andy and the pros are on it to work out a plan moving forward
     
  6. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,243
    Likes Received:
    650
    Trophy Points:
    183
    How did this happen anyways ? Was it through phishing email that they manage to take-over the Telegram chat / tungfa account ? Or by other means ?
     
    • Like Like x 2
  7. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    cloned sim card it seems
     
    • Informative Informative x 1
  8. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,128
    Likes Received:
    261
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    You connected another device, they send you an SMS OTP confirmation, but someone by using ss7 signaling cloned your sim card.
    You should configure your telegram with advanced security precautions next time, and ask 2 SMS confirmations instead of just one.

     
    #8 demo, Mar 11, 2018
    Last edited: Mar 11, 2018
  9. solarguy

    solarguy Active Member

    Joined:
    Mar 15, 2017
    Messages:
    830
    Likes Received:
    369
    Trophy Points:
    133
    Glad you guys are all over this.

    On a tangentially related note, I have never really messed with our telegram platform. What goes on there in general terms?
     
  10. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    multiple channels in multiple languages
    + News Feed
    no biggie - we can rebuild this easy fresh and new
     
  11. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    Telegram update :
    - still waiting for Telegram response
    - “my account” is now for sale on Telegram (hacker is spamming all groups ) + up for Auction on DN
    do NOT buy that account !!! let Telegram take care of it first !! we will NOT be blackmailed and do NOT pay !!!
    it happened before and no worries, shut it all down and start fresh is the plan
     
  12. LorenzoRey

    LorenzoRey Member

    Joined:
    Dec 11, 2017
    Messages:
    73
    Likes Received:
    57
    Trophy Points:
    58
    I hope this gets solved ASAP!
     
  13. paullefebvre

    paullefebvre New Member

    Joined:
    Mar 13, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    tres interessant
     
  14. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    Update:

    - I am still me and me (@Figlmüller )
    https://keybase.io/tungfa

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    After recent hack of my @tungfa Telegram account i want to verify myself here !
    I am still Tungfa , secured all accounts, New Passwords, 2FA, .... all around !
    I will NOT be using Telegram App for the time being !
    Do NOT trust anybody using my name on Telegram App
    [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: Keybase OpenPGP v2.0.76
    Comment: https://keybase.io/crypto

    wsFcBAABCgAGBQJappbWAAoJELBDogy6LA+FUagQALE6Ik83/4gZOjZu46z//JEK
    qsnlXYhGGHbZPsdjPB0C/H395YCpVBtwbCezHFuPoVHajII62EGg3ythyQMINP6Y
    wrvHq5sqXAcXgezvJYQJdBbAjK0y2YvSq5LhC658IhxuuN47skVz1UYvuFj1D9Nk
    N3kEO1vHn+oGFL6pe+jgfwjs08y0iSjBy8wwDrN3RqdfH2NombETukJm//nNZEUp
    Wd/lLNFbmPj+OsOlC7Kd94KIeyPeP9gKM7LdJf3xInE0hRWicGJ+nVquG49jyAiw
    dD+rhWczBg3kPjOAMVUIHqDYvBnE07lVIH2w2om3s9Wh4rZq45R68Hmyi18F7m2k
    pWwDCN9A6wZd1+nZVLRA6qgRXi+sT1w/158UoZYeYH7fALpIW5+B5rpDNDQij194
    vo/iiAsmwaMC+gU8Ab9+UQehWX7+03cGAIL89x6WpKTD+ySTSsMOcK/7U0RHAV57
    6hsWNozj0MkWWCqjMbeq21IlEs3gAfJfT8Xzp7/ANu+FWtvyi9r5aInVAKVZqz50
    vkqYUe6NUsuG7nkwpLI7KVx9pVGR4Tm6j7drxZSLq/sFQZCHUULKS0CptU0yqi/l
    DYqYWS634s2pXi7C2zMlN1MJ7YazHSZuUiKcJjz9zsj/FjbenO1U+/NLqAcck0dY
    oCycAiHq2US0R7x9UzVG
    =GBQf
    -----END PGP SIGNATURE-----


    - General and personal
    The hacker has much more personal info than expected
    so i went trough a OpSec excessive the last days and whipped everything
    Wiped all computers, new passwords all around , new KeePass file, moved all coins , new encryption's , 2FA, new sim card + phone number, canceled all CC , Reported my Passport to BKA (at embassy)
    ...... (huge pain - good excersise)

    - Telegram in General
    Telegram never replied to me and that guy is still out there !
    I messaged and emailed them on multiple outlets - still no answer
    For safety (1 message) i will keep Telegram off for now and keep all Dash Groups off too !
    My worry is , if we start new groups now , we still would have to deal with that guy and different "tungfa's " out there
    so
    best to solve that problem 1st
    and then get back to work !
    (supposedly all my info goes for sale on DN soon - and we take it from there)

    General Message to Blackmailers: we do NOT pay !!
    Until Further Notice: DO NOT Trust any Dash related News Posted on Telegram !!!!!

    [​IMG]
     
    #14 tungfa, Mar 14, 2018
    Last edited: Mar 14, 2018
    • Like Like x 1
    • Informative Informative x 1
    • Optimistic Optimistic x 1
  15. studioz

    studioz Well-known Member

    Joined:
    Sep 10, 2014
    Messages:
    535
    Likes Received:
    462
    Trophy Points:
    163
    @dashbrasil under control , we banned your account !
     
    • Winner Winner x 1
  16. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,128
    Likes Received:
    261
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    You are not you. You are someone who compromised tungfa's keybase.io site.
    If you want to convince me that you are you, you have to sign the message with the private key of your masternode, or with a wallet that contains some dash in it.
    @Pasta describes how you can sign a message with your wallet, in his http://test.dashboost.org/ site
     
    • Useful Useful x 1
  17. jimbursch

    jimbursch Active Member

    Joined:
    Mar 5, 2017
    Messages:
    826
    Likes Received:
    480
    Trophy Points:
    133
    This suggests that more than just your Telegram account was hacked, which is why I think @demo is asking for more confirmation.

    You're right, this is a valuable exercise to establish procedures when this sort of thing happens. I look forward to a debrief report, after everything is settled down.
     
  18. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    it was a cloned phone , nothing else
    so the only thing i had connected to my 'real' phone number was telegram !
    (nothing else got compromised !)
    obviously i went full power (to make sure nothing else was malicious) and whipped everything
    i will not use my MN to verify , because all i will get out of that then is demo spamming me for any vote i do or not do ; )
    Keybase is 100% trusted and used for 100% secure communications (back up plan ) in case Slack or others fail. feel free to double check my integrity with the rest of the team or look me up on keybase (and send message there) https://keybase.io/tungfa
     
  19. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,128
    Likes Received:
    261
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    I dont trust keybase.io certificates for another reason.
    Someone may claim that his keybase.io has been compromised, while it hasnt!
    This may happen for various reasons, for example because the individual signed something and he changed his mind.
    Put your words where you money is! Thats why I think the most honest signature, is the signature of the dash wallet.

    It is not a matter of masternode and of vote tracking. It is a matter of wallet. If you dont want to use your masternode wallet, use a simple wallet (that contains some money in it) to sign. The more money you have in this wallet, and the larger the percentage of your total money this wallet contains, the more I trust the honesty of your wallet signature.
     
    #19 demo, Mar 15, 2018
    Last edited: Mar 15, 2018
    • Funny Funny x 2
  20. turbo

    turbo New Member

    Joined:
    Mar 18, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    How could hack a telegram admins? Cloning a phone number sounds a little crazy! I heard that you can copy the session carts, if that were the case then it turns out someone from the admins has been infected! But that's just my guess, nothing more.
     
  21. James1234

    James1234 New Member

    Joined:
    Mar 21, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I thought it is a well protected messenger... Did you find who and how did this?
     
  22. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,128
    Likes Received:
    261
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    If you are unable to read this very thread, you will never be protected. We already told you how they did it.
     
  23. AceDude

    AceDude New Member

    Joined:
    Mar 23, 2018
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    RIP! You should always use 2FA and other security features.
     
    • Winner Winner x 1
  24. bunny

    bunny New Member

    Joined:
    Apr 1, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    i have same issue todat
     
  25. strophy

    strophy Administrator
    Dash Core Team Dash Support Group Moderator

    Joined:
    Feb 13, 2016
    Messages:
    496
    Likes Received:
    268
    Trophy Points:
    133
    • Winner Winner x 1
  26. dilancoop3

    dilancoop3 New Member

    Joined:
    May 4, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    How to use Telegram channel. Can you show me,please?
     
  27. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,672
    Likes Received:
    6,640
    Trophy Points:
    1,283
    download app from telegram.org
    find links of channels - clock and join
     
  28. marcusdavis

    marcusdavis New Member

    Joined:
    May 17, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Wow, that's awful. This situation is similar to Russia's stance with Telegram. I wonder what actions will Durov take
     
  29. Ever Vega

    Ever Vega New Member

    Joined:
    May 17, 2018
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    wow... esto da un poco de miedo, teniendo en cuenta que muchas empresas cripto, tienen sus comunidades en Telegram.
     
  30. Dell Customer Support

    Joined:
    May 31, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I read this topic and this is very insightful. I want to know more about this.
     

Share This Page