
The Satoshi Nakamoto Email Hacker Says He's Negotiating with the Bitcoin Founder - harwoodr
http://motherboard.vice.com/read/the-satoshi-nakamoto-email-hacker-says-hes-negotiating-with-the-bitcoin-founder
======
DominikR
I had a GMX account years ago that was hacked and my password was pretty hard.
(I generate my passwords with Keypass)

I suspect that this is not Satoshis fault, but that GMX security is really
bad.

~~~
truncate
Just checked out their recover password page. Just date or birth and one
security question are needed. So if you already know a person, pretty easy to
hack their accounts.

~~~
spacefight
And this is another perfect example to fill in random bits of information upon
signup and keep that in your password manager along your real password.

Inclusive a fake birthday.

------
kazinator
Is there any proof that any of this is real?

Since we don't know who Satoshi Nakamoto is, there is no way to prove whether
identity theft occurred to this person.

Whoever has control of certain accounts _is_ , for all intents and purposes,
Satoshi Nakamoto.

Someone who jumps up and down claiming that _he_ is the real Satoshi who has
been locked out from those accounts and subject to extortion could be the real
one, or could be a liar.

There is no way to know whether the incident took place at all, or if it did
take place, which of the two people are the real one.

It could be a complete hoax perpetrated by a single person, or two people, any
of whom may or may not be Satoshi Nakamoto. The real Satoshi Nakamoto could
also be a group of people to begin with. Or a very clever dog.

~~~
georgemcbay
The sourceforge "vandalism" was widely reported enough that while it was
"reverted" prior to me seeing it live, it seems to have happened... but
everything else I've seen since (which could very well not be everything... I
haven't been following super closely) requires me to believe in either easily
faked screenshots (the article this discussion links to mentions possible
photoshopping, but it is even easier than that to just use developer tools to
modify the number of total emails a site is displaying prior to screen-
capturing) or 3rd party reports with no details (eg. the Peter Todd tweet
where he says he got a forwarded 2011 email but doesn't really go into
specifics).

So my belief is there was some kind of incident here, but it is impossible to
determine exactly what the scope of it was compared to the high likelihood of
a lot of follow-up trolling.

~~~
nmjohn
I saw the sourceforge vandalism right after it happened.

Gregory Maxwell confirmed in irc he received multiple emails from satoshi's
address. You can see that in #bitcoin-dev IRC logs online. [0]

As for the rest of it... That is a whole bunch of hearsay.

Edit: [0]: [http://bitcoinstats.com/irc/bitcoin-
dev/logs/2014/09/09](http://bitcoinstats.com/irc/bitcoin-dev/logs/2014/09/09)

------
danbruc
If I gain access to such an account, I change the password to something that
no one will ever break. Maybe besides the rightful owner by some account
recovery mechanism I am unable to disable. But multiple people having access
seems a very unlikely scenario to me. Why would you share the credentials (and
risk getting locked out yourself)?

~~~
showerst
This suggests that they gained access by some mechanism other than having the
legit password.

~~~
danbruc
In this case GMX would have to have a huge security hole that is not widely
known, otherwise mass exploitation would probably quickly trigger alarms. Not
impossible but seems also unlikely to me because it must be known to at least
a couple of people and I would imagine that the knowledge about such a
security hole would spread quite quickly once more than a handful of people
know about it. And an inside job by several different people at more or less
the same point in time seems unlikely, too. So the most likely scenario to me
is still that only a single person broke the password and the multiple-people-
have-access-story is just FUD.

------
nly
I think we've passed the point where even if the original Satoshi steps
forward with a PGP signed autobiography nobody will believe it's really him.
We like our legends I guess.

~~~
shutupalready
> _even if the original Satoshi steps forward ... nobody will believe it 's
> really him_

I beg to differ. If the real Satoshi actually _wanted_ to identify himself,
he'd have no trouble convincing us beyond a reasonable doubt even without his
original keys.

This situation is not like trying to decide if you believe a person who says
he bought the winning lottery ticket for cash but then lost it.

This situation is more like trying to decide if you believe a person who says
he's a thoracic surgeon who's an expert in US Constitutional law, speaks
Finnish, and can do somersaults while skiing. Ask him to explain in Finnish
how to do laparoscopic Nissen fundoplication.

Just look at all the things that Satoshi has to answer correctly:

\- expert level C++ programmer

\- fluent English, excellent grammar

\- deep knowledge of cryptography

\- extensive knowledge of mathematics (maybe not a PhD, but he's no slouch)

\- totally intimate with the original Bitcoin code

\- familiar with all the history of Bitcoin (at least the history pre-2010)

\- plausible explanations for all his actions

\- etc.

We're talking about about a miniscule fraction of the world's population that
could convincingly fake all of this knowledge and ability -- maybe a few
hundred people at most on the entire Earth.

Suppose Bruce Schneier claimed to be Satoshi, then you could look at other
things in Bruce background to rebuff it. (Example: Bruce was on a commercial
airplane flying over the Atlantic when one of the Satoshi emails was sent.)

~~~
ISL
Suppose Bruce Schneier kicked off an email with a cron-job in order to throw
you off his trail?

~~~
lotsofcows
Why would Bruce Schneier do that? He can just change the headers for each
recipient _after_delivery_.

~~~
mullingitover
Schneier actually wrote bitcoin by piping /dev/random to a file of appropriate
length, then decrypting it.

------
Glyptodon
GMX has pretty bad security policies, so it's not that surprising to me that
someone got access. Last I checked they didn't even require HTTPS.

~~~
matoffk
To be fair, very few email providers required SSL before Snowden.

------
d0ugie
What a degenerate display of "hacking." Some man (or a group, whatever) gives
the Internet something remarkable and a bit historic, but wishes to remain
anonymous.

So instead of respecting that wish we have people like this, also wishing to
remain anonymous, attempting to hunt this man to shake him down for payment
using that man's own creation!

That's closer to repugnance than to irony in my book.

~~~
tokenadult
The repugnant thing is that there are a lot of things that are best kept
secret, but there is a "hacker ethos" (yeah, not followed by all hackers) to
disclose everything. Or at least everything about the other guy. Often enough,
privacy really is the main consideration in deciding what to disclose and what
not to disclose. Sometimes keeping secrets is beneficial for everyone.

------
Jerry_Magie
I've always thought that most people "in the know" know that Nick Szabo (well
the guy going under that name) had something to do with bitcoin in it's early
days. If you read his blog from 1999 onward, I think you will come to the same
conclusion. I think the whole "who is Satoshi Nakamoto" legend really masks a
lot of the facts

------
moyix
Assuming what's in the article is true, I suppose it's only a matter of time
before a torrent of the mailbox shows up. I have to admit that if I had access
to that account, I wouldn't be able to resist the urge to clone it via
POP3/IMAP – it seems strange that if "multiple people" have access to it none
of them have done this.

------
nickodell
If you really found the identity of Satoshi, wouldn't it make far more sense
to contact him privately and blackmail him? He's got, what, one and a half
million bitcoins?

~~~
WatchDog
When you are dealing with someone who potentially has access to hundreds of
millions of dollars. Blackmailing then in public might be a way of protecting
yourself from having an "accident".

~~~
nickodell
There are ways to anonymously contact someone. Buy a prepaid cell phone. Hire
a lawyer under an assumed name. Send a letter, but put a fake return address.

------
imaginenore
It no longer really matters who Satoshi is. He doesn't participate in Bitcoin
development. He isn't that wealthy, yet at least.

Nor his character assassination can affect Bitcoin much, while it could a few
years ago. He was pretty smart staying anonymous, he realized he would be
targeted and smeared.

~~~
taternuts
He's potentially worth a _lot_ of money and could have a heavy hand in swaying
the bitcoin market for the worse if he wanted to.... or if someone else was
somehow able to force his hand

------
tempestn
As the article states, if this person had really wanted to profit, a far
easier method would have been to use Satoshi's identity to manipulate the
price of Bitcoin. Either he didn't, in fact, realize that opportunity (despite
his claims), or he has other motives besides simply profiting from the hack.
(Or something more complicated is going on.)

~~~
Element_
To "use Satoshi's identity" would require his pgp key (at a minimum).

~~~
nmjohn
Except when people want to believe something or have fear (of losing mass
amounts of money) of something, they tend to act irrationally.

He wouldn't be able to convince myself of his identity without one of his
private keys, but there are thousands of people who would have latched on, and
then once those people start confirming the story it only convinces more
people and so on, in a snowball effect.

~~~
tempestn
And even if _you_ don't believe it, you still might sell your BTC, fearing
that others will.

------
vitoreiji
Skype? Sounds strange to me.

~~~
mcs
Emails started bouncing to the account around 05:00 GMT last night, it's
likely that was one of the only ways the attacker could maintain
communication.

~~~
delano
_05:00 GMT last night_

:-?

------
zcucumber
So it's the same guy who tried to extort Roger Ver?

------
jokoon
why does that story matter ?

what is that "hitman" threat ?

------
swalsh
dude could make way more money sending fake emails from the account as
satoshi, creating a scandal and profiting.

------
kostaaaas
if you work in the cardreaderfactory.com you can search for old receipts of
420$ and check the contact info ...

~~~
ozgung
The bill is a hoax. It took me 5 seconds in Photoshop to find the name is
Anthony Geary.

------
exit
if this comes out would it prove that no government agency was behind the
creation of bitcoin?

~~~
ben0x539
How could a hypothetical revealed Satoshi Nakamoto prove he wasn't working on
behalf of some government agency or other?

------
carsongross
Why do I get the feeling that even if this guy gets what he wants, in the long
run he'll end up getting what he deserves?

------
l33tbro
Do we know for sure that Satoshi actually had a GMX account?

~~~
UVB-76
The email address in question is the one mentioned in the original Bitcoin
paper [1]

[1] [https://bitcoin.org/bitcoin.pdf](https://bitcoin.org/bitcoin.pdf)

------
knodi
The thing is do you really want to play with fire??? Before the end of next
week its very likely this story is going to have a tragic ending.

