[fc-discuss] Financial Cryptography Update: Save Thyself - Russia's WebMoney Payment System (translated)

[iang@iang.org]

 Financial Cryptography Update: Save Thyself - Russia's WebMoney Payment System (translated) 

                             June 06, 2005


------------------------------------------------------------------------

https://www.financialcryptography.com/mt/archives/000492.html



------------------------------------------------------------------------

by Nikita Sechenko

Translated from the Russian at http://owebmoney.ru/savewm.shtml by
Daniel Nagy

There are two approaches to one's personal safety. The first one is
difficult: never leave the iron plugged in, never smoke in bed, do not
place the gas stove near the window. The second approach is a lot
easier: you don't follow any rules and hope that there will be no fire.
Same with WebMoney. There's a difficult way: for example, read
"Security Encyclopedia" (http://owebmoney.ru/security.shtml) and follow
all the rules in there. This, of course, requires time and effort,
which is unacceptable for many. The other method -- not reading
anything, ignoring all the warnings in the Keeper (WM's wallet
application), indiscriminately opening all your email, launching all
sorts of suspicious programs, not using antivirus software and
firewalls. This article is dedicated to those who have chosen this easy
way. Since there is a substantial risk that the money from your pruses
will be stolen, it's useful to know how to get them back. That's what
we'll talk about below.

So, the bad guys have "planted" a virus on your computer (you like
opening email attachments, don't you?), found the *.kwm key-files on
your harddrive (you don't keep them on removable media, do you?),
caught the passphrase as you typed it, and sent all of that to their
mailbox (your *.kwm files weighed a mere 50K, didn't they?). Then he
connects to your WMID using his computer (you have, of course, turned
pre-activation by email and IP blocking off) and stole all the title
certificates in there. What can you do?

First, don't panic. You should know that the staff of WebMoney, in
particular the arbitration service and tech support, are responsive to
pleas of help in case of stolen keys and assets from purses. Be
assured, they will do everything they can. Secondly, the solution of
the problem should not be postponed. You should act as fast as
possible. Every minute counts. Your main task is to get ahead of the
bad guys. Taking into account their head start, it will be difficult,
but still possible. Finally, the third rule is not giving up. From my
experience as an arbiter, I can tell that returning your assets is
often possible even in situations that look hopeless at first.
And now for the concrete measures. Your actions will depend on several
factors. First and foremost whether or not you have lost access to your
identifier.

If you do have access to your WMID and you can check your transaction
history and find out the WMID of the offender, the most effective way
of proceeding is filing a complaint under "unauthorized payment"
against that WMID at the website of the arbitration service
(http://arbitrage.webmoney.ru). At this point you will need to pay the
arbitration fee immediately, as doing so automatically block payments
from the WMID with a certification level lower than "initial" (note of
the translator: basically, it means blocking anonymous accounts). This
way, the assets on the defendant's account will stay there until the
arbitration comission rules on the case. WMIDs with an initial level
certificate or a registrator level certificate can be blocked only with
a sanction of the arbitration comission, but holders of such
certificates are not in the theft business, as a rule.

In order to file an "unauthorized payment" complaint, a pseudonym
certificate suffices (note of the translator: these are given to
whoever asks without any verification). The arbitration fee is 10% of
the contested payment. First, it can make sense to file a minimal
complaint, as low as 1 WMZ and pay a 0.1 WMZ fee. Filing the complaint
will take only a few minutes.

However, as the funds could have been transfered a number of times in
order to confuse the investigation, after filing the complaint, you can
immediately contact the arbitration service's administrator (WMID
937717494180, arbitrage@webmoney.ru) and ask him to trace the chain of
payments, should one exist. The administrator (after careful
consideration), may block all the accounts along the chain and will
send you a report on how much money has been "caught" where. You will
need this information for further arbitration proceedings. Keep in
mind, however, that arbitration is a service for resolving conflicts,
not a 911 service. They work from monday to friday between 10am and
6pm.

If the offender has left, for some reason, funds on your WMID or you
have other WMIDs for the security of which you cannot vouch after the
attack, contact the tech support (+7 095 727-43-33,
support@wmtransfer.com, WMID 941977853154) and ask them to temporarily
block outgoing payments from your accounts as well.

As we have said, filing a complaint is the best solution in this
situation. But what can be done if everything has been stolen up to the
last penny, and quickly finding a few WMZ to pay the arbitration fee is
not an option? In this case, you should email and telephone tech suport
and arbitration asking them to block the WMID of the offender, after
which you should, nevertheless, file a complaint initiating arbitration
proceedings as quickly as you can. Keep in mind that tech support can
only block WMIDs, but they have no means of tracing the payment chain
along which your money has been siphoned off. The arbitration sercive,
on the other hand, can block accounts, trace payments and check
balances.

But, as you understand, thieves typically do not transfer funds to
their purses or if they do, they don't leave them there for a longer
period of time in order to buy ebook classics, should they get bored,
but try to hide their traces and get rid of evidence as quickly as they
can. In order to do so, they exchange stolen WM for assets in other
payment systems, typically e-gold. Then exchange them back to WM and
repeat a number of times. In this case, the problem becomes
significantly more complex. You should contact the administration of
the automated exchange through which the exchange has been transacted
and find out the fate of your assets (filing a complaint against the
exchange makes no sense, see below). Later the administrator of the
arbitration service will send a query to the other payment system, but
that seldom helps. E-gold, for example, having received a request from
WebMoney, blocks offending accounts, but gives transaction information
out only at the requests of courts and law enforcement.

In the worst case, the offender uses an "offline" exchange, cashing the
stolen assets. In this case, arbitration cannot help: the exchange did
their job and had no means of knowing about the origin of the funds.
Hence, the accounts of the exchange won't be blocked and they are under
no obligation whatsoever to return your funds. This is when you should
turn to law enforcement and hope that the exchange has checked and
recorded the passport data of their clients as required by the rules of
our system.

If, however, you have lost access to your WMID (the attacker has
changed the password or the key file), then you should immediately
contact tech support and ask them to block your WMID, just in case
there is some money left there. In addition, you should contact the
administrator of the arbitration service and report the loss of access
to your WMID. It is desirable to correspond using the same email
address that is indicated in your certificate and in the Keeper's
personal data section. In your email, you should give information as
comprehensive as possible in order to establish that you are, indeed,
the legitimate owner of the WMID in question. Namely, your WMID, the
purses' numbers, the last transactions complete with dates and so on.
The administrator, in turn, will tell you the current balance of your
purses, where funds were transfered and whether they were successfully
blocked. The rest of the procedure is analogous to the one described in
the previous section.

That's all. I hope, you will make the right conclusions and choose for
yourself that difficult way of protecting yourself from calamities.
Remember: lost nerve cells cannot be recovered.

* * *
Note from the translator: This is a translation for which I have not
received a permission from the author, completed for purely educational
purposes. I have done my best to provide an accurate translation, but
take no responsibility for its correctness.

-- 
Powered by Movable Type
Version 2.64
http://www.movabletype.org/