Source: The Maquoketa Community Press, Maquoketa, Iowa, Thursday, March 20, 1947
Last Sunday night death stalked the highway, struck down and killed a friend of man.
About 7:00 p.m. a hit and run driver killed Jack, the police dog Larry Hager adopted in the South Pacific and brought home. Larry was eating at McKinsey’s on West Platt street and his dog Jack was waiting outside. Evidently Jack decided to cross the street and a motorist, who was probably exceeding the speed limit, hit the dog and drove on.
In September 1945 Jack decided he would rather spend his time with an American than the Japs. He was adopted by the outfit which Larry Hager belonged to. Jack traveled with the army from Manila to Yokohama. When Larry was eligible for discharge. Jack had by that time adopted Larry as his master.
Larry sought and was granted permission by the Army to bring Jack back home with him. On January 25, 1946, Larry and his friend boarded the transport at Yokohama for the United States. February 6, 1946, they landed at Portland, Ore. February 12, 1946, Larry received his discharge and started getting used to civilian life.
After Jack was adopted by the Americans, he quickly learned to understand the American language. Jack not only learned facts but any time you mentioned the word “Jap” he let loose with a howl that told you how much he didn’t admire his former owners.
Anything you saw Larry Hager on the streets of Maquoketa you would also see his friend Jack. Now Jack is gone. Gone because some driver was evidently speeding within the speed zone of the town and didn’t want to take the time to slowdown. Probably the driver has never had a dog look up at him, or felt a friendly nose against his leg. No, the driver probably doesn’t know the strong friendship which can grown between man and dog.
There is only one consolation – it could have been somebody’s little boy or girl.
Source: The Maquoketa Community Press, Maquoketa, Iowa, Thursday, March 20, 1947
There was recently a couple of people that asked our team to investigate a crowdfunding organization. We started to dig into it and we begin to see red flags right away. After the completion of that research, we thought it would be a good idea to set up a blockchain system that would work the way that the scam organization was trying to do it. Then we could use this new demo system to show everyone how it works, what is involved, and how easy it would be to use a block explorer to verify transactions.
We won’t be able to set up all the pieces to this system, because we didn’t have any software developers on staff at the time of this writing. So instead, pieces of this system will be simulated. We will diagram those pieces out in this blog post.
The steps below will walk thru exactly how this system would be set up, run, and executed. It will provide transparency and clarity to all users throughout the process.
Team: First, you would have to have a team in place. You would need developers and members of the team that could help onboard and build the system. There would need to be documentation on the system and on-boarding and training to everyone involved.
Front End Web Application
There would need to be a front end web application that users could log in to in order to see their wallet balance.
They would be able to see a directory of Causes (see item 17)
They could make submissions to Send Givecoin to Causes (receivers)
Data Integration System
There would need to be a way for the entire system to execute operations (logic) between the Web App and the Blockchain System sitting on the backend. (In this example: Waves.tech)
Account Creation: Next, there would need to be a system for creating accounts. There would most likely be a web-based front end built so that users could register new accounts, and then log in once they had an account.
NOTE: there would be development work needed if you were going to build an interface between the web-based centralized account system and the blockchain-based-backend-system. More details on this later.
The web-based system would be easy for members to use. They would log in and check their balances.
Payment System: Once the accounts were created, there would be a payment system for users to use to donate money.
NOTE: Payment Systems are the #1 target for hackers and bad actors. Anytime money is involved in online transactions, that system becomes a target for hackers to go after and attack. The financial reward for breaking into a payment system are high. Recommendation is to use a third party tool like Stripe or Bitpay.
Collection of US Dollars: As members submit payments, the US Dollar amounts (USD) is sent to a bank account somewhere. There should be a robust accounting system for managing that type of volume. There would need to be a reporting system that could also integrate how taxes are calculated. Many small businesses use Quickbooks for accounting.
Blockchain Platform Initial Steps: There would need to be a MAIN_WALLET_01 setup. Token creation would happen and the tokens (or coins) would get added to this wallet at the start.
NOTE: Token creation will not be built during this demo, so that part is simulated. Token creation will be manual during this demo. The process of moving RealGiveCoins (RGC) between wallets will be manual for this demo.
Blockchain-Payment-Integration: If you would fully develop this platform, there would be an automated process that would do the next step of Coin Creation automatically to avoid human error.
7b. For every 1 USD that was brought into the system, there would be 1 RealGiveCoin (RGC) created and added to the Main Wallet.
Wallet Creation Note: There are two types of wallets: (a) User Maintained Wallets and (b) Custodial Wallets.
In the future, there may come a time where each user is able to create their own Waves Wallet and they are able to backup that wallet, apply software updates for that wallet, and do all related steps for keeping control of the wallet.
Due to the infancy of cryptocurrency and that most people do not understand the responsibility of maintaining control over their own wallet, this demo system will be set up as a Custodial Wallet System.
MAIN_WALLET_01 CREATION: The main wallet is created.
Next we are going to generate coins that are going to be used with this System. Coins generated and added to WALLET_01
Coin Name: GiveCoin
Reissuable
Every time someone buys tokens, I can create more of them.
Description:
This coin will be used to give donations to other people in need. This system will be used to track all funds going to good causes. Test system is used today 10/21/2022.
$1=1 GiveCoin
Total Tokens=1,000
Just issuing the first 1,000 tokens for the first $1,000 of this system. I can reissue tokens once it runs out.
We would want a system that we could post a question and have members vote so decisions could be made as an organization.
Example: We would want to post a VOTE so that we could choose which charity or person we would want to help first.
This example, we have a posting about a person that cannot pay their electric bill.
The bill is for Jane Doe. The bill is $175.
Submission Form for Gifts (receiver)
We would want a form that people in need could fill out. We would need a way to identify them and to verify that the need they have is legit. The organization would need to investigate and validate it is legit.
Receiver Wallet 01
Each person that wants to receive donations would need to create a Waves Wallet. (PHASE 2)
This could have problems because people may not have access to the wallet software. (PHASE 2)
Once they set up a wallet and receive coins, they could have issues converting it back to USD.
During phase 1, wallets will be set up for each Receiver.
Receiver Wallet 01
Name of wallet = GiveCoin_Receiver_01
wallet_ID=3N1ggQnvjyKn6s4AFTB9bRbgexrhfdnZgdD
Now that the wallet is created, we can receive funds to public wallet address.
CAUSES DIRECTORY ( RECEIVER )
The system would need to have a wallet directory.
Gifters would be able to read through which Cause they wanted to give to.
Each Cause would have a wallet ID listed.
Gifters would copy wallet_ID and then use that when sending. (Phase 1 – they would enter it into form)
Every participant in this system needs to have a wallet.
During Phase 1, all wallets will be created by the GiveCoin Admins.
Gifter 01 does not yet have a wallet.
WALLET_01 is the main system wallet. We did not yet create a wallet for GIFTER_01
Create Gifter 01 Wallet
Name of wallet = GiveCoin_Gifter_01
Wallet_ID=3MxdGmZaBBuyHZB9ATRHuEEHjHx4sjxgRLb
Gifter 01 buys in for $100 and receives 100 Givecoins
Whatever amount that gifter 1 bought for, that is how many GiveCoins they will get into their wallet.
For this example, we will say that Gifter 01 has bought in for $100
Send 100 GiveCoins to Gifter 01 wallet from MAIN WALLET 01
NOTE: If Gifter01 didn’t want to send all 100 to the same wallet, they could view various wallet IDs and send any amounts they wanted to any of the wallets listed.
Example: They could send 50 Givecoins to Receiver01 for electric bill. Then send 50 Givecoins to Receiver02 for rent.
Receiver 01 now has 100 Givecoins in their wallet.
When a Receiver ( that has a CAUSE ) has enough coins in their wallet, they can submit a payment_request. (Phase 1)
Phase 2 – this would be automated once we have a Blockchain Developer.
The payment request would be received by Admins and processed. They would send a payment to the correct merchant for payment.
Receiver would submit all information about the merchant to Givecoin Admins for payment. This would ensure that payments are made for the Cause that was submitted to the platform.
Reports and Audit trails would need to be conducted in order for there to be a trace of all the money. This includes for fees and taxes.
Cause is closed and Status is updated in the system.
Process complete.
Having a backend system like Waves makes it simple to run audits on where the money is and how it moves through the system.
There would be a lot of manual work up front, but once we are able to build phase 2, we would be able to automate a lot of the manual processes that we would have during phase 1.
Having a system like this would allow people to participate in giving to causes, and be able to run audits to see where their gift was in the process.
Can you use a blockchain to track government funds? How hard is it? The answer is yes and ‘not hard.’
Recently I have heard stories of how there is government corruption and misuse of federal funds, and it has been going on for a long time. (Also here) However, I don’t often hear solutions of how to best track federal money or being able to run audits in a timely way. Enter blockchain technology.
Some would argue that it works just fine to use centralized solutions to track the money, but with blockchain technology, you can move funding around, and set up a structure that is transparent and easily auditable – by design.
There may already be solutions out there, but I haven’t found any good examples to post here. So if you find any, please let me know.
The following post will describe in detail how I set up a proof-of-concept to track government funds on a blockchain solution. It starts with the US Government approving the bill and issuing the funds. It then follows the funds from organization to organization. At the end, it will show one way of tracking the funds that are spent and removing the funds from the system. It doesn’t just get rid of the funds, but executes a transaction for the balance that is spent, and proves a transaction ID and audit trail of each dollar from start to finish.
OVERALL PROCESS
Before I get into the actual solution, I wanted to mention what the process is for this tracking and how it works. There are some steps that would be needed in order to get this system into production. Everything described in this post is merely a proof-of-concept. I wanted to see if I could build a simple solution that could be used to track funds. Then I tested it out. There are probably a lot of questions about what this system would and would not be. At the end of the post, I will add a section for “things to consider” so hopefully that will answer some of the questions that will come up.
First, this system relies on many different Waves Cryptocurrency Wallets. (More about the Waves Platform here.) That will raise a lot of questions right away. Government funding and a slightly unknown crypto platform hardly can be seen hand-in-hand working together. But the Waves Project has been around for at least 5 years and is a solid blockchain platform that I have used for many projects. It is easy to use for most people in the blockchain space, and anyone with experience in an IT department would be able to figure it out with some light training. (very user friendly.) Unlike other blockchain platforms, you do NOT need to be a blockchain developer to use it.
Second, the process uses Token Creation. It is basically like creating your own cryptocurrency. However, even though this process could be used to create a crypto that has real-world-value, there are steps that were NOT done in order to make that possible. One example is: I didn’t list it on an Exchange. There are multiple other things that a developer team would need to do in order for it to be considered an actual cryptocurrency. So the coins mentioned here (called FundTracker Coins) should instead be called a token, because it is a digital asset that represents money, but it is not a full cryptocurrency. More details below.
Next, when using this system, there are some assumptions that should be known to everyone using it. Each token (called FundTracker token) should be considered equivalent to 1 US Dollar. (USD) When the token creation process was tested, there were properties configured that would make it similar – such as giving it two decimal places and making it re-issuable.
We took a recent example of Mississippi TANF funds (see here) that were approved for Year 2022, and created exactly 16.6 billion tokens to be issued out by the US Government. The tokens start in the US Government Wallet, and were moved to each state’s wallet – just as funding would move down to the states when they are issued. Wallets are created and issued out to each organization as the process is stood up. This is all explained in the next section.
THE SOLUTION
This section will walk through how the FundTracker system was brought online and what each step entailed. There should be enough detail, so others can follow along and even replicate this system in the future as needed.
START:
The Waves Platform was chosen for this solution. We used the TESTNET so that we could run this system – and it would not cost anything besides the cost of existing computers and internet.
The software from the Waves Platform that was used was the Waves FX Wallet Software. It can be downloaded here.
Everything on this blog post can be done on a Windows OS computer. So just ignore anything not related the basic Wallet FX install on windows OS.
Once the software is installed, you will need to create a new account.
Be sure to select TESTNET. (By default, the drop down says MAINNET. )
The first account you create is considered the US GOVT Wallet. So you will want to name that account something like “WALLET_USGOVT_01” or whatever you want to call it.
It will ask you to create a password. I used an online password generator for all passwords. Not the safest method, but this is only a test system.
Consideration would need to be made for who should be the Administrator for each wallet that is created. Wallets are generally controlled by individual users. Otherwise there would need to be a Custodial Wallet process set up. I won’t get into details about this in this blog post, but can expand on this in a later blog post if needed.
In the process of creating the wallet, it will give you SEED WORDS for you to save. Be sure to save them in a safe place. Losing the seed words could result in the loss of access to the Wallet permanently. (if password is lost)
Wallet 01 Name:
WALLET_USA_01
Wallet ID:
3NBUChGaPdCNkvL4SJZLfUbHW1M6egHUFBQ
The following list are the Wallet Address IDs that were used in my test:
US GOVT 3NBUChGaPdCNkvL4SJZLfUbHW1M6egHUFBQ
MS WALLET 3N2cbSPiAe9YknksccmuVQMevC9haNvQVLh
TANF WALLET 3MuhYHrXFQxC2xNuS7Hs8yEwaUwnqQP1Z6D
7. In order to do anything on the platform, you need WAVES Coins to pay for it. Since this is TESTNET, the coins can be received to your wallet from a Faucet. That is found here: https://wavesexplorer.com/faucet?network=testnet
8. A brand new token is created called FUNDTRACKER COIN. This coin has no real world value and is only used for tracking federal government funds as they are created and moved around between organizations, people, and wallets.
9. A wallet is created for every state in the United States. For this example, we are going to use the state of Mississippi.
The reason we are doing that is because we want to be able to track the funds that went from the US Government to the State of Mississippi and on to other organizations.
NOTE: For this proof-of-concept (POC) we did not create the other 49 wallets for all the states. Only the Mississippi Wallet was created. In a further testing scenario, that would have to be done. It would definitely be needed for a production system.
10. Logged back into USA Government Wallet. (Wallet 01)
11. Send 94 Million FUNDTRACKER TOKENS to MS_WALLET_03.
Sent 94 M to Mississippi Wallet:
Sent 94000000 FundTracker
to 3N2cbSPiAe9YknksccmuVQMevC9haNvQVLh
4cmpUgXTMrc4K8p9wvow8HLMnjYEag3F37Ag5N8tMSBw
2022-09-14 22:17:55
TX ID:
4cmpUgXTMrc4K8p9wvow8HLMnjYEag3F37Ag5N8tMSBw
12. Log into the MS_WALLET_03 and check the balance to make sure the funds are there.
13. NEXT STEP IS SIMULATED: The remaining funds would normally be sent to the 49 other states for this fund. I did not create 49 other Waves Wallets for this. Remaining funds are still sitting in US_GOVT wallet.
NOTE: The remaining balance that is still in the US GOVT wallet can be seen here:
14. NEXT STEP IS SIMULATED: After the US Govt. has issued out all the coins from their wallet to all the states’ wallets, each state would distribute the correct amount of coins (funding) to each wallet for each approved organization. We continue on with this example for Mississippi.
15. Create wallets for each approved organization that will be receiving funds.
16. For this demonstration, I am going to create a wallet for MISSISSIPPI TANF WALLET:
MISSISSIPPI TANF WALLET
Create next wallet:
Account Name:
MISSISSIPPI TANF WALLET
Public wallet address:
3MuhYHrXFQxC2xNuS7Hs8yEwaUwnqQP1Z6D
URL:
https://wavesexplorer.com/addresses/3MuhYHrXFQxC2xNuS7Hs8yEwaUwnqQP1Z6D?network=testnet&search=3MuhYHrXFQxC2xNuS7Hs8yEwaUwnqQP1Z6D
17. Send FundTracker Tokens from MS_WALLET_03 to TANF WALLET
Sent 20000000 FundTracker
to 3MuhYHrXFQxC2xNuS7Hs8yEwaUwnqQP1Z6D
BW2UNxZfKK1TWmAcsgGTJKU6NyZbo7nTLSjqFmVp5gGe
2022-09-14 23:05:28
TX ID:
BW2UNxZfKK1TWmAcsgGTJKU6NyZbo7nTLSjqFmVp5gGe
18. NEXT STEP IS SIMULATED: User Wallet Creation
The next step would be to require that all users who needed funding, to set up a Waves Wallet. They would use that wallet to track funds from TANF wallet.
For now, it is too new of a system to force users to do the above step.
For this demo, and probably for the production system to start with, administrators would create a wallet for each user that would be receiving federal funding from the State of Mississippi. Then send FundTracker Coins to each of the wallets. The amount of funds would match the USD amount that they would be receiving. Then you can track the funds to the user’s wallet.
19. NEXT STEP IS SIMULATED: Sending FundTracker Coins to Individuals
The next step would be to send coins from the TANF wallet to each user’s wallet. The amounts should match the dollar amounts of funding in USD that each individual would be receiving.
20. BURNING COINS PROCESS
There would need to be a process to burn FundTracker Coins. This would happen primarily at the end of the stream of transferring the coins from A to Z. At the lowest level of the transfer of funds, the funds would be used for buying items like groceries or paying contractors to build buildings.
This was tested out on WAVES TESTNET:
TX INFO:
Burned 10 FundTracker Coins
TX ID:
7Unsf5kmUowjKSjf1pnbmPipnvZNkQWRTQ24hCdtVvJa
2022-09-14 23:51:11
URL
https://testnet.wavesexplorer.com/tx/7Unsf5kmUowjKSjf1pnbmPipnvZNkQWRTQ24hCdtVvJa
NOTE:
There isn’t a way currently to make additional notes during the burn process. So the reason for the burn would have to be noted somewhere else. That is why the Production System would be considered a hybrid system rather than a pure blockchain solution.
It is recommended to have a daily or weekly reconciliation process in order to account for every FundTracker Token in every wallet. This ensures accountability of every token and it makes the system the most accurate. Personnel from IT AUDIT and Finance/Accounting are well versed in this process.
There is an issue with being able to connect the WALLET IDs to Real Government issued IDs – such as Driver’s Licenses. You could make this a requirement and turn this system into a HYBRID WEB APPLICATION and track the WALLET ID and REAL ID inside of a normal database (table). Whenever tracking is done and you get to the step of needing to identify who has the funds, you would use that other database table (ID >> ID) in order to identify who owns that wallet.
DOWNSTREAM TRACKING REQUIRES A WALLET
In order for the system to work, anyone downstream that would want funding, would be required to set up a wallet. There could be a custodial system in which admins of this system would create wallets for them. Then as payments are sent from one person/organization to another, the same amount of FUNDTRACKER COINS are also sent wallet to wallet. The only way to ensure the system works, is to continue doing this process for each transaction.
WALLET OWNERSHIP CAN BE COMPLEX TO SOME ORGANIZATIONS OR PEOPLE
Not everyone is good at technology. Creating and maintaining ownership of cryptocurrency wallets is not an easy task. It would probably be best to have admins of the main system work on behalf of the users to create wallets and maintain ownership on behalf of the organizations and users. This could get complicated, as cryptocurrency wallets are generally meant for individual users – rather than a custodial set up.
FUNDTRACKER CRYPTOCURRENCY HAS NO VALUE CURRENTLY
This system as it is designed in this first version, creates the cryptocurrency as having no real world value. The creation of the coins is merely to indicate an equivalent real-world value of USD that is being moved around between organizations and people.
It certainly is possible to make additional changes to this system, that would then cause the cryptocurrency to have value on the open market. But there would have to be additional steps taken in order for that to happen. The system would have to have significant enhancements in order to turn it into a financial system – rather than just a record keeping system.
The process for creating a real world cryptocurrency is out of scope for this version of the FundTracker System.
WAVES COIN IS REQUIRED FOR PRODUCTION SYSTEM
If this system is going to be considered for being LIVE in Production, it would cost real USD (money) in order to generate the FundTracker Coin. There are also transaction fees of 0.001 Waves or an amount less than 0.01 USD. It would take a fraction of a penny, for every transaction that the system would execute.
In order to estimate what it would cost to run the system, there would need to be an accountant on the project team that could calculate and forecast what that would be. Doing this is out of the scope of the current proof of concept.
WAVES COIN FLUCTUATES IN VALUE
It is important to note that using the WAVES System in PRODUCTION would require the WAVES COIN for token creation (new coins) and to execute transactions on the WAVES MAINNET blockchain network. In order to find the current price up to the minute, go here
On Sunday, October 30, 2016, I was hacked. The person was probably in the Philippians and he was an above average hacker. Somehow he knew that I had an iphone and that I needed my apple ID to do anything with my phone. He also knew that my recovery email was my gmail account so he would need to compromise both and gain control over them. He did that. Then he went to work changing all of the recovery methods so that it would take me a long time to get my accounts back.
History:
I have a bit of a history with online security. When I got my first Yahoo Email account, a hacker had taken over my account. It took over 2 months to get it back.
This time it was more sophisticated. He had automation. He had scripts. Hackers tools had evolved. Normally on Saturday nights I stay up later – as most people do. So by 3am, I was deep into a sleep and I wasn’t going to be waking up for a while. The Hacker started working:
3:00am CST – The Hack Begins. It started early on a Sunday morning. I was still asleep.
10:42am CST – I woke up.
When I woke up that Sunday morning and finally looked at my phone, I saw all of the emails:
“Your password has been changed.”
“Your recovery and account information has been changed.”
Those are some of the worst emails and notifications you can receive. Especially for anyone that has online accounts that hold so much personal information.
10:43am CST – I was only on my phone for a brief time and then he wiped it. He remotely wiped it and removed the “Find my iPhone” App. By doing this, it made the phone a brick. The phone store would not accept it in – I would later find out.
Who was this? How did this start? I saw that it had started happening around 3am so he already had an 8 hour head start. As I attempted to recover some of the accounts, it became more clear how bad this was. I tried my best to change passwords and reset recovery info, but nothing was working. Then he went after PayPal. Then coinbase. One by one my accounts were attacked. It was a terrible feeling. And it was embarrassing.
If you are in a sinking row boat, the first thing you do is try to stop the water from coming in.
One of the first emails that I see:
He was online. 10:40am CST
(He had signed in to my GMAIL account on his Windows PC. He was waiting for me to wake up and start to try and recover my accounts. )
My main phone was an iPhone 6S. I just happened to have a brand new iPhone 7 that I had gotten in the mail. I had 30 days to activate it and that would give me a chance to move everything over. But I did not have time. NOW, the device was already wiped by the hacker and he was going to go after all other devices (phones/tablets) under the Apple ID.
I had to get hold of Sprint right away:
Chat ID: 742627XXXXXXXXX772909
DATE/TIME: 2016-10-30 11:51:40 EST (10:51 am CST)
Your chat transcript:
Sprint : We received your information and will connect you with a Chat Specialist soon.
You : hello
You : klasdjfolqwejif
Henry R : Thank you for contacting Sprint. My name is Henry R. I am happy to help you today.
Henry R : I understand your concern.Henry R : I’ll be glad to help you.
You : my account was hacked
You : not sprint
You : but gmail and apple ID
You : i have a new phone and I need to activate itYou : asap
Henry R : I am sorry to hear that your account was hacked.
Henry R : May I please have your phone number on which you want to activate and the MEID number for your new phone?
Henry R : Please let me know if you’re still available to chat with me so I can continue to assist you.
You : 5154947555
You : where do i find MEID
Henry R : Let me help you how to locate it.
Henry R : What is the make and model for your new phone.
You : iphoine 7
Henry R : That’s great!
Henry R : From the phone please tap Settings>General>About to get the MEID number.
You : ok got it
You : XXXXXXXXXXXXXX
You : do NOT use my gmail
You : the hackers have it
Henry R : Excellent! Thanks.
Henry R : Sure, Brock, We will not be updating the email Id from our end.
Henry R : May I please have your 6-10 digit numeric PIN to access your account?
You : (PIN ENTERED)
Henry R : The PIN you provided doesn’t match the information I have for your account. Please answer your backup security question: (Next question asked)?
You : XXXX
Henry R : Thanks.Henry R : Brock, please turn off your new device.
You : one secondYou : ok its off
Henry R : Thanks.Henry R : Please turn on your new device.
Henry R : Once the phone is back on, dial 1-888-546-0314 and let me know if it was successful.
You : actually i should probably wait until i get my other ID’s backYou : otherwise they may wipe this one
Henry R : Oh, Okay.Henry R : Brock, I have taken care of the activation for you and our phone should be ready to use once you have setup the phone.
You : one second
Henry R : Sure, Please take your time. Henry R : How is it going?
You : slow You : i need to find out when my gmail account was created
You : im looking for that information
Henry R : Okay. Henry R : Brock, Does it gives you the option to set up your phone as a new phone without entering the email Id?
You : its an iphone so if i set it up then the hackers could wipe it You : if it wipes this phone then i am going to be in a LOT of trouble
Henry R : Brock, I can understand that, however, if the phone is set up without entering your email Id(Apple Id) that was hacked earlier the phone could not be hacked.You : ive already started that process
You : yesterday
Henry R : Okay. Henry R : How do you discovered that your gmail and Apple Id was hacked?
You : i am setting up a new email account
Henry R : Perfect!
You : i started getting messages and SMS that passwords were being reset
Henry R : Okay. Henry R : I am still with you.
You : ok i am here
Henry R : Have you completed setting up a new new account?
You : yes You : i have a new email account
Henry R : Perfect! Are you now able to setup your iPhone?
You : not yet
Henry R : Okay. Henry R : As I understand you are in the process of setting up the iPhone, right?
You : yes
Henry R : Perfect!
You : im on the phone with my identy security company
Henry R : Please let me know once you have completed setting up the phone.
Henry R : Okay.You : ok
Henry R : Brock, We have taken care of the phone activation for you.
You : ok
Henry R : If you face any problem with the services after you setup the phone you can chat with us anytime. Henry R : Thank you! for investing your time on this chat and together we have fixed this for you. Henry R : We take pride in providing the best customer service possible to our customers. I hope you feel valued and served.Henry R : We appreciate you being a customer, and we want to make sure your queries are taken care of. Please advise, if I can do anything else to make your experience better with Sprint.Henry R : Since you?re not available to continue our chat, I am ending our session. I?ll leave a note on your account about our conversation for the next Specialist that helps you.Henry R : You?ll receive a transcript of our chat within a couple of hours at the email address you provided for this session or your sprint.com email address if you signed in prior to chatting.
I couldn’t finish my conversation with Harry. I was on to the next thing.
For future reference, here are some things to keep in mind to further secure your online accounts:
WHAT YOU WILL NEED:
Recovery Email Account (do not give to humans. Systems only. )
AUTHY and GOOGLE AUTHENTICATOR (2FA systems/apps)
Main Email Account (give out on a limited basis)
Alternative Email Account (give out to Stores)
Audit Logs, Notifications
Next I had to talk to Coinbase:
10:54am CST – Talking to Coinbase
Once you have secured your accounts, make sure you have 2FA (two factor authentication) set up on each of them. I thought I had done that, but I was wrong.
Between 11:48am CST and 12:30am CST – Done with Coinbase.
Sunday 10:47am CST – Gmail account is recovered. 5,400 emails received and sent. He was using bots and scripts.
Sunday 11:01pm CST Was on the phone with Lifelock and chatting with Sprint.
Facebook had 2FA and the hacker never got in. I was able to keep up some communications over FB Messenger during this attack.
I had 2FA (two-factor authentication) set up on most of my accounts, but once my phone was erased, my Authy app no longer worked.
He used iMessage feature that I had turned on to begin mirroring my phone onto his phone and began texting my contacts. (Including my wife at the time – now ex-wife)
This is an actual screen shot from her phone.The last 2 yellow messages were not sent by me. Employees at the Sprint Phone Store said this was not possible.
(The phone number in the screen shot is the hacked phone number. I would suggest staying away from it.)
Later on I had her grab this screen shot. The last two in yellow were not sent from me or from my actual phone. It was being sent from a phone/device that the hacker had control over and was somehow able to send on my phone line (which Sprint told me can’t be done in which I responded by saying yes it could be.) I now have a new phone number – which has only happened 1x in 10 years.
Luckily for me, my ex-wife hated bitcoin so she didn’t have any nor did she have access to any of my wallets.
I got my gmail account back by following their recovery process and then one day later I lost it again.
11/3 10:40PM CST – I tried setting up 2FA on the APPLE ID:
Also, Microsoft Account (email) does not allow changing of a password under a short period of time.
Due to the secure nature of this, I cannot go into every detail on here.
The next Saturday (Nov. 5, 2016) I was in the Sprint store and I got a new number. I was able to recover my apple ID and I have put further security measures on it to make it even more secure than I already had on it.
Here is what it looks like now when someone would try to sign into my Apple ID account:
Multiple screens on the iphone that prompt you if you or anyone is trying to sign into your account on any device.
Hopefully this wouldn’t appear on the device that the hacker is signing in. If so, your account is compromised and you need to go back to the beginning and work with Apple Support to secure it.
The only reason why Apple Support got me my account back is that I still had an old Apple device laying around. It was an old iPhone 4S and I was able to charge it and get it connected to my WIFI. They sent a 6 digit security code to that device and I was able to prove that I had it in my possession.
As I started to get my accounts back 1 by 1, I noticed something strange.
When I was looking through my iCloud account, I noticed some strange pictures.
It seems that the hacker’s kids were playing with his phone and had managed to upload pictures and 1 video up to my account. Since getting my account back, he has not been able to log back in and delete them.
Secure your accounts. Double check the security that you have on them. All of them. Look at setting up 2FA and not the SMS type to your phone. The hacker was able to stop my phone from getting text messages and he routed them all to his phone. (that was mirroring mine.) It is a lot better if you take the time now – rather than having to do clean up later.
I wonder if these kids know that their dad is a hacker… I wonder if they realize I am posting their pictures all over the internet?
If it can happen to me and other people within IT, it can happen to anyone. I don’t claim to be an expert in IT security, but I thought I was better protected than I was.
I am writing this in hopes that someone will see this and take Account Security more seriously.
