Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: What's The Deal With Bitcoin? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What's The Deal With Bitcoin?

This week brought a number of headlines related to Bitcoin--a peer-to-peer online currency that seems to be increasing in popularity. From the security perspective, the rise of Bitcoin offers a peek at the type of financial transactions that may need to be safeguarded in the future and also provides insight into the criminal activities associated with such transactions.

Malware has appeared to steal Bitcoin wallets, time is near where botnets will be used for Bitcoin mining and attackers are probably considering whether weaknesses in the Bitcoin design and implementation might be used to game the Bitcoin market. Just like Friendster was the precursor to today's on-line social networks and Napster foreshadowed modern online music distribution models, so too BitCoins might be a sign of upcoming approaches to distributed online financial transactions.

Here are a few articles for coming up to speed on Bitcoin and the recent incidents associated with it.

Getting Started With Bitcoin

Bitcoin Mining

  • Understand the notion of Bitcoin mining--generating new Bitcoins by solving cryptographic problems. Consider the likely scenario of compromised computers being used for Bitcoin mining--a malicious practice that is not yet widespread, yet will inevitably rise in popularity.
  • Consider the Bitcoin mining tool written in JavaScript. It solves cryptographic problems to generate new Bitcoins while running in the browser of visitors to the miner's website. Could this approach provide a new way for legitimate websites to generate revenue without displaying traditional ads? Might such code running inside malicious Flash ads provide a new revenue stream for online attackers?

Recent Bitcoin Incidents

Potential Bitcoin Implications

The notion of Bitcoin as a distributed and anonymous form of currency is capturing the world's attention. The readers of this blog will find it particularly interesting to consider the implications of the role that such currency can play in the criminal marketplace and online attack activities.

Perhaps Bitcoin might be ahead of its time and maybe its design and implementation is flawed--we will know soon enough. Regardless, it is an idea that will inspire creative thinking in the space of online payments. In the words of Edward Z. Yang, "The future of Bitcoin depends on those who will design its successor. If you are investing substantially in Bitcoin, you should at the very least be thinking about who has the keys to the next kingdom."

(This diary is based on the text originally published on my blog.)

-- Lenny Zeltser

Lenny Zeltser leads a security consulting team and teaches how to analyze and combat malware. He is active on Twitter and writes a daily security blog.

 

Lenny

216 Posts
ISC Handler
With Bitcoin there are no refunds, you can't reverse a transaction and nobody insures you. But some people think this is a good thing; it reinforces 'buyer beware' and users are not.'subsidising' fraud by way of higher transaction fees from merchants to cover those losses.

Bitcoin sometimes resembles a virtual world of its own, so someone could create insurance or escrow services for anyone who wants those (and is willing to trust them).

The 'stolen 25000 BTC' or however much, I believe would have been worth much less (<$25,000) at the time it was stolen. My understanding is it was the accumulated funds of many people who'd entrusted their money to a 'virtual Bitcoin bank' service who then ripped them off. Having traced the movement of the stolen funds, a Bitcoin currency exchange service detected when someone tried to cash in those funds for 'real money', and effectively seized them.

All Bitcoins have a traceable history, so don't assume it's anonymous, unless you employ some method of 'mixing' money to hide the trail.
Steven C.

171 Posts
Fascinating development. Bit Coins have more inherent value than the fiat currency in use by nearly every nation on Earth today because at least there is a hard upper limit to the number of Bit Coins that can ever exist. Meanwhile the Federal Reserve conjures up trillions of dollars out of thin air with the stroke of a keypad, more "wealth" than you and your entire family line will own in the next thousand years.

Tell me again why we shouldn't all embrace a concept like Bitcoin?

As for the potential use to purchase illegal goods, so what? Some of the 20 million+ unemployed Americans might get high in the safety and comfort of their own homes, assuming haven't been foreclosed on yet. Guess we can cross DEA off my potential list of employers.

I don't think authorities in supposedly free nations have a right to scrutinize every aspect of the lives of their supposedly "free" citizens. I believe in freedom, not tyranny. But I know better...

I'm just wondering how long until cash is done away with. Every time I withdraw another $500 from an ATM it must drive my babysitters mad.
Steven C.
22 Posts

Sign Up for Free or Log In to start participating in the conversation!