Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #785 Bit[coin]burg, Part 4: Fool’s Gold, Part 2

 Dave Emory’s entire life­time of work is avail­able on a flash drive that can be obtained here. (The flash drive includes the anti-fascist books avail­able on this site.)

Listen: MP3

Side 1  Side 2

Introduction: The fourth of our programs about Bitcoin, this broadcast further documents the predictable chaos and malfeasance resulting from a valuable monetary entity that is totally unregulated and open to all of the vagueries and criminality to which internet business is subject. (The previous shows on the subject are: FTR #’s 760, 764, 770.)

After discussing the suspicious death of Autumn Radke, CEO of a Bitcoin startup exchange, the broadcast underscores the rampant fraud and criminal behavior that characterizes every facet of the Bitcoin operations and landscape.

Much of the program focuses on the collapse of the Mt. Gox exchange in Japan, one of the world’s largest Bitcoin marketplaces. Blamed initially on hackers, it may well be that the operators of Mt. Gox were engaged in deliberate malfeasance, as were anonymous hackers who called attention to the sins of the company’s management.

The glitch that appeared to have left Mt. Gox open to hacking has led to the temporary shutdown of the successor to the Silk Road site, as well as opening the way for “bots” to begin attacking the entire Bitcoin financial landscape!

In the past, we have discussed the profound links between the advocates and users of Bitcoin and the Austrian school of economics. Those advocates include Patrick Byrne, the CEO of Overstock.com, the largest retail outlet to begin accepting Bitcoins as currency.

The program concludes with another look at the concentration of economic ownership affecting Bitcoin.

Program Highlights Include: Discussion of the “transaction malleabilty” that brought down Mt. Gox; the vacancy of leadership in the Bitcoin Foundation, due to the indictments and legal troubles of the top advocates and users of the troubled online currency; review of Silk Road and its criminal transactions; the fact that the top .01 percent of Bitcoin owners control %50 percent of Bitcoins; Mt. Gox’s claim that it “discovered” roughly $16 million in Bitcoins in a wallet that it had “forgotten about;” allegations that Silk Road’s administrators actually stole the missing Bitcoins themselves; the discovery that the communications from hackers alleging that Mt. Gox’s administrators were engaged in deliberate theft contained malware permitting the theft of Bitcoins from anyone opening the files about the firms alleged malfeasance; hackers’ denial of service attacks on startup tech companies, demanding Bitcoins in ransom in exchange for ceasing the attacks.

1a. At the conclusion of FTR #772, we wryly suggested that, with the epidemic of suspicious deaths plaguing the financial industry of late, Bitcoin enthusiasts should develop their own online currency for murdering each other, named “Hitcoin.” Perhaps that suggestion is not as remote as it might appear to be at first glance.

“Head of Online Cur­rency Exchange Found Dead in Singapore” by Javier E. David; NBC News; 3/5/2014.

Autumn Radtke, the CEO of an upstart online currency exchange, died last week under mysterious circumstances at her home in Singapore.

Radtke, the U.S.-born head of First Meta, was found dead by local police Feb. 28, with the cause of death yet to be deter­mined. In a state­ment on its web­site, First Meta said the com­pany “was shocked and sad­dened by the tragic loss of our friend and CEO Autumn Radtke.”

In an inter­view with The Wall Street Jour­nalthe company’s direc­tor and nonex­ec­u­tive chair­man, Dou­glas Abrams, said the exact cause of Radtke’s death was “still under investigation.”

Prior to tak­ing the reins at First Meta in 2012, the 28-year-old Radtke had once closely worked with tech­nol­ogy giant Apple, to bring cloud-computing soft­ware to Johns Hop­kins Uni­ver­sity, Los Alamos Labs and the Aero­space Corp., accord­ing to her biog­ra­phy. She then took up busi­ness devel­op­ment roles at tech start-ups Xfire and Geo­delic Sys­tems, accord­ing to infor­ma­tion on her LinkedIn profile.

First Meta bills itself as a clear­ing­house for the pur­chase and exchange of vir­tual cur­ren­cies, includ­ing bitcoin.

Her death comes as trou­bles swirl around the nascent cryp­tocur­rency indus­try, and amid a rash of sui­cides in the finan­cial indus­try as a whole.

Last week, the world’s largest bit­coin exchange, Mt.Gox, imploded; mean­while, nearly $500 mil­lion in client funds van­ished overnight. Else­where, untimely demises unre­lated to bit­coin have claimed the lives of bankers at JPMor­gan, Deutsche Bank and Zurich Insur­ance Group.

1b. Encompassing all of the folly and deliberate malfeasance that characterizes Bitcoin, the Bitcoin Foundation has found itself leadersless, in the wake of the arrests of key players in the bitcoin milieu.

“Lead­er­less: Bit­coin Foun­da­tion Plagued by Alle­ga­tions of Self-Dealing and Embezzlement” by Michael Carn; Pando Daily; 3/27/2014.

What’s the role of an indus­try trade group and how much author­ity should com­pa­nies place in the hands of these unof­fi­cial leaders?

That’s the ques­tion much of the bit­coin com­mu­nity is ask­ing at the moment as the Bit­coin Foun­da­tion, the industry’s unof­fi­cial cus­to­dian and mouth­piece, faces alle­ga­tions of self-dealing and embezzlement.

Accord­ing to the Foundation’s own web­site, it exists to “stan­dard­ize, pro­tect, and pro­mote the use of Bit­coin cryp­to­graphic money for the ben­e­fit of users world­wide.” Sev­eral hun­dred bit­coin com­pa­nies are mem­bers of the Foun­da­tion and have donated heav­ily to fund its oper­a­tions. The orga­ni­za­tion is led by a board of promi­nent crypto-currency entre­pre­neurs, investors, jour­nal­ists, and aca­d­e­mics, chiefly its Chair­man, Coin­Lab founder Peter Vessenes who has been the sub­ject of the most skep­ti­cism and scrutiny.

The spot­light was first shone on the Foundation’s lead­er­ship by con­tro­ver­sial bit­coin blog­ger Ryan Selkis, aka the Two-Bit Idiot. On March 2nd, fol­low­ing the unrav­el­ing of Mt. Gox, Selkis wrote that Vessenes and Exec­u­tive Direc­tor Jon Mato­nis would be step­ping down prior to the con­clu­sion of their cur­rent terms, “[seem­ingly rec­og­niz­ing] the need for the Foun­da­tion to clean house in order to revi­tal­ize its image in the com­ing months.” Days later, when forced to retract that pre­dic­tion, Selkis began an aggres­sive, and occa­sion­ally manic cam­paign call­ing for their imme­di­ate ouster due to a fail­ure of lead­er­ship.

At his most livid, Selkis called the cur­rent board “ille­git­i­mate” and demanded senior lead­ers across the bit­coin ecosys­tem stage a coup or kill the Foun­da­tion alto­gether – a posi­tion from which he later backed down, but not before writing:

Peter Vessenes and Jon Mato­nis are not scape­goats. They are not inno­cent bystanders. And they are not eth­i­cally enti­tled to remain in their board seats through later this year.

Selkis then promised to reveal “damn­ing facts” if his demands were not met, includ­ing the those relat­ing to: the Foun­da­tion ignor­ing warn­ing signs of Mt. Gox’s fail­ure as early as April 2013; Foun­da­tion direc­tors exploit­ing their posi­tions to with­draw funds from a fail­ing Gox while the gen­eral pub­lic was los­ing their shirts; and con­flicts of inter­est between director’s roles within the foun­da­tion and their per­sonal bit­coin businesses.

After a sev­eral days of self-described back­lash from the bit­coin com­mu­nity, Selkis issued a con­ces­sion and never pub­lished those damn­ing facts – despite main­tain­ing that his accu­sa­tions were “100% truthful.”

Selkis’ lightning-rod sta­tus can­not be denied and has made it easy for many to write off his claims as those of a man seek­ing atten­tion – he’s acknowl­edged on mul­ti­ple occa­sions plans to write a book about bitcoin’s recent scan­dals – and also hop­ing to enrich his own bit­coin insur­ance startup through spread­ing fear. But it bears not­ing that for all his blus­ter, Selkis has also been the source of a num­ber of accu­rate and impact­ful break­ing news sto­ries, not the least of which was pub­lish­ing Mt. Gox’s Cri­sis Strat­egy doc­u­ments ahead of its even­tual bankruptcy.

Now, how­ever, it’s not just Selkis who’s beat­ing the drum for changes atop the Bit­coin Foun­da­tion. Blockchain.info CSO Andreas Antonopou­los, who’s is held as close to a deity as any­one within the bit­coin com­mu­nity – a list on Red­dit once ranked him below Satoshi Nakamoto but above Mother Teresa and Jesus – has also called for lead­er­ship change. Speak­ing on the Lets Talk Bit­coin pod­cast yes­ter­day, Antonopou­los called the Foun­da­tion “rot­ten from the top” and said that he wouldn’t be sur­prised to see it implode due to embez­zle­ment:

They cer­tainly have received many funds. Where are those funds, who con­trols those funds, when were they last audited, are they actu­ally sol­vent, or have all of those funds dis­ap­peared into a big black hole? Just remem­ber who was in the lead­er­ship until recently, who is in lead­er­ship today, and what their track record with ethics has been.

And, I would sug­gest that I would be not sur­prised at all if the foun­da­tion implodes in a giant embez­zle­ment prob­lem some­time down the line or funds get stolen – within quotes or not within quotes – some­thing like that. It’s bound to hap­pen because these things hap­pen not because of tech­ni­cal fail­ures, they don’t hap­pen because of bad actors, they hap­pen because of fail­ures of lead­er­ship. And the foun­da­tion is the very def­i­n­i­tion of a fail­ure of leadership.

Those are incred­i­bly strong words and not the kind of accu­sa­tions to be taken lightly. It bears not­ing that Antonopou­los didn’t sug­gest any direct knowl­edge of embez­zle­ment or crim­i­nal wrong­do­ing, nor did he pro­vide any evi­dence to that effect. He sim­ply said that he views it as inevitable due to the char­ac­ter and com­pe­tence of the Foundation’s lead­er­ship – lead­er­ship that until recently included Mark Karpe­les, the CEO who led Mt. Gox into bank­ruptcy, and Char­lie Shrem, the bit­coin entre­pre­neur recently charged with money laun­der­ing, among other offenses. Antonopou­los’ state­ments are com­pli­cated by the fact that he is a vol­un­teer mem­ber of a Bit­coin Foun­da­tion work­ing group, a fact that he acknowl­edges within the podcast.

So where does this leave the Bit­coin Foun­da­tion, it’s cur­rent lead­er­ship, and the entirety of the bit­coin com­mu­nity as it fights for cred­i­bil­ity and legit­i­macy among reg­u­la­tors, investors, mer­chants, and every­day consumers?

2a. A software glitch that has permitted the looting of bitcoins has claimed the new Silk Road site as one of its victims. Correction: The Silk Road 2.0 shutdown was described as temporary. We are not aware of whether or not it has reopened.

“Drug Site Silk Road Wiped Out by Bit­coin Glitchby Jose Pagliery; CNNMoney; 2/14/2014.

. . . The revived online black mar­ket Silk Road says hack­ers took advan­tage of an ongo­ing Bit­coin glitch to steal $2.7 mil­lion from its customers.

The under­ground website’s anony­mous admin­is­tra­tor told users Thurs­day evening that attack­ers had made off with all of the funds it held in escrow. Silk Road serves as a mid­dle­man between buy­ers and sell­ers, tem­porar­ily hold­ing on to funds in its own accounts dur­ing a deal. Buy­ers put their money into Silk Road’s accounts, and sell­ers with­draw it.

At the time of the attack, here were about 4,440 bit­coins in Silk Road’s escrow account, accord­ing to com­puter secu­rity researcher Nicholas Weaver.

The news has shaken con­fi­dence in Bit­coin. Prices dropped sharply overnight, though they’ve since bounced back to about $660.

Silk Road can only be accessed on the deep Web using Tor, a spe­cial pro­gram that hides your phys­i­cal loca­tion. The FBI shut down Silk Road and arrested its alleged founder in Octo­ber, but shortly there­after, tech-savvy out­laws started Silk Road 2.0 in its place.

It is pri­mar­ily used to buy and sell drugs. Bit­coins are the only kind of cur­rency accepted on the site, because they are traded elec­tron­i­cally and are dif­fi­cult to trace to indi­vid­u­als. But Bit­coin accounts also lack pro­tec­tions that most bank accounts have, includ­ing government-backed insurance.

That means the bit­coins stolen from the Silk Road users are gone forever.

The new site’s admin­is­tra­tor, a face­less per­sona known only as Def­con, posted a nerve-racking mes­sage Thurs­day night that began with, “I am sweat­ing as I write this.”

He said hack­ers took advan­tage of the same flaw in Bit­coin that knocked major exchanges Bit­stamp and Mt.Gox offline over the past two weeks. That glitch allowed Silk Road hack­ers to repeat­edly with­draw bit­coins from the site’s accounts until they were empty.

In detail­ing the alleged hack, Def­con listed the online iden­ti­ties of the three sup­posed attack­ers and shared records of the trans­ac­tions. And in an exam­ple of the kind of dark, dan­ger­ous world of ille­gal drug trade, Def­con called on the pub­lic to “stop at noth­ing to bring this per­son to your own def­i­n­i­tion of justice.”

“I failed you as a leader and am com­pletely dev­as­tated by today’s dis­cov­er­ies,” Def­con wrote, adding that the web­site should have fol­lowed the approach of other major Bit­coin exchanges and halted with­drawals due to the Bit­coin sys­tem flaw. Silk Road has since tem­porar­ily shut down.

Many have accused the site’s admin­is­tra­tors of fak­ing the hack and steal­ing the money them­selves. But in a world where drugs are out­right ille­gal — and there’s lit­tle to no reg­u­la­tion of Bit­coin trans­ac­tions — it’s dif­fi­cult to prove anything.

It’s just his kind of bad news that smears Bitcoin’s cred­i­bil­ity and keeps the cur­rency from going mainstream.

2b. Bit­coin exchanges are now suf­fer­ing a mas­sive denial-of-service attack, but with a twist: Someone’s bot­net is apply­ing the same “trans­ac­tion mal­leabil­ity” tech­nique that brought down MtGox, but instead of just hit­ting MtGox this bot net­work is mal­form­ing all sorts of bit­coin trans­ac­tions simul­ta­ne­ously! As a con­se­quence, we’re learn­ing that it wasn’t just MtGox that needed to update their soft­ware:

“Bit­coin Exchanges Under ‘Mas­sive and Con­certed Attack’” by Emily Spaven; Coin­Desk; 2/11/2014.

A “mas­sive and con­certed attack” has been launched by a bot sys­tem on numer­ous bit­coin exchanges, Andreas Antonopou­los has revealed.

This has lead to pop­u­lar exchange Bit­stamp putting a tem­po­rary halt on all bit­coin with­drawals, and BTC-e announc­ing pos­si­ble delays on trans­ac­tion crediting.

Antonopou­los, who is the chief secu­rity offi­cer of Blockchain.info, said a DDoS attack is tak­ing Bitcoin’s trans­ac­tion mal­leabil­ity prob­lem and apply­ing it to many trans­ac­tions in the net­work, simultaneously.

“So as trans­ac­tions are being cre­ated, malformed/parallel trans­ac­tions are also being cre­ated so as to cre­ate a fog of con­fu­sion over the entire net­work, which then affects almost every sin­gle imple­men­ta­tion out there,” he added.

Antonopou­los went on to say that Blockchain.info’s imple­men­ta­tion is not affected, but some exchanges have been affected – their inter­nal account­ing sys­tems are grad­u­ally going out of sync with the net­work.

He empha­sised that this isn’t affect­ing with­drawals, because most exchanges are not pro­cess­ing them automatically.

Mt. Gox is the exchange that has suf­fered the most over the past few days, due to a num­ber of fac­tors, said Antonopou­los. One prob­lem is that it was using a cus­tom client (not the core Bit­coin soft­ware), on top of that there is the DDoS attack, plus it was using an auto­mated sys­tem to approve withdrawals.

“This is not hap­pen­ing to other exchanges because they’re not stu­pid enough to issue with­drawals with­out check­ing them out first,” he explained.

Antonopou­los said we will see a few exchanges sus­pend with­drawals tem­porar­ily while they re-work their account­ing sys­tems to ensure they are not con­fused by the attack.

“It’s impor­tant to note no funds have been lost. With­drawals have been halted to pre­vent funds from being lost or to pre­vent the bal­ances from going out of sync,” he stressed.

Indus­try action

An industry-wide coor­di­nated response has been put into action, with exchanges and core devel­op­ers col­lab­o­rat­ing actively to attack the prob­lem from mul­ti­ple angles.

Var­i­ous other groups within the ecosys­tem, includ­ing the big min­ing pools, are work­ing to stop the issue from prop­a­gat­ing across the network.

Bit­coin devel­oper Jeff Garzik said the core bit­coin block chain con­sen­sus mech­a­nism and pay­ment sys­tem are con­tin­u­ing to work as before, and are not directly impacted by trans­ac­tion malleability.

He added: “Web wal­lets and other ser­vices that build ser­vices on top of bit­coin are report­ing prob­lems sim­i­lar to MtGox, and are tak­ing safety mea­sures to ensure no fund loss, dur­ing this net­work disruption.

“Yesterday’s state­ment must be revised: we will likely issue an update fix­ing two edge cases exposed by this attack.”

Bit­stamp has issued a state­ment explain­ing that it has tem­porar­ily halted BTC with­drawals. It begins:

Bitstamp’s exchange soft­ware is extremely cau­tious con­cern­ing Bit­coin trans­ac­tions. Cur­rently it has sus­pended pro­cess­ing Bit­coin with­drawals due to incon­sis­tent results reported by our bit­coind wal­let, caused by a denial-of-service attack using trans­ac­tion mal­leabil­ity to tem­porar­ily dis­rupt bal­ance check­ing. As such, Bit­coin with­drawal pro­cess­ing will be sus­pended tem­porar­ily until a soft­ware fix is issued.

The state­ment goes on to reveal that no funds have been lost, nor are any at risk.

Don’t panic

Antonopou­los was keen to stress that, although this is a seri­ous attack, it doesn’t spell the end of bit­coin. He believes the DDoS attack will be “thwarted” and exchanges will be run­ning as usual by Friday.

“I expect things will go back to nor­mal and the honey bad­ger of money can con­tinue show­ing its resilience,” he said.

“The death of bit­coin has been pre­ma­turely announced so many times already that the obvi­ous con­clu­sion is that bit­coin is far more resilient than its crit­ics would like to think. I am con­fi­dent that in a few days, those who pre­dicted the death of bit­coin will once again be proven wrong,” Antonopou­los concluded.

3a. One of the most prominent of the Bitcoin exchanges has gone down, amid claims of theft of $365 million worth of Bitcoins.

“Mt. Gox Bit­coin Exchange Down Amid $365 Mil­lion Theft Claim” by Carter Dougherty and Pavel Alpeyev; Bloomberg News; 2/25/2014.

Mt. Gox, the Tokyo-based Bit­coin exchange that halted with­drawals this month, went offline as a doc­u­ment sur­faced alleg­ing long-term theft of about $365 mil­lion in the dig­i­tal currency.

A doc­u­ment posted online that appeared to be an inter­nal strat­egy paper said uniden­ti­fied thieves stole 744,408 Bit­coins from the exchange — about $365 mil­lion at cur­rent rates — and that the theft “went unno­ticed for sev­eral years.”

“The real­ity is that Mt. Gox can go bank­rupt at any moment, and cer­tainly deserves to as a com­pany,” accord­ing to the document.

The doc­u­ment, which out­lines plans for lead­er­ship changes, re-branding and a pos­si­ble move to Sin­ga­pore, was posted online by blog­ger Ryan Galt. A per­son briefed on the sit­u­a­tion at Mt. Gox, who asked to remain anony­mous because the doc­u­ment is pri­vate, said he believed it is authentic.

Bit­coin fell 5 per­cent to $517.71 at 4:48 p.m. Lon­don time, accord­ing to the Coin­Desk Bit­coin Price Index, which aver­ages exchange prices. That’s down from as high as $1,151 on Dec. 4.

Mt. Gox went offline to “pro­tect the site and our users,” accord­ing to a state­ment on its web­site. “We will be closely mon­i­tor­ing the sit­u­a­tion and will react accord­ingly,” it added.

‘Tragic Violation’

A group of Bitcoin-related com­pa­nies sought to dis­tance them­selves from Mt. Gox, and promised to pro­tect cus­tomer funds to pro­mote usage of the currency.

“This tragic vio­la­tion of the trust of users of Mt. Gox was the result of one company’s actions and does not reflect the resilience or value of Bit­coin and the dig­i­tal cur­rency indus­try,” San Francisco-based Coin­base said in a joint state­ment on its web­site with Kraken, Bit­Stamp, Cir­cle and BTC China, other promi­nent Bit­coin companies.

Is Bit­coin Real Money?

“As with any new indus­try, there are cer­tain bad actors that need to be weeded out, and that is what we are see­ing today,” the com­pa­nies said in the statement.

Efforts to reach the http://www.mtgox.com web­site ear­lier today directed users to a blank white page, a day after Mt. Gox Chief Exec­u­tive Offi­cer­Mark Karpe­les resigned from the Bit­coin Foun­da­tion, an advo­cacy group for the dig­i­tal money. At one point today, the site read “put announce for mtgox acq here.”
‘Alleged Insolvency’

“We are shocked to learn about Mt. Gox’s alleged insol­vency,” the foun­da­tion said in an e-mailed statement.

Bit­coin was intro­duced in 2008 by a pro­gram­mer or group of pro­gram­mers under the name Satoshi Nakamoto and has since gained trac­tion with mer­chants around the world. The dig­i­tal money, based on a peer-to-peer soft­ware pro­to­col, has no cen­tral issu­ing author­ity, and uses a pub­lic ledger to ver­ify trans­ac­tions while pre­serv­ing users’ anonymity.

The Bit­coin Foun­da­tion said that, despite the trou­bles at Mt. Gox, the Bit­coin pro­to­col was func­tion­ing nor­mally. In recent days, Mt. Gox had stopped with­drawals, cit­ing an alleged flaw in the protocol.

Since at least 2011, enthu­si­asts have been trad­ing Bit­coins for dol­lars and other tra­di­tional cur­ren­cies, and in early 2013 Mt. Gox was one of the biggest exchanges. Mt. Gox said this month that it iden­ti­fied a bug that enables peo­ple to with­draw the same Bit­coins more than once, leav­ing it vul­ner­a­ble to hackers.

Prices quoted on the exchange plunged on spec­u­la­tion that account hold­ers wouldn’t be able to get their coins back.

The trou­bles at Mt. Gox are the lat­est set­back for Bit­coin after author­i­ties in Rus­sia, China and Israel sought to restrict the dig­i­tal money, while the U.S. seeks ways to pre­vent money-laundering and illicit sales with­out killing the new technology.

3b. Whereas the failure of Mt. Gox was blamed on the same software glitch that has subverted both “legitimate” and underground Bitcoin markets, hackers associated with Bitcoin are claiming deliberate malfeasance on the part of the Mt. Gox operators.

“Hackers Hit Mt. Gox Exchange’s CEO, Claim to Publish Evidence of Fraud” by Andy Greenberg; Forbes; 3/9/2014. 

The Bitcoin community has been angrily pressing for details on what the Bitcoin exchange Mt. Gox has described as a massive hacker attack that stole hundreds of millions of dollars worth of its users’ bitcoins and left the company bankrupt. Mt. Gox’s staff isn’t talking. So another group of hackers say they’ve broken into the company’s servers to provide answers of their own.

On Sunday, hackers took over the Reddit account and personal blog of Mark Karpeles, Mt. Gox’s CEO, to post an angry screed alleging that the exchange he ran had actually kept at least some of the bitcoins that the company had said were stolen from users. “It’s time that MTGOX got the bitcoin communities wrath instead of [the] Bitcoin Community getting Goxed,” wrote the unidentified hackers, referring to the multiple occasions over its three year history when Mt. Gox has gone offline, delayed trades or suspended withdrawals, events so common that Bitcoin users coined the phrase to be “goxed”–to suffer from Mt. Gox’s technical glitches.

The hackers also posted a 716 megabyte file to Karpeles’ personal website that they said comprised stolen data from Mt. Gox’s servers. It appears to include an Excel spreadsheet of over a million trades, a file that purports to show the company’s balances in eighteen difference currencies, the backoffice application for some sort of administrative access to the databases of Mt. Gox’s parent company Tibanne Limited, a screenshot of the hackers’ access to those databases, a list of Mark Karpeles’ home addresses and Karpeles’ personal CV.

A screenshot posted by Mt. Gox’s hackers, seeming to show administrative access to the company’s database of trades.

Update: Users on Reddit are warning that the hackers’ files may contain malware designed to steal bitcoins. Other Reddit users have confirmed that they found their own account history in the data, indicating that it’s not fake. But for security reasons, I don’t recommend anyone download the collection of hacked files.

In the hackers’ summary of Mt. Gox’s balances in various currencies, they point to a claimed balance of 951,116 bitcoins, which they take as evidence that Mark Karpeles’ claim to have lost users’ digital currency to hackers is fraudulent. “That fat fuck has been lying!!” a note in the file reads.

I’ve reached out to Karpeles for comment, but haven’t yet heard back from him. Mt. Gox’s embattled chief executive has remained almost entirely mum as his company has imploded over the last weeks.

In a possibly related incident, a user on the BitcoinTalk forum posted a message–since deleted by the forum’s moderators–claiming to be offering for sale a 20 gigabyte stolen database from Mt. Gox, including the personal details of all its users and even scans of their passports. “This document will never be elsewhere published by us,” wrote the user, who went by the name nanashi____. “Selling it one or two times to make up personal loses from gox closure.” The hacker asked for a price of 100 bitcoins for the database, about $63,600 at current exchange rates.

‘I’ve reached out to nanashi____ via an email address he or she provided, and I’ll update this post if I hear back.
I couldn’t verify that Sunday’s database dump was real, or that it showed any of the “lying” that the hackers claimed. In fact, it may simply show how Mt. Gox’s accounting mismatched with its actual store of Bitcoins–that it was counting bitcoins as being safe in its coffers when they had already been stolen by thieves.

But as Bitcoin experts pore over the hacked files, they may yet offer clues to the mystery around Mt. Gox’s fate. The Bitcoin community has been puzzled by the apparent lack of movement of Mt. Gox’s bitcoins since the company declared bankruptcy last month. Despite stating that it lost 850,000 bitcoins in total in its bankruptcy filing, Bitcoin experts haven’t seen the movement of those coins in the Bitcoin blockchain, the public ledger of transactions that prevents fraud and forgery in the Bitcoin economy.

Moderators on the Bitcoin subforum on Reddit deleted the hackers’ post a few hours after it first appeared, stating that posting stolen content violated the forum’s etiquette rules. But users on the forum didn’t hesitate to draw their own conclusions: the top post on the forum Sunday afternoon read “Mt. Gox scam was just exposed — MK [Mark Karpeles] officially stole our funds.”

“We’ve been goxed!” it added.

3c. The question suggests itself as to just “who’s zooming who” with regard to the Mt. Gox failure. It may well be that the entire leak of Mt. Gox records “leaked” by hackers may have been a gambit to steal Bitcoins. The leak contains malware that searches for, and steals, Bitcoin wallets! “. . . . It seems that the whole leak was invented to infect com­put­ers with Bitcoin-stealer mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox topic,” Lozhkin said. . . .”

“Bitcoin-Stealing Mal­ware Hid­den in Mt. Gox Data Dump, Researcher Saysby Lucian Constantin; PC World; 3/17/2014.

An archive con­tain­ing trans­ac­tion records from Mt. Gox that was released on the Inter­net last week by the hack­ers who com­pro­mised the blog of Mt. Gox CEO Mark Karpe­les also con­tains bitcoin-stealing mal­ware for Win­dows and Mac.

Secu­rity researchers from antivirus firm Kasper­sky Lab ana­lyzed the 620MB file called MtGox2014Leak.zip and con­cluded that in addi­tion to var­i­ous Mt. Gox-related doc­u­ments and data, it con­tains mali­cious binary files.

The files mas­quer­ade as Win­dows and Mac ver­sions of a cus­tom, back-office appli­ca­tion for access­ing the trans­ac­tion data­base of Mt. Gox, a large bit­coin exchange that filed for bank­ruptcy in Japan in late Feb­ru­ary after claim­ing it had lost about 850,000 bit­coins to cyber thieves.

How­ever, they are actu­ally mal­ware pro­grams designed to search and steal Bit­coin wal­let files from com­put­ers, Kasper­sky secu­rity researcher Sergey Lozhkin said Fri­day in a blog post.

Both the Win­dows and Mac bina­ries are writ­ten in Live­Code, a pro­gram­ming lan­guage for devel­op­ing cross-platform applications.

When exe­cuted, they dis­play a graph­i­cal inter­face for what appears to be a Mt. Gox data­base access tool. How­ever, in the back­ground they launch a process—TibanneSocket.exe on Windows—that searches for bitcoin.conf and wallet.dat files on the user’s com­puter, accord­ing to Lozhkin. “The lat­ter is a crit­i­cal data file for a Bit­coin crypto-currency user: if it is kept unen­crypted and is stolen, cyber­crim­i­nals will gain access to all bit­coins the user has in his pos­ses­sion for that spe­cific account.”

The mal­ware, which Kasper­sky has named Trojan.Win32.CoinStealer.i (the Win­dows ver­sion) and Trojan.OSX.Coinstealer.a (the Mac ver­sion), uploads the stolen Bit­coin wal­let files to a remote server that used to be located in Bul­garia, but is now offline.

“It seems that the whole leak was invented to infect com­put­ers with Bitcoin-stealer mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox topic,” Lozhkin said.

“Mal­ware cre­ators often using social engi­neer­ing tricks and hot dis­cus­sion top­ics to spread mal­ware, and this is great exam­ple of an attack on a focused tar­get audi­ence,” he said.

3d. Something that belongs in the “The dog ate my homework!” category: Mt. Gox claims that it found 200,000 Bitcoins in a “forgotten” digital wallet, worth $116 at current prices! If you believe that, we’ve got a great deal on the Brooklyn Bridge, payable only in Bitcoins! “The dog ate my Bitcoins!”

“Mt.Gox Finds 200,000 Bit­coins in Old Wal­let” by Charles Riley; CNNMoney; 3/21/2014.

Embat­tled exchange Mt.Gox said Fri­day that it has found 200,000 bit­coins in a “for­got­ten” dig­i­tal wal­let — a haul worth $116 mil­lion at cur­rent prices.

Mt.Gox CEO Mark Karpe­les said in a state­ment that the bit­coins had been uncov­ered in an old-format wal­let that was thought to be empty. Bit­coin wal­lets allow users to store the dig­i­tal cur­rency and exe­cute transactions.

“On March 7, 2014, Mt.Gox Co., Ltd. con­firmed that an old-format wal­let which was used prior to June 2011 held a bal­ance of approx­i­mately 200,000 BTC,” the state­ment said.

Karpe­les said that the dis­cov­ery was reported to lawyers on March 8. The bit­coins were later moved to “offline” wallets.

Mt.Gox was one of the world’s largest Bit­coin exchanges until last month, when it stopped investors from with­draw­ing money and blamed the dis­rup­tion on tech­ni­cal issues and cyber attacks.

The Japan-based com­pany then filed for bank­ruptcy in Tokyo and the U.S., with debts total­ing $64 million.

At the time of its clo­sure, Mt.Gox said that it was unable to locate 850,000 bit­coins, the vast major­ity of which belonged to cus­tomers. The dis­cov­ery reduces the num­ber of lost bit­coins to 650,000, but also raises ques­tions about what really hap­pened to the miss­ing currency.

While the search for the miss­ing bit­coins will con­tinue, many investors har­bor lit­tle hope that all will be recov­ered. Japan­ese author­i­ties had not reg­u­lated the exchange, and no deposit insur­ance was offered.

Related: ‘I lost money with Mt.Gox’

Respond­ing to the wave of doubt gen­er­ated by the exchange’s fail­ure, sev­eral other exchanges and dig­i­tal wal­let providers have sought to reas­sure investors.

“This tragic vio­la­tion of the trust of users of Mt.Gox was the result of one company’s abhor­rent actions and does not reflect the resilience or value of Bit­coin and the dig­i­tal cur­rency indus­try,” an indus­try group said in February.

In related news, the team of vol­un­teer com­puter devel­op­ers who man­age the Bit­coin soft­ware pro­gram has fixed some of the tech­ni­cal issues that Mt.Gox ini­tially blamed for its trou­bles — a quirk in the way Bit­coin works called trans­ac­tion malleability.

3e. In a new twist, hackers have launched denial of service attacks on startup tech firms, and demanded ransom for ceasing those attacks–payable in Bitcoins!

“To Instill Love of Bitcoin, Backers Work to Make It Safe” by Nicole Perlroth; The New York Times; 4/02/2014.

. . . Warren E. Buffett referred to the currency as a “mirage” in an interview last month and told people to “stay away.” Would-be adopters and investors have grown fearful as hackers develop new ways to steal Bitcoin and major Bitcoin exchanges shut down. . . .

. . . . Hackers have recently taken to mounting large scale denial-of-service attacks on tech startups–most recently, Meetup.org, a social meeting site; Vimeo, the video sharing service; and Basecamp, a project management software company–and demanding payments via Bitcoin as ransom to cease. . . .

4. Patrick Byrne, CEO of Overstock.com–the first retailer to accept Bitcoin as a payment vehicle–is a disciple of the Austrian school of economics. The Austrian school is a fundamental element of the Bitcoin milieu and is also central to the milieu of Edward Snowden and the “Paulistinian Libertarian Organization.”

“Meet Patrick Byrne: Bitcoin Messiah, CEO of Overstock, Scourge of Wall Street” by Cade Metz; Wired.com; 2/10/2014.

. . . . The problem with the modern economy, Byrne says, is that it rests on the whims of our government and our big banks, that each has the power to create money that’s backed by nothing but themselves. Thanks to what’s called fractional reserve banking, a bank can take in $10 in deposits, but then loan out $100. The government can make more dollars at any time, instantly reducing the currency’s value. Eventually, he says, laying down a classic libertarian metaphor, this “magic money tree” will come crashing down.

But bitcoin is different. It’s like online gold: The supply of the digital currency is controlled by software running across a worldwide network of computers, and its value is decided not by the feds or the big banks, but by the people. “It can make our country more robust,” says Byrne, a disciple of the Austrian school of economics, which holds that our economy should rest on the judgments of individuals, not a central authority. “We want a money that some government mandarin can’t just whisk into existence with a pen stroke.”

Zombies. Magic money trees. Mandarins. As Byrne admits, it’s a ten-dollar answer to my ten-cent question about his plans for the future of Overstock.com, and although I know the man well, I can’t help but wonder how much of this is just him calling attention to himself. But a week after this phone call, Byrne will make good on his promise, as Overstock becomes the first major online retailer to accept payments in bitcoin, letting you buy everything from patio furniture to smartphone cases with the fledgling digital currency. And the following month, during Overstock’s quarterly earnings call, he will reveal that he has personally converted millions of dollars into bitcoin. The Overstock CEO is placing more than one big bet on an unpredictable future, but Byrne has proven himself prescient before — about the internet and the media as well as the economy. . . .

5. Bitcoin is already demonstrating exactly the same concentration of wealth that plagues the very conventional economy it is supposed to replace. The difference is that bitcoin is already demonstrating a far more pronounced concentration than the conventional economy–the top one hundredth of one percent of bitcoin owners control 50% of the wealth.

“For­get the 1 Per­cent. In the Bit­coin world, Half the Wealth Belongs to the 0.1 Percent” by Brian Fung; The Wash­ing­ton Post; 3/3/2014.

The fall of Mt. Gox has a lot of peo­ple say­ing Bit­coin is dead. Yes, the Tokyo-based exchange may be gone, but the vir­tual cur­rency has much more than a sin­gle exchange (which wasn’t even the largest at the time that it col­lapsed). There’s still a great deal of roomfor Bit­coin to grow, par­tic­u­larly in the West: Mt. Gox’s col­lapse hasn’t done much to tem­per curios­ity among reg­u­la­tors and entre­pre­neurs.

Of course, the draw­back to con­sol­i­da­tion is that those ben­e­fits will be con­cen­trated in the hands of a rel­a­tive few. That dynamic is already play­ing out among indi­vid­ual hold­ers of Bit­coin, with a grow­ing gulf between the Bitcoin-rich and the Bitcoin-poor. Accord­ing to Risto Pietilä, a Finnnish entre­pre­neur, the over­whelm­ing share of Bit­coin wealth is held in just a few dozen wal­lets. Half of all bit­coins belong to around 927 “indi­vid­u­als.” If those fig­ures are right, then half of the world’s 12 mil­lion or so bit­coins is held by a tenth of a per­cent of all accounts. That’s a stun­ning state­ment of inequal­ity, since in the real world 46 per­cent of the world’s wealth belongs to 1 per­cent of the global pop­u­la­tionThe Bit­coin world, then, is even less equal than the real world.



5 comments for “FTR #785 Bit[coin]burg, Part 4: Fool’s Gold, Part 2”

  1. Someone discovered a new way to steal bitcoin using an pretty old trick:

    Pando Daily
    Hackers exploit major internet security hole to steal $83,000 in bitcoin from mining pools

    Michael Carney_PandoDaily By Michael Carney
    On August 8, 2014

    It’s reminiscent of a Hollywood thriller. Dell SecureWorks researchers have identified a massive hacking effort that redirected the Internet traffic of some 19 Internet Service Providers (ISPs) to steal tens of thousands of dollars in bitcoin from a handful of mining pools. The story, first reported by Wired, is sadly entirely non-fiction and the exploit that the hacker used is not some sophisticated new zero day attack, but rather one that security pros have been aware of for several decades.

    The source of the attack is unknown, but the central point of failure appears to be an as yet unnamed Canadian ISP that the thief used to broadcast spoofed commands and redirect traffic from more than a dozen other ISPs. The network targets included Amazon, as well as hosting services DigitalOcean and OVH, among others. But the real victims in this tale are the bitcoin mining pools that had their computational efforts co-opted and the proceeds of this labor rerouted to a private pool controlled by the hacker.

    Those most impacted by the attack were miners who left their rigs unattended for days or weeks at a time, making it less likely that they would notice missing payouts or any other signal that something was amiss. Then again, the attack could have been thwarted by the mining pool servers using the Secure Socket Layer (SSL) protocol, Dell argues.

    The hackers used an attack vector called a border gateway protocol, or BGP hijack in which the attacker alters the routing instructions that govern Internet traffic between networks. Security professionals first became aware of this exploit in 1998 and over the years have seen several examples of its impact.

    In 2008, in an attempt to censor objectionable YouTube traffic, Pakistan accidentally hijacked all of the world’s YouTube traffic through its servers. Later that year it was called “The Internet’s Biggest Security Hole” by a group of presenters at the famed DefCon security conference. Then in 2010 a few thousand bad IP addresses in China meant that China Telecom diverted 15 percent of all Internet traffic across its network for 18 minutes. And last year a portion of all US internet traffic was rerouted to Iceland and Belarus – according to some, by Chinese government agencies. Each of the above incidents was explained away as unintentional and determined to have resulted in no permanent impact. But they nonetheless mean we should have been more prepared for this type of attack.

    This latest BPG hijack scam was not so innocent. The attack is said to have grown to generate as much as $9,000 worth of bitcoin and other altcoins per day at its peak, amounting to a minimum of $83,000 between February and May 2014 – although the number could be larger as researchers only collected data on the attack for a portion of this time. Given the specificity of the attack, which was directed squarely at virtual currency mining pools, it was obviously not a mistake.

    “We’re going to see other events like this,” Dell’s Joe Stewart tells Wired. “It’s ripe for exploitation.” The SecureWorks report echoes this sentiment, stating, “Every network administrator should prepare for the risk of narrowly-focused, malicious BGP hijacking incidents.”

    Given the potential for harm, this attack was relatively small scale – although researchers acknowledge that there could have been more activity that they didn’t observe. But despite its modest impact, this is the latest in what is becoming a lengthy list of incidents that underscore the importance of developing a fix for BGP hijack attacks.

    Posted by Pterrafractyl | August 8, 2014, 12:53 pm
  2. Marc Andessesen has a new interview that contains his standard “Bitcoin will change everything!” mantra. Unfortunately, that’s not the only bad idea tucked away in that interview:

    Marc Andreessen on Finance: ‘We Can Reinvent the Entire Thing’
    By Anthony Effinger Oct 6, 2014 11:00 PM CT

    Twitter. Facebook. AirBnB. Marc Andreessen, co-founder of the $4.2 billion venture capital firm Andreessen Horowitz, has backed them all — along with dozens of others. His latest project? Upending finance. Bloomberg Markets magazine interviewed Andreessen at the firm’s headquarters in Menlo Park, California.

    Out With the Old

    “We have a chance to rebuild the system. Financial transactions are just numbers; it’s just information. You shouldn’t need 100,000 people and prime Manhattan real estate and giant data centers full of mainframe computers from the 1970s to give you the ability to do an online payment.

    ‘‘You would not today, starting from scratch, invent any of these financial businesses in the same way. To me, it’s all about unbundling the banks. There are regulatory arbitrage opportunities every step of the way. If the regulators are going to regulate banks, then you’ll have nonbank entities that spring up to do the things that banks can’t do. Bank regulation tends to backfire, and of late that means consumer lending is getting unbundled.”

    In With the New

    “We’re not going to go backward. When people start doing things a better way, it kind of doesn’t matter what the old way was. You can find people who will say that this is all just an arbitrage on the current trouble in the financial system, and I’m sure the big traditional banks will fight back and try to get things outlawed.

    ‘‘But think about the scenario of a loan officer talking to a prospective client. To software people, that looks like voodoo. The idea that you can sit across the table from somebody and get a read on their character is just nonsense.

    ‘‘Lots of industries are changing in a similar way. There’s been a qualitative approach, and now, there’s a quantitative approach. Everybody who grew up in the qualitative approach hates the quantitative approach and considers it a giant threat.”

    Big Data

    “There is a growing idea in Silicon Valley that there are sources of data on consumer behavior we can use to predict creditworthiness. These will be completely different than the traditional approach to credit ratings, which are tremendously imprecise and ‘laggy.’ PayPal can do a real-time credit score in milliseconds, based on your EBay (EBAY) purchase history — and it turns out that’s a better source of information than the stuff used to generate your FICO score.

    ‘‘The hypothesis is that there are many other similar sources of consumer data: credit card bills, social-network behavior, potentially even search history. Lots of people, both in the big Internet companies and at startups, are trying to get at these large pools of data and figure out new ways to do scoring. What they all have in common is that they are all being done outside of banks.

    ‘‘The minute any of these new credit vehicles can show any level of repeatability and reliability, the hedge funds come in and provide the funding. Hedge funds are very comfortable with analytic models. If you have sufficient stability, you can get leverage.’’

    Yes, in Andreessen’s future utopia, you’re social-network behavior and search history could be used to determine your credit. So be sure to behave online lil’ borrower. Behave.

    It was also a little amusing to see Andreessen say “You shouldn’t need 100,000 people and prime Manhattan real estate and giant data centers full of mainframe computers from the 1970s to give you the ability to do an online payment,” all things considered.

    Posted by Pterrafractyl | October 18, 2014, 2:19 pm
  3. Remember those Bitcoin malware apps of yesteryear that were secretly turning computers into Bitcoin miners? While annoying, it’s also the kind of malware that probably just slows your computer down a bit and costs a little extra in electricity. It could be worse. For instance, if your passkeys for Amazon’s cloud services are ever accidentally posted to a public code repository like GitHub, even if just for a few minutes, it could be a lot worse:

    The Register
    Dev put AWS keys on Github. Then BAD THINGS happened
    Fertile fields for Bitcoin yields – with a nasty financial sting

    6 Jan 2015 at 13:02, Darren Pauli

    Bots are crawling all over GitHub seeking secret keys, a developer served with a $2,375 Bitcoin mining bill found.

    DevFactor founder Andrew Hoffman said he used Figaro to secure Rails apps which published his Amazon S3 keys to his GitHub account.

    He noticed the blunder and pulled the keys within five minutes, but that was enough for a bot to pounce and spin up instances for Bitcoin mining.

    “When I woke up the next morning, I had four emails and a missed phone call from Amazon AWS – something about 140 servers running on my AWS account,” Hoffman said.

    “I only had S3 keys on my GitHub and they were gone within five minutes!”

    “As it turns out, through the S3 API you can actually spin up EC2 instances, and my key had been spotted by a bot that continually searches GitHub for API keys.”

    Amazon (he said) told him such bot exploits were increasingly common with hackers running algorithms to perpetually search for GitHub for API keys.

    “Once it finds one it spins up max instances of EC2 servers to farm itself Bitcoins,” he said.

    Amazon refunded his bill, as it had for others. In December 2013 hackers ran up a $3,493 Litecoin mining bill for developer Luke Chadwick.

    Well, at least Amazon was nice enough to refund the poor guy. It could be worse!

    It’s also too bad we don’t get to find out how many bitcoins actually got mined from that $2,375 worth of Amazon cloud computing power, although whatever it cost before it’s probably cheaper now. Why? The Bitcoin mining bubble appears to be in the process of bursting:

    The Wall Street Journal
    Money Beat
    BitBeat: Bitcoin’s Price, Mining Hashrate Reflect Unsynchronized Bubbles
    8:09 pm ET
    Jan 13, 2015

    By Michael J. Case

    Bitcoin Latest Price: $225.38 up 15.62% (via CoinDesk)

    Crossing Our Desk:

    –For the first BitBeat column of 2015, it’s sobering to report that bitcoin’s price is down almost 16% for the day and 30% from when we last published – this after a 67% decline in 2014.

    As we’ve argued elsewhere, we don’t think the price is a reasonable gauge of the prospects for cryptocurrency technology’s future, mostly because the currency itself is of secondary importance in many of that technology’s future applications. That said, there are some important questions about what the price decline means for that most vital of activities within the bitcoin ecosystem: mining.

    The profitability of mining, which is crucial to bitcoin because it is the means by which transactions are confirmed and new bitcoins are brought into being, is highly sensitive to bitcoin’s price in dollars. In theory, then, as that price falls, it should discourage new entrants into the business and encourage existing operators to leave.

    Despite this direct link, the sharp price decline of 2014 coincided with a remarkable 30-fold surge in the hashrate – the main measure of the size and power of the bitcoin mining network – which brought bitcoin’s aggregate computational power to a level 13,000 times that of the combined clout of the world’s 500 biggest supercomputers.

    Now, finally, the hashrate is falling amid signs that miners are turning off rigs. That in turn will have a counterbalancing effect because a lower hashrate means that bitcoin’s software adjusts down the in-built difficulty function that determines how much computational work, or hashing, a miner must undertake to solve the system’s key mathematical puzzle that earns rights to new bitcoins. A lower hashrate equals softer competitive pressure.

    But before we get to that it’s worth pondering why we saw last year’s counterintuitive hashrate increase.

    Firstly, let’s acknowledge that both the bitcoin price and mining network experienced extreme bubbles — the currency in 2013, mining last year. Each bubble fed off the other in powerful but different ways, but in the latter case with time delays reflected a classic failure of synchronization between financial markets, which react to news instantaneously, and contractually bound capital investments in land, plant and equipment, for which change occurs much more slowly. We see this now in the delays with which oil drillers are shutting down rigs even though crude oil’s 55% price decline from mid-2014 has rendered many unable to pay their debts.

    As bitcoin’s priced surged 8,000% to $1,100 in the 12 months to December 2013, mining investors saw a chance to get rich. They built out warehouse-based operations with rows and rows of fast-paced rigs that used ASIC (application specific integrated circuit) chips to launch the newest thing: cloud mining. This was a new service for small players to participate in the otherwise competitively difficult business of mining by buying contracts that give them shares in big, efficiently run facilities’ aggregate hashing power.

    Those contracts locked cloud mining companies into long-term customer commitments, as did their lease contracts with data centers and the purchase contracts they had with suppliers of ASIC chips and rigs. So through much of 2013 they kept building out facilities, even as the falling price of bitcoin meant that both the companies and their clients were losing money.

    Now this vicious cycle seems to be ending, mostly as cloud miners throw in the towel. On Monday, bitcoin mining and exchange provider CEX.IO said it would temporarily suspend cloud mining services, in part because of “the recent bitcoin price drop.” This among, other signs of trouble in cloud mining – notably at CoinTerra, which is now facing a lawsuit from the same datacenter provider and has been shut out of that facility — suggests the falling price has pushed the industry, finally, into a tipping point. As such, the hashrate appears not only to have stabilized but is falling..

    Keep in mind that, should the Bitcoin mining bubble truly be in the process of bursting, that’s still pretty big news. Pretty big and potentially profitable news…let the SEO profits flow!. So it could indeed be worse.

    It could also be a lot better.

    Posted by Pterrafractyl | January 13, 2015, 8:37 pm
  4. One of the most interesting phenomena about the whole bitcoin affair is the CULTISHNESS of its true believers. Religion is not too strong a term for the fanatics. I’ve noticed this in various threads I’ve read. This is separate from the more cynical money people behind it and hoping to profit off of it. I’m talking about the “cybergeek” types who see it as being about “overthrowing the man”.

    SFGATE changed its article on this, they previously had a still pic of an anarchist type with a pic of Ulbricht as “the Chosen One”. You can still a frame from this in the video at the bottom.


    Posted by Tiffany Sunderson | January 14, 2015, 11:44 am
  5. Check out a new application for cryptocurrency mining: carrying out a Stuxnet-like attack on critical infrastructure.

    For the first time ever, there’s now an example of the “cryptojacking” craze – malware spread over web browser that uses your computer’s resources to mine cryptocurrency – hitting the industrial control systems of a public utility. Specifically, a water utility in Europe. And it wasn’t ‘mining’ bitcoins. It was mining “monero” coins instead (which has to be a bit of let down for Bitcoin).

    The malware was designed to spread laterally within the network, allowing it to infect parts of the utility’s systems that aren’t normally exposed to the internet. And while it was designed to run in the background without using too much computing power to get notices, as the article notes, it’s entirely possible that this same malware attack could be used to cripple the system it infects. How so? By simply over-using the computer processors so heavily that they wear down and break.

    As the article also notes, there’s also the concern that industrial control systems require high processor availability, so anything that impacts that availability can cause serious safety concerns. In other words, the cryptocurrency mining wouldn’t necessarily have to break the computer processors to cause damage. It could merely clog the system and effectively break it at exactly the wrong time:


    Now Cryptojacking Threatens Critical Infrastructure, Too

    Lily Hay Newman
    02.12.18 12:09 pm

    The rise of cryptojacking—which co-opts your PC or mobile device to illicitly mine cryptocurrency when you visit an infected site—has fueled mining’s increasing appeal. But as attackers have expanded their tools to slyly outsource the number of devices, processing power, and electricity powering their mining operations, they’ve moved beyond the browser in potentially dangerous ways.

    On Thursday, the critical infrastructure security firm Radiflow announced that it had discovered cryptocurrency mining malware in the operational technology network (which does monitoring and control) of a water utility in Europe—the first known instance of mining malware being used against an industrial control system.

    Radiflow is still assessing the extent of the impact, but says that the attack had a “significant impact” on systems. The researchers note that the malware was built to run quietly in the background, using as much processing power as it could to mine the cryptocurrency Monero without overwhelming the system and creating obvious problems. The miner was also designed to detect and even disable security scanners and other defense tools that might flag it. Such a malware attack increases processor and network bandwidth usage, which can cause industrial control applications to hang, pause, and even crash—potentially degrading an operator’s ability to manage a plant.

    “I’m aware of the danger of [malware miners] being on industrial control systems though I’ve never seen one in the wild,” says Marco Cardacci, a consultant for the firm RedTeam Security, which specializes in industrial control. “The major concern is that industrial control systems require high processor availability, and any impact to that can cause serious safety concerns.”

    Low Key Mining

    Radiflow CEO Ilan Barda says the company had no idea it might discover a malicious miner when it installed intrusion detection products on the utility’s network, particularly on its inner network, which wouldn’t usually be exposed to the internet. “In this case their internal network had some restricted access to the internet for remote monitoring, and all of a sudden we started to see some of the servers communicating with multiple external IP addresses,” Barda says. “I don’t think this was a targeted attack, the attackers were just trying to look for unused processing power that they could use for their benefit.”

    Industrial plants may prove an enticing environment for malicious miners. Many don’t use a lot of processing power for baseline operations, but do draw a lot of electricity, making it relatively easy for mining malware to mask both its CPU and power consumption. And the inner networks of industrial control systems are known for running dated, unpatched software, since deploying new operating systems and updates can inadvertently destabilize crucial legacy platforms. These networks generally don’t access the public internet, though, and firewalls, tight access controls, and air gaps often provide additional security.

    Security specialists focused on industrial control, like the researchers at Radiflow, warn that the defenses of many systems still fall short, though.

    “I for one have seen a lot of poorly configured networks that have claimed to be air gapped but weren’t,” RedTeam Security’s Cardacci says. “I am by no means saying that air gaps don’t exist, but misconfigurations occur often enough. I could definitely see the malware penetrating crucial controllers.”

    With so much fallow processing power, hackers looking to mine—often with automated scanning tools—will happily exploit flaws in an industrial control system’s defenses if it means access to the CPUs. Technicians with an inside track may also yield to temptation; reports surfaced on Friday that a group of Russian scientists were recently arrested for allegedly using the supercomputer at a secret Russian research and nuclear warhead facility for Bitcoin mining.

    “The cryptocurrency craze is just everywhere,” says Jérôme Segura, lead malware intelligence analyst at the network defense firm Malwarebytes. “It’s really changed the dynamic for a lot of different things. A large amount of the malware we’ve been tracking has recently turned to do some mining, either as one module or completely changing attention. Rather than stealing credentials or working as ransomware, it’s doing mining.”

    Getting Serious

    Though in-browser cryptojacking was a novel development toward the end of 2017, malicious mining malware itself isn’t new. And more and more attacks are cropping up all the time. This weekend, for example, attackers compromised the popular web plugin Browsealoud, allowing them to steal mining power from users on thousands of mainstream websites, including those of United States federal courts system and the United Kingdom’s National Health Service.

    Radiflow’s Barda says that the mining malware infecting the water treatment plant, for instance, was designed to spread internally, moving laterally from the internet-connected remote monitoring server to others that weren’t meant to be exposed. “It just needs to find one weak spot even on a temporary basis and it will find the way to expand,” Barda says.

    Observers say it’s too soon to know for sure how widespread cryptojacking will become, especially given the volatility of cryptocurrency values. But they see malicious mining cropping up in critical infrastructure as a troubling sign. While cryptojacking malware isn’t designed to pose an existential threat—in the same way a parasite doesn’t want to kill its host—it still wears on and degrades processors over time. Recklessly aggressive mining malware has even been known to cause physical damage to infected devices like smartphones.

    It also seems at least possible that an attacker with goals more sinister than a quick financial gain could use mining malware to cause physical destruction to critical infrastructure controllers—a class of rare but burgeoning attacks.

    “We’ve seen this technique with ransomware like NotPetya where it’s been used as a decoy for a more dangerous attack,” Segura says. “Mining malware could be used in the same way to look financially motivated, but in fact the goal was to trigger something like the physical damage we saw with Stuxnet. If you run miners at 100 percent you can cause damage.”

    Such a calamitous attack remains hypothetical, and might not be practical. But experts urge industrial control plants to consistently audit and improve their security, and ensure that they’ve truly siloed internal networks, so there are no misconfigurations or flaws that attackers can exploit to gain access.

    “Many of these systems are not hardened and are not patched with the latest updates. And they must run 24/7, so recovery from crypto-mining, ransomware, and other malware threats is much more problematic in industrial control system networks,” says Jonathan Pollet, the founder of Red Tiger Security, which consults on cybersecurity issues for heavy industrial clients like power plants and natural gas utilities. “I hope this helps create a sense of urgency.”


    “Now Cryptojacking Threatens Critical Infrastructure, Too” by Lily Hay Newman; Wired; 02/12/2018

    “On Thursday, the critical infrastructure security firm Radiflow announced that it had discovered cryptocurrency mining malware in the operational technology network (which does monitoring and control) of a water utility in Europe—the first known instance of mining malware being used against an industrial control system.”

    The first known instance of mining malware being used against an industrial control system. Oh goodie. And note that, while the water utility doesn’t appear to have been crippled by the malware, it did reportedly have a “significant impact” on the utility’s systems:

    Radiflow is still assessing the extent of the impact, but says that the attack had a “significant impact” on systems. The researchers note that the malware was built to run quietly in the background, using as much processing power as it could to mine the cryptocurrency Monero without overwhelming the system and creating obvious problems. The miner was also designed to detect and even disable security scanners and other defense tools that might flag it. Such a malware attack increases processor and network bandwidth usage, which can cause industrial control applications to hang, pause, and even crash—potentially degrading an operator’s ability to manage a plant.

    And if that “significant impact” on the utilities system happened during a period when those processors were needed to, say, check the quality of the water, this unnamed European water utility could have had a serious safety issue on its hands:

    “I’m aware of the danger of [malware miners] being on industrial control systems though I’ve never seen one in the wild,” says Marco Cardacci, a consultant for the firm RedTeam Security, which specializes in industrial control. “The major concern is that industrial control systems require high processor availability, and any impact to that can cause serious safety concerns.”

    And that’s merely an example of how someone could accidentally cause a major incident with their cryptocurrency mining malware. But there’s nothing stopping intentional damage being done too. Because if the malware can get those processors to run at 100 percent (without getting caught) for a long enough time to actually damage them, this could effectively become a Stuxnet-like attack that does serious damage to a system:

    It also seems at least possible that an attacker with goals more sinister than a quick financial gain could use mining malware to cause physical destruction to critical infrastructure controllers—a class of rare but burgeoning attacks.

    “We’ve seen this technique with ransomware like NotPetya where it’s been used as a decoy for a more dangerous attack,” Segura says. “Mining malware could be used in the same way to look financially motivated, but in fact the goal was to trigger something like the physical damage we saw with Stuxnet. If you run miners at 100 percent you can cause damage.”

    So now the world has discovered that Stuxnet-like attacks can be carried out with cryptocurrency malware. And it’s the kind of attack that potentially provides a degree of plausible deniability. “We weren’t trying disable that nuke plant and trigger a meltdown. We just wanted to mine for coins! Honest!” That’s a thing now.

    Posted by Pterrafractyl | February 13, 2018, 4:23 pm

Post a comment