Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #785 Bit[coin]burg, Part 4: Fool’s Gold, Part 2

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained here. (The flash dri­ve includes the anti-fas­cist books avail­able on this site.)

Lis­ten: MP3

Side 1  Side 2

Intro­duc­tion: The fourth of our pro­grams about Bit­coin, this broad­cast fur­ther doc­u­ments the pre­dictable chaos and malfea­sance result­ing from a valu­able mon­e­tary enti­ty that is total­ly unreg­u­lat­ed and open to all of the vagueries and crim­i­nal­i­ty to which inter­net busi­ness is sub­ject. (The pre­vi­ous shows on the sub­ject are: FTR #‘s 760, 764, 770.)

After dis­cussing the sus­pi­cious death of Autumn Rad­ke, CEO of a Bit­coin start­up exchange, the broad­cast under­scores the ram­pant fraud and crim­i­nal behav­ior that char­ac­ter­izes every facet of the Bit­coin oper­a­tions and land­scape.

Much of the pro­gram focus­es on the col­lapse of the Mt. Gox exchange in Japan, one of the world’s largest Bit­coin mar­ket­places. Blamed ini­tial­ly on hack­ers, it may well be that the oper­a­tors of Mt. Gox were engaged in delib­er­ate malfea­sance, as were anony­mous hack­ers who called atten­tion to the sins of the com­pa­ny’s man­age­ment.

The glitch that appeared to have left Mt. Gox open to hack­ing has led to the tem­po­rary shut­down of the suc­ces­sor to the Silk Road site, as well as open­ing the way for “bots” to begin attack­ing the entire Bit­coin finan­cial land­scape!

In the past, we have dis­cussed the pro­found links between the advo­cates and users of Bit­coin and the Aus­tri­an school of eco­nom­ics. Those advo­cates include Patrick Byrne, the CEO of Overstock.com, the largest retail out­let to begin accept­ing Bit­coins as cur­ren­cy.

The pro­gram con­cludes with anoth­er look at the con­cen­tra­tion of eco­nom­ic own­er­ship affect­ing Bit­coin.

Pro­gram High­lights Include: Dis­cus­sion of the “trans­ac­tion mal­leabilty” that brought down Mt. Gox; the vacan­cy of lead­er­ship in the Bit­coin Foun­da­tion, due to the indict­ments and legal trou­bles of the top advo­cates and users of the trou­bled online cur­ren­cy; review of Silk Road and its crim­i­nal trans­ac­tions; the fact that the top .01 per­cent of Bit­coin own­ers con­trol %50 per­cent of Bit­coins; Mt. Gox’s claim that it “dis­cov­ered” rough­ly $16 mil­lion in Bit­coins in a wal­let that it had “for­got­ten about;” alle­ga­tions that Silk Road­’s admin­is­tra­tors actu­al­ly stole the miss­ing Bit­coins them­selves; the dis­cov­ery that the com­mu­ni­ca­tions from hack­ers alleg­ing that Mt. Gox’s admin­is­tra­tors were engaged in delib­er­ate theft con­tained mal­ware per­mit­ting the theft of Bit­coins from any­one open­ing the files about the firms alleged malfea­sance; hack­ers’ denial of ser­vice attacks on start­up tech com­pa­nies, demand­ing Bit­coins in ran­som in exchange for ceas­ing the attacks.

1a. At the con­clu­sion of FTR #772, we wry­ly sug­gest­ed that, with the epi­dem­ic of sus­pi­cious deaths plagu­ing the finan­cial indus­try of late, Bit­coin enthu­si­asts should devel­op their own online cur­ren­cy for mur­der­ing each oth­er, named “Hit­coin.” Per­haps that sug­ges­tion is not as remote as it might appear to be at first glance.

“Head of Online Cur­rency Exchange Found Dead in Sin­ga­pore” by Javier E. David; NBC News; 3/5/2014.

Autumn Radtke, the CEO of an upstart online cur­ren­cy exchange, died last week under mys­te­ri­ous cir­cum­stances at her home in Sin­ga­pore.

Radtke, the U.S.-born head of First Meta, was found dead by local police Feb. 28, with the cause of death yet to be deter­mined. In a state­ment on its web­site, First Meta said the com­pany “was shocked and sad­dened by the trag­ic loss of our friend and CEO Autumn Radtke.”

In an inter­view with The Wall Street Jour­nalthe company’s direc­tor and nonex­ec­u­tive chair­man, Dou­glas Abrams, said the exact cause of Radtke’s death was “still under inves­ti­ga­tion.”

Pri­or to tak­ing the reins at First Meta in 2012, the 28-year-old Radtke had once close­ly worked with tech­nol­ogy giant Apple, to bring cloud-com­put­ing soft­ware to Johns Hop­kins Uni­ver­sity, Los Alam­os Labs and the Aero­space Corp., accord­ing to her biog­ra­phy. She then took up busi­ness devel­op­ment roles at tech start-ups Xfire and Geo­delic Sys­tems, accord­ing to infor­ma­tion on her LinkedIn pro­file.

First Meta bills itself as a clear­ing­house for the pur­chase and exchange of vir­tual cur­ren­cies, includ­ing bit­coin.

Her death comes as trou­bles swirl around the nascent cryp­tocur­rency indus­try, and amid a rash of sui­cides in the finan­cial indus­try as a whole.

Last week, the world’s largest bit­coin exchange, Mt.Gox, implod­ed; mean­while, near­ly $500 mil­lion in client funds van­ished overnight. Else­where, untime­ly demis­es unre­lated to bit­coin have claimed the lives of bankers at JPMor­gan, Deutsche Bank and Zurich Insur­ance Group.

1b. Encom­pass­ing all of the fol­ly and delib­er­ate malfea­sance that char­ac­ter­izes Bit­coin, the Bit­coin Foun­da­tion has found itself lead­er­s­less, in the wake of the arrests of key play­ers in the bit­coin milieu.

“Lead­er­less: Bit­coin Foun­da­tion Plagued by Alle­ga­tions of Self-Deal­ing and Embez­zle­ment” by Michael Carn; Pan­do Dai­ly; 3/27/2014.

What’s the role of an indus­try trade group and how much author­ity should com­pa­nies place in the hands of these unof­fi­cial lead­ers?

That’s the ques­tion much of the bit­coin com­mu­nity is ask­ing at the moment as the Bit­coin Foun­da­tion, the industry’s unof­fi­cial cus­to­dian and mouth­piece, faces alle­ga­tions of self-deal­ing and embez­zle­ment.

Accord­ing to the Foundation’s own web­site, it exists to “stan­dard­ize, pro­tect, and pro­mote the use of Bit­coin cryp­to­graphic mon­ey for the ben­e­fit of users world­wide.” Sev­eral hun­dred bit­coin com­pa­nies are mem­bers of the Foun­da­tion and have donat­ed heav­ily to fund its oper­a­tions. The orga­ni­za­tion is led by a board of promi­nent cryp­to-cur­ren­cy entre­pre­neurs, investors, jour­nal­ists, and aca­d­e­mics, chiefly its Chair­man, Coin­Lab founder Peter Vessenes who has been the sub­ject of the most skep­ti­cism and scruti­ny.

The spot­light was first shone on the Foundation’s lead­er­ship by con­tro­ver­sial bit­coin blog­ger Ryan Selkis, aka the Two-Bit Idiot. On March 2nd, fol­low­ing the unrav­el­ing of Mt. Gox, Selkis wrote that Vessenes and Exec­u­tive Direc­tor Jon Mato­nis would be step­ping down pri­or to the con­clu­sion of their cur­rent terms, “[seem­ingly rec­og­niz­ing] the need for the Foun­da­tion to clean house in order to revi­tal­ize its image in the com­ing months.” Days lat­er, when forced to retract that pre­dic­tion, Selkis began an aggres­sive, and occa­sion­ally man­ic cam­paign call­ing for their imme­di­ate ouster due to a fail­ure of lead­er­ship.

At his most livid, Selkis called the cur­rent board “ille­git­i­mate” and demand­ed senior lead­ers across the bit­coin ecosys­tem stage a coup or kill the Foun­da­tion alto­gether – a posi­tion from which he lat­er backed down, but not before writ­ing:

Peter Vessenes and Jon Mato­nis are not scape­goats. They are not inno­cent bystanders. And they are not eth­i­cally enti­tled to remain in their board seats through lat­er this year.

Selkis then promised to reveal “damn­ing facts” if his demands were not met, includ­ing the those relat­ing to: the Foun­da­tion ignor­ing warn­ing signs of Mt. Gox’s fail­ure as ear­ly as April 2013; Foun­da­tion direc­tors exploit­ing their posi­tions to with­draw funds from a fail­ing Gox while the gen­eral pub­lic was los­ing their shirts; and con­flicts of inter­est between director’s roles with­in the foun­da­tion and their per­sonal bit­coin busi­ness­es.

After a sev­eral days of self-described back­lash from the bit­coin com­mu­nity, Selkis issued a con­ces­sion and nev­er pub­lished those damn­ing facts – despite main­tain­ing that his accu­sa­tions were “100% truth­ful.”

Selkis’ light­ning-rod sta­tus can­not be denied and has made it easy for many to write off his claims as those of a man seek­ing atten­tion – he’s acknowl­edged on mul­ti­ple occa­sions plans to write a book about bitcoin’s recent scan­dals – and also hop­ing to enrich his own bit­coin insur­ance start­up through spread­ing fear. But it bears not­ing that for all his blus­ter, Selkis has also been the source of a num­ber of accu­rate and impact­ful break­ing news sto­ries, not the least of which was pub­lish­ing Mt. Gox’s Cri­sis Strat­egy doc­u­ments ahead of its even­tual bank­rupt­cy.

Now, how­ever, it’s not just Selkis who’s beat­ing the drum for changes atop the Bit­coin Foun­da­tion. Blockchain.info CSO Andreas Antonopou­los, who’s is held as close to a deity as any­one with­in the bit­coin com­mu­nity – a list on Red­dit once ranked him below Satoshi Nakamo­to but above Moth­er Tere­sa and Jesus – has also called for lead­er­ship change. Speak­ing on the Lets Talk Bit­coin pod­cast yes­ter­day, Antonopou­los called the Foun­da­tion “rot­ten from the top” and said that he wouldn’t be sur­prised to see it implode due to embez­zle­ment:

They cer­tainly have received many funds. Where are those funds, who con­trols those funds, when were they last audit­ed, are they actu­ally sol­vent, or have all of those funds dis­ap­peared into a big black hole? Just remem­ber who was in the lead­er­ship until recent­ly, who is in lead­er­ship today, and what their track record with ethics has been.

And, I would sug­gest that I would be not sur­prised at all if the foun­da­tion implodes in a giant embez­zle­ment prob­lem some­time down the line or funds get stolen – with­in quotes or not with­in quotes – some­thing like that. It’s bound to hap­pen because these things hap­pen not because of tech­ni­cal fail­ures, they don’t hap­pen because of bad actors, they hap­pen because of fail­ures of lead­er­ship. And the foun­da­tion is the very def­i­n­i­tion of a fail­ure of lead­er­ship.

Those are incred­i­bly strong words and not the kind of accu­sa­tions to be tak­en light­ly. It bears not­ing that Antonopou­los didn’t sug­gest any direct knowl­edge of embez­zle­ment or crim­i­nal wrong­do­ing, nor did he pro­vide any evi­dence to that effect. He sim­ply said that he views it as inevitable due to the char­ac­ter and com­pe­tence of the Foundation’s lead­er­ship – lead­er­ship that until recent­ly includ­ed Mark Karpe­les, the CEO who led Mt. Gox into bank­ruptcy, and Char­lie Shrem, the bit­coin entre­pre­neur recent­ly charged with mon­ey laun­der­ing, among oth­er offens­es. Antonopou­los’ state­ments are com­pli­cated by the fact that he is a vol­un­teer mem­ber of a Bit­coin Foun­da­tion work­ing group, a fact that he acknowl­edges with­in the pod­cast.

So where does this leave the Bit­coin Foun­da­tion, it’s cur­rent lead­er­ship, and the entire­ty of the bit­coin com­mu­nity as it fights for cred­i­bil­ity and legit­i­macy among reg­u­la­tors, investors, mer­chants, and every­day con­sumers?


2a. A soft­ware glitch that has per­mit­ted the loot­ing of bit­coins has claimed the new Silk Road site as one of its vic­tims. Cor­rec­tion: The Silk Road 2.0 shut­down was described as tem­po­rary. We are not aware of whether or not it has reopened.

“Drug Site Silk Road Wiped Out by Bit­coin Glitchby Jose Pagliery; CNN­Money; 2/14/2014.

. . . The revived online black mar­ket Silk Road says hack­ers took advan­tage of an ongo­ing Bit­coin glitch to steal $2.7 mil­lion from its cus­tomers.

The under­ground website’s anony­mous admin­is­tra­tor told users Thurs­day evening that attack­ers had made off with all of the funds it held in escrow. Silk Road serves as a mid­dle­man between buy­ers and sell­ers, tem­porar­ily hold­ing on to funds in its own accounts dur­ing a deal. Buy­ers put their mon­ey into Silk Road’s accounts, and sell­ers with­draw it.

At the time of the attack, here were about 4,440 bit­coins in Silk Road’s escrow account, accord­ing to com­puter secu­rity researcher Nicholas Weaver.

The news has shak­en con­fi­dence in Bit­coin. Prices dropped sharply overnight, though they’ve since bounced back to about $660.

Silk Road can only be accessed on the deep Web using Tor, a spe­cial pro­gram that hides your phys­i­cal loca­tion. The FBI shut down Silk Road and arrest­ed its alleged founder in Octo­ber, but short­ly there­after, tech-savvy out­laws start­ed Silk Road 2.0 in its place.

It is pri­mar­ily used to buy and sell drugs. Bit­coins are the only kind of cur­rency accept­ed on the site, because they are trad­ed elec­tron­i­cally and are dif­fi­cult to trace to indi­vid­u­als. But Bit­coin accounts also lack pro­tec­tions that most bank accounts have, includ­ing gov­ern­ment-backed insur­ance.

That means the bit­coins stolen from the Silk Road users are gone for­ev­er.

The new site’s admin­is­tra­tor, a face­less per­sona known only as Def­con, post­ed a nerve-rack­ing mes­sage Thurs­day night that began with, “I am sweat­ing as I write this.”

He said hack­ers took advan­tage of the same flaw in Bit­coin that knocked major exchanges Bit­stamp and Mt.Gox offline over the past two weeks. That glitch allowed Silk Road hack­ers to repeat­edly with­draw bit­coins from the site’s accounts until they were emp­ty.

In detail­ing the alleged hack, Def­con list­ed the online iden­ti­ties of the three sup­posed attack­ers and shared records of the trans­ac­tions. And in an exam­ple of the kind of dark, dan­ger­ous world of ille­gal drug trade, Def­con called on the pub­lic to “stop at noth­ing to bring this per­son to your own def­i­n­i­tion of jus­tice.”

“I failed you as a leader and am com­pletely dev­as­tated by today’s dis­cov­er­ies,” Def­con wrote, adding that the web­site should have fol­lowed the approach of oth­er major Bit­coin exchanges and halt­ed with­drawals due to the Bit­coin sys­tem flaw. Silk Road has since tem­porar­ily shut down.

Many have accused the site’s admin­is­tra­tors of fak­ing the hack and steal­ing the mon­ey them­selves. But in a world where drugs are out­right ille­gal — and there’s lit­tle to no reg­u­la­tion of Bit­coin trans­ac­tions — it’s dif­fi­cult to prove any­thing.

It’s just his kind of bad news that smears Bitcoin’s cred­i­bil­ity and keeps the cur­rency from going main­stream.


2b. Bit­coin exchanges are now suf­fer­ing a mas­sive denial-of-ser­vice attack, but with a twist: Someone’s bot­net is apply­ing the same “trans­ac­tion mal­leabil­ity” tech­nique that brought down MtGox, but instead of just hit­ting MtGox this bot net­work is mal­form­ing all sorts of bit­coin trans­ac­tions simul­ta­ne­ously! As a con­se­quence, we’re learn­ing that it wasn’t just MtGox that need­ed to update their soft­ware:

“Bit­coin Exchanges Under ‘Mas­sive and Con­certed Attack’” by Emi­ly Spaven; Coin­Desk; 2/11/2014.

A “mas­sive and con­certed attack” has been launched by a bot sys­tem on numer­ous bit­coin exchanges, Andreas Antonopou­los has revealed.

This has lead to pop­u­lar exchange Bit­stamp putting a tem­po­rary halt on all bit­coin with­drawals, and BTC‑e announc­ing pos­si­ble delays on trans­ac­tion cred­it­ing.

Antonopou­los, who is the chief secu­rity offi­cer of Blockchain.info, said a DDoS attack is tak­ing Bitcoin’s trans­ac­tion mal­leabil­ity prob­lem and apply­ing it to many trans­ac­tions in the net­work, simul­ta­ne­ous­ly.

“So as trans­ac­tions are being cre­ated, malformed/parallel trans­ac­tions are also being cre­ated so as to cre­ate a fog of con­fu­sion over the entire net­work, which then affects almost every sin­gle imple­men­ta­tion out there,” he added.

Antonopou­los went on to say that Blockchain.info’s imple­men­ta­tion is not affect­ed, but some exchanges have been affect­ed – their inter­nal account­ing sys­tems are grad­u­ally going out of sync with the net­work.

He empha­sised that this isn’t affect­ing with­drawals, because most exchanges are not pro­cess­ing them auto­mat­i­cal­ly.

Mt. Gox is the exchange that has suf­fered the most over the past few days, due to a num­ber of fac­tors, said Antonopou­los. One prob­lem is that it was using a cus­tom client (not the core Bit­coin soft­ware), on top of that there is the DDoS attack, plus it was using an auto­mated sys­tem to approve with­drawals.

“This is not hap­pen­ing to oth­er exchanges because they’re not stu­pid enough to issue with­drawals with­out check­ing them out first,” he explained.

Antonopou­los said we will see a few exchanges sus­pend with­drawals tem­porar­ily while they re-work their account­ing sys­tems to ensure they are not con­fused by the attack.

“It’s impor­tant to note no funds have been lost. With­drawals have been halt­ed to pre­vent funds from being lost or to pre­vent the bal­ances from going out of sync,” he stressed.

Indus­try action

An indus­try-wide coor­di­nated response has been put into action, with exchanges and core devel­op­ers col­lab­o­rat­ing active­ly to attack the prob­lem from mul­ti­ple angles.

Var­i­ous oth­er groups with­in the ecosys­tem, includ­ing the big min­ing pools, are work­ing to stop the issue from prop­a­gat­ing across the net­work.


Bit­coin devel­oper Jeff Garzik said the core bit­coin block chain con­sen­sus mech­a­nism and pay­ment sys­tem are con­tin­u­ing to work as before, and are not direct­ly impact­ed by trans­ac­tion mal­leabil­i­ty.

He added: “Web wal­lets and oth­er ser­vices that build ser­vices on top of bit­coin are report­ing prob­lems sim­i­lar to MtGox, and are tak­ing safe­ty mea­sures to ensure no fund loss, dur­ing this net­work dis­rup­tion.

“Yesterday’s state­ment must be revised: we will like­ly issue an update fix­ing two edge cas­es exposed by this attack.”

Bit­stamp has issued a state­ment explain­ing that it has tem­porar­ily halt­ed BTC with­drawals. It begins:

Bitstamp’s exchange soft­ware is extreme­ly cau­tious con­cern­ing Bit­coin trans­ac­tions. Cur­rently it has sus­pended pro­cess­ing Bit­coin with­drawals due to incon­sis­tent results report­ed by our bit­coind wal­let, caused by a denial-of-ser­vice attack using trans­ac­tion mal­leabil­ity to tem­porar­ily dis­rupt bal­ance check­ing. As such, Bit­coin with­drawal pro­cess­ing will be sus­pended tem­porar­ily until a soft­ware fix is issued.

The state­ment goes on to reveal that no funds have been lost, nor are any at risk.


Don’t pan­ic

Antonopou­los was keen to stress that, although this is a seri­ous attack, it doesn’t spell the end of bit­coin. He believes the DDoS attack will be “thwart­ed” and exchanges will be run­ning as usu­al by Fri­day.

“I expect things will go back to nor­mal and the hon­ey bad­ger of mon­ey can con­tinue show­ing its resilience,” he said.

“The death of bit­coin has been pre­ma­turely announced so many times already that the obvi­ous con­clu­sion is that bit­coin is far more resilient than its crit­ics would like to think. I am con­fi­dent that in a few days, those who pre­dicted the death of bit­coin will once again be proven wrong,” Antonopou­los con­clud­ed.

3a. One of the most promi­nent of the Bit­coin exchanges has gone down, amid claims of theft of $365 mil­lion worth of Bit­coins.

“Mt. Gox Bit­coin Exchange Down Amid $365 Mil­lion Theft Claim” by Carter Dougher­ty and Pavel Alpeyev; Bloomberg News; 2/25/2014.

Mt. Gox, the Tokyo-based Bit­coin exchange that halt­ed with­drawals this month, went offline as a doc­u­ment sur­faced alleg­ing long-term theft of about $365 mil­lion in the dig­i­tal cur­ren­cy.

A doc­u­ment post­ed online that appeared to be an inter­nal strat­egy paper said uniden­ti­fied thieves stole 744,408 Bit­coins from the exchange — about $365 mil­lion at cur­rent rates — and that the theft “went unno­ticed for sev­eral years.”

“The real­ity is that Mt. Gox can go bank­rupt at any moment, and cer­tainly deserves to as a com­pany,” accord­ing to the doc­u­ment.

The doc­u­ment, which out­lines plans for lead­er­ship changes, re-brand­ing and a pos­si­ble move to Sin­ga­pore, was post­ed online by blog­ger Ryan Galt. A per­son briefed on the sit­u­a­tion at Mt. Gox, who asked to remain anony­mous because the doc­u­ment is pri­vate, said he believed it is authen­tic.

Bit­coin fell 5 per­cent to $517.71 at 4:48 p.m. Lon­don time, accord­ing to the Coin­Desk Bit­coin Price Index, which aver­ages exchange prices. That’s down from as high as $1,151 on Dec. 4.

Mt. Gox went offline to “pro­tect the site and our users,” accord­ing to a state­ment on its web­site. “We will be close­ly mon­i­tor­ing the sit­u­a­tion and will react accord­ingly,” it added.

‘Trag­ic Vio­la­tion’

A group of Bit­coin-relat­ed com­pa­nies sought to dis­tance them­selves from Mt. Gox, and promised to pro­tect cus­tomer funds to pro­mote usage of the cur­ren­cy.

“This trag­ic vio­la­tion of the trust of users of Mt. Gox was the result of one company’s actions and does not reflect the resilience or val­ue of Bit­coin and the dig­i­tal cur­rency indus­try,” San Fran­cis­co-based Coin­base said in a joint state­ment on its web­site with Krak­en, Bit­Stamp, Cir­cle and BTC Chi­na, oth­er promi­nent Bit­coin com­pa­nies.

Is Bit­coin Real Mon­ey?

“As with any new indus­try, there are cer­tain bad actors that need to be weed­ed out, and that is what we are see­ing today,” the com­pa­nies said in the state­ment.

Efforts to reach the http://www.mtgox.com web­site ear­lier today direct­ed users to a blank white page, a day after Mt. Gox Chief Exec­u­tive Offi­cer­Mark Karpe­les resigned from the Bit­coin Foun­da­tion, an advo­cacy group for the dig­i­tal mon­ey. At one point today, the site read “put announce for mtgox acq here.”
‘Alleged Insol­ven­cy’

“We are shocked to learn about Mt. Gox’s alleged insol­vency,” the foun­da­tion said in an e‑mailed state­ment.

Bit­coin was intro­duced in 2008 by a pro­gram­mer or group of pro­gram­mers under the name Satoshi Nakamo­to and has since gained trac­tion with mer­chants around the world. The dig­i­tal mon­ey, based on a peer-to-peer soft­ware pro­to­col, has no cen­tral issu­ing author­ity, and uses a pub­lic ledger to ver­ify trans­ac­tions while pre­serv­ing users’ anonymi­ty.

The Bit­coin Foun­da­tion said that, despite the trou­bles at Mt. Gox, the Bit­coin pro­to­col was func­tion­ing nor­mally. In recent days, Mt. Gox had stopped with­drawals, cit­ing an alleged flaw in the pro­to­col.

Since at least 2011, enthu­si­asts have been trad­ing Bit­coins for dol­lars and oth­er tra­di­tional cur­ren­cies, and in ear­ly 2013 Mt. Gox was one of the biggest exchanges. Mt. Gox said this month that it iden­ti­fied a bug that enables peo­ple to with­draw the same Bit­coins more than once, leav­ing it vul­ner­a­ble to hack­ers.

Prices quot­ed on the exchange plunged on spec­u­la­tion that account hold­ers wouldn’t be able to get their coins back.

The trou­bles at Mt. Gox are the lat­est set­back for Bit­coin after author­i­ties in Rus­sia, Chi­na and Israel sought to restrict the dig­i­tal mon­ey, while the U.S. seeks ways to pre­vent mon­ey-laun­der­ing and illic­it sales with­out killing the new tech­nol­o­gy.

3b. Where­as the fail­ure of Mt. Gox was blamed on the same soft­ware glitch that has sub­vert­ed both “legit­i­mate” and under­ground Bit­coin mar­kets, hack­ers asso­ci­at­ed with Bit­coin are claim­ing delib­er­ate malfea­sance on the part of the Mt. Gox oper­a­tors.

“Hack­ers Hit Mt. Gox Exchange’s CEO, Claim to Pub­lish Evi­dence of Fraud” by Andy Green­berg; Forbes; 3/9/2014. 

The Bit­coin com­mu­ni­ty has been angri­ly press­ing for details on what the Bit­coin exchange Mt. Gox has described as a mas­sive hack­er attack that stole hun­dreds of mil­lions of dol­lars worth of its users’ bit­coins and left the com­pa­ny bank­rupt. Mt. Gox’s staff isn’t talk­ing. So anoth­er group of hack­ers say they’ve bro­ken into the company’s servers to pro­vide answers of their own.

On Sun­day, hack­ers took over the Red­dit account and per­son­al blog of Mark Karpe­les, Mt. Gox’s CEO, to post an angry screed alleg­ing that the exchange he ran had actu­al­ly kept at least some of the bit­coins that the com­pa­ny had said were stolen from users. “It’s time that MTGOX got the bit­coin com­mu­ni­ties wrath instead of [the] Bit­coin Com­mu­ni­ty get­ting Goxed,” wrote the uniden­ti­fied hack­ers, refer­ring to the mul­ti­ple occa­sions over its three year his­to­ry when Mt. Gox has gone offline, delayed trades or sus­pend­ed with­drawals, events so com­mon that Bit­coin users coined the phrase to be “goxed”–to suf­fer from Mt. Gox’s tech­ni­cal glitch­es.

The hack­ers also post­ed a 716 megabyte file to Karpe­les’ per­son­al web­site that they said com­prised stolen data from Mt. Gox’s servers. It appears to include an Excel spread­sheet of over a mil­lion trades, a file that pur­ports to show the company’s bal­ances in eigh­teen dif­fer­ence cur­ren­cies, the back­of­fice appli­ca­tion for some sort of admin­is­tra­tive access to the data­bas­es of Mt. Gox’s par­ent com­pa­ny Tibanne Lim­it­ed, a screen­shot of the hack­ers’ access to those data­bas­es, a list of Mark Karpe­les’ home address­es and Karpe­les’ per­son­al CV.

A screen­shot post­ed by Mt. Gox’s hack­ers, seem­ing to show admin­is­tra­tive access to the company’s data­base of trades.

Update: Users on Red­dit are warn­ing that the hack­ers’ files may con­tain mal­ware designed to steal bit­coins. Oth­er Red­dit users have con­firmed that they found their own account his­to­ry in the data, indi­cat­ing that it’s not fake. But for secu­ri­ty rea­sons, I don’t rec­om­mend any­one down­load the col­lec­tion of hacked files.

In the hack­ers’ sum­ma­ry of Mt. Gox’s bal­ances in var­i­ous cur­ren­cies, they point to a claimed bal­ance of 951,116 bit­coins, which they take as evi­dence that Mark Karpe­les’ claim to have lost users’ dig­i­tal cur­ren­cy to hack­ers is fraud­u­lent. “That fat fuck has been lying!!” a note in the file reads.

I’ve reached out to Karpe­les for com­ment, but haven’t yet heard back from him. Mt. Gox’s embat­tled chief exec­u­tive has remained almost entire­ly mum as his com­pa­ny has implod­ed over the last weeks.

In a pos­si­bly relat­ed inci­dent, a user on the Bit­coinTalk forum post­ed a message–since delet­ed by the forum’s moderators–claiming to be offer­ing for sale a 20 giga­byte stolen data­base from Mt. Gox, includ­ing the per­son­al details of all its users and even scans of their pass­ports. “This doc­u­ment will nev­er be else­where pub­lished by us,” wrote the user, who went by the name nanashi____. “Sell­ing it one or two times to make up per­son­al los­es from gox clo­sure.” The hack­er asked for a price of 100 bit­coins for the data­base, about $63,600 at cur­rent exchange rates.

‘I’ve reached out to nanashi____ via an email address he or she pro­vid­ed, and I’ll update this post if I hear back.
I couldn’t ver­i­fy that Sunday’s data­base dump was real, or that it showed any of the “lying” that the hack­ers claimed. In fact, it may sim­ply show how Mt. Gox’s account­ing mis­matched with its actu­al store of Bitcoins–that it was count­ing bit­coins as being safe in its cof­fers when they had already been stolen by thieves.

But as Bit­coin experts pore over the hacked files, they may yet offer clues to the mys­tery around Mt. Gox’s fate. The Bit­coin com­mu­ni­ty has been puz­zled by the appar­ent lack of move­ment of Mt. Gox’s bit­coins since the com­pa­ny declared bank­rupt­cy last month. Despite stat­ing that it lost 850,000 bit­coins in total in its bank­rupt­cy fil­ing, Bit­coin experts haven’t seen the move­ment of those coins in the Bit­coin blockchain, the pub­lic ledger of trans­ac­tions that pre­vents fraud and forgery in the Bit­coin econ­o­my.

Mod­er­a­tors on the Bit­coin sub­fo­rum on Red­dit delet­ed the hack­ers’ post a few hours after it first appeared, stat­ing that post­ing stolen con­tent vio­lat­ed the forum’s eti­quette rules. But users on the forum didn’t hes­i­tate to draw their own con­clu­sions: the top post on the forum Sun­day after­noon read “Mt. Gox scam was just exposed — MK [Mark Karpe­les] offi­cial­ly stole our funds.”

“We’ve been goxed!” it added.

3c. The ques­tion sug­gests itself as to just “who’s zoom­ing who” with regard to the Mt. Gox fail­ure. It may well be that the entire leak of Mt. Gox records “leaked” by hack­ers may have been a gam­bit to steal Bit­coins. The leak con­tains mal­ware that search­es for, and steals, Bit­coin wal­lets! “. . . . It seems that the whole leak was invent­ed to infect com­put­ers with Bit­coin-steal­er mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox top­ic,” Lozhkin said. . . .”

“Bit­coin-Steal­ing Mal­ware Hid­den in Mt. Gox Data Dump, Researcher Saysby Lucian Con­stan­tin; PC World; 3/17/2014.

An archive con­tain­ing trans­ac­tion records from Mt. Gox that was released on the Inter­net last week by the hack­ers who com­pro­mised the blog of Mt. Gox CEO Mark Karpe­les also con­tains bit­coin-steal­ing mal­ware for Win­dows and Mac.

Secu­rity researchers from antivirus firm Kasper­sky Lab ana­lyzed the 620MB file called MtGox2014Leak.zip and con­cluded that in addi­tion to var­i­ous Mt. Gox-relat­ed doc­u­ments and data, it con­tains mali­cious bina­ry files.

The files mas­quer­ade as Win­dows and Mac ver­sions of a cus­tom, back-office appli­ca­tion for access­ing the trans­ac­tion data­base of Mt. Gox, a large bit­coin exchange that filed for bank­ruptcy in Japan in late Feb­ru­ary after claim­ing it had lost about 850,000 bit­coins to cyber thieves.

How­ever, they are actu­ally mal­ware pro­grams designed to search and steal Bit­coin wal­let files from com­put­ers, Kasper­sky secu­rity researcher Sergey Lozhkin said Fri­day in a blog post.

Both the Win­dows and Mac bina­ries are writ­ten in Live­Code, a pro­gram­ming lan­guage for devel­op­ing cross-plat­form appli­ca­tions.

When exe­cuted, they dis­play a graph­i­cal inter­face for what appears to be a Mt. Gox data­base access tool. How­ever, in the back­ground they launch a process—TibanneSocket.exe on Windows—that search­es for bitcoin.conf and wallet.dat files on the user’s com­puter, accord­ing to Lozhkin. “The lat­ter is a crit­i­cal data file for a Bit­coin cryp­to-cur­ren­cy user: if it is kept unen­crypted and is stolen, cyber­crim­i­nals will gain access to all bit­coins the user has in his pos­ses­sion for that spe­cific account.”

The mal­ware, which Kasper­sky has named Trojan.Win32.CoinStealer.i (the Win­dows ver­sion) and Trojan.OSX.Coinstealer.a (the Mac ver­sion), uploads the stolen Bit­coin wal­let files to a remote serv­er that used to be locat­ed in Bul­garia, but is now offline.

“It seems that the whole leak was invent­ed to infect com­put­ers with Bit­coin-steal­er mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox top­ic,” Lozhkin said.

“Mal­ware cre­ators often using social engi­neer­ing tricks and hot dis­cus­sion top­ics to spread mal­ware, and this is great exam­ple of an attack on a focused tar­get audi­ence,” he said.


3d. Some­thing that belongs in the “The dog ate my home­work!” cat­e­go­ry: Mt. Gox claims that it found 200,000 Bit­coins in a “for­got­ten” dig­i­tal wal­let, worth $116 at cur­rent prices! If you believe that, we’ve got a great deal on the Brook­lyn Bridge, payable only in Bit­coins! “The dog ate my Bit­coins!”

“Mt.Gox Finds 200,000 Bit­coins in Old Wal­let” by Charles Riley; CNN­Money; 3/21/2014.

Embat­tled exchange Mt.Gox said Fri­day that it has found 200,000 bit­coins in a “for­got­ten” dig­i­tal wal­let — a haul worth $116 mil­lion at cur­rent prices.

Mt.Gox CEO Mark Karpe­les said in a state­ment that the bit­coins had been uncov­ered in an old-for­mat wal­let that was thought to be emp­ty. Bit­coin wal­lets allow users to store the dig­i­tal cur­rency and exe­cute trans­ac­tions.

“On March 7, 2014, Mt.Gox Co., Ltd. con­firmed that an old-for­mat wal­let which was used pri­or to June 2011 held a bal­ance of approx­i­mately 200,000 BTC,” the state­ment said.

Karpe­les said that the dis­cov­ery was report­ed to lawyers on March 8. The bit­coins were lat­er moved to “offline” wal­lets.

Mt.Gox was one of the world’s largest Bit­coin exchanges until last month, when it stopped investors from with­draw­ing mon­ey and blamed the dis­rup­tion on tech­ni­cal issues and cyber attacks.

The Japan-based com­pany then filed for bank­ruptcy in Tokyo and the U.S., with debts total­ing $64 mil­lion.

At the time of its clo­sure, Mt.Gox said that it was unable to locate 850,000 bit­coins, the vast major­ity of which belonged to cus­tomers. The dis­cov­ery reduces the num­ber of lost bit­coins to 650,000, but also rais­es ques­tions about what real­ly hap­pened to the miss­ing cur­ren­cy.

While the search for the miss­ing bit­coins will con­tinue, many investors har­bor lit­tle hope that all will be recov­ered. Japan­ese author­i­ties had not reg­u­lated the exchange, and no deposit insur­ance was offered.

Relat­ed: ‘I lost mon­ey with Mt.Gox’

Respond­ing to the wave of doubt gen­er­ated by the exchange’s fail­ure, sev­eral oth­er exchanges and dig­i­tal wal­let providers have sought to reas­sure investors.

“This trag­ic vio­la­tion of the trust of users of Mt.Gox was the result of one company’s abhor­rent actions and does not reflect the resilience or val­ue of Bit­coin and the dig­i­tal cur­rency indus­try,” an indus­try group said in Feb­ru­ary.

In relat­ed news, the team of vol­un­teer com­puter devel­op­ers who man­age the Bit­coin soft­ware pro­gram has fixed some of the tech­ni­cal issues that Mt.Gox ini­tially blamed for its trou­bles — a quirk in the way Bit­coin works called trans­ac­tion mal­leabil­i­ty.

3e. In a new twist, hack­ers have launched denial of ser­vice attacks on start­up tech firms, and demand­ed ran­som for ceas­ing those attacks–payable in Bit­coins!

“To Instill Love of Bit­coin, Back­ers Work to Make It Safe” by Nicole Perl­roth; The New York Times; 4/02/2014.

. . . War­ren E. Buf­fett referred to the cur­ren­cy as a “mirage” in an inter­view last month and told peo­ple to “stay away.” Would-be adopters and investors have grown fear­ful as hack­ers devel­op new ways to steal Bit­coin and major Bit­coin exchanges shut down. . . .

. . . . Hack­ers have recent­ly tak­en to mount­ing large scale denial-of-ser­vice attacks on tech startups–most recent­ly, Meetup.org, a social meet­ing site; Vimeo, the video shar­ing ser­vice; and Base­camp, a project man­age­ment soft­ware company–and demand­ing pay­ments via Bit­coin as ran­som to cease. . . .

4. Patrick Byrne, CEO of Overstock.com–the first retail­er to accept Bit­coin as a pay­ment vehicle–is a dis­ci­ple of the Aus­tri­an school of eco­nom­ics. The Aus­tri­an school is a fun­da­men­tal ele­ment of the Bit­coin milieu and is also cen­tral to the milieu of Edward Snow­den and the “Paulis­tin­ian Lib­er­tar­i­an Orga­ni­za­tion.”

“Meet Patrick Byrne: Bit­coin Mes­si­ah, CEO of Over­stock, Scourge of Wall Street” by Cade Metz; Wired.com; 2/10/2014.

. . . . The prob­lem with the mod­ern econ­o­my, Byrne says, is that it rests on the whims of our gov­ern­ment and our big banks, that each has the pow­er to cre­ate mon­ey that’s backed by noth­ing but them­selves. Thanks to what’s called frac­tion­al reserve bank­ing, a bank can take in $10 in deposits, but then loan out $100. The gov­ern­ment can make more dol­lars at any time, instant­ly reduc­ing the currency’s val­ue. Even­tu­al­ly, he says, lay­ing down a clas­sic lib­er­tar­i­an metaphor, this “mag­ic mon­ey tree” will come crash­ing down.

But bit­coin is dif­fer­ent. It’s like online gold: The sup­ply of the dig­i­tal cur­ren­cy is con­trolled by soft­ware run­ning across a world­wide net­work of com­put­ers, and its val­ue is decid­ed not by the feds or the big banks, but by the peo­ple. “It can make our coun­try more robust,” says Byrne, a dis­ci­ple of the Aus­tri­an school of eco­nom­ics, which holds that our econ­o­my should rest on the judg­ments of indi­vid­u­als, not a cen­tral author­i­ty. “We want a mon­ey that some gov­ern­ment man­darin can’t just whisk into exis­tence with a pen stroke.”

Zom­bies. Mag­ic mon­ey trees. Man­darins. As Byrne admits, it’s a ten-dol­lar answer to my ten-cent ques­tion about his plans for the future of Overstock.com, and although I know the man well, I can’t help but won­der how much of this is just him call­ing atten­tion to him­self. But a week after this phone call, Byrne will make good on his promise, as Over­stock becomes the first major online retail­er to accept pay­ments in bit­coin, let­ting you buy every­thing from patio fur­ni­ture to smart­phone cas­es with the fledg­ling dig­i­tal cur­ren­cy. And the fol­low­ing month, dur­ing Overstock’s quar­ter­ly earn­ings call, he will reveal that he has per­son­al­ly con­vert­ed mil­lions of dol­lars into bit­coin. The Over­stock CEO is plac­ing more than one big bet on an unpre­dictable future, but Byrne has proven him­self pre­scient before — about the inter­net and the media as well as the econ­o­my. . . .

5. Bit­coin is already demon­strat­ing exact­ly the same con­cen­tra­tion of wealth that plagues the very con­ven­tion­al econ­o­my it is sup­posed to replace. The dif­fer­ence is that bit­coin is already demon­strat­ing a far more pro­nounced con­cen­tra­tion than the con­ven­tion­al econ­o­my–the top one hun­dredth of one per­cent of bit­coin own­ers con­trol 50% of the wealth.

“For­get the 1 Per­cent. In the Bit­coin world, Half the Wealth Belongs to the 0.1 Per­cent” by Bri­an Fung; The Wash­ing­ton Post; 3/3/2014.

The fall of Mt. Gox has a lot of peo­ple say­ing Bit­coin is dead. Yes, the Tokyo-based exchange may be gone, but the vir­tual cur­rency has much more than a sin­gle exchange (which wasn’t even the largest at the time that it col­lapsed). There’s still a great deal of roomfor Bit­coin to grow, par­tic­u­larly in the West: Mt. Gox’s col­lapse hasn’t done much to tem­per curios­ity among reg­u­la­tors and entre­pre­neurs.


Of course, the draw­back to con­sol­i­da­tion is that those ben­e­fits will be con­cen­trated in the hands of a rel­a­tive few. That dynam­ic is already play­ing out among indi­vid­ual hold­ers of Bit­coin, with a grow­ing gulf between the Bit­coin-rich and the Bit­coin-poor. Accord­ing to Ris­to Pietilä, a Finnnish entre­pre­neur, the over­whelm­ing share of Bit­coin wealth is held in just a few dozen wal­lets. Half of all bit­coins belong to around 927 “indi­vid­u­als.” If those fig­ures are right, then half of the world’s 12 mil­lion or so bit­coins is held by a tenth of a per­cent of all accounts. That’s a stun­ning state­ment of inequal­ity, since in the real world 46 per­cent of the world’s wealth belongs to 1 per­cent of the glob­al pop­u­la­tionThe Bit­coin world, then, is even less equal than the real world.




5 comments for “FTR #785 Bit[coin]burg, Part 4: Fool’s Gold, Part 2”

  1. Some­one dis­cov­ered a new way to steal bit­coin using an pret­ty old trick:

    Pan­do Dai­ly
    Hack­ers exploit major inter­net secu­ri­ty hole to steal $83,000 in bit­coin from min­ing pools

    Michael Carney_PandoDaily By Michael Car­ney
    On August 8, 2014

    It’s rem­i­nis­cent of a Hol­ly­wood thriller. Dell Secure­Works researchers have iden­ti­fied a mas­sive hack­ing effort that redi­rect­ed the Inter­net traf­fic of some 19 Inter­net Ser­vice Providers (ISPs) to steal tens of thou­sands of dol­lars in bit­coin from a hand­ful of min­ing pools. The sto­ry, first report­ed by Wired, is sad­ly entire­ly non-fic­tion and the exploit that the hack­er used is not some sophis­ti­cat­ed new zero day attack, but rather one that secu­ri­ty pros have been aware of for sev­er­al decades.

    The source of the attack is unknown, but the cen­tral point of fail­ure appears to be an as yet unnamed Cana­di­an ISP that the thief used to broad­cast spoofed com­mands and redi­rect traf­fic from more than a dozen oth­er ISPs. The net­work tar­gets includ­ed Ama­zon, as well as host­ing ser­vices Dig­i­talO­cean and OVH, among oth­ers. But the real vic­tims in this tale are the bit­coin min­ing pools that had their com­pu­ta­tion­al efforts co-opt­ed and the pro­ceeds of this labor rerout­ed to a pri­vate pool con­trolled by the hack­er.

    Those most impact­ed by the attack were min­ers who left their rigs unat­tend­ed for days or weeks at a time, mak­ing it less like­ly that they would notice miss­ing pay­outs or any oth­er sig­nal that some­thing was amiss. Then again, the attack could have been thwart­ed by the min­ing pool servers using the Secure Sock­et Lay­er (SSL) pro­to­col, Dell argues.

    The hack­ers used an attack vec­tor called a bor­der gate­way pro­to­col, or BGP hijack in which the attack­er alters the rout­ing instruc­tions that gov­ern Inter­net traf­fic between net­works. Secu­ri­ty pro­fes­sion­als first became aware of this exploit in 1998 and over the years have seen sev­er­al exam­ples of its impact.

    In 2008, in an attempt to cen­sor objec­tion­able YouTube traf­fic, Pak­istan acci­den­tal­ly hijacked all of the world’s YouTube traf­fic through its servers. Lat­er that year it was called “The Internet’s Biggest Secu­ri­ty Hole” by a group of pre­sen­ters at the famed Def­Con secu­ri­ty con­fer­ence. Then in 2010 a few thou­sand bad IP address­es in Chi­na meant that Chi­na Tele­com divert­ed 15 per­cent of all Inter­net traf­fic across its net­work for 18 min­utes. And last year a por­tion of all US inter­net traf­fic was rerout­ed to Ice­land and Belarus – accord­ing to some, by Chi­nese gov­ern­ment agen­cies. Each of the above inci­dents was explained away as unin­ten­tion­al and deter­mined to have result­ed in no per­ma­nent impact. But they nonethe­less mean we should have been more pre­pared for this type of attack.

    This lat­est BPG hijack scam was not so inno­cent. The attack is said to have grown to gen­er­ate as much as $9,000 worth of bit­coin and oth­er alt­coins per day at its peak, amount­ing to a min­i­mum of $83,000 between Feb­ru­ary and May 2014 – although the num­ber could be larg­er as researchers only col­lect­ed data on the attack for a por­tion of this time. Giv­en the speci­fici­ty of the attack, which was direct­ed square­ly at vir­tu­al cur­ren­cy min­ing pools, it was obvi­ous­ly not a mis­take.

    “We’re going to see oth­er events like this,” Dell’s Joe Stew­art tells Wired. “It’s ripe for exploita­tion.” The Secure­Works report echoes this sen­ti­ment, stat­ing, “Every net­work admin­is­tra­tor should pre­pare for the risk of nar­row­ly-focused, mali­cious BGP hijack­ing inci­dents.”

    Giv­en the poten­tial for harm, this attack was rel­a­tive­ly small scale – although researchers acknowl­edge that there could have been more activ­i­ty that they didn’t observe. But despite its mod­est impact, this is the lat­est in what is becom­ing a lengthy list of inci­dents that under­score the impor­tance of devel­op­ing a fix for BGP hijack attacks.


    Posted by Pterrafractyl | August 8, 2014, 12:53 pm
  2. Marc Andess­esen has a new inter­view that con­tains his stan­dard “Bit­coin will change every­thing!” mantra. Unfor­tu­nate­ly, that’s not the only bad idea tucked away in that inter­view:

    Marc Andreessen on Finance: ‘We Can Rein­vent the Entire Thing’
    By Antho­ny Effin­ger Oct 6, 2014 11:00 PM CT

    Twit­ter. Face­book. AirBnB. Marc Andreessen, co-founder of the $4.2 bil­lion ven­ture cap­i­tal firm Andreessen Horowitz, has backed them all — along with dozens of oth­ers. His lat­est project? Upend­ing finance. Bloomberg Mar­kets mag­a­zine inter­viewed Andreessen at the firm’s head­quar­ters in Men­lo Park, Cal­i­for­nia.

    Out With the Old

    “We have a chance to rebuild the sys­tem. Finan­cial trans­ac­tions are just num­bers; it’s just infor­ma­tion. You shouldn’t need 100,000 peo­ple and prime Man­hat­tan real estate and giant data cen­ters full of main­frame com­put­ers from the 1970s to give you the abil­i­ty to do an online pay­ment.

    ‘‘You would not today, start­ing from scratch, invent any of these finan­cial busi­ness­es in the same way. To me, it’s all about unbundling the banks. There are reg­u­la­to­ry arbi­trage oppor­tu­ni­ties every step of the way. If the reg­u­la­tors are going to reg­u­late banks, then you’ll have non­bank enti­ties that spring up to do the things that banks can’t do. Bank reg­u­la­tion tends to back­fire, and of late that means con­sumer lend­ing is get­ting unbun­dled.”

    In With the New

    “We’re not going to go back­ward. When peo­ple start doing things a bet­ter way, it kind of doesn’t mat­ter what the old way was. You can find peo­ple who will say that this is all just an arbi­trage on the cur­rent trou­ble in the finan­cial sys­tem, and I’m sure the big tra­di­tion­al banks will fight back and try to get things out­lawed.

    ‘‘But think about the sce­nario of a loan offi­cer talk­ing to a prospec­tive client. To soft­ware peo­ple, that looks like voodoo. The idea that you can sit across the table from some­body and get a read on their char­ac­ter is just non­sense.

    ‘‘Lots of indus­tries are chang­ing in a sim­i­lar way. There’s been a qual­i­ta­tive approach, and now, there’s a quan­ti­ta­tive approach. Every­body who grew up in the qual­i­ta­tive approach hates the quan­ti­ta­tive approach and con­sid­ers it a giant threat.”

    Big Data

    “There is a grow­ing idea in Sil­i­con Val­ley that there are sources of data on con­sumer behav­ior we can use to pre­dict cred­it­wor­thi­ness. These will be com­plete­ly dif­fer­ent than the tra­di­tion­al approach to cred­it rat­ings, which are tremen­dous­ly impre­cise and ‘lag­gy.’ Pay­Pal can do a real-time cred­it score in mil­lisec­onds, based on your EBay (EBAY) pur­chase his­to­ry — and it turns out that’s a bet­ter source of infor­ma­tion than the stuff used to gen­er­ate your FICO score.

    ‘‘The hypoth­e­sis is that there are many oth­er sim­i­lar sources of con­sumer data: cred­it card bills, social-net­work behav­ior, poten­tial­ly even search his­to­ry. Lots of peo­ple, both in the big Inter­net com­pa­nies and at star­tups, are try­ing to get at these large pools of data and fig­ure out new ways to do scor­ing. What they all have in com­mon is that they are all being done out­side of banks.

    ‘‘The minute any of these new cred­it vehi­cles can show any lev­el of repeata­bil­i­ty and reli­a­bil­i­ty, the hedge funds come in and pro­vide the fund­ing. Hedge funds are very com­fort­able with ana­lyt­ic mod­els. If you have suf­fi­cient sta­bil­i­ty, you can get lever­age.’’


    Yes, in Andreessen’s future utopia, you’re social-net­work behav­ior and search his­to­ry could be used to deter­mine your cred­it. So be sure to behave online lil’ bor­row­er. Behave.

    It was also a lit­tle amus­ing to see Andreessen say “You shouldn’t need 100,000 peo­ple and prime Man­hat­tan real estate and giant data cen­ters full of main­frame com­put­ers from the 1970s to give you the abil­i­ty to do an online pay­ment,” all things con­sid­ered.

    Posted by Pterrafractyl | October 18, 2014, 2:19 pm
  3. Remem­ber those Bit­coin mal­ware apps of yes­ter­year that were secret­ly turn­ing com­put­ers into Bit­coin min­ers? While annoy­ing, it’s also the kind of mal­ware that prob­a­bly just slows your com­put­er down a bit and costs a lit­tle extra in elec­tric­i­ty. It could be worse. For instance, if your passkeys for Ama­zon’s cloud ser­vices are ever acci­den­tal­ly post­ed to a pub­lic code repos­i­to­ry like GitHub, even if just for a few min­utes, it could be a lot worse:

    The Reg­is­ter
    Dev put AWS keys on Github. Then BAD THINGS hap­pened
    Fer­tile fields for Bit­coin yields — with a nasty finan­cial sting

    6 Jan 2015 at 13:02, Dar­ren Pauli

    Bots are crawl­ing all over GitHub seek­ing secret keys, a devel­op­er served with a $2,375 Bit­coin min­ing bill found.

    Dev­Fac­tor founder Andrew Hoff­man said he used Figaro to secure Rails apps which pub­lished his Ama­zon S3 keys to his GitHub account.

    He noticed the blun­der and pulled the keys with­in five min­utes, but that was enough for a bot to pounce and spin up instances for Bit­coin min­ing.

    “When I woke up the next morn­ing, I had four emails and a missed phone call from Ama­zon AWS — some­thing about 140 servers run­ning on my AWS account,” Hoff­man said.

    “I only had S3 keys on my GitHub and they were gone with­in five min­utes!”

    “As it turns out, through the S3 API you can actu­al­ly spin up EC2 instances, and my key had been spot­ted by a bot that con­tin­u­al­ly search­es GitHub for API keys.”

    Ama­zon (he said) told him such bot exploits were increas­ing­ly com­mon with hack­ers run­ning algo­rithms to per­pet­u­al­ly search for GitHub for API keys.

    “Once it finds one it spins up max instances of EC2 servers to farm itself Bit­coins,” he said.

    Ama­zon refund­ed his bill, as it had for oth­ers. In Decem­ber 2013 hack­ers ran up a $3,493 Lite­coin min­ing bill for devel­op­er Luke Chad­wick.


    Well, at least Ama­zon was nice enough to refund the poor guy. It could be worse!

    It’s also too bad we don’t get to find out how many bit­coins actu­al­ly got mined from that $2,375 worth of Ama­zon cloud com­put­ing pow­er, although what­ev­er it cost before it’s prob­a­bly cheap­er now. Why? The Bit­coin min­ing bub­ble appears to be in the process of burst­ing:

    The Wall Street Jour­nal
    Mon­ey Beat
    Bit­Beat: Bitcoin’s Price, Min­ing Hashrate Reflect Unsyn­chro­nized Bub­bles
    8:09 pm ET
    Jan 13, 2015

    By Michael J. Case

    Bit­coin Lat­est Price: $225.38 up 15.62% (via Coin­Desk)

    Cross­ing Our Desk:

    –For the first Bit­Beat col­umn of 2015, it’s sober­ing to report that bitcoin’s price is down almost 16% for the day and 30% from when we last pub­lished – this after a 67% decline in 2014.

    As we’ve argued else­where, we don’t think the price is a rea­son­able gauge of the prospects for cryp­tocur­ren­cy technology’s future, most­ly because the cur­ren­cy itself is of sec­ondary impor­tance in many of that technology’s future appli­ca­tions. That said, there are some impor­tant ques­tions about what the price decline means for that most vital of activ­i­ties with­in the bit­coin ecosys­tem: min­ing.

    The prof­itabil­i­ty of min­ing, which is cru­cial to bit­coin because it is the means by which trans­ac­tions are con­firmed and new bit­coins are brought into being, is high­ly sen­si­tive to bitcoin’s price in dol­lars. In the­o­ry, then, as that price falls, it should dis­cour­age new entrants into the busi­ness and encour­age exist­ing oper­a­tors to leave.

    Despite this direct link, the sharp price decline of 2014 coin­cid­ed with a remark­able 30-fold surge in the hashrate – the main mea­sure of the size and pow­er of the bit­coin min­ing net­work – which brought bitcoin’s aggre­gate com­pu­ta­tion­al pow­er to a lev­el 13,000 times that of the com­bined clout of the world’s 500 biggest super­com­put­ers.

    Now, final­ly, the hashrate is falling amid signs that min­ers are turn­ing off rigs. That in turn will have a coun­ter­bal­anc­ing effect because a low­er hashrate means that bitcoin’s soft­ware adjusts down the in-built dif­fi­cul­ty func­tion that deter­mines how much com­pu­ta­tion­al work, or hash­ing, a min­er must under­take to solve the system’s key math­e­mat­i­cal puz­zle that earns rights to new bit­coins. A low­er hashrate equals soft­er com­pet­i­tive pres­sure.

    But before we get to that it’s worth pon­der­ing why we saw last year’s coun­ter­in­tu­itive hashrate increase.

    First­ly, let’s acknowl­edge that both the bit­coin price and min­ing net­work expe­ri­enced extreme bub­bles — the cur­ren­cy in 2013, min­ing last year. Each bub­ble fed off the oth­er in pow­er­ful but dif­fer­ent ways, but in the lat­ter case with time delays reflect­ed a clas­sic fail­ure of syn­chro­niza­tion between finan­cial mar­kets, which react to news instan­ta­neous­ly, and con­trac­tu­al­ly bound cap­i­tal invest­ments in land, plant and equip­ment, for which change occurs much more slow­ly. We see this now in the delays with which oil drillers are shut­ting down rigs even though crude oil’s 55% price decline from mid-2014 has ren­dered many unable to pay their debts.

    As bitcoin’s priced surged 8,000% to $1,100 in the 12 months to Decem­ber 2013, min­ing investors saw a chance to get rich. They built out ware­house-based oper­a­tions with rows and rows of fast-paced rigs that used ASIC (appli­ca­tion spe­cif­ic inte­grat­ed cir­cuit) chips to launch the newest thing: cloud min­ing. This was a new ser­vice for small play­ers to par­tic­i­pate in the oth­er­wise com­pet­i­tive­ly dif­fi­cult busi­ness of min­ing by buy­ing con­tracts that give them shares in big, effi­cient­ly run facil­i­ties’ aggre­gate hash­ing pow­er.

    Those con­tracts locked cloud min­ing com­pa­nies into long-term cus­tomer com­mit­ments, as did their lease con­tracts with data cen­ters and the pur­chase con­tracts they had with sup­pli­ers of ASIC chips and rigs. So through much of 2013 they kept build­ing out facil­i­ties, even as the falling price of bit­coin meant that both the com­pa­nies and their clients were los­ing mon­ey.


    Now this vicious cycle seems to be end­ing, most­ly as cloud min­ers throw in the tow­el. On Mon­day, bit­coin min­ing and exchange provider CEX.IO said it would tem­porar­i­ly sus­pend cloud min­ing ser­vices, in part because of “the recent bit­coin price drop.” This among, oth­er signs of trou­ble in cloud min­ing – notably at Coin­T­er­ra, which is now fac­ing a law­suit from the same dat­a­cen­ter provider and has been shut out of that facil­i­ty — sug­gests the falling price has pushed the indus­try, final­ly, into a tip­ping point. As such, the hashrate appears not only to have sta­bi­lized but is falling..


    Keep in mind that, should the Bit­coin min­ing bub­ble tru­ly be in the process of burst­ing, that’s still pret­ty big news. Pret­ty big and poten­tial­ly prof­itable news...let the SEO prof­its flow!. So it could indeed be worse.

    It could also be a lot bet­ter.

    Posted by Pterrafractyl | January 13, 2015, 8:37 pm
  4. One of the most inter­est­ing phe­nom­e­na about the whole bit­coin affair is the CULTISHNESS of its true believ­ers. Reli­gion is not too strong a term for the fanat­ics. I’ve noticed this in var­i­ous threads I’ve read. This is sep­a­rate from the more cyn­i­cal mon­ey peo­ple behind it and hop­ing to prof­it off of it. I’m talk­ing about the “cybergeek” types who see it as being about “over­throw­ing the man”.

    SFGATE changed its arti­cle on this, they pre­vi­ous­ly had a still pic of an anar­chist type with a pic of Ulbricht as “the Cho­sen One”. You can still a frame from this in the video at the bot­tom.


    Posted by Tiffany Sunderson | January 14, 2015, 11:44 am
  5. Check out a new appli­ca­tion for cryp­tocur­ren­cy min­ing: car­ry­ing out a Stuxnet-like attack on crit­i­cal infra­struc­ture.

    For the first time ever, there’s now an exam­ple of the “cryp­to­jack­ing” craze — mal­ware spread over web brows­er that uses your com­put­er’s resources to mine cryp­tocur­ren­cy — hit­ting the indus­tri­al con­trol sys­tems of a pub­lic util­i­ty. Specif­i­cal­ly, a water util­i­ty in Europe. And it was­n’t ‘min­ing’ bit­coins. It was min­ing “mon­ero” coins instead (which has to be a bit of let down for Bit­coin).

    The mal­ware was designed to spread lat­er­al­ly with­in the net­work, allow­ing it to infect parts of the util­i­ty’s sys­tems that aren’t nor­mal­ly exposed to the inter­net. And while it was designed to run in the back­ground with­out using too much com­put­ing pow­er to get notices, as the arti­cle notes, it’s entire­ly pos­si­ble that this same mal­ware attack could be used to crip­ple the sys­tem it infects. How so? By sim­ply over-using the com­put­er proces­sors so heav­i­ly that they wear down and break.

    As the arti­cle also notes, there’s also the con­cern that indus­tri­al con­trol sys­tems require high proces­sor avail­abil­i­ty, so any­thing that impacts that avail­abil­i­ty can cause seri­ous safe­ty con­cerns. In oth­er words, the cryp­tocur­ren­cy min­ing would­n’t nec­es­sar­i­ly have to break the com­put­er proces­sors to cause dam­age. It could mere­ly clog the sys­tem and effec­tive­ly break it at exact­ly the wrong time:


    Now Cryp­to­jack­ing Threat­ens Crit­i­cal Infra­struc­ture, Too

    Lily Hay New­man
    02.12.18 12:09 pm

    The rise of cryp­to­jack­ing—which co-opts your PC or mobile device to illic­it­ly mine cryp­tocur­ren­cy when you vis­it an infect­ed site—has fueled min­ing’s increas­ing appeal. But as attack­ers have expand­ed their tools to sly­ly out­source the num­ber of devices, pro­cess­ing pow­er, and elec­tric­i­ty pow­er­ing their min­ing oper­a­tions, they’ve moved beyond the brows­er in poten­tial­ly dan­ger­ous ways.

    On Thurs­day, the crit­i­cal infra­struc­ture secu­ri­ty firm Rad­i­flow announced that it had dis­cov­ered cryp­tocur­ren­cy min­ing mal­ware in the oper­a­tional tech­nol­o­gy net­work (which does mon­i­tor­ing and con­trol) of a water util­i­ty in Europe—the first known instance of min­ing mal­ware being used against an indus­tri­al con­trol sys­tem.

    Rad­i­flow is still assess­ing the extent of the impact, but says that the attack had a “sig­nif­i­cant impact” on sys­tems. The researchers note that the mal­ware was built to run qui­et­ly in the back­ground, using as much pro­cess­ing pow­er as it could to mine the cryp­tocur­ren­cy Mon­ero with­out over­whelm­ing the sys­tem and cre­at­ing obvi­ous prob­lems. The min­er was also designed to detect and even dis­able secu­ri­ty scan­ners and oth­er defense tools that might flag it. Such a mal­ware attack increas­es proces­sor and net­work band­width usage, which can cause indus­tri­al con­trol appli­ca­tions to hang, pause, and even crash—potentially degrad­ing an operator’s abil­i­ty to man­age a plant.

    “I’m aware of the dan­ger of [mal­ware min­ers] being on indus­tri­al con­trol sys­tems though I’ve nev­er seen one in the wild,” says Mar­co Car­dac­ci, a con­sul­tant for the firm RedTeam Secu­ri­ty, which spe­cial­izes in indus­tri­al con­trol. “The major con­cern is that indus­tri­al con­trol sys­tems require high proces­sor avail­abil­i­ty, and any impact to that can cause seri­ous safe­ty con­cerns.”

    Low Key Min­ing

    Rad­i­flow CEO Ilan Bar­da says the com­pa­ny had no idea it might dis­cov­er a mali­cious min­er when it installed intru­sion detec­tion prod­ucts on the utility’s net­work, par­tic­u­lar­ly on its inner net­work, which wouldn’t usu­al­ly be exposed to the inter­net. “In this case their inter­nal net­work had some restrict­ed access to the inter­net for remote mon­i­tor­ing, and all of a sud­den we start­ed to see some of the servers com­mu­ni­cat­ing with mul­ti­ple exter­nal IP address­es,” Bar­da says. “I don’t think this was a tar­get­ed attack, the attack­ers were just try­ing to look for unused pro­cess­ing pow­er that they could use for their ben­e­fit.”

    Indus­tri­al plants may prove an entic­ing envi­ron­ment for mali­cious min­ers. Many don’t use a lot of pro­cess­ing pow­er for base­line oper­a­tions, but do draw a lot of elec­tric­i­ty, mak­ing it rel­a­tive­ly easy for min­ing mal­ware to mask both its CPU and pow­er con­sump­tion. And the inner net­works of indus­tri­al con­trol sys­tems are known for run­ning dat­ed, unpatched soft­ware, since deploy­ing new oper­at­ing sys­tems and updates can inad­ver­tent­ly desta­bi­lize cru­cial lega­cy plat­forms. These net­works gen­er­al­ly don’t access the pub­lic inter­net, though, and fire­walls, tight access con­trols, and air gaps often pro­vide addi­tion­al secu­ri­ty.

    Secu­ri­ty spe­cial­ists focused on indus­tri­al con­trol, like the researchers at Rad­i­flow, warn that the defens­es of many sys­tems still fall short, though.

    “I for one have seen a lot of poor­ly con­fig­ured net­works that have claimed to be air gapped but weren’t,” RedTeam Security’s Car­dac­ci says. “I am by no means say­ing that air gaps don’t exist, but mis­con­fig­u­ra­tions occur often enough. I could def­i­nite­ly see the mal­ware pen­e­trat­ing cru­cial con­trollers.”

    With so much fal­low pro­cess­ing pow­er, hack­ers look­ing to mine—often with auto­mat­ed scan­ning tools—will hap­pi­ly exploit flaws in an indus­tri­al con­trol system’s defens­es if it means access to the CPUs. Tech­ni­cians with an inside track may also yield to temp­ta­tion; reports sur­faced on Fri­day that a group of Russ­ian sci­en­tists were recent­ly arrest­ed for alleged­ly using the super­com­put­er at a secret Russ­ian research and nuclear war­head facil­i­ty for Bit­coin min­ing.

    “The cryp­tocur­ren­cy craze is just every­where,” says Jérôme Segu­ra, lead mal­ware intel­li­gence ana­lyst at the net­work defense firm Mal­ware­bytes. “It’s real­ly changed the dynam­ic for a lot of dif­fer­ent things. A large amount of the mal­ware we’ve been track­ing has recent­ly turned to do some min­ing, either as one mod­ule or com­plete­ly chang­ing atten­tion. Rather than steal­ing cre­den­tials or work­ing as ran­somware, it’s doing min­ing.”

    Get­ting Seri­ous

    Though in-brows­er cryp­to­jack­ing was a nov­el devel­op­ment toward the end of 2017, mali­cious min­ing mal­ware itself isn’t new. And more and more attacks are crop­ping up all the time. This week­end, for exam­ple, attack­ers com­pro­mised the pop­u­lar web plu­g­in Browseal­oud, allow­ing them to steal min­ing pow­er from users on thou­sands of main­stream web­sites, includ­ing those of Unit­ed States fed­er­al courts sys­tem and the Unit­ed King­dom’s Nation­al Health Ser­vice.


    Radiflow’s Bar­da says that the min­ing mal­ware infect­ing the water treat­ment plant, for instance, was designed to spread inter­nal­ly, mov­ing lat­er­al­ly from the inter­net-con­nect­ed remote mon­i­tor­ing serv­er to oth­ers that weren’t meant to be exposed. “It just needs to find one weak spot even on a tem­po­rary basis and it will find the way to expand,” Bar­da says.

    Observers say it’s too soon to know for sure how wide­spread cryp­to­jack­ing will become, espe­cial­ly giv­en the volatil­i­ty of cryp­tocur­ren­cy val­ues. But they see mali­cious min­ing crop­ping up in crit­i­cal infra­struc­ture as a trou­bling sign. While cryp­to­jack­ing mal­ware isn’t designed to pose an exis­ten­tial threat—in the same way a par­a­site does­n’t want to kill its host—it still wears on and degrades proces­sors over time. Reck­less­ly aggres­sive min­ing mal­ware has even been known to cause phys­i­cal dam­age to infect­ed devices like smart­phones.

    It also seems at least pos­si­ble that an attack­er with goals more sin­is­ter than a quick finan­cial gain could use min­ing mal­ware to cause phys­i­cal destruc­tion to crit­i­cal infra­struc­ture controllers—a class of rare but bur­geon­ing attacks.

    “We’ve seen this tech­nique with ran­somware like Not­Petya where it’s been used as a decoy for a more dan­ger­ous attack,” Segu­ra says. “Min­ing mal­ware could be used in the same way to look finan­cial­ly moti­vat­ed, but in fact the goal was to trig­ger some­thing like the phys­i­cal dam­age we saw with Stuxnet. If you run min­ers at 100 per­cent you can cause dam­age.”

    Such a calami­tous attack remains hypo­thet­i­cal, and might not be prac­ti­cal. But experts urge indus­tri­al con­trol plants to con­sis­tent­ly audit and improve their secu­ri­ty, and ensure that they’ve tru­ly siloed inter­nal net­works, so there are no mis­con­fig­u­ra­tions or flaws that attack­ers can exploit to gain access.

    “Many of these sys­tems are not hard­ened and are not patched with the lat­est updates. And they must run 24/7, so recov­ery from cryp­to-min­ing, ran­somware, and oth­er mal­ware threats is much more prob­lem­at­ic in indus­tri­al con­trol sys­tem net­works,” says Jonathan Pol­let, the founder of Red Tiger Secu­ri­ty, which con­sults on cyber­se­cu­ri­ty issues for heavy indus­tri­al clients like pow­er plants and nat­ur­al gas util­i­ties. “I hope this helps cre­ate a sense of urgency.”


    “Now Cryp­to­jack­ing Threat­ens Crit­i­cal Infra­struc­ture, Too” by Lily Hay New­man; Wired; 02/12/2018

    “On Thurs­day, the crit­i­cal infra­struc­ture secu­ri­ty firm Rad­i­flow announced that it had dis­cov­ered cryp­tocur­ren­cy min­ing mal­ware in the oper­a­tional tech­nol­o­gy net­work (which does mon­i­tor­ing and con­trol) of a water util­i­ty in Europe—the first known instance of min­ing mal­ware being used against an indus­tri­al con­trol sys­tem.”

    The first known instance of min­ing mal­ware being used against an indus­tri­al con­trol sys­tem. Oh good­ie. And note that, while the water util­i­ty does­n’t appear to have been crip­pled by the mal­ware, it did report­ed­ly have a “sig­nif­i­cant impact” on the util­i­ty’s sys­tems:

    Rad­i­flow is still assess­ing the extent of the impact, but says that the attack had a “sig­nif­i­cant impact” on sys­tems. The researchers note that the mal­ware was built to run qui­et­ly in the back­ground, using as much pro­cess­ing pow­er as it could to mine the cryp­tocur­ren­cy Mon­ero with­out over­whelm­ing the sys­tem and cre­at­ing obvi­ous prob­lems. The min­er was also designed to detect and even dis­able secu­ri­ty scan­ners and oth­er defense tools that might flag it. Such a mal­ware attack increas­es proces­sor and net­work band­width usage, which can cause indus­tri­al con­trol appli­ca­tions to hang, pause, and even crash—potentially degrad­ing an operator’s abil­i­ty to man­age a plant.

    And if that “sig­nif­i­cant impact” on the util­i­ties sys­tem hap­pened dur­ing a peri­od when those proces­sors were need­ed to, say, check the qual­i­ty of the water, this unnamed Euro­pean water util­i­ty could have had a seri­ous safe­ty issue on its hands:

    “I’m aware of the dan­ger of [mal­ware min­ers] being on indus­tri­al con­trol sys­tems though I’ve nev­er seen one in the wild,” says Mar­co Car­dac­ci, a con­sul­tant for the firm RedTeam Secu­ri­ty, which spe­cial­izes in indus­tri­al con­trol. “The major con­cern is that indus­tri­al con­trol sys­tems require high proces­sor avail­abil­i­ty, and any impact to that can cause seri­ous safe­ty con­cerns.”

    And that’s mere­ly an exam­ple of how some­one could acci­den­tal­ly cause a major inci­dent with their cryp­tocur­ren­cy min­ing mal­ware. But there’s noth­ing stop­ping inten­tion­al dam­age being done too. Because if the mal­ware can get those proces­sors to run at 100 per­cent (with­out get­ting caught) for a long enough time to actu­al­ly dam­age them, this could effec­tive­ly become a Stuxnet-like attack that does seri­ous dam­age to a sys­tem:

    It also seems at least pos­si­ble that an attack­er with goals more sin­is­ter than a quick finan­cial gain could use min­ing mal­ware to cause phys­i­cal destruc­tion to crit­i­cal infra­struc­ture controllers—a class of rare but bur­geon­ing attacks.

    “We’ve seen this tech­nique with ran­somware like Not­Petya where it’s been used as a decoy for a more dan­ger­ous attack,” Segu­ra says. “Min­ing mal­ware could be used in the same way to look finan­cial­ly moti­vat­ed, but in fact the goal was to trig­ger some­thing like the phys­i­cal dam­age we saw with Stuxnet. If you run min­ers at 100 per­cent you can cause dam­age.”

    So now the world has dis­cov­ered that Stuxnet-like attacks can be car­ried out with cryp­tocur­ren­cy mal­ware. And it’s the kind of attack that poten­tial­ly pro­vides a degree of plau­si­ble deni­a­bil­i­ty. “We weren’t try­ing dis­able that nuke plant and trig­ger a melt­down. We just want­ed to mine for coins! Hon­est!” That’s a thing now.

    Posted by Pterrafractyl | February 13, 2018, 4:23 pm

Post a comment