Bitcoin Forum

...

Today Wikileaks leaked a huge trove of information on malware being used by our government.  Details can be found at Drudge and ZeroHedge (but not at cnn.com, LOL).  The viruses, trojans, "Year Zero" bugs, worms, etc., etc. are targeted at a huge number of digital devices, including smartphones, Samsung TVs, cars (think about that), and a large number of operating systems (including several LINUX systems).

One comment I read suggested that much of this malware will be easily stolen and used by our enemies (as STUXNET is).

Obviously this is troubling, perhaps especially to non-programmers like me.


I invite comments..., especially on Best Practices we might follow to protect our IDs, our BTC and whatever other of our digital information we care about.

I am excited that, after long months of nothing too relevant being published, Wikileaks finally put another nail in the coffin of the corrupt and manipulative government. After all, it was them that showed us the incriminating documents against the Democratic Party.

Although I am not surprised, this does frighten me based on what the government has done in the past. In fact, today Edward Snowden claimed the documents were a "genuinely big deal" and that it "looks authentic".

The fact that our government does this is truly scary and will hopefully come to an end. However, I believe the new administration will only expand CIA powers.

I'd warn all Bitcoin users to refrain from using online wallets because, no matter how trustworthy, it seems the government may be able to do what ever they'd like.
Especially seeing as how the government is in almost 20 trillion dollars of debt, I wouldn't be surprised if sooner or later the government tried to steal all our 401ks and retirement/education savings. And, if that's not enough, they may steal from companies like PayPal and perhaps will attempt to take from Bitcoin. After all, there are billions of dollars worth of Bitcoins.

If that doesn't happen, we've seen how stupid the government can be when handling classified material (ex. DNC) so how hard does anyone think it'd be to get into the governments own stolen malware documents and begin to rob everyone of our money?

This is so sick it makes the latest fake news ore Russian hacks on Trump a Joke. But to be honest we all knew it they where doing this the whole time, right?

i think malware on phones is going to be a massive problem going forward
especially with the increase in "mobile" devices and how people use them
for their financial accounting/general banking. its constantly in the back of
my mind when i use the banking app on my phone.

"whats going on in the background........"

even more reason to have a stand alone isolated laptop, netbook or PC
for sensitive material and BTC

the future is bright scary,
but shure if a fella has feck all there is feck all to be stolen.....

This is perfectly normal behaviour for "government" (after all, the violence monopolist).

I don't think that these "evil practices" are new.  Government, since its inception more than 5000 years ago, has always been a lying, cheating, violent fraud full of hypocrisy about their caring for the "common good".   The latest joke is that we may "vote" for it, so we now think that we have something to say, which makes us "responsible" for their actions.

There are only two dangers with government:

- believing their caring for the common good
- believing they are all mighty

These two erroneous beliefs are the basis of their power.

Saw this available on a torrent site yesterday and it was password protected until March 6, yesterday when it would be revealed to open the 7zip file.

need photoshop.

http://imagizer.imageshack.us/a/img923/532/ucZpW6.jpg

Best practices are using exactly whatever security methods we've been using so far. There's no practical way of protecting ourselves from unknown exploits...


Beyond scary... I don't think this will end in our lifetimes.


These wallets would get drained by hackers before anything else, I don't think the government is a issue or a threat here.


Indeed, experience tells us that governments only tend to their needs.


Didn't understand the reference, but I guess this (http://fallout.wikia.com/wiki/Vault_111) is it. Maybe the CIA wants to "vault" the whole world who uses IT... :D

The problem exists for programmers too, because most don't have time to audit every bit of software they run. An example was the HeartBleed (https://en.wikipedia.org/wiki/Heartbleed) bug. It just takes a bit of thinking on how to manage data securely. Where possible use standalone devices. For example, Bitcoin Trezor is very unlikely to be compromised because it doesn't even have an operating system. It's custom programmed and the interface is small and limited, so it won't get viruses even when plugged in.

So for example, a good practice is using a laptop running off a Linux USB stick and connecting to the internet at a public place, like Starbucks. The idea isn't running Linux because it's guaranteed secure, it's running it because you can easily start a new session every time you power up. Identifying information, such as sites visited, cookies, etc. are not saved, and your connection isn't linked to your real world identity.

Use a device with no closed source software, because that's where they hide the 'backdoors'. That includes all the firmware, drivers etc as well as the OS.

Check these guys out: https://minifree.org/

Pls there should be no such thing as "our enemy" in Bitcoin World pls. We should be smarter than politicians. Jeez

I would love to know how much time and effort they have spent on trying to crack bitcoin.
Can you imagine if they had leaked that they had a back door into Bitcoin? I would expect a $900 drop if that happened!

I guess that Bitcoin wasn't mentioned is a good thing, they haven't cracked it yet.

That's true, I don't agree with OP putting this here, he should have moved it to politics and society section. They cannot hack our blockchain because of decentralization, that I can guarantee but other forms of governmental manipulations well it's up in their hands.

But perhaps there is potential for your coins to be stolen. One of the main parts of this latest revelation from Wikileaks is not just that the CIA is doing this, but that they lost control of all the hacking tools they collected and built which then fell into other hands - potentially the hands of criminals.

they just need to hack the major miners though, since what matters is the hash rate

The real problem now is not that a handful of professionals in the CIA had these tools... it's that the tools are out in the wild. Anyone could have them, or be in the process of getting them. Simply knowing the sorts of things that can successfully be done may be enough to inspire other hackers to recreate tools with the same functionality.

That's the real risk I see to online wallets and anything else protected with a password (encryption notwithstanding, if you've read the news).

I can allay your fears on one point - don't worry about the government crassly stealing your funds. So long as they can simply inflate the dollar (or other centrally managed currency), there is absolutely no need for them to stoop to such a level even in a crisis. It would only be counterproductive for them to do so, when they can simply invisibly pilfer the value of everyone's funds everywhere by issuing more fiat.

...

I see at least two tangible dangers that would worry me:

1)  That any BTC that we "own" in web wallets could be stolen reasonably easy (with info from our own computers)

2)  Keystroke loggers..., which to me seem to be perhaps the greatest danger.  They could get our passwords...


Yep, as ebliever just wrote above, these tools are now out there "in the wild".  No telling who and what malicious users will try to inflict on us.

Maybe this is OT if you wanted to stick to bitcoin, but the news that they were developing hacking tools to assassinate people by accelerating and steering their cars off the road scares me rather more than any financial risks. Or perhaps because in the wrong hands it will become both a financial risk and a risk to our lives. Imagine if hackers perform a few of these incidents at random, then start calling anyone (like those "Hello, I'm from Microsoft and you have a virus" phone calls) to claim that they've hacked your vehicle and will steer you into a lamppost at 80 MPH unless you pay them a bitcoin ransom. :-(

And people used to laugh when they saw my laptop camera is covered in tape with black sharpie marker over it.

Decentralization is one factor. There is possibility of backdoor hidden somewhere in the code.
I expect that Bitcoin's code was checked very thoroughly, but so they said about many unbreakable security projects before.
Most recent example is backdoor within CloudFlare anti DDOS protection service.

I think this is positive.  If these weapons are out there, they will eventually also be used against government targets.  As such, there won't be a desire any more by government to keep leaky hardware and software: they've lost their competitive edge that way, and are now part of the victims.  So they will not hamper a cure any more.
It would be fantastic if horrible things happened to the government by their own tools in the hands of enemies.  It would be fantastic if the government felt powerless in the face of their own tools.  Then they will stop pushing for holes in the system (and maybe refrain from developing even more stuff that will eventually be used against them).

The NSA and the CIA have been on the wrong leg all these years (no wonder, they are government agencies).  In stead of being on the defensive side, and helping the population, companies and so on, to develop secure, tight systems, they have been lobbying for holes everywhere, so that they could develop their offensive capacity.  But now they are themselves full of holes, and the enemies have their weapons ; and they have equipped their citizens also with equipment full of holes, open to the attacks by their own tools in the hands of enemies.   They have rendered the government, and the entire population and economy, fully vulnerable to foreign attacks, with tax money.  

After reviewing this and considering that even Linux has substantial exploits, I believe this release of documents screams to make sure you have a hardware wallet.  You do NOT have to break the blockchain IF you can exploit the operating system and watch what the user is doing.  A good hardware wallet never reveals keys, true PINS, etc... even to the operating system it is connected to.  Only a full break of BTC would render a quality hardware wallet as ineffective.  All other solutions that ever connect online in any way could be suspect.  This is not a scare tactic, just a very logical extension of what today's leak of info suggests.  While older archive paper wallets are secure, the question now becomes how do you someday spend/move those coins?  It is likely the two computer model - hot and cold - wallets would still hold up, hopefully.  I can't know the extent of these exploits yet.

Windows should die and linux should be sold on all customer level computers since Trump has become president it just shows how over the last 8 years under the "Obama customer care" he has provided to the United States of America and how he has stolen everybody's privacy in the form of email/phone calls/geo cached locations having all be logged of every citizen of the U.S.A under the name of so called "National Security" for the greatest nation of the civilized world!

I wonder how closely "Cloudbleed" and these "Vault 7" exploits are linked with each other. We have had two major security issues within a couple of weeks. This is not good for 3rd party systems linked to Bitcoin. The Open source systems would be fine, because these systems are constantly under Peer review and holes will be identified quickly, but most of these systems runs on hardware with built in proprietary software in the firmware that may be exploited.

We live in a scary world, where we have zero control over our lives. ^grrrrrrrr^   

Since the advent of states, about 5000 years ago, we never had.  But only rarely we realized this.  And the few people realizing it were then "enemies of the state" (witches, communists, terrorists, .... name them, each epoch has its favourite enemy of state name).

nothing bigger than the ssl bug remember the heartbleed? it was said to be in there since many years and no one notice it until 2015 i believe

the world is full of hackers that will use whatever tool they need to scam innocent, they also make their own malware that can not be detected by antivirus and similar

and then we have win 10 which is already a risky environment, holding big amount of coin this OS can open the door for future stealing without the user noticing