Bitcoin Forum

http://m.nydailynews.com/news/national/nsa-hacked-100-000-computers-radio-signals-article-1.1580254 (http://m.nydailynews.com/news/national/nsa-hacked-100-000-computers-radio-signals-article-1.1580254)

This is fairly old news, and I'm also not familiar with what kind of threat this might pose.  Hopefully someone more knowledgable can share their input.

Since it's now no secret that the NSA has the capacity to hack into computers via radio waves (though apparently only on computers constructed with the proper hardware), what does this mean for things like Armory's offline transactions?  Do you believe that this poses a viable threat, particularly if companies increasingly integrate backdoor radio transceivers into household computers and mobile devices?

Moreover, has this issue been considered by the core devs?

Your doctored desktop computer or router can be phoning home by using your iPhone that you shut off. I wouldn't worry too much about it though, but it's definitely a theoretical possibility.

If someone wants what you have so bad that they want/can can connect to your devices while they are turned off/not connected to internet, I would say you are pretty much screwed. If youre not screwed now, it is only a matter of time. Highly unlikely for a few bitcoins.

I would worry less about the NSA hacking into your computer via radio waves and more about the potential for your computer to be actually stolen.

I would think that many people would likely assume that since a computer is not connected to the internet there is little/no risk of getting hacked so they would use a weak/no password. This would make their bitcoin vulnerable once physical access to the computer is established.

Yeah...master-P has a good point here, imho.  You're far more likely to have your cold storage laptop stolen than have the NSA use radio waves to hack into said computer. 

For that to happen, several things have to happen.  First, the NSA has to know you have bitcoins.  Second, they have to be interested in stealing your bitcoins.  And third, they have to go to the trouble of going to a relatively short distance in order to use said radio waves to hack into your computer.  Odds are, they've got better things to do, like worry about terrorists and such.  Which isn't to say that it's impossible, but yeah, I'd be worrying about keeping your laptop secure from physical theft way more than being worried about something like this.

If your hardware has been tampered with, you're screwed. You need to source your hardware from somewhere you trust and check it as best you can (it isn't possible to 100% verify it hasn't been tampered with). I would say it's a viable threat because realistically almost anyone can do this kind of thing, it's not hard or expensive to do and there are countless ways you could exfiltrate data from an airgapped machine if you can modify the hardware,


It is quite easy to defend yourself against a thief getting access to your data. Your airgapped machine should be full-disk encrypted at the very least. Somebody stealing your device shouldn't be able to access your data,  What you need to be worried about is somebody stealing your device and giving it back without you noticing, because a tampered bootloader or modified hardware can EASILY get access to your data.

blah blah blah boring topic.

the real question is

Is using paypal safe on computers connected from the Internet?
Is using debit/credit cards safe on computers connected from the Internet?

I would say yes. Even if your PayPal is hacked you'll likely be able to recover the funds, most of the time anyway. Bitcoin however doesn't have such a good track record in this area.... I don't think I've ever heard of someone recovering all of the stolen funds after a hack.

When NSA really needs to hack into specific computers in another country via radio waves, the data saved in that computer must be very sensitive and critical of the national security. Once the hack is carried out, the holder of the data and the country will know this attack. I think it is not worth to do such kind of attack that just steal cryptocurrency. I would not worry about this.  

These kinds of problems are why first generation computers will never be completely eliminated.

http://www.duckshit.com/wp-content/uploads/2008/05/att00016.jpg

The big giant difference between paypal / debit / credit cards and bitcoin is that the first category generally has consumer protections - if your money is stolen, you can get it back.  If your money is stolen one way or another with bitcoins, you're screwed.

Yes and yes. Both paypal and credit cards have great consumer protections that protect the customer against fraud by the merchant. Customers are also protected in the event their card is somehow stolen.

No, actually the real questions are exactly those I asked in the OP.  Why?  Because it's my thread, and because I don't know much about this technology and was hoping to get reasoned responses from those more knowledgeable than I.

Notice that every response prior to yours actually addressed the OP whereas 60% of posts after yours (excluding this one) do not.  Hence, to me, your post is boring.

But I'm genuinely curious to know why the topic isn't worth your consideration.  It seems to imply that you must know something about the topic if you can conclude it's boring or unworthy of consideration as a realistic threat.

Everything is possible in this constantly changing world.A dynamic world,has many unknown/unseen mysteries going on around

This could only effect a Bitcoiner if he were a criminal or other that the government wanted to do surveillance on. If a three letter agency wants to put video surveillance in your house and they have a warrant to do it or can call you a terrorist and do it without a judge there is nothing you can do about it. It's likely that you will never know or the surveillance will end with your arrest. The devises cost money and I doubt they are just going to have Dell start installing them on every machine they sell.

Also Bitcoiners are computer builders (or at least used to be when we were cranking out coin with video cards). I only build my own machines from parts so I know what every component in every machine I own is for and how it's made because I research it to death. If you don't "roll your own" then shield your machine from radio transmission with a homemade faraday cage and only use hard wired internet connections.

Mobile devices are a different story. You should always assume that every communication you have whether voice, text or posting is being monitored and can be broadcast to every one in the world. They will never be safe from surveillance even without any additionally installed components.

Core devs? Pfft, they aren't fixing the core issues fast enough they sure as hell aren't working on a problem as exotic as this one.

Even if you are infected by a malware there is no point unless you connect the device to internet :) So you are safe once stored on offline pc

I don't normal computers can be hacked via radio waves, or most of the banks would have been hacked already. Don't worry its still safe.

because you and the people rebuttling my reply are not talking about paypal or credit card technology!

paypal and credit cards do not have technology that makes them safer from hackers sniffing your keyboard inputs, nor browser hijacks that can see what you are typing into the website. or to simply send all computer info to an outside source via radio waves

the people rebutting are talking about about insurance policies that those services have. nothing to do with prevention protocols or technology.

so from the protocol and technology side bitcoin, paypal, and credit cards have the same risk of being hijacked through NSA/hacker snooping.

having house insurance or a insured wallet service has nothing to do with the technology and as the rebuttlers point out, paypal does not protect you from being hacked or having your funds taken. they can only re-imburse you. meaning their technology is not any more secure, they simply charge you a huge fee in the smallest of chances that they need to give you funds from this pot of fee's to cover losses.

again ill word it to you.
paypal and credit cards have ZERO technology to PREVENT loss against radio transmitters in your computer equipment. they simply repay you with their profits from fee's AFTER the fact.

the rebuttlers mindset is that having a leather wallet hanging out of their teenagers back pocket for anyone to pickpocket is safe because their moms will give them money if their wallet is stolen.. nothing to do with if leather wallets or having it open for anyone to steal is safe or not.

Your response ignores the fact that if your credit card information is stolen and used without your permission then you are protected as a consumer, while if your private key is stolen then your bitcoin is essentially gone. This prevents people from being incentived to taking great measures to protect their credit card information, as the worse case scenario is they suffer a minor inconvenience while waiting for a replacement card while someone who has bitcoin has a vested interest in keeping their private keys safe (as asked about by the OP) because if they are compromised then you are essentially out of luck.

guess you missed the court cases where the contracters where looking at the data to snoop on their neighbours and spouses to blackmail them. and you do realise that bitcoin is a keyword NSA have listed inbetween "al-queda" and "bomb" right?


governments grab your data without a warrent actually.  its been happening since the 1960's of telephone calls. (project echelon). more recently they are doing it with internet, and have microsoft involved processing all your skype calls, etc aswell as your ISP's directly saving all of your data, along with special facilities grabbing data straight from the internet
(GCHQ bude for instance). They even use voice to text technology to log your calls as text to make it nice and easy to search for the keywords. thank google and microsoft for that technology.

computer manufacturers do have the tech in motherboards already, and it does not cost NSA/GCHQ a penny... why? well because dell make customers pay for the technology, because dell sell motherboards to customers. think about it. the transmitter chip is less than half an inch. it needs no aerial not any special markings. you will never know its on your motherboard.

yes since the 1960's you should always have assumed telephone and mobile communication devices were being listened into. but sinc 2000 (well atleast publicly known 2008) you have to also assume any device mobile or desktop, router or houselight may contain this chip.


how can a computer program prevent someone stealing data via your houselight?? .. as you say its exotic, thus cannot be done. hense why the bitcoin-core are not wasting time fixing peoples human/house survellance issues. they are just protecting the blockchain, which IS THEIR JOB

my responses do not ignore it at all. again
THE TECHNOLOGY!! does not prevent data loss via NSA spies.

the whole reimbursement and convenience aspect is nothing to do with security or technoogy *think outside the box please*

the reimbursement and convenience is an after the fact effort. which is done by businesses. and as such bitstampt or coinbase COULD add this.

again the insurance and reimbursment is something BUSINESSES should think about as it has nothing to do with the bitcoin-core team,
again the insurance and reimbursment is something related to human social preferences, not something to do with financial security based on hacking.

paypal and credit cards, even with pin numbers and cvs numbers, even with asking for names and addresses still wont stop NSA hacks.

I really hope not, but if your hardware is touched your probably in deep sh1t.

I don't think it would be an issue. The possibility of this happening is still only theoretical and has not been proven. There are also ways to shield your computer from radio waves relatively  easily.

Also if you have your offline wallet secured with a sufficiently strong password this will not be as much as an issue because even if they got the wallet file they would need to crack your password in order to do anything with it.

Referring to bolded section, I considered this but quickly dismissed it as it would certainly not be an issue to upload a keylogger and wait.

Why would an attacker even need to upload one? hardware keyloggers are really cheap:
https://www.keelog.com/

There is no question about it, if someone can modify your hardware they can easily steal your data, there are plenty of ways to do this kind of thing. How about a Raspberry Pi with a hardware keylogger connected to your keyboard, a SATA interface connected to your drive and a 3G modem to send back the data, all of that is dirt cheap and freely available. <$100 and you can exfiltrate data from an airgapped machine pretty easily. You could probably make it smaller by using a modified android phone instead for example.

The paranoid would not use a hardware keyboard to enter their password, but would rather use a keyboard that allows you to click on the various letters on a screen (preferably with the letters in some random order) to enter your password.

Yeah with the reversal options i never worry about my paypal tbh

You would need physical access for this to be possible. It should also be somewhat obvious if there is a raspberry PI near your cold storage computer that should not be there. The article in the OP is talking about the NSA using radio waves to get your cold storage wallet file, if they had physical access then they might as well make a physical copy of the hard drive and would be redundant to use this technology.

I dont believe all devices are infiltrated with some NSA chip, only if your suspected and order something you receive modified device, thats almost certain.

Even a third party software keyboard would likely provide sufficient protection because the computer would not be exposed to the internet.

Also now that I think about it a little bit, I would question the legal standing for the NSA to be able to remotely search a person's computer like this.

i think we dont talk about safe oor unsafe .. i think everythink has a risk ..
somebody can steal your computers and find your wallet pasword and get your BTC .. etc.
anythink can happend ,
somebody already talk about it a while ago .. he ask 'Do you like Bitcoin because it concept or just going to be rich? "
if you love it concept i think you'll enjoy it , and if you are like to be rich .. you have to take the risk :)

Nothing is 100% safe I tell ya

Cameltoe is always right. 

How would they upload a key-logger if the computer is disconnected from the internet? I think they would need to have physical access in order to accomplish this.