Tutorial: how to harm bitcoin's reputation and make money while doing that

[susanne]

1. Observe that Bitcoin-Qt is released under the MIT license, not under any of the copyleft licenses. This allows you to modify the source code and distribute it as proprietary software. So, you can take advantage (and continue to take advantage) of all their work, but they can't do the same. Cool.

2. Develop a very fast bitcoin client, with an attractive but minimalistic GUI that's easy to use and has lots of great features.

3. Make an Android, iPhone, Windows, Linux, Mac, etc versions of it.

4. Make it proprietary. Never give out the source code! This is the most important thing.

5. Install adware, spyware and backdoors such as in uTorrent/BitTorrent^tm. Don't worry about people finding out about the back doors, they can't tell if it's there without the source code. Tip: don't activate the adware/spyware features until enough people are using it. Let them get accustomed to the program first. Most are too lazy to switch to another client despite the adware and spyware if they are already accustomed to it. Want proof that they won't switch? Take a look at uTorrent/BitTorrent^tm.

6. Advertise and get more people to use it.

7. Sell out to any company or government agency of your choosing.

8. ….

9. Profit!


If you found this tutorial useful, please donate to 1Hw3Meb9kbYZtGoSWQNqxa9Qw5pc6prFCe

[str4wm4n]

wait....there's a backdoor in uTorrent?

[susanne]

wait....there's a backdoor in uTorrent?

Can you tell there isn't one if you don't have the source code? It has adware and spyware by default, so why not also backdoors?

The server database program Interbase had a backdoor until it was released as open source:
http://it.slashdot.org/story/01/01/11/1318207/interbase-backdoor-secret-for-six-years-revealed-in-source

[MrVivaldi]

This is possible but not feasible. Good luck.

[grondilu]

This is possible but not feasible. Good luck.

I think the OP was not trying to claim he intended to realize such a scheme.  It was rather a way of pointing out proprietary bitcoin clients which could indeed be following such an evil plan.

[MrVivaldi]

This is possible but not feasible. Good luck.

I think the OP was not trying to claim he intended to realize such a scheme.  It was rather a way of pointing out proprietary bitcoin clients which could indeed be following such an evil plan.

If you are using Bitcoin you accept responsibility for your money. If you don't take that responsibility seriously you may loose your money.
"A fool and his money are soon parted."

[grondilu]

This is possible but not feasible. Good luck.

I think the OP was not trying to claim he intended to realize such a scheme.  It was rather a way of pointing out proprietary bitcoin clients which could indeed be following such an evil plan.

If you are using Bitcoin you accept responsibility for your money. If you don't take that responsibility seriously you may loose your money.
"A fool and his money are soon parted."

Don't tell me that.  I only use free software.  My sources.list has no "non-free" entry whatsoever.

[Killdozer]

they can't tell if it's there without the source code

And there goes any trust we might have had in you having any professional experience with this.

[hashman]

4. Make it proprietary. Never give out the source code! This is the most important thing.

5. Explain to the users that no you are not evil and you will not backup their private keys on your servers.

6. Don't understand why nobody uses your software

+1

[tvbcof]

wait....there's a backdoor in uTorrent?

There is a close source torrent application that anyone actually uses?!?  It boggles the mind.

[ArticMine]

The attacker better dot all the i's and cross all the t's with the MIT license otherwise the DMCA in the United States can be a very useful take-down tool. It is possible to pirate software under the MIT license and there is already a case of a successful DMCA take-down of involving software under the MIT license. The software was Bitcoin-Qt and the take-down was served against Solidcoin. https://bitcointalk.org/index.php?topic=57437.0;all This is not the first case involving of a DMCA take-down involving pirated Free Libre Open Source Software. I am aware of a case involving pirated Free Libre Open Source Software four years earlier.

It's the first time I ever heard about an open-source developer making use of DMCA. I don't really like the idea of DMCA at all, but now it pwnd SC and made me laugh.

This video is related: http://www.youtube.com/watch?v=OsLuIipny88

The MPAA beat Solidcoin by well over four years for this dishonour. The MPAA was on the receiving end of a DMCA take down over pirated Free Libre Open Source Software back in 2007. http://arstechnica.com/open-source/news/2007/12/mpaas-university-toolkit-hit-with-dmca-takedown-notice-after-gpl-violation.ars.

Having said this the GPL does provide much more protection against this kind of attack than the MIT license.

[btcinstant]

omg

[Phinnaeus Gage]

wait....there's a backdoor in uTorrent?

I've yet to use the front door, let alone look in the windows.

[Killdozer]

their stolen operating system is likely to be a spambot and DDOS drone

What actual evidence do you have of this? So far this is just a baseless sacreligious opensource-lover babble.

[Killdozer]

Not exactly. Windows OSs are FAR more likely that unix-based ones to become hijacked. This, however, has less to do with how it is developed and everything to do with market share. Because most people run Windows, most malware targets Windows. Additionally, many people who use computers have no computer knowledge whatsoever, and therefore don't know how to configure their OS to be secure. Most of those people run Windows. Unix-based OSs have less idiots using them, and therefore the average unix-based system is more secure than the average Windows system.

+1.
Exactly, it has nothing to do with OS being stolen or open source or proprietary. (Well perhaps in sense that Microsoft has used those monies made off Windows to actually make it easy to use so that more people would do it.) For example Red Hat is proprietary, and yet there aren't many viruses for it either.
Nevertheless, a claim that a windows OS would contain a spambot or DDOS software, be it bought for legitimately or pirated is just nonsense.

[mjc]

I think susanne filled in her application for a SCAMMER tag and we should approve it.

[ArticMine]

Not exactly. Windows OSs are FAR more likely that unix-based ones to become hijacked. This, however, has less to do with how it is developed and everything to do with market share. Because most people run Windows, most malware targets Windows. Additionally, many people who use computers have no computer knowledge whatsoever, and therefore don't know how to configure their OS to be secure. Most of those people run Windows. Unix-based OSs have less idiots using them, and therefore the average unix-based system is more secure than the average Windows system.

+1.
Exactly, it has nothing to do with OS being stolen or open source or proprietary. (Well perhaps in sense that Microsoft has used those monies made off Windows to actually make it easy to use so that more people would do it.) For example Red Hat is proprietary, and yet there aren't many viruses for it either.
Nevertheless, a claim that a windows OS would contain a spambot or DDOS software, be it bought for legitimately or pirated is just nonsense.

It has everything to do with whether the OS is proprietary or Free Software / Open Source. First RedHat Enterprise Linux is not proprietary. Ever heard of CentOS, http://en.wikipedia.org/wiki/CentOS? One of the key differences between proprietary (for example Windows) and Free Software / Open Source Operating Systems (for example GNU/Linux and this includes commercial  distributions such as RedHat Enterprise Linux, those that are both commercial and community such as Ubuntu, and those that are community such as Debian, Arch, Trisquel) is that the source code is available for any to to examine and test for vulnerabilities. This places the black hats and white hats on an even footing and consequently gives the white hats a huge advantage. With Windows on the other hand certain Black hats such as the security agencies of many countries have been given access by Microsoft to the Windows source code while most of those trying to defend themselves from cyberattacks do not have have any access. The recent news reports about alleged hacking by Chinese Government Agencies or for that matter the Stuxnet Incident, http://en.wikipedia.org/wiki/Stuxnet, involving the security agencies of the United States and Israel should serve as a stark warning to anyone who uses Microsoft Windows and is concerned in even the very slightest about excessive state power and control.  

[tvbcof]

If you think Microsoft are going to bet their reputation on the secrecy a highly illegal agreement with the US Government to install backdoors in Windows, you sir, are losing it. ...

Of course.  It would be absurd to think that a network carrier would install a Narus in their peering center, completely illegally, as well.  Oops.  Thank god for our congress and the concept of immunity to patch up indiscretions.

I seem to remember about a decade ago Microsoft getting caught red handed with NSA_Key or some such in their crypto library when they forgot to strip a service pack binary.  Nobody gave a shit then, and certainly they will not now after a decade more of conditioning and all those bad bad terrorists and all that.  After all, nobody is doing anything wrong and besides only paranoid wackos would believe in 'conspiracy theories' and nobody wants that label associated with them.

[ArticMine]

It has everything to do with whether the OS is proprietary or Free Software / Open Source. First RedHat Enterprise Linux is not proprietary. Ever heard of CentOS, http://en.wikipedia.org/wiki/CentOS? One of the key differences between proprietary (for example Windows) and Free Software / Open Source Operating Systems (for example GNU/Linux and this includes commercial  distributions such as RedHat Enterprise Linux, those that are both commercial and community such as Ubuntu, and those that are community such as Debian, Arch, Trisquel) is that the source code is available for any to to examine and test for vulnerabilities. This places the black hats and white hats on an even footing and consequently gives the white hats a huge advantage. With Windows on the other hand certain Black hats such as the security agencies of many countries have been given access by Microsoft to the Windows source code while most of those trying to defend themselves from cyberattacks do not have have any access. The recent news reports about alleged hacking by Chinese Government Agencies or for that matter the Stuxnet Incident, http://en.wikipedia.org/wiki/Stuxnet, involving the security agencies of the United States and Israel should serve as a stark warning to anyone who uses Microsoft Windows and is concerned in even the very slightest about excessive state power and control.  

If you think Microsoft are going to bet their reputation on the secrecy a highly illegal agreement with the US Government to install backdoors in Windows, you sir, are losing it. Also, if you REALLY care about testing for vulnerabilities, there are things called fuzzers, plus debuggers and disassemblers to help you. No need for Microsoft to give away trade secrets just to ensure security. Software will always have bugs, and while I'd trust open source software somewhat more that proprietary software, it's not by a huge amount.

I actually do not believe that Microsoft has installed back doors into Windows at the behest of the US or any other government. What they have done is to provide the source code to the security services of many countries. For example the FSB (the successor to the KGB) in Russia. http://www.zdnet.com/microsoft-opens-source-code-to-russian-secret-service-3040089481/ With this knowledge a security service can then write malware to attack companies and organizations in other countries. This creates an asymmetry where the attacker has access to the source code but the defender does not. In addition since Windows XP Microsoft has installed a "self destruct" mechanism into Windows in an attempt prevent software piracy. It is called Windows activation.  Most people approach Windows activation from the perspective of the attacker "the pirate" turning Windows from a "pirated" state to a "genuine" state. But consider the reverse where an attacker "the terrorist" turns Windows from a  "genuine" state to a "pirated" state as a form of cyber-terrorism against critical infrastructure. What Microsoft had done with the DRM in product activation is to create a massive single point of failure. Just ask one question how much critical infrastructure worldwide is controlled by computers running Microsoft Windows?

I am not into doomsday prepping; however the most credible doomsday scenario I can see is the massive worldwide deactivation of Microsoft Windows.

By the way it is not just governments one has to be worried about. http://www.microsoft.com/en-us/sharedsource/default.aspx

[tvbcof]

If you think Microsoft are going to bet their reputation on the secrecy a highly illegal agreement with the US Government to install backdoors in Windows, you sir, are losing it. ...

Of course.  It would be absurd to think that a network carrier would install a Narus in their peering center, completely illegally, as well.  Oops.  Thank god for our congress and the concept of immunity to patch up indiscretions.

I seem to remember about a decade ago Microsoft getting caught red handed with NSA_Key or some such in their crypto library when they forgot to strip a service pack binary.  Nobody gave a shit then, and certainly they will not now after a decade more of conditioning and all those bad bad terrorists and all that.  After all, nobody is doing anything wrong and besides only paranoid wackos would believe in 'conspiracy theories' and nobody wants that label associated with them.

Nothing was ever proven with that NSA_Key thing, which is why there was some suspicion, but in the end, no one cared. Companies exist to make money, plain and simple. They are amoral, and will do whatever is necessary to achieve that goal. Why would one sabotage themselves by agreeing to something like this, knowing about all the other secret agreements that have gotten busted (I'm looking at YOU, AT&T). That's just begging to have your credibility destroyed.

You are dead right about corporations caring about profit only.  It is actually a legal obligation.  If playing ball with the state security apparatus balances out as more lucrative than some loss of credibility, and thus business, that is exactly what they will do.  In the end nobody gave a shit about AT&T.  In part because everyone else was probably doing the same thing (except perhaps Verizon who's CEO, interestingly, ended up in some trouble with the SEC making it one of the very few occasions in recent memory that that body has hassled anyone higher than a 20-something year old goober who didn't pay attention to the legal department's memos about what not to put in e-mail.)

Nobody really gave a shit about Carrier IQ either.  I don't doubt for a minute that the same things (keystroke logging and what-not) continue but I suspect that the processes and messaging will be better hidden to avoid detection.  Just like Bitcoin ought to be thinking about in my opinion.