cschmitz
Member
Offline
Activity: 98
Merit: 10
|
|
June 15, 2011, 06:25:56 AM |
|
Holding Bitcoins on a previously infected computer, allright, its a facepalm thing.
|
proud 5.x gh/s miner. tips welcome at 1A132BPnYMrgYdDaRyLpRrLQU4aG1WLRtd
|
|
|
steelhouse
|
|
June 15, 2011, 10:00:02 AM |
|
1. The best place to store BTC wallet.dat is on an unencrypted usb stick, sd, or cf device. 2. If they are at mtgox, I would call the fbi and mtgox the part that deals with mail fraud. At mtgox, they most likely will transfer it to someplace where they can get cash. Those places can be tracked easily. 3. Don't install any software.
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1060
|
|
June 15, 2011, 10:17:02 AM |
|
Two further thoughts, both admittedly long-shots.
1. Try installing the latest version of Bitcoin and starting it with the -rescan option, just in case the BTC aren't really gone.
2. Read the fine print on your household insurance policy to see whether it covers cash-like things.
|
|
|
|
aiwk171
Jr. Member
Offline
Activity: 134
Merit: 1
|
|
June 15, 2011, 11:34:12 AM |
|
As a quick note: I suspect, that more people are prone to have their wallet stolen, or that a LOT of people might already have a trojan that copied their wallet some time ago. So I decided to be nice and write up a (hopefully) helpful HowTo to protect yourself: HOWTO: create a 100% secure wallet. If LulzSec can infect a gazillion of PCs to do their DDoS, then anybody can implement a simple file-upload function into any virus. I'll update the guide with new information as it comes up.
|
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 15, 2011, 12:01:44 PM |
|
Just implement Unix file semantics on accounts and addresses: RECEIVE, SEND, OPERATE / VIEW (for accounts) Can you specify how this would work? Without a provably secure implementation this could fall into the same category as running the client in a VM, having a mouse driven password entry, running a virus scanner on the infection target etc. Provably secure means mathematical proof, i.e. not just a mechanism that may (temporarily) make it harder for an attacker to accomplish a task, such as relying on the unfamiliarity of the attacker with the implementation. Even the 2 factor token example I gave is not provably secure, there could be a vulnerability in the implementation of the token crypto, the bank's system could be hacked/social engineered, an attacker with physical access could guess the PIN before the token locks down, the user could store the token PIN written down next to the token and the user could be tricked/coerced to reveal his PIN.
|
|
|
|
Waschtel
Newbie
Offline
Activity: 18
Merit: 0
|
|
June 15, 2011, 12:07:11 PM |
|
One obvious question:
Have you installed any alternative bitcoin clients or mining software? I have been seeing many programs pop up lately in the bitcoin eco-system, and nobody is vetting them. As this is an attack against a bitcoin wallet, it is most likely that the virus/malware is mimicking legit bitcoin software - a generic, automated virus would not be looking for bitcoins.
|
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 15, 2011, 12:16:53 PM |
|
I wonder if you had adequate antivirus on your windows machine? It'd be very hard for a trojan to take control of your computer if you had adequate security software, that can detect trojan behavior. Plus Win7 has some default security built in like UAC. I think it'd take a seriously good hacker (like top 0.001% in the world), to hack a windows machine, over the internet, with firewalled router + good security software + UAC turned on.
The average desktop OS has a massive amount of unfixed vulnerabilities at any given moment. Apart from exceptional cases (academic proof projects, NASA hand audited code) there are several defects per 1000 lines of code in pretty much everything. Since your average OS consists of a few million lines of code, there is bound to be a massive amount of errors in everything. Most of these will not lead to a compromise, just instability, unexpected behaviour or cosmetic issues, and the ones which do might only lead to a remote compromise under very specific circumstances. Regardless, there seem to be plenty of those, with the prototypical attack vector being anything that deals with external data. Currently that's primarily PDF, Flash and browsers doing a multitude of data parsing (html, xml, js, DOM, css, cookies, images, video, URL history, bookmarks, associated built in dbs etc.), third party plugins, with sometimes privileged access (e.g. direct GPU code execution for 3D/video acceleration). Basic OS security is powerless against these. You need to fundamentally separate any such activity from your wallet. Just think of how Stuxnet managed to get to Iranian centrifuges. I doubt they were hanging off the net directly, but obviously they were not *fully* separated.
|
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 15, 2011, 12:25:59 PM |
|
I did contact the police, but do you honestly think they can do anything? The way the police operates means they cannot do anything in the even to of a cyber crime. Try the FBI. I think there is a few thousand dollar limit above which they are obliged to take the case and they have a cybercrime unit. I think half a million qualifies If the attacker is abroad it might get more difficult, or it might turn it into a federal crime, expediting things. Maybe you should talk to a lawyer as well, just in case (e.g. what if Bitcoin is outlawed at some point, what if you give permission for your machine to be audited and they come across a copyrighted download or something).
|
|
|
|
AntiVigilante
Member
Offline
Activity: 98
Merit: 10
|
|
June 15, 2011, 12:26:32 PM |
|
Just implement Unix file semantics on accounts and addresses: RECEIVE, SEND, OPERATE / VIEW (for accounts) Can you specify how this would work? Without a provably secure implementation this could fall into the same category as running the client in a VM, having a mouse driven password entry, running a virus scanner on the infection target etc. Provably secure means mathematical proof, i.e. not just a mechanism that may (temporarily) make it harder for an attacker to accomplish a task, such as relying on the unfamiliarity of the attacker with the implementation. Even the 2 factor token example I gave is not provably secure, there could be a vulnerability in the implementation of the token crypto, the bank's system could be hacked/social engineered, an attacker with physical access could guess the PIN before the token locks down, the user could store the token PIN written down next to the token and the user could be tricked/coerced to reveal his PIN. Trying to send coins from a receive only address is going to fail. Trying to send fake coins to a send only address is going to fail. Trying to split or combine amounts in non-multiples of a given amount in a operate disabled address is going to fail. And these rules would literally mean lost coins for thieves.
|
|
|
|
sonba
|
|
June 15, 2011, 12:42:10 PM |
|
ok, so what I learned from this thread is that I shouldn't use IRC any more as it might lead to being attacked. I understand that connecting to IRC via webchat is safe? Is this correct? (Sorry, I'm a bit worried now, too *g*)
|
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 15, 2011, 12:44:31 PM |
|
Unfortunately, a new kind of money will not solve the problems of a for profit monetary system. When your incentive is to acquire money, the methodology becomes irrelevant in the context of a distorted value system in which you need to acquire the money to be rewarded and receive the necessities of life. That won't change until we choose to have relevant values and conduct ourselves accordingly.
This should probably go in the philosophy section but there is an issue with causality in your argument: you seem to be rejecting the acquisition of wealth by itself, excluding a possible incentive for which the acquisition of wealth is an inconsequential means to an end, thereby presuming that any application of such means is the result (or cause) of a distorted value system.
|
|
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 15, 2011, 01:00:56 PM |
|
Trying to send coins from a receive only address is going to fail. Trying to send fake coins to a send only address is going to fail. There is no such thing as a fake coin, the network rejects any such attempts, including double spending. For the receive only address, you need a an appropriate client that supports this. Assuming that you can for example specify the type of an address during creation and hash that into the address to make it immutable, how do you get coins out of a receive only address later? It seems there must be a mechanism to allow this or change the type later, otherwise the receive only type would be the same as deleting coins. And if there is, then so can an attacker and the whole exercise seems fairly pointless.
|
|
|
|
TheRandomGuy
|
|
June 15, 2011, 01:13:16 PM |
|
So it's lulzsec that did this?
|
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 15, 2011, 01:13:36 PM |
|
If LulzSec was really involved and not just claiming a false victory then there is a chance you can apply to their hacker ethics, since it seems they are somewhat libertarian in motivation, attacking multinationals and governments. If they don't care about screwing over an innocent individual, someone who has arguably been supporting something that is similarly aligned they are a moral failure and will lose a lot of goodwill with the rest of the community. Make a good, well publicized plea they cannot avoid answering. Maybe they don't even know the full story. Maybe you can work out a compromise like having part of the balance donated to a charity (Wikileaks seems like a good one ).
|
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 15, 2011, 01:26:31 PM |
|
ok, so what I learned from this thread is that I shouldn't use IRC any more as it might lead to being attacked. I understand that connecting to IRC via webchat is safe? Is this correct? (Sorry, I'm a bit worried now, too *g*)
As soon as you connect to the net you increase the risk of being compromised. It's always possible there is a vulnerability in your IRC client, in the browser or one of its plugins you use for webchat, etc. You could be sent a document with a vulnerability, etc. A couple of years ago the average infection rate of an unpatched Windows machine simply connected directly to the net was less than a minute on average (i.e. if you installed a vanilla XP, you could get portscanned and compromised before you could even download and install service packs). This has improved somewhat but there is no shortage of attack vectors in auxiliary software. Your wallet should ideally be on a dedicated machine with the minimum amount of software necessary installed which isn't connecting to the net at all except for bitcoin transfers, is behind a dedicated firewall with no other hosts connected to the segment. That still doesn't exclude compromise through a vulnerability in the client or Bitcoin network for example (the client will actually connect to IRC itself for bootstrapping and your IP address is announced to other participants).
|
|
|
|
allinvain (OP)
Legendary
Offline
Activity: 3080
Merit: 1080
|
|
June 15, 2011, 01:34:38 PM |
|
One obvious question:
Have you installed any alternative bitcoin clients or mining software? I have been seeing many programs pop up lately in the bitcoin eco-system, and nobody is vetting them. As this is an attack against a bitcoin wallet, it is most likely that the virus/malware is mimicking legit bitcoin software - a generic, automated virus would not be looking for bitcoins.
no alternative bitcoin clients but mining software for sure ...I ran phoenix, guiminer, poclbm, cpu miner, ufasoft sse miner..I also gave namecoin a try on the same machine... Yes this could be cause whoever stole this sure knows BTC. It seems he's a pro at laundering btc.
|
|
|
|
allinvain (OP)
Legendary
Offline
Activity: 3080
Merit: 1080
|
|
June 15, 2011, 01:41:05 PM |
|
I did contact the police, but do you honestly think they can do anything? The way the police operates means they cannot do anything in the even to of a cyber crime. Try the FBI. I think there is a few thousand dollar limit above which they are obliged to take the case and they have a cybercrime unit. I think half a million qualifies If the attacker is abroad it might get more difficult, or it might turn it into a federal crime, expediting things. Maybe you should talk to a lawyer as well, just in case (e.g. what if Bitcoin is outlawed at some point, what if you give permission for your machine to be audited and they come across a copyrighted download or something). I'm thinking of contacting the RCMP. I'm not in the States to FBI can't help me. I really wish there was a site where one can declare stolen coins. I dunno...as you can imagine I'm quite in despair about the whole situation and the fact that there is so little I can do.
|
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
June 15, 2011, 02:10:55 PM |
|
First, I personally would never run "Bitcoin safe" with 25k Bitcoins on a Windows computer. Too big a security risk.
Second, even on Linux, to keep large amount of coins on your computer, it should be extra protected with some complex security. A virtual machine with Linux on truecrypt-encrypted hard drive with Bitcoin installed should be enough - it will make life much harder for any keyloggers & hackers to infiltrate it.
With computers it is quite easy to do virtually infinately complex system of safes to store your Bitcoins. You can create a virtual "room of mirrors" using VM in Truecrypt in VM in VM in Truecrypt in VM in Truecrypt and such.
Such an installation could look like this: Truecrypt(VirtualBox(VirtualBox(Truecrypt(VirtualBox(Truecrypt(Your Bitcoins))))))
You can store some Bitcoins on every layer of this onion, but you should only store large sums on the last layer.
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
June 15, 2011, 02:23:18 PM |
|
Second, even on Linux, to keep large amount of coins on your computer, it should be extra protected with some complex security.
A SELinux/AppArmor/GRSecurity profile would help. I specialized in GRSec in the past but unfortunately it hasn't hit mainstream so nobody uses it. AppArmor is used in Ubuntu and it's configuration doesn't seem too hard (it resembles GRSec's).
|
|
|
|
|