[2017-04-21]Research Shows How Bitcoin Can Be Attacked Via Internet Routing Infr

[friend666]

Research Shows How Bitcoin Can Be Attacked Via Internet Routing Infrastructure
Researchers from ETH Zurich and the Hebrew University have found how “internet routing attacks” and “malicious Internet Service Providers (ISPs)” can attack the Bitcoin network. In their research paper entitled “Hijacking Bitcoin: Routing Attacks on Cryptocurrencies”, they describe the attacks as well as countermeasures against them. The paper will be presented at the 2017 IEEE Symposium on security and privacy in May.
Internet Routing Attack Vector

There are already many known Bitcoin attack vectors such as double spending, the 51% attack, DDoS, eclipsing, and transaction malleability. However, the authors asserted that:

One important vector has been left out though: attacking the currency via the Internet routing infrastructure itself.
While a Bitcoin node can be run from anywhere on earth, the researchers found that most of them are hosted with a few ISPs. Specifically, they found that 13 ISPs host 30% of the entire Bitcoin network. In addition, 60% of all possible Bitcoin connections cross 3 ISPs.

“Together, these two characteristics make it relatively easy for a malicious ISP to intercept a lot of Bitcoin traffic,” they wrote, adding that “any third-party on the forwarding path can eavesdrop, drop, modify, inject, or delay Bitcoin messages such as blocks or transactions.”

Two Types of Attacks Warned
The paper then describes two types of attacks claimed to be practical and possible today.

The first is called a “Partition attack” which aims to partition the Bitcoin network or “completely disconnect a set of nodes from the network”. The second is called a “Delay attack” which aims to delay the propagation of new blocks to a set of Bitcoin nodes without disrupting their connections.

To determine their effects, the authors set up a network and initiated the attacks on themselves. They performed a hijack in the wild against their own Bitcoin nodes to learn the effect of a Partition attack. For a Delay attack, they used an interception software against their own Bitcoin nodes. They eventually came to the conclusion that:

The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending.
Possible Countermeasures
The paper offers various suggestions to combat the routing attacks of Research Shows How Bitcoin Can Be Attacked Via Internet Routing Infrastructureboth kinds. While nothing is a cure for all attack types, the more countermeasures deployed, the more effective a defense Bitcoin users will have.

Both long and short-term countermeasures were suggested. Recommended strategies include increasing the diversity of node connections, selecting Bitcoin peers that are routed further away, monitoring round-trip communication times, and even encrypting all node traffic. The research team also proposes monitoring any other additional statistics so that deviations from normal behaviors can be immediately identified at each node.

The full list of countermeasures can be seen here.
link:https://news.bitcoin.com/research-bitcoin-attacked-internet-routing-infrastructure/

[1714752966]

1714752966

[guqisky]

This should not be much of a threat to bitcoin i believe, since isp are cooperate bodies any isp or group of isp found or proven to carry out such attack, legal action can be taken against them and be heavily fined, and again this should serve as a warning to spread nodes accross many isp such that no isp should hold considerable percentage of nodes

[digaran]

Who will launch such an attack? there are nodes well distributed across several countries with completely different ISPs, besides there are laws as member above mentioned, for EG, in my country if internet connection is interrupted then the client can claim for any loss to be paid by the ISP and that is a written law.
One can use VPN, TOR relays and other methods to eliminate risks of being attacked or face a shut down though the only possible scenario to successfully attack the entire bitcoin network is for all the ISPs worldwide join forces to deny any bitcoin network's internet ports from accessing the internet but given the diversity and different opinions of every country I doubt that happening ever.

[kaixinfaa]

Don’t be naive, every major router on the internet is controlled by security agencies who have strong ties to the central banking power structure. Go look at some of Snowden’s disclosures around routers and the tookits to break in and pwn them. With these tools you can use deep packet inspection to search for certain types of packets, looking at which port is being used, etc. If you can identify a certain type of data, a sender or receiver or other pattern, you can copy and retain a set of the data, diminish the QOS (quality of service) or even block the packets. The router owner is unaware of these tactics, so don’t bother suing the ISP; these tools should be assumed to be in the hands of criminal gangs.

[TraderTimm]

How is this some major revelation?

No kidding, you start dicking around with the underlying network, you can cause problems. Routing protocols and the inherent communication protocols of TCP/IP handle some of this, but no application riding on top of an IP network can withstand an attacker getting control of routing or shaping of packets.

Put another way, there is no application on earth that can withstand someone fucking with its communications on a fundamental level.

Just put this in the "no shit, sherlock" file, and maybe hope someone gets a viable mesh networking solution going to compete with commercial ISPs.

[ImHash]

What a coincidence right about the time of this topic being posted the entire forum goes under, as it was many countries people without successful connection to forum and still happening til a few hours ago.

What concerns me however is the audacity of some world power countries such as USA, since they get their way either by force military or economic, intimidation of weaker countries and essentially what we see they are capable of doing every day now, what could stop them from banning/ blocking/ sanctioning ISPs worldwide if they were to allow any bitcoin network port connections if some day bitcoin grows big enough for them to feel threatened?

[coolcoinz]

Don’t be naive, every major router on the internet is controlled by security agencies who have strong ties to the central banking power structure. Go look at some of Snowden’s disclosures around routers and the tookits to break in and pwn them. With these tools you can use deep packet inspection to search for certain types of packets, looking at which port is being used, etc. If you can identify a certain type of data, a sender or receiver or other pattern, you can copy and retain a set of the data, diminish the QOS (quality of service) or even block the packets. The router owner is unaware of these tactics, so don’t bother suing the ISP; these tools should be assumed to be in the hands of criminal gangs.

That's what people do when they want to get your personal info, they use a sniffer to watch your traffic. Systems like Windows have their flaws and sometimes send out pieces of information, like system administrator's name, software names and versions and so on. Even without a direct access to someone's computer you can filter out a lot of information just from their outgoing packets.
If someone had access to the servers of your ISP, they could eventually get all of your personal info and it wouldn't matter if you were using firewalls and VPNs, because all of it  eventually goes through the server of your ISP.