Bitcoin Forum
December 10, 2016, 06:55:36 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: [ATTN!!] Bitcoin Security nearly Breached  (Read 6022 times)
eramus
Newbie
*
Offline Offline

Activity: 27


View Profile
July 07, 2011, 12:39:52 AM
 #21

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......
which would probably be considered a small botnet. to back you up, the problem is not that each computer is only offering a small amount of computing power, the real problem is when they are aggregated together. 10/100s of thousands of small machines could potentially make up a large percentage of a pool. when you consider the fact that who ever is running the botnet is pulling in btc while not paying for any of resources (except software costs) for those machines and requiring only a small amount of manually effort, its looks like a very lucrative venture to point those machines at a mining pool. i have no doubts that they will get better and better about masking themselves: load balancing pools, randomly disconnecting to look like a normal user, multiple withdrawal addresses, etc. Or just flat out running their own pool -- not much could stop them.
1481396136
Hero Member
*
Offline Offline

Posts: 1481396136

View Profile Personal Message (Offline)

Ignore
1481396136
Reply with quote  #2

1481396136
Report to moderator
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481396136
Hero Member
*
Offline Offline

Posts: 1481396136

View Profile Personal Message (Offline)

Ignore
1481396136
Reply with quote  #2

1481396136
Report to moderator
1481396136
Hero Member
*
Offline Offline

Posts: 1481396136

View Profile Personal Message (Offline)

Ignore
1481396136
Reply with quote  #2

1481396136
Report to moderator
1481396136
Hero Member
*
Offline Offline

Posts: 1481396136

View Profile Personal Message (Offline)

Ignore
1481396136
Reply with quote  #2

1481396136
Report to moderator
imanikin
Hero Member
*****
Offline Offline

Activity: 693


¡Sin Salsa no hay paraíso!


View Profile WWW
July 07, 2011, 12:40:32 AM
 #22


Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley

bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322



View Profile
July 07, 2011, 12:40:51 AM
 #23

There are nearly 50% of pool miners there for one reason - they like DeepBit better than the others.

When other sites are more reliable, cheaper, produce more coins, have a nicer interface, whatever the reasoning people are choosing deepbit - they will switch to someone else.

It's not about hacking or stealing coins or any of this other nonsense.  3% commissions on 50% of 154 blocks a day... lets see... excluding the "change", and neglecting the 10% fees on the share miners:

77 * 50 BTC = 5775 BTC per day * 2% = BTC 115.5 per day, or $1732.50 USD at $15/BTC...

Now tell me, when you're already making $52,000.00 a month, or $623k a year conservatively, why are you going to muck around?

People need to stop and think before making these idiotic posts.

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 07, 2011, 12:47:28 AM
 #24

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......
which would probably be considered a small botnet. to back you up, the problem is not that each computer is only offering a small amount of computing power, the real problem is when they are aggregated together. 10/100s of thousands of small machines could potentially make up a large percentage of a pool. when you consider the fact that who ever is running the botnet is pulling in btc while not paying for any of resources (except software costs) for those machines and requiring only a small amount of manually effort, its looks like a very lucrative venture to point those machines at a mining pool. i have no doubts that they will get better and better about masking themselves: load balancing pools, randomly disconnecting to look like a normal user, multiple withdrawal addresses, etc. Or just flat out running their own pool -- not much could stop them.

cheers, m8. Glad you understood my not so carefully drawn out thought there. My main point being the amount of hash power from such a small botnet. The usual assumption I have seen echoed here is that botnets would produce much lower hash per zombie than what was seen from the recent one. Scale it up and it = scary shit.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
imanikin
Hero Member
*****
Offline Offline

Activity: 693


¡Sin Salsa no hay paraíso!


View Profile WWW
July 07, 2011, 01:19:57 AM
 #25


People need to stop and think before making these idiotic posts.

 Cheesy Right. And Micro$oft Windows became the predominant OS because it was better than all the rest...  Roll Eyes
http://www.youtube.com/watch?v=Xda4mZK4wpM  Wink

bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322



View Profile
July 07, 2011, 01:30:00 AM
 #26


People need to stop and think before making these idiotic posts.

 Cheesy Right. And Micro$oft Windows became the predominant OS because it was better than all the rest...
http://www.youtube.com/watch?v=Xda4mZK4wpM  Wink

You'll note I didn't say it was better - ever.  What I said was "they like DeepBit better than others".

The quality of a product has nothing to do with whether or not people like it better.  It's a contributing factor for some, but Dodge will always sell a ton of Dodge Neons because some people don't care about quality, as long as there are readily available coffee can mufflers and plastic spinner hubcaps for it.

Microsoft's dominance hasn't changed, but it certainly has less of a margin with both OS's and browsers, with browsers slowly sliding towards no longer being dominant.

Microsoft became the predominant OS for several reasons:

-They made the personal computer affordable versus IBM PCs with IBM DOS
-They made deals with computer manufacturers that incentivized them to sell Windows and not OS/2 or Mac or Linux
-Even with less than perfect and sometimes terrible implementation of ideas, they eventually "Get it right" and give people what they want.

The difference with Mac is, they invent something new and its either a.) very useful or b.) they use hype to convince people its a NEED.  Microsoft combines innovation with immitation.

That being said:

I have an apple phone
an apple desktop
an apple laptop
a windows computer
a windows notebook
a windows NETbook
a linux server
and an android tablet.

Each has its own purpose.

Unfortunately I don't speak Russian, so I can't really understand the youtube video, but I'm sure to you and the other 9,000 viewers it was epic Smiley

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
imanikin
Hero Member
*****
Offline Offline

Activity: 693


¡Sin Salsa no hay paraíso!


View Profile WWW
July 07, 2011, 01:50:50 AM
 #27


People need to stop and think before making these idiotic posts.
Cheesy ...
http://www.youtube.com/watch?v=Xda4mZK4wpM  Wink

...

Unfortunately I don't speak Russian, so I can't really understand the youtube video, but I'm sure to you and the other 9,000 viewers it was epic Smiley

Well, since you don't speak Russian, perhaps you should use GoogleTranslate and spend some time in the Russian parts of this forum and the internet, before making your own "idiotic posts" about Deepbit...  Cheesy

As a Russian: "Just saying..."  Wink

grndzero
Sr. Member
****
Offline Offline

Activity: 392


View Profile
July 07, 2011, 06:02:52 AM
 #28


Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley

Deepbit blocked it then it was shopped over to BTCGuild who caught it and blocked it, then bitcoin.lc who blocked it so far.

You got a little prejudice on your face there.

Ubuntu Desktop x64 -  HD5850 Reference - 400Mh/s w/ cgminer  @ 975C/325M/1.175V - 11.6/2.1 SDK
Donate if you find this helpful: 1NimouHg2acbXNfMt5waJ7ohKs2TtYHePy
imanikin
Hero Member
*****
Offline Offline

Activity: 693


¡Sin Salsa no hay paraíso!


View Profile WWW
July 07, 2011, 09:18:24 AM
 #29


Deepbit blocked it then it was shopped over to BTCGuild who caught it and blocked it, then bitcoin.lc who blocked it so far.

You got a little prejudice on your face there.

As with all things in life, time will tell what's on whose face...  Wink

Chris Acheson
Sr. Member
****
Offline Offline

Activity: 266


View Profile
July 07, 2011, 11:24:12 AM
 #30

You know, as long as they are up on that chart, that is proof that they are using their resources productively. I'd be more suspicious is deepbit suddenly dropped to a small sliver, that could mean that they are diverting hashing power to an attack.

The chart just pulls hashrate numbers from the pool websites, then divides by the overall network hashrate to get the percentages.

During an attack, the total network hashrate would drop, but the attacking pool would probably continue to report its usual numbers (unless the attacker intentionally changed them).  The "other" category might even go negative, since it just represents the portion not accounted for by the reported pool hashrates, though I'm not sure how that would show up on the chart.
Chris Acheson
Sr. Member
****
Offline Offline

Activity: 266


View Profile
July 07, 2011, 11:50:31 AM
 #31

Tycho earns thousands of dollars per day legit by running the pool.

Why risk ruining a good business?

So this whole supposedly decentralized, resilient crypto-currency comes down to this?  "We trust this one guy.  Why would he want to screw us over?"  Why not just use E-Gold or something and quit wasting electricity?

Also, remember that you're not just trusting Tycho.  You're trusting anyone capable of compromising his systems, or of performing a rubber-hose attack against Tycho himself.  You think he's going to side with us if the Russian mob starts threatening his family?

Quote
He's even proposed countermeasures & paid bounties for people to monitor him and nobody took up the challenge.

What good would that do?  I've been watching Deepbit's hashrate hover above and below 50% of the total network this morning.  Most of the miners are probably asleep right now.  As for the rest, if they can't get their shit together to keep things balanced, what makes you think they would do anything about an attack in progress?  It would only take about 2 hours to pull off.

Cuddlefish had a much better idea to solve this problem, but it doesn't seem like anyone's working on that either.  No posts in that thread for a month now.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 07, 2011, 06:44:51 PM
 #32


Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley


15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 07, 2011, 06:52:29 PM
 #33


Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley




Very nice to see they are doing something. Ouch that it apparently is capable of snagging legitimate users as well.  Maybe the ip limit is too low verse period of time multiples connect? How many IP's did you have connected, if I may ask?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
grndzero
Sr. Member
****
Offline Offline

Activity: 392


View Profile
July 07, 2011, 08:35:10 PM
 #34


Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley


Very nice to see they are doing something. Ouch that it apparently is capable of snagging legitimate users as well.  Maybe the ip limit is too low verse period of time multiples connect? How many IP's did you have connected, if I may ask?

That's proof of the botnet that Deepbit "doesn't have the ethics to block" for people who like to make damning statements without doing any research.

Ubuntu Desktop x64 -  HD5850 Reference - 400Mh/s w/ cgminer  @ 975C/325M/1.175V - 11.6/2.1 SDK
Donate if you find this helpful: 1NimouHg2acbXNfMt5waJ7ohKs2TtYHePy
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 07, 2011, 09:02:18 PM
 #35


Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley


Very nice to see they are doing something. Ouch that it apparently is capable of snagging legitimate users as well.  Maybe the ip limit is too low verse period of time multiples connect? How many IP's did you have connected, if I may ask?

That's proof of the botnet that Deepbit "doesn't have the ethics to block" for people who like to make damning statements without doing any research.


I wish you could comment the guy's statement who is accusing Deepbit outside of my comments. I just don't want to appear I was pointing a finger, which i was not.



And in response to the Russian post, I was under the impression this was a regular user who was blocked by the new security measures Deepbit imployed but he is a legitimate user. Maybe you can read Russian and saw differently?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
July 07, 2011, 09:10:52 PM
 #36

did they setup their own pool?
other seems rather large, it was almost 45% earlier now it's about 1/5 of the total.
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 07, 2011, 09:20:48 PM
 #37

did they setup their own pool?
other seems rather large, it was almost 45% earlier now it's about 1/5 of the total.


Thats a 'shopped' image there, homey G nugs...

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
imanikin
Hero Member
*****
Offline Offline

Activity: 693


¡Sin Salsa no hay paraíso!


View Profile WWW
July 07, 2011, 09:58:15 PM
 #38


That's proof of the botnet that Deepbit "doesn't have the ethics to block" for people who like to make damning statements without doing any research.

Well, if something in the Deepbit interface is "proof" enough to you that Deepbit is blocking ALL the botnets, good for you!   Grin

As i said, i'll wait until a more credible third party has some proof, which would obviously not be Deepbit or its workers.  Cheesy

Some pretty shady "business" deals are made and unethical actions tolerated in the Bitcoin world. As in the rest of the criminal world, one botnet doesn't have the same friends, alliances and capabilities as every other...  Wink

error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 08, 2011, 02:56:16 AM
 #39


That's proof of the botnet that Deepbit "doesn't have the ethics to block" for people who like to make damning statements without doing any research.

Well, if something in the Deepbit interface is "proof" enough to you that Deepbit is blocking ALL the botnets, good for you!   Grin

As i said, i'll wait until a more credible third party has some proof, which would obviously not be Deepbit or its workers.  Cheesy

Some pretty shady "business" deals are made and unethical actions tolerated in the Bitcoin world. As in the rest of the criminal world, one botnet doesn't have the same friends, alliances and capabilities as every other...  Wink

Try clicking on the image for your "proof." Until then, you are on very shaky ground.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
July 08, 2011, 03:37:43 AM
 #40

did they setup their own pool?
other seems rather large, it was almost 45% earlier now it's about 1/5 of the total.


Thats a 'shopped' image there, homey G nugs...

nah, this:
http://www.bitcoinwatch.com/

the cool little pie chart, g.i.t.s. looking thing.
earlier it was about 45%, then about 1/5th. unless the only reason they were in other making it so large was because they got kicked from the named pools, and they didn't have anywhere to go?
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!