Bitcoin Forum
November 08, 2024, 09:54:21 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?  (Read 7862 times)
dacoinminster (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 04, 2011, 02:42:40 PM
 #1

From this article: http://searchsecurity.techtarget.com/news/2240039221/Black-Hat-2011-Dan-Kaminsky-reveals-network-security-research-topics

Quote
BitCoin, a digital, virtual currency system, was the platform for some of Kaminsky’s new research. BitCoin is a payment system that charges a low cost per transaction. Each transaction is digitally signed and broadcast, supposedly anonymously, over a peer-to-peer network. Kaminsky announced a new tool called BlitCoin that unmasks one or both ends of a BitCoin transaction.

Anybody know anything about this supposed tool to unmask bitcoin users? Google search for "blitcoin"+kaminsty just returns two links to the article quoted above:

http://www.google.com/search?q="blitcoin"+kaminsky

That won't be true for long, but here is what I see:


Tasty Champa
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
August 04, 2011, 02:50:34 PM
 #2

I think I bought weed from that guy once. xD
elggawf
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
August 04, 2011, 02:52:33 PM
 #3

He announced it at BlackHat yesterday - expect it to be a little while before even the slides show up, but more details will be forthcoming.

Or someone who actually went to Blackhat might post. I couldn't afford to go. Sad

^_^
wumpus
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1022

No Maps for These Territories


View Profile
August 04, 2011, 02:56:32 PM
 #4

Consensus on the mailing list seems to be that this guy built a graph analysis tool, using some well known properties to associate addresses.

If that's the case it's kind of far-fetched to call it a security vulnerability. But until someone that was there reveals more, it's only guessing...


Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
Tasty Champa
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
August 04, 2011, 03:04:07 PM
 #5

Consensus on the mailing list seems to be that this guy built a graph analysis tool, using some well known properties to associate addresses.

If that's the case it's kind of far-fetched to call it a security vulnerability. But until someone that was there reveals more, it's only guessing...



something that correlates transactions to nodes, like MagicalTux's proof of concept for mining clients?
displays everything on a google map?
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
August 04, 2011, 03:09:52 PM
 #6

he seems to be serious. but unmasking is maybe a far fetch.
but i will gladly read the sliders when they come out. Smiley

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
spruce
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
August 04, 2011, 03:13:07 PM
 #7

There's an interesting paper published 22 July online at http://arxiv.org/abs/1107.4524 entitled An Analysis of Anonymity in the Bitcoin System. There's an article based on that paper here: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html

It's not Blitcoin, of course. I'll be interested to see what Kaminsky has come up with.
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
August 04, 2011, 03:38:34 PM
 #8

I hope he releases this tool, cause I'd like to use it to find out as much details as possible about a bitcoin theft I was the victim of in June. I'd be surprised if it really works to be honest, but you never know.


spruce
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
August 04, 2011, 10:29:56 PM
 #9

From newbie:
Hi!  I was trying to respond to https://bitcointalk.org/index.php?topic=34383.0 , but as a newbie I can't.  So, maybe someone can quote this (or even move this) to that thread.

I'm Dan Kaminsky.  I'm the reason there's ASCII text that's returned if you run:

strings --bytes=20 .bitcoin/blk0001.dat

As reported, I've got a BitCoin deanonymization mechanism.  It's not complicated.

Connect to every node in the cloud, discoverable via sweeping/IRC/get_peers messages.  The first IP to consistently relay transactions for a given identity, is the given identity.

Of course the entire BitCoin cloud doesn't allow inbound connections (although you can do rather evil stuff with UPNP to force that open too).  But this isn't a problem -- there's only about 3000 to 8000 IPs that are BitCoin nodes that accept inbound connections.  Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network.  Nodes on average have seven outbound connections, so it should take only a few hundred unique to be one of the first-hop peers even for the outbound-only set.

Now that I think about it, it might even be possible to do this from a single IP, with lots of ports.  I remember seeing some code in there to try to distribute peers across Class B's though so this can be interesting bug #9 that BitCoin manages to smush.

(As a note, I have a tremendous amount of respect for BitCoin; I count it in the top five most interesting security projects of the decade.  Entire classes of bugs are missing.  But it's just not an anonymous solution, and the devs will say as much.)
dacoinminster (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 04, 2011, 10:41:26 PM
 #10

From newbie:
Hi!  I was trying to respond to https://bitcointalk.org/index.php?topic=34383.0 , but as a newbie I can't.  So, maybe someone can quote this (or even move this) to that thread.

I'm Dan Kaminsky.  I'm the reason there's ASCII text that's returned if you run:

strings --bytes=20 .bitcoin/blk0001.dat

As reported, I've got a BitCoin deanonymization mechanism.  It's not complicated.

Connect to every node in the cloud, discoverable via sweeping/IRC/get_peers messages.  The first IP to consistently relay transactions for a given identity, is the given identity.

Of course the entire BitCoin cloud doesn't allow inbound connections (although you can do rather evil stuff with UPNP to force that open too).  But this isn't a problem -- there's only about 3000 to 8000 IPs that are BitCoin nodes that accept inbound connections.  Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network.  Nodes on average have seven outbound connections, so it should take only a few hundred unique to be one of the first-hop peers even for the outbound-only set.

Now that I think about it, it might even be possible to do this from a single IP, with lots of ports.  I remember seeing some code in there to try to distribute peers across Class B's though so this can be interesting bug #9 that BitCoin manages to smush.

(As a note, I have a tremendous amount of respect for BitCoin; I count it in the top five most interesting security projects of the decade.  Entire classes of bugs are missing.  But it's just not an anonymous solution, and the devs will say as much.)

So "deanonymize" means "associate transaction with IP address"? If so, that does seem like it would work. I recall seeing somewhere that bitcoin can run over TOR, but I doubt very many people do that. I guess if you are using silk road you should!

Unfortunately, it won't help anybody investigating past crimes, since you would have to be monitoring the network in this way when the crime happened.

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Hopefully a mod can whitelist Dan so he can chat in this thread.

BitVapes
Full Member
***
Offline Offline

Activity: 140
Merit: 100


BitVapes.com


View Profile WWW
August 04, 2011, 10:48:24 PM
 #11

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist who controls the world economy.

Buy Electronic Cigarettes with Bitcoin @ http://bitvapes.com
Tasty Champa
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
August 04, 2011, 10:51:49 PM
 #12

I suggest licensing a screenshot so all the media outlets that want to cover this are forced to pay Dan BTC! xD
dacoinminster (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 04, 2011, 10:56:42 PM
 #13

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist who controls the world economy.

Somebody paste it please. I'm lazy/busy/not running linux, but I want to see the tribute to the hacker who became "an hero".

bitclown
Full Member
***
Offline Offline

Activity: 185
Merit: 100


View Profile
August 04, 2011, 11:01:30 PM
 #14

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist who controls the world economy.

Somebody paste it please. I'm lazy/busy/not running linux, but I want to see the tribute to the hacker who became "an hero".
If you're that busy it would have been quicker to just search the forums than to write that post...
https://bitcointalk.org/index.php?topic=33618.0
dacoinminster (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 04, 2011, 11:45:28 PM
Last edit: August 05, 2011, 12:25:35 AM by dacoinminster
 #15

For the even lazier:


---BEGIN TRIBUTE---
#./BitLen          
:::::::::::::::::::
:::::::.::.::.:.:::
:.: :.' ' ' ' ' : :
:.:'' ,,xiW,"4x, ''
:  ,dWWWXXXXi,4WX,  
' dWWWXXX7"     `X,
 lWWWXX7   __   _ X
:WWWXX7 ,xXX7' "^^X
lWWWX7, _.+,, _.+.,
:WWW7,. `^"-" ,^-'  
 WW",X:        X,  
 "7^^Xl.    _(_x7'  
 l ( :X:       __ _
 `. " XX  ,xxWWWWX7
  )X- "" 4X" .___.  
,W X     :Xi  _,,_  
WW X      4XiyXWWXd
"" ,,      4XWWWWXX
, R7X,       "^447^
R, "4RXk,      _, ,
TWk  "4RXXi,   X',x
lTWk,  "4RRR7' 4 XH
:lWWWk,  ^"     `4  
::TTXWWi,_  Xll :..
=-=-=-=-=-=-=-=-=-=
LEN "rabbi" SASSAMA
     1980-2011      
Len was our friend.
A brilliant mind,  
a kind soul, and    
a devious schemer;  
husband to Meredith
brother to Calvin,  
son to Jim and      
Dana Hartshorn,    
coauthor and        
cofounder and      
Shmoo and so much  
more.  We dedicate  
this silly hack to  
Len, who would have
found it absolutely
hilarious.          
--Dan Kaminsky,    
Travis Goodspeed    
P.S.  My apologies,
BitCoin people.  He
also would have    
LOL'd at BitCoin's  
new dependency upon
   ASCII BERNANKE  
:'::.:::::.:::.::.:
: :.: ' ' ' ' : :':
:.:     _.__    '.:
:   _,^"   "^x,   :
'  x7'        `4,  
 XX7            4XX
 XX              XX
 Xl ,xxx,   ,xxx,XX
( ' _,+o, | ,o+,"  
 4   "-^' X "^-'" 7
 l,     ( ))     ,X
 :Xx,_ ,xXXXxx,_,XX
  4XXiX'-___-`XXXX'
   4XXi,_   _iXX7'  
  , `4XXXXXXXXX^ _,
  Xx,  ""^^^XX7,xX  
W,"4WWx,_ _,XxWWX7'
Xwi, "4WW7""4WW7',W
TXXWw, ^7 Xk 47 ,WH
:TXXXWw,_ "), ,wWT:
::TTXXWWW lXl WWT:  
----END TRIBUTE----


I read a bit about him. Definitely seems like the sort of person who should be in the block chain. Could even be Satoshi himself. I wonder what he couldn't live with . . .

Edit: It was depression (http://boingboing.net/2011/07/04/rip-len-sassaman-cyp.html) and he probably wasn't Satoshi since he wasn't too impressed with bitcoin (https://twitter.com/#!/lensassaman/status/82754572958961664). Interesting that there were several days of twitter silence before his death (https://twitter.com/#!/lensassaman). I think I've been hanging around some of you conspiracy theorists for too long.

elggawf
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
August 05, 2011, 12:46:40 AM
 #16

Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network.

I thought it was going to come down to this, personally. I was kind of hoping for something a little more interesting, giving his penchant for breaking shit - but this is neat too.

^_^
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
August 05, 2011, 01:03:13 AM
 #17

What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information?

Can anyone who is familiar with the network source give us a breakdown of how this attack would work?
dakami
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
August 05, 2011, 01:09:29 AM
 #18

Heh all.

Slides are up at dankaminsky.com/bo2k11.

"What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information? "

Loose transactions that involve sending money, can expose the IP address of the sender.  The transaction has to enter the relay network somehow, and the first sender is the source.

"I was kind of hoping for something a little more interesting, giving his penchant for breaking shit - but this is neat too."

No need to overcomplicate things.  Although, looking at the source, each peer node that is selected from the outbound lists has to be on a unique /16 network.  Getting large numbers of nodes with inbound connectivity and unique x.y.0.0 addresses is actually a bit of a task.  I have a little more interesting plan for how to achieve that inexpensively.
elggawf
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
August 05, 2011, 01:11:57 AM
 #19

What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information?

Can anyone who is familiar with the network source give us a breakdown of how this attack would work?

I'm guessing you just float a buttload of incoming-capable P2P hosts on the Bitcoin network*, then wait for your mark to spend some coins. You might be able to speed this process up by spending some to them, so they think "shit, free money" and spend it elsewhere, but maybe not and it's certainly not always required if you can know they're going to do a spend at some point.

Then the basic idea is you just watch which peer on the network the transaction comes from first, with that peer being the likely IP address of the originator. It involves a lot of peers (since you need a way to guarantee that you are connected to pretty much every peer on the network), some luck, and you have to hope that they're not using a proxy/open WLAN/whatever, and that getting their IP is useful in actually identifying them.

It's not really a useful real-world attack for the most part, other than demonstrating that "anonymous" is absolutely the wrong word to describe Bitcoin... but if you've done your reading then you know that the only people who use the word "anonymous" to describe Bitcoin don't know their arse from their elbow anyway.

Edit: Yes, the slides indeed say this and he even suggests it's not as many as I figured you'd need given that the average outbound-only client connects to about 7~8 peers.

^_^
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
August 05, 2011, 01:47:23 AM
 #20

Superb, that makes sense. Thanks for clarifying Smiley
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!