Bitcoin Forum
November 02, 2024, 09:58:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [2014-08-13] Bitcoin theft: Canadian hacker could be to blame  (Read 1664 times)
zakoliverz (OP)
Hero Member
*****
Offline Offline

Activity: 536
Merit: 500


View Profile
August 13, 2014, 07:40:23 AM
 #1

http://www.cbc.ca/news/technology/bitcoin-theft-canadian-hacker-could-be-to-blame-1.2733693

A hacker with access to a Canadian internet provider hijacked net traffic from large foreign networks to steal more than $83,000 US in virtual currency over a four-month period, a cyber security company said Monday.
Kprawn
Legendary
*
Offline Offline

Activity: 1904
Merit: 1074


View Profile
August 13, 2014, 01:25:23 PM
 #2

Once again they falling back to the old story.... "The Consumer Financial Protection Bureau issued an advisory warning, saying the currencies are not backed by the government, have volatile exchanges rates and are targeted by hackers and scammers. And unlike bank accounts, Bitcoin-based deposits are not federally insured."

So go on and back BTC and get on with it..... And then take out insurance on BTC transactions and be covered.

But these governments withhold their "backing" to protect their own "fiat" currency, and use the fact that they not backing BTC as a warning, not to use the competing currency. How fair is that?

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
aigeezer
Legendary
*
Offline Offline

Activity: 1450
Merit: 1013


Cryptanalyst castrated by his government, 1952


View Profile
August 13, 2014, 04:03:09 PM
 #3


But these governments withhold their "backing" to protect their own "fiat" currency, and use the fact that they not backing BTC as a warning, not to use the competing currency. How fair is that?

Nice insight, Kprawn! I hadn't thought of it that way ("use the fact that they not backing BTC as a warning"). You are right - the "no government backing" bogeyman is entirely of government making and easily within any government's power to solve, not that I agree with their problem definition and not that I would welcome any of their Procrustean attempts at problem-solving.

bitbouillion
Sr. Member
****
Offline Offline

Activity: 868
Merit: 250



View Profile
August 13, 2014, 04:22:30 PM
 #4


From the article:
Quote
Joe Stewart, director of malware research at SecureWorks, said the hacker targeted firms that hosted servers generating virtual currencies such as Bitcoin

Can an expert explain, how this hack really worked?  The technical information in this article is useless. As I understand the Bitcoin protocol the block reward is just a transfer like any other but with no input. Since only the block reward was stolen, it can't be a weakness of the protocol. The hacker must have gained access to the private keys of the miner. But why would a miner store the reward in a hot wallet with the private keys revealed and not notice the theft over a period of 4 months?

substratum
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
August 13, 2014, 04:55:16 PM
 #5


Can an expert explain, how this hack really worked?  The technical information in this article is useless. As I understand the Bitcoin protocol the block reward is just a transfer like any other but with no input. Since only the block reward was stolen, it can't be a weakness of the protocol. The hacker must have gained access to the private keys of the miner. But why would a miner store the reward in a hot wallet with the private keys revealed and not notice the theft over a period of 4 months?

There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
bitbouillion
Sr. Member
****
Offline Offline

Activity: 868
Merit: 250



View Profile
August 14, 2014, 12:02:10 AM
 #6


There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/


Thanks. The thieves stole hashing power via the Stratum protocol. It has nothing to do with the Bitcoin protocol nor were Bitcoins stolen. The article is misleading.

medUSA
Legendary
*
Offline Offline

Activity: 952
Merit: 1005


--Signature Designs-- http://bit.ly/1Pjbx77


View Profile WWW
August 14, 2014, 12:10:48 AM
 #7

I am not interested how he did it, I was appalled to see yet another thief can get away with it!

Quote
"He's pretty good at covering his tracks," Di Iorio said. "The chance of prosecution is very low."
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
August 14, 2014, 01:39:32 AM
 #8


There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/


Thanks. The thieves stole hashing power via the Stratum protocol. It has nothing to do with the Bitcoin protocol nor were Bitcoins stolen. The article is misleading.

Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.

Vires in numeris
bitbouillion
Sr. Member
****
Offline Offline

Activity: 868
Merit: 250



View Profile
August 14, 2014, 02:49:20 AM
 #9

Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.

Thanks for clarification. Couldn't have an encryption protocol prevented that man-in-the-middle attack?

The00Dustin
Hero Member
*****
Offline Offline

Activity: 807
Merit: 500


View Profile
August 14, 2014, 10:37:01 AM
 #10

Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.

Thanks for clarification. Couldn't have an encryption protocol prevented that man-in-the-middle attack?
Spoofed BGP packets were used for the attack.  Miner-to-pool encryption would only have been beneficial if the encryption portion couldn't be tricked.  For instance, if the mining was done over an proprietarily (SSH, IPSec, etc) encrypted connection where the connection would only work with a known signature on the mining-pool end and the 3rd party had no way to spoof the mining pool's signature.  OTOH, if it was done over SSL and the mining software accepted self-signed certificates (or if the hacker was also able to get a socially hack to get a centrally signed certificate), then it wouldn't have prevented the attack because the miner would just try to reconnect to the malicious pool after packets were dropped, accept the SSL certificate, and mine just the same.  I don't know whether or not any mining pools exist that use proprietarily encrypted connections, but I'm guessing not.  As for mining over SSL, again, I don't know if any mining software (or proxies) supports SSL and rejects invalid/self-signed certificates or only accepts specifically user-approved certificates.  This seems more feasible, but the majority probably wouldn't have it secured right regardless.
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
August 14, 2014, 12:56:28 PM
 #11

Leave these small-scale Bitcoin robberies. The Mt Gox robbery, in which some $500 million worth of coins were stolen, happened almost 6 months ago. Still there is no reliable clue on who did it.
whiskey
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
August 14, 2014, 02:00:23 PM
 #12

Leave these small-scale Bitcoin robberies. The Mt Gox robbery, in which some $500 million worth of coins were stolen, happened almost 6 months ago. Still there is no reliable clue on who did it.
Right, compraed to Mt Gox this is dust collection
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!