[2014-08-13] Bitcoin theft: Canadian hacker could be to blame

[zakoliverz]

http://www.cbc.ca/news/technology/bitcoin-theft-canadian-hacker-could-be-to-blame-1.2733693

A hacker with access to a Canadian internet provider hijacked net traffic from large foreign networks to steal more than $83,000 US in virtual currency over a four-month period, a cyber security company said Monday.

[1714015857]

1714015857

[1714015857]

1714015857

[1714015857]

1714015857

[1714015857]

1714015857

[Kprawn]

Once again they falling back to the old story.... "The Consumer Financial Protection Bureau issued an advisory warning, saying the currencies are not backed by the government, have volatile exchanges rates and are targeted by hackers and scammers. And unlike bank accounts, Bitcoin-based deposits are not federally insured."

So go on and back BTC and get on with it..... And then take out insurance on BTC transactions and be covered.

But these governments withhold their "backing" to protect their own "fiat" currency, and use the fact that they not backing BTC as a warning, not to use the competing currency. How fair is that?

[aigeezer]

But these governments withhold their "backing" to protect their own "fiat" currency, and use the fact that they not backing BTC as a warning, not to use the competing currency. How fair is that?

Nice insight, Kprawn! I hadn't thought of it that way ("use the fact that they not backing BTC as a warning"). You are right - the "no government backing" bogeyman is entirely of government making and easily within any government's power to solve, not that I agree with their problem definition and not that I would welcome any of their Procrustean attempts at problem-solving.

[bitbouillion]

http://www.cbc.ca/news/technology/bitcoin-theft-canadian-hacker-could-be-to-blame-1.2733693

From the article:

Joe Stewart, director of malware research at SecureWorks, said the hacker targeted firms that hosted servers generating virtual currencies such as Bitcoin

Can an expert explain, how this hack really worked?  The technical information in this article is useless. As I understand the Bitcoin protocol the block reward is just a transfer like any other but with no input. Since only the block reward was stolen, it can't be a weakness of the protocol. The hacker must have gained access to the private keys of the miner. But why would a miner store the reward in a hot wallet with the private keys revealed and not notice the theft over a period of 4 months?

[substratum]

Can an expert explain, how this hack really worked?  The technical information in this article is useless. As I understand the Bitcoin protocol the block reward is just a transfer like any other but with no input. Since only the block reward was stolen, it can't be a weakness of the protocol. The hacker must have gained access to the private keys of the miner. But why would a miner store the reward in a hot wallet with the private keys revealed and not notice the theft over a period of 4 months?

There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

[bitbouillion]

There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

Thanks. The thieves stole hashing power via the Stratum protocol. It has nothing to do with the Bitcoin protocol nor were Bitcoins stolen. The article is misleading.

[medUSA]

I am not interested how he did it, I was appalled to see yet another thief can get away with it!

"He's pretty good at covering his tracks," Di Iorio said. "The chance of prosecution is very low."

[Carlton Banks]

There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

Thanks. The thieves stole hashing power via the Stratum protocol. It has nothing to do with the Bitcoin protocol nor were Bitcoins stolen. The article is misleading.

Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.

[bitbouillion]

Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.

Thanks for clarification. Couldn't have an encryption protocol prevented that man-in-the-middle attack?

[The00Dustin]

Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.

Thanks for clarification. Couldn't have an encryption protocol prevented that man-in-the-middle attack?

Spoofed BGP packets were used for the attack.  Miner-to-pool encryption would only have been beneficial if the encryption portion couldn't be tricked.  For instance, if the mining was done over an proprietarily (SSH, IPSec, etc) encrypted connection where the connection would only work with a known signature on the mining-pool end and the 3rd party had no way to spoof the mining pool's signature.  OTOH, if it was done over SSL and the mining software accepted self-signed certificates (or if the hacker was also able to get a socially hack to get a centrally signed certificate), then it wouldn't have prevented the attack because the miner would just try to reconnect to the malicious pool after packets were dropped, accept the SSL certificate, and mine just the same.  I don't know whether or not any mining pools exist that use proprietarily encrypted connections, but I'm guessing not.  As for mining over SSL, again, I don't know if any mining software (or proxies) supports SSL and rejects invalid/self-signed certificates or only accepts specifically user-approved certificates.  This seems more feasible, but the majority probably wouldn't have it secured right regardless.

[bryant.coleman]

Leave these small-scale Bitcoin robberies. The Mt Gox robbery, in which some $500 million worth of coins were stolen, happened almost 6 months ago. Still there is no reliable clue on who did it.

[whiskey]

Leave these small-scale Bitcoin robberies. The Mt Gox robbery, in which some $500 million worth of coins were stolen, happened almost 6 months ago. Still there is no reliable clue on who did it.

Right, compraed to Mt Gox this is dust collection