Stuxnet and bitcoin...

[spazzdla]

Would the best attack against us be creating a mimic of stuxnet and taking out all the nodes at exactly the same time.....

Is this a legit concern for us?

[DrGrid]

Yes.
And no. As long as the network remains distributed.

[hua_hui]

No, I don't think so. It is possible to affect all the nodes at the same time. Until now, Bitcoin network has still been the most secure network provided by the miners all around the world. Even it is possible, due to the nodes located in the different parts of the world, once it comes out , it will be reported and some solutions will come out to fix it immediately.

[Soros Shorts]

That would be pretty extreme. Don't forget that the people behind Stuxnet did not just stop after creating the worm. They also went ahead and assassinated a bunch of Iranian nuclear scientists. If Bitcoin devs started getting blown up with car bombs then this would be mean war.

[harrymmmm]

That would be pretty extreme. Don't forget that the people behind Stuxnet did not just stop after creating the worm. They also went ahead and assassinated a bunch of Iranian nuclear scientists. If Bitcoin devs started getting blown up with car bombs then this would be mean war.

If bitcoin goes where we all think it's going, there will be no holds barred in the battle.
Bitcoin devs will be 'jumping' from windows if they can't be coerced.
Car bombs might come later in desperation I guess...

[Vessko]

What does Stuxnet have to do with this?! It was a worm spreading via USB sticks (if autorun/autoplay was not disabled on the victim's machine) and had a payload interfering with SCADA systems (industrial controllers).

[spazzdla]

That would be pretty extreme. Don't forget that the people behind Stuxnet did not just stop after creating the worm. They also went ahead and assassinated a bunch of Iranian nuclear scientists. If Bitcoin devs started getting blown up with car bombs then this would be mean war.

I would fear the people would do the same to us...  Well not you or I we are no one but the gifted speakers and thinkers of our community.  Probably hide it as several "unfortunate accidents".. :S.

[spazzdla]

What does Stuxnet have to do with this?! It was a worm spreading via USB sticks (if autorun/autoplay was not disabled on the victim's machine) and had a payload interfering with SCADA systems (industrial controllers).

More cyber war, Stuxnet was really just the first major example of cyber warfare.

Write it to take down any comp running a bitcoin node.   PLC's it was messing with, which is pretty crazy because no one ever thought people would write viruses for PLC's..  These control the back-up power to everything..  Done a bunch of back up systems with PLC's, due to the air-gap no virus protection is really thought of.

Although to get this on to all of the nodes would not be an easy task.. if even possible. 

I know of people writing "locks" for the code if the customer is known to not pay..  Well hey what do you know after 3 months it won't work and you haven't paid.. shame.  That is some shady stuff though.

[Vessko]

More cyber war, Stuxnet was really just the first major example of cyber warfare.

No, it was only the first case of state-sponsored cyber warfare that gained media exposure.

Write it to take down any comp running a bitcoin node.   PLC's it was messing with, which is pretty crazy because no one ever thought people would write viruses for PLC's..  These control the back-up power to everything..  Done a bunch of back up systems with PLC's, due to the air-gap no virus protection is really thought of.

In other words, Stuxnet has nothing to do with it. You are basically asking what if somebody released a virus targeting the full Bitcoin nodes. Clearly, it has to spread much more successfully than Stuxnet (i.e., not via USB sticks - maybe be a network worm using some zero-day exploit) and have a payload completely different from that of Stuxnet.

A much more profitable attack would be a virus that has a keylogger to steal the password to the user's wallet and then use the stolen password to steal the contents of that wallet. There are many such viruses, BTW, none of them very successful. Believe it or not, Bitcoing isn't that widespread to make such an attack wildly profitable. A much more efficient investment for the attacker's time is to create some malware (virus or some non-replicating malware) that steals banking credentials for on-line banking sites. And, indeed, that are many more such malicious programs and they bring much more profit to their creators.

I know of people writing "locks" for the code if the customer is known to not pay..  Well hey what do you know after 3 months it won't work and you haven't paid.. shame.  That is some shady stuff though.

And I know people who find and remove such locks for fun. But that's again irrelevant to the issue at hand.

[spazzdla]

I could write a lock that would be impossible to remove.....  You'd have to re-write.

[Vessko]

I could write a lock that would be impossible to remove.....  You'd have to re-write.

Having seen the kinds of software protections my friends have removed, I very much doubt that... In one case they even removed a hardware, dongle-based protection, where the protected program downloaded part of the decryption code from the dongle - and they cracked it without even having the dongle! Unless the protected program needs to be constantly on-line and receive information from the producer's server... And even then it's doubtful.

Of course, it depends what you mean by "re-write". In one case the protection was very complex. The protected program was encrypted and the decryption code was some kind of finite state automaton, basically consisting of instruction/jump-to-another-instruction pairs and practically impossible to debug and understand. The image on the disk was "position-protected", meaning that the installer recorded on which sectors the program was installed and it wouldn't run if copied elsewhere (or if the disk was defragmented, but this wasn't widely used way back then). So, my friend let the program decrypt itself and run in memory and then dumped the whole memory image. Then reduced the available memory and repeated the procedure, so he had two memory dumps of the same program loaded at two different addresses. From the differences of the two images he re-constructed the (equivalent) EXE header and ended up with the original program minus the protection. I guess you could call that "re-writing" it.

You can make parts of the program inaccessible until some condition is met (e.g., you can, cryptographically, hide the payload of a virus until the virus has found what it is looking for), but once the condition is met, it's game over, you know what the program does and how to counter it.

[spazzdla]

Have you ever programmed in ladder logic..?

I would LOVE to see you "detect a virus" in ladder logic, love to.

[Meuh6879]

you can not shuntdown a P2P network.



"they" try since 15 years, now ... 

[RodeoX]

I think Stux could be modified to do something like this. There would be a lot of ways to counter it however. The stux worm released on Iran was very sophisticated and was able to ferret out specific types of equipment. But why bitcoin?

[spazzdla]

I think Stux could be modified to do something like this. There would be a lot of ways to counter it however. The stux worm released on Iran was very sophisticated and was able to ferret out specific types of equipment. But why bitcoin?

Central banks wish to eliminate any threat to them at any cost to humanity.

[RodeoX]

I think Stux could be modified to do something like this. There would be a lot of ways to counter it however. The stux worm released on Iran was very sophisticated and was able to ferret out specific types of equipment. But why bitcoin?

Central banks wish to eliminate any threat to them at any cost to humanity.

They may want to eliminate bitcoin, but launching an attack like this has almost no chance of remaining secret. Once discovered, the damage to the bank would far outweigh the tiny advantage of hurting bitcoin for a limited time. It would be wildly illegal and require destroying thousands and thousands of mining machines and routers. They will be completely responsible for those damages and any lost revenue. Their settlement would run into the billions. And all they would gain is to suppress bitcoin for a short time. 

[Vessko]

Have you ever programmed in ladder logic..?

I have even "programmed" analog (i.e., not digital) computers and computers that used ternary (as opposed to binary) number representations. A dinosaur like me has seen it all...

I would LOVE to see you "detect a virus" in ladder logic, love to.

And I would love to see you write a virus in ladder logic, I'd really love to. In fact, you'd have a hard time even writing a simple multiplication function in it...

It is clear to me now that you really have no clear idea what computer viruses are and how they really work - something which I already suspected when you brought Stuxnet into this context.

[Vessko]

I think Stux could be modified to do something like this.

Not really. It simply doesn't make sense. If a third party wanted to attack the Bitcoin nodes with a virus, it would be much easier for them to write a new virus for this purpose as opposed to changing an existing one like Stuxnet (which wasn't even very successful as a virus, to begin with). For the original creators of the virus, it would be much easier, too. They have a framework for this purpose, so it's much easier to use it to build a new malware from the modules they already have than to modify something that they have already built (and which is known to the anti-virus community).

The stux worm released on Iran was very sophisticated

It was nothing exceptional. Oh, sure, it has interesting properties, like being obviously written by a defense contractor (ever heard the saying that an elephant is a mouse built by a committee to government specifications? Well, Stuxnet is a virus built by a "committee" - several teams not communicating with each other and only producing code modules matching a specification), it was attacking a SCADA system, it was used as a weapon against a country, and it gained wide notoriety in the press. But, as a virus, it was nothing special.

If you want sophistication, how about Flame or Gauss? They were both written by the same outfit that came up with Stuxnet, using the same (or similar) famework.

Flame was huge - about 20 Mb! Four years later, we still don't know everything it could do - because how do you analyze 20 Mb of compiled code and linked libraries?! It even had a virtual machine and a Lua interpreter for some of its parts. Command-and-control, replication on demand, SQL injection, audio and video interception, backdoors, zero-day exploits, keylogging, encryption, compression, Bluetooth sniffing... Flame had it all. It even used an unknown till then collision attack to crack MD5 and fake Microsoft Update. (Microsoft stopped using MD5-based certificates because of Flame.)

Gauss, clearly produced by the same outfit, is my personal favorite, because it implemented an attack I predicted in the late 90s. Google "clueless agents" - Bruce Schneier has a nice paper about them. Gauss has a practically textbook implementation of them. We don't know what it does. It looks for directory paths by doing H(H(path)) where H() is a cryptographically strong hash function and then H(path) is used as the decryption key. We do know H(H(path)) - it's in the virus - but we have no clue what the path is, so we can't compute H(path) and decrypt the encrypted payload of the virus. (I am over-simplifying here - the hash-of-hash is not done once but 1000 times and the key is not a simple H(path) but of a more complex data which is derived from the path.) Although the hash function is MD5 and the cypher is RC4, both of which are considered nowadays cryptographically insecure, in practice we haven't got a snowball's chance in hell of decrypting the payload of the virus and understanding what it does...

For a more technical description of the issue, see this.

[RodeoX]

I think Stux could be modified to do something like this.

Not really. It simply doesn't make sense...

The stux worm released on Iran was very sophisticated

It was nothing exceptional. ...

My understanding of Stux is that it had a powerful basic core that included at least two zero day exploits. That is rare and why I consider it to be sophisticated. This basic code was then elaborately modified to target specific hardware. The primary targets were Iranian uranium enrichment centrifuges. These could be destroyed by spinning them at a particular speed that caused them to wobble and fall over. 

[Flashman]

Whoa, thanks for pointing this out, I'll unplug my uranium centrifuge from my bitcoin machine immediately.