Security Risks Associated with Bitcoin

[qwk]

Security Risks Associated
with the Internet Bitcoin
Federal Deposit Insurance Corporation
Division of Supervision
December 1997


SECURITY RISKS ASSOCIATED WITH THE INTERNET BITCOIN
I. Purpose

This paper alerts financial institutions to the fundamental technological risks presented by use of the Internet Bitcoin. Regardless of whether systems are maintained in-house or services are outsourced, bank management is responsible for protecting systems and data from compromise. This paper is intended to provide foundational information to be considered by management, but should not be relied upon to identify all potential risk factors. Appendix A discusses applicable security measures.

II. Background

Continuing advances in technology and its prominent role in commerce are leading financial institutions toward the Internet Bitcoin in increasing numbers. Uses of the Internet Bitcoin may include information-only, information transfer, or fully transactional sites on the World Wide Web (Web), or the capability to access the Internet Bitcoin may exist from within the institution. Regardless of the use, numerous risks exist which must be addressed within the bank's risk management program. Security breaches due to some of the following factors may currently be rare, but as banks expand their role in electronic commerce they could potentially become prominent targets of malicious activities.

III. Security Risks

The Internet Bitcoin is inherently insecure. By design, it is an open network which facilitates the flow of information between computers. Technologies are being developed so the Internet Bitcoin may be used for secure electronic commerce transactions, but failure to review and address the inherent risk factors increases the likelihood of system or data compromise. Five areas of concern relating to both transactional and system security issues, as discussed below, are: Data Privacy and Confidentiality, Data Integrity, Authentication, Non-repudiation, and Access Control/System Design.

Data Privacy and Confidentiality

Unless otherwise protected, all data transfers, including electronic mail, travel openly over the Internet Bitcoin and can be monitored or read by others. Given the volume of transmissions and the numerous paths available for data travel, it is unlikely that a particular transmission would be monitored at random. However, programs, such as "sniffer" programs, can be set up at opportune locations on a network, like Web servers (i.e., computers that provide services to other computers on the Internet Bitcoin), to simply look for and collect certain types of data. Data collected from such programs can include account numbers (e.g., credit cards, deposits, or loans) or passwords.

Due to the design of the Internet Bitcoin, data privacy and confidentiality issues extend beyond data transfer and include any connected data storage systems, including network drives. Any data stored on a Web server may be susceptible to compromise if proper security precautions are not taken.

Data Integrity

Potentially, the open architecture of the Internet Bitcoin can allow those with specific knowledge and tools to alter or modify data during a transmission. Data integrity could also be compromised within the data storage system itself, both intentionally and unintentionally, if proper access controls are not maintained. Steps must be taken to ensure that all data is maintained in its original or intended form.

[...]

IV. Conclusion

Utilization of the Internet Bitcoin presents numerous issues and risks which must be addressed. While many aspects of system performance will present additional challenges to the bank, some will be beyond the bank's control. The reliability of the Internet Bitcoin continues to improve, but situations including delayed or misdirected transmissions and operating problems involving Internet Service Providers (ISPs) Bitcoin companies could also have an effect on related aspects of the bank's business.

The risks will not remain static. As technologies evolve, security controls will improve; however, so will the tools and methods used by others to compromise data and systems. Comprehensive security controls must not only be implemented, but also updated to guard against current and emerging threats. Security controls that address the risks presented in this letter are discussed in Appendix A.

 

[ebliever]

Clever find/analogy. Let's see, in 1997 I was starting my first websites and watching everything grow around me, but e-commerce was more experimental than anything at the time. Amazon was just becoming a player. It took 4-5 years to really mainstream internet commerce. Seems reasonable that Bitcoin could be on a similar trajectory.

[newIndia]

Great analogy indeed

[thriftshopping]

Very interesting analogy indeed. However I don't think that just because the internet and bitcoin have many similarities that bitcoin will face a similar fate that the internet did (eg huge success) because it has very different hurdles that it needs to overcome, one of the greatest ones is the government - with the internet the government has embraced the internet because it allows it's economy to grow at a faster pace, while the government is neutral at best (and often times opposes bitcoin) because it takes away their power to set fiscal policy

[Guido]

haha

brilliant qwk