Last Updated: 2011-06-23 20:16:24 UTC
by Lenny Zeltser (Version: 1)
This week brought a number of headlines related to Bitcoin--a peer-to-peer online currency that seems to be increasing in popularity. From the security perspective, the rise of Bitcoin offers a peek at the type of financial transactions that may need to be safeguarded in the future and also provides insight into the criminal activities associated with such transactions.
Malware has appeared to steal Bitcoin wallets, time is near where botnets will be used for Bitcoin mining and attackers are probably considering whether weaknesses in the Bitcoin design and implementation might be used to game the Bitcoin market. Just like Friendster was the precursor to today's on-line social networks and Napster foreshadowed modern online music distribution models, so too BitCoins might be a sign of upcoming approaches to distributed online financial transactions.
Here are a few articles for coming up to speed on Bitcoin and the recent incidents associated with it.
Getting Started With Bitcoin
- Become familiar with the key Bitcoin concepts--what Bitcoin is, why it exists and how it is used--by reading the Bitcoin Wikipedia entry.
- Understand some of the reasons for Bitcoin continuing to increase in value by reading SmartMoney's perspective on the currency's growth streak.
- Take a look at the list of vendors who accept Bitcoin as a form of payment or who can exchange Bitcoins into traditional currencies.
- Consider the perspective that the economic factors behind Bitcoin might be unsustainable and could resemble a Ponzi scheme. Read a related perspective on why Bitcoin might be a poor idea.
- Understand the notion of Bitcoin mining--generating new Bitcoins by solving cryptographic problems. Consider the likely scenario of compromised computers being used for Bitcoin mining--a malicious practice that is not yet widespread, yet will inevitably rise in popularity.
Recent Bitcoin Incidents
- Read about Silk Road--an online marketplace for drugs such as LSD and Cannabis--that only accepts Bitcoin as the form of payment. This story brought Bitcoin to the attention of many people outside the tech community, including lawmakers.
- Learn the details of the theft where 25,000 Bitcoins, potentially worth $500,000, were reportedly stolen from a person's PC. (Maybe the victim exaggerated the size of the stolen sum?)
- Understand the nature of a recently-discovered trojan that was designed to steal the victim's Bitcoin wallet from the infected Windows computer. Also, read the forum discussion to understand how this malware was probably being distributed. (If you own Bitcoins, remember to safeguard the wallet.)
Potential Bitcoin Implications
- Read the EFF's perspective on Bitcoin's potential to "offer the kind of anonymity and freedom in the digital environment we associate with cash used in the offline world."
- Consider the opportunities for financial arbitrage if the Bitcoin market could be manipulated through the sale of a large quantities of Bitcoins at once.
The notion of Bitcoin as a distributed and anonymous form of currency is capturing the world's attention. The readers of this blog will find it particularly interesting to consider the implications of the role that such currency can play in the criminal marketplace and online attack activities.
Perhaps Bitcoin might be ahead of its time and maybe its design and implementation is flawed--we will know soon enough. Regardless, it is an idea that will inspire creative thinking in the space of online payments. In the words of Edward Z. Yang, "The future of Bitcoin depends on those who will design its successor. If you are investing substantially in Bitcoin, you should at the very least be thinking about who has the keys to the next kingdom."
(This diary is based on the text originally published on my blog.)
-- Lenny Zeltser
Last Updated: 2011-06-18 00:02:24 UTC
by Richard Porter (Version: 1)
If you are ever curious, yes the handlers do participate in events that do not include keyboards, packet analysis tools or malware reverse engineering. At an event here in Phoenix, AZ, USA it was clear that a piece of technology in development deserves some attention. As a lead in to the discussion the event clearly posted, no filming. The Security staff were very helpful in taking photos of folks during intermission and when the event was not taking place but vigilant in telling participants to stop during the course of the event.
This may seem like a soft subject for a diary piece but each of the handlers is entrusted with access to information that our readers post. In turn we all hold each other and ourselves to a high level of professional and personal ethics. but ... Not everyone has the same opinion on what is right or what is wrong. That brings me to the technical piece of this entry that is relevant to the above topic.
Fox News  is running a story about how Apple has filed patent for technology that can disable iPhones from filming at live events. After some searching I found a good source for explaining the patent in more detail .
In summary, the device will be able to receive commands through the infrared receiver. Keep in mind, Apple has several patents that never seem to surface as technology but this one, due to events last night, strikes as a concept to follow.
At what point do you stop owning your technology? Opposite of that where is the line to cross when it comes to protecting intellectual property?
Considering the world of extreme disclosure we are in, technology like this could be greatly useful in classified spaces and in areas of high sensitivity. For security operators that control sensitive spaces this is a technology that could be excited and useful but be aware that this could be a sign of the times to come.
--- ISC Handler on Duty
email: richard at isc dot sans dot edu