In 2009 an author going by the pseudonym of Satoshi Nakamoto published a paper called Bitcoin: A Peer-to-Peer Electronic Cash System (http://tinyurl.com/kkxbyss) that describes a decentralized electronic cash system based in cryptography that does not depended on financial institutions to validate transactions or to generate the cash. Since the system depends on a distributed network, it is very difficult to establish a relationship between the digital cash and its owner. This paper has started the era of Cryptocurrency.
Although the Bitcoin is the most famous (and valuable) of cryptocurrencies, there are well over five hundred different types of digital coins in circulation (http://tinyurl.com/o94fhlw), each having different values and market capitalizations. Some of these coins actually reach very high values, being the most famous the case of the Bitcoin that reached the value of $1124.76 by the end of November of 2013. Although this value has decreased, it still has a high market quotation (at the time of writing: $427.20).
According to DELL, an estimated $2.6million worth in digital coins are generated every day (http://tinyurl.com/o6y4hrr) by users. Since these coins are traded digitally, are difficult to trace and have such a high value, they make a very attractive target for cyber criminals since they can use them to pay for illegal stuff or ask ransoms without worrying about being identified.
A study published by Kaspersky (http://tinyurl.com/m25vuma), shows that 8% of financial malware is already targeting cryptocurrency wallets, and 14% targets the mining process.
Also, the appearance of new malware that targets cryptocurrency varies according to the market quotation of the coins as another study from DELL (http://tinyurl.com/nqcu5h9) shows.
Although the cryptocurrency system equates into a rich, complex and distributed environment (please refer to https://bitcoin.org/ to learn the details) two core processes are systematically targeted by most attackers: the mining process and the transaction process.
To earn “coins” entities contribute to the validation of a set of the transactions by performing some complex computations (also known as mining). According to the amount of effort employed to perform the computations, entities are rewarded “coins”.
The proof of ownership of a set of “coins” is stored in the entity digital wallet. The “coins” are, like real money not tied to anyone’s identity, so what really matters is maintaining the ownership of the coins by protecting the one’s wallet.
Typically attacks to cryptocurrency environments aim to steal coins and sometimes to disturb the environment (or the network) and usually target:
- Wallets (represent a user personal wallet)
- Exchange Services (works like a bank or a store)
- Cryptocurrency network (similar to the economic system that regulates the market)
- Mining resources (where the coins are created)
User Wallets
The most obvious targets are the wallets. Since these are used to store the coins (or the coin address and private key that assures the network that the user is the owner of a set of coins), if an attacker can compromise the devices were wallets are stored, it will be possible to transfer the coins. Once the transfer is accepted, it becomes impossible to revert the operation (remember that the system works through “proof of ownership” and not by tying coins to anyone’s identity). Performing these attacks are equivalent to pickpocket a user wallet.
Currently there are over one hundred different families of wallet stealing malware (http://tinyurl.com/ovnddwz). These vary from phishing malwares that send emails that try to make the user reveal the content of his wallet, to more sophisticated ones like CoinThief.A (http://tinyurl.com/q88kxaz), which hides on the users device and waits for them to access their wallets to steal their credentials. These malwares can be seen as the pickpockets of digital wallets.
Exchange Services
Since digital coins are worthless if there isn’t a broker service that trades them for other things (like “physical” money or some kind of valuable service), exchange services have appeared and thrive worldwide. These services provide for the buying and selling of coins, and as such, they also have become a target due to the amount of digital coins that they store. Successfully attacking these services can be seen as robbing a bank or store.
Although there have been many attacks on the exchange services (http://tinyurl.com/q2ecy6t), the most famous one is the heist of MtGox (http://tinyurl.com/npnab5b). MtGox was a Tokyo based exchange service that at the time traded ¾ of the world Bitcoins.
With this heist, they lost 850.000 bitcoins (almost half a billion US dollars at the time) which, of course has lead to the bankruptcy of the service. How this heist was performed remains a mystery until now however and, if true, according to Campbell Harvey (professor at Duke University's Fuqua School of Business), it is the biggest bank heist in history.
Cryptocurrency Network
When a buyer (or sender) wants to acquire some goods (like “physical” money, service or any other product) from a seller (or receiver), a transaction of digital coins from one to another is performed. This transaction is initiated by the buyer that generates a signed block composed of his wallet address, the amount of coins and the seller wallet address. The block is then sent to the network in order to confirm the coins ownership transfer (mined). Once the seller receives the confirmation of the transaction he will accept it and handle the goods to the buyer.
But, by looking at this process, what stops the buyer from performing a double spending (spend the same coin twice) attack by creating two different block’s (one for each buyer) and sending them to the network to be confirmed? The distributed nature of the network stops this attack, because only one of those transactions will be accepted (added to the chain). This is due to the fact that one of those transactions will be accepted first (i.e. added first to the chain), and nodes only consider the first transaction (only accept the longest chain). If a transaction using the same coin arrives to be confirmed, they will detect the double spend and will not confirm it. So, to perform this attack, the sender must be able to forge a chain that is larger than the one that is currently accepted by the network.
In order to forge a larger chain, the sender must control a total amount of computing power greater than 50% of the network (i.e >=51%, which is very unlikely due to the size of the network). With it, he will be able perform a double spending attack by letting the first transaction be confirmed by the network, and then, introducing is own chain. Once introduced, it will become the main chain of the network since it is larger that the honest chain and nodes will start to work on it by adding new blocks to it.
Although this attack seems tempting because it can potentially encourage an attacker to always use the same coins to pay for something, it is less profitable than mining (http://tinyurl.com/kkxbyss). This is due to the fact, that by controlling that much computing power, the attacker will be able to collect very big rewards by staying honest and mine for coins. This means that an attacker will gain more by activity contributing to the “economy” well being than trying to control it.
Mining Resources
Earlier this year, researchers at Secure Works have discovered an attack where someone was able to redirected users (miners) to his own servers in order to “steal” their mining resources (http://tinyurl.com/o6y4hrr). Since users are rewarded according to their participation, the objective of the attacker was to have the users performing the heavy computations, and then collect their reward. This attack can be interpreted has stealing the salary of workers at a coin forging facility since it is effectively stealing their rewards for mining.
With this attack, it is estimated that the attacker was able to steal about $83.000 from the users, which isn’t much, but the interesting thing here is the way in which this attack was performed.
To execute this attack, the attacker changed the BGP routes (protocol that connects networks on the internet, for more details please read: http://tinyurl.com/o6y4hrr). After the initial advertisement, BGP ensures that the new routes are propagated through the network. When the attack was finally uncovered, it had already reached 51 different networks (http://tinyurl.com/mgo9zb6) and 19 Internet Service Providers (ISP).
The researchers have traced the origin of the attack to an ISP located in Canada. Since the BGP connected networks can only be changed manually (ensures that malicious networks can’t hijack traffic from legit ones), this means that the attacker was either an ex-employee of the ISP or was still working there.
With Cryptocurrencies current hype and exposure, researchers believe that these are just the first attacks, and that new and more complex ones will arise in the future (http://tinyurl.com/o6y4hrr).
Currently, the first Bitcoin ATM machine has been installed in Lisbon, and two more are planed for Porto and Algarve (http://tinyurl.com/lh8dwvx).
So are you prepared to start using Cryptocurrency on your day-to-day basis?
0 comentários :
Post a Comment