Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: A lucrative attack on bitcoin? - page 2. (Read 13253 times)

MoonShadow
legendary
Activity: 1708
Merit: 1007
Re: A lucrative attack on bitcoin?
October 26, 2010, 02:54:03 AM
#13
Quote from: ByteCoin on October 26, 2010, 02:40:36 AM
Bitcoin currently provides excellent security guarantees against forgery or other tampering but no effective countermeasures against spamming or other denial of service attacks.

Sure it does, the transaction fee schedule is written with the purpose of limiting DOS attacks upon the network by making compunding transactions increasingly expensive, without actually prohibiting them.  Not only does this make DOS/spamming the network prohibitively expensive for the attacker, it also provides an incentive for honest clients to throttle their transactions whenever the network is loaded down (delaying additions to blockchain, not preventing them) as well as provide an additional incentive for generators to accept the burdens.

Kids these days, always thinking that their revelations are original.
ByteCoin
sr. member
Activity: 416
Merit: 277
Re: A lucrative attack on bitcoin?
October 26, 2010, 02:40:36 AM
#12
Bitcoin currently provides excellent security guarantees against forgery or other tampering but no effective countermeasures against spamming or other denial of service attacks. Spamming the network with valid transactions at 1MB per second results in a disc usage of at least 2TB per month.  This would cause probably all hash generation to stop after a couple of months. What would happen subsequently is less certain.

Possibly if the attackers ramped their spamming up slowly then people would sell their Bitcoins just before they stopped their client and deleted the transaction data taking up all their disc space. This would drive the price of Bitcoins down and the attackers could buy them cheaply. Then a client more resistant to spamming is released (such as a client using "balance sheets" Wink ). Harmony is restored and the value of Bitcoins soars to its normal level!

ByteCoin
kiba
legendary
Activity: 980
Merit: 1014
Re: A lucrative attack on bitcoin?
October 25, 2010, 07:50:34 PM
#11
Compromising the bitcoin network is the fastest way to make your investment in a botnet worthless. Better to just mine it and sell it for bitcoins.
grondilu
legendary
Activity: 1288
Merit: 1076
Re: A lucrative attack on bitcoin?
October 25, 2010, 06:36:09 PM
#10


Why does it seem to me that botnets would do nothing but improving the security of the network ??

I mean those guys controlling those botnets would earn money by mining, but I doubt they could steal anyone.
knightmb
sr. member
Activity: 308
Merit: 256
Re: A lucrative attack on bitcoin?
July 25, 2010, 05:20:17 PM
#9
Quote from: SEN-5241 on July 25, 2010, 03:35:43 PM
The point being, listing out a bunch of AND AND AND's proves nothing.  You're quite right that it has to be economical, we just simply disagree that something like this isn't potentially extremely economical.  The biggest hurdle is likely that bitcoin is just too small for a serious botnet guy to make any money off of and do anything with.  As it grows the profit potential only grows larger.

The ANDS aren't meant to prove anything. They are milestones for a plan that give a probable difficulty in reach each milestone in anecdotal form. Meaning, if my goal was to buy up the world's gold supply. The plan would be as simple as step 1, buy all the gold, step 2, I have all the gold. But we know there would be a lot of steps in between to achieve that goal.

This topic had a 5 step plan for the goal on how to profit from a Bit Coin attack using a Bot Network and filling in the in-between stuff just further documents the difficulty in it, that's all.  Wink

But I know what you mean and I agree, the botnet guys are making enough money not to really care about a Bit Coin scam at the moment.
SEN-5241
newbie
Activity: 4
Merit: 0
Re: A lucrative attack on bitcoin?
July 25, 2010, 03:35:43 PM
#8

Quote from: knightmb on July 23, 2010, 04:50:57 PM
Are these things suppose to be easy? People don't operate botnets because they are hard, but because it makes them money for the amount effort they are going to put into it. I read in the news from time to time about botnet operators getting busted. They weren't doing it for the *rush* of the challenge, but to make a living.

2 months of dev work is like not getting paid for 2 months. The investment would have to be worth it to someone with that much free time. Plus there is a movement out there to root out botnets. So all your work could go up in a electron should someone shut you down or wipe our/take control of your botnet.
Yes, those things are easy.

I'm not a botnet creator, so I really have no idea on the economics of it.  I also wouldn't assume you're not being paid for 2 months, as you'd likely have income from whatever previous scams you've created.  The two month estimate was an extremely conservative one.  The other end of the spectrum is something like a couple weeks to get out Version 1.

The point being, listing out a bunch of AND AND AND's proves nothing.  You're quite right that it has to be economical, we just simply disagree that something like this isn't potentially extremely economical.  The biggest hurdle is likely that bitcoin is just too small for a serious botnet guy to make any money off of and do anything with.  As it grows the profit potential only grows larger.
knightmb
sr. member
Activity: 308
Merit: 256
Re: A lucrative attack on bitcoin?
July 24, 2010, 01:03:43 PM
#7
Quote from: SEN-5241 on July 24, 2010, 01:00:12 PM
Quote from: knightmb on July 23, 2010, 04:50:57 PM
So first, someone will have to take the source code AND compile a version that will remain hidden AND produce bogus blocks AND be able to be remotely controlled AND be able to restart itself after a system reboot/shutdown AND coordinate this properly to have *all* bots online at the same time AND be able to funnel those fake blocks to a central fake client AND be compile another client that will accept those fake blocks AND it will have to be setup to only work as private/local nodes AND you'll need another compile for a client that will connect to the public network AND the fake network to start loading up the fake blocks AND, AND, AND...

Huh?  Are these things supposed to be difficult?  You make it sound like it would take years of development to do this.  I've developed software for 10+ years, and in my estimation it'd take a skilled programmer perhaps a month or two to do this from scratch.  Possibly much less.  Anyone that has created botnets has already created the remote control libraries, so that's just a matter of linking them in.

Someone else mentioned a botnet hearder not wanting individual nodes to be discovered because of the CPU usage.  Well, most people don't EVER bring up a CPU usage meter, so the risks of that are minimal.  If you REALLY cared about that sort of thing, just stick in some code to shut down the usage whenever you detect keyboard/mouse activity.  

These are not difficult problems to solve at all.
Are these things suppose to be easy? People don't operate botnets because they are hard, but because it makes them money for the amount effort they are going to put into it. I read in the news from time to time about botnet operators getting busted. They weren't doing it for the *rush* of the challenge, but to make a living.

2 months of dev work is like not getting paid for 2 months. The investment would have to be worth it to someone with that much free time. Plus there is a movement out there to root out botnets. So all your work could go up in a electron should someone shut you down or wipe our/take control of your botnet.

Risk vs Reward, right now there really isn't a reward for a Botnet operator.
SEN-5241
newbie
Activity: 4
Merit: 0
Re: A lucrative attack on bitcoin?
July 24, 2010, 01:00:12 PM
#6
Quote from: knightmb on July 23, 2010, 04:50:57 PM
So first, someone will have to take the source code AND compile a version that will remain hidden AND produce bogus blocks AND be able to be remotely controlled AND be able to restart itself after a system reboot/shutdown AND coordinate this properly to have *all* bots online at the same time AND be able to funnel those fake blocks to a central fake client AND be compile another client that will accept those fake blocks AND it will have to be setup to only work as private/local nodes AND you'll need another compile for a client that will connect to the public network AND the fake network to start loading up the fake blocks AND, AND, AND...

Huh?  Are these things supposed to be difficult?  You make it sound like it would take years of development to do this.  I've developed software for 10+ years, and in my estimation it'd take a skilled programmer perhaps a month or two to do this from scratch.  Possibly much less.  Anyone that has created botnets has already created the remote control libraries, so that's just a matter of linking them in.

Someone else mentioned a botnet hearder not wanting individual nodes to be discovered because of the CPU usage.  Well, most people don't EVER bring up a CPU usage meter, so the risks of that are minimal.  If you REALLY cared about that sort of thing, just stick in some code to shut down the usage whenever you detect keyboard/mouse activity. 

These are not difficult problems to solve at all.
NewLibertyStandard
sr. member
Activity: 252
Merit: 268
Re: A lucrative attack on bitcoin?
July 23, 2010, 07:57:47 PM
#5
Botnets would ideally attack the network while the difficulty is low, stop while the difficulty is high and repeat. I would imagine that botnet operators value their botnets enough to not risk many nodes being discovered from the computers running full blast all day everyday while producing bitcoins, but I might be wrong. I suppose they could run all the clients on half their cores, which would cut down on visibility. Anyway, bitcoins may be worth a lot right now, they're only worth that much because no one is flooding the market with bitcoins. They would have to withdraw only a small amount of money each day by only selling their bitcoins when someone offers to buy a small amount of them at a good price. If you were to look at the confirmed volume of trades occurring and adjust for possibly fake traders trading with themselves to alter people's impressions, I think you'd be surprised how few people are actually spending their hard earned cash on bitcoins each day.
knightmb
sr. member
Activity: 308
Merit: 256
Re: A lucrative attack on bitcoin?
July 23, 2010, 04:50:57 PM
#4
Quote from: im3w1l on July 23, 2010, 04:30:32 PM
1. Acquire access of large botnet
2. Have bots join bitcoin.
3. Speculate against bitcoin somehow
4. Have all of you clients transfer huge amount of bitcoin to an account controlled by you using bogus blocks
Now either two of these will happen
*Massive loss of trust in bitcoin
  5. Profit from speculation
*Little or no loss of trust
  5. Profit from theft

Works?

It would take a botnet larger than the current CPU pool (which might be possible), but it takes 100% CPU to make it happen, even if it's running on idle CPU time.

So first, someone will have to take the source code AND compile a version that will remain hidden AND produce bogus blocks AND be able to be remotely controlled AND be able to restart itself after a system reboot/shutdown AND coordinate this properly to have *all* bots online at the same time AND be able to funnel those fake blocks to a central fake client AND be compile another client that will accept those fake blocks AND it will have to be setup to only work as private/local nodes AND you'll need another compile for a client that will connect to the public network AND the fake network to start loading up the fake blocks AND, AND, AND...

I think getting the botnet will be the easiest part of this attack before one could move forward with it.  Grin
Quantumplation
sr. member
Activity: 308
Merit: 250
Re: A lucrative attack on bitcoin?
July 23, 2010, 04:43:03 PM
#3
Quote from: im3w1l on July 23, 2010, 04:30:32 PM
1. Acquire access of large botnet
2. Have bots join bitcoin.
3. Speculate against bitcoin somehow
4. Have all of you clients transfer huge amount of bitcoin to an account controlled by you using bogus blocks
Now either two of these will happen
*Massive loss of trust in bitcoin
  5. Profit from speculation
*Little or no loss of trust
  5. Profit from theft

Works?


Bogus blocks? o_O
im3w1l
sr. member
Activity: 280
Merit: 250
Re: A lucrative attack on bitcoin?
July 23, 2010, 04:41:37 PM
#2
Doing it my way should be able to give you around 10% of the value of all bitcoins in a short amount of time = more efficient
im3w1l
sr. member
Activity: 280
Merit: 250
Re: A lucrative attack on bitcoin?
July 23, 2010, 04:30:32 PM
#1
1. Acquire access of large botnet
2. Have bots join bitcoin.
3. Speculate against bitcoin somehow
4. Have all of you clients transfer huge amount of bitcoin to an account controlled by you using bogus blocks
Now either two of these will happen
*Massive loss of trust in bitcoin
  5. Profit from speculation
*Little or no loss of trust
  5. Profit from theft

Works?
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: