Pages:
Author

Topic: [ATTN!!] Bitcoin Security nearly Breached - page 2. (Read 6692 times)

sr. member
Activity: 392
Merit: 250

Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley


Very nice to see they are doing something. Ouch that it apparently is capable of snagging legitimate users as well.  Maybe the ip limit is too low verse period of time multiples connect? How many IP's did you have connected, if I may ask?

That's proof of the botnet that Deepbit "doesn't have the ethics to block" for people who like to make damning statements without doing any research.
hero member
Activity: 504
Merit: 500

Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley




Very nice to see they are doing something. Ouch that it apparently is capable of snagging legitimate users as well.  Maybe the ip limit is too low verse period of time multiples connect? How many IP's did you have connected, if I may ask?
hero member
Activity: 588
Merit: 500

Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley

sr. member
Activity: 266
Merit: 251
Tycho earns thousands of dollars per day legit by running the pool.

Why risk ruining a good business?

So this whole supposedly decentralized, resilient crypto-currency comes down to this?  "We trust this one guy.  Why would he want to screw us over?"  Why not just use E-Gold or something and quit wasting electricity?

Also, remember that you're not just trusting Tycho.  You're trusting anyone capable of compromising his systems, or of performing a rubber-hose attack against Tycho himself.  You think he's going to side with us if the Russian mob starts threatening his family?

Quote
He's even proposed countermeasures & paid bounties for people to monitor him and nobody took up the challenge.

What good would that do?  I've been watching Deepbit's hashrate hover above and below 50% of the total network this morning.  Most of the miners are probably asleep right now.  As for the rest, if they can't get their shit together to keep things balanced, what makes you think they would do anything about an attack in progress?  It would only take about 2 hours to pull off.

Cuddlefish had a much better idea to solve this problem, but it doesn't seem like anyone's working on that either.  No posts in that thread for a month now.
sr. member
Activity: 266
Merit: 251
You know, as long as they are up on that chart, that is proof that they are using their resources productively. I'd be more suspicious is deepbit suddenly dropped to a small sliver, that could mean that they are diverting hashing power to an attack.

The chart just pulls hashrate numbers from the pool websites, then divides by the overall network hashrate to get the percentages.

During an attack, the total network hashrate would drop, but the attacking pool would probably continue to report its usual numbers (unless the attacker intentionally changed them).  The "other" category might even go negative, since it just represents the portion not accounted for by the reported pool hashrates, though I'm not sure how that would show up on the chart.
hero member
Activity: 702
Merit: 503

Deepbit blocked it then it was shopped over to BTCGuild who caught it and blocked it, then bitcoin.lc who blocked it so far.

You got a little prejudice on your face there.

As with all things in life, time will tell what's on whose face...  Wink
sr. member
Activity: 392
Merit: 250

Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley

Deepbit blocked it then it was shopped over to BTCGuild who caught it and blocked it, then bitcoin.lc who blocked it so far.

You got a little prejudice on your face there.
hero member
Activity: 702
Merit: 503

People need to stop and think before making these idiotic posts.
Cheesy ...
http://www.youtube.com/watch?v=Xda4mZK4wpM  Wink

...

Unfortunately I don't speak Russian, so I can't really understand the youtube video, but I'm sure to you and the other 9,000 viewers it was epic Smiley

Well, since you don't speak Russian, perhaps you should use GoogleTranslate and spend some time in the Russian parts of this forum and the internet, before making your own "idiotic posts" about Deepbit...  Cheesy

As a Russian: "Just saying..."  Wink
sr. member
Activity: 322
Merit: 252

People need to stop and think before making these idiotic posts.

 Cheesy Right. And Micro$oft Windows became the predominant OS because it was better than all the rest...
http://www.youtube.com/watch?v=Xda4mZK4wpM  Wink

You'll note I didn't say it was better - ever.  What I said was "they like DeepBit better than others".

The quality of a product has nothing to do with whether or not people like it better.  It's a contributing factor for some, but Dodge will always sell a ton of Dodge Neons because some people don't care about quality, as long as there are readily available coffee can mufflers and plastic spinner hubcaps for it.

Microsoft's dominance hasn't changed, but it certainly has less of a margin with both OS's and browsers, with browsers slowly sliding towards no longer being dominant.

Microsoft became the predominant OS for several reasons:

-They made the personal computer affordable versus IBM PCs with IBM DOS
-They made deals with computer manufacturers that incentivized them to sell Windows and not OS/2 or Mac or Linux
-Even with less than perfect and sometimes terrible implementation of ideas, they eventually "Get it right" and give people what they want.

The difference with Mac is, they invent something new and its either a.) very useful or b.) they use hype to convince people its a NEED.  Microsoft combines innovation with immitation.

That being said:

I have an apple phone
an apple desktop
an apple laptop
a windows computer
a windows notebook
a windows NETbook
a linux server
and an android tablet.

Each has its own purpose.

Unfortunately I don't speak Russian, so I can't really understand the youtube video, but I'm sure to you and the other 9,000 viewers it was epic Smiley
hero member
Activity: 702
Merit: 503

People need to stop and think before making these idiotic posts.

 Cheesy Right. And Micro$oft Windows became the predominant OS because it was better than all the rest...  Roll Eyes
http://www.youtube.com/watch?v=Xda4mZK4wpM  Wink
hero member
Activity: 504
Merit: 500
Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......
which would probably be considered a small botnet. to back you up, the problem is not that each computer is only offering a small amount of computing power, the real problem is when they are aggregated together. 10/100s of thousands of small machines could potentially make up a large percentage of a pool. when you consider the fact that who ever is running the botnet is pulling in btc while not paying for any of resources (except software costs) for those machines and requiring only a small amount of manually effort, its looks like a very lucrative venture to point those machines at a mining pool. i have no doubts that they will get better and better about masking themselves: load balancing pools, randomly disconnecting to look like a normal user, multiple withdrawal addresses, etc. Or just flat out running their own pool -- not much could stop them.

cheers, m8. Glad you understood my not so carefully drawn out thought there. My main point being the amount of hash power from such a small botnet. The usual assumption I have seen echoed here is that botnets would produce much lower hash per zombie than what was seen from the recent one. Scale it up and it = scary shit.
sr. member
Activity: 322
Merit: 252
There are nearly 50% of pool miners there for one reason - they like DeepBit better than the others.

When other sites are more reliable, cheaper, produce more coins, have a nicer interface, whatever the reasoning people are choosing deepbit - they will switch to someone else.

It's not about hacking or stealing coins or any of this other nonsense.  3% commissions on 50% of 154 blocks a day... lets see... excluding the "change", and neglecting the 10% fees on the share miners:

77 * 50 BTC = 5775 BTC per day * 2% = BTC 115.5 per day, or $1732.50 USD at $15/BTC...

Now tell me, when you're already making $52,000.00 a month, or $623k a year conservatively, why are you going to muck around?

People need to stop and think before making these idiotic posts.
hero member
Activity: 702
Merit: 503

Quote
Botnets simply cannot contribute that much. ...

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Word! Testify!!! Amen!  Grin

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  Smiley
newbie
Activity: 27
Merit: 0
Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......
which would probably be considered a small botnet. to back you up, the problem is not that each computer is only offering a small amount of computing power, the real problem is when they are aggregated together. 10/100s of thousands of small machines could potentially make up a large percentage of a pool. when you consider the fact that who ever is running the botnet is pulling in btc while not paying for any of resources (except software costs) for those machines and requiring only a small amount of manually effort, its looks like a very lucrative venture to point those machines at a mining pool. i have no doubts that they will get better and better about masking themselves: load balancing pools, randomly disconnecting to look like a normal user, multiple withdrawal addresses, etc. Or just flat out running their own pool -- not much could stop them.
hero member
Activity: 504
Merit: 500
What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation...  Wink

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users...  Wink

Botnets simply cannot contribute that much. The average computer could only hash pathetically. Even tens of thousands of average computers would probably only be 50-100 gh/s.


Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......
hero member
Activity: 616
Merit: 500
Graph doesn't have a title.
jr. member
Activity: 56
Merit: 1
What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation...  Wink

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users...  Wink

Botnets simply cannot contribute that much. The average computer could only hash pathetically. Even tens of thousands of average computers would probably only be 50-100 gh/s.
hero member
Activity: 702
Merit: 503
What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation...  Wink

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users...  Wink
jr. member
Activity: 56
Merit: 1
It's ironic that the users who are supposed to guarantee for the security of the network are the ones who care the least about it as long as it makes them a couple of legacy bucks.
who is designated responsibility for the security of the network? is that not up to the users to secure themselves? via securing their wallets and taking personal responsibility for third parties that they trust (pools, exchanges, etc)?
It's the miner's job to verify the block chain. This is the main nerve of Bitcoin, and it's not affected by locally encrypted files or auditing of services.

If the operator started monkeying with the transactions in the blocks it created...or tried to withhold some blocks in order to effect a double spend, I think it would get noticed in short order and the pool operator would find themselves swimming alone very quickly.
If the motive of a pool operator is to discredit Bitcoin rather than profit, this attack would do much more damage than a few exchange rate swings. We've seen how BTC Guild usage recently exploded, so it's not unthinkable that future pools will be able to gain mass network share. If profit is the motive I guess it would be a lot easier to just keep a few blocks now and then without announcing it to the users. And I suspect this is already happening.

Why risk taking a whole block every now and then when you get 3% of each block anyway?

And it isn't risk free, the miner could have software that informs him he has found a block, and if it isn't later reported, it could arouse suspicion.
full member
Activity: 185
Merit: 100
It's ironic that the users who are supposed to guarantee for the security of the network are the ones who care the least about it as long as it makes them a couple of legacy bucks.
who is designated responsibility for the security of the network? is that not up to the users to secure themselves? via securing their wallets and taking personal responsibility for third parties that they trust (pools, exchanges, etc)?
It's the miner's job to verify the block chain. This is the main nerve of Bitcoin, and it's not affected by locally encrypted files or auditing of services.

If the operator started monkeying with the transactions in the blocks it created...or tried to withhold some blocks in order to effect a double spend, I think it would get noticed in short order and the pool operator would find themselves swimming alone very quickly.
If the motive of a pool operator is to discredit Bitcoin rather than profit, this attack would do much more damage than a few exchange rate swings. We've seen how BTC Guild usage recently exploded, so it's not unthinkable that future pools will be able to gain mass network share. If profit is the motive I guess it would be a lot easier to just keep a few blocks now and then without announcing it to the users. And I suspect this is already happening.
Pages:
Jump to: