Pages:
Author

Topic: How to dismantled the awesome security of Bitcoin network in 4 simple steps. - page 2. (Read 2951 times)

legendary
Activity: 1764
Merit: 1015
So they hacked simplecoin, a pool that doesnt host solidcoin in order to get solidcoin accounts?

Do you not see how retarded this looks?

Some of them will crossref and yes they had a Solidcoin operation in the first go round.

https://solidcoin.simplecoin.us/lostpassword.php

Even after as many as I have cracked, I am still shocked at the number of people who will use the same PW over and over and over....

Someone is building a pretty lengthy case on you somewhere. Keep admitting more and more criminal behavior.  Cheesy
hero member
Activity: 504
Merit: 502
So they hacked simplecoin, a pool that doesnt host solidcoin in order to get solidcoin accounts?

Do you not see how retarded this looks?
member
Activity: 96
Merit: 10

i think he means release of the SC usernames and passwords?

Nice idea Death, can't see how it would fail. Same 51% attack except you have to have 1m coins first. easy. Looking forward to seeing drawl from CH about how it's wrong.
hero member
Activity: 770
Merit: 500
legendary
Activity: 2114
Merit: 1031
Any business that trades with Solidcoin is stupid.

Simplecoin just needs to be glad that whoever gained root access via a sql injection in their forum was only after Solidcoin user names and PW and not the wallets. Rumour has it a "coinhunter.md" was left behind explaining what happened and why.

Basically it is going to come to a point where the pain of supporting Solidcoin is more than any benefit.

But I like the way you think,  Grin Grin Grin

So is Simplecoin coming back?  Are they just down for the moment?
hero member
Activity: 770
Merit: 500
Well, but no one on earth would be stupid enough to design an alt-currency with that many obvious flaws! ... Right?
donator
Activity: 1218
Merit: 1079
Gerald Davis
To achieve a 51% attack on the Bitcoin network via brute force would require millions of dollars worth of hardware.  The necessity of specialized hardware (GPU) excludes any "reduced cost" attack by putting an attack outside the capabilities of even the largest botnets or cloud instances.

Say you didn't want that kind of security.  Here is how to introduce flaws that significantly reduce the cost of attacking your alt chain:

1) Convince yourself that wealth = trust despite lots of historical evidence to the contrary.

2) Devise a system to use a network of trusted nodes to sign every second block of your block chain.   Make the requirement for this trusted node status 1 million coins giving the attacker a method to gain "trust".  

3) Make your blockchain GPU-unfriendly so attackers can harness the ultra low cost of commodity cloud CPU power.

4) Keep source code a secret, use no peer review in development, and make yourself completely in charge to ensure nobody voices any concerns until too late.  Everyone knows one set of eyes is better than a thousands.

Here is how the attack works.

Step 1:
Attacker amasses 1 million coins.  Say if your coins were worth 1.4 cents currently that would only be $14,000.   Now someone will point out if you buy them all the price will skyrocket.  While that may be true for a retard lets assume the attacker is smart.  Attacker could buy small amounts on the market.  Attacker could simultaneously approach users w/ large amounts of hashing power and sign short term contracts for say 20% over market value.  Attacker could also use EC2 cloud or botnets to generate coins.  If the attacker is smart and uses a balanced approach they could amass 1 mil coins cheaply.

Once attacker has 1 mil coins he is a trusted node.  Magic how getting 1 mil coins (maybe even through stolen hashing power - aka botnet) makes you trusted.  

Step 1a:
An alternative approach would be for attacker to scam/defraud/steal coins.  For example if the mybitcoin.com operators had existed on this alt-chain through their outright theft they would now be considered "trusted".  Don't you see the logic?

Step 2:
Attacker now checks the average block signing time for the even blocks to estimate hashing power of even trusted nodes.   Using EC2 cloud or botnet attacker ramps up his trusted node's hashing power to 100x the trusted nodes hashing power.  While this may seem like a lot in reality it isn't.  See we have made this very easy for the attacker.  In essence we have ensured the much larger hashing power of the "untrusted network" can't help us to protect the vulnerable trusted nodes.  If there are only a few (or say one) trusted node you could produce a super powerful trusted attack node with only ~100 CPU.  Now building 100 CPU may be a challenge but you can always rent them from Amazon for ... $40 per hour.  If we massively overpower the other trusted nodes then we are defacto the only effective trusted node as we have a reasonable chance of always signing a node faster than any other trusted node. If there is only one well that makes it even easier.

Step 3:
Launch a normal 51% attack against the network.  Normally this would be prohibitively expensive however the use of low cost cloud CPU resources , botnets, and rogue system admins mean that low cost commodity CPU can be used to win via numerical superiority.  Say your alt chain has 0.05234GH/s of hashing power and average CPU gets 10KH/s.  That is only ~5000 CPUs necessary to achieve 51% control over the network.  A well timed DDOS attack against major pools could degrade that network hashing power significantly.  When 5000 CPU are available via Amazon for $160 per hour or less with unlawful computing power you start to realize how a trivial sum can be used to attack the network.

Step 4:
Attacker now has control over the block chain. The combination of trusted nodes and CPU-friendly algorithm allowed this to happen for a trivially small amount of resources.
Pages:
Jump to: