Topic: Real-world useful application for Bitcoin: Malware/Hacker Canary (Read 4615 times)

In a practical sense though, most thieves won't, for various reasons, the least of which is that your wallet will probably be empty at some point in five years, as you'll have switched to another client that doesn't need 6 months to download the block chain.  Of course some will wait, but this methodology isn't a 100% intrusion detection (nothing is), just a reasonable cost heuristic that will improve the detection rate meaningfully in relation to its cost.

If he waits too long, the keys in your wallet may have become obsolete (this assumes you only use each address once and you go through over 100 addresses before he "pulls the trigger.")

Uhm, if a thief/virus/whatever gets access to your laptop and copies your wallet.dat, he can wait five years before actually stealing your money. And you have no idea you were compromised, or when. A canary is only good if it warns you in good time before a disaster.

A web service where you put your address/addresses and email/sms info. If money moves out, you get notified. Would it be any good? Wouldn't need to install any software.

What if you find yourself getting paid instead of robbed? How would you react on that?

Also I can see it as a hackers competition ground. One announces bounty to hack a specific host with a requirement to put a hacked.bit into /root with the address to pay the bounty.

Heck, one can test-proof his system before using it for something important.

Great link. Thanks!

nice!

You can use ChangeDetection for email alerts when a blockexplorer.com page changes.

May as well just start doing this and advise others to do the same, it might just catch on.

With this AV, you really get what you pay for.

Take note : Watching the client balance is not a viable way tell if your PC is compromised, you need to have a client elsewhere that check for activity on this address and trigger an alarm.

Such a service could be very easy to set-up.

That may still be a hard sell as so many people confuse adware and most any PC failure as viruses.
This could be advertised as : for finding rootkit trojan that you can't see.

Mike, all good points for the average user regarding safe browsing

I think all bitcoin IRC users are potential targets for hackers and they already know one piece of valuable information: IP/hostmasks from IRC connection. I'm just not sure how safe router and OS firewalls to keep them blocked from local networks as you cannot keep all incoming ports closed obviously.  Maybe I'm too paranoid about it from the time back in the day when one IRC user left me a .txt note on my C drive that he was there, thankfully he was cool not to format my drive about which I heard stories from other users.

edit: and for that matter I'm obviously running Bitcoin client with 'noirc' flag

IRC isn't the big danger, I consider it relatively safe, unless you consider people knowing your IP to be a risk and only if they have a reason to target you.  Just knowing your IP address doesn't entice a hacker to target you at random if you're just joe anybody, but if they think you might have something they want, then it would be a risk.  The biggest risk for the average home user behind a firewall is they browse to a website that serves them something that exploits a hole in their browser (aka "drive-by download") or in a plugin (such as Adobe Flash), or they download something that contains malware.  A firewall can't stop any of that, because a firewall will let through any incoming responses to outbound requests - exactly what web surfing is.  If it stopped such responses, you wouldn't be able to use a web browser.

Any site can get you - because sometimes the exploits come through the third party stuff (like banner ads) hosted on completely legitimate websites.  As a rule, you're more likely to get hit on websites where you're looking for "something for nothing" (free porn, pirated software, the latest sex tape, etc.) where the site's existence is probably funded by the sleaziest advertising companies who turn a blind eye to exploits.  And you are less likely to get hit on sites where security is a priority - such as your bank site.  Antivirus helps protect against stale threats, but many exploits in the wild will not be detected by antivirus, a situation that will not change any time soon.

The only way to really protect yourself from that is to do all your normal web browsing on one computer that you don't care if it gets infected, or something that's easy to restore to its pre-infected condition (e.g. Live CD), and then do all your sensitive web browsing (banking, bitcoins etc) on another computer that you never use to surf the web at large.  Keeping your operating system up to date is also a prerequisite.

Good god, this is brilliant.  I now realize that I have been doing this without thinking about it. 

I leave baits all over. So far, no hacks. Even in old computers, no antivirus, just the usual firewall settings. (OSX and Windows).

I save a plain-text version of a private key (.txt) on my Desktop also. No hacks either.


"This house is clean." (Poltergeist)

Mike or anyone else for that matter: any kind of precautions that you can recommend when going on IRC?  Are modern consumer routers with enabled firewall suffice? I remember back in dial-up days script kiddies with little know-how could do really nasty and damaging things to one's system since then I stayed away from the IRC for the sake of not exposing my hostmask, network and system to all sorts of malicious probes. Is it safer nowadays?

i think its a good idea.  i'm gonna send 1BTC to all my computers.

1000 USD (not BTC) was my suggestion for what to bait a hacker with on a database server in a place where it is clear it is bait.  (in this case, you would watch both for the coins to be stolen, and for efforts made to prevent others from seeing the bait and redeeming it first).  In such a case, the hacker has probably broken in via sql injection and he is more sophisticated and knows what he is doing and why he is there.

1 BTC is what I'd suggest against protection from automated malware on a typical home PC.

assuming that the hacker will "accept" a mere 1BTC.  your reason for putting up 1000BTC to begin with implies that he wouldn't.

It would not work.  Coins from alt chains are not bitcoins.  The thief can't sell them as Bitcoins.  The Bitcoin network won't accept a transaction on them, nor recognize them as having any value.  From Bitcoin's perspective, they are functionally identical to a wallet with 0 bitcoins.

what about creating an alternate blockchain with the same properties as btc ? Securitycoins

so you always can have a fake wallet there which is loaded with SecurityCoins but that is not visible to the intruder..
You still can check the movement of coins in the alternate blockchain..
you yourself know which is the real one and which is the bait.,.but the attacker can only find out by trying to move the money to his btc account..while he moves it in the worthless fakechain..


you get my thinking? sorry i am a bit unconctrated today to formulate my thoughts..mayb it was already considered..

The other nine servers will still have 1 BTC up for grabs, and you'll still know which server got hacked by seeing which of the ten 1BTC wallets got stolen.  At that point, if you want to throw more BTC into known shark-infested waters to make sure all the servers have a treat, you can bet they will probably get eaten, and it won't tell you much more than you already know.

Exposed is a misnomer - once the hacker is in, they're exposed whether the servers have BTC or not.  But now you know you've been hacked, which is 95% of the battle.