Author

Topic: What to do in case of an attack on Bitcoin? (Read 1431 times)

legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
November 06, 2011, 02:39:07 AM
#12
Is it possible to pull error messages/alerts from RPC or out side the Bitcoin network?
I'd like to have a website where people can go to check up on the alerts?

Poll the getinfo "errors" field. Alerts (and other problems) will be put there.

Thanks mate.  Smiley
administrator
Activity: 5222
Merit: 13032
November 05, 2011, 08:38:53 PM
#11
Is it possible to pull error messages/alerts from RPC or out side the Bitcoin network?
I'd like to have a website where people can go to check up on the alerts?

Poll the getinfo "errors" field. Alerts (and other problems) will be put there.
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
November 05, 2011, 07:08:19 PM
#10
https://en.bitcoin.it/wiki/Contingency_plans
https://en.bitcoin.it/wiki/Alerts

a secure information channel over which merchants/exchanges could be informed so that they can (automatically) suspend accepting Bitcoin payments for the time of the attack

They can poll getinfo.errors to receive alerts. If there are any alerts, then the network is almost certainly broken. Alerts will only ever be sent for very serious issues.

Is it possible to pull error messages/alerts from RPC or out side the Bitcoin network?
I'd like to have a website where people can go to check up on the alerts?
legendary
Activity: 910
Merit: 1001
Revolutionizing Brokerage of Personal Data
November 05, 2011, 02:47:48 AM
#9
Great, thank you - this is exactly what I had in mind! Can't believe I missed that page when I was searching for it...

It is very reassuring to know that such a document already exists!
administrator
Activity: 5222
Merit: 13032
November 05, 2011, 01:06:05 AM
#8
https://en.bitcoin.it/wiki/Contingency_plans
https://en.bitcoin.it/wiki/Alerts

a secure information channel over which merchants/exchanges could be informed so that they can (automatically) suspend accepting Bitcoin payments for the time of the attack

They can poll getinfo.errors to receive alerts. If there are any alerts, then the network is almost certainly broken. Alerts will only ever be sent for very serious issues.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
November 04, 2011, 07:29:00 PM
#7
I'm not a programmer, so I can't really address the threats you mention, but I'm sure that for every person looking for a way to exploit the code, there are many more looking to make it more secure. That's why it is open source. A 51% attack is temporary at best and hopefully it will happen soon so we can learn from it.
legendary
Activity: 910
Merit: 1001
Revolutionizing Brokerage of Personal Data
November 04, 2011, 07:02:26 PM
#6
I don't see the threat. How can anyone attack the Bitcoin network. Sure, some mining pools can be dd, but going solo mining or pool hopping will secure the integrity of the network.
There are a number of possible attacks (as I mentioned in my first sentence).
What if there is a bug in the client? What if somebody detects a flaw in the protocol? What if some cancerous nodes try to isolate a part of the network? What if somebody attempts a 51% attack (maybe after a DDoS on the pools)?

In each of these cases there are things that can be done to mitigate the damage, but the longer it takes to inform the right people, implement the necessary changes and roll them out, the more damage will be done to Bitcoin's reputation.

If there is a certain bug in the client, the devs might want to get the fix implemented at the pool servers as quickly as possible. Maybe merchants/exchanges would want to be informed that the Bitcoin network is currently in an unsafe condition and might want to temporarily stop processing Bitcoin transactions. If a hot-fix could result in a chain-split - who decides if this is the best/only way to fix the issue? What if some of the core devs are unavailable? A 51% attack could likely be prevented by activating stand-by hashing power but you'd quickly need a way to contact people willing to contribute their unused hashing power for this.
...
There simply are a lot of issues that could come up and might be dealt with sub-optimal when under time pressure.

Of course, a serious attack on Bitcoin may seem unlikely, but I think a kind of emergency protocol could really be useful in a crisis and certainly speed up the process of getting everything back on track.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
November 04, 2011, 06:04:27 PM
#5
I don't see the threat. How can anyone attack the Bitcoin network. Sure, some mining pools can be dd, but going solo mining or pool hopping will secure the integrity of the network.
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
November 04, 2011, 05:34:42 PM
#4
Agreed.

I see you point about a some kind of massive alert system but who has the power to alert.

What kind of indicators should declare these alerts should be broadcasted....

One interesting thing I'd like to see is some how have the Bitcoin client itself detect time attacks and other vulnerabilities somehow then encode an alert codes into the block chain which each code could represent possible attack warnings but maybe 1 block is 1 too many, maybe somekind of IRC relay signal.... idk....
legendary
Activity: 910
Merit: 1001
Revolutionizing Brokerage of Personal Data
November 04, 2011, 05:08:11 PM
#3
As dumb as this might sound maybe a public defense plan isn't the best plan of defense. As they will just counter your counter before you get the opportunity to counter their attacks and defend our selves.
Anyone else get that feeling that attackers will just use our own knowledge against us?
That's a valid point and I also don't think that all parts of such a plan should necessarily be public. On the other hand I didn't think of it as a defense plan either - just a protocol of operation in case of an emergency (like a plan for the fire exits, not a fire extinguisher).

Maybe we should all educate each other amongst are selves... that way the flow of information is more distributed and impossible from any outside(or inside) influence to know the true depth of the knowledge the community has as a whole about how the blockchain and bitcoins work.
While I fully acknowledge the power of decentralization, I also think that Bitcoin is about openness and we should not start to rely on some details about Bitcoin being hidden. I don't think public knowledge about some basic emergency protocols would be of much help to a possible attacker.
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
November 04, 2011, 04:37:45 PM
#2
As dumb as this might sound maybe a public defense plan isn't the best plan of defense. As they will just counter your counter before you get the opportunity to counter their attacks and defend our selves.
Anyone else get that feeling that attackers will just use our own knowledge against us?

Maybe we should all educate each other amongst are selves... that way the flow of information is more distributed and impossible from any outside(or inside) influence to know the true depth of the knowledge the community has as a whole about how the blockchain and bitcoins work.


(edited)
legendary
Activity: 910
Merit: 1001
Revolutionizing Brokerage of Personal Data
November 04, 2011, 04:33:03 PM
#1
Suppose the Bitcoin blockchain or network is under attack (maybe because of a flaw in the protocol, a bug in the client, malicious miners, DDoS on nodes, attempts to isolate parts of the network, ...). What would be the emergency steps for counteracting the attack or mitigating the harm? Who is in charge? Have Bitcoin devs and mining pool operators (possibly others) worked out a plan on what to do in case of an emergency?

Just a few ideas of what I think such a plan could cover (feel free to disregard any or all of them):

  • list of possible attack scenarios with rough guidelines for countermeasures
  • ensure that key people have each others phone numbers and GPG keys
  • decide on a voting mechanism in case of possibly controversial hot-fixes for the client
  • a way to activate standby hashing power (inform cooperative owners of unused capacities)
  • make sure that mining pool operators can quickly implement blockchain checkpoints
  • a blueprint for a signed public announcement
  • an efficient way to inform the community
  • a documented format for messages over the alert system
  • a secure information channel over which merchants/exchanges could be informed so that they can (automatically) suspend accepting Bitcoin payments for the time of the attack

I understand that some of those things might seem to go against Bitcoin's decentralized nature, but in case of an attack it could make a big difference for the whole Bitcoin ecosystem, if a few people know what to do and cooperate efficiently.

With more and more people and businesses relying on the operation of the Bitcoin network, an emergency plan would be somewhat reassuring - especially since some attacks might require quick action to prevent major turmoil.

Your thoughts?
Jump to: