The Bitcoin Network has 4 key points of weakness. Namely:
- The Wallet Software.
- The Trail.
- The Public Data set.
- The Exchange.
What follows is a quick discussion of how each of these components may be compromised individually and thus possibly result in the collapse of the Bitcoin currency system as a whole as a viable alternative currency.
Bitcoin Software
Currently, most Bitcoin owners use software created and compiled by Bitcoin.org. The Bitcoin wallet software, once compromised with backdoor functionality, would give authorities access to an individuals computer and wallet details, including the valuable Bitcoin key file. Adding a backdoor to the Bitcoin software provides a transparent sure-link between user and originating wallet(s). A well maintained backdoor would remove the key benefit of anonymity Bitcoin users are seeking in the alternative currency and leave them open to enhanced enforcement controls.
The Bitcoin software is the highest reward/lowest risk point of failure to control within the entire Bitcoin ecosystem and may already be in place following recent discussions. It should be noted that although the underlying code IS open source, few users roll their own, and from those that do, few if any will ever read the complete code base. Methods to obfuscate and spread malicious backdoor code throughout open-source code are already well developed and research is progressing rapidly.
Bitcoin Trail
This is the Bitcoin Network trail when transferring Bitcoins between two wallets. For Bitcoins to be transferred successfully, the sending computer MUST be connected to the Bitcoin Network at some point in order to complete the transfer. Therefore , for almost every user, the data sent will eventually pass through an external server unconnected to their bitcoin activity. For example a telco ISP node. As it passes, deep packet analysis can be used to identify the recipient wallet. Since other nodes in the Bitcoin network must , by the very nature of the Bitcoin system, be capable of understanding the message sent out, deep packet analysis will always be viable to identify the trail connecting two Bitcoin wallets.
Bitcoin Public Data
Through deep searching transaction details in the public Bitcoin blocks (which are public as a result of the way the Bitcoin network operates) enforcement can very easily identify key wallets to probe further. Through this, they may then better allocate resources towards high value targets within the network based on traffic to particular wallets. Creating a network graph to aid in this analysis is elementary.
Bitcoin Exchange
Using Bitcoins to buy real world goods requires a method of exchanging Bitcoins for cash. Preferably USD, Euros or Pounds Sterling as these are most common for money laundering purposes. In actuality, most Bitcoin users currently use purpose built online exchanges to transfer money between real money bank accounts and bitcoin wallets. This leaves a very clear paper trail between real user identities and Bitcoin wallet ID, thus allowing identification of network nodes and adding additional value to those interested in penetrating the veil of anonymity.
Conclusion
EDIT: - An interesting comment was posted to this article from an alleged Bitcoin Exchange Owner. Full write-up here: Bitcoin Exchange Scam.
The current Bitcoin network has significant weaknesses and is not the white knight of anonymous value exchange many would make it out to be. From the methods discussed above, authorities have access to real user data together with potentially real-time transaction data.
Combining Bitcoin user data with transaction data is trivial given a basic understanding of computer science. Following which, one could conceivably begin a stage 2 targeted network shutdown.
Every modern currency is a distributed system and hence relies heavily upon end user trust. Without that, the network loses traction, eventually shrinking to accommodate only the most committed of users, ie. those who have most to gain from a distributed, allegedly anonymous currency network. In Bitcoins case, this set of committed users would be those with almost exclusively nefarious purposes, where the reward is worth the risk involved over alternative means of achieving similar aims.
Through stage 2 takedowns the trust in the Bitcoin network can be eroded, thereby opening up the possibility of Bitcoins collapse as a viable anonymous currency and destroying it’s value proposition. Effectively shutting it down from mass popularity.
Further Work
If there’s sufficient interest, I’ll continue with a counter post to all the above (listing appropriate solutions to each point covered) or alternatively a post on how to use this information to shutdown the Bitcoin network in actuality (recommended methods of a stage 2 takedown).
What do you think?
Leave a comment
I agree. Taking down the Bitcoin Network would be very difficult but not impossible as everyone seems to be saying these days. I’ve held back from buying in to the hype and plan to “wait and see” what happens…
Bitcoin is stupid. You should just shut it down. Thanks in advance.
Thanks for your opinion, Ben.
Nothing is perfectly secure, ever. This is an eternal certainty. However, the ‘exploits’ you list here are not valid for several reasons.
Bitcoin software backdoor.
Not realistic. This software is scrutinized more than your average open source project because of the potential loss that a breech would cause, and users are very wary of upgrading. Newbies not as much as they should be, but they will learn.
Bitcoin Trail
It’s trivial to hide the bitcoin network traffic, using Tor, I2P or a number of other methods. Count on a future client that does this natively.
Bitcoin Public Data
Although the transaction data is, indeed, public record; this does not mean that anyone could identify a user, or even a wallet, by the available data. Maintaining anonymity requires intentional care on the part of the users involved, but is not easily broken as a matter of data mining the blockchain alone.
Bitcoin exchanges
Now this is a real issue, but not really a bitcoin issue. These exchanges are all third parties to bitcoin, and users choose to use them at their own risks. Other, more hidden, exchanges already exist; for the truly paranoid. But the vast majority of users don’t need quite that level of anonymity, most just want privacy in their normal online business.
Gasull from HN wrote:
“Thanks for writing it. Point by point:
- Bitcoin software: It’s open-source. How would anybody compromise it with so many eyes watching?
- Bitcoin trail: Solved using Tor and adding noirc=’1′ to bitcoin.conf file. Also you need to earn your bitcoins anonymously. Anyway, Bitcoin isn’t supposed to be anonymous. It can be anonymous if you do it right, like you can browse the web anonymously if you do it right.
- Bitcoin public data: Same as with bitcoin trail.
- Bitcoin exchange: Right, but you can buy bitcoins from someone without revealing him/her your name.
It seems your article analyzes if Bitcoin is good for money laundering. It can be used for that, but I don’t care. It isn’t what makes Bitcoin interesting. Bitcoin is an alternative to payment methods like paypal, to currencies like the dollar or the euro, to payment transfers like ACH or Western Union, and to bank accounts. That is what makes it an awesome currency. That is what makes it disruptive.
It can be used for money laundering just like cash and offshore bank accounts can be used for money laundering. Way more people are using cash than bitcoins for money laundering. And that isn’t what makes Bitcoin disruptive, because money laundering already exists.”
My reply to the above:
“Open source code tends to give a false sense of security. Many people assume others will check the code, yet few do. In addition, it is possible to spread malicious code throughout a code base to prevent detection. (mentioned in article).
To use TOR you still connect through an ISP. That can be tracked and deep packet analysis can be done. TOR is not a magic bullet.
Exchange – Correct. That was coming in part 2 of the article covering methods around each point, but unlikely to find the time to write it up at this point.
I leave the question: Why else would one use an anonymous currency unless they don’t want to be detected? From there, who does not want to be detected? Usually those doing things they shouldn’t. Otherwise, you’d just use a credit card or normal payment service as an everyday citizen would.”
Nerdr
Gasul from HN continued:
“Open source code tends to give a false sense of security. Many people assume others will check the code, yet few do. In addition, it is possible to spread malicious code throughout a code base to prevent detection.
Those few who do are usually enough. Closed-source code gives a false sense of security. There are way more exploits for closed source code and they tend to take longer to fix.
To use TOR you still connect through an ISP. That can be tracked and deep packet analysis can be done. TOR is not a magic bullet.
Untrue. Deep packet won’t see anything besides an encrypted connection. If you use Tor bridges nobody will know you’re connecting to Tor.
Why else would one use an anonymous currency unless they don’t want to be detected?
It isn’t an anonymous currency. That’s the main misconception about Bitcoin. Bitcoin can be anonymous using Tor. Just like the web can be anonymous using Tor. But the web isn’t anonymous per se, and so isn’t Bitcoin.
Again, the main point of Bitcoin is how disruptive it is for the banking industry. It makes micropayments easy, it makes transactions among individuals easy and decentralized, etc. It disrupts their business models based on an oligopoly.
Why would you use Bitcoin? Because you can:
- Be anonymous if you want, but you don’t have to.
- Transfer money to someone, overseas, without any fees.
- Charge money for your business without paying horrendous credit card or Paypal fees.
- Stash your money securely in case of Government collapse (think Argentina 10 years ago, Belarus 2 weeks ago, or Greece very soon)
- Make confiscation impossible if you leave in a corrupt country.
- Make micropayments (like tips) without fees.
- Buy stuff online from overseas (people are doing this with a NewEgg proxy that accept bitcoins)
And there are many more use cases that I’m probably forgetting right now.”
My (partially rushed reply, sorry for not taking each point indivudally):
“1. Apologies for the misunderstanding. I didn’t mean to say the code will be open to exploits, I meant the code will intentionally contain a backdoor at an agencies behest. Exploits are another matter entirly and open source has its pros and cons for that purpose.
2. Then TOR bridges could be blocked at ISP level or made illegal. We’re starting to see censorship arise on the internet and it’s possible.
3. Many of these use cases are of course valid, But I will add their exist transaction fees which are paid when bitcoin are transferred, plus exchange fees when bitcoin is exchanged for real currency. It’s not a fee free currency as suggested. I would add (and this is of course a guess) that most users will have illegal purposes and intent in mind. If only because they have most to gain from Bitcoin use. Most average folk don’t ever see a 2% Visa fee as business absorbs this cost, so for a user purchase fees for everyday goods is not a value driver. I can see it being used for tax avoidance, money laundering and payment for nefarious purposes. Other use cases do not stand up to value analysis.”
“Why else would one use an anonymous currency unless they don’t want to be detected?”
To that, I counter 2 points: Why else would someone want privacy, unless they are doing something wrong? (easily debunked by asking, “Do you close the bathroom door? And are you doing something wrong?”)
Also, I like Bitcoin not for it’s anonymity but for it’s convenience and price. Why would I accept Mastercard with its 2+% drain on my profits, when I can accept Bitcoin and boost my profits 2% instantly at no cost to me?
1st – I close the door because I don’t want to be seen doing an act considered “dirty” by society. Same reason people use Bitcoin and same reason people like ot wipe their cookies.
Your second argument is great when the USD value of a bitcoin is increasing rapidly as it is now, I wonder if you will change your argument should it start to fall…losing 50% value in a day makes a 2% charge in exchange for massively reduced volatility seem negligable.
Bob asked you if you were doing something wrong, not if you were doing something that dictates a certain etiquette. Bob’s point stands: people value privacy for all kinds of reasons and sometimes for its own sake. And a point should be made that there is a big difference between doing something you shouldn’t and doing something illegal according to some state law. Laws can be unjust.
If the law is unjust, should you not seek to change it or move rather than using a veil of privacy and anonymity to work around it?
You’re assuming one would ever need to exchange their BTC.
Idealistically, not Bitcoin itself, but perhaps another system not made yet could provide a currency for all people, citizens, merchants, shops, traders, even nations?
Nothing is going to change unless you’re truly open to an idea.
Really people, Bit coin is all about removing CENTRALIZATION and if you think bitcoin is a BAD idea, You must be a bank manager or something cause its only them, goverment, corporations etc etc that are making peoples lives hell. No one wants banks, No one wants controlling goverments and this could just be the first step in a new direction. A better one imho. And even if bitcoin is stopped somehow, the idea is out and people know its possible. They can see it working now.
Its truely time for change and lets remove these ‘powers that be’ because i for one am sick of the phatt ClownS!
Also, the dark side of bit copin with silk road (and the other million sites that the news doesnt seem want to pick up on, silk road is haveing it full flack, IS A SOCIAL ISSUE, not a CRIMINAL ISSUE. Drugs are not criminal, they are social. FACT. Everyone needs a vise or whatever. Drinking is drugs, caffine is drugs, Hell, id put any herbal; remidy ion me over the pharmacutical industry in a flash. BNut thats just me. Im not wrong, and im not right either. This is the problem. Getting people to understand, EVERYONES DIFFERENT!!!!
Pingback: Shutting Down Bitcoin – Taking Down The Bitcoin Network | NERDr.com | Treasure Hunting And Metal Detecting
Even if someone does manage to compromise an open source project as you describe (which I consider quite unlikely), this will hardly be the death of bitcoin.
You can’t “deep packet inspect” tor traffic to find bitcoin transactions. It’s encrypted data. noob!
laundering bitcoins is easy and will get easier.
The biggest threat to bitcoin is a better cryptocurrency.
I don’t think you quit understand the nature or purpose of backdooring software, so i’ll leave that one out.
You can deep packet Bitcoin traffic, since it has a destination. That’s why you follow the trail.
Your last two points I agree with. True and partially true. The believe the gates have been opened.
* Bitcoin Trail
You can’t identify recipients or their wallet by looking at the transaction stream. You can determine the receiving key, but there is no need for Deep Packet Inspection (DPI), you can just look at the block chain. The way bitcoin works is that every transaction is broadcast to every node, just because a machine received a packet, doesn’t mean that they were the recipient of the bitcoins and, everyone, including the intended recipient will rebroadcast the transaction. DPI will tell you nothing about the intended recipient. If you had DPI at the ISP of the sender you could determine the IP of the sender because there would be an outgoing transaction without a corresponding incoming transaction, however, you wouldn’t know if they were sending the coins to someone else or to another key in their own wallet. so it doesn’t do you much good.
with the backdoor thing, i can definitely see that being a potential threat, but no more than say, using your credit card online.
say you compile your own software with a backdoor. get it to rank #1 on google for a few key search terms to do with bitcoin. people download it thinking it’s the legitimate software, but of course it takes your bitcoins and gives them to someone else.
that’s not a weakness with bitcoin though, that’s a user education weakness, and that user could have just as easily downloaded a keylogging trojan horse and had all his credit card details stolen.
if you wanted to use that to collapse the bitcoin currency, the backdoor would have to be so prevalent that even experienced users couldn’t feel safe using the bitcoin software. i’m not sure how feasible that is, but it seems unlikely.
So…like a backdoor in the official Bitcoin software? Which is exactly what I was getting at in the article. Be careful who you trust.
What is “nefarious” about freedom?
Pingback: Bitcoin Exchange Scam – Bitcoins Are Worthless | NERDr.com
While a trail is possible, this ignores the fact that Bitcoin is able to generate new sending and receiving addresses on demand, and that it’s recommended practice for every transaction.
Still need to exchange to real money eventually, and that’s when we’ll get you.
Nerdr, you do not seem to value privacy and anonymity of the individual very much.
Everybody should have their right to privacy (on the Internet this often means pseudonymity or even anonymity) — by principle, not because they have something “to hide”.
I can send cash anonymously to everybody I like, and The Man is not allowed to open my mail in order to check.
I can call anybody I want anonymously, and nobody is required to know why and when I did it.
I can go to a store and buy anything I want with cash, and nobody is required to know about that transaction.
I could go on, but this is the kind of privacy and anonymity we take for granted in our daily, AFK lives, and taking it away from people would cause major outrage.
While, on the Internet, if you want to have a similar kind of privacy, you are branded as an outlaw. Even by people like yourself, who I honestly think should know better.
If the privacy that comes with BitCoin and similar systems is used for “nefarious” purposes, that’s because of the perpetrator, and not the technology. I still want my right to trade anonymously on the Internet. I don’t care if there are people who do that to escape the law.
Also, as somebody else above remarked: it must be allowed to defy unjust laws. Like for example laws that allow The Man to eavesdrop on all my Internet communications. And I defy them by using anonymization technology, or maybe software like BitCoin.
Why do you want to trade anonymously?
Let me suggest a reason. Maybe you have something to hide? Maybe it is not legal or maybe it IS legal, but considered “bad” by the society you live in… Either way, you seek privacy to evade (for legal, or non legal reasons) those who wish to stop you, and that is why people seek anonymity within a society. If you go to the store to buy a coke, you can pay cash or credit card. No one will stop you either way and no one cares how you pay. Now, why would you prefer cash in this scenario? I guess you would have no preference buying a coke. Cash provides no additional value here.
Now let’s take a second scenario, you are buying a certain type of magazine you do not want your neighbours to know you buy. In this case, you would prefer cash, because the anonymity of cash provides additional value, making it the preferred method.
That is what I mean. Yes, we all like privacy, it is nice to know we have it should the need arise for us to take certain actions, we like to remain in as advantageous position as possible. However, for those who fight for anonymity fiercely, there is usually a nefarious reason. They have most to lose from it being taken away. Now that means they have most to gain from seeking anonymity. That is the criminals and those whose legal acts are frowned upon by society.
They are attracted to Bitcoin because Bitcoins provides them the avenue to gain a significant advantage over those who wish to stop them. The majority of citizens.
If you are a legal, law abiding citizen, who does no acts unsupported by the society you live in, you will not seek Bitcoin.
If you are legal but take part in acts frowned upon by society, then consider joining a new society. You may seek Bitcoin.
If you are conducting non-legal acts, then it is the right of the citizens of the society you are part of to find you and prevent your actions. You will seek Bitcoin.
Let’s assume there is an organization who takes significant risks in order to uncover criminal, corrupt behavior in the banking sector.
Let’s assume this organization requires funds in the form of donations. It then goes on to use these funds to expose the banks.
Then banks don’t like this, and they shut off the funding of the organization by freezing their accounts, banning the use of their payment systems, which they have complete control over, to fund the organization. This is in order to avoid exposure of their criminal acts.
Let’s give the organization uncovering the fraudulent acts a name: let’s call it “WikiLeaks”.
Wouldn’t it be nice if this organization now had a new way to fund its operations, for example and anonymous, decentralized currency?
Wouldn’t it be nice if civil rights activists in a country like China could fund themselves in a similar manner?
I absolutely do not deny that there are countless opportunities for criminals to use an anonymous payment system to their advantage. They will do it. It’s the obligation of law enforcement to go after them — but it’s not our moral obligation to give up our rights in order to make it easier for law enforcement to go after criminals. Some people think that, but I’m not one of them.
As part of a society, should the criminal element within yours expand it WILL affect you. It will affect your livelihood, your family and your property. Do not be so quick to wash your hands of its actions Sigi, as one day it may be your turn.
The use case for Bitcoins is primarily (almost exclusively) criminal, once the greed element is removed (which I would say, having read the Bitcoin forums, currently dominates). Bitcoins use for funding of human and civil rights and similar movements will be almost negligable in comparison should Bitcoins intended popularity be attained. In addition, these organizations have alternative means of aquiring funds.
I will add here, should you send Bitcoins to Wikileaks, how then do you expect them to exchange back to usable funds? oh that’s right, they’d need a bank account.
May I remind you that there are quite a few countries where cash is the normal payment method for next to everything? (This includes Germany and Austria, as far as I know.)
A lot of people don’t even have a credit card over here. If you don’t have one, you’ll mostly have a single online payment option: Paypal. But Paypal is a trouble maker, you don’t want to use Paypal unless you really have to.
Bitcoin would be a really nice alternative here… Thus, people seek Bitcoin.
Regarding Paypal. They are problematic because dealing with transactions is problematic. At least with Paypal there is the option to arrange a refund should a product not arrive or similar troubles occur. Does such a facility exist with Bitcoin? Of course not. Bitcoin relies entirely upon trust between those completing the transaction. And that is Bitcoins inherent weakness. How can you trust someone you don’t know? Well, for now all Bitcoin users assume they can trust other users until proven otherwise.
I suggest this “trust first, ask questions later” methodology will not last long as a status quo.
You’re making less sense with every post. I’m completely unsure by now, if you’re just trolling, or misinformed.
If somebody wants additional security (“refunds”), they have to go through an escrow service (and they exist for BitCoin, too). You can even remain (fairly) anonymous that way.
If you treat BitCoin like cash, skipping the middle-man, you gain independence but lose some security (people can “walk off” with your money without giving you wares — not different with cash if you send money up-front by mail, for example).
All cash transactions require trust between the involved parties. How is that “an inherent weakness of BitCoin”?
Regarding the morals involved: BitCoin will be useful for moral and immoral people alike. No new forms of crime will emerge due to BitCoin. Money laundering already exists, truck trafficking already exists, corruption and bribery already exist. Those things might become a tad more convenient for the tech savvy criminal, but that’s about it.
Welcome to the world of the Internets (a.k.a. Information Age), when suddenly technologies emerge that wipe out industries because the “user” can do things unthinkable 20 years ago (cf. file sharing and anonymous cash transactions). A lot more is going to happen, like it or not.
It is an inherent weakness because you are trusting an anonymous identity. If I send money to Paypal in exchange for goods and they fail to arrive, I have a chance to open a dispute. If it’s any similar service, I have the opportunity to have a (somewhat poorly managed, sure) trusted third party look at the deal and refund if required. No such functionality exists with Bitcoin right now. And should it exist, it destroys the very notion of an Anonymous currency.
Cash is used in face-to-face transactions. If I pay you “cash in your hand” and you don’t give me the TV I paid for, you then stand to lose much more than that. With Bitcoin, there is no action I can take, other than of course, the token complaining on the Bitcoin forum that another scammer has appeared and why did I fall for their scam.
Saying you can “treat Bitcoins like cash” is nice, but in reality we don’t use cash for online sales and that is what Bitcoin was created for. Online, primarily between networks across borders. For person-to-person deals, we would, of course, just use cash.
Crime – Bitcoin is a critical crime enabler. It is a game changer, yes, giving criminals a new method of avoiding detection. They can still be caught, in fact their trust in Bitcoin, irrespective of the flaws mentioned, is what will lead to many being brought to justice for their crimes. However, understand that the creation of Bitcoin will have far reaching consequences as far as law enforcement and your freedom online is concerned.
I believe the creation of Bitcoin provides a justifiable reason to begin “locking down” the internet, as we are seeing today. Many of your elected leaders feel the same. A position, as someone with significant interest in technology, I would have never seen myself supporting just a few short years ago.
I think the turst issue can be removed using routine escrow mechanism, but here too you need a third party to moderate the exchange. For instance, if A wants to buy from B using bitcoins, you go through another bitcoin wallet. A puts his coins in escrow agents wallet, wallet notifiies B, B sends good. When A receives good, escrow agent releases funds to B.
But, this gets rid of the whole point of bitcoin, to eliminate a trusted third party. Behind the veil of the internet, when you aren’t dealing face to face, you have to have a trusted third party.
True. A possible solution would be “ratings” style system, which can of course be gamed and fake accounts created to prop them up, as we see on Ebay and forums. The current system of assigning trust to Bitcoin Exchange owners, and Bitcoin services in general, is wide open to being gamed. Combine this with Bitcoin owners and users who (through greed) “want to believe” and you have a situation waiting to go bad.
I think it was a month or so ago when one of the Bitcoin forum users, who had become trusted to product Bitcoin Wallet software by the forum users, had in fact decided to steal Bitcoin wallet keys. He was outed and attempted an apology. I didn’t stick around long enough to see how it turned out, but no doubt he cleaned his cookies and created a new account and all was well again.
A public facing, real-world third party with a real-world reputation at stake would work. Maybe the Bitcoin software creator or technical founder (Satoshi Nakamoto) himself could run such an operation.
I am currently reading the source code cover to cover – and I am impressed. Most of it is rock-solid programming. Excellent work, given the young age of the program.
Pingback: Bitcoinの最人気の交換所Mt. Goxが盗まれたアカウントにより崩壊
Pingback: Bitcoin Laws Imminent – Bit Coin Soon to be illegal in US? | NERDr.com
Thanks a ton for spending some time to line all of this out for all of us. This kind of post was in fact extremely useful in my opinion.