ISPs Could Take Down Large Parts of Bitcoin Ecosystem If They Wanted To (bleepingcomputer.com) 72
An anonymous reader writes: A rogue ISP could take down large parts of the Bitcoin ecosystem, according to new research that will be presented in two weeks at the 38th IEEE Symposium on Security and Privacy in San Jose, USA. According to the researchers, there are two types of attack scenarios that could be leveraged via BGP hijacks to cripple the Bitcoin ecosystem: hijacking mining proceeds, causing double-spending errors, and delaying transactions. These two (partition and delay) attacks are possible because most of the entire Bitcoin ecosystem isn't as decentralized as most people think, and it still runs on a small number of ISPs. For example, 13 ISPs host 30% of the entire Bitcoin network, 39 ISPs host 50% of the whole Bitcoin mining power, and 3 ISPs handle 60% of all Bitcoin traffic. Currently, researchers found that around 100 Bitcoin nodes are the victims of BGP hijacks each month.
Detection (Score:2)
Isn't the point of (successful) attack/hijacking, whatever, NOT to be detected and identified ?
Just the other day, some Russian ISP routed what, most of Visa & Mastercard traffic through their servers or something... happens often.. sometimes mistake, sometimes maybe not, but still they cannot keep doing it indefinitely.
Yeah ?
Re: (Score:2)
Isn't the point of (successful) attack/hijacking, whatever, NOT to be detected and identified ?
Einstein stated: “I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”
Knocking out an enemy's ability to wage war by any means has always been part of the show. Poison their wells, print up tons of counterfeit currency to wreck their economy, catapult dead bubonic plague corpses over their walls, destabilize their government by exposing their leaders getting blow jobs in their offices or throwing "Golden Shower" parties in fancy fo
Re:Detection (Score:4, Insightful)
I don't think that was Einsteins point.
Re: (Score:3)
For crying out loud. They still haven't fixed BGP? I remember reading about stuff like this in the 90s.
If the Wiki article [wikipedia.org] is anything to go by this is through complacency.:
Although security extensions are available for BGP, and third-party route DB resources exist for validating routes, by default the BGP protocol is designed to trust all route announcements sent by peers, and few ISPs rigorously enforce checks on BGP sessions.
This sort of thing is really frustrating, a fix available but nobody bothers!
Re: (Score:3)
So is a fix for other horribly insecure critical internet infrastructure like DNS and DHCP. But using them costs money. And in this particular case of BGP, the ones that could secure it even have a good reason to leave it insecure.
Re: (Score:1)
It is fixed in practice, but BGP being an open standard does not demand this in it self. Most (all?) major ISP use filters to make this impossible. And even if an attack is successful they would be going through the complete transit traffic of that ISP in realtime. So, that is not something a desktop PC can do.
You need a working transit network that is connected to ISPs that do not filter with whom you have active BGP sessions. Not just a PC on the internet. Then you need the equipment to filter this inform
Re: (Score:2)
Most (all?) major ISP use filters to make this impossible.
All major ISPs are believed to use filters, but it still does not make it impossible.
Sometimes someone will always screw up with the filters.
Sometimes (frequently) big enough peers or customers will get exceptions.
Filters don't protect against an intentional actor who manages to compromise a router or manipulate the filters whether through technical measures, deception, or fraud.
Re: (Score:1)
True, but that is not what BGP does.
If the routers are hacked, no protocol can protect you.
That would require both routers to be hacked though.
Re:Absolutely please do this! (Score:5, Funny)
hide everything?
Oh you mean using steganography in Cat Videos?
This article is mostly garbage. (Score:3, Insightful)
Bitcoin has plenty of problems that need, but these issues aren't them.
This article describes fairly generic things and jumps to insane conclusions, eg:
"These attacks can be used to sneakily siphon off some of the mining proceeds into an attacker’s account."
This sort of statement is totally wrong and not backed up by how that can work (It can't)
ISPs can hinder anything. (Score:5, Insightful)
They can divert or block any traffic it's flowing through.
And there's little the users can do against it.
So that article isn't bringing anything new!
Ideas for non-net-neutrality.... (Score:1)
Oh it's going to be so much fun once net neutrality is gone, isn it?
Re: (Score:1)
Re: (Score:2)
This is Verizon and Comcast we are talking about here. I think you know the answer to your question.
Re: (Score:2)
What's new is how anyone can bring themselves to hurt bitcoin. Ok, so maybe that isn't so out of this world.
Why would anyone hate bitcoin?
Without bitcoin there wouldn't be so much need for electricity power generation. And your power bill goes up and your bandwidth goes down because bitcoin is an artificial consumer of resources. The consumption is artificial because much of the effect of the consumption is pure garbage. Mining bitcoins is basically acquiring bitcoins by lottery. bitcoin is a casino. What d
Re:ISPs can hinder anything. (Score:5, Insightful)
The mining computation should be changed to calculate for folding@home.
Bitcoins security model is dependent upon a PoW which must have a very granular difficulty adjustment where blocks are discovered on a Poisson Distribution curve. Searching for primes or folding@home would not fulfill this requirement. Additionally, It is necessarily wasteful as part of bitcoins security model due to the fact that real costs must be sunk into attacking the currency instead of simply bootstrapping it to some other task you would be doing anyways for no added cost.
The great news is that most mining these days is using unused excess hydroelectric from Chinese dams and the heat can be recycled. Additionally, the "wasted" energy need not scale with the price of bitcoin as originally expected due to the fact that payment channels can heavily subsidize block reward with tx fees and the security of the network will depend both upon decentralized LN nodes being subsidized(which use practically no electricity) by sharing tx fees with miners
If this holds true, who would ever want to spend bitcoin for anything?So bitcoin mining would be pointless if there will be fewer and fewer transactions. People just want to buy and hold. Unless what they buy will not appreciate. Then they dump and run. That makes bitcoin mining pointless because bitcoins wouldn't be worth anything.
All this fear could dissipate if bitcoin mining were to calculate useful results. People would be encouraged to use bitcoin in their lives because the mining actually benefits everyone.
This is an often repeated fear from Keynesian economists that high deflation will cause hoarding and a "deflationary death spiral in bitcoin" , The data shows the opposite, during periods of high appreciation(deflationary adoption bubbles) bitcoin users give more to charity and spend more on goods and services. This is thought to be because of the wealth effect , where users feel more comfortable spending because they feel more wealthy due to them being wealthier in reality. This is also similar to purchasing a laptop that will become obsolete in 6months to 1 year, one always knows the next model will be released in the future but realizes they still need a laptop now and will spend the money regardless.
That makes bitcoin mining pointless because bitcoins wouldn't be worth anything.
Have you seen the price lately? Please check the 8 year returns , 1 year returns , and 1 week returns. Bitcoin stopped being simply used for speculation a very long time ago and now is has a circular economy of users who have an inelastic demand that need bitcoin to survive. Yes, plenty of speculating (when did saving money become such a naughty word?) , but the real life utility is undeniable as well for whitemarket or blackmarket use cases.
Re: (Score:1, Insightful)
People hoard BC because you can't really do anything else with it. Most shops and sites dont accept it. You can gamble but then its the casino hoarding rather than you. ;) BC is an elegant solution in search of a problem.
Re: (Score:3)
Re: (Score:1)
Bitcoin is still garbage. I've got jade worth more than any bitcoin could ever hope to be.
Re: (Score:2)
Re: (Score:2)
Come back to me when you've got bitcoins worth 9 million USD [sothebys.com]
I guarantee you'll never hit that.
Re: (Score:2)
Re: (Score:2)
>Where can I purchase a bunch of these bracelets so I can use them on the darknet markets
Same place all the Bitscam is: China.
Darknet markets? Son, real people use live black markets. Much harder to trace.
Re: (Score:2)
Yea, your shitcoin isn't even close to being worth anything. [sothebys.com]
And I have a few pounds of this grade of jade. The value is just going to increase as it becomes much harder to find. That jade bangle only weighs a few ounces, it's about the size of a cock ring. NINE MILLION USD.
Yea, you come back when a single bitcoin is worth that much. You won't. You'll be dead long before it ever hits that price.
Re: (Score:3)
Re: (Score:1)
But what good are returns if you never actually get anything from Mining.
I've left Bitcoin installs running for weeks and never gotten a single Satoshi. No way it's paying for the electricity bill.
So why do _I_ join up and give my support to the blockchain network? So far the only explanation that I see is "it's cool" or "it might be useful later". This is the fundamental design flaw with the Bitcoin netwo
Re: (Score:3)
But what good are returns if you never actually get anything from Mining. I've left Bitcoin installs running for weeks and never gotten a single Satoshi. No way it's paying for the electricity bill.
So why do _I_ join up and give my support to the blockchain network?.
Bitcoin mining is very professional and competitive. You need to mine in a pool (I suggest p2pool), use a modern ASIC, and have access to very cheap electricity to be profitable. There are many other ways to support bitcoin besides mining like running a full node, buying bitcoins, contributing code, writing manuals , peer review, education, ect...
Re: (Score:2)
How much of a reward or TX fee do you get for running a full public node, compared to mining?
Re: (Score:2)
Re: (Score:2)
No way it's paying for the electricity bill.
If you CPU mine outside a pool; It's still cheaper than a lottery ticket, and your chances of winning are similar.
Re: (Score:2)
The great news is that most mining these days is using unused excess hydroelectric from Chinese dams and the heat can be recycled.
Great, so Bitcoin is another subsidy for electricity producers, and a way to convert excess energy into cash. Since miners need the cheapest electricity possible for this conversion to be profitable, they're bound to place their operation wherever there is a supply glut and weak demand.
Re: (Score:2)
Re: (Score:2)
The mining computation should be changed to calculate for folding@home.
Bitcoins security model is dependent upon a PoW which must have a very granular difficulty adjustment where blocks are discovered on a Poisson Distribution curve. Searching for primes or folding@home would not fulfill this requirement. Additionally, It is necessarily wasteful as part of bitcoins security model due to the fact that real costs must be sunk into attacking the currency instead of simply bootstrapping it to some other task you would be doing anyways for no added cost.
Something that might work is to put the folding@home finished results into a distributed queue. All results will be accepted and the queue is distributed to ensure that no one can sneak to the front of the line. In short, the difficulty idea ought to be dismissed.
For one thing, bitcoin miners ought to be assigned difficult tasks, because they will be rewarded for their efforts. Anyone can do folding@home even for no reward so in essence, bitcoin mining is paid work. Indeed, any bitcoin miner can do some che
Re: (Score:3)
Why would anyone hate bitcoin?
Maybe because it's not bank-controlled?
Maybe because it's not government-controlled?
Maybe because of both?
Re: ISPs can hinder anything. (Score:2)
You should look into something called GridCoin, which is based on BOINC work.
Just Bitcoin? (Score:1)
Title could easily have been "ISPs Could Take Down Large Parts of Online Banking Ecosystem If They Wanted To".
Re: (Score:2)
39 ISP collude to block 50%? Good luck! (Score:2)
Re: (Score:2)
The problem with this theory, is that you forget that land cables are still bottlenecked by being land cables. Connection across the ocean and between nations is also bottlenecked, where the former is extremely bottlenecked compared to the latter.
I.E If you block of what is essentially New Yorks sea cables, you add more than 100 ping for anything that would cross the chokepoint for both sides.
Re: (Score:1)
In other news... (Score:2)
Sure (Score:2)
They could also disrupt Paypal, Visa and other systems.
That's why we need net neutrality. DO comment to the FCC.
gofccyourself.com
The power to destroy... (Score:1)
Re: (Score:2)
- Paul Atreides
Wrong (Score:2, Informative)
These attacks can be used to sneakily siphon off some of the mining proceeds into an attacker’s account.
Wrong. Mining proceeds are protected by a private key. Nothing an ISP can do will reveal that private key, thus they cannot siphon proceeds.
How is this different from before the internet? (Score:2)
Note: The US government took down currency and it caused the great depression.
Is it possible to short Bitcoin? (Score:1)