Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Bitcoin Seizure

  1. #1
    Senior Member
    Join Date
    Jan 2011
    Posts
    6,711

    Bitcoin Seizure

    I’m reading the feds have tracked down and seized some of the Bitcoin ransom paid by the Colonial Pipeline. I thought one of the touted attractions of Bitcoin was that that sort of thing was supposed to be impossible.

  2. #2
    Senior Member bae's Avatar
    Join Date
    Jan 2011
    Location
    Offshore
    Posts
    9,515
    The weak point of the system is in how you use it.

    There have been several papers presented at the Blackhat Conference for the past few years that go into some detail about how to take advantage of novice extortionists' errors and send actual people with actual lead pipes to their physical location for further "decryption" efforts.

    I'd say more, but... :-)

    Here's a particularly helpful one if you want to get into this business:

    https://elie.net/static/files/tracki...end-to-end.pdf

  3. #3
    Senior Member razz's Avatar
    Join Date
    Dec 2010
    Location
    Ontario, Canada
    Posts
    7,602
    Quote Originally Posted by bae View Post
    The weak point of the system is in how you use it.

    There have been several papers presented at the Blackhat Conference for the past few years that go into some detail about how to take advantage of novice extortionists' errors and send actual people with actual lead pipes to their physical location for further "decryption" efforts.

    I'd say more, but... :-)

    Here's a particularly helpful one if you want to get into this business:

    https://elie.net/static/files/tracki...end-to-end.pdf
    Bae, it may well be a very informative paper but my eyes glazed over so will leave bitcoin to those that know more hoping and praying that there are some who will monitor wisely.
    As Cicero said, “Gratitude is not only the greatest of virtues, but the parent of all the others.”

  4. #4
    Senior Member bae's Avatar
    Join Date
    Jan 2011
    Location
    Offshore
    Posts
    9,515
    Quote Originally Posted by razz View Post
    Bae, it may well be a very informative paper but my eyes glazed over so will leave bitcoin to those that know more hoping and praying that there are some who will monitor wisely.
    The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.

    (Classic example is the secure password scrawled on the Post It note under the keyboard)

  5. #5
    Senior Member iris lilies's Avatar
    Join Date
    Mar 2013
    Location
    Always logged in
    Posts
    19,219
    Quote Originally Posted by bae View Post
    The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.

    (Classic example is the secure password scrawled on the Post It note under the keyboard)
    The podcast Hunting Warhead which was absolutely fascinating to me centered on cyber crime of child porn which also of course encompassed real life abuse of children.


    Law enforcement cyber experts sought out the ringleader. They found the webmaster in this way, despite his many layered levels of security to keep himself unidentified:

    The software used by the child abuse webmaster had a minute and specific bug. When he did X, the software did Y to his website.

    Law-enforcement cyber experts combed online support forums for this software, looking for people who asked for help with this particular bug. That is how they found him! He was using one of his standard email addresses, not a super secret one.

    That collar was so cool.

    And then, after they had him in jail, Law enforcement continued to operwte the website dor a while (an ethical issue for sure) and they had to perpetuate the safety system set up by the webmaster. He had told his subscribers that he would send a message once a month to assure them all he was out of the hands of law-enforcement. So, they had to study his way of digital speaking so that they could send out that monthly message to keep subscribers feeling safe so that they could snatch as many subscribers as they could get their hands on.

    This was a ring of very very bad men. In order to get into the site they had to have produced their own child abuse content.They traded content for entry admission.

  6. #6
    Senior Member jp1's Avatar
    Join Date
    Dec 2010
    Location
    San Francisco
    Posts
    6,920
    Quote Originally Posted by bae View Post
    The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.

    (Classic example is the secure password scrawled on the Post It note under the keyboard)
    And the most common example that results in my employer having to pay claims, people who believe a phishing email is legitimate and click the link and then use their login credentials on a fake website that is actually the criminal's website.

  7. #7
    Senior Member
    Join Date
    Jun 2012
    Posts
    4,075
    Remember Silk Road?

  8. #8
    Senior Member iris lilies's Avatar
    Join Date
    Mar 2013
    Location
    Always logged in
    Posts
    19,219
    Quote Originally Posted by ToomuchStuff View Post
    Remember Silk Road?
    I heard a podcast about the Silk Road guy. He might have been sentenced too harshly,according to this podcast anyway.

  9. #9
    Senior Member Rogar's Avatar
    Join Date
    Jan 2011
    Location
    Colorado
    Posts
    3,710
    I hope this will serve as a deterrent to potential hackers, but I doubt it. One of my concerns is more that someone will shut down a critical supply and then just leave it down without any recourse for payment or some other motive besides money. I've read that hack programs are being sold by hackers and are readily available on the web.

  10. #10
    Senior Member jp1's Avatar
    Join Date
    Dec 2010
    Location
    San Francisco
    Posts
    6,920
    Businesses should have a backup system in place to be able to restore everything. If they (or more accurately, their insurance company) pays the ransom it means they failed to adequately plan for the possibility of this happening.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •