Cryptocurrency fans should be nervous - did I ever mention that cash is king
The NSA Worked to “Track Down” Bitcoin Users
Classified documents provided by whistleblower Edward Snowden show that the National Security Agency indeed worked urgently to target bitcoin users around the world and wielded at least one mysterious source of information to “help track down senders and receivers of Bitcoins,” according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.
[…]
The NSA collected some bitcoin users’ password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users’ internet addresses, network ports, and timestamps to identify “BITCOIN Targets.”
[…]
It also suggested powerful search capabilities against bitcoin targets, hinting that the NSA may have been using its XKeyScore searching system, where the bitcoin information and wide range of other NSA data was cataloged, to enhance its information on bitcoin users. An NSA reference document indicated that the data source provided “user data such as billing information and Internet Protocol addresses.”
[…]
Green, who co-founded and currently advises a privacy-focused bitcoin competitor named Zcash, echoed those sentiments, saying that the NSA’s techniques make privacy features in any digital currencies like Ethereum or Ripple “totally worthless” for those targeted.
The NSA’s interest in cryptocurrency is “bad news for privacy, because it means that in addition to the really hard problem of making the actual transactions private … you also have to make sure all the network connections [are secure],” Green added. Green said he is “pretty skeptical” that using Tor, the popular anonymizing browser, could thwart the NSA in the long term. In other words, even if you trust bitcoin’s underlying tech (or that of another coin), you’ll still need to be able to trust your connection to the internet and if you’re being targeted by the NSA, that’s going to be a problem.
Take home messages if you read the whole article:
-
Cryptocurrencies will not survive the gaze of advanced adversaries, as crypto founders like Mr ZCash even admit.
-
Confirmation that adversaries will set up VPN providers or other “privacy-focused” products as honeypots to further their aim.
-
Advanced adversaries regularly use paralell construction to bust balls everywhere.
-
Tapping the internet backbone is par for the course for advanced adversaries.
-
The Intercept/Guardian and others with access to the source docs should have done a Wikileaks and dumped all of this information years ago, so people would be properly informed and potentially protected, instead of drip feeding it at a rate which will take hundreds of years to disclose everything.
-
Snowden should have dumped all these docs with Assange - a major miscalculation on his part.
-
Advanced adversaries consistently target anything that provides a modicum of privacy.
-
The law if not uniformly applied is not a law at all i.e. circumvention of jurisprudence principles. There is a rule for the small people (you) and the behemoths (military-industrial-surveillance complex).
Based on government intent, points of potential failure, and complexity in achieving proper anonymity, cryptocurrencies are a bar too high for anonymous transactions.
If that isn’t discouraging, then how about adding insult to injury – some 15 year old kid just found a stealth backdoor to pwn hardware currency wallets, in this case the Ledger Nano S and Ledger Blue. Yeah it requires physical access, but it puts the “tamper-proof” claims of the designers to the sword.
A “tamper-proof” currency wallet just got backdoored by a 15-year-old | Ars Technica
On Tuesday, a 15-year-old from the UK proved these claims wrong. In a post published to his personal blog, Saleem Rashid demonstrated proof-of-concept code that had allowed him to backdoor the Ledger Nano S, a $100 hardware wallet that company marketers have said has sold by the millions. The stealth backdoor Rashid developed is a minuscule 300-bytes long and causes the device to generate pre-determined wallet addresses and recovery passwords known to the attacker. The attacker could then enter those passwords into a new Ledger hardware wallet to recover the private keys the old backdoored device stores for those addresses.
Using the same approach, attackers could perform a variety of other nefarious actions, including changing wallet destinations and amounts for payments so that, for instance, an intended $25 payment to an Ars Technica wallet would be changed to a $2,500 payment to a wallet belonging to the backdoor developer. The same undetectable backdoor works on the $200 Ledger Blue, which is billed as a higher-end device. Variations on the exploit might also allow so-called “evil maid attacks,” in which people with brief access to the device could compromise it while they clean a user’s hotel room.
Yeh, I’ll be giving cryptocurrencies a pass I think , but I’m sure this will start InfoWars part II. Flame on!