ISPs Could Take Down Large Parts of Bitcoin Ecosystem If They Wanted To (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

ISPs Could Take Down Large Parts of Bitcoin Ecosystem If They Wanted To (bleepingcomputer.com)

Posted by BeauHD on Monday May 8, 2017 @07:00PM from the say-the-magic-word dept.

An anonymous reader writes: A rogue ISP could take down large parts of the Bitcoin ecosystem, according to new research that will be presented in two weeks at the 38th IEEE Symposium on Security and Privacy in San Jose, USA. According to the researchers, there are two types of attack scenarios that could be leveraged via BGP hijacks to cripple the Bitcoin ecosystem: hijacking mining proceeds, causing double-spending errors, and delaying transactions. These two (partition and delay) attacks are possible because most of the entire Bitcoin ecosystem isn't as decentralized as most people think, and it still runs on a small number of ISPs. For example, 13 ISPs host 30% of the entire Bitcoin network, 39 ISPs host 50% of the whole Bitcoin mining power, and 3 ISPs handle 60% of all Bitcoin traffic. Currently, researchers found that around 100 Bitcoin nodes are the victims of BGP hijacks each month.

46 of 72 comments (clear)

Min score:

Reason:

Sort:

Detection by geekymachoman · 2017-05-08 19:13 · Score: 1

Isn't the point of (successful) attack/hijacking, whatever, NOT to be detected and identified ?
Just the other day, some Russian ISP routed what, most of Visa & Mastercard traffic through their servers or something... happens often.. sometimes mistake, sometimes maybe not, but still they cannot keep doing it indefinitely.
Yeah ?
1. Re:Detection by PolygamousRanchKid+ · 2017-05-08 20:57 · Score: 1
  
  Isn't the point of (successful) attack/hijacking, whatever, NOT to be detected and identified ?
  Einstein stated: “I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”
  Knocking out an enemy's ability to wage war by any means has always been part of the show. Poison their wells, print up tons of counterfeit currency to wreck their economy, catapult dead bubonic plague corpses over their walls, destabilize their government by exposing their leaders getting blow jobs in their offices or throwing "Golden Shower" parties in fancy foreign hotels, frame up their spies with bogus rape charges, etc., etc.
  Anything on the Internet will be fair game when things get a wee bit belligerent. Instead of tossing a black bowling ball looking bomb into a bank building . . . shove a weed up Bitcoin's hairy ass.
  So what we'll have here, is a war fought with bits and bytes, instead of sticks and stones.
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
2. Re:Detection by Anonymous Coward · 2017-05-08 21:28 · Score: 4, Insightful
  
  I don't think that was Einsteins point.
Re:Absolutely please do this! by RotateLeftByte · 2017-05-08 19:45 · Score: 4, Funny

hide everything?
Oh you mean using steganography in Cat Videos?

--
I'd rather be riding my '63 Triumph T120.
This article is mostly garbage. by Anonymous Coward · 2017-05-08 19:51 · Score: 3, Insightful

Bitcoin has plenty of problems that need, but these issues aren't them.
This article describes fairly generic things and jumps to insane conclusions, eg:
"These attacks can be used to sneakily siphon off some of the mining proceeds into an attacker’s account."
This sort of statement is totally wrong and not backed up by how that can work (It can't)
ISPs can hinder anything. by aglider · 2017-05-08 19:51 · Score: 5, Insightful

ISPs Could Take Down Large Parts of ANY Ecosystem If They Wanted To.
They can divert or block any traffic it's flowing through.
And there's little the users can do against it.
So that article isn't bringing anything new!

--
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
1. Re:ISPs can hinder anything. by PingPongBoy · 2017-05-08 21:52 · Score: 1
  
  What's new is how anyone can bring themselves to hurt bitcoin. Ok, so maybe that isn't so out of this world.
  Why would anyone hate bitcoin?
  Without bitcoin there wouldn't be so much need for electricity power generation. And your power bill goes up and your bandwidth goes down because bitcoin is an artificial consumer of resources. The consumption is artificial because much of the effect of the consumption is pure garbage. Mining bitcoins is basically acquiring bitcoins by lottery. bitcoin is a casino. What do people do with their losing lottery tickets in real life? They throw them away. In the bitcoin lottery, the loser's calculation is electricity down the toilet.
  So if people are to LOVE bitcoin, let's have the proof of work be updated to be a proof of real work, work that does not become so much lost energy. The mining computation should be changed to calculate for folding@home. Then the results could be put into a queue. This queue can be distributed so that it is agreed upon by the entire bitcoin network. With first in first out fairness, miners can be rewarded with bitcoins based on how much computational effort they put in. Also, there are no losers if every miner calculates independent parts of the problem. No losers, all winners.
  The upshot is if people love bitcoin, they would get behind hardening the infrastructure to protect against hackers. So, bitcoin miners, take heed, if you want all your expenditure in electricity bills to not be all for nothing one day, make yourself heard asking for the mining calculation to updated to do something useful.
  Let's face it, the cost of a bitcoin is supposed to go up up up. If this holds true, who would ever want to spend bitcoin for anything? It would be like those Microsoft people who sold their stock early and bought toys. A few years later they realized that if they kept their stock they would be zillionaires. So bitcoin mining would be pointless if there will be fewer and fewer transactions. People just want to buy and hold. Unless what they buy will not appreciate. Then they dump and run. That makes bitcoin mining pointless because bitcoins wouldn't be worth anything.
  All this fear could dissipate if bitcoin mining were to calculate useful results. People would be encouraged to use bitcoin in their lives because the mining actually benefits everyone.
  
  --
  Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
2. Re:ISPs can hinder anything. by codebonobo · 2017-05-08 22:37 · Score: 5, Insightful
  
  The mining computation should be changed to calculate for folding@home.
  
  Bitcoins security model is dependent upon a PoW which must have a very granular difficulty adjustment where blocks are discovered on a Poisson Distribution curve. Searching for primes or folding@home would not fulfill this requirement. Additionally, It is necessarily wasteful as part of bitcoins security model due to the fact that real costs must be sunk into attacking the currency instead of simply bootstrapping it to some other task you would be doing anyways for no added cost.
  The great news is that most mining these days is using unused excess hydroelectric from Chinese dams and the heat can be recycled. Additionally, the "wasted" energy need not scale with the price of bitcoin as originally expected due to the fact that payment channels can heavily subsidize block reward with tx fees and the security of the network will depend both upon decentralized LN nodes being subsidized(which use practically no electricity) by sharing tx fees with miners
  
  If this holds true, who would ever want to spend bitcoin for anything?So bitcoin mining would be pointless if there will be fewer and fewer transactions. People just want to buy and hold. Unless what they buy will not appreciate. Then they dump and run. That makes bitcoin mining pointless because bitcoins wouldn't be worth anything.
  All this fear could dissipate if bitcoin mining were to calculate useful results. People would be encouraged to use bitcoin in their lives because the mining actually benefits everyone.
  This is an often repeated fear from Keynesian economists that high deflation will cause hoarding and a "deflationary death spiral in bitcoin" , The data shows the opposite, during periods of high appreciation(deflationary adoption bubbles) bitcoin users give more to charity and spend more on goods and services. This is thought to be because of the wealth effect , where users feel more comfortable spending because they feel more wealthy due to them being wealthier in reality. This is also similar to purchasing a laptop that will become obsolete in 6months to 1 year, one always knows the next model will be released in the future but realizes they still need a laptop now and will spend the money regardless.
  
  That makes bitcoin mining pointless because bitcoins wouldn't be worth anything.
  Have you seen the price lately? Please check the 8 year returns , 1 year returns , and 1 week returns. Bitcoin stopped being simply used for speculation a very long time ago and now is has a circular economy of users who have an inelastic demand that need bitcoin to survive. Yes, plenty of speculating (when did saving money become such a naughty word?) , but the real life utility is undeniable as well for whitemarket or blackmarket use cases.
3. Re:ISPs can hinder anything. by aglider · 2017-05-08 22:54 · Score: 2
  
  Why would anyone hate bitcoin?
  Maybe because it's not bank-controlled?
  Maybe because it's not government-controlled?
  Maybe because of both?
  
  --
  Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
4. Re:ISPs can hinder anything. by ThirdPrize · 2017-05-08 23:37 · Score: 1, Insightful
  
  People hoard BC because you can't really do anything else with it. Most shops and sites dont accept it. You can gamble but then its the casino hoarding rather than you. ;) BC is an elegant solution in search of a problem.
  
  --
  I have excellent Karma and I am not afraid to Troll it.
5. Re:ISPs can hinder anything. by tommeke100 · 2017-05-09 00:19 · Score: 2
  
  Bitcoin is already sort of a Gold Standard. Because the release of new bitcoins that can algorithmically be mined is limited and the current valuation and pervasiveness of bitcoins in general, it's a better standard than any currency, where they could just manipulate the course by printing more money or buying more gold.
6. Re:ISPs can hinder anything. by Anonymous Coward · 2017-05-09 01:41 · Score: 1
  
  Have you seen the price lately? Please check the 8 year returns , 1 year returns , and 1 week returns.
  But what good are returns if you never actually get anything from Mining.
  I've left Bitcoin installs running for weeks and never gotten a single Satoshi. No way it's paying for the electricity bill.
  So why do _I_ join up and give my support to the blockchain network? So far the only explanation that I see is "it's cool" or "it might be useful later". This is the fundamental design flaw with the Bitcoin network and we are seeing the endgame of this design flaw as the Network becomes more and more consolidated into a small number of super-mining blocks.
  I have no idea how to solve the problem, but I have no incentive to mine or use bitcoins either, so I really don't care.
7. Re:ISPs can hinder anything. by codebonobo · 2017-05-09 02:03 · Score: 2
  
  This may have been true in 2010 but much has changed since than. An inelastic demand indicates a client base who depends upon bitcoin regardless of price, premium over spot, or tx fees. This is principally driven by darknet markets of drugs, prostitution, online gambling, capital flight, and ransomeware. There are also whitemarket use cases like saving 18% off everything on amazon (not including the savings I make from appreciation) but it is the blackmarket that gives bitcoin its true utility. Sometimes this form of regulatory arbitrage is used for ethical blackmarket cases like donations to wikileaks or Venezuelans buying food, but the end result is the same, utility and demand for bitcoin.
8. Re:ISPs can hinder anything. by codebonobo · 2017-05-09 02:07 · Score: 2
  
  But what good are returns if you never actually get anything from Mining. I've left Bitcoin installs running for weeks and never gotten a single Satoshi. No way it's paying for the electricity bill.
  So why do _I_ join up and give my support to the blockchain network?.
  Bitcoin mining is very professional and competitive. You need to mine in a pool (I suggest p2pool), use a modern ASIC, and have access to very cheap electricity to be profitable. There are many other ways to support bitcoin besides mining like running a full node, buying bitcoins, contributing code, writing manuals , peer review, education, ect...
9. Re:ISPs can hinder anything. by codebonobo · 2017-05-09 03:52 · Score: 1
  
  I suggest you stay away and don't buy any bitcoin for a few years and than check back when you are ready to re-evaluate.
10. Re: ISPs can hinder anything. by Ken_g6 · 2017-05-09 06:41 · Score: 1
  
  You should look into something called GridCoin, which is based on BOINC work.
  
  --
  (T>t && O(n)--) == sqrt(666)
11. Re:ISPs can hinder anything. by mysidia · 2017-05-09 07:59 · Score: 1
  
  The great news is that most mining these days is using unused excess hydroelectric from Chinese dams and the heat can be recycled.
  Great, so Bitcoin is another subsidy for electricity producers, and a way to convert excess energy into cash. Since miners need the cheapest electricity possible for this conversion to be profitable, they're bound to place their operation wherever there is a supply glut and weak demand.
12. Re:ISPs can hinder anything. by mysidia · 2017-05-09 08:02 · Score: 1
  
  No way it's paying for the electricity bill.
  If you CPU mine outside a pool; It's still cheaper than a lottery ticket, and your chances of winning are similar.
13. Re:ISPs can hinder anything. by mysidia · 2017-05-09 08:03 · Score: 1
  
  How much of a reward or TX fee do you get for running a full public node, compared to mining?
14. Re:ISPs can hinder anything. by codebonobo · 2017-05-09 08:39 · Score: 1
  
  Full nodes currently are not subsidized, but there is a new development which is almost ready called Lightning network which will allow full nodes to be both subsidized and tx capacity to dramatically increase. Segwit upgrade will increase the network capacity from ~7 Transactions per second to ~14 TPS and thereafter LN payment channels will both subsidize LN full nodes and but increase the network transaction throughput to millions of transactions per second.
15. Re:ISPs can hinder anything. by codebonobo · 2017-05-09 08:42 · Score: 1
  
  Yes, and because China has overbuilt infrastructure at the moment they have an excess of unused Hydro that they can use to mine so the ASIC farms are built right next to the hydro companies and Bitcoin essentially becomes a more efficient battery for them by converting energy into fungible value.
16. Re:ISPs can hinder anything. by Khyber · 2017-05-09 09:40 · Score: 1
  
  Come back to me when you've got bitcoins worth 9 million USD
  I guarantee you'll never hit that.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
17. Re:ISPs can hinder anything. by Khyber · 2017-05-09 09:43 · Score: 1
  
  Yea, your shitcoin isn't even close to being worth anything.
  And I have a few pounds of this grade of jade. The value is just going to increase as it becomes much harder to find. That jade bangle only weighs a few ounces, it's about the size of a cock ring. NINE MILLION USD.
  Yea, you come back when a single bitcoin is worth that much. You won't. You'll be dead long before it ever hits that price.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
18. Re:ISPs can hinder anything. by codebonobo · 2017-05-09 11:34 · Score: 1
  
  Where can I purchase a bunch of these bracelets so I can use them on the darknet markets or do I need to still meet the dealer in a dangerous back alley with one of these bracelets? What should I call them; Bracelet coins? How divisible are they? Is each bracelet easily checked for legitimacy to avoid counterfeits? Are they all fungible with one another? Is their a liquid exchange where I can exchange these bracelets easily? Thanks in advance for the info on introducing me to your new currency!
19. Re:ISPs can hinder anything. by Khyber · 2017-05-09 12:53 · Score: 1
  
  >Where can I purchase a bunch of these bracelets so I can use them on the darknet markets
  Same place all the Bitscam is: China.
  Darknet markets? Son, real people use live black markets. Much harder to trace.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
20. Re:ISPs can hinder anything. by PingPongBoy · 2017-05-09 21:41 · Score: 1
  
  The mining computation should be changed to calculate for folding@home.
  Bitcoins security model is dependent upon a PoW which must have a very granular difficulty adjustment where blocks are discovered on a Poisson Distribution curve. Searching for primes or folding@home would not fulfill this requirement. Additionally, It is necessarily wasteful as part of bitcoins security model due to the fact that real costs must be sunk into attacking the currency instead of simply bootstrapping it to some other task you would be doing anyways for no added cost.
  Something that might work is to put the folding@home finished results into a distributed queue. All results will be accepted and the queue is distributed to ensure that no one can sneak to the front of the line. In short, the difficulty idea ought to be dismissed.
  For one thing, bitcoin miners ought to be assigned difficult tasks, because they will be rewarded for their efforts. Anyone can do folding@home even for no reward so in essence, bitcoin mining is paid work. Indeed, any bitcoin miner can do some chest thumping right now by also computing folding@home and only submit their bitcoin calculations after their folding@home calculations have completed. Extrapolation - if folding@home was compulsory for every miner that would level the playing field, but if it was compulsory, all the terahash calculations can be dispensed with. Let the folding@home calculations stand for the mining result.
  
  Have you seen the price lately? Please check the 8 year returns , 1 year returns , and 1 week returns
  I don't want to look. I don't think I can understand what it implies. If I'm supposed to get a fat juicy return, then why would I spend bitcoin? That would be like volunteering to pay extra taxes. If I don't get a fat juicy return why would I bother dealing with bitcoin unless there was no other painless currency? I can understand that there will be fair number of people who want to hold as many bitcoins as possible because there is a chance that they will be worth something. It's like some people buying tons of houses, even though you can only live in one. Surely the world will become overpopulated and then profeeeet. Nothing wrong with taking a chance. The casino of bitcoin is as good as any other.
  I'll believe in the wonders of the bitcoin economy when I see advertisers touting televisions, cars, burgers for bitcoin. Then it'll come down to earth, and start making some sense.
  
  --
  Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
Just Bitcoin? by Anonymous Coward · 2017-05-08 20:05 · Score: 1

Title could easily have been "ISPs Could Take Down Large Parts of Online Banking Ecosystem If They Wanted To".
Ideas for non-net-neutrality.... by Anonymous Coward · 2017-05-08 20:11 · Score: 1

Oh it's going to be so much fun once net neutrality is gone, isn it?
1. Re:Ideas for non-net-neutrality.... by Neuronwelder · 2017-05-09 02:22 · Score: 1
  
  No. No it isn't going to be fun .. Can't they just for once, think of something nice to do for their Internet users?? All I hear is bad news regarding technology. Tell me, is it more profitable to be evil??
2. Re:Ideas for non-net-neutrality.... by nitehawk214 · 2017-05-09 02:46 · Score: 1
  
  This is Verizon and Comcast we are talking about here. I think you know the answer to your question.
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
Re:BGP not fixed? by Chrisq · 2017-05-08 21:15 · Score: 2

For crying out loud. They still haven't fixed BGP? I remember reading about stuff like this in the 90s.
If the Wiki article is anything to go by this is through complacency.:

Although security extensions are available for BGP, and third-party route DB resources exist for validating routes, by default the BGP protocol is designed to trust all route announcements sent by peers, and few ISPs rigorously enforce checks on BGP sessions.

This sort of thing is really frustrating, a fix available but nobody bothers!
Re:BGP not fixed? by Opportunist · 2017-05-08 22:11 · Score: 2

So is a fix for other horribly insecure critical internet infrastructure like DNS and DHCP. But using them costs money. And in this particular case of BGP, the ones that could secure it even have a good reason to leave it insecure.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:BGP not fixed? by GESUS · 2017-05-08 23:21 · Score: 1

It is fixed in practice, but BGP being an open standard does not demand this in it self. Most (all?) major ISP use filters to make this impossible. And even if an attack is successful they would be going through the complete transit traffic of that ISP in realtime. So, that is not something a desktop PC can do.
You need a working transit network that is connected to ISPs that do not filter with whom you have active BGP sessions. Not just a PC on the internet. Then you need the equipment to filter this information to scam people in realtime. This assumes the Bitcoin attack is effective with traffic one way as the BGP attack will only affect the traffic going A to B and not B to A.
Basically this is hyperbole.
39 ISP collude to block 50%? Good luck! by JcMorin · 2017-05-09 00:02 · Score: 1

If you need to collude with 39 ISP to block 50% of the traffic, if a SINGLE packet reaches another node it will propagate. This is complete theoretical attack and both not achievable and non-realistic. Even if 90% of the nodes are corrupted, at some point the block will be propagated.
1. Re:39 ISP collude to block 50%? Good luck! by del_diablo · 2017-05-09 03:20 · Score: 1
  
  The problem with this theory, is that you forget that land cables are still bottlenecked by being land cables. Connection across the ocean and between nations is also bottlenecked, where the former is extremely bottlenecked compared to the latter.
  I.E If you block of what is essentially New Yorks sea cables, you add more than 100 ping for anything that would cross the chokepoint for both sides.
2. Re:39 ISP collude to block 50%? Good luck! by Anonymous Coward · 2017-05-09 04:01 · Score: 1
  
  the point is that you need to hijack 39 BGP routes, not collude with 39 ISPs ... and the partition attack stops blocks from propagating.... RTFA
Re:Slashdot ads again by MrKaos · 2017-05-09 00:11 · Score: 1

Well when is it on topic?

--
My ism, it's full of beliefs.
In other news... by Mindragon · 2017-05-09 01:23 · Score: 1

Almost anything could be substituted and it would still work... A rogue BILLIONAIRE could take down large parts of the FIAT ecosystem, according to new research that will be presented in two weeks at the 38th IEEE Symposium on Security and Privacy in San Jose, USA. According to the researchers, there are two types of attack scenarios that could be leveraged via BILLIONAIRE hijacks to cripple the FIAT ecosystem: hijacking earnings, causing double-spending errors, and delaying transactions. These two (partition and delay) attacks are possible because most of the entire FIAT ecosystem isn't as decentralized as most people think, and it still runs on a small number of BILLIONAIRES. For example, 13 BILLIONAIRES host 30% of the entire FIAT network, 39 BILLIONAIRES host 50% of the whole FIAT earning power, and 3 BILLIONAIRES handle 60% of all FIAT traffic. Currently, researchers found that around 100 FIAT nodes are the victims of thefts each month.

--
Just add {In Space!} to anything.
Sure by nospam007 · 2017-05-09 01:23 · Score: 1

They could also disrupt Paypal, Visa and other systems.
That's why we need net neutrality. DO comment to the FCC.
gofccyourself.com
The power to destroy... by h4x0t · 2017-05-09 01:59 · Score: 1

a thing is the absolute control over it.
1. Re:The power to destroy... by nitehawk214 · 2017-05-09 02:42 · Score: 1
  
  - Paul Atreides
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
Wrong by Anonymous Coward · 2017-05-09 02:56 · Score: 2, Informative

These attacks can be used to sneakily siphon off some of the mining proceeds into an attacker’s account.
Wrong. Mining proceeds are protected by a private key. Nothing an ISP can do will reveal that private key, thus they cannot siphon proceeds.
How is this different from before the internet? by 3seas · 2017-05-09 04:17 · Score: 1

Note: The US government took down currency and it caused the great depression.
Re:BGP not fixed? by mysidia · 2017-05-09 07:52 · Score: 1

Most (all?) major ISP use filters to make this impossible.
All major ISPs are believed to use filters, but it still does not make it impossible.
Sometimes someone will always screw up with the filters.
Sometimes (frequently) big enough peers or customers will get exceptions.
Filters don't protect against an intentional actor who manages to compromise a router or manipulate the filters whether through technical measures, deception, or fraud.
Re:BGP not fixed? by GESUS · 2017-05-09 18:45 · Score: 1

True, but that is not what BGP does.
If the routers are hacked, no protocol can protect you.
That would require both routers to be hacked though.
Is it possible to short Bitcoin? by ayesnymous · 2017-05-10 05:54 · Score: 1

Is it possible to short Bitcoin?