Bitcoin exists in the credits assigned to random strings of letters and numbers, known as addresses, that are publicly available. To spend these credits, a user must have the corresponding private key – or slightly longer random string of letters and numbers – and apply a digital signature that allows the balance or part of the balance to be transferred to another address. The very nature of a “virtual currency” is of course going to be attractive to cyber criminals who see it as an easy target; after all, they only have to steal digital information from a computer.
If you’ve taken the time to read the various news articles over the last few months, you’ll quickly realise that the relatively nascent Bitcoin is well acquainted with DDoS. Already the major exchanges, such as the former Mt. Gox, Bitstamp, BTC China, etc. have seen a wide array of DDoS tactics used on them. Initially, this was to undermine and influence Bitcoin currency, but now it is actually being used to steal Bitcoin funds in the millions of dollars.
The targets are diverse and the blame is shifting as to who is the weakest link, but at the end of the day, the attackers are winning with what is all too often considered a crude tool. It begs the question: Is DDoS still to be considered a blunt instrument? From what I have seen here and analyzing attacks in other sectors, the answer is a resounding no. And here’s why:
DDoS is getting more sophisticated – DDoS in its simplest form attempts to bombard a server with so many requests that it can’t handle the volume and therefore just shuts down, making a website inaccessible. The conventional understanding of DDoS is that it is typically massive in terms of bandwidth, packets per second and connection, and the latest attacks on BitStamp suggest there was indeed a high volume aspect to the attack.
It’s unclear as to what that volume was; however, the more important aspect to this attack was how the attackers were able to masquerade the hash of a user transaction and essentially bombard the exchanges with it- in the hopes it would be processed before the actual legitimate sessions. To have carried this tactic out successfully, it required the attackers to have in-depth knowledge of the transaction protocols. This means that they conducted a fair amount of reconnaissance in advance, and have access to relatively small amount of computing resources.
In effect, this was not your typical ‘clog the pipe’ DDoS strategy, which is usually touted in articles detailing a huge DDoS attack. The attackers had quite specific knowledge and did their homework when it came to how best to take advantage of DDoS tools and bring down the exchange.
Blurring the lines between DDoS and Hacking – DDoS and hacking have traditionally been seen as two mutually exclusive security initiatives, each requiring its own set of mitigating strategies. While we have seen the two used in tandem – where the DDoS is the ‘feint’ used to cover backend attempts for data theft – the Bitstamp situation stands apart from these experiences in that the DDoS was the actual tool used to carry out the theft. The spoofing of a digital signature/hash to modify the blockchain record was within the payload of the actual DDoS attack. It’s an alarming development considering that more and more ‘conventional’ companies are implementing public facing tools to carry out transactions, which could be hijacked in a similar manner as seen here.
What you can do to protect yourself:
If you accept Bitcoin, or are considering accepting Bitcoin, think seriously about the fact that it is a platform whose incredibly sophisticated cryptographic methodologies for exchanging funds can be by undermined and breached by a DDoS attack. These attacks have a significant effect on the value of Bitcoin, and it looks as though the bubble might burst- investors are pulling out and the value has dropped. The nature of the bitcoin system is completely unregulated and unmonitored by any third party. Any amount of money can be transferred between any parties, over any number of transactions, and it’s incredibly difficult to track them.
When it comes to protecting yourself, realise that by accepting virtual currency, you also become a target for Bitcoin miners and make sure you have appropriate technology in place to protect yourself from DDoS attacks – whether it is a hardware solution that takes days to install and requires a higher up-front cost; or a provider who offers DDoS protection services that can be up and running in as little as a few hours for a monthly cost.
There’s no doubt that the stakes are high when it comes to Bitcoin- on the one hand, there could be a lot to gain as adoption and popularity rises; and on the other, there is the regulatory uncertainty and likely insurance issues to consider. The best advice is to review the options and decide if the benefits outweigh the potential risks
Jag Bains, CTO of DOSarrest Internet Security
About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialise in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service has been leading edge for over 6 years now.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.