16 April 2014

The Joy of Fraud Fighting

Uri Rivner - BioCatch

75 | posts 303,515 | views 34 | comments

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  14031 views  |  1

 

OK folks. You’ve all been hearing about Bitcoin. Your neighbors have been hearing about Bitcoin. Your dog walker has been hearing about Bitcoin. Now it’s time to separate the wheat from the chaff… Learn how to become a successful Bitcoin thief, and make lots of money in this exciting new cybercrime frontier!

This practical guide is intended ONLY for Cybercriminals and those readers with a weak moral fiber who seriously consider a change of career, and wish to become successful Internet thieves. If you’re a law-abiding citizen, I urge you not to read this post!

 

Read This First

Most people think of Bitcoin in terms of a crazy digital currency whose dollar value has been soaring in recent months. The only question they have is: should I buy some?

Let me show you a totally different perspective: Bitcoin is a payment scheme in which everyone can send money to everyone else worldwide, in their own currency, with virtually no commission. Say you want to transfer $50 to your pal in Hong Kong. You’ll be able to buy fractions of Bitcoin worth exactly $50, transfer them to your friend, and she’ll be able to change them instantly to her local currency. The whole thing is instant, global, works on every major currency, and the exchange commission is marginal. Once you understand this, you also understand that buying Bitcoin vs. using Bitcoin is like buying Paypal stocks vs. using Paypal. You don’t need to own a single Bitcoin in order to transact in Bitcoin, and the implications of the Bitcoin system on the financial markets far exceeds the media hype around the Bitcoin valuation. Whether a single Bitcoin is worth 1 million dollars or half a cent, it should work exactly the same. I feel this is the first thing one must know.

Now that this is settled, lets see what this multiple-part guide contains. I’m going to explain what Bitcoin is all about, how it’s manufactured (and why you should care), and how it’s owned and traded. I’ll point out what sort of protection Bitcoin owners have (hint: none whatsoever! I see you’re drooling all over the keyboard already!!), and why stealing bitcoin is exactly like robbing a purse full of gold coins. Ready? Lets start!

 

What is Bitcoin?

It’s the first cryptocurrency in existence. Introduced by the mysterious Satoshi Nakamoto in a 2008 whitepaper published on the Cryptography Mailing List, Bitcoin is an open source protocol for creating and exchanging a digital currency that anyone can (theoretically) produce, own and trade. 12 million bitcoins have been produced as of December 2013, out of 21 million possible coins. Satoshi – a single developer? A group of whiz kids? - is estimated to own over 1 million Bitcoins, worth over a billion dollars today. So whoever they are, they’ve been doing pretty well. No one knows for sure who Satoshi Nakamoto is, which adds to the buzz around the crypto coin.

 

The price of Bitcoin

Here’s a common question in the fraud underground: I got hold of a victim’s PC and found a stash of 10 Bitcoins - already worth over 10,000 dollars! I quickly moved them to my anonymous Bitcoin address. Should I sell everything straight away? Or should a wait a bit – the price of Bitcoin is skyrocketing!!

One of the common mistakes some people make about Bitcoin is assume that since the inventory of Bitcoin is limited, the value must go up at all times. Well, the same principal of limited inventory and diminishing returns on mining them applies to many other precious resources like gold and diamonds. Their value is determined by one thing only: global supply and demand, and so is the price of Bitcoin. Of course, many things can influence the supply and demand of Bitcoin. If mining bitcoin will be taxed, for instance, it may hurt the supply. Regulation is important. And consumer and business demand for Bitcoin is critical. Today the main reason for the value of Bitcoin going up is, well, that the value of Bitcoin goes up. People hear about Bitcoin and want to be part of the game, which drives demand to the skies. A good time to SELL Bitcoin will be when your taxi driver tells you they bought a few, “just in case”, and when folks you meet at the local grocery shop proudly tell you that they’ve bought their grandson two Bitcoins as a college graduation gift. At that point, if you do have any Bitcoin left, hook up to your exchange and sell every bit of it.

From a financial industry perspective, the main point to understand about Bitcoin value is that this is not what Bitcoin is all about. Again, it’s like talking about the value of Paypal stock but not about what you can do with Paypal. You use paypal to buy stuff and pay other people. When Paypal did its IPO, they offered it at $13; by day’s end it was $20. Later that year it was acquired by eBay, so we don’t know what its stock price would have been today. But everyone uses paypal now. The same may apply to Bitcoin. 

So, if you stole $10,000 of Bitcoin, you’re now in the same place as everyone else: you need to make a somewhat speculative guess as for the future value of the digital coin. It’s exactly like deciding on buying or selling stock. If you’re sure the price will continue to soar, wait before you sell. If you’re not too sure, sell now and enjoy the spoils. A sound advice will be to sell some, and save the rest - after all, it wasn't yours to begin with, so you can afford being a speculative player.

 

Producing Bitcoins: our first criminal opportunity!

Here is a short, non-technical summary of how Bitcoins are produced. Essentially it’s a big numbers crypto game: you need your computer to run some complex calculations and try to decipher a 64-byte string before anyone else does, and then you’re awarded with a number of bitcoins. It’s like a digital treasure hunt where everyone is trying to beat you to it. Question is, do you come to treasure island with a toy shovel or with an army of digging rigs? This reminds me a bit of an excellent sci-fi book called Ready Player One – you’ll love it if you grew up in the eighties. In this book, a clever video gamer plays against a huge army of well-paid mercenaries trying to uncover a digital Easter Egg buried in a vast virtual universe.

The math makes sure that every new Bitcoin produced will require more calculations than the previous ones. By now, the odds for your PC to find a hidden Bitcoin stash by randomly ‘mining’ are infinitely small. So don’t try it at home, kids. It used to be easy to mine Bitcoin, but now you need a room full of dedicated hardware.

Or, a big botnet. Which is one of the first things you might think about as a cybercriminal who wants to get into the bitcoin business. People who already control hundreds of thousands of machines, or better yet – have gained access to cloud infrastructure someone else is operating – can certainly use them to manufacture Bitcoins. How to do that exactly? I’ll leave it to the bright minds in the community; I’m sure you can come up with a few clever ploys. The trick is to do it without the user (or company) noticing any slow down in their hardware.

 

Coming Next

I said it’s a multiple part guide – be patient! The next chapters will talk about owning Bitcoin, trading Bitcoin, the fact it’s untraceable and why you should care, why Bitcoin exchanges are sitting ducks, the security around Bitcoin, using Trojans and Phishing to get people’s Bitcoin, and several other goodies. See you later folks!

 

Thank You Note

I decided to write this blog after an inspiring, excellent presentation by the amazing Keren Elazary in Israel’s Cyber UnConference. It’s a day of fun and mutual education introduced by Yossi Vardi, a well known high tech guru/investor, and organized by a group of volunteers led by Nimrod Kozlovski, in which hundreds of folks from the Israeli Cyber Security scene gather to exchange ideas and information. Keren did a great preso on Bitcoin, and it was so thought provoking that it triggered this series of posts. Thanks Keren!

 

Bitcoin!!!! TagsMobile & onlinePayments

Comments: (1)

Brett King - Moven - New York | 07 December, 2013, 05:26

Great Summary - we should do something similar to round up regulatory responses too.

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Uri

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  14031 views  |  1  |  Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  2613 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

The Dark Side of Security

11 September 2013  |  1907 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

The positive side of Malware

20 June 2013  |  3452 views  |  0  |  Recommends 1 TagsSecurityMobile & onlineGroupInformation Security

The 1 Million Dollars Frontier Town Robbery

21 May 2013  |  2219 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services
name

Uri Rivner

job title

Head of Cyber Strategy

company name

BioCatch

member since

2008

location

Tel Aviv

Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strateg...

Uri's expertise

What Uri reads
Uri writes about

Who is commenting on Uri's posts

Brett King