Bitcoin 51% Attack (and TrueCrypt redux)

First of all, since there may have been some confusion on the TrueCrypt thing yesterday (I was a bit rushed in closing out that writeup, in retrospect) let me clarify. I think the “I’m with the NSA and UTI” phrase indicates one of two eventualities:

1) The NSA contracted UTI to create TrueCrypt and release it as an “obviously not written by the Americans” crypto-honeypot. Perhaps the cypherpunk community was getting too close to writing their own FDE software. In any case TrueCrypt was cleverly bug-doored, which explains why GCHQ decrypted David Miranda’s TC volumes so fast.

Now with the TrueCrypt crypto-audit coming up, somebody panicked, realizing the bug-door would probably be found. Therefore, they gave the order to shut it down, and “muddy the waters” enough that people would think the bug (when it was discovered) was “just a bug.” After all, developers that send out duress signals [1] clearly weren’t working for the bad guys all along!

For those who are looking at me a little funny… this is standard operationg procedure in the espionage world. Catch a spy red-handed and ask him “so, how long have you been betraying us?” and he’ll tell you “since last week” when the real answer is “since last year.” The caught spy always seeks to minimize the damage he did.

Anyway, the “I’m with the NSA and UTI” suggests that the developer either “went native” and started sympathizing just enough with the world Internet community to warn them, or he went a little overboard with his “duress” signals. Either are plausible. The former option is more consistent with the TrueCrypt author not wanting a code fork [2].

2) The TrueCrypt developer is a UTI employee who’s worked on NSA contracts. However, he developed TrueCrypt on his own time and didn’t intentionally backdoor it. Now someone came to him and said “we know who you are. Backdoor it or close it down” and he took the latter option.

This is consistent with all the available hrad evidence, including specific and detailed duress signals / “warrant canaries” spotted in the shutdown. [1]

Presumably the developer knew his job put him in a risky position with respect to being asked to insert backdoors, so he planned ahead, and included a “I’m with the NSA and UTI” for good measure. (Constructing sentences like that is hard, and apparently the resulting Romanian is not anywhere near gramatically correct — which raises the question whether he put “im with the nsa and uti” into Bing to translate into Romanian…)

However, I don’t buy it. Why would anyone pressure the developer now? Why not wait until AFTER the crypto audit was complete, and TrueCrypt was certified good?

The argument here is that the intelligence types don’t want there to be a “known good” option, but come on, you already have Team Edward (or should that be Team Snowden?) and Amazon S3 using TrueCrypt.

[1]
http://it.slashdot.org/comments.pl?sid=5212985&cid=47117051
http://meta.ath0.com/2014/05/30/truecrypt-warrant-canary-confirmed/

[2] http://pastebin.com/RS0f8gwn

Okay… now with that out of the way…

Bitcoin’s got a problem. A single mining pool has reached the “51% point,” which means a single entity controls the network and can do basically whatever it wants.

To make matters worse, this entity has a history of doing unethical things on the Bitcoin network and it’s more or less a matter of time until they abuse this total power.

Fortunately, this is only an intermittent state of affairs. They’ve only been able to hold on to this status for under 12 hours at a stretch, though they’ve pulled it off several times.

Unfortunately, this was not entirely unforeseen. As the Hacking Distributed blog puts it — “So this is when we get to say “We told you so.””

http://arstechnica.com/security/2014/06/bitcoin-security-guarantee-shattered-by-anonymous-miner-with-51-network-power/

http://hackingdistributed.com/p/2014/06/13/in-ghash-bitcoin-trusts/

Advertisements
%d bloggers like this: