= 27d567bc2d48d9f40e9ccc20ea370b15)
CronoDAS comments on Why you should consider buying Bitcoin right now (Jan 2015) if you have high risk tolerance - Less Wrong
You are viewing a comment permalink. View the original post to see all comments and the full post content.
= 783df68a0f980790206b9ea87794c5b6)
Loading…= b715d02e85f7b3b4ae65ca3d3e450868)
Subscribe to RSS Feed
Powered by Reddit
= f037147d6e6c911a85753b9abdedda8d)
Comments (136)
How much does a botnet cost?
I've given estimates in some of my other comments, and you can find them in the academic literature, or Brian Krebs's Spam Nation, as to how much it costs to rent a botnet. If you run them through a mining difficulty calculator, the income from mining will be trivial at this point and you will wipe out any gains by greater attrition of your botnet. You'll be much better off using them to send spam, display scareware to users, and ransack personal data. (And this is assuming you could get the highly heterogenous computers of the botnet to all run GPU mining, which is quite a feat on its own.)
You need to account costs of getting caught. Botnets are easily create and maintained fairly anonymously, but renting them out means taking money, and spamming means having customers and sales, all of which increase your chance of getting caught doing something illegal. Doing computational proof of work for electronic cash is very low risk, and at the peak of BitCoin pricing a lot of the hacked servers were being used for BitCoin mining.
Even if you were able to bust a botnet which is mining bitcoins, compared to credit card fraud, bank fraud, this is going to be bottom of your priorities - at least till those setting the priorities own a shed load of BitCoins.
Botnets are often not heterogenous, sure you don't guarantee graphics cards, but most of those I saw were webservers hacked using the same small set of exploits, or same sets of default credentials.
Botnet operators hardly ever get caught.
Cite please. I was paying close attention during the boom to, among other things, the (non)use of botnets for Bitcoin mining, and I saw next to zero evidence of nontrivial usage.
Aren't botnets primarily home computers or routers?
ASICs are used to mine bitcoin now. If you have a botnet, you would use it to mine altcoins, most of which uses memory-intensive POW to render ASICs ineffective.
How much does it cost to hack the ASIC controllers?
I think that depends whether the PC the ASIC is plugged into has been downloading dodgy files. I don't think you can just pay a certain amount of money to hack into any arbitrary computer.
Plus, if you can hack computers, you might as well just steal the bitcoin wallets.
http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/
http://www.zdnet.com/article/hackonomics-street-prices-for-black-market-bugs/
http://1337day.com/
Found by Googling "zero day exploit market".
Did you know that there was a bug in Windows for 19 years only fixed recently and still not for XP? http://www.pcworld.com/article/2846004/microsoft-fixes-severe-19-year-old-windows-bug-found-in-everything-since-windows-95.html
Yes, you can pay a certain amount of money to hack into any arbitrary computer. Just ask N̶o̶r̶t̶h̶ ̶K̶o̶r̶e̶a̶ whoever http://sony.attributed.to/ says it is today.
WEll, those links are generally worrying, not just for bitcoin but for anyone who doesn't want hackers stealing intellectual property/bank details/watching you through your webcam.
But I still don't think its insurmountable. Sony were presumably not expecting a state to try to hack them, and perhaps should have taken more precautions. AFAIK these zero-day exploits require someone to visit a dodgy website or open an email attachment or run a file or whatever. From your link:
If you have expensive ASICs then the simple solution is to hook them up to a cheap rasberry pi, and then use this computer for nothing but mining. You wouldn't be using win XP, you'red be using a security-concious version of linux, perhaps.
The problem of securing wallets is more difficult. One tactic is to put most of your bitcoins in cold storage, and a few in a 'hot wallet' for immediate spending.
Hacking is worrying from many points of view, but given that the large majority of bitcoins have not been stolen, I really doubt its that easy.
As you seem to have missed it, http://sony.attributed.to/ is a parody. Refresh to see a different source blamed.
For the right budget, anything can be hacked. Many large banks have been hacked before, despite spending lots and lots on security. I'm sure whatever operating system is running on a pi has zero day exploits that don't require phishing. My point in mentioning the 19 year bug was that up until a few months ago, every windows computer out there had a bug that could be exploited by anyone for remote access. There was a huge openssl exploit last year also, and a big bash one.
The large majority of bitcoins are either held in small individual wallets which would be time consuming to go after and not worth it, or held in cold wallets.
There was a $5 million hack of bitstamp just 2 weeks ago.
A mining setup can't be held in a cold wallet, because blocks must be transmitted to the network.
Counterexample: Snowden and people around him (Greenwald, Poitras). I think the spooks tried very hard to hack them; I also think they failed in that.
Hm. If I had a billion dollar budget I could do it. I don't think the NSA can just put a billion into hacking a single person.
If you disagree with either of these points I'll try to defend them.
I disagree with both, but I don't think arguing over them is worthwhile as they both are not falsifiable.
But, if you spend a billion developing a zero-day exploit, surely you can use the exploit against anyone with the same operating system, or using the same program. In which case you are not paying a billion just to hack one person.
Also, the NSA has a $10 billion budget. The Snowdon revelations are incredibly embarrassing to them, and I think they would easily spend a little over a month's budget in order to hack him.
Ok, well I only breifly skimmed http://sony.attributed.to/ , but its a fairly subtle parody until you refresh it.
Large banks have lots of employees, which provides lots of opportunities for persuading someone to run programs they shouldn't. A bitcoin mine can be run with only one person having access.
Are you telling me that if I had found this exploit first, I could just have decided to read the NSA's files, Obama's email, stolen blueprints and conducted insider trading without any further work?
The NSA's files probably aren't hooked up to the Internet. They might not use Windows, either.
What you're looking for is the Heartbleed bug. That would have allowed you to hack perhaps 2 thirds of websites http://www.huffingtonpost.com/2014/04/08/heartbleed-66-percent_n_5112793.html (There are different estimates given, but many of the top websites were compromised.)
This Windows bug could have made you millions if you'd known about it earlier. Insider trading would have worked if you get someone into the right networks. Blueprint could be stolen. Obama's email: that depends on whether any computers that have access to it are Windows and on a network, probably not, but you could with a few more zero days. The really expensive hacks "burn" multiple zero days.
Put it this way: if you knew everything in the public domain today about computers and went back 5 years, you pwn >99% of computers out there, and I fully expect the same to be true in 5 years. For starters, you can impersonate any website by using an md5 collision attack. (This was fixed in 2008, so more than 5 years, but you get the point.)
Have I convinced you to change careers yet?
I understand that websites are vulnerable - after all, they are public and have to interact with users. But what about a computer sitting in a basement, not publicising its IP address and just interacting with the blockchain?
Contrary to your assumptions, I am not a bitcoin miner, just an interested layperson. Even if I was, I would simply move my coins into cold storage at regular intervals, and assume that the hackers know they can make more money insider trading and carding then going after a security-conscious bitcoin miner. And if I lost one hot wallet, its not the end of the world.
You have made me worry more about AI and BCI however, imagining a 'Ghost in the shell' future where people can hack into each other's brains.
Incidentally, are you a computer security professional of any form?
Right, so you go in, pwn a box -- oh, look! a whole bunch of juicy info, let me grab it...
And a... slightly alternative view: "What a n00b, blundered into our network, triggered all the IDS systems and is now glued to the honeypot downloading the stuff we prepared for him... Think he's ripe for swatting?"
X-D
Running a botnet would cost more (control servers, opportunity cost, etc.) than you could expect to receive in coins.