Čvc 04

The Pirate Bay Resumes Cryptojacking But Should it Even be an Issue?

The Pirate Bay (TPB) has resumed its cryptojacking activities. The P2P file-sharing platform launched another browser script that hijacks unused CPU power of site users to mine cryptocurrency. TPB launched a similar browser script in September 2017 but discontinued it after vociferous protests from site users.

TPB is Running the Crypto Loot Web Miner

According to reports, the platform is running the web miner script called crypto loot. In a post on the TPB forum from June 2018, a user on the platform first reported the presence of the mining script on the TBP platform.

TPB appears to have set a new throttle value of 0.9 (90 percent throttle) for this latest coin mining script. Some users are reporting significant CPU utilization leading to overheating of their computers while browsing the site. When TPB tried to mine coins on its users’ computers last year, the script was throttled between 60 to 80 percent.

One possible explanation for the increased utilization of users’ CPU might be TBP’s need for increased revenue. These days, people tend to enable adblockers on the browsers. Thus, revenue from banner ads has declined significantly. Besides, P2P file sharing sites aren’t exactly cash cows for mainstream online advertising.

Platform Moderator Doesn’t Think it’s a Significant Issue

As expected, the development hasn’t gone down well with some site users. Many of them take exception to the fact that there isn’t an option to opt-out of their computing resources being forcefully used to mine cryptocurrency. Others decry the fact that the website administrators did not announce the fact that they had resumed running a web miner.

One of the super moderators of the TPB online forum, Sid, expressed disappointment at the development. Sid, however, opined that it wasn’t much of a problem, saying:

[Sic] Yeah, yeah, whatever. The time it takes to download a torrent is completely and utterly irrelevant. All you require from TPB is a magnet link. Open the site. Find a torrent. Click the magnet link. Close the site. End of miner. If you are ever on TPB for more than 5 minutes or so you’re doing it wrong. And if you’re ever on TPB without an ad blocker you’re doing it doubly wrong.

The Scourge of Cryptojacking

The Scourge of Cryptojacking

Cryptojacking isn’t exclusive to P2P file-sharing sites. In fact, the practice has surpassed virtual currency-based ransomware as the preferred attack mode of cryptocurrency hackers. At the center of the cryptojacking universe is Coinhive and the script it provides that enables people to commandeer the CPU of others to mine cryptocurrency.

There are hundreds of thousands of infected websites and users have to take precautions to safeguard their computers. So far, the practical means of protection include browser extensions like NoScript or ScriptBlock.

What do you think about The Pirate Bay resuming its cryptojacking activities? Keep the conversation going in the comment section below.

Images courtesy of Pirates-forum.org, Shutterstock

Úno 23

Get Rid of Your Passwords – REMME Announces Alpha Release of its Distributed Public Key Infrastructure (PKId) Protocol

· February 23, 2018 · 11:00 am

Ukrainian company REMME has recently released the alpha build of its REMME Core 0.1.0 protocol, which hopes to eliminate human error in the cybersecurity domain by getting rid of passwords entirely.

Password management is no joke. Despite the ever-expanding advances made in cryptography over the years, poor password discipline remains the greatest weakness to modern computer systems. Besides phishing attacks and easily guessable passwords, users have even been shown to give up their passwords for a bar of chocolate.

Even the mightiest cybersecurity systems have been brought to their knees by a single weak password. Case in point: Equifax notoriously lost the Social Security numbers of 143 million Americans in September last year for simply using the embarrassingly default password combo of ‘admin/admin’ in one of their online employee portals.

And yet, humans are getting no better at protecting their own credentials. Considering the average person can now be expected to maintain at least dozens of accounts spread across social media, chat apps, gaming platforms, email, and even work accounts, it’s little wonder that over 80% of people reuse their passwords. The most readily-available fix is to implement a password manager, though studies show that very few people actually use them.

Making the Password Obsolete

Making the Password Obsolete

The long-term solution? Bypass the password entirely.

That is what the REMME project is hoping to achieve with the recent alpha release of their Access Management solution. A Ukrainian company started in 2015, REMME intends to make passwords obsolete by migrating the authentication process on to the blockchain, thereby eliminating human error from the equation. This is being done using their distributed REMME Public Key Infrastructure protocol (PKId) along with a set of Access Management DApps built on top of it.

REMME’s Core 0.1.0 Alpha release currently offers developers access to the core functionality of the protocol, which includes access to the architecture and high-level logic of working with SSL/TLS certificates. It comes with a command-line interface (CLI) for developer’s seeking quick access to the protocol’s central features, such as issuing and revoking certificates and transferring REM tokens between users. The basic elements of working with the company’s REM token have also been integrated.

The protocol’s release comes hard on the heels of the company’s REM token public ICO on February 13th, which raised 19,343 ETH. The token sale has already reached its hard cap of $20 million USD  and tokens are currently locked until February 25th at 14:00 UTC.  The project has already come to the attention of several companies including Ukrinmash, a part of the State Concern Ukroboronprom, a large, state enterprise tasked with managing Ukraine’s military-industrial complex.

REMME’s efforts earned it recognition at the Microsoft Blockchain Intensive held by Microsoft Ukraine in June 2017. The team won first place at the event’s blockchain-themed hackathon, where they used REMME authentication technology, IPFS protocol, and the Ethereum blockchain to build a traffic collision awareness and reporting system. As a result, they made off with a $10,000 project grant, an invitation to the VivaTechnology conference in Paris, and a business, legal, and marketing consulting contract from Ernst & Young Global Limited, a professional services company based in London.

The project began in 2015 following a series of cyber attacks which rocked several large Ukrainian companies. By early 2016, the first closed beta version of the product was released on the Emercoin blockchain. This was followed by a second version on top of the Bitcoin blockchain in 2017.

The team’s next goal is to develop inter-blockchain token migration for the protocol’s next release. This will allow the REM token, which is currently released on the Ethereum platform, to be used on their custom REMME blockchain. Public testing is slated to begin later this year, with a public release set before the end of the year.

Are we entering a new age of cybersecurity? Will REMME finally get rid of the terrible password practices that have come to define most major data breaches? Let us know in the comments below!

Bitcoinist does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. Readers should do their own research before taking any actions related to the company.

Show comments

Úno 12

Three Easy Ways to Improve Your Bitcoin Privacy & Security

· February 12, 2017 · 6:00 am

As the world of Bitcoin becomes bigger, more lucrative and more mainstream, there are going to be more eyes on the industry. Here are three easy ways to boost your privacy and security.

Spotlight On Your Security

Whether its surveillance from government agencies or hackers looking for bitcoins and information, here are three ways to improve your Bitcoin privacy that you may know, but aren’t exploiting.

Bitcoinist_Security Ransomware Cisco

Using Bitcoin is not anonymous, as most current users already know. The public Bitcoin blockchain will not reveal your identity directly, but your Bitcoin transfers can be tracked with block explorers. Some of the best ways to improve your privacy – at least until the protocol itself is upgraded with more privacy-enhancing applications – is by upgrading how you interact with the internet itself.

1) Tor Browser

Tor takes the proxy concept to your browser, directly. It’s a free option; you just have to download the browser. Tor is originally a government concept, so if you are trying to avoid government surveillance, it may not be right for you, but it is the first layer of protection and can give you peace of mind against the low-level online hacker.

Bitcoinist_Transparency Tor

This is a far better option than using the same IP every day, in your hometown, for your online banking and your Bitcoin usage. If you are just using your local network’s IP, you need to step up your game and step into the 21st century.

2) Using a VPN (Virtual Private Network)

This is something I have used for years that most people online, or who use Bitcoin, do not use. A VPN is a great way to use the internet more freely, and Bitcoin as well. The main benefit is these networks provide you with an encrypted service, just like Bitcoin does. Think of it as the most advanced proxy service you can buy.

circumventing the ban is easy with virtual private networks (VPNs) and proxies

A VPN gives you a choice of servers and IP addresses to choose from. The number of choices will depend upon your choice of VPN network, but the best provide hundreds of thousands of IPs that you can switch between on demand, or at any interval you choose. I set mine to switch every hour, automatically. Try to shop for a no-log VPN provider, so the VPNs themselves cannot track you. You may want to look into providers like Firetrust and Pritunl

And a VPN can give you better internet access. Maybe the servers in your area are not the fastest, or you live in an area where you have restricted access. With a VPN, you can test all the servers on their network, see which ones are the fastest, or in a less surveilled area, and you are getting more security and faster downloads. A win-win. It’s a great investment in your online peace of mind for $60 a year or so, and many of these services even accept Bitcoin for payment, too.

3) Take Your Bitcoins Offline

If you have all your Bitcoins in a common online wallet like Coinbase, it’s hard to say you are really taking Bitcoin privacy and security seriously. No offense to Coinbase or Blockchain, but no one should keep all their bitcoins in one basket.

It is hard to find an online wallet provider that hasn’t been hacked, or isn’t under attack every day for the next decade. Maybe they have outstanding security, but the criminals are coming up with new ways to steal every day, so why take the chance?


Only store Bitcoin in online wallets that you are comfortable losing to theft. A wise Bitcoin user with any real cache of bitcoins would keep 80-90% offline in a paper wallet or hardware wallet, such as Case wallet, Ledger, Trezor or KeepKey.

You only access these bitcoins when you choose to, and can take your wallet on the road with you, or keep it in a safe, offline. Take your Bitcoin wealth on the plane and not get harassed by customs. A $60-$99 investment that should give you peace of mind no matter where you roam.

What do you think is the best way to maintain your privacy and Bitcoin security? Let us know in the comments below!

Image provided by Abine, Shutterstock

Show comments

Led 29

Big Changes in 2017 Will Shape the Future of Cryptocurrencies

· January 29, 2017 · 5:00 am

2017 will be the year where many more substantial changes happen. These changes will affect the future of cryptocurrencies.

Big Changes in 2017

We’ve seen some great developments across the cryptocurrency landscape these past few years. Recent changes have made the cryptocurrency scene even livelier than anticipated.

As reported before, more than 2.3 billion people can now shop on Amazon using Bitcoin. New regulations are being put in place by Europol, Interpol and the Basel Institute to protect Bitcoin exchanges and users.

2017 will be the year where many more substantial changes happen. These changes will affect the future of cryptocurrencies. To help you prepare for this exciting year, here are some of the biggest changes to anticipate.

More Emphasis on Privacy

Bitcoin was never the most private cryptocurrency on the market. The nature of Bitcoin means each Bitcoin address can still be tied to an individual if the address is linked to an account or other identifiable information. When this happens, it is easy to dig up a lot of information about the owner of the Bitcoin address.

Bitcoin Privacy

A recent discussion in Bitcointalk Forum revealed that a payment recipient can find out more about the sender’s spending habits and calculate the amount of Bitcoin the sender actually has just by retracing a single payment. All that is needed is a linked Bitcoin address. This is a problem that has been haunting Bitcoin for a while.

In the future, cryptocurrencies such as Monero will gain more traction due to the way they are set up for maximum privacy. Monero is already enjoying a boost in value due to its immensely private nature. More merchants in the Dark Web are now using Monero to handle their transactions.

Cryptocurrency in Education

It is also interesting to note that cryptocurrencies are beginning to be seen as investment opportunities and legitimate transaction methods beyond their digital boundaries. Universities such as Ohio University and the master of financial economics programs they provide are already hosting classes about Bitcoin and cryptocurrencies in general. Some colleges are also allowing students to pay for their online MFE degree using bitcoin.


The move is a good sign that cryptocurrency is going mainstream. We already have thousands of offline merchants accepting Bitcoin payments today. It won’t be long before major corporations and brands begin to integrate cryptocurrencies into their transaction workflows.

The rapid growth of Bitcoin, Monero, Ethereum, and other popular currencies has also attracted investors who are buying into cryptocurrencies solely for investment purposes. These investments are yet to make a big impact on the value of cryptocurrencies, but this year’s addition may change that.

Bigger Capacity

One last potential issue that has been looming over the use of cryptocurrencies is capacity. The blockchain issues we had earlier last year already showed how capacity can still be an issue. Fortunately, newer algorithms and better programming loops are being implemented to expand the reach of cryptocurrencies outside its current limitations.


All of these changes are very good for the future of cryptocurrency and they will be taking shape in 2017. There are still more steps to complete before cryptocurrencies can truly go mainstream, but we’ll be seeing a lot of progress happening this year.

Will these three areas be the main focus for cryptocurrencies in 2017? Share your thoughts below!

Images courtesy of Shutterstock, Ohio.edu

Show comments

Srp 22

A ‘Brave’ New Benchmark: Putting the Browser’s Hype to the Test

Source: bitcoin


We previously tested a very early build of Brave to see what kind of performance the new browser was packing. The thing is, that build wasn’t feature-complete or optimized for release. Now that it’s out in the wild (users are still waiting on the promised Bitcoin-centric features mind you) with all of its bells and whistles we thought we’d revisit our initial tests, and cast a wider net to give you a good metric for Brave’s real-world performance as it stands. 

Also read: Mycelum Gets P2P Tumbling

Is it as fast as it was before release? Is the responsiveness a nice bonus to their browsing experience, or is it just placebo compounded by novelty? We’ve rounded up six modern browsers, including a peek at the still-in-infancy Mozilla Servo, and tested them rigorously in an attempt to answer these questions.

Brave Benchmark Data

Each Browser is the latest version available, stock standard with no customization whatsoever, with the exception of Firefox, which is heavily extended and in use as my daily driver. I included it in testing to give a baseline for performance after long-term use and customization.

These are the normalized scores for each benchmark we ran. It’s hard to see a clear performance champ, but Brave initially looks healthy. Note that Vivaldi, Chromium and Brave are all based on Chrome, so we can reasonably expect them to perform similarly, though Brave is anecdotally supposed to be more performant. Speedometer seems heavily skewed towards Chrome optimization as well:

Here we see memory consumption with a large amount of tabs open. Brave consumes the second highest amount of memory out of all the browsers tested. Something to consider, as it may not run as well on systems with less than 8GB of RAM:

Interesting side note: I attempted to benchmark a release optimized build of Servo to see how far the project had progressed, and I very quickly got my answer — not very. The only thing I could get to run was Mozilla’s Dromaeo JS suite, which puts Servo’s performance at a little below a customized Firefox:

Here are the Peacekeeper Platform-Neutral Benchmark scores, relative to Brave’s performance. The picture starts to get a little clearer here:

And the aggregate normalized scores from every benchmark used in our tests:

Benchmark Conclusions and Recommendations

Brave is disappointingly slow, performing the worst out of the box, and only beating my extended and abused installation of Firefox. It even underperforms the aggregate average that includes Firefox as a negative outlier.

It also comes in second to last on system resources, and given the lack of promised bitcoin integration and the abysmal privacy situation hidden under a veneer of ad-blocking, I see little to no reason to use this new browser. It might be an upgrade if you’re moving from Internet Explorer or Safari, (or a really dirty install of Firefox) but the UX feels like a portal into the mid-2000’s, and any performance increase you’ll feel is an almost guaranteed placebo.

If you want a pretty, clean, user experience, try out Vivaldi. It performs similarly, and there’s a lot of thought put into the UX. Need privacy or just hate web advertising? Install a few add-ons in Chromium or Firefox.

Want to get paid BTC to view ads? Try getting in early on an MLM scheme, because there’s no word on when that’ll be coming to mainline Brave. Given time, and assuming the devs make good on all proposed features, this browser may become attractive, if not blazing fast. Until then, stick with what you’ve got, or try one of the other perfectly serviceable browsers represented in the benchmarks.

Questions about the browsers covered here? Leave them in the comments!


The post A ‘Brave’ New Benchmark: Putting the Browser’s Hype to the Test appeared first on Bitcoinist.net.

A ‘Brave’ New Benchmark: Putting the Browser’s Hype to the Test

Čvc 08

Google Experimenting with Crypto for the ‘Post-Quantum Era’

Source: bitcoin

Google Experimenting with Crypto for the ‘Post-Quantum Era’

What happens to cryptography once quantum computers are everywhere? Will it still be possible to keep encrypted systems — like the Bitcoin network — secure?

Also read: The Halving Month Is Here; What Will Happen to the Bitcoin Price?

This week, Google addressed the question with a blog post titled, “Experimenting with Post-Quantum Cryptography,” which looks at how possible computing speeds in the future could compromise encryption, even today.

Quantum computing, long a computer science holy grail, promises to increase processing speeds on data operations exponentially. Rather than coding data into binary bits that must be either “1” or “0,” a quantum computer would theoretically use quantum bits (“qubits”) capable of existing in multiple states at the same time.

While this would have obvious benefits for almost every computer application in existence today — and even future applications — it presents a threat to any program that relies on cryptographic algorithms for protection, such as encrypted messages and bitcoin wallets.

Remember how it used to be OK to have a 5-letter password? Now, it’s advisable to have 20 or more characters, varying between numbers, symbols, and both upper and lowercase letters. This change in the need for password strength happened over time due to the progression of technology at its normal rate. Quantum computing would make simple password security obsolete, its processing power allowing it to crack even the toughest encryption with ease.

Such computers do have their limits, though. A more detailed research paper into the topic is available here.

What Would Quantum Computing do to Bitcoin?

The threat quantum computing poses to Bitcoin has been known and discussed in the community for a long time, to the extent that some old-timers have grown weary of the topic.

Common belief is that Bitcoin’s hashing functions (used in mining) are safe from large advancements in quantum computing, but that the elliptic curve digital signature algorithm (ECDSA) used to secure private keys could be compromised.

This would present a danger to any address containing large amounts of bitcoin, or one that is re-used often and well-known. If disposable addresses are used instead — as most modern wallet software does automatically — quantum computing would be less of a threat, though not a solution to the problem.

However, the arrival of quantum computers won’t constitute the first time Bitcoin has been affected by advancements technology. In his original white paper, Satoshi Nakamoto appeared to envisage mining on desktop CPUs, but users very quickly developed ASIC chips designed to do nothing other than solve Bitcoin’s hashing algorithm.

The Bitcoin protocol has adjusted difficulty accordingly, keeping blocks coming at roughly ten-minute intervals despite the hashing power added by ASICs. The possibility of adapting the Bitcoin network to quantum computing is not as certain, though.

Google’s Take

As Google’s post points out, this is not a threat yet — the experimental quantum computers that exist today contain only a handful of qubits and could not break current cryptographic algorithms. In fact, it is not known whether a larger-scale quantum computer is even possible, despite all the private and public sector research going into the field.

If it does become possible, though, a future quantum computer would be able to retroactively decrypt all of today’s encrypted communications — which is definitely something to think about.

Google is now experimenting with a “post-quantum key-exchange algorithm,” using it to encrypt small amounts of traffic between “bleeding edge” Chrome Canary browsers and Google’s servers. This will be on top of already-existing encryption, since the security of the post-quantum algorithm has not yet been thoroughly tested.

Don’t be Concerned Just Yet

Google’s post-quantum algorithm is called “New Hope,” but it’s just one of many possible solutions to the problem. Google wants to run its experiment with New Hope for under two years, “hopefully [replacing] it with something better” in the future.

In any case, for quantum technology to advance to the level required to break cryptographic algorithms, and for that technology to find its way to the consumer market, is expected to take decades, and that’s even if it proves to be possible.

Think about it — but don’t lose sleep over it. Yet.

Do you worry about advancements in computing technology affecting Bitcoin?

Images courtesy of D-Wave Systems via Wikimedia Commons.

The post Google Experimenting with Crypto for the ‘Post-Quantum Era’ appeared first on Bitcoinist.net.

Google Experimenting with Crypto for the ‘Post-Quantum Era’

Čvn 03

TeamViewer Credential Breach, Bitcoiner Computers at Risk

Source: bitcoin

TeamViewer Credential Breach, Bitcoiner Computers at Risk

User beware if you’re a TeamViewer! According to recent reports across Reddit and elsewhere, we have come to determine that the remote viewing service has had a data breach recently, rendering account usernames, password, and 2-factor authentication details compromised. 

Also read: Cyber attacks to the federal reserve under our noses for the past five years 

TeamViewer Access Credentials Stolen

As a casual Bitcoin user, if you have ever hired an external developer or perhaps used TeamViewer as a drop-in solution to gain remote access to your home or work computer, then those connection points are now likely compromised.

Reports of a service outage came midnight on June 2 through Twitter, where TeamViewer mentioned that they were experiencing a Denial of Service Attack to their DNS servers.

More troublesome is the reaction of from TeamViewer, who has since blamed “weak user credentials” as the culprit for the string of unauthorized logins. According to a source who goes by the name of /u/Macdonjo on Reddit, the company is attempting to silence articles and publications through threats:

“We were basically forced to change what the article said, based on what TeamViewer wanted us to say about them.”

According to self-reporting — which may be lower than reality due to shame or embarrassment — a vast majority of the breaching incidents reported by end-users occurred between May 29 and June 2, 2016.

While possible that TeamViewer’s breach is correlated to the recent Myspace hacking incident, the availability of 2-factor authentication data rules out Myspace credentials being the main culprit.

If you currently use TeamViewer, then your first step is to check if your authentication credentials were leaked (Use HaveIBeenPwned to check.) If so, change passwords for every service and consider yourself very lucky if nothing else has been accessed — like your email or bank account.

Next, you should login to TeamViewer’s application console. Now, on the upper-right side of the screen, click your username > edit profile > active logins, to see every device and location that has accessed your account.

Nothing is worse than having your cryptocurrency stolen. Eliminate potential vectors of attack! Use SSH tunneling with X-forwarding (for the screen and graphics capability) if you can. And for heaven’s sake, stop using the same password across domains!

Were you affected by this breach? Let us know in the comments below!

Images courtesy of DummyGallery, TeamViewer. 

The post TeamViewer Credential Breach, Bitcoiner Computers at Risk appeared first on Bitcoinist.net.

TeamViewer Credential Breach, Bitcoiner Computers at Risk

Kvě 22

Industry Report: Bitcoin Is Still on Drugs, No Detox in Sight

Source: bitcoin

Bitcoin Industry Report

Coinbase undergoes some changes, Bitcoin can’t break it’s drug habit, and Silk Road has a heart of gold. Here’s what you might have missed in this week’s cryptocurrency news:

Also read: Industry Report: Bitcoin Hears Thunder, Ethereum’s Biggest Crowdsale, Kaspersky Kills Crime


Bitcoin exchange Coinbase is changing its name to Global Digital Asset Exchange (GDAX) after announcing support for Ether trading on its platform. Why is Ether suddenly all the rage? Recently, Ethereum has launched the world’s largest crowdfunding campaign for its new DAO project, which is being hyped as the ultimate way to allocate capital. The campaign has managed to raise over $150 million USD, and everyone wants a piece of the action. Coinbase is now aiming to accommodate the growing list of financial institutions eager to trade Ether and bitcoin, respectively.

Ether has been a long-time rival of bitcoin, and now it’s finally earning its big moment in the spotlight. Vice-president of business development at Coinbase Adam White stated confidently:

“We’re very excited about Ethereum. There has been a ton of progress made in the last six to nine months… We have seen hundreds of emerging decentralized apps (applications launched on Ethereum… What’s powerful about ethereum is that I can write self-executing contracts, and I can run them on Ethereum, and it’s not on any central server or computer.”


ESU student Michael Mancini is spending time behind bars following accusations that he used the dark web to purchase LSD with bitcoin and later sell his drug stash to friends and roommates.

Bitcoin’s reputation has long been tainted by its use in illicit activities. Despite the fall of the original Silk Road and its successors, the sale of drugs and firearms via the deep web hasn’t shown many signs of slowing down.

Things ultimately took a downward turn for Mancini when an informant told ESU police of the drug deals that were allegedly taking place on school grounds. It is believed that Mancini purchased the LSD at $9 a hit, and kept some for himself before dealing the rest to assorted colleagues. One too many orders led to suspicion among authorities, who upon inspecting the contents of the student’s latest delivery, proceeded to arrest Mancini for purported drug trafficking.


In what appears to be an effort to go “clean and sober,” Silk Road 3.0 has returned after a period of non-use and announced a charity drive set for June 8th, 2016. Approximately $5 from every sale will be donated to the Last Door Recovery Society, a drug and alcohol treatment center based in Vancouver. While the site will not necessarily be used for legal services, the owners are attempting to set people in the right direction and encourage “responsible use” among those who engage in “mind-altering substances.”

Additionally, those behind the charity’s operation have stated that they will be donating from their own pockets in an attempt to increase funds and promote bitcoin usage. All the while, the owners aim to silence suspicious parties by stating they are worried less about making money and more about ensuring user privacy.

Know of any good stories that should be included in our next industry report? Tell us about them below!

Images courtesy of YouTube, beforeitsnews.com, drupal.org.

The post Industry Report: Bitcoin Is Still on Drugs, No Detox in Sight appeared first on Bitcoinist.net.

Industry Report: Bitcoin Is Still on Drugs, No Detox in Sight

Dub 13

Why the FBI Encryption Debate Is Less Significant Than You Think

Source: bitcoin


Apple recently won their case against the FBI, and the FBI cracked the iPhone in question anyway, with the help of Cellebrite, a government contractor that provides “forensic extraction” tools to investigative agencies. Their new methods in securing evidence have bordered closer to hacking, bringing the legality of them into question. 

Read Also: Homeland Security Task Force Tracks Domestic Bitcoin Traders

The federal investigative agency has shown a pattern of reluctance to release their data acquisition methods, including refusing an order from a Federal Judge to reveal how they hacked the Tor anonymizing network during the investigation of an online child pornography ring. Their refusal has been the subject of some controversy, and while they argue that releasing these methods may lessen their effectiveness in the future, it also sets a disturbing precedent for the status of our 4th Amendment rights.

Encryption Matters Less If the State Endorses FBI Hacking

Traditionally, the burden of investigative methodology falls on law enforcement to ensure citizens’ rights are not violated. At least in the States, law enforcement is barred from searching a person’s belongings without probable cause. If the FBI does not need to disclose their methodology in obtaining their information in digital investigation, then the current debate over civilian encryption is largely a moot point.

There are plenty of ways to circumvent privacy-minded practices being used by Law enforcement that fall under the umbrella of hacking – the digital equivalent of breaking and entering. Many of them may be violating probable cause and employing malware to collect data on suspects. The encryption debate challenges some of the assumptions that are generally made about private and sensitive data as property, but the discussion largely omits these novel “forensic” methodologies used increasingly by law enforcement to gain questionably legal access to that data.  Furthermore, hacking is a prosecutable offense if carried out by a private citizen, just like B&E. It’s all well and good that the FBI took down a pedophile ring, and can access a domestic terrorist’s mobile device, but if they are violating the chain of custody or probable cause to build their cases, something is clearly wrong.

Cellebrite’s UFED mobile data extractor

Even assuming a best case, by-the-book methodology, refusal to release their exploits is problematic for security application developers because they leave legitimate users vulnerable. The rhetoric circulated by law enforcement is that the “bad guys” would start using them, which is entirely false. Malicious actors exploit security vulnerabilities every day to conduct illegal activity, which is precisely why the security community shares info on them. The sooner the exploits are well known; the sooner software developers can patch holes that put their users at risk.

By keeping mum about their software exploits, the FBI is writing every malicious actor on the planet with knowledge of the vulnerability a blank check, because the developers of the software being abused can’t fix their problems until they reach critical mass on the black market. The FBI is enabling cyber-crime to further their agenda. Even worse, they have stated a willingness to cooperate with local law enforcement to do the same, exposing their methods to a much larger, more leak-prone community.

It doesn’t matter if you’re taking down pedophiles, drug lords, or common street criminals. Excusing the shady practices being used to build cases against them is a slippery slope, and the FBI is assuming they’ll get away with it because people don’t understand the technology in play with these cases. In doing so, they leave the security community and software developers in the dark, and allow malicious hackers to ape their methods and act with impunity.

Data encryption is a powerful tool that is utilized for many legitimate applications, ensuring source safety among them. If state actors are allowed to circumvent tools like encryption and Tor using malware and methods illegal in the private sector, then using those tools just treats symptoms of a systemic problem. What’s to stop the government from rooting out confidential sources that start unfavorable press or violating dissident privacy to discredit them? The moral arguments against tools like encryption are a thin veneer over unacceptable methodologies in modern law enforcement, and conceding to them is giving the state more ground to operate outside of their jurisdiction, and the legal protections private citizens enjoy.

Thoughts on law encforcement practices in the digital realm? Let us know in the comments!

Image courtesy of Cellebrite.

The post Why the FBI Encryption Debate Is Less Significant Than You Think appeared first on Bitcoinist.net.

Why the FBI Encryption Debate Is Less Significant Than You Think

Dub 01

Homeland Security Task Force Tracks Domestic Bitcoin Traders

Source: bitcoin

Homeland Security Task Force Tracks Domestic Bitcoin Traders

31 March 2016 – The federal government now has a task force dedicated to tracking and analyzing domestic and foreign “unlicensed bitcoin exchangers.” The task force, part of the Homeland Security Investigations (HSI) branch of the DHS, came to light in a federal affidavit outlining the investigation and arrest of David Burchard for large scale distribution of marijuana on Tor hidden services, under his alias, “Caliconnect”. This kind of inquiry, previously restricted to the FBI cyber crimes unit, has been extended to other federal agencies and HSI’s dedicated involvement carries implications for the US bitcoin community moving forward.

Read also:  Decentraleyes Addon Fixes Browser Privacy, Circumvents CDNs

Bitcoin Surveillance Gets Special Attention From Homeland Security


While it seems that the traditional flaws in operational security have been the main avenue taken by HSI in investigating Burchard, the language in the affidavit implies NSA surveillance had a part in linking his Bitcoin activity to his whereabouts and identity.

Burchard Affidavit Excerpt

This combined with dedicated domestic investigation of Bitcoin shatters any expectation of privacy for people utilizing local exchanges and other measures for US citizens. The transparent nature of Bitcoin makes it a bad candidate for laundering and malicious activity in the first place, so this revelation raises questions as to the validity of a dedicated task force for tracking clandestine bitcoin transactions.

Some of the information on Burchard also came from the 2013 Silk Road investigation, one marred by corruption, theft, and incompetence on the part of the federal authorities. Homeland Security has one of the worst records when it comes to their investigative branches, and this new HSI task force presents the corrupt elements in the agency even more opportunity. The task force, with its investigation and analysis of a transparent medium of exchange, and surveillance on citizens “to ensure a homeland that is safe, secure, and resilient against terrorism and other hazards” stretches the elastic clause to its limits. The fact that it’s presided over by a famously shady branch of the federal government makes the forecast for Bitcoin independence and privacy that much more grim.

What are your thoughts on increased domestic surveillance and Bitcoin privacy? Leave them in the comments below!

Images Courtesy of DHS, Twitter user Moustache (@lamoustache)

The post Homeland Security Task Force Tracks Domestic Bitcoin Traders appeared first on Bitcoinist.net.

Homeland Security Task Force Tracks Domestic Bitcoin Traders