Skip to content
Browse files

Merge branch 'master' of github.com:ted27/eecs-444-project-report

  • Loading branch information...
2 parents 4ca60c4 + 3e22dc1 commit 89b9a585a2a34322aaf6cf8f71956d08272ed589 @tdooner committed
Showing with 39 additions and 111 deletions.
  1. +39 −0 report.tex
  2. +0 −111 security.bib
View
39 report.tex
@@ -195,9 +195,48 @@ \section*{Attacks Against Bitcoin}
money make virtual banks a popular target for attackers.
\subsection*{Bitcoinica Heist}
+The most recent security blow dealt to the Bitcoin community occured in late March of
+2012\cite{Goodwin:Bitcoinica}. Eight users of the online Bitcoin trading market Bitcoinica were distrought one
+Thursday morning when they found that large sums of Bitcoins were missing from their
+accounts. As reports reached the ears of engineers at Bitcoinica, it became clear that
+their had been an intrusion. All in all, forty-six thousand bitcions were missing. At
+market, that amount would have fetched upwards of two-hundred and thrity thousand dollars.
+Some digging revealed that the attackers had gained access to Bitcoinica's Linode servers.
+Sure enough, on those servers were Bitcoin wallets. Most of these wallets were unencrypted,
+either out of ignorance, or so that the owners could easily automate trading. To date there
+are no leads on who stole the Bitcoins.
\subsection*{Allinvain Heist}
+In a story of catastrophic personal loss for one Bitcoin user, virtual theives managed
+to get away with half a million dollars worth of Bitcoins from a single man in mid 2011\cite{Worstoll:Allinvain}.
+At that point, Bitcoin was still in its infancy, making this one of the first big heists
+to rock the community. Bitcoin user 'Allinvain' claims that twenty-five thousand Bitcoins,
+at that time valued around five-hundred-million dollars, mysteriously dissappeared from
+his computer. Investigation later revealed malware on his computer that had been recording
+his keystrokes. This could have provided the attacker remote access with which they could
+have copied the bitcoins and then erased them from the hard drive.
+
+One striking thing about this case is that there is no way of knowing who stole the Bitcoins,
+or worse, whether or not the 'victim' ever had them. The theif could use them to buy
+something anywhere, even from the victim, without ever being caught. This highlights one
+of the greatest strengths and weaknesses of Bitcoin; its anonymity;
+
\subsection*{Mt. Gox: The Ultimate Heist}
+By far the largest heist in Bitcoin history is the Mt. Gox heist of June 2011\cite{Rashid:MtGox}. Taken into
+perspective the size of the currency and the impact of the heist, it is vertainly in the
+running for most significant currency heist of all time. The heist occured at the height
+of the summer 2011 Bitcoin bubble, when the price of a Bitcoin had reached an astonishing
+\$17.5. Attackers breached the security of Mt. Gox, a prominant Bitcoin virtual bank,
+and stole bitcoins from hundreds of the banks customers. According to the bank, the attackers
+made off with over 500,000 Bitcoins. At market rate, they had stolen about nine million
+dollars.
+
+The only problem in this heist was a ripple effect caused by the attackers. Being a young
+currency, 500,000 Bitconis amounted to about 6\% of the total value of the market.
+Unfortunately for the attackers, the affect of the heist and subsequent sell off was enough
+to plunge the price of a Bitcoin to about a cent, making the total pot about \$5,000. This
+attack is interesting because of the enormous ripple it caused in the market. In a show of
+resiliance, the Bitcoin market recovered, with Bitcoins now trading around 7\$.
\section*{Conclusion}
Bitcoin is a fascinating suite of protocols, expertly designed to be
View
111 security.bib
@@ -1,111 +0,0 @@
-@misc{ wiki:wiretransfer,
- author = {Wikipedia},
- title = {Wire transfer --- Wikipedia, The Free Encyclopedia},
- year = {2012},
- url = {\url{http://en.wikipedia.org/w/index.php?title=Wire_transfer\&oldid=479393690}},
- note = {Online; accessed 29-April-2012}
-}
-
-@misc{ wiki:bitcoin,
- author = {Wikipedia},
- title = {Bitcoin --- Wikipedia, The Free Encyclopedia},
- year = {2012},
- url = {\url{http://en.wikipedia.org/wiki/Bitcoin}},
- note = {Online; accessed 29-April-2012}
-}
-
-@article{wiretransferssuck,
- Abstract = {The article reports that approximately 85 million U.S. dollars are lost from unauthorized Automated Clearing House (ACH) and wire transfers in the U.S., according to the U.S. Federal Bureau of Investigations (FBI). It describes how criminals use phishing electronic mails (emails) that contain infected files or a link to an infected web site to target companies or specific employees. Other cyber fraud activities include third-party payment processor breaches and mobile banking exploitation.},
- Author = {Apfel, Ira and Deichler, Andrew},
- ISSN = {15284077},
- Journal = {AFP Exchange},
- Keywords = {ELECTRONIC funds transfers, CLEARINGHOUSES (Banking), COMMERCIAL crimes, PHISHING, INTERNET banking, UNITED States},
- Number = {9},
- Pages = {24 - 27},
- Title = {ACH and Wire Fraud Cost Corporates \$85 Million, FBI Says.},
- Volume = {31},
- URL = {http://search.ebscohost.com/login.aspx?direct=true&db=a9h&AN=67231092&site=ehost-live},
- Year = {2011},
-}
-
-@article{achsucks,
- Abstract = {The article discusses how wire transfers and Automated Clearing House (ACH) payments appear to be the transaction method of choice by cyber-criminals in the U.S. It says that cyber-criminals have become more brazen, more technically savvy and more sophisticated in their efforts to initiate fraudulent electronic transfers. According to the author, the rate at which the thieves are hitting the bank accounts of small business enterprises continues to rise. The benefits of using ACHs and wire transfers are also discussed.},
- Author = {WILSON, MARK E. and WELCH, MEGHAN A.},
- ISSN = {19367597},
- Journal = {Commercial \& Business Litigation},
- Keywords = {ELECTRONIC funds transfers, CLEARINGHOUSES (Banking), COMPUTER crimes, SMALL business, UNITED States},
- Number = {3},
- Pages = {26 - 27},
- Title = {ACH and Wire Fraud: Emerging Exposures to Banks.},
- Volume = {12},
- URL = {http://search.ebscohost.com/login.aspx?direct=true&db=a9h&AN=61866614&site=ehost-live},
- Year = {2011},
-}
-
-@article{Goodin:Bitcoinica,
- Author = {Dan Goodin},
- Title = {Bitcoins worth $228,000 stolen from customers of hacked Webhost},
- Journal = {arstechnica},
- URL = {http://arstechnica.com/business/news/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost.ars},
- Year = {2012},
-}
-
-@article{Worstall:Allinvain,
- Author = {Tim Worstall},
- Title = {Bitcoin: the First $500,000 Theft},
- Journal = {Forbes},
- URL = {http://www.forbes.com/sites/timworstall/2011/06/17/bitcoin-the-first-500000-theft},
- Year = {2011},
-}
-
-@article{Rashid:MtGox,
- Author = {Fahmida Rashid},
- Title = {BitCoins Heist Worth $8.75 Million},
- Journal = {eWeek},
- URL = {http://securitywatch.eweek.com/data_security/bitcoins_heist_worth_875_million.html},
- Year = {2011},
-}
-
-@inproceedings{Chaum:Cash,
- author = {Chaum, D. and Fiat, A. and Naor, M.},
- title = {Untraceable electronic cash},
- booktitle = {Proceedings on Advances in cryptology},
- series = {CRYPTO '88},
- year = {1990},
- isbn = {0-387-97196-3},
- location = {Santa Barbara, California, United States},
- pages = {319--327},
- numpages = {9},
- url = {http://dl.acm.org/citation.cfm?id=88314.88969},
- acmid = {88969},
- publisher = {Springer-Verlag New York, Inc.},
- address = {New York, NY, USA},
-}
-@inproceedings{Okamoto:Cash,
- author = {Okamoto, Tatsuaki and Ohta, Kazuo},
- title = {Universal Electronic Cash},
- booktitle = {Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology},
- series = {CRYPTO '91},
- year = {1992},
- isbn = {3-540-55188-3},
- pages = {324--337},
- numpages = {14},
- url = {http://dl.acm.org/citation.cfm?id=646756.705374},
- acmid = {705374},
- publisher = {Springer-Verlag},
- address = {London, UK, UK},
-}
-
-@misc{ Andresen:source,
- author = {Mark Andresen},
- title = {Bitcoin client source},
- url = {https://github.com/bitcoin/bitcoin},
- note = {Online, accessed 29-April-2012},
-}
-
-@misc{Nakamoto:Bitcoin,
- author = {Satoshi Nakamoto},
- title = {Bitcoin: A Peer-to-Peer Electronic Cash System},
- url = {http://bitcoin.org/bitcoin.pdf},
- note = {Online, accessed 29-April-2012},
-}

0 comments on commit 89b9a58

Please sign in to comment.
Something went wrong with that request. Please try again.