This type of shit will keep happening until people stop trying to store money in relatively insecure consumer-grade hosting environments. The entire bitcoin economy is built on sand. Look into how much expense real banks go to in order to secure their systems. Then look at this never-ending parade of surprised victims who lost their bitcoins just because somebody found a vulnerability in some hosting company's bespoke password reset form.
I totally agree with this. I was working on a proof of concept for a back end system for a financial advice business. This needed to go to financial institutions and retrieve the latest price of a portfolio, that's it, not 'write' to the system, just updating data.
Before the companies would even talk to us, we needed to fill out a 20 page questionnaire about everything from where the company was located and registered, etc, to our security practices. We needed to have individual user accounts, with full logging and auditing so that everything could be traced. The datacenter we were in needed to be ISO27001 compliant, with yearly penetration tests carried out by an external company. Our systems needed to have penetration tests carried out by an external company... the list went on.
In the end, as a small business, we concluded we couldn't do it.
I've got some friends who work for a company that does secure datacenter hosting, for government stuff, bank stuff, etc. It is not cheap. It is seriously highly priced, and you don't get anything like Amazon AWS, it's all about managed servers and dedicated firewalls.
People need to start taking this stuff a little more seriously.
> it's all about managed servers and dedicated firewalls
The product I spend most of my time working on sells as a managed service to the investment/advice banks, and even though we only deal with the T&C side of things (no money, very little by way of client data (it should be zero client data really, but as names and other identifying info sometimes creep into file-check records and such they have to take precautions based on the service having more than just employee details within)) we have to keep with that sort of standard: ISO27001, everything dedicated including firewall boxes between "their" machines and us (& the rest of the DC, obviously), regular penetration tests, they even require background-checks and other vetting of our staff.
One of the other products worked on from here is used by the Met Police and several local councils. Even though it is only their procurement departments (bulk order of paperclips, ...) the hosting security standards are similar (in some ways more stringent).
> People need to start taking this stuff a little more seriously.
For bitcoin definitely. Companies like our clients already take it very seriously (the regulators would fine them heavily if they didn't, and if they didn't and information leaked out because they didn't the PR could be disastrous). What many of the individuals dabbling in bitcoin don't realise is that if they want a decentralised currency where no bank or government department has control, no bank or department can protect them so they need to make sure they provision sufficient security themselves which means properly vetting any suppliers or keeping the wallet in their own environments.
It surprises me that people running towards bitcoin because it is decentralised then immediately run to a centralised coin store to make life easier... They seem to want their cake and its icing without taking precautions to defend it from ants.
(OK, so many are running to it ATM because of the hype, rather than because of the decentralised nature, but they often claim otherwise)
People cannot simply stop using consumer-grade hosting and jump on a very expensive BTC vault.
There must be a demand proportional to the cost of any solution. And demand takes time to grow. Bitcoin is not bootstrapped by anyone, it grows from absolute zero, step by step. This type of shit will gradually happen less and less, but people cannot just decide to use more expensive and robust hosting.
I see your point, but if I were running a consumer-grade hosting company, I'd seriously consider updating my terms of service to disallow running mining operations or keeping cryptocurrency wallets in the servers.
That would be your choice. Just like I don't provide any kind of hosting to anyone because I'm not good at it. But the miners and users want to do their job somewhere and if we don't provide them with the hosting, someone else will. And only after some time some seriously better services will emerge.
Get your own damned server. They're not expensive. Get a connection you can cut with a pair of scissors if you need to. It's not hard.
Having a cloud-hosted front-end isn't a big deal. Having your BTC wallet on a system you do not have 100% physical control over is amateur hour.
A Raspberry Pi on a cable modem connection could be made more secure than whatever off-the-shelf hosting most of these companies are crazy enough to use.
Well banks generally refund stolen money, so you won't see a lot of noise from victims... but anyway:
How do you think banks got more secure? Trial and error, incremental progress. These repeated break-ins should make consumer-grade hosting environments more secure.
These repeated break-ins should make consumer-grade hosting environments more secure.
Not going to happen at the price points people are accustomed to - they'll simply become professional-grade hosting environments, with a price tag to match. See Amazon's recent cloud HSM announcements - $5000 set-up fee before you get started. Then people will whine about how expensive it all is, and some bright spark will come up with ways to make it cheaper by compromising here and there, and we're back to square one.
Honestly, the high tech industries are shocking at learning from history - "Oh, those constraints from 10 years ago don't apply to us anymore, technology has moved on." Sure, but people haven't, and most of the real problems are sociological problems - fraud, greed, stupidity, stubbornness. Companies that deal with money or payment processing come up against this faster than ones that don't, and they adapt (see PayPal's anti-fraud department, so successful they spun off Palantir) or die (80% of all Bitcoin exchanges to date).
It's just not that easy. People running these things completely lack the understanding of just how seriously security needs to be taken. Various sites handle millions of dollars worth of bitcoin with "patch all flaws" style security. People need to understand that millions of dollars of easily disposed of goods are worth killing people for.
It won't be long now until we'll hear the first case where some employee of a third-rate exchange or something will wake up with a barrel of a gun pointed at him, forcing him to go to work and turn over all the float at his company or have his family killed. It's been done in the USA, and for much less than what these exchanges and mining pools routinely manage.
Banks have security against this sort of thing. They manage it by making actually keeping that money after obtaining it without getting caught really hard. I have no idea how it can be protected against when it's bitcoin.
Banks have security against this sort of thing. They manage it by making actually keeping that money after obtaining it without getting caught really hard. I have no idea how it can be protected against when it's bitcoin.
Fiat currency has government buy-in, and government support for loss prevention. Bitcoin not so much. The general anti-government attitude that goes with BTC means there's little incentive for law enforcement to care. (Yes, a server break-in is cybercrime, but so is someone hacking your Wordpress or Facebook accounts, and that's the level of attention it will be paid)
>They manage it by making actually keeping that money after obtaining it without getting caught really hard. I have no idea how it can be protected against when it's bitcoin.
Well, you can trace bitcoin more easily than you can trace other currencies.
It looks like cryptocurrency brings an incentive to finally take computer security seriously for consumer grade software and hardware. It is the first time something is really at stake apart for intangible qualities such as "privacy" and "intellectual property". It is an interesting and unexpected(?) second-order effect of cryptocurrency.
It is impossible to predict the cost and/or gains from now to an undefined time in the future. But the good thing is that this will help non-cryptocurrency security as well.
I kindly disagree - the fact its consumer grade hardware doesnt change anything here. The fact its a hosting company and not own datacenter does influence the security, but not as much as you'd think, just count all these huge companies, gov institutions brought to their knees... It was, is and always will be a matter of effort vs value and risk, determined and skilled attacked will get what he needs one way or another and hosting choice in this case is more like OS choice, that matters a bit, but not a lot. It is not a boolean, where it does or doesnt make you secure. Security is just a state of mind.
IMO, it shows that we really aren't that good at securing our data. BC is basically data that is worth cash. And that's a huge incentive for criminals to go after it, just like a thief would prefer stealing $100 cash than stealing a bike they can sell for $100.
Exactly. Why not using a host witout connection to internet to host the database ? One could use a simple serial or usb link to exchange information with the host with a specific protocol. There is no way someone could hack ino the database.
A "simple" transport medium won't prevent security issues itself (you can run PPP over RS-232), but it will force you to define a fairly minimal API, which is possible with HTTP too.
Notice how all these leaks were not because of HTTP server security issues or the like, but because the critical parts of the application were not isolated.
No need to force obscure interfaces, just add an extra NIC and connect the critical part over Ethernet.
A different strategy could be to use a set of distributed server hosted at different hosting providers and use shared secrets. This would require that k hosts over n are compromised for the full system to be compromised.
Such system is more difficult to design so that it is as secure as the shared secret. But the benefit is that it would be distributed and thus avoid the single point of failure of a server behind a dedicated link and in a cage.
What is this response supposed to mean in context of the actual discussion here?
Just because they use a cheap trick to make the user feel more secure doesn't mean the system underneath it isn't, in fact, secure (it doesn't mean it is secure either, it says nothing one way or another).
I don't hear about big bank sites (even ones using psychological trickery on their users) getting cracked very often while bitcoin exchanges/wallet services/etc are falling over seemingly daily).
