This week brought a number of headlines related to Bitcoin--a peer-to-peer online currency that seems to be increasing in popularity. From the security perspective, the rise of Bitcoin offers a peak at the type of financial transactions that may need to be safeguarded in the future and also provides insight into the criminal activities associated with such transactions.
Malware has appeared to steal Bitcoin wallets, time is near where botnets will be used for Bitcoin mining and attackers are probably considering whether weaknesses in the Bitcoin design and implementation might be used to game the Bitcoin market.Just like Friendster was the precursor to today's on-line social networks and Napster foreshadowed modern online music distribution models, so too BitCoins might be a sign of upcoming approaches to distributed online financial transactions.
Here are a few articles for coming up to speed on Bitcoin and the recent incidents associated with it.
Getting Started With Bitcoin
Become familiar with the key Bitcoin concepts--what Bitcoin is, why it exists and how it is used--by reading the Bitcoin Wikipedia entry.
Understand some of the reasons for Bitcoin continuing to increase in value by reading SmartMoney's perspective on the currency's growth streak.
Take a look at the list of vendors who accept Bitcoin as a form of payment or who can exchange Bitcoins into traditional currencies.
Consider the perspective that the economic factors behind Bitcoin might be unsustainable and could resemble a Ponzi scheme. Read a related perspective on why Bitcoin might be a poor idea.
Understand the notion of Bitcoin mining--generating new Bitcoins by solving cryptographic problems. Consider the likely scenario of compromised computers being used for Bitcoin mining--a malicious practice that is not yet widespread, yet will inevitably rise in popularity.
Recent Bitcoin Incidents
Read about Silk Road--an online marketplace for drugs such as LSD and Cannabis--that only accepts Bitcoin as the form of payment. This story brought Bitcoin to the attention of many people outside the tech community, including lawmakers.
Learn the details of the theft where 25,000 Bitcoins, potentially worth $500,000, were reportedly stolen from a person's PC. (Maybe the victim exaggerated the size of the stolen sum?)
Understand the nature of a recently-discovered trojan that was designed to steal the victim's Bitcoin wallet from the infected Windows computer. Also, read the forum discussion to understand how this malware was probably being distributed. (If you own Bitcoins, remember to safeguard the wallet.)
Potential Bitcoin Implications
Read the EFF's perspective on Bitcoin's potential to offer the kind of anonymity and freedom in the digital environment we associate with cash used in the offline world.
Consider the opportunities for financial arbitrage if the Bitcoin market could be manipulated through the sale of a large quantities of Bitcoins at once.
The notion of Bitcoin as a distributed and anonymous form of currency is capturing the world's attention. The readers of this blog will find it particularly interesting to consider the implications of the role that such currency can play in the criminal marketplace and online attack activities.
Perhaps Bitcoin might be ahead of its time and maybe its design and implementation is flawed--we will know soon enough. Regardless, it is an idea that will inspire creative thinking in the space of online payments. In the words of Edward Z. Yang, The future of Bitcoin depends on those who will design its successor. If you are investing substantially in Bitcoin, you should at the very least be thinking about who has the keys to the next kingdom.
(This diary is based on the text originally published on my blog.)
-- Lenny Zeltser
Lenny Zeltser leads a security consulting team and teaches how toanalyzeandcombatmalware. He is activeon Twitterand writes a dailysecurity blog.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.