I saw Cryptolocker in action, and what surprised me about it was how professional it was. For those not familiar, it would come as an attachment in an email, and once run, would encrypt files locally and on any shared drives. Particularly useful against companies, with many unsuspecting users and lots of sensitive stuff to encrypt.
It left behind lots of text files giving you instructions and an address you can access via Tor. When you went to that address, there was a web app to allow you to upload an encrypted file to confirm if it was Cryptolocker. If you pay the ransom, they would send their "decrypter tool" that had the encryption key embedded in it.
The real criminal breakthrough, in my opinion, is that all of these utilities worked. When people are able to do some research and find out that if they pay up, they really will get their stuff back, often times they will pay up. It's certainly very disturbing.
Ditto. I just helped a neighbor with some issues they had on their laptop. He managed to get one of these Crypto viruses (Crowti) and it was a royal pain to try to remove. Luckily he didn't really use nor have many needed personal files on the machine and the criminals allow you to restore one file to show you they can in fact decrypt your files. He only needed one file from the machine, that's the one we restored. After getting the file and pointlessly trying to remove the virus and other junk that got installed I realized I couldn't trust the machine even if I truly thought I removed it completely so I wiped it, repartitioned it and reinstalled everything.
When people are able to do some research and find out that if they pay up, they really will get their stuff back, often times they will pay up.
Everything old is new again. Back in the late 17th/early 18th century, with no police, ransoming stolen possessions back was a fairly common and accepted practice.
Why would you suspect that? Just because criminals more often commit crimes that do not allow for easy A/B testing (or dont offer a worthwhile return on it) does not mean smart criminals wouldn't do such testing. If you want to get technical about it american banks have been doing A/B testing for a long time, and often are just as big of crooks as extortion virus creators.
Due to the pseudo anonymitiy of cryptocurrencies, a whole range of perfect crimes is possible.
Say you've got a some bitcoins (as little as 3 BTC makes you attractive, but let's say you've got 100BTC ) and you order a pizza with bitcoins from that wallet.
The pizza guy fires up blockchain.info and notices that your address has a hefty balance, then picks up the phone and tips Oleg and Boris, giving them your home address.
Oleg and Boris mean business: they have a hammer, clippers, a soldering iron and an AK-47 in the trunk. Their target: your Bitcoins.
They wait patiently for your to exit your apartment or they follow you around or they just come knocking at your door.
They are ready to patiently torture you until you transfer all your bitcoins to their address. They will enjoy the process, you .. not so much.
After you finally give in and transfer them your bitcoins, they leave and disappear.
Now you've got absolutely nothing to show to the police: You cannot prove that those were your bitcoins and you cannot prove that the address you've transferred your balance to isn't yours. And you have no idea that it was the pizza place that tipped the bad guys.
For Oleg and Boris, it's the perfect crime: They just made $30k in 20 minutes and they didn't even have to kill anyone, a finger here, a finger there and they are rich!
This, in my opinion, is a great risk for cryptocurrency owners, because it offers potentially great returns for the bad guys and the risk is pretty small, plus it's very hard to prove that the theft/extorsion did happen.
Thankfully, this wouldn't be a perfect crime - there are several weaknesses that each (thankfully) provide many opportunities for police to collect evidence. For example, Boris and Oleg would need to conduct the exercise (for lack of a better euphemism) somewhere they control yet that cannot be tied back to them. They would need to keep the scene extraordinarily clean since the types of people who would torture are often the types of people with DNA samples in databases. They would have to avoid each other's names. And, faced with the prospect of serious jail time (this crime would receive a life sentence in many parts of the world), each party to the offense would have to stay solid.
The curse of intelligent criminals is all powerful. Intelligent criminals have to get lucky every single day for the rest of their lives. The police only need to get lucky once!! :)
That was a fun thought exercise and I hope your deserved upvotes rain in.
Oleg and Boris don't need Bitcoin or tipoffs to bash people over the head for their jewllery in rich neighbourhoods, and don't need named bank accounts and audit trails to get caught doing it.
The pseudoanonymity is perfect for phishing and ponzi schemes though...
1. Satoshi is likely carrying $300M in his head, today. Imagine what it will be in 10 years. You can't carry $1,000,000,000 in cash in your head for example.
2. Allowing criminals to steal BTC from you by force or extortion sets up horrible incentives. First, the criminals must voluntarily relinquish control of the BTC if you are to get it back, so there's little the State can do to help you even if they wanted to. Are you willing to use equal or greater force to compel hardened criminals to get your money back? The police probably aren't, and your government is almost assuredly corrupt regardless of where you live.
Ponzi schemes are the least of your worries in a world where Bitcoin is truly ubiquitous.
That is not the definition of a perfect crime I know. There are traces, Oleg and Boris for example, or the injuries. A perfect crime would have no realistic way to trace to the mastermind.
Also, shouldn't there be ways to indicate ownership with the private key?
Also, shouldn't there be ways to indicate ownership with the private key?
Well, it's possible to prove control of the address (simply transfer something to an address of the choosing of the person who you're trying to convince). "Ownership" is more difficult to prove.
Still, that's a strong connection between you and the address, which is a whole different story than "leaving no traces", and pretty far away from a perfect crime.
Update:
You are right, It's not the perfect crime. That's why I write code for a living :)
It's just a crime, but the rewards can be well worth the risks. You expect returns comparable to robbing a bank, but the criminal method is much safer for the robbers, they can even avoid violence altogether.
In the real world, badass shellshocked war veterans who've done time in a russian prison would meet very little resistance from a bitcoin-rich geek.
They don't need AK-47s to extort most of us, they just have to say something really scary, like 'All your bitcoins are belong to us. Now!' and pretty much all the geeks I know would shit their pants and hand over their private keys or make the transfer.
It's also certainly possible to prove that you did own the funds. That is, if the police is not in on it. And when we're talking big money, impossible things become possible, especially in corrupt countries.
Bitcoin is used all over the world. Maybe it's hard to imagine such crimes in US or Europe, but I wouldn't vouch for the rest of the world. Much much shittier things are happening every day.
Multi-sigs and address shuffling makes sense to us, but some random investor who's storing part of his wealth in cryptocurrency may have no idea.
If your cash was stolen from your wallet, how would you prove the cash was yours?
Besides, I think most "mainstream Bitcoin users" have their wallets on sites such as Bitstamp, Coinbase and so on. So they can prove the Bitcoin was theirs.
No, you don't want to give away the priv keys, as someone may transmit a future transaction you could claim with it. Simply signing a message would be sufficient. Don't reuse the 'k' value with your ecdsa sig!
Of course, you just have to prove that you know the private key. Handing it out is unnecessary. My bad.
BTW, instead of signing a message, you could also move around some money through that account. This may be easier to achieve for non-tech people, as it can be done with any Bitcoin client.
Simple: keep multiple addresses (all clients are built for this) and diversify your balance among them. Keeping them all on a single address makes even less sense than keeping large savings in a checking account.
It shouldn't be very hard to design the UI to make it hard to fall into this trap, either. Easy way: when doing a small payment from an address with a large balance, the client can automatically add intermediate transfers to avoid the direct link.
Of course, everybody should do that. But since we live in an imperfect world, not everybody will do it.
As you're saying, this should be implemented in the BTC clients themselves and they should not let you make large transfers without first warning of the dangers. But what if you're buying a boat or a car or a house ?
I've lived in the ex Soviet Union in the 90's and extorsion through torture was a common thing back then.
But now we might see the 21st century version of those guys, probably a bit more gentle - no need to shoot or kill people, just force them to press Enter and you're done.
If you're buying a boat or a car, you'll have to do a big transfer. But how is that any different than buying something expensive using a bank account? It's not a new problem with cryptocurrencies.
Your bank wire doesn't leak the balance of your account to the recipient. It is a new and unique problem with some cryptocurrencies. Of course, we have already proposed solutions to problem this with ring signatures, stealth addresses, 'coinjoin', 'zerocash', 'TITAN', etc.
As I wrote, you can simply move money around so that the final transfer doesn't reveal your original balance, e.g. if I have a balance on address A of 30 and I want to pay something that costs 4, I can just create multiple addresses where I move and subdivide the 30 until the last address only has a little over 4.
The recipient has no sure way of knowing that the original address was mine - I might just have withdrawn from a service like Coinbase.
Yes, you could cut it up into new keys, but there is still much data leaked. Taint analysis, change address balances, and the fact your holding addrs don't have 100s of tx's and thus are not an exchange hot wallet is a give away.
It's a fair point, but it's much less simple than you say.
Firstly, this problem exists in current society too. I don't think anyone has any problem picking out rich people, and anyone in a city will be able to tell you where the rich neighborhood is. Bitcoin doesn't make this any easier. In fact, best (and common) practice is to never reuse addresses, and use bitcoin inputs from various addresses. (e.g. to pay $5 for a pizza, you could theoretically, if you wanted, use inputs from millions of addresses each having only tiny fractions of a penny). Despite the public ledger, bitcoin offers a lot of financial privacy. As such the first premise of your story I think is flawed: that it's easier to find out who is bitcoin-rich.
Second, extortion, kidnapping, stealing, these are all things that on paper are pretty easy to do now, but to say it leaves no trace or that it's in any way easy (regardless of what token you steal, whether it's platinum bars or World of Warcraft gold) is clearly not true. Regardless of what is being extorted, this is really hard. For example, ideas can be extorted, too, passwords, keys to nuclear launch facilities etc. But it doesn't really happen too often, even though the tools to 'trace' a stolen idea or a stolen digital file are (and can be) limited.
But let's imagine it does happen? Let's compare it to a debit card. They kidnap you, take you to an ATM and force you to use it or give them the code. It happens every now and then, but the amount stolen is usually very limited, a few hundred bucks as that's the limit for most ATMs per day.
Bitcoin has similar options. You can have more than 1 key, and you can give such a key to say a friend, a bank, a server. Technically it's easy to set up a system where you have $1m, and to send $1m requires you and multiple other keys to sign, the key at the bank (stored behind armed guards), your notary or your friends. You can keep it simple or super complicated depending on your risk profile and the amount of money. In a small village as an unknown rich entrepreneur, keep it simple. As a known billionaire in guadalajara? Probably require lots of keys for any amount over $10k or something. Just making something up. Point is, technically you can set it up any way you'd want.
So they'd extort you and you'd say 'just like my ATM, I only possess a key that allows $500 to be transferred per day. For more I need more keys which I don't possess, I own them but I don't have them with me. I'd need to go to a bank' or whatever.
Now there are a lot of caveats to this. The whole notion of keeping all your money in your brain carries physical risks, and keeping keys with a third party (as opposed to 100% autonomy over your money) is sort of contrary to the spirit of bitcoin. But you can keep keys at multiple parties, neither of which individually have enough keys to control your money, while providing security benefits. In short, there are lots of possible solutions to the horror story you wrote (of an easy & perfect crime) that should be arriving in fully consumer-friendly ways over the next few years for sure.
And Oleg and Boris being the perfectly reasonable guys that they are. Say "Of course you have a key that only allows $500 per day. We'll take $500 and be on our way without causing you any further harm." :)
Note that it's no different from ATMs with a $500 per day limit.
We can have a broader discussion about physical security, but it's clear this isn't a problem that's unique to bitcoin at all. In fact, bitcoin allows anyone to configure their security according to their own risk profile, and retain full financial privacy in their ordinary lives.
I'm not saying it's a perfect world with bitcoin and that you're fully secure against overwhelming physical intimidation and force, but as I mentioned in another comment, acting like this is a unique problem to bitcoin just isn't true.
For digital extortion it is true, bitcoin is unique, for physical extortion it isn't. The reason being that it's very hard to send money without a trace digitally without using cryptocurrency, so bitcoin is unique here. If you run an extortion over Paypal, you're in jail by the end of the week usually. But physical extortion is possible because cash (or say jewelry) from ATMs is difficult to trace, bitcoin doesn't make this any easier. On the contrary, I'd rather steal from my ATM card than from my bitcoin wallet, as I only have $150 or so in a non-multi signature wallet, but my ATM has a $1250 a day limit, because I can configure my risk profile with bitcoin myself.
More likely, they will take your $500, drive you around in their trunk for a few days while extracting another $1500, then let you go under the promise to keep paying $100 per week until your original balance runs out and never talk to the police, or else they'll come back to kill you and your loved ones.
You may keep paying afterwards... or you may not. But even if they do not follow on their threats, $1K each for a weekend of "light work" is still pretty good money.
This is pretty similar to kidnapping someone and using their ATM every day at midnight with a hoodie on, and when you're done, you let him go and THEN he'll block his card.
And interestingly this virtually never happens that I know of outside of some countries in South America (where there's actually a term for it, express kidnapping)
In any case, it's no different to someone being abducted for his ATM card, it applies exactly the same.
We can have a broader discussion about physical security, I'm not saying we're all perfectly secure, but acting like it's a unique problem to bitcoin money is disingenuous.
Isn't it possible to trace history of transfers in Bitcoin? I thought the blockchains contained information about transfer from and to account, and that's de facto the way to check account's value - by tracing it's entire history.
but you never know at which point the coins came into the current owners posession. You could go back 1 step or 100 steps and trace the coins linegae from their creation until today but without knowing who owns all the intermediary addresses youy dont really know anything other than how much was sent when.
Cash survived thousands of years with this weakness. I'm sure cryptocurrencies would, too.
In fact, it would be easier to make the case that this was you money, thanks to the transparency of the block chain (and the fact that you have the keys).
True, the only difference is that cash (or any physical store of value, like gold) becomes cumbersome in large amounts. And random people having large amounts of cash or gold in their apartment is pretty rare.
1000 BTC on the other hand have no physical form so it's much more convenient.
I keep thinking these two things are related: 1) reliable identity 2) good security.
If you had a reliable identity - well implemented private key crypto or signatures, or perhaps just a fixed IP address - Communications protocols could be created that don't allow anonymous communication. You don't provide identity and they won't accept messages. The thing is, this would also allow private communications which neither corporations or governments want to happen.
So the internet will remain insecure so long as companies want to read your stuff for "ad targeting" and governments want to read your stuff to "stop crime". Got that last part?
There is no connection between CryptoLocker and ad targeting. What you're proposing would do very little to thwart tracking (imho strong identities would make it easier) and completely kill the open Internet where I can send and receive information from people I don't know, maybe even people I wouldn't want to know otherwise.
Just using public key crypto allows anyone to communicate securely with anyone else - including people you don't know. If you have end-to-end security, your communication can't be read and you can verify who a message or threat came from. It's all good with the exception of 3rd party listening. It's probably easier to see that data went from one person to another (which is no change) but that doesn't tell you what the data is (which is a big change).
I don't know why people don't seem to understand this. Or perhaps the lack of understanding is why it's not here.
Well, we already have botnets, so such a scheme can't possibly work (especially if there are public channels, such as IRC or Twitter etc. to control them).
When you require a traceable signature of where software comes from, botnets become less of a problem. Remember, it's mostly criminal activity that is anonymous today. And that's my point, the same technology that removes anonymity also enables secure communication - hence we won't be getting it.
It's the "Nigerian Prince wants to give you $100M" email scam scaled up another notch.
Where that was a pure numbers game, the criminal knows if they send out 1M emails, 1% will engage, and of that 1% they will get 1% to send money, that "scam" could easily be thwarted with a simple click of the delete button in you inbox or the increase of spam filtering to help the unsuspecting or unknowing not start the process at all.
This online extortion is certainly more aggressive and has an immediate effect on your life. Criminals are always looking for the next way to get ahead, I wonder where the "spam filter" to thwart this effort will come from and what they will move on to next.
And this is where the thieves start getting creative. Backups, setting a PIN, using decent passwords--all of these steps prevent the low-hanging fruit of locking up someone's data (and can be installed by technically-savvy friends or family). The bigger question is how to protect your reputation, especially when directory entries can easily be modified on Google, Bing, and Yelp, complaints can be submitted to the health or licensing agencies online, and even cranking out some SEO can get "bad press" filtering near the top of search results.
These viruses can encrypt connected storage too, so your backups better not be all on a network drive or external hard drive. I believe they can encrypt Dropbox folders, not sure about Crashplan or similar services.
Crashplan retains old versions of files (it's a backup service) and you can choose to restore everything before a certain date, so you should be able to get everything back.
Yes, but only for 30 days unless you pay more. If you don't realise there's been a problem quickly enough, you could be in trouble.
I'm not sure there's an easy way to restore everything from before certain date, either, though I'm sure it'd be possible to knock something up to do it.
Extortion is a weird, upsetting crime. It seems to be a waste product or high-entropy end state in a stagnant economic system.
First, the powerful extort constantly. When VCs use their social connections to other VCs (the culture of co-funding) to pull the "we'll turn off the whole Valley" card, also known as "the reputation threat", and get people to sign bad term sheets, that's extortion. Most bad reference and negative reputation issues that exist in the Valley come from people who refused to be extorted. But when people in power do it, they don't call it "extortion". They call it "power".
Likewise, most people who acquire power did so by extortion. Not in the hold-up sense, but by happening into important information on powerful people and being able to leverage it into the investment of said powerful people in their careers. All that said, it takes a certain social skill to pull off. You can't just send an email saying, "I know <X> and will release it unless you provide <Y>, <Z>, and <W>." You'll piss that person off, and it's a felony, and even though you'll probably never do jail time (because the extortion target still doesn't want "X" to see daylight) that person now holds the cards. You have to be really subtle and it's best if the extortion threat is unsaid. One of the reasons why fraternity affiliations are so powerful is the implied mutual extortion that comes from living together for 3-4 years at a time of life in which people tend to be impulsive and do incredibly stupid things that their adult selves will regret.
If you're in the same frat, you're bound to have dirt on that person, and if that person becomes powerful, you'll cash in. If you say, "I'll reveal <X> unless you <Y>" you won't get anything, and you could end up in jail... but if it's a tacit agreement, that person will support your career in perpetuity. Perversely, the network effect of this tacit, mutual extortion is positive for the group of people it covers because it spreads good fortune around.
Extortion seems to be a by-product of stagnation, because it's the ultimate zero-sum activity. It's what people start doing to each other when they give up on new contribution. Oddly, the frat culture (for all its ugliness) seems to be an adaptation to this because, while it creates a low-level tacit extortion field, it also prepares people to handle external extortions (from "the proles" who "have no right") and to exercise power (cough extort others).
What's strange about this rash of online extortions is that it seems to be coming at a time when, objectively, there shouldn't be a sense of economic stagnation. There are, arguably, more opportunities for positive-sum contribution than there ever were. But the social distance between capital and effort/talent has never been greater, especially on a global scale, so that might explain the problem.
"What's strange about this rash of online extortions is that it seems to be coming at a time when, objectively, there shouldn't be a sense of economic stagnation."
I think you're confused because you're trying way too hard to fit this into a preconceived political template. I find it perfectly adequate to explain the current spate of cyber-extortion simply by observing that it has gotten much easier, which is to say, cheaper, and therefore in the cold cost/benefit calculation that even criminals do, it has become more appealing. No massive global economic climate analysis or weird extensions of the word "extortion" necessary. There is no 19th-century equivalent to just mailbombing extortion threats to everybody the way you can mailbomb an extortion virus like that, from half a world away in a legal system that has no interest in pursuing or extraditing you, and similarly, hacking even large corporations is frankly disturbingly easy which tips the balance in favor of the extortion.
It's the same reason Nigerian scams have exploded. They weren't created by email, my parents received (and discarded, of course) physical Nigerian scams in the mail once in a blue moon before any of my family were ever on email, but over email I couldn't even count how many tens of thousands of them I've received (since I've averaged well over one per day for years and years now, I'm sure). I don't need complicated geopolitical economic analysis to figure out why... it's cheaper over the Internet and therefore more appealing.
I was in a fraternity. Did some people do some stupid shit, sure, it was college after all. But I have a hard time seeing how any crazy extortion schemes would come into play as you described. I don't know how I could extort a brother because I once saw him puke in the street or streak thru campus. For someone as prolific on HN as you, I'm surprised to see you come off as a conspiracy nut. Or, maybe me living in the midwest where everyone is nice and cooperative in general has given me a warped view of the world (albeit a positive view).
So, there's a wide spectrum of organization given the name "fraternity" and not all of them are bad. I'm talking about the abusive frats that (a) cover up disgusting and almost invariably illegal behavior by well-connected, privileged men, (b) disburse connections from the upper class into its next generation, and (c) are heavily responsible for the injection of bro types into the VC-funded founder ranks.
There's a wide spectrum of "fraternity". Just look at initiations. There are some where initiation is being driven 5 miles off-campus and having to find your way back, and others where it involves bodily fluids, physical abuse, and dangerous levels of alcohol.
When people complain about "frat boys" or "bros" infesting the Valley, we're not talking about guys who like to drink occasionally or streaked a football game, because none of that's a big deal. No one has a problem with an occasional game of beer pong. We're talking about entitled, well-connected people (e.g. the Spiegels and Duplans of the world) who've lived for decades in a world where there are absolutely no consequences for their actions.
It comes out of the culture of co-funding. If you claim to VC Tom that you have other interest from VC Bob, Tom is going to call Bob and believe his word over yours, which is morally wrong. It means that they're colluding rather than competing, which means they fund (or decline to fund) as a group.
That gives VCs lasting power over founders' reputations and their companies. They're no longer passive investors, but actively able to turn off interest in other firms that ought to be competitors. Which means that VCs are no longer competing for deals, but colluding as a group and competing against founders.
Obviously, the extortion is rarely explicitly spelled out, but it's implied in the ability to "pick up a phone" and blackball a founder.
It left behind lots of text files giving you instructions and an address you can access via Tor. When you went to that address, there was a web app to allow you to upload an encrypted file to confirm if it was Cryptolocker. If you pay the ransom, they would send their "decrypter tool" that had the encryption key embedded in it.
The real criminal breakthrough, in my opinion, is that all of these utilities worked. When people are able to do some research and find out that if they pay up, they really will get their stuff back, often times they will pay up. It's certainly very disturbing.