Bitcoin for security? Operating Security (OpSec) is as effective as the idiot behind the keyboard. Powerful passwords make no sense when you leave your password stuck with a Post-it next to the computer.
Encryption is ineffective if you do not shut down your computer when you leave the keyboard. locked while you are unattended.
Even the most powerful lock in the world can not protect you with an open door.
Table of Contents
So with Bitcoin.
Many were the ones who believed, and believe that the coin currency could preserve their anonymity when conducting illegal transactions. This is true partially. Encryption transactions are generally more difficult to detect by online transactions with compatible currencies.
But bitcoin has never been anonymous. Every transaction is recorded and stored permanently in a place that everyone can see. And while blockchain listings do not reveal the parties involved, users often can do it themselves.
A recently published study (PDF) University of Qatar and Hamad Bin Khalifa University revealed how easy it is to reveal users behind these transactions. Qatar University Researcher Husam Al Jawaheri told Andy Greenberg of Wired:
The bitcoin back-up security is low. When things are logged on the blockchain, you can go back in history, uncover the information, to bypass the anonymity of users.
According to the study, anonymity is not as difficult to breach as you can imagine. Unlike Tor's specific investigations using the FBI to trap online pedophiles (2015), the new study is not based on flashy exploits designed to break anonymity in the TOR network. This method requires nothing more than a wallet address and Google's help.
Nothing more or less.
The researchers detected 1.500 hidden services (.onion pages) and collected 88 unique bitcoin addresses. They then detected about five billion tweets and a million pages of the BitcoinTalk forum to collect additional 4.200 and 41.000 (respectively) wallet identifiers.
Each of the pooled addresses associated with Twitter and BitcoinTalk contained identification information. And while this information is not always true (pseudonyms), it is something that gives researchers a good starting point.
For some, no further research was needed. Electronic IDs were often associated with real email addresses, social accounts, and sometimes even home addresses.
Here every OpSec dies.
BitcoinTalk, in particular, is a problematic service for users who want to keep their information private.
A publication by 2016 at Reddit revealed that the forum had sent messages to users informing them that some or all of their private messages had been given to the authorities as part of an ongoing investigation.
The page has also been hacked at least twice by 2013, and both hacks have resulted in the user's information being found in the Dark Web.
Using this data, researchers were able to connect 125 unique users with 20 Secret Services Tor. And while some were completely legitimate transactions, such as a donation to WikiLeaks, for example, the others were illegal transactions on websites like Silk Road.
It's not Nuclear Physics.
In 30 seconds, we managed to find a random wallet address and get a full history of its transactions. Overall, Daniel used his wallet twice earlier this year.
We do not know Daniel and we can not say if he was buying illegal goods from Dark Web. Just happened and the first wallet address we found on Twitter was its own.
But if any of these transactions fit into a drug dealer's wallet, Daniel could draw attention to the principles.
You know, search warrants at home, but also online and offline surveillance…
Posted in TNW