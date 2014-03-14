By Jeremy Wagstaff
| SINGAPORE, March 14
SINGAPORE, March 14 Criminals may already have
made off with up to $500 million worth of bitcoins since the
virtual currency launched in 2009 - and you can double that if
it turns out they emptied Mt. Gox.
Internet criminals, security experts say, are attracted to
bitcoin because of its stratospheric rise in value, because it's
easier to steal than real money, and because it's easier to
trade with other criminal elements. But, they add, bitcoin will
survive the damage.
"It's just growing pains," says Keith Jarvis, a security
researcher at Dell SecureWorks. "Bitcoin is large enough and has
enough momentum behind it to survive any public relations damage
from this (Mt. Gox) case or anything else."
The fall of Mt Gox, the Tokyo-based exchange which filed for
bankruptcy last month after saying it lost some 850,000 bitcoins
to hackers, is certainly the virtual currency's
biggest crisis.
But data collated by Reuters from specialist bitcoin
industry websites and internet forums shows that more than
730,000 bitcoins were already missing to theft, hacking,
cyber-ransom payments and other apparently criminal pursuits
before Mt. Gox's collapse. That's nearly 6 percent of all
bitcoins, and doesn't include dozens, possibly hundreds, of
unreported cases of individuals who have lost bitcoins from
their computers or online exchanges to hackers.
For sure, there's no way of telling who has these missing
bitcoins, or whether they were converted to real money when the
price was much lower. And of course some bitcoins may have been
counted twice if criminals stole them from each other or they
were put back into circulation and stolen again.
But there's no question that bitcoins have attracted the
attention of cyber-criminals - as a currency and an asset worth
stealing.
BEWARE MALWARE
A study by Pat Litke and Joe Stewart of Dell SecureWorks
showed that as the price of bitcoin soared beyond $1,000 last
year, so did the number of viruses designed to steal bitcoins
from wallets - programs that hold bitcoins on user's computers
or smartphones. Of the 140 types of such software more than 100
appeared in the past year.
Writing such viruses, says Stewart, is easy. "There's no
sophistication involved in the storage of bitcoin in wallets. As
for malware, it's some of the easiest stuff to write."
Indeed, this cyber-pocket picking wasn't criminals' first
foray into bitcoins. Initially, they focused on using their
control of large networks of infected computers - called botnets
- to make their own bitcoins.
Bitcoins are created through a 'mining' process where a
computer's resources are used to perform millions of
calculations. For a while, says Kirill Levchenko, a researcher
at the University of California, San Diego, criminals added
malware to their botnets to turn infected computers into bitcoin
miners.
This triggered predictions of doom for bitcoin - that the
criminals would take over the mining of bitcoin through botnets
and bring the whole currency crashing down. But as bitcoins
become harder to mine - according to an algorithm that slows
down their production the more people try to create them - this
approach has proven less profitable.
In 2012-13, says Danny Huang, another researcher at the
University of California, San Diego, they earned at least 4,500
bitcoins, a relatively small sum compared with the total
produced. "Few botnets are mining bitcoins now," he said.
Instead, they've turned to stealing them from wallets, or,
more lucratively, from exchanges.
According to data compiled last year by academics Tyler
Moore and Nicholas Christin, of 40 exchanges tracked 18 had
closed, with customer balances wiped out in many cases - not
always, they point out, due to fraud. Since then, according to
public reports, more than a dozen others have been hacked.
CURRENCY OF THIEVES
Cyber-criminals have also made use of the ease with which
bitcoins can be traded without any third party - such as a bank
or online payments service like PayPal - to use it as at least
one way of paying for services between themselves.
"Bitcoin made it much easier for them, because they have to
trust each other even less. Even complete strangers can
cooperate," said Juraj Bednar, a bitcoin security expert in
Slovakia.
But while bitcoin has its advantages, it's not a perfect
tool for the bad guys.
Take, for example, ransomware. Viruses which encrypt users'
data and then demand payment for a key to unlock it have become
increasingly sophisticated, says Dell Secureworks' Jarvis.
The most successful: CryptoLocker, which Jarvis believes is
run by a Russian-speaking gang who are also behind a botnet
called Gameover Zeus that targets financial websites.
Bitcoin often appears on CryptoLocker as an option for
victims to pay up. Its appeal, says Bednar, lies in the fact
that it needs no third party for the transaction to work.
But there have been problems. For one thing, the type of
user to be infected by a virus wasn't likely to be the type who
is technologically savvy enough to be familiar with bitcoin.
Also, as bitcoin rose in value, it has become a more expensive
option for the victim, forcing the criminals to lower their
bitcoin ransom demands to match prevailing exchange rates.
TRACING TRANSACTIONS
Then there's bitcoin's transparency. All transactions are
visible, and while they're just digits and letters, in theory
they could be connected to an individual and the entire history
of all the bitcoin's transactions traced.
Italian computer engineer Michele Spagnuolo, for example,
was able to trace a number of ransom payments for CryptoLocker.
The gains have been impressive: he and academics from
Politecnico di Milano speculate that up to 6,757 bitcoins - then
worth around $6 million - could be linked to those behind
CryptoLocker late last year. That estimate of their total
takings, he says, could be very conservative.
But the fact that such payments can be traced would raise a
red flag for cyber-criminals, says Daniel Cohen of RSA, the
security division of EMC Corp, even though there are
online services that can "launder" bitcoins to hide their
origin. "Sure, there are bitcoin laundering services, but still
if I tie a wallet to an identity I can see every single
movement," he said.
And, ironically, the success that some criminals have had in
stealing bitcoins has made it less appealing to the
underworld. RSA's Cohen says his team monitoring underground
forums has noticed criminals lately see bitcoin as "volatile,
seizable and, with the recent thefts, unsafe."
FIXES NEEDED
That's not to say bitcoin is out of the woods.
While the protocols underlying bitcoin have proved
themselves to work, the weak links have been the software
containing the wallets, whether on exchanges or on individuals'
computers.
"The attacks on the exchanges did not in themselves indicate
any particular weakness of bitcoin per se, but rather exploiting
vulnerabilities within the exchanges," says Raj Samani of Intel
Corp's internet security company McAfee.
Such holes are being addressed, says Dell Secureworks'
Stewart, pointing to such innovations as hardware wallets to
replace software ones. "We're just going to have to get into
that mode of thinking," he says.
For now, bitcoin users remain a vulnerable target.
That was illustrated when hackers breached Mt. Gox's servers
and its owner's blog this week to post files purporting to be
Mt. Gox's transactions in bitcoin stretching back to 2011.
Amid the files lurked another surprise awaiting the unwary:
a bitcoin-stealing virus.