[blorgle]

This is some serious FUD, pretty standard for Newsweeks bitcoin reporting, which included harassment of Dorian Nakomoto.

This is probably an unpopular opinion on HN, but let's face it, P2P protocols like bitcoin are relatively easy to disrupt for nation state actors, especially the US!

For a relatively small cost, the blockchain could be flooded with bogus junk to DoS. The bootstrap mechanism could easily be MITMd to netsplit new nodes. Those are just technological mechanisms off the top of my head, which assume a perfect hypothetical cryptocurrency with none of the teething problems that all of the actual cryptocurrencies have.

ISIS could come up with "Terrorcoin" (which is the underlying vague threat of the article) but without any mechanism to transfer those coins to a fungible real world currency, it's useless anyway.

Go home Newsweek, you're drunk.

[Pica_soO]

Eh, the islamic state and the likes of them dont need a bitcoin. They allready have the islamic informal banking system, which is basically - "I entrust you this money, my cousin in this or that place can withdraw that money from your family" https://en.wikipedia.org/wiki/Hawala

Its very hard to track and certainly non-human SIGINT proof. If anyone on the planet wants those guys to pick up a systematic trackable crypto-currency, its the secrect services.

[riprowan]

You should consider by how much bitcoin or some similar crypto could strengthen the Hawala system. It's a marriage made in heaven.

[Pica_soO]

The really troubling property from a secret service point of view of this whole system is, that there is no interest in Islamic banking. Thus, you can not derive from the nature of transfers, whether they are business related.

Business related deposits would usually aggregate where the most interest can be gained. Thus unmoving fortunes become "suspicious".

In addition, this system partially prevents the usual corrupt bankers, letting unguarded illegitimate or frozen "fortunes" vanish. There are no courts for dictator money lost during a government upheaval. Of course this is idealizing the thrust-persons.

[AlexCoventry]

> This is some serious FUD, pretty standard for Newsweeks bitcoin reporting

Newsweek has been a tool of US propaganda for a very long time.

  From his first days in power, Allen Dulles polished the public image of the
  CIA, cultivating America's most powerful publishers and broadcasters, charming
  senators and congressmen, courting newspaper columnists.
  
  He found dignified publicity far more suitable than discreet silence. Dulles
  kept in close touch with the men who ran The New York Times, The Washington
  Post, and the nation's leading weekly magazines. He could pick up the phone
  and edit a breaking story, make sure an irritating foreign correspondent was
  yanked from the field, or hire the services of men such as Time's Berlin
  bureau chief and Newsweek's man in Tokyo. It was second nature for Dulles to
  plant stories in the press. American newsrooms were dominated by veterans of
  the government's wartime propaganda branch, the Office of War Information,
  once part of Wild Bill Donovan's domain. The men who responded to the CIA's
  call included Henry Luce and his editors at Time, Look, and Fortune; popular
  magazines such as Parade, the Saturday Review, and Reader's Digest; and the
  most powerful executives at CBS News. Dulles built a public-relations and
  propaganda machine that came to include more than fifty news organizations, a
  dozen publishing houses, and personal pledges of support from men such as Axel
  Springer, West Germany's most powerful press baron.
  
  Dulles wanted to be seen as the subtle master of a professional spy service.
  The press dutifully reflected that image.

p. 88 of Legacy of Ashes

https://books.google.com/books?id=UlCPDQAAQBAJ&printsec=fron...

[jerguismi]

> For a relatively small cost, the blockchain could be flooded with bogus junk to DoS. The bootstrap mechanism could easily be MITMd to netsplit new nodes. Those are just technological mechanisms off the top of my head, which assume a perfect hypothetical cryptocurrency with none of the teething problems that all of the actual cryptocurrencies have.

I don't disagree the article, but these example attacks sound pretty bullshitty to me. I don't think it is that trivial to attack cryptocurrencies in a meaningful way, so that actually it would be something else to the government than spending some money on pointless harm.

[hellbanner]

Well, it depends on how much more computing power a hypothetical nation-state has at its reserve compared to the rest of the world. I wish I could find the paper analyzing the possibilities of attacking with less than 51% power, 33% IIRC but in lieu of that, check this out:

http://bitcoin.stackexchange.com/questions/1037/what-can-xxx...

And Quantitative Analysis of the Full Bitcoin Transaction Graph https://eprint.iacr.org/2012/584.pdf which analyzes how lots of Bitcoin accounts are seemingly controlled by the same group (so they are closer to a 51% attack than would otherwise appear).

And there is always the possibility of 0days eg the Replay Attack in Ethereum https://medium.com/@timonrapp/how-to-deal-with-the-ethereum-...

[voxic11]

Wouldn't bitcoin respond to such an attack by just finally implementating a proof of stake protocol on top of their proof of work one?

[hellbanner]

I'm not sure, but any implementation needs to be accepted by the vast majority of miners for it to work.

[CamperBob2]

ISIS could come up with "Terrorcoin" (which is the underlying vague threat of the article) but without any mechanism to transfer those coins to a fungible real world currency, it's useless anyway.

The concept of hawala makes this prospect somewhat more interesting than it may seem at first. You don't need to convert to fungible currency if the blockchain is merely used to keep track of who owes what to whom.

[drvdevd]

Yeah I wondered about all these points as well. I think the real danger would appear only if people in the real world started actually accepting or desiring payment in these anonymous forms in lieu of actual money...?

[edit] like especially normal people and not just Terrorists or Criminals

[emp_zealoth]

With more and more negative interest rates, or attempts to lock down on how money is used (total removal of cash for example) on the horizon I think governments are quite right to fear bitcoins or any other currency that would let people get out of the attempts to "walled garden" finances

[drvdevd]

I think this is probably correct, actually.

That and the mass adoption of cheap, handheld, and powerful computers with easy user interfaces and lots of short range wireless peripherals...

Imagine being able to pay your bar/coffee/restaurant/hotel tab with NFC or something, exchanging whatever virtual currency units, as an expected social norm.

[icebraining]

I can already do that with my contactless debit card. That's not an advantage of Bitcoin.

[drvdevd]

The point isn't the just the payment mechanism but the network it connects back to plus the payment mechanism.

[edit] to clarify: if vendors actually accepted (something like) bitcoin at restaurants or wherever, this would cut out the banking middle man entirely. Also we already collectively have the tech to do this now.

[mywittyname]

These vendors still need to access fiat currencies to pay wages, rents, taxes, suppliers, etc. Until workers, landlords, governments, and suppliers begin accepting BTC, there's no incentive for vendors to take on the risks of accepting BTC.

[riprowan]

> For a relatively small cost, the blockchain could be flooded with bogus junk to DoS.

It's certainly possible for a government to pay to consume the available space in a blockchain with a very small capacity limit such as Bitcoin has, but I think you miss the very important dynamics that undermine this attack vector - namely that such an attack is a wealth transfer from the attacker to the defender. This is antifragility at its finest.

Let's say that some acronym-agency decided to "spam" the blockchain as you suggest.

The result would not be a "DoS-like" disruption to the mining or node network itself, but just an increase in the cost to make a transaction (we've seen this in the so-called "spam attacks" on the Bitcoin blockchain in the last year). Beyond a certain transaction cost, the demand for space in the blockchain will just diffuse to a competing crypto with cheaper transactions and be harder to trace. Oops.

Moreover, in the meantime, the attacker is simply transferring his wealth to the miners in the form of artificially high fees. The miners will happily accept the attackers money and use it to build more mining capacity. If blocks stay full, eventually miners will decide to mine larger blocks, raising the cost of the attack. How polite of the attacker to pay the mining network to build out capacity to handle his attack!

The result is that all the activity you hoped to suppress just diffuses to other cryptos and becomes harder to track. Meanwhile the attacker is subsidizing a better mining network. That's a bad attack.

Relaxing (or removing) the block size constraint doesn't help the attacker. With a higher constraint, the attacker must spend more to fill up the blockchain, raising the cost of the attack and increasing the wealth transfer from the attacker to the miner.

Bitcoin clients like Bitcoin Unlimited that would make the limit a dynamic variable create a whole new wrinkle for the attacker: because such a limit is an emergent network property, the attack cannot even really be accurately planned or budgeted - the attacker literally has to hit a moving target.

But let's say our attacker doesn't care about plan or budget. As the attacker fills space on our "Unlimited" blockchain, blocks could bloat to the maximum size tolerated by a supermajority of the node network - the "emergent" blocksize limit. This is exactly the same size the "preplanned" blocksize limit would eventually ratchet up to in a sustained block-filling attack, the only difference is the mechanism used to raise the limit.

IOW, if you think this "spam attack" through - regardless of the block size limit - the network will automatically adjust to make the cost of the attack as expensive as possible, minimizing the disruption to normal users and maximizing the wealth transfer from the attacker to the miner.

The fact that blockchain "spam attacks" are actually wealth transfers from the attacker to the mining network is the primary reason why these events cannot even be correctly viewed as "attacks" - these are paying customers!

A blockchain spam attack is exactly like trying to shut down Starbucks by planting a million stooges at every store to purchase lattes so that regular customers can't shop there. Starbucks gets rich from all the money the attacker is feeding it, and organic demand for coffee just shifts to other stores.

TL;DR I think there's no such thing as a blockchain spam attack - the worst that an attacker could do might be to raise transaction prices on the Bitcoin blockchain and keep them artificially high for long enough that demand for Bitcoin transactions eventually collapses and (counterproductively for our attacker) goes to other cryptos.

[hulahoof]

A blockchain spam attack is exactly like trying to shut down Starbucks by planting a million stooges at every store to purchase lattes so that regular customers can't shop there. Starbucks gets rich from all the money the attacker is feeding it, and organic demand for coffee just shifts to other stores.

Great comparison IMO

[riprowan]

Thank you. Someone should point this out to the people developing Bitcoin :(

[SomeStupidPoint]

The US, China, et al would likely be able to blackhole most of the Bitcoin network packets on the backbone and definitely could simply take down the network with a traditional DoS. Ever won a fight for bandwidth with your upstream router?

The real question is whether they could use protocol or cryptography weaknesses to break it with less effort. Something like a weakness in the hash or signing methods could allow them to disrupt the network state in a basically unrecoverable way with many fewer packets and not requiring a persistent attack.

[zrm]

The problem with that attack is that Bitcoin is not very high bandwidth which makes it easy to put behind an anonymizer.

You could DoS the anonymizer but now you're into large collateral damage and the anonymizer may not be in a country where your agents control the backbone.

[SomeStupidPoint]

I agree you could harden a cryptocurrency, I was merely pointing out that Bitcoin is not. (And would require reaching consesus or having a fork to become one.)

Further, Im not sure that there's an anonymization network that could sustain being the consensus network backbone without also leaking the information to a pervasive, persistent adversary.

Things like TOR likely can already be penetrated by the US or China or Russia, and things like FreeNet are likely too slow to reach global consesus fast enough to prevent diverging chains.

Also, DoSing the network doesn't require you deanonymize them, merely that you can fill most of their anonymous routes with traffic (or that you can drop packets along them). This is problematic, because the network fundamentally must publish routes. The underlying architecture isn't meant to operate in truly adverse conditions.

[zrm]

> I agree you could harden a cryptocurrency, I was merely pointing out that Bitcoin is not. (And would require reaching consesus or having a fork to become one.)

You're treating Bitcoin as a black box.

The thing people care about forking is the blockchain. The DoS problem is the network transport. They're independent pieces. You could add a new hardened transport without forking the blockchain or even discontinuing the existing transports. Everyone would just naturally start using the hardened transport if the attack materialized.

> Also, DoSing the network doesn't require you deanonymize them, merely that you can fill most of their anonymous routes with traffic (or that you can drop packets along them). This is problematic, because the network fundamentally must publish routes. The underlying architecture isn't meant to operate in truly adverse conditions.

An anonymity service needs to be resistant to censorship. In one sense that means having a lot of bandwidth, but it also means having some political support. A government may have the technical capacity to launch a large DoS attack but it can't do that if the target servers are in a non-pushover country that would take the attack as an act of aggression.

And penetrating an onion routing network in this context is non-trivial. The three main categories of attack are implementation bugs in the endpoints, an adversary operating a large number of relays, and timing correlation by a global adversary. But the first group are inherently temporary and there are fewer of them when the endpoint is not a web browser with ten million lines of code. The second can be mitigated by not choosing relays in adversarial countries. And the third can be mitigated for low bandwidth services by using a fixed low bitrate and sending padding when there is no data.

[riprowan]

> DoSing the network doesn't require you deanonymize them, merely that you can fill most of their anonymous routes with traffic

At best if you're "successful" then you merely take all the current Bitcoin users and scatter them into a hundred different competing and more anonymous cryptos. Oops.

In the south we have fire ants. The thing about fire ants is that if you disrupt the nest you had better kill them all, because if you mess with a nest today, in a few days you'll have 5 nests to deal with. And so on.

Crypto is like fire ants in this regard.

[SomeStupidPoint]

1. The strength of a currency is its ability to be exchanged, so forcing them onto several (possibly themselves compromised) networks increases transaction costs and changes the economics significantly. Similarly, hardened networks likely impose additional overhead. Finally, smaller networks are easier to perform 51% attacks on. If you can break it in to 10 networks, you only need 1/10th the power to 51% them each in turn.

2. My point was about the strength of the bitcoin network as it stands. And I think you agree that it's both vulnerable and non-trivial to fix, so Im not actually sure what your point is.

[riprowan]

Sure, there might be other avenues of attack, but filling up the blockchain as OP suggested isn't a good one.