Light Dark
December 17, 2014 By Brooke Satti Charles 3 min read
Banking & Finance
Fraud Protection
Risk Management
Topics

Blockchain.info has increased privacy and security measures for all its users by becoming the second website in the world to receive a .onion address. Users now have the ability to access their Blockchain online wallets directly through the Tor network. This eliminates the need to leave the network to access online wallets and prevents transaction interception, theft and malware downloads.

Bitcoin

Bitcoin is an electronic cryptocurrency used to purchase virtual and actual goods and services. It is not contractually backed by assets or legal currency laws, is not controlled by a central authority and is not a tangible good. Bitcoins can be sent to anyone with an Internet connection.

Blockchain

Blockchain.info states that Blockchain is a public ledger of all transactions that take place in the bitcoin network. The website displays a running list of all bitcoin activity and began as a way to show users’ activities and transactions. Additionally, Blockchain now offers a Web-based bitcoin wallet service.

Tor

The Onion Router, also known as Tor, is a free software service that lets users surf the Internet anonymously and without censorship. It was created to protect U.S. intelligence communication channels over the Internet. After some time, the code was released to let private citizens and nongovernmental organizations communicate outside of countries that may have surveillance or censorship rules.

The term “Onion Router” refers to layers of encryption similar to the multiple rings of an onion. Tor works by encrypting all original IP information as well as the destination IP address. According to TechRepublic, Tor uses a minimum of three servers to pass traffic on, each of which is encapsulated by its own layer of encryption. Each server only identifies the IP that sent it the packet, limiting packet and traffic visibility from node to node. Only the final server knows the destination of the user’s online traffic, maintaining the anonymity of the user.

Blockchain.info and Tor

Only two companies in the world have received a SSL certificate for a Tor address: Facebook in late October 2014 and Blockchain.info in early December 2014. Many bitcoin enthusiasts see this as a major accomplishment for privacy and security specific to Web-based bitcoin wallets. There have been many reports of individuals with Blockchain.info wallets having their bitcoins stolen while making transactions on the Tor network. It is believed that man-in-the-middle (MITM) attacks were targeting Blockchain.info transactions running on infected Tor exit nodes. MITM attacks hijack communications between two systems by intercepting a public key exchange, injecting their own public key and retransmitting the message unbeknownst to the original user.

CryptoCoinsNews states that the MITM attack vector involved stripping the SSL from the website, which results in the user being on a HTTP instead of a HTTPS page. The newest version of the Tor browser will display a yellow exclamation point if the browser is no longer displaying a valid SSL certificate. Many casual Tor users that do not understand the known security flaws associated with rogue exit nodes have fallen victim to this exploit.

The Blockchain.info Tor address has a 10-digit address, blockchainbdgpzk.onion#sthash.0X1PXctz.dpuf. Additionally, Tor Web addresses are developed in a similar method to bitcoin addresses through encryption and public keys that generate a random grouping of numbers and letters. These increased security measures make it extremely hard for cybercriminals to steal bitcoins since all transactions can be conducted from within the Tor network and no exit relays are needed to access Blockchain online wallets.

Yet another reason why bitcoin enthusiasts will rejoice is that prior to Blockchain.info getting its .onion certificate, individuals using bitcoins on the Tor network were at a higher risk of having their identities exposed. In fact, reports indicate that this was happening by way of government-sponsored cyberattacks. According to Josh Pitts of Leviathan Security, a Tor exit relay based in Russia has been compromised for an unknown length of time. This exit relay was injecting malware into computers of users who were downloading programs through the Tor network by modifying legitimate files and applications with malicious binary.

Analyst Comments

A positive outcome from the creation of a .onion or hidden service for Blockchain.info is that bitcoin users do not need to go through an exit relay to access their bitcoin wallets — all transactions remain within the Tor environment. This greatly reduces MITM attacks and makes it harder for bitcoin users’ identities to be exposed within the Tor environment.

A negative outcome from the creation of a .onion or hidden service for Blockchain.info goes back to all nefarious dark Web activity. The Tor network lets users travel into the dirty underbelly of the dark Web. The additional anonymity and security measures associated with Blockchain.info will make it exceptionally difficult to trace bitcoins back to the individuals making the transactions. It is currently possible in some instances to trace an IP address of a computer used to make bitcoin transactions, especially if the IP address is static. It becomes increasingly difficult and nearly impossible to trace an IP address being used on the Tor network because they move to different relays and display many IP addresses and locations. This becomes problematic when the transactions are for illegal goods and services, such as drugs, human trafficking, child pornography and hit men for hire.

Image Source: Flickr

 |  |  |  |  |  |  | 
Brooke Satti Charles
Financial Crime Prevention Strategist, IBM Security

More from Banking & Finance
March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

March 7, 2024

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

January 26, 2024

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature