Wednesday, 21 August 2013

Bitmessage crackdown?

A message from Big Brother?

I started using Bitmessage yesterday, and it didn't take long before I witnessed a possible Big Brother interference of the network. Of course, this is only speculations, but in light of what has been revealed over the last weeks you have to be naive not even thinking of the possibility that Big Brother would ta actions to know whom are using Bitmessage.

Everyone on Bitmessage has received a message on the following format:

Bitmessage has several potential security issues including a broken proof of work function and potential private key leaks.

Full details:
http://secupost.net/2606120940/bitmessage-security

A message written to trick users into clicking on the link.

And every address on Bitmessage did receive a unique URL, like:
http://secupost.net/3240982275/bitmessage-security
http://secupost.net/760979548/bitmessage-security
http://secupost.net/4224282573/bitmessage-security
http://secupost.net/4278472862/bitmessage-security
http://secupost.net/1189531455/bitmessage-security

Following the URL you would only get a "500 Internal Server Error page":


The source code of the page.

The domain secupost.net was registerred yesterday:


The site secupost.net might have been setup by Big Brother to do a mapping in between BM addresses and IP addresses, and to get an overview of whom are using the encrypted messaging network Bitmessage. To avoid traps like these it is a very good rule to never open links received from people you don't know, and to always use TOR for the anonymity, with JavaScript disabled by default (and of course not have Flash or Java running / installed either).

Related posts
Atheros:
All pubkeys for all addresses are published except those for chans (assuming all of the humans join the chan correctly using the menu option rather than using "Regenerate Deterministic Addresses"). It is very plausible that it is someone attempting IP address correlation which would involve sending out a lot of messages which would explain the current spike in the number of messages in the network.
https://bitmessage.org/forum/index.php/topic,2964.0.html

50404:
The website is not working, was it ever up?
I assume this is some sort of trap to find out more (IP, browser, etc) from the corresponding bitmessage ID?
http://www.reddit.com/r/bitmessage/comments/1krss6/bitmessage_is_broken_i_am_receiving_messages_on/

geofflosophy:
I have now received it at all 8 of my addresses, only one of which I've ever given anyone. Maybe it's the NSA trying to link public keys to addresses when you open the link... Good thing I use a VPN.
https://bitcointalk.org/index.php?topic=278757.0

varys:
This also leads me to wonder if the error 500 pages are really related to a resource issue as I previously speculated. It could be that the server was intentionally misconfigured and the plan all along was to log the incoming IP addresses next to the URLs of the incoming connection attempts, which can then in turn be correlated to BM addresses.
https://bitmessage.org/forum/index.php/topic,2963.0.html

UPDATE [13.08.23]
Mr "Robert White" was behind the "attack" (message from secupost.net and Bitmessage):
-- -- --
This message is also available at http://secupost.net

Alright, the messages sent out a few days ago are starting to expire now. It's time for everyone to learn what the purpose of secupost.net is.

As many of you guessed, this is indeed a Bitmessage address to IP address mapper. Yes, the only thing that webserver would send was a 500 message.

It did alright too, gathering nearly 500 bitmessage users information after sending 15000 messages. Double what I expected.

I've included both a log of each address detected and the first thing to hit it including IP, reverse DNS and useragent as well as raw logs for every valid request. If you need to confirm this signature so you can verify messages from me when bitmessage is down, please see the bitmessage general chan for a copy from my bitmessage address.

So, future lessons:
- - - Yes, all bitmessage addresses are public and can be read from your messages.dat file using a small script.
- - - Don't click links. Even if it looks like a security-related site and uses some technical terms. I am not a nice person, I will publish any information I can gather about you and I don't care if you get lit on fire by terrorists because of it.
- - - Bitmessage does _not_ scale. It took me around 3.5 hours to send ~15k messages but it took the bitmessage network over 18 hours to fully propogate them.

Some of you were smart enough to use tor or VPN providers, but many of these are direct home or server IPs. The information below is more than enough for any government to come after you or any script kiddie to DDoS you. Be more careful next time.

Some of you tried to use scripts to claim addresses which weren't yours and skew the data, of course, you didn't even change your user-agent. 

Even without accouting for that your attacks were ineffective because the IDs were generated in a non-linear fashion using a cropped HMAC-SHA256. To find your id:

def gen_mac(addr):
mac = hmac.new("fuck you", addr, hashlib.sha256).digest()
return unpack('>I', mac[0:4])[0]

This simple deterministic method means that you would have had to try... (2^32/15000)/2 = 143165 times on average just to get a single collision. Thanks for playing, but no luck this time.

This service has been operated completely anonymously thanks to Tor and Bitcoin. I hope you enjoy the result.

Robert White (BM-2D8yr4fzoMzwndqPwLMVyzUcdfK9LWZXjY)


And here is one response from a Bitmessage user:
-- -- --
Thought #1, thanks asshole (Robert White (BM-2D8yr4fzoMzwndqPwLMVyzUcdfK9LWZXjY))
Thought #2, you aren't as smart as you think you are.  Some of us took precautions that you haven't even considered.  At least I did, and my spoofed records appeared in his list.
Thought #3, the conclusions are not supported by the facts.  ("does _not_ scale")
Thought #4, my infant son can't get a job.  He does not scale.  He needs to be terminated.
Thought #5, be part of the solution, not part of the problem.
Thought #6, did I mention Robert White is an asshole?


And here is the code on GitHub:
-- -- --
Bitmessage Proof Of Work optimizations including OpenCL and C based PoW code.

5 comments:

  1. use http://goldbug.sf.net

    ReplyDelete
    Replies
    1. > http://goldbug.sourceforge.net/

      ( SECURE INSTANT MESSENGER: Chat, EMail & e*IRC )

      Delete
  2. So is the system broken or does it need to be refined? Is BitMessage Open Source? Wikipedia is lacking a page for a list or comparison of p2p/encrypted chat programs.

    ReplyDelete
    Replies
    1. The example above doesn't prove that the system is broken. However it shows that you should never open a link from a sender you do not know. That it is possible to get all addresses on the network is not a good thing though. Spam can quickly become a problem, and the network load might be very high if a lot of messages are being sent to everyone. But as the addresses are the public ones I'm not sure how that can be prevented. Someone else with more knowledge in this protocol will have to fill me in.

      Bitmessage is open source, and the code can be reviewed here:
      https://github.com/Bitmessage/PyBitmessage

      Delete
  3. The problem is fixed on the last version v0.4.0

    ReplyDelete

Allowed HTML tags:
<b>bold</b>
<strong>strong</strong>
<i>italics</i>
<em>emphasis</em>
<a href="">hyperlink</a>


Please, show the courtesy of identifying yourself when adding a comment. Anonymous comments will, most likely, be removed.