Mobile
12/7/2013
09:06 AM
50%
50%

China Slams Bitcoins: What's Next?

Chinese central bank prohibits the country's financial institutions from touching bitcoins, but plans regulation. Cue further trouble for the crypto-currency?

The value of bitcoins dropped 30% Thursday after the People's Bank of China and five other Chinese government ministries banned the country's financial institutions from handling the currency.

China's central bank issued a notice (naturally, in Chinese) that prohibits all Chinese financial and payment institutions from conducting any business using bitcoins, buying or selling bitcoins, or allowing products or services to be priced in bitcoins, and said that insurance would not cover any losses related to bitcoins.

Potentially adding insult to injury for the crypto-currency crowd's injury, China also said that because bitcoins lack "legal status and monetary equivalent," it wouldn't even deign to call the virtual payment system a currency.

After the Chinese central bank released its statement, the value of a bitcoin dropped to $870 on MtGox, the world's biggest Bitcoin exchange. That was down from this week's high of $1,240, but still well above the currency's all-time low of $1 in 2011. But by Friday, bitcoins had regained some of their value, trading at around $1,000.

[Bitcoin users: Beware attackers targeting passwords and other data. Read BitCoin Password Grab Disguised As DDoS Attack.]

Does China's stance on bitcoins signal danger for the crypto-currency? In fact, China didn't fully outlaw bitcoins. Rather, in what might be seen as akin to its approach to gambling, the government intends to regulate them. Notably, the central bank said that any site that wants to handle or process bitcoins must first register with China's telecommunications authorities, comply with anti-money laundering obligations, identify all users, and report any suspicious transactions. In short, Chinese authorities have prohibited bitcoins from being used anonymously.

China's central bank also warned that using bitcoins carries enormous risks for "ordinary investors," including a large degree of volatility, owing to a 24-hour trading window and a lack of built-in price limits. The bank further criticized the payment system's anonymity and lack of geographic restrictions, saying that made it an ideal vehicle for money laundering and financing terrorism. It also cited evidence that bitcoins were being used to finance drugs, firearms, and other criminal activities.

The bank also highlighted the risk of Bitcoin users being "exploited by criminals" and other unscrupulous -- or just clueless -- organizations, including bogus Bitcoin trading sites, as well as Bitcoin exchange operators who failed to implement proper information security controls.

When it comes to how governments view the Bitcoin phenomenon, Chinese officials' views aren't outliers. "It's a bubble," former Federal Reserve chairman Alan Greenspan told Bloomberg this week, effectively dismissing the virtual money. "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can."

Similarly, Nout Wellink, the former president of the Dutch Central Bank, this week likened Bitcoin hype to the tulip mania in the early 1600s, when volatility in tulip bulb prices lead to a single bulb reportedly selling for 10 times the annual average wage of a skilled craftsman, threatening to topple the entire monetary system of some other European countries, including Great Britain. When the tulip-fueled speculative bubble burst, however, some people were left holding contracts for tulips valued at ten times what they were worth on the open market.

"Bitcoins are worse than the tulip mania," Wellink said (in Dutch). "Then, you at least got a tulip. Now, you get nothing."

Some users of bitcoins have learned that lesson the hard way. As the value of the currency has continued to rise, so has related interest from the cybercrime set. That includes the gang behind the Citadel banking malware, which was recently upgraded to capture screenshots if users browse to one of a number of virtual money sites, including not only stalwarts webmoney.ru and perfectmoney.com, but also bitcoin.org, mining.bitcoin.cz, and other Bitcoin trading and mining sites.

"In addition to this new Citadel variant, Trusteer's security team has observed an increase in the number of forum posts of members looking for help in targeting a Bitcoin related site while some cybercriminals are also asking for Bitcoin users' email databases," said Trusteer's Etay Maor Thursday in a "Bitcoin: a Platform or a Target?" blog post.

Related attacks continue to occur. Earlier this week, for example, popular Bitcoin discussion forum Bitcointalk.org warned its 176,584 members that their usernames and passwords may have been compromised by hackers, who apparently used a distributed denial-of-service (DDoS) attack as a smokescreen.

That followed another DDoS attack being used to hide a heist last month against Denmark-based Bitcoin payment processor Bitcoin Internet Payment System (BIPS) -- resulting in the theft of 1,295 bitcoins. Worth nearly $1 million at the time, the bitcoins had been stored in a free e-wallet service offered by BIPS. That led information security experts to recommend that anyone who uses bitcoins should never store them online, or perhaps on any Internet-connected system at all, given the ongoing risk of theft.

In October, meanwhile, two attacks against Australia-based free e-wallet service Inputs.io netted attackers about $1.3 million in bitcoins. The same month, a scam Bitcoin exchange set up in China tricked about 1,000 people into depositing bitcoins. But whoever was behind the site -- and the site itself -- disappeared in October, leaving someone about $4.1 million richer.

Even Bitcoin exchange MtGox was hacked -- via a SQL injection attack -- in June 2011, after which some senior members in the Bitcoin community claimed to have been offered the site's entire user database.

While the Bitcoin debate -- as Vice magazine summarized it -- often veers between "crypto-anarchist dreams" and "Ponzi scheme fears," for anyone who wants to use bitcoins without their wallets or payment processors being robbed, the overriding question remains: Can the Bitcoin ecosystem be secured?

InformationWeek 500 companies take a practical view of even trendy tech such as cloud, big data analytics, and mobile. Read all about what they're doing in our big new special issue. Also in the Information Week 500 issue: A ranking of our top 250 winners, profiles of the top five companies, and 20 great ideas that you can steal. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ariella
50%
50%
Ariella,
User Rank: Apprentice
12/8/2013 | 9:03:50 AM
Re:value of bitcoins
@virsiingh211 even at $680, it is still over quadruple what it was this past summer, so anyone who bought it back then still has a most impressive return on the investment. 
virsingh211
50%
50%
virsingh211,
User Rank: Apprentice
12/8/2013 | 1:32:23 AM
Re:value of bitcoins
I would not say threat to democracy but yes its increasing popularity has made Bitcoin, a kind of universal currency due to which China think that this can disturb image of natural currency. Also due to this act of China Bitcoin Price Index has dropped i.e. now the price of each bitcoin is just about $680.
samicksha
50%
50%
samicksha,
User Rank: Apprentice
12/7/2013 | 11:37:26 PM
Re:value of bitcoins
I dont understand why but is it that China feels, Bitcoin is threat to democracy, on other part Baidu (local serach engine) has stopped accepting Bitcoins, is it time for Google to join the Market.
Ariella
50%
50%
Ariella,
User Rank: Apprentice
12/7/2013 | 6:47:04 PM
Re:value of bitcoins
I'm surprised that Greenspan would assert, "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can." The basic definition of money is that it is a medium of exchange, a meaure of value, and a store of value. Intrinsic value has nothing to do with it. 
StephenR243
50%
50%
StephenR243,
User Rank: Apprentice
12/7/2013 | 3:13:03 PM
Securing BITCOINS
Well of course BITCOINS can be secured.  Diamond Circle offers a complete solution for obtaining and disposing of them.  Like any financial system security controls are essential and the methods of ensuring control require a form of centralisation from a trusted authority.

The decision by the Chinese Government is responsible because it seeks to force parties like ours to put in the right types of controls such as identifying and recording transactions.  Excluding the Banking system means that costs will be lower for our Merchants that accept Bitcoins for trade and exchange.

Our NFC readers allow our merchants to charge customers in Bitcoins, and to provide Bitcoin ATMs that can be used to issue new wallet tags as well as top up and withdraw funds from Bitcoin accounts.

The NFC tags can be affixed to the back of a mobile phone and are used to store the owner's Bitcoin balance and their private key. They are encoded using our proprietary technology which prevents a 'man in the middle' attack — where vital data is stolen or manipulated during transfer.

Merchants can then use a standard NFC reader attached to a PC to read a tag's balance and transfer the cost of a purchase from a customer's Bitcoin tag to their own account.

The software will automatically adjust the amount of Bitcoins the customer pays For example, if a coffee costs $3.50, the system works out how much $3.50 is in Bitcoins immediately and in your currency.

The NFC reader can also be used to load credit onto a tag. In this scenario a consumer may present their cash or credit card to a merchant, who transfers bitcoin to the consumer's tag.

The Bitcoin ATMs are designed to be installed in shopping centres as standalone units, enabling users to purchase NFC tags pre-loaded with their choice of Bitcoin balance as well as top up the balance on their existing tag by tapping it to the machine. The ATMs will accept payment for Bitcoins via debit or credit card and will also allow customers to withdraw Bitcoins stored on their NFC tag in the form of a cashier's cheque.

By using NFC devices which are low cost and flexible, we are able to offer users a simple and safe way of storing and transacting Bitcoin. In the case of a lost or stolen tag our web portal can be used by a consumer to cancel and transfer the balance to another tag.  The readers can be used at home also. 

Using Banking Level Security means that the issue of loss is negated.  It is unfortunate that Banks are excluded from this process, however non-banking organisations like ours are able to offer innovations which make dealing with bitcoins safe and secure. 

http://products.diamondcircle.net/collections/investors/products/diamond-circle-stock

 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?