Risk

6/10/2011
09:59 AM
50%
50%

LulzSec Hackers Using Digital Currency: DEA Crackdown Soon?

The LulzSec hacker group has said it's receiving monetary support via a P2P digital currency, Bitcoins. Now Senators are urging DEA action on an illegal online drug sales site with a Bitcoins connection.

Two senators have called on the Drug Enforcement Administration (DEA) to shut down the online marketplace known as the Silk Road by seizing its domain name.

"Launched in February, this underground website allows users to hide their identities and freely purchase and sell illegal drugs, ranging from cocaine, heroin, ecstasy, and marijuana," said Senators Charles Schumer (D-N.Y.) and Joe Manchin (D-W.Va.), in a letter sent this week to Michele Leonhart, the head of the DEA, and attorney general Eric Holder.

Knowledge about the Silk Road went mainstream earlier this month, thanks to a Gawker profile. But shutting the marketplace down could prove difficult, since it can only be reached via the distributed, anonymized network known as Tor. Furthermore, the marketplace uses a seemingly random assembly of letters and characters as its URL, which means that, should that domain name get shut down, its operators could simply open up shop under a different name, publicizing the new URL via underground channels.

That said, one weak point would be Bitcoin transactions, since they're the only form of currency currently accepted by the Silk Road. Bitcoins are decentralized currency, created in 2009 by Satoshi Nakamoto, who also released open source software which powers the decentralized peer-to-peer network that runs Bitcoins.

Jeff Garzik, a Bitcoin developer, told Gawker that Bitcoins could expose the actual identities of Silk Road users, since law enforcement agencies, with enough time, could correlate network traffic with the publicly released--though anonymous--records of Bitcoin transactions, to identify actual users. Accordingly, "attempting major illicit transactions with Bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb," he said.

Bitcoins represent an interesting evolution in currency. As noted in an Electronic Frontier Foundation (EFF) analysis published earlier this year, "once the Bitcoin software has been downloaded, a user can store Bitcoins and exchange them directly with other users or merchants--without the currency being verified by a third party such as a bank or government," according to the EFF's activism director, Rainey Reitman. "It uses a unique system to prevent multiple-spending of each coin, which makes it an interesting development in the movement toward digital cash systems."

But she warned that the system is still a work in progress, and not entirely anonymous or secure. Interestingly, EFF had been accepting Bitcoins as donations, but in recent weeks appears to have ceased this practice, instructing potential donors that the organization prefers legal tender instead. As that suggests, the currency's legal status is unclear.

By May 2011, however, there were already 6.2 million Bitcoins in existence. As of June 10, the value of a Bitcoin was about $30, up from $0.06 in October 2010. The Bitcoin software's growth algorithm caps the the total number of Bitcoins in circulation at approximately 21 million, which developers don't expect to approach until 2140.

The LulzSec hacking group, which reportedly split off from Anonymous and has been steadily hammering Sony websites, as well as PBS, InfraGard, and others, has also called for--and received--Bitcoin donations. According to a tweet released by the group last week, "by the way, we've received $110 in BitCoin donations and we just used some of it to buy a server with which to own things from."

Of course when it comes to purchasing illegal drugs, Bitcoins aren't the only currency. In fact, cash is much more anonymous. On that front, technological moves are afoot to help battle so-called pill mills, which involve doctors trading prescriptions for cash. For example, currently 98% of all doctors who prescribe oxycodone are located in Florida, according to a Thursday story in the Guardian, which said that the cash-for-prescriptions racket can earn a single physician up to $25,000 per day.

Accordingly, the American Society of Interventional Pain Physicians, among other groups, is pushing for a single, statewide database for recording all pain medication prescriptions, by physician, to help crack down on pill mills. The state's governor, Rick Scott, had resisted the plan, on cost and privacy grounds.

But according to recent reports, the Florida Senate is now weighing a related bill, backed by both Scott and the Florida House. In addition, Scott told a U.S. House of Representatives energy and commerce committee that he'd ordered the state to develop "a database focused on the patient level."

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabs,  11/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.