Risk
6/10/2011
09:59 AM
Connect Directly
RSS
E-Mail
50%
50%

LulzSec Hackers Using Digital Currency: DEA Crackdown Soon?

The LulzSec hacker group has said it's receiving monetary support via a P2P digital currency, Bitcoins. Now Senators are urging DEA action on an illegal online drug sales site with a Bitcoins connection.

Two senators have called on the Drug Enforcement Administration (DEA) to shut down the online marketplace known as the Silk Road by seizing its domain name.

"Launched in February, this underground website allows users to hide their identities and freely purchase and sell illegal drugs, ranging from cocaine, heroin, ecstasy, and marijuana," said Senators Charles Schumer (D-N.Y.) and Joe Manchin (D-W.Va.), in a letter sent this week to Michele Leonhart, the head of the DEA, and attorney general Eric Holder.

Knowledge about the Silk Road went mainstream earlier this month, thanks to a Gawker profile. But shutting the marketplace down could prove difficult, since it can only be reached via the distributed, anonymized network known as Tor. Furthermore, the marketplace uses a seemingly random assembly of letters and characters as its URL, which means that, should that domain name get shut down, its operators could simply open up shop under a different name, publicizing the new URL via underground channels.

That said, one weak point would be Bitcoin transactions, since they're the only form of currency currently accepted by the Silk Road. Bitcoins are decentralized currency, created in 2009 by Satoshi Nakamoto, who also released open source software which powers the decentralized peer-to-peer network that runs Bitcoins.

Jeff Garzik, a Bitcoin developer, told Gawker that Bitcoins could expose the actual identities of Silk Road users, since law enforcement agencies, with enough time, could correlate network traffic with the publicly released--though anonymous--records of Bitcoin transactions, to identify actual users. Accordingly, "attempting major illicit transactions with Bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb," he said.

Bitcoins represent an interesting evolution in currency. As noted in an Electronic Frontier Foundation (EFF) analysis published earlier this year, "once the Bitcoin software has been downloaded, a user can store Bitcoins and exchange them directly with other users or merchants--without the currency being verified by a third party such as a bank or government," according to the EFF's activism director, Rainey Reitman. "It uses a unique system to prevent multiple-spending of each coin, which makes it an interesting development in the movement toward digital cash systems."

But she warned that the system is still a work in progress, and not entirely anonymous or secure. Interestingly, EFF had been accepting Bitcoins as donations, but in recent weeks appears to have ceased this practice, instructing potential donors that the organization prefers legal tender instead. As that suggests, the currency's legal status is unclear.

By May 2011, however, there were already 6.2 million Bitcoins in existence. As of June 10, the value of a Bitcoin was about $30, up from $0.06 in October 2010. The Bitcoin software's growth algorithm caps the the total number of Bitcoins in circulation at approximately 21 million, which developers don't expect to approach until 2140.

The LulzSec hacking group, which reportedly split off from Anonymous and has been steadily hammering Sony websites, as well as PBS, InfraGard, and others, has also called for--and received--Bitcoin donations. According to a tweet released by the group last week, "by the way, we've received $110 in BitCoin donations and we just used some of it to buy a server with which to own things from."

Of course when it comes to purchasing illegal drugs, Bitcoins aren't the only currency. In fact, cash is much more anonymous. On that front, technological moves are afoot to help battle so-called pill mills, which involve doctors trading prescriptions for cash. For example, currently 98% of all doctors who prescribe oxycodone are located in Florida, according to a Thursday story in the Guardian, which said that the cash-for-prescriptions racket can earn a single physician up to $25,000 per day.

Accordingly, the American Society of Interventional Pain Physicians, among other groups, is pushing for a single, statewide database for recording all pain medication prescriptions, by physician, to help crack down on pill mills. The state's governor, Rick Scott, had resisted the plan, on cost and privacy grounds.

But according to recent reports, the Florida Senate is now weighing a related bill, backed by both Scott and the Florida House. In addition, Scott told a U.S. House of Representatives energy and commerce committee that he'd ordered the state to develop "a database focused on the patient level."

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.