09:59 AM

LulzSec Hackers Using Digital Currency: DEA Crackdown Soon?

The LulzSec hacker group has said it's receiving monetary support via a P2P digital currency, Bitcoins. Now Senators are urging DEA action on an illegal online drug sales site with a Bitcoins connection.

Two senators have called on the Drug Enforcement Administration (DEA) to shut down the online marketplace known as the Silk Road by seizing its domain name.

"Launched in February, this underground website allows users to hide their identities and freely purchase and sell illegal drugs, ranging from cocaine, heroin, ecstasy, and marijuana," said Senators Charles Schumer (D-N.Y.) and Joe Manchin (D-W.Va.), in a letter sent this week to Michele Leonhart, the head of the DEA, and attorney general Eric Holder.

Knowledge about the Silk Road went mainstream earlier this month, thanks to a Gawker profile. But shutting the marketplace down could prove difficult, since it can only be reached via the distributed, anonymized network known as Tor. Furthermore, the marketplace uses a seemingly random assembly of letters and characters as its URL, which means that, should that domain name get shut down, its operators could simply open up shop under a different name, publicizing the new URL via underground channels.

That said, one weak point would be Bitcoin transactions, since they're the only form of currency currently accepted by the Silk Road. Bitcoins are decentralized currency, created in 2009 by Satoshi Nakamoto, who also released open source software which powers the decentralized peer-to-peer network that runs Bitcoins.

Jeff Garzik, a Bitcoin developer, told Gawker that Bitcoins could expose the actual identities of Silk Road users, since law enforcement agencies, with enough time, could correlate network traffic with the publicly released--though anonymous--records of Bitcoin transactions, to identify actual users. Accordingly, "attempting major illicit transactions with Bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb," he said.

Bitcoins represent an interesting evolution in currency. As noted in an Electronic Frontier Foundation (EFF) analysis published earlier this year, "once the Bitcoin software has been downloaded, a user can store Bitcoins and exchange them directly with other users or merchants--without the currency being verified by a third party such as a bank or government," according to the EFF's activism director, Rainey Reitman. "It uses a unique system to prevent multiple-spending of each coin, which makes it an interesting development in the movement toward digital cash systems."

But she warned that the system is still a work in progress, and not entirely anonymous or secure. Interestingly, EFF had been accepting Bitcoins as donations, but in recent weeks appears to have ceased this practice, instructing potential donors that the organization prefers legal tender instead. As that suggests, the currency's legal status is unclear.

By May 2011, however, there were already 6.2 million Bitcoins in existence. As of June 10, the value of a Bitcoin was about $30, up from $0.06 in October 2010. The Bitcoin software's growth algorithm caps the the total number of Bitcoins in circulation at approximately 21 million, which developers don't expect to approach until 2140.

The LulzSec hacking group, which reportedly split off from Anonymous and has been steadily hammering Sony websites, as well as PBS, InfraGard, and others, has also called for--and received--Bitcoin donations. According to a tweet released by the group last week, "by the way, we've received $110 in BitCoin donations and we just used some of it to buy a server with which to own things from."

Of course when it comes to purchasing illegal drugs, Bitcoins aren't the only currency. In fact, cash is much more anonymous. On that front, technological moves are afoot to help battle so-called pill mills, which involve doctors trading prescriptions for cash. For example, currently 98% of all doctors who prescribe oxycodone are located in Florida, according to a Thursday story in the Guardian, which said that the cash-for-prescriptions racket can earn a single physician up to $25,000 per day.

Accordingly, the American Society of Interventional Pain Physicians, among other groups, is pushing for a single, statewide database for recording all pain medication prescriptions, by physician, to help crack down on pill mills. The state's governor, Rick Scott, had resisted the plan, on cost and privacy grounds.

But according to recent reports, the Florida Senate is now weighing a related bill, backed by both Scott and the Florida House. In addition, Scott told a U.S. House of Representatives energy and commerce committee that he'd ordered the state to develop "a database focused on the patient level."

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.