This a guest postbode from security researcherNicholas Weaver. Nicholas is a part of Berkley’s ICSIprogram and he’s here to tell you a bit about how violated bitcoin is and how you too can profit!.
OK, now I may be just be a elementary country Hyper-Chicken, err Ph.D. security researcher, but I think by now I get something very significant about Bitcoin: How to make money with Bitcoin. Now I’m also a lazy security researcher, so heck, lets expose my super secret Ten step project on how you too can make lots of money with Bitcoin.
You gotta budge to Sochi. Now the Bitlievers like to optie that their digital Quatloos free them from the oppressive yoke of government imperialism, but at the same time they go screaming like little chicks to the government to help them out if you steal too many of their Dunning-Krugerrands. So you gotta go to some country where the local language defines MLAT spil “Tell the FBI to go fuck itself”. And albeit most of Russia is a frozen hellscape predominated by a shirtless, humorless tyrant, Sochi is, after enough billions of corruption, a nice place to live. Hey, they even have a F1 wedstrijd.
Pauze into blockchain.informatie and all the other “web wallet” services. Oh, but wait, aren’t thesis companies run securely, with lots of venture capital money? Well, if you consider the VC fundedRNG Improvments[sic]to their code, do you think the surplus of their security is much better? And breachCoinbase too while you’re at it…
Download all the saved web wallets. Now thesis wallets are all encrypted by the suckers users passwords but that just means most are protected with passwords only slightly more sophisticated than “123456”. So begin throwing it at your password cracker. Spil a verzekeringspremie, get everyone’s email addresses and download all the other password information. And get crackin…
Wait. Patience is a virtue, youthful padawan. Until your improvments [sic] are noticed, they will proceed to work, snagging all the suckers who somehow, despite believing te a decentralized digital Clams, insist on trusting centralized companies because “the market will eliminate bad actors” or some such Randite fantasy. I mean, the market eliminated bad exchange actor Mt. Gox pretty quick and they te turn eliminated overheen $500 million of bad bitcoin actors from bad customer actors too!
Once you are discovered, only then do you transfer all those virtual Cubits into your own accounts. Conveniently, the wallet service will tell you when you are discovered and should budge the twijg because well, they’re going to have to postbode a big announcement and eliminate your improvments [sic].
Join the throng on /r/bitcoin who mock those who lost their binary Ankh-Moorpork Dollars to your attack, because everyone knows you should only store your Bitcoins on your own laptop. This rekentuig vereiste run a self-burned live linux distro and never be connected to the internet. Te fact, make sure to glue the ethernet ports shut. Don’t forgetto include posts noting how the thief is performing a public service te this objectivist paradise by educating the victims on how pc security works.
Now this is all fine and good, but why zekering there?
Commence writing your malcode module that looks for Bitcoin wallets. This pretty little malicious program should copy both unencrypted and encrypted wallets. It should also add an improvment [sic] to any Bitcoin client it finds to once again tell you the password. Don’t want to actually write the infection routines? Well, there are services you can use, just find your friendly PPI service.
For each stolen wallet, if you crack it, don’t zeerob it. Well, not right away. After all, most likely the best host based IDS is an unsecured Bitcoin wallet, and you don’t want word to get out too soon. Wait a little while. Meditate on the fragility of all things. And then, get impatient and zeehond em vensterluik.
Join the throng on /r/bitcoin who mock those who lost their binary Ankh-Moorpork Dollars to your malcode, because everyone knows that you should only store your Bitcoins using a paper wallet. Once again, be sure to include posts noting how the thief is performing a public service ter this objectivist paradise by educating the victims on how laptop security works.
So there you have it, a Ten, well, 11 step program to make lots of money te Bitcoin. Whatever, off by one error, who cares? Its not like such errors exist ter the core protocol of Bitcoin (*cough* OP_CHECKMULTISIG *cough*).
You can thank mij by contributing to 1BitcoinEaterAddressDontSendf59kuE.
You can also go after mij on Twitter: @ncweaver