Tuesday, June 08, 2021 ... Deutsch/Español/Related posts from blogosphere

The FBI may very well possess most Bitcoin private keys, other passwords in the world

The U.S. and China are among countries whose governments are planning to restrict the cryptocurrency activities. On the other hand, a confederacy of 25,000 gang members known as El Salvador claimed to adopt the Bitcoin as an official currency (these criminals have been using crypto for a long time so it's not really news). Another great friend of the U.S., Iran's mullah-in-chief, has also called for the legalization of the Bitcoin (Iran and North Korea have used Bitcoin to circumvent sanctions etc., too). Meanwhile, Donald Trump said that the Bitcoin seemed like a scam – and a thing that wanted to challenge the global dominance of his preferred currency (it has a name imported from the Czech language). Meanwhile, the FBI did something cool that drove the Bitcoin price below $32k again.

Hackers have hacked and encrypted files on the Colonial Pipeline servers. The breach was harmful, oil stopped flowing, and the company has actually paid some $4 million in Bitcoin in ransom. The files were decrypted (not all extortionists are this honest!) and the oil flows were resumed.

That ransom came to dozens of wallets but... the FBI conquered $2.3 million, a majority of the ransom, because it acquired the private key – the longer gibberish sequence of digits that is needed to send funds (to "sign" the electronic confirmations that the owner wants to send something) – from the largest Bitcoin wallet. How is it possible? It should be impossible (in any realistic timeframe) to calculate the (longer) private key from the publicly known data – which seems to be just the public key.

Although I think that some computational tasks may be solved by much faster algorithms than a majority of computer scientists are willing to believe, I think that the FBI doesn't possess these \(P=NP\) caliber breakthroughs in pure mathematics. Instead, it probably has many other more "down-to-Earth" yet brutal tools to solve such situations.

They could have simply traced the computers ordering the transactions... and find the hackers. The hackers could be told "tell us the private key, otherwise we will torture you, jail you, or kill you". And the hacker simply delivered the private key. Alternatively, the hacker or hackers could have been stupid enough (being able to obtain $4 million by criminal methods doesn't mean that you are very intelligent, we know many people worth tens of billions who are dumb as a doorknob) and they could have placed the funds on a cryptocurrency exchange. That exchange could have been ordered by the FBI to deliver the private keys to those wallets – private keys that only the exchange, not the hackers, technically knew.

However, there is an easier yet more far-reaching possibility. The FBI may simply spy on lots of computers, and perhaps all computers with major operating systems, and whenever something like a new private key is created with nonzero funds, the private key may be almost invisibly sent to the FBI servers (probably through some indirect routes). So millions of people may play with their passwords on their Windows computers or Android and iOS tablets but all these devices may simply be listening and sending the private information to those who are more powerful – which makes all the game with very complicated passwords and private keys a farce, at least when it comes to the protection against the U.S. government agencies. If such backdoors exist, they may exist (and be activated) everywhere; or they may exist (or be activated) within a very small fraction of the computers and other devices. There are many possibilities.

If true, I would be impressed by the reticence of the FBI that hasn't abused these superpowers yet – at least not too much. ;-)

Add to del.icio.us Digg this Add to reddit

snail feedback (0) :

(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-1828728-1', 'auto'); ga('send', 'pageview');