Re: Two researchers from University College Dublin investigate the the 500K theft.
Thanks for your reply Fergalr. I give much respect to your well thought out comments and honesty regarding the extent of your capabilities and knowledge. I've been thinking about this subject a lot because it really stunned me that despite all the "highly technical" users claims that bitcoin was not anonymous, no one has solved any of the big thefts.
Its true that the thefts haven't been solved - at least not that we are publicly aware of - and maybe they never will be, maybe the thieves were careful to isolate their off-bitcoin actions.
But also, I'm not aware of any public serious activity, by technically skilled law enforcement, to investigate these events.
It might be the case that with the help of a few subpoenas, they could solve it.
If Bitcoin is ever used for something *really bad* and high profile in future, or if it becomes much more popular, these things will become apparent.
I think determined parties, will the ability to access exchange data, Mt. Gox, myBitcoin and so on will be able to analyze a huge amount of traffic.
2) The IP layer work that Dan Kaminsky did - could that be put together with Bitcoin layer work like we did?
I asked him in his thread how much it would cost to put together a tool but it must have freaked him and the others in the thread out because the thread immediately died. https://bitcointalk.org/index.php?topic=34383.msg436871#msg436871. And DK hasn't posted since. That was not my intention at all
He might just be busy - the SSL certs thing is happening at the moment - dunno.
Anyway, you seem to be a smart and talented programmer enough to be able to replicate kaminsky's work for the conference and get a working tool going in a reasonable timeframe. And I get the feeling that unlike him, my direct and public approach will not be scary to you or kill this thread. It could be merged with your already existing tool like this (not sure if feasible):
a) run your address tracing and linking tool to find all the coins that were stored through the Mybitcoin portal. You can start with my address info here: https://bitcointalk.org/index.php?topic=34225.msg428519#msg428519. That should give you all their coins with current address locations. Also see if any forum user can be linked to it.
b) run the real-time ip monitoring tool targeting those addresses to harvest the ips + any other scrape-able info when the coins are moved
c) use your tools to see what they are doing with the coins. By now you should know what wallets are exchange wallets, so if they are cashing out through an exchange bingo fire up the subpoenas. If they are using dead drop or in-person cash-out then go back to dktool do geolocation on the IP, see what can be done... harder road but at least we know we're on it at that point.
But the key is b. Hmm thinking about how much it would cost. A database of every transaction made with IPs would be nice to start collecting, could be valuable in the future. Of course, with DK's you don't get very many IP addresses because some users are a few hops away from an inbound node
He wasn't too clear on that point in his slides and I was not at the conference.
Another potentially profitable use for your work: We do need a tool to keep pool operators honest. If the stolen block storage node and the pool general fund node can be linked, tool could monitor that. Right now it is very easy for them to sneak blocks, and we miners have to guess if they are doing it or not by comparing pool luck to expected luck. Vladimir's self defense for miners thread talks about this.
a) run your address tracing and linking tool to find all the coins that were stored through the Mybitcoin portal. You can start with my address info here: https://bitcointalk.org/index.php?topic=34225.msg428519#msg428519. That should give you all their coins with current address locations. Also see if any forum user can be linked to it.
b) run the real-time ip monitoring tool targeting those addresses to harvest the ips + any other scrape-able info when the coins are moved
c) use your tools to see what they are doing with the coins. By now you should know what wallets are exchange wallets, so if they are cashing out through an exchange bingo fire up the subpoenas. If they are using dead drop or in-person cash-out then go back to dktool do geolocation on the IP, see what can be done... harder road but at least we know we're on it at that point.
But the key is b. Hmm thinking about how much it would cost. A database of every transaction made with IPs would be nice to start collecting, could be valuable in the future. Of course, with DK's you don't get very many IP addresses because some users are a few hops away from an inbound node
He wasn't too clear on that point in his slides and I was not at the conference.Another potentially profitable use for your work: We do need a tool to keep pool operators honest. If the stolen block storage node and the pool general fund node can be linked, tool could monitor that. Right now it is very easy for them to sneak blocks, and we miners have to guess if they are doing it or not by comparing pool luck to expected luck. Vladimir's self defense for miners thread talks about this.
Those are interesting suggestions - I don't think I'll be embarking on a big engineering project like that, though; I've got to focus on more research oriented angles, as a research student. But there's nothing to stop other people building such infrastructure, and I suspect they will, in time, if adoption increases.