Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    1. Red Dead Redemption 2

      1. Gameplay
      2. Missions
      3. Help & Support
    2. Red Dead Online

      1. Gameplay
      2. Find Lobbies & Outlaws
      3. Help & Support
    1. Crews & Posses

      1. Recruitment
    2. Events

    1. GTA Online

      1. After Hours
      2. Find Lobbies & Players
      3. Guides & Strategies
      4. Vehicles
      5. Content Creator
      6. Help & Support
    2. Grand Theft Auto Series

    3. GTA Next

    4. GTA V

      1. PC
      2. Guides & Strategies
      3. Help & Support
    5. GTA IV

      1. Episodes from Liberty City
      2. Multiplayer
      3. Guides & Strategies
      4. Help & Support
      5. GTA Mods
    6. GTA Chinatown Wars

    7. GTA Vice City Stories

    8. GTA Liberty City Stories

    9. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    10. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    11. GTA III

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    12. Top Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    13. Wiki

      1. Merchandising
    1. GTA Modding

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    3. Featured Mods

      1. DYOM
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Red Dead Redemption

    2. Rockstar Games

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Programming
      5. Movies & TV
      6. Music
      7. Sports
      8. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. News

    2. Forum Support

    3. Site Suggestions

SouthLand

Cash vs Electronic money

Recommended Posts

sivispacem

I'm pretty sure you can make any transactions completely untraceable back to you

You can't. Not without losing the ability to actually access the money, anyway. Your example falls flat because you're only looking at a small window of the actual transaction flow, not the whole thing.

Share this post


Link to post
Share on other sites
RogerWho

Yea, I'm talking just about the transactions themselves, implying that you deal only with bitcoins and not trying to convert them from/to other kinds of currency. Also implying that you don't buy physical stuff with bitcoins and have it delivered to our house using DHL thus leaving a nice paper trail.

 

Depending on what you'd actually want to do, you'd need to take adequate anonymization steps with the rest of the workflow as well but it's certainly doable if you have the will.

Share this post


Link to post
Share on other sites
sivispacem

Cryptocurrency is eminently traceable, and complete anonymisation against the resources and capabilities of nation states is effectively impossible.

Share this post


Link to post
Share on other sites
RogerWho

Well that's quite a different debate how omnipotent the "nation states" actually are or aren't. We don't really know what *exactly* the agencies are capable of when it comes to technology. You can't really crack good encryption without a security hole or a quantum computer for example, regardless of how much money you throw at the problem. Which is why, as far as we know, the agencies rely on backdoors directly to email providers and other ways of surveillance so they don't need to deal with that sh*t all the time.

 

Remember how FBI had to sue Apple to get them make a backdoor to the iPhone? Eventually they dropped it after they (apparently) figured out an alternative way but it's obvious they didn't have a solution ready. So you can't really say that "they" can read anything and everything regardless of the safety steps.

 

Crypto-currency is similar in the technological hurdles. You can use a private key from wherever, use a randomly-generated address for each transaction and several more steps. Is the technology safe enough that it's truly untraceable? It appears that it should be safe enough, or at least as safe as you care to make it for yourself. At the end we can only guess, I sure hope no agency will be interested enough in me that I find out for myself.

 

Either way we can surely agree that it's way more easier to just go to the bank and ask them for the list of your credit card transactions.

Edited by RogerWho

Share this post


Link to post
Share on other sites
sivispacem

You can't really crack good encryption without a security hole or a quantum computer for example, regardless of how much money you throw at the problem.

You don't need to. Trying to crack encryption algorithms is a waste of time and resources; you either attack the implementation of cryptography (via a side-channel) or you use techniques to bypass the cryptography entirely and obtain the data underneath either before transit or after decryption. Or you subvert the cryptographic seed generation techniques to weaken the crypto in the first place.

 

Which is why, as far as we know, the agencies rely on backdoors directly to email providers

That's something a bit different, though. That's not an example of user crypto, the encryption is all handled server side so the "channel" there is with the vendor.

 

Remember how FBI had to sue Apple to get them make a backdoor to the iPhone?

This isn't entirely true. The techniques for extracting private keys in the manner which was eventually used has been done in mobile forensics for a while now. The main justification behind the desire to pressure Apple into backdooring the OS was the legal precedent it would set, which would move the requirement for most of the exploitation work (which is costly, complex snd requires extremely rare expertise) onto the vendors.

 

Is the technology safe enough that it's truly untraceable? It appears that it should be safe enough, or at least as safe as you care to make it for yourself.

Depends on the adversary. If you're talking criminal type actors who are all about maximising financial return for the minimum iutlsy and who don't care about the actual victim (IE go for low hanging fruit) then sure. If you are the criminal, being pursued and specifically targeted by law enforcement or security services, then I don't think anything is "safe enough" to prevent compromise.

Share this post


Link to post
Share on other sites
RogerWho
you either attack the implementation of cryptography (via a side-channel) or you use techniques to bypass the cryptography entirely and obtain the data underneath either before transit or after decryption
That's the point I was trying to make: rather then dealing with such technological hurdles directly, it's way more effective to go around them. So instead of trying to decrypt an encrypted HDD, it's easier to plant some malware on the user's PC in advance or use other methods of surveillance. But that requires targeting of specific individuals so unless you're already under watch, the tech you may be using can be completely bullet-proof.
The point of failure is most likely elsewhere than the actual technology. Same thing with cryptocurrencies, actual criminals who would use bitcoins for money transfers (e.g. drug dealers) would be probably under different sort of surveillance and those bitcoin transfers might therefore be traced based on that, not as a starting point.
Of course the point would be moot if we'd be all under 24/7 full surveillance 1984-style, but that's not really happening yet.
The techniques for extracting private keys in the manner which was eventually used has been done in mobile forensics for a while now.

Yes, but it's getting more and more difficult. Phone manufacturers (or at least Apple, most Android makers don't give a sh*t) are constantly upping the ante. You can't even dismantle and put together the later iPhones without them refusing to work, since the individual parts use encryption on hardware level and can't even communicate with each other unless they get their private keys exchanged using Apple equipment. Due to the tech advancements, it's not only costly but most likely becoming impossible to crack this tech without completely reverse-engineering it. Which is why it would be easier (again) for the agencies to just force the manufacturers to make backdoors for them. I do wonder what happens next time when the FBI needs to unlock an iPhone 11 or so.

Share this post


Link to post
Share on other sites
sivispacem

Same thing with cryptocurrencies, actual criminals who would use bitcoins for money transfers (e.g. drug dealers) would be probably under different sort of surveillance and those bitcoin transfers might therefore be traced based on that, not as a starting point.

In the case of bitcoin, this simply isn't true. Bitcoin transactions are absolutely traceable, and without too much difficulty given the entire blockchain and ledger are public. The reason bitcoin is employed by criminals isn't because it's untraceable, or even that difficult to trace. It's because it can't be frozen or seized, and can be easily monetised without attracting attention. These factors also make it very vulnerable to theft or manipulation, as Mt. Gox demonstrated.

 

Yes, but it's getting more and more difficult.

Not from a hardware perspective it isn't. And it won't until mobile vendors start deploying proper Secure hardware Cryptomodules like Trusted Platform Module. The improvements in Apple (and Android) security over the last few generations have been primarily in the OS and firmware; they're still vulnerable to hardware based attacks as many security vendors have demonstrated.

Share this post


Link to post
Share on other sites
RogerWho
Bitcoin transactions are absolutely traceable, and without too much difficulty given the entire blockchain and ledger are public.

But how do you trace the transaction to a particular person? That's the point. If I buy bitcoins in cash from someone in the dark alley, using a wallet on a burner phone, with internet connectivity on an anonymous prepaid card, then use those bitcoins to buy internet porn and watch said porn on the same phone which is never turned on in my home town, how could anyone ever trace it to my person without other forms of surveillance?

 

Not from a hardware perspective it isn't. And it won't until mobile vendors start deploying proper Secure hardware Cryptomodules like Trusted Platform Module. The improvements in Apple (and Android) security over the last few generations have been primarily in the OS and firmware; they're still vulnerable to hardware based attacks as many security vendors have demonstrated.

Apple has their equivalent of TPM, hardware-based, which is enabled on their later devices (at least those with a fingerprint reader). Which is why you can't disassemble and put together an iPhone without it stopping to work since the pieces need to be authorized using Apple equipment. There was a mild controversy about it last year as 3rd party service centers were complaining about not being able to repair iPhones.

 

Most Android makers don't give a sh*t (AFAIR HTC in particular is a complete joke when it comes to security) but Apple seems to take this pretty seriously. It appears next time FBI will have their work cut out for them, in fact the method they used for unlocking the 5C would already not work on the later ones. Note: I'm not actually an Apple lover, it's just this particular thing they appear to do well.

Edited by RogerWho

Share this post


Link to post
Share on other sites
sivispacem

how could anyone ever trace it to my person without other forms of surveillance?

That sort of misses the point. You can't really trace financial transactions either without employing multiple forms of surveillance. The same logic could be employed with a prepaid credit card bought in cash and used the same environment. Bitcoin doesn't really afford either more anonimity or transactional security than other methods leveraging conventional cash.

 

Apple has their equivalent of TPM, hardware-based, which is enabled on their later devices (at least those with a fingerprint reader). Which is why you can't disassemble and put together an iPhone without it stopping to work since the pieces need to be authorized using Apple equipment.

This isn't entirely accurate. It's possible to subvert the lock screen on any iPhone up to the 6 Plus by desoldering and cloning the NAND chip. With later nodeks, your average pleb can't simply swap components such as the mainboard thanks to the Security Enclave/SecurCore. This prevents off-chip attempts at bruteforcing the passcode off-device, but the Enclave itself can be subverted in a similar manner to the flash memory attacks on earlier devices. It's extremely risky in terms of the possibility for outright destruction of the Enclave chip, but entirely possible. The chip itself can also be cloned given the resources to do so.

Share this post


Link to post
Share on other sites
RogerWho
Bitcoin doesn't really afford either more anonimity or transactional security than other methods leveraging conventional cash.

I'm not arguing it provides more anonymity, I'm saying that if the anonymity of the transaction or the user is compromised, the point of failure is elsewhere and not with the design of the cryptocurrency itself. In other words bitcoins are not inherently traceable to the user, unless the user doesn't care about being identified.

 

The point you made about bitcoins being safe from being seized or frozen is also valid. Yea, technically I can also use an anonymous credit card or bank account for the same purposes as bitcoins, but since it's under a central authority, there's a risk it can be blocked. Heck, a card just needs to expire for it become worthless.

 

It's possible to subvert the lock screen on any iPhone up to the 6 Plus by desoldering and cloning the NAND chip.

That's not what I heard. Well technically you can clone the NAND chip of course but the data shouldn't be usable if the device was locked. You have a source for those experiments? That said, even if it's true that the current generation is still vulnerable like that, it may not be the same with the next one, and you can always employ further security measures. Cracking a locked phone is useless if the user stores their info in an app with another layer of password protection.

Share this post


Link to post
Share on other sites
sivispacem

That's not what I heard. Well technically you can clone the NAND chip of course but the data shouldn't be usable if the device was locked. You have a source for those experiments?

http://arstechnica.co.uk/security/2016/09/iphone-5c-nand-mirroring-passcode-attack/

 

Basically NAND mirroring has been demonstrated with trivial hardware costs on the 5C and theoretically remains possible on later generations too, but hasn't yet been demonstrated due to the transition to the m-PCIE NAND interface on the 6S onwards.

Share this post


Link to post
Share on other sites
RogerWho

OK, so looking at the paper, what they actually demonstrated in this case is brute-forcing a 4-digit passcode (after cloning the contents of the NAND). True, this would probably easily work with anything you have physical access to, but the point of failure here is the user for having a weak password and storing the data in the most approachable way (e.g. in the default apps). There are enough security measures available to make such an attack worthless.

 

Edit: I just looked at my iPod Touch at what options regarding passcode it actually has and there are options for: 4 digits, 6 digits, custom digits (30+ seems to work) and custom alphanumerical. The question is, whether this passcode can be overriden entirely using NAND mirroring, but this demonstration hasn't proven that.

Edited by RogerWho

Share this post


Link to post
Share on other sites
sivispacem

The question is, whether this passcode can be overriden entirely using NAND mirroring, but this demonstration hasn't proven that.

Actually, that wasn't the question, or the approach taken by the FBI in actually decrypting the phone. That was simply a lock screen retry limitation bypass, which is effectively what NAND mirroring also accomplishes.

Share this post


Link to post
Share on other sites
RogerWho

The effectiveness however is dependent on quality of the password since the paper describes brute-forcing it. They mention that a 4-digit passcode can be brute-forced within a day. But use just a reasonably long hexadecimal password and they won't get anywhere with this approach, unless the actual contents of the memory aren't properly encrypted and thus could be read directly by an external device - which is what I was interested in the first place. For now, the user is the known weak link, not the tech.

 

Either way, we've come far from cash vs. electronic money.

Edited by RogerWho

Share this post


Link to post
Share on other sites
sivispacem

I assume you don't acrually mean hexadecimal, given that a 16 character keyset gives vastly less possible permutations than the 95-character printable ASCII keyset.

Share this post


Link to post
Share on other sites
RogerWho

No, that's my fever talking. I meant alphanumerical of course :lol:

Share this post


Link to post
Share on other sites
=Signal=

Now a days they f*cking clone credit cards lmao!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • 1 User Currently Viewing
    0 Members, 0 Anonymous, 1 Guest

×

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.