Thursday, November 27, 2014

Bitcoin Users can be Tracked, Identified

Btcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions really anonymous? Several research groups worldwide have shown that it is possible to find out which transactions belong together, even if the client uses different pseudonyms. However it was not clear if it is also possible to reveal the IP address behind each transaction. This has changed: researchers at the University of Luxembourg have now demonstrated how this is feasible with only a few computers and about €1500.

[...]

In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily.

The basic idea behind these findings is that Bitcoin entry nodes, to which the user's computer connects in order to make a transaction, form a unique identifier for the duration of user's session. This unique pattern can be linked to a user's IP address. Moreover, transactions made during one session, even those made via unrelated pseudonyms, can be linked together. With this method, hackers can reveal up to 60 percent of the IP addresses behind the transactions made over the Bitcoin network.

No comments: