On Thursday, Target acknowledged that credit information of up to 40 million of its customers was stolen between November 27th and December 15th in one of the largest digital thefts in history. Frustrated customers are going around blaming Target for its lack of security and even showing a mistrust for credit card transactions if businesses such as Target are not able to keep their information safe and prevent fraud. Many target users are thinking using cash might be safer, since a cash transaction will not result in any of their information being kept and put in a position that may be vulnerable to theft.
This theft is reminiscent of some of the “Bitcoin heists” that have been making rounds on the internet over the past couple years. In one such theft, $500k (25k BTC, what would be $15 million at today’s exchange rate) was stolen, from a user named “allinvain” on the Bitcoin forums, in which the user claims their online wallet was hacked and had an unauthorized transaction sent to an unknown Bitcoin address. In another such heist, up to $100 million was either siphoned off by a hacker or the owners of the website Sheep Marketplace over the course of about a week, prompting the shutdown of the website. In another, the popular MtGox bitcoin exchange website had the user information of all its users publicly posted somewhere, thus compromising all these users accounts with the exchange.
As is typical of some of the coverage of these thefts, Bitcoin itself’s legitimacy is usually questioned and writers wonder whether the Bitcoin network is really secure and free from the possibility of fraudulent duplication of its currency and hacking. However, this fear is always misplaced. Bitcoin itself is not what has been vulnerable in these attacks, but third party users or third party wallet software. For Bitcoin to be vulnerable, an attack would have to be carried out on the network itself using an overwhelming amount of computer power allowing it to create a false blockchain longer than the legitimate blockchain created by honest users, a nearly impossible feat that has not happened and likely never will. As some have noted, if an attacker had acquired enough computing power to have over 50% of the network’s computing power in one place, it would probably be more beneficial for them to use that computing power legitimately and mine for bitcoins, which would likely lead to their amassing of a greater number of bitcoins and not create a panic like a massive fraud would. Thus, the Bitcoin protocol itself is essentially impregnable to an attack by hackers (with today’s technology).
What has proved vulnerable is wallet software and online businesses. Just as with Target, online Bitcoin businesses who do not have adequate security protocols become vulnerable to hackers who exploit any information they come across and can use to access the system. With Target, some suspect a Target employee may have clicked on an e-mail that introduced a bug into the system. Similarly with wallet software, if you, as a user, leave your encryption password lying around somewhere that has no security features and that could be easily accessed, such as in a word document, you are not being secure in how you treat your bitcoin account and can have your account attacked relatively easily. Whether it’s Target, MtGox, a Bitcoin wallet, or anything else, when information is left in unsecure places or users do not follow adequate protocols to ensure their system is not compromised, theft is bound to occur. We do not see the EFT (electronic funds transfer) system being blamed in the Target theft, do we? Or the U.S. dollar, the unit of currency denominating balances? Yet all the time Bitcoin is blamed or suspected to be vulnerable in occurrences of theft.
What is to blame is particular users of these systems who do not treat their digital information with care to ensure security is not compromised. Human error is consistently to blame in these thefts and that is where blame should be placed, not in the networks in which funds reside, or the funds themselves, which remain secure and are relatively unassailable from attackers without any revealing information unknowingly divulged by users. Individuals also need to be more careful with whom they do business with because, as the Sheep Marketplace theft proves, not every business in existence has good intentions and can be trusted with large sums of money. The omnipresence of financial institutions, banks, and regulations have only served to dull our duty to make responsible decisions with our money that would reduce the incidence of theft or underhanded actions by those who would seek to deceive us. Those dealing in Bitcoins have learned this lesson the hard way and will continue to do so as long as carelessness continues to be employed in the use of money. Leaving digital information unsecured is no different than leaving a gold bar or stack of hundreds on ones doorstep, and it seems as if only negative reinforcement has been jarring enough to imbue this lesson to the same extent (or has left the wrong lesson!).
Like this post?
Donate BTC here: 1BRmzgQ39mkLGz9uKfLQyowtCrE4XQCi4h
Donate Namecoin here: ND3Hc2p6yBMxXzVkmyQLB17G1ar7FG2grA