The internet started buzzing yesterday with the news that someone had broken into the Franklin, Tennessee office of the accounting firm PricewaterhouseCoopers and obtained copies of Mitt Romney’s past tax returns for an unspecified number of years. They claim to have made digital copies of them and mailed flash drives containing encrypted versions to various organizations, saying that if they do not receive $1 million by September 28, they will release the public key that will enable people to unencrypt the files and read the documents.
While there are some suspicions that this may be a hoax (there are some bizarre elements to this story that make it read like fiction) there can be no doubt that this is blatant blackmail and to be condemned. The Secret Service is now investigating it. While I find it strange that Romney is not releasing his returns, wonder what he has to hide, and would like him to release them, this kind of extortion is simply wrong.
But what really grabbed my attention was that the ransom was to be paid in the currency of ‘Bitcoins’.
Last year, I wrote about Bitcoins. This is an alternative peer-to-peer digital currency system that bypasses the current global financial system that gives a stranglehold to a few governments and big banks. We have seen how that system was abused by the US government in choking off the normal means by which people could give money to organizations it does not like, such as WikiLeaks, and we see it again being used as an instrument of US policy to pressure the government of Iran.
I frankly do not quite understand how Bitcoins works though you can read about it here. I was unwilling to put in the effort to do so because it was not clear to me whether it had any staying power. I had not heard about it for some time and idly wondered whether it had not caught on sufficiently to be successful when my attention was captured by a Marketplace report last week that said that it is the means by which payments are made in the online market for illegal drugs, and partially described how it operates
It turns out that there are websites (with names like Silk Road) through which you can purchase illegal drugs and other products. These function very much like Amazon or eBay, along with customer service reviews, gift coupons, and the like. And the reason that they can do this and avoid government crackdowns (so far at least) is that they apparently use Bitcoins as the means of payment.
Nicholas Christin has studied the workings of this alternative marketplace and has published his study that explains how Bitcoins are used here.
The relatively recent development of usable interfaces to anonymous networks, such as the “Tor browser bundle,” has indeed made it extremely easy for anybody to browse the Internet anonymously, regardless of their technical background. In turn, anonymous online markets have emerged, making it quite difficult for law enforcement to identify buyers and sellers. As a result, these anonymous online markets very often specialize in “black market” goods, such as pornography, weapons or narcotics.
…
Suppose that Bob (B), a prospective buyer, wants to access the Silk Road marketplace (M).
…
After having perused the items available for sale on Silk Road, Bob decides to make a purchase from Sarah (S). While Tor ensures communication anonymity, Silk Road needs to also preserve payment anonymity. To that effect, Silk Road only supports Bitcoin as a trading currency. Bitcoin is a peer-to-peer, distributed payment system that allows anonymous transactions between different parties. Bob thus needs to first procure Bitcoins, which he can do from the many online trading places such as Mt.Gox . At the time Bob purchases the item from Sarah, instead of paying Sarah directly, Bob places the corresponding amount in escrow with the site operator. Effectively, B pays M, who will subsequently pay S. The escrow mechanism allows the market operator to accurately compute their commission fees, and to resolve disputes between sellers and buyers. Silk Road mandates all sellers and buyers use the escrow system. Failure to do so is punishable by expulsion from the marketplace.
Although the products being exchanged can be illegal, it does not mean that the people involved are necessarily more likely to cheat the people they do business with, since they have an interest in being honest with their customers if they want to continue in business. But it does mean that if something goes awry, you cannot complain to the Better Business Bureau.
It should be made clear that there is nothing secretive or illegal about the Bitcoins system itself. They have public conferences and such. The fact that it is used for illegal purposes no more discredits it than the fact that criminals using the regular banking system discredits those institutions.
But I am still confused about how Bitcoins actually work. It is clearly something more than just another currency that is used as a means of keeping track of bartering exchanges (the traditional function of currency). And yet, according to the Romney ransom attempt, it seems like you can convert dollars to Bitcoins and back again, which seems to make it just like another currency, similar to those issued by governments. But who issues this currency? There is apparently a system by which cryptography is used to control the creation of money so that inflation is kept under control.
But it looks like Bitcoins are here to stay and it may be time for me to learn how it works.
We are living in interesting times.
While there are some suspicions that this may be a hoax (there are some bizarre elements to this story that make it read like fiction) there can be no doubt that this is blatant blackmail and to be condemned.
It certainly benefits the Romney camp, because suddenly the debate goes from “what is Romney hiding?” to “see what kind of extortionist criminals are trying to invade Romney’s privacy?!!!” Now our legitimate demands to know how Romney does business can be easily equated with burglary, invasion of privacy, and extortion; and oposition to government of, by and for the rich, can be equated to criminality. Meanwhile, Romney now has a new and improved excuse to refuse to make his tax information public: “We will never give in or negotiate with terrorists!!”
Interesting timing, wonder if the 250k bit coin hack is related to this or if it’s just bad timing
There does not appear to be any proof that the person who demanded the ONE MEEEEELION DOLLARS is the same as the person who (allegedly) stole the documents. There is not even any real evidence that the blackmailer has access to the tax returns. All they have posted is an encrypted document that for all we know is just random bits.
Offhand, I smell a hoax. For starters, why would they give everyone even a hint of who might have let them in? And why would these alleged hackers send those flash-drives to local party offices in Tennessee?!
And what’s the point of mailing flash-drives anyway, if no one has the keys necessary to decode what’s really in them? If they REALLY wanted to scare people, they’d put up a sample page of Romney’s tax-returns, unencrypted, to show they really have the information they say they have.
And why would none of the people who got the flash drives have had a look or at least asked their IT people to try it out? Seems odd that the one thing everyone was so interested in establishing was that they didn’t peek.
You mine bitcoins by letting your computers crunch numbers. There is exchange and you can speculate, sell things and get paid in it. Like regular money, you could see it as a pyramid scheme. The more people that believe in it and accept it as payment, the more it is worth, like a tulip bubble. Richard Falkvinge of the Swedish pirate party put all his savings in bitcoins. I wouldn’t.
Because the flash drives could easily contain malware. And said malware could have been planted by the Feds to prove that the recipients had knowingly attempted to unlawfully access privileged information.
Also, notice how this “breaking news” seems to be well-timed to divert attention away from the Democratic convention? This is bullshit in the tradition of Karl Rove, folks, nothing more.
Maybe this is a set-up for someone to release a fake version of the tax returns. 🙂 That’d put the Romney camp in an interesting bind indeed.
For one, the point of encryption is that without the public key, it’s impossible to extract the data within (or at least, the time it would take to brute-force decrypt the data would be measured in years). Though they’d want to take a peek, it’s not really possible.
(Though if I were on their IT team, there’s no way I would allow that flash drive onto any machine that could ever connect to the network, and I’d completely reimage the PC after printing the documents. Paranoia keeps your series of tubes clear from virii.)
There’s two reasons I can think of for mailing the flash drives: One, if they don’t get paid off, it’s a lot easier to disseminate a decryption key than a large data dump -- there’s less chance that their servers will get DDOS’d accidentally. Secondly, it’s like the gun-shaped bulge in a robber’s pocket. There’s a chance it’s real, there’s a chance it’s fake, but either way, it’s more convincing than just saying “I have a gun, give me your money.”
No, it wouldn’t. It would allow them to pretend the whole tax-return issue is itself a hoax drummed up by evil commie malcontents — just like global warming — to subject Real Americans to the tyranny of jackbooted feminazi PC thugs.
The idea that they want to be paid in BitCoin, which is an essentially unstable and unproven “currency”, instead of real money backed by force of government is so ludicrous that I think that alone proves this is a hoax.
There’s definitely a false and dangerous misconception that BitCoin cannot be traced, but in reality it is much more traceable than cash. Unlike cash, BitCoin is “mined” by the original owner, and there is a verifiable record of everyone who ever possessed it. The transactions where the ownership records change are completely public, and indeed they have to be for outright forgery and theft to be implausible. That some people believe BitCoin is anonymous is a just a testament to the extreme ignorance of people who believe that their activities on the internet cannot be tracked. One of the BitCoin developers has tried to inform people that conducting illegal activities with BitCoin as the medium of exchange is “pretty damned dumb”, but people do not listen to experts.
I’d also like to second trazan’s comment. The structure of BitCoin is extremely similar to a pyramid scheme, with guaranteed deflation over the long term. There’s even a preset limit of the maximum amount of “allowed” currency, though it’s not entirely clear how this will actually be successfully enforced. Even without the limit, though, the “mining” of BitCoin is a computational process which requires more and more resources over time. As computers will not continue to improve on performance per watt forever due to the laws of physics, this means that acquiring new currency becomes more difficult the farther into the future one goes. It would be the digital equivalent of currencies still on the gold standard, in essence.
There’s another fundamental economic problem with BitCoin on the demand side. Where does the essential base demand for the currency come from? With real currencies, it comes from the need to pay taxes, which are only accepted when denominated in standard government money. Lacking the acceptance of any government and any enforcement authority is a central and inescapable flaw that renders any such digital money inferior.
Yeah I know about malware (I’m a network engineer), the thing is that I’d certainly use an isolated & disposable machine (I’ve never met an it department without at least one sacrificial pc) to at least examine the contents & see if there really was encrypted data on there
And if the malware was a marker placed by the Feds, the owner of that PC would end up being the victim of a sting, with the malware serving as evidence that they tried to access what they at least thought was unlawfully obtained confidential information.
Yes, I am certain that the US government is capable of detecting whether or not a computer that is completely unconnected to any network is infected with their malware. Fairy Secret Agents, you see. Wearing tiny suits.