Schneier on Security

Clive Robinson • May 3, 2021 7:58 PM

@ ALL,

From a more technical asspect the reason he was caught was the “seed” or “startup” problem.

To start anything growing you need a “seed”, but people do not think about the consequences as they “get gowing”.

We should all be aware that there are very many crypto systems that use a “master key” to generate all following keys. The entire security rests on the security of that seed, should it become known it’s “game over” when ever “Anyone in the know want’s to end it”. That was why the “seed theft” for RSA tokens was so devistating.

Consider the Fog scheme, even without the mistake identified in the artical, to work it first needed “bitcoins to mix”, where did those bitcoins come from?

They would have to have been legitimately obtained initially as the “mix value” of “all illegal” is still “illegal” no matter how you split it under all circumstances.

Thus the question even ten years ago was “could you aquire legitimate bitcoins anonymously” to which the answer has in effect been “no”, and is definately no these days.

The reason, is as the article notes all bitcoin transactions are permanently recorded thus traceable both backwards and forwards in time. So if a bitcoin becomes tracable at anytime to an individual by some non anonymous payment system then it can be traced from that point in time (unless stolen, which makes it not legitimate).

But more obviously, how do you aquire something of value that is legitimate, “truley” anonymously?

The answer is you realy can not unless you take extrodinary care and are prepared in quite a few cases to take a significant loss in the process.

In effect you have to find a supplier of bitcoin that takes cash or it’s equivalent such as bullion or even in the infomous story a pizza.

But even if you do find someone who will trade for cash or equivalent, how do you know they have not somehow de-anonymized you?

Lets say they keep one or two of the bank notes, they will have either fingerprints or DNA on them. Even if you took great care to not get your fingerprints or DNA on them, how about those of the person who you got the cash or equivalent from?

Take “gold coins” in theory it’s easy to remove human DNA and fingerprints from them, but what of the equivalent for the gold?

Any one remember the “Brink’s Mat Robbery”[1]?

Well how do you “launder gold”? The answer back then was with a furnace and a little knowledge and some other quite pure metals like copper and lead.

A metallurgical expert can using what is now comparitively inexpensive equipment –compared to that in 1983– give you a very accurate assay of the gold. Because no gold is pure gold, that’s why it is given as 999 Fine. That 1/10th of a percent can accurately say by the metal ratios where the gold came from unless someone knows how to adulterate it… Unfortunately these days the isotopes of the gold and other metals gives a more interesting finger print rather like that of carbon dating that makes it close to too difficult to adulterate it accurately.

Thus the trick back in 1983 for the Brink’s Mat gold, was to melt the gold down and add a little copper to it (about an old British penny worth) and do a further little magic. In the case of the person who assisted the robbers having got the assey right the next step was to fake up the gold into bars with the serial numbers matching those they had on a valid and legitimately obtained gold certificate. Thus they could move the gold around quite safely, even if stopped they had “traceable title” (back in the 1980’s Indian jewellers were a lot less fussy about where their gold came from as long as the price was right, even if the gold had the mark of the “London Brick Company” on it. A popular scam back then was to buy gold coins that did not have VAT charged on the purchase, melt them down and pour into the “frog” of a brick and then sell on as bullion which did have VAT. Thus collecting VAT and pocketing the VAT as profit was an easy earner.

Others used the “scrap gold mix” trick, you basically melt down loads of different “jewellery gold” or that recovered from printed circuit boards and integrated circuits and mix them together. This is obviously not even close to 999 Fine. What you then do is get it refined to 999 Fine which increases it’s value by rather more than the “scrap gold worth”. You get an assay for the gold then the gold is kind of legitimate. The fact is these days any refining house will only deal with people it knows and can trust/trace so the “feed in” of non legitimately aquired gold is somewhat limited.

Back in the late 1980’s I had a relationship with an organisation near Heathrow UK that recoverd gold from IC’s they purchased at auction houses, a friend had convinced them that actually advertising and selling the components was both more profitable and considerably less paperwork hassle. However I did on one occassion have to take recovered gold from PCB edge connectors to a refiners in Chesington in Surrey, talk about making you jump through hoops…

My friend parted company with the company near Heathrow when he realised that something was not on the level. Basically as far as he could tell the company was still submitting all the IC purchases as for “gold recovery” when infact a big number of them were passing through my friends hands and being sold quite profitably. It could have been a mistake, or a tax fiddle by the company, but there was also another possibility… Whilst a couple of ounces of gold a quater does not sound a lot, you have to ask the question as to where that extra gold going to the refiners came from? I’d severed ties with the company as I was nolonger aquiring sufficiently old scrap PCB’s and chopping the gold edge connectors off. When my friend mentioned the paperwork problem as the reason he was quitting his association with them, I’d no contact with the company any longer, so we never did find out what they were upto, nor did we want to, all our paperwork was in order so we did a “sunset ride”…

[1] https://en.wikipedia.org/wiki/Brink's-Mat_robbery

[2] https://en.m.wikipedia.org/wiki/Isotopes_of_gold