Sanction vs Bitcoin mining – HackerNoon.com


Chris Kubecka

Can’t use the US dollar? Try cryptocurrency instead

Always listen to Archer memes

Sanctions are a powerful diplomacy tool for countries with abilities to effectively enforce. The US Department of Treasury’s Office of Foreign Assets Control is the brawn behind enforcing sanctions and maintains information about sanctioned persons, countries and related information. Each situation is different, OFAC posts guidelines for concerned citizens and businesses. However, the decentralized nature of cryptocurrencies complicates freezing transactions or disclosure requirements.

Using open source intelligence gathering with internet scanning and reporting tools Shodan.io with a paid account and Censys.io with a free researcher account. The tools enable the discovery of bitcoin mining operations in some sanctioned countries. Both Shodan.io and Censys.io are more effective if using an API connection; all results are returned in machine-readable format for more effective data analysis, building various correlation and detection. Censys.io a tool similar but different to Shodan.io can also be utilized to find Bitcoin and Etherium systems. However, Censys.io doesn’t scan as many ports using the web or API interface, to drill deeper you can run the ZMap project which is behind Censys.io on your own and adjust the ports. ZMap can be downloaded from GitHub.

Discovering bitcoin and similar cryptocurrency mining systems is accomplished by looking for the software which mines the coins and the ports which communicate mining activity. Common ports are 8333, 8433, 8778, 8885 and 9595, common software btcwire, Satoshi. Various mining software versions can also be discovered because the application displays the information in the banner. Some versions of cryptocurrency mining software are vulnerable to exploitation using a variety of tools like XAttacker. Additionally, some discovery tools like Shodan.io also tag the type of internet-connected system with cryptocurrency. To communicate what is being mined, which blocks, the Lastblock is included in the banner of mining systems. This can be utilized to directly trace transactions.

Different versions of Satoshi mining software from Shodan.io
Lastblock displaying from Shodan.io scan

Using Blockchain.com, hosted in Luxembourg, the transactions based on the Lastblock can easily be discovered.

Iranian Bitcoin mining operation information from Blockchain.com
Etherium in the HTTP body listing hte Lastblock fromCensys.io
Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *