Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Get half a life.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


               

Please log in.
Before you can vote, you need to register. Please log in or create an account.

Honeypurse

Bitcoin Based Canary / Burgler Alarm / Bug Bounty
  (+6)
(+6)
  [vote for,
against]

As I use my various electronic devices I often wonder: Has this been hacked? I know I could run rootkit and virus detection software, but that takes too long and it doesn't really answer the question at hand. What if I don't have a virus but I've been hacked anyway? I end up relying on my gut feeling.

Instead of guessing, there is a sure way to find out.

1) Leave a plain text document lying in a fortified area of your device containing private key to a bitcoin wallet.

2) On another computer monitor bitcoin blockchain to detect transactions on that wallet's address. This monitoring is automated every 30 seconds.

3) If a transaction is detected it means someone successfully hacked into your device and stole your bitcoin wallet. You get alerted by either an email, text message, robo-call, or a big red flashing light with a lound alarm.

Of course the wallet should contain sufficient bitcoins to be tempting. For example, if someone was hacking you to send spam, they will probably go for the $5 wallet. On the other hand if their intention was to steal your identity to commit fraud, they might need to see $100 wallet for them to risk immediate detection. A top secret government server may want to consider a $1,000,000 wallet in order to persuade foreign spies that they are better off grabbing the wallet and running than to keep rummaging through some secrets.

You might think: what's stopping the criminal stealing the wallet now, get what they want, and cash in the wallet 3 months later when they are long gone? To combat this, a wallet has to be updated periodically with a fresh one. The more frequently the better. The old one is emptied and the new one is filled. That will give the criminal urgency to cash it right away. Also, the wallet is not just sitting on the device unprotected, all sorts of processes are checking suspicious activity. The criminal has to take that into consideration too. If they even get close to the wallet (let's say they read contents of a specific booby trapped file) an alarm is triggered. They better hurry and cash it before the owner empties the wallet first.

ixnaum, Mar 03 2016

Canary Tokens http://canarytokens.org/generate
[ixnaum, Aug 15 2016]

thinkst.com http://thinkst.com
[not_morrison_rm, Aug 15 2016]

[link]






       I humbly suggest you call this a honeypurse.
Loris, Mar 04 2016
  

       Yes, Honeypurse. Thank you Loris. [+] to you.
ixnaum, Mar 04 2016
  

       Also I came up with a mechanism of ensuring the hacker hurries up emptying the purse. Instead of using bitcoin, the purse should be implemented using Ethereum. That way a contract can be written up that incentivizes the hacker to empty the purse soon and perhaps even to stay on the system while he does so.
ixnaum, Mar 04 2016
  

       ... turns out someone already baked this with Canary Tokens [link]
ixnaum, Aug 15 2016
  

       I get the feeling thinkst.com (canary tokens) is just taking the piss...linky
not_morrison_rm, Aug 15 2016
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle