As someone with a background in computer systems, networks, and computer security, I am not at all surprised by the recent attacks on the platform.

There are those who curl into the fetal position and cry about bad people wanting to destroy the community are missing the bigger picture.

It reminds me of how at some point in the evolution of the internet, even a simple port scan became an activity of unclear legality.

The people who come up with this sort of nonsense legislation don't understand much about the technology, of course.

How do you think we IT security guys became good at what we do? Maybe it took breaking into some systems.

Today, that would be a crime. Cybercrime! So cyber, very digital, wow.

Anyway - see the recent attacks for what they are - necessary growing pains, which are improving the security of the platform.

Some perspective

I always considered myself an ethical kind of attacker. I broke in not to steal, but to see what was possible, to outdo the security someone else set up. So that I could learn to set my own stuff to a higher standard.

Not to tell myself how much better than them I was, but to understand, really understand what was happening.. and how it was possible to tear it down, so that it could be rebuilt stronger.

Also.. hmm. It was fun sometimes!

Not everyone is like this, however. Some attack and penetrate to benefit themselves and to steal from others, with little care about the ensuing chaos that usually follows (rings a bell?).

And you can be sure this kind of person will be attracted to places like steemit.

It's unavoidable!

Keep calm and .. keep calm

If the attacks were done right, there will be little to no trace left.

This should not mean that the platform "evolves" into banning anonymity tools like Tor and VPNs. Such a measure will hurt the users who need such tools the most - political activists who may 'disappear' for voicing their opinions, groups of people who are uncomfortable with speaking out if it can be traced back to them.

And more importantly - do you really think that will stop a dedicated attacker?

It's this simple

If he wants to get in, he rents a server, proxies to the server, and attacks steemit.com from the server. Then he shuts it down after collecting the money.

It was all paid for using stolen credit cards with a fake name. He'll never be found, if he played the game right.

Or he'll hack someone else's computer, again using proxies (which obfuscate where the attacker is located physically), and then use this innocent person's computer to launch the attack.. guess who gets the SWAT team at home!

Or drive to another city, find a quiet cafe without cameras, change his mac address and begin the hostilities.

I could go on. There are literally hundreds of ways!

You get the point.

Back to basics

If you have not read it yet, pause everything you are doing (except breathing) and go read this.

After that, glue the following to the wall behind your screen:

I WILL NOT USE MY OWNER OR ACTIVE KEY IN DAY TO DAY USE.

I WILL NOT USE MY OWNER OR ACTIVE KEY IN DAY TO DAY USE.

I WILL NOT USE MY OWNER OR ACTIVE KEY IN DAY TO DAY USE.

I WILL NOT USE MY OWNER OR ACTIVE KEY IN DAY TO DAY USE.

I WILL NOT USE MY OWNER OR ACTIVE KEY IN DAY TO DAY USE.

I WILL NOT USE MY OWNER OR ACTIVE KEY IN DAY TO DAY USE.

Great! That's it, you think! Back to writing and drinking coffee 10 hours a day!

Not so fast!

If you have been following the reasoning, then you will have asked yourself by now.. "but when I DO use the owner/active key, how do I KNOW it was not captured?"

Well, you don't.

That's the problem. The model is F-U-N-D-A-M-E-N-T-A-L-L-Y broken.

For as long as you EVER have to type in your owner/active key on steemit.com, you will NEVER be sure that your machine has not just shipped your password somewhere else.

Understand this

The wallet code which underpins the whole security of your account is sent to you by the server(s) belonging to steemit.

If the server has been compromised, an attacker can modify the code said server is sending to your browser.

Guess what happens next?

This is but one way, there are a few others.

For other stuff like email, facebook, etc, depending exactly on what it is you use it for, the problem may be tough but it is usually solvable.

On the blockchain (remember, the underlying technology that makes steemit very different from other social media platforms), not so much.

Things tend to be permanent, unless they are rolled back with consensus.
But every time that happens, trust in the platform decreases.

Right now, paradoxically, you see the opposite, as users who were separated from their funds through no fault of their own are reimbursed by steemit. I believe it was the right thing to do - at this point in the game.

Understand that it was only by subverting the core rules of the game that the people who were hacked were able to get their funds back. This should not be a common occurrence.

Steemit is in beta. Bugs are expected.

They do not want people to leave because they lost to the tune of $10000+.

Fair enough - understandable, and I can even agree with it.

But it cannot be the way forward over the longer term.

A proposed solution

Introduction

It's all good being your own bank, having your funds secured by/on the blockchain.

But also understand this: It is the weakest link in the chain that will get attacked.

In this context, that would be .. your machine!.

If you are not a security-conscious technical person, this should make you worry - just a little bit.

I do not want to go in depth about other ways to defend yourself in this post, but do let me know in the comments if this is something the wider community is interested in learning more about..

Standalone management app

I wrote a small post as a reply to address this initially, but then realized it would not reach enough people that way, hence the longer post before your eyes.

To sum it up: I believe the way forward to be an out-of-band account management app for the steemit blockchain.

WHAT?!

OK, OK. Simpler: just another program you install on your computer, and which you use solely for steemit-related account-management operations (send funds, change keys, and so on).

This should be a security-conscious program, encrypting its local storage, clearing keys from memory as soon as they are not needed anymore .. but let's not get too deep into that here.

The key point is that the program code is not served from the outside to you whenever you access it (like the built-in steemit.com wallet).

You download once, verify the program authenticity, and that's that.

But how about 2FA ? Will that not save me?

In my opinion, it will decrease the chances of a compromise, sure, but the fundamental flaw is still there: it just takes triggering it from two different devices now.

I fear it might lull users into a false sense of security.

Imagine: steemit.com servers were compromised, and an attacker modifies the javascript being sent to your browser - you are being served a backdoored wallet now.

As it happens, the stuff you posted yesterday just netted you $10k, and aren't you excited!

So there you go, attempt to withdraw .. and yes, of course, now you need the second device as well.

So you login on the second device, there goes your second key as well..

And not much changed.

It gets worse

In my (possibly incorrect) understanding, the style of 2FA being deployed on steemit is 2-of-2.

That simply means that you need two sets of keys (from different accounts under your control) in order to sign a transfer.

What do you think will happen when the next XSS/javascript attack hits the platform (and it will), and your signing key happens to be stolen?

Correct. You can no longer move any funds, because an attacker now controls one of your keys.

Conclusion

For as long as you need to type an owner or active key on steemit.com, you can never really be sure that your password has not just been shipped away to an external server - this is the nature of javascript, the dark side of what makes it so powerful for programming the web.

Stuff happens in the background, and you have no idea!

.. unless you want to have the browser inspector and wireshark running 24/7.

Did you get that? No? Exactly my point.

---

I believe 2FA will not be enough to secure accounts, although it is a useful tool in the arsenal.

But it cannot bypass the fundamental issue that is typing owner/active keys in the browser.

To bring steemit security to the next level, then, I propose the creation of the standalone management program.

In this case, it seems to me that the extra overhead is necessary.

You want to be your own bank, you have to take some precautions!.