How can you become a scam victim because of cosmic radiation? Bitsquatting

in #technology7 years ago (edited)

I know that seemingly that title makes no sense, but believe me - before the end of this article it will :D

Picture this situation:
You are an everyday user of electronics like a smartphone and a PC (you don't really notice stuff like SSL certificates or minor changes on the website you visit every day). You decide to go out with your friends and want to check how much money do you have on your bank account to see if you can afford your favorite drinks. You open the browser and start typing your bank's webpage url. Let's say it's yourbankdomain.com. For some reason after entering your login and password you end up on the login page again. No problem - you'll just login again. You checked and you have $521 to spend - that's enough.

The next morning you wake up with a little bit of hangover and check your account balance again. It's exactly $0. How is that possible? Could you have spent all your money last night? That's unlikely.

What could the real reason be? Bitsquatting. Probably some bad person bought a domain called, for example yourbanjdomain.com and created a nearly identical copy of your bank's webpage. With only one difference: instead of sending your credentials to a safe bank's server it saved them in hacker's database. Then he used those to log in to your account and transfer all your money somewhere else.

Yes, I know that currently almost all the banks have something like an SMS confirmation protection - that's just an example.

But no, that's impossible! You are sure you entered a correct url. What could have happened then?
It was likely a random memory error in your device which caused a change of just one bit in the url which changed the letter 'k' to 'j'.

There are 2 things that could cause that (maybe more):

  1. Your device's memory overheating.
  2. Your device being hit by particles from cosmic radiation.

Why exactly can that one bit change a whole letter in domain name?
Modern computers use the ASCII table to convert binary numbers into letters, numbers and other symbols. Bitsquatting attack is based on buying a domain which is only one bit different from the domain we're interested in.

As you can see, in ASCII table letters 'j' and 'k' vary only by one, last bit:

LetterASCII numberBinary
j10601101010
k10701101011

Now, I bet that after reading this article you thought "hah, what are the odds of that kind of error - I'm immune to this!". Well it's not as unlikely as you would think. According to Artem Dinaburg’s study it is possible that about 614,400 of these memory errors happen every hour globally! To me, that's quite a lot.

Stay safe guys!

Cosmic ray
Picture from: http://icecube.wisc.edu/news/view/54

Sort:  

Solution would be to not open a bank account to Your Bank Domain

Hah, that was just an example :D
It can happen to basically every domain - any random letter can be switched to the one being next to it in binary :)

For example you can type in "facebook.com" and end up on "facdbook.com"
d = 0110 0100
e = 0110 0101

There was an IBM studies undertaken in the 90ies where they actually computed the probability for this to happen: 3.7 × 10-9 per byte per month. This is thus very very very unlikely :D (see here for moer information).

Wow, thanks for that info :D
But there is still a possibility of memory overheating (or some other random error) which, I guess is more likely to cause the bitsquatting error.

I would say this is way more likely than the cosmic ray hypothesis for sure ^^

good post )

i followed you, i hope you will follow me