During a Casa Keyfest conference session held on January 6, Casa Head of Security Ron Stoner gave a rundown on “operations security” (OPSEC), a term coined by the U.S. military during the Vietnam war.
According to Wikipedia, OPSEC is “a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.”
OPSEC is also common parlance in the Bitcoin world: The devices that are used for accessing your bitcoin funds are all attack surfaces that require operations security. Stoner discussed OPSEC from a Bitcoin perspective and how to protect yourself from these potential attach surfaces.
But while watching Stoner’s session, my mind didn’t focus on military operations or Bitcoin attack surfaces. I started thinking about Hollywood. Specifically, about the now 25 James Bond movies and all the gadgets and methods that Bond uses to defeat bad actors. And also all of the ways James Bond lets his guard down and gets defeated himself.
So, let’s consider how James Bond or Spectre (the fictional global terrorist organization that Bond battles) might get overconfident or lazy about OPSEC for Bitcoin, or simply prioritize low complexity over more security for their bitcoin funds.
Setting The Scene: MI6 And How It Got On Zero
Let’s imagine that British secret intelligence services and Bond employer MI6 only uses bitcoin and is self-sovereign now. The government was too entwined with corrupt money, therefore, MI6 took a monetary settlement and divested from the government. MI6 invested in bitcoin as a store of value that would appreciate and fund its missions, as well as meet its needs for security, privacy and mobility. MI6 now uses bitcoin exclusively.
This change in funding has forced Bond to start to budget. Bond had been spending extravagantly and operating in a high time preference way. His boss, M, has put him on a strict allowance for his personal 007 hot wallet. No excuses.
[SOMEWHERE IN THE MOUNTAINS OF MONTENEGRO]
Bond is driving his Aston Martin at a sprightly clip. His dashboard comes to life and a voice begins to speak.
Car: [Incoming message from M]
“Bond, M here. Listen, I'm on holiday and just had a run-in with some bandits in Barcelona. They've stolen the hired car and now the blasted agency is insisting I make good. Moneypenny is out and I need someone to wire me 100 million sats from the MI6 wallet. Could you be a good chap and send funds from your operations account to this rental company? QR code attached.”
Car: [End message. Would you like to respond?]
Bond considers a moment. The organization sounds familiar to him, but he can't recall where from. No matter. He was due at a meeting with a lovely informant in Podgorica in one hour, and he didn't have time for whys and wherefores.
Bond: “Yes. Message him back that I'll see to it.”
Car: [Message sent.]
Bond: “Siri, I need to transfer funds to the QR code in the last message.”
Car: [Accessing last message. There seems to be a link embedded in the message. Permission to access?]
Bond, impatiently: “Yes, yes. Go ahead.”
Car: [Incoming file. Installing software update.]
Bond: “What, now? Can't it wait until I'm finished?”
Car: [Software updated. Source of funds?]
Bond: “I need to access my Bitcoin operational wallet.” [Editor’s note: No product placement here].
Car: [Biometric authentication required. Please place your hand on the console to authorize.]
Bond does so. The screen turns green.
Car: [Authorization accepted. Money sent. Your operational account balance is now zero. Your participation is no longer required for this transaction.]
The Aston Martin's roof retracts.
Car: [Good-bye, Mr. Bond.]
The malware now in charge of the vehicle triggers the ejection seat, Bond grabs his iPhone and is blasted skyward, phone desperately held in one hand, reaching for his pocket parachute with his other hand.
Bond has no car, no MI6 funds and very little personal hot wallet funds.
Single Signing Or Multisignature Wallets
Numerous providers offer multi-signature wallets with two-of-three multisig and three-of-five multisig setups.
However, Bond and other agents need to drop into a single location, get funds from cold storage and move on. Based on those needs:
- MI6 does not set up multisig and instead has many single-sig hardware wallets
- MI6 keeps hardware wallets and backup seeds secure in geographically-seperate locations
- MI6 also has funds split across all of these single signature cold storage hardware wallets
MI6 knows this isn’t the best security, but for mobility and convenience needs, they believe it works for them.
Spectre wants to cut off MI6’s and Bond’s funds. Spectre agents simultaneously infiltrate several of the storage locations near Bond that contain backup seeds and hardware wallets.
Bond’s multi-location Ring security alerts him and Q that two of the hardware wallets and one seed backup for a third wallet have been stolen from the three locations near him. The wallets have a tiny Apple airtag-like device embedded in each wallet’s Faraday bag. This device is able to transmit outside the Faraday bag due to Q’s technological handiwork. This enables Bond and Q to track the agents to their lair.
With multisig, these villains would have had a much harder time accessing any of the MI6 bitcoin funds, as they would need to have the appropriate two or three devices or seeds in order to transfer the funds from a two-of-three or three-of-five multisig setup.
OPSEC Tip One: Use Faraday bags to protect your devices from remote hacking, wiping/damage and surveillance.
OPSEC Tip Two: Stoner advises storing hardware wallets in an access-controlled location. For example, a locked drawer (where only you have the key) or a safe or building with armed guard and required ID access. In addition, use a tamper-proof bag so that when one does their quarterly or bi-yearly hardware and key checks, they can make sure that no one has accessed the devices.
James Bond And 007 PINs
The villains start by trying to access the stolen hardware wallets.
After decades in the busines, Bond’s ability to evade his own murder and the continuing movie success has made him top guy at MI6 and a bit overconfident and attached to his numerical identity. Bond insisted that the PIN on all the MI6 wallets be 007007. The villains easily enter this pin, thereby accessing the hardware wallets.
OPSEC Tip Three: Casa recommends using one PIN for all wallets, as this makes it easier for the average user to retrieve their funds. However, with separate PINs, one wallet’s compromise would not be the same as another hardware wallet’s compromise. This is a complexity versus more security tradeoff scenario. In addition, if one hardware wallet’s PIN is compromised, you would need to update all of the hardware wallets.
Firmware And OS Updates
The villains are now connected to the hardware wallet via their laptop. However, Q has accessed the hardware wallets’ website and temporarily implants a clever payload in a firmware update.
The villains are asked to update the firmware and they do so.
The firmware infiltrates the hardware wallet, but the villains don’t realize this and so proceed to update the next hardware wallet as well. They are distracted — excited to see the amount of bitcoin they have just procured. They are literally counting their bitcoin before it is stolen back.
Q will later use his malware to move the funds to another hardware wallet. In addition, Bond could retrieve the backup seed and, once he retrieves it, he could still restore the wallet and get the Bitcoin.
OPSEC Tip Four: When you see a firmware update, do some manual checking. Type in the URL, confirm there actually is an update and what it contains. Stoner recommends immediately applying updates for critical security fixes. For other updates, check the release date and perhaps wait a few days to “let it bake” while the new production firmware is being tested by the community. You may also want to update firmware to take advantage of new protocol updates, such as Taproot enhancements. When it’s available, do use any software tools available to check the digital signature or MD5 checksum on the firmware update file.
OPSEC Tip Five: During a firmware update, be sure you have the cable plugged in firmly and do not disconnect during the update. Always use the cable that came with the device as there can be manufacturer differences.
OPSEC Tip Six: For your mobile device, laptop or desktop, always keep up to date with all patches. However, it may be best to wait a couple days or a week to make sure the updates do not have any issues.
OPSEC Tip Seven: Anything you connect to is an attack surface — protect it accordingly. Stoner does not recommend air-gapped devices for the average user. (That said, some consider hardware wallets to be air-gapped). Bond is a high-risk asset who does use air-gapped devices to perform offline signing, then later broadcast the transaction on a network-connected machine. However, Bond’s impatience and “plans” caused him to be lax.
The villains now turn to the backup seed phrase to recover it to a new hardware wallet.
These Spectre villains are cocky and suffer from the massive overconfidence bias that these evil guys tend to have in the movies. (Note: evil people are not like this in real life. They are damn smart).
An evil guy reads the seed words to someone using the keys to restore to a new hardware wallet. In the meantime, Bond has hacked into their Alexa assistant and can hear them read off the seed words.
Bond gets the seed words and is then able to restore to a spare new hardware wallet and transfer his funds elsewhere before the villains have finished fumbling around. To the villains, it just looks like there are zero sats left on the device.
OPSEC Tip Eight: Before using any devices, Stoner talked about scanning your physical perimeter for people or for other devices that might be listening or watching or recording. Historically, we were isolated in our homes and only visible to other people or technology when outside of our homes. That’s changed — we all have devices with cameras and microphones in our homes or in watches on our wrist. Stoner does not recommend bug detectors, as they are difficult to use and can generate a lot of false positives. Remove any additional devices (that might be listening or watching) from the room.
OPSEC Tip Nine: Prior to usage, inspect devices for any signs of tampering.
While the villains are wondering what went wrong, Bond breaks into their car and plugs an OMG cable into their car’s iPhone charger. This cable injects malware into the iPhone.
Bond purchases a bunch of bitcoin with their iPhone app, and transfers it to his personal hot wallet. He has now replenished his hot wallet so he can celebrate in his customary manner.
OPSEC Tip Ten: As far as cables, Stoner recommends being careful where you buy them and not to use random cables or USB devices. Your best bet is to use the cable that came with the device when you bought it.
The villains persist, as they usually do. There is a huge, huge potential payoff. Bitcoin has just skyrocketed to $500,000. This time, Spectre sends a woman to do the job.
Bond asks for her contact details and she texts him the info along with an Instagram link to some pictures of her. Bond clicks on the link on his phone, and his phone unknowingly connects to a nefarious site and downloads malware. Bond then wants to see the pictures on his laptop screen, and again, Bond has now carelessly infected both his devices.
Didn’t Q tell Bond to never click links?!
OPSEC Tip Eleven: Stoner has the same mantra that I do: Do not click links. Type URLs into the browser yourself. Or, you can find the links via a search engine. If you must click a link, browser private modes, virtual machines and other security tools can help provide better security.
Checking Your Backups And Plan
With any digital assets you have, you should periodically check your backups to make sure the backups still exist and you can restore from them. This is also true for your hardware wallets and any seeds you keep.
Not all of us have alerts on our cold storage locations, to know whether they’ve been compromised. Think through a plan of action before something is compromised.
It’s important to be hypervigilant for threats and to the task at hand when dealing with your money. You should be paranoid. You should be careful. And, if it’s not obvious, you should never ever use public Wifi for any operations you care about.
Just as Bond plays cat and mouse with villians, so do black hat hackers and white hat security researchers. Hackers are constantly exploiting while security engineers are constantly issuing patches.
People love playing video games for the excitement and challenge. And yet, when you need to implement device security — physical security and patch updates, hardware wallets and firmware updates, and hardware key checks, these actions become tedious and rote. Or forgotten.
The world is no longer about locking yourself somewhere safely or feeling secure as you move about in any area. Technology can get at you wherever you are — at home, anywhere you go, and via whatever you are watching or using for convenience.
Convenience is the enemy of security. Ease and comfort are the enemy of security. Don’t make your security convenient or easy for bad actors to infiltrate. If you do, at some point, carelessness or villains will get you, and that will be your loss… of precious bitcoin funds.
This is a guest post by Heidi Porter. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.