I love the idea of sprinkling bitcoin private keys in text files around your infrastructure, so any hacker that gets access can take the funds, but you'll be alerted to it and can quarantine the box and investigate the intrusion. Maybe include "Email us with a write up of how you got in and a bitcoin address, and we'll send more bitcoin based on how helpful it was"
Rotate the keys periodically and sweep all unstolen bitcoin into a bonus fund split between everyone who had access to the machines which held the private keys. Give devops real skin in the game for keeping boxes secure.
Could also develop a convention for deriving private keys from security secrets - make it so if someone gets your AWS root key, they can test the credentials to see if the company has offered a enough funds that they are willing to announce (and thus burn) their access by transferring those funds away. I wonder if you could 'license' these coins in a way that it would be legal (or at least more-legal) to take them without prior consent: if there was a legal means to monetize 'misplaced' credentials many hackers might choose that over the legally riskier and less-moral traditional alternatives.
Credential rotation would certainly be more fun if it meant I was going to get a bonus!
This might work for your personal system, but in the corporate environment, what's to keep someone with legitimate system access from emptying the wallets periodically and blaming an advanced persistent threat? It would be better to do the same system with standard bank transactions, and just provide a promise to not prosecute people who make contact after pwning your company.
Well, presumably the rest of the team would push for increased monitoring and access control until coworker was no longer confident they could steal the bonus without getting caught, at which point your systems have been hardened and risk from outside attackers is also probably reduced. But, I'm definitely getting into 'hand wavy' territory here.
Since the wallets are canaries the rooted hosts will have to be rebuilt.
Also make the dollar amounts relatively low so an insider is unlikely to risk their position. $1000 is a lot to someone who doesn’t care but is foolish for someone who passed a security check to get access.
I think you substantially underestimate how much these ransomware companies make once they've gained access.
If they've gained access, they'll just do their normal thing and then right as s they're doing it empty out the wallets. $1000 is not going to deter them from a multi million payday
I am doing exactly that on a personal level. I have an unencrypted BTC wallet and one that is encrypted, the unencrypted one contains not that much and will tell me if my device has been compromised.
What I’m more worried about is when the sat is too valuable. We can millisat it with LN, but it’s still not enough. I used to think eth was absurd with 18 but we kinda wish for more than 2.1 quadrillion of the beasties.
There are world currencies used by 100M+ that are worth less than a sat today (IDR). In short while it’s more like 1B+ as BTC grows rarer.
Rotate the keys periodically and sweep all unstolen bitcoin into a bonus fund split between everyone who had access to the machines which held the private keys. Give devops real skin in the game for keeping boxes secure.
Could also develop a convention for deriving private keys from security secrets - make it so if someone gets your AWS root key, they can test the credentials to see if the company has offered a enough funds that they are willing to announce (and thus burn) their access by transferring those funds away. I wonder if you could 'license' these coins in a way that it would be legal (or at least more-legal) to take them without prior consent: if there was a legal means to monetize 'misplaced' credentials many hackers might choose that over the legally riskier and less-moral traditional alternatives.
Credential rotation would certainly be more fun if it meant I was going to get a bonus!