AndyH wrote:I have 100% total control over the machine, just as I have full control over the machine I have hosted in Missouri. I VPN to the box, log in, and I have complete control. I can reboot it, change pools, or shut it down. VPNs also get past the 'great firewall', which is more of a problem for distributed systems than any president or chairman.
I feel just as I did when my kid's computer got owned by some botnet from Romania over a decade ago. How did I know? I sniff packets on my local network to keep an eye out for stuff like this. Still do. Lots of packets out there that should have the evil bit set. But the kid didn't understand, or want to understand.
Naivety, especially when you know up front that the naive are going to put up an argument, isn't pleasant.
So how do we start? VPNs have, do and will in the future only get past the Great Firewall if and only if the Great Firewall allows them to get past. And even then, that doesn't mean they stay private. Know what a "man in the middle" attack is? Paid any attention to the bogus security certificate problem in China? And then the fun really starts. There are so many ways to control a computer you have physical access to... And the "owner" likely would not have a clue that you have done so. Still, you might actually have ownership today. Maybe. If so, only because the government spending the money for Golden Shield, of which the Great Firewall is just a small part, isn't interested in little you today.
100% total control?
The machine in Missouri isn't behind the Great Firewall, and security certificates are actually likely to be honest, rather than bogus, so a man in the middle is a much smaller worry. Secondly, you would have a path to legal action if any of this happened. So your odds in Missouri are better. Not 100% absolute, but fairly good.
In China, you don't have a path for legal action. If it happens in China, it is likely the government. You have zero leverage against the Chinese State.
Maybe some sources of security certificates in China are bad. Are you really trying to suggest that because some are that all are, and/or that any of the folks installing the VPNs are actually using bad Chinese certificates? Do you know how VPNs and TOR are actually encrypted? You might want to check that out.
Maybe you can tell me then, how someone could benefit from somehow hijacking mining machines controlled by Raspberry Pi micros running firewall software. A botnet - really?
Let's see...there are bloody bazillions of PCs scattered all over the world using the same operating system with the same vulnerabilities on one hand, and there orders of magnitude fewer machines scattered around all using different tiny microcontrollers with different software and different vulnerabilities on the other hand. One of these is a worthwhile target, one is not.
Hell, the easiest way for the Chinese government to access the machines is to leave their script kiddies at home and just walk into the warehouses and shut the machines off. The network will be just fine. The firewall could split the network into a 'china' and'rest of the world' section, but there are ways around that as well - and there are plenty of smart people watching for such an event, and the community ready to respond should that happen.
Your view of the firewall is not accurate, or accurate but useless, depending on one's goal. The entire point of VPNs and network structures like TOR is to get past such constructs. The only way any firewall can keep all traffic out is to lock down everything - and that seriously challenges the usefulness of a network, hmm? So yes, someone "could" pull the big internet disconnect switch in the sky, but they're unlikely to ever do so - and if things in the world get that bad we'll have plenty of more important things to worry about.
Yes, I can see you shaking your head already. Look at the Arab Spring protests and look at what happened when a country (say, Egypt, for example) actually DID disconnect an entire country from the internet. Not only did it not stop crypto transactions or Twitter, it expanded them - because the more the government tried to control information, the more vehemently the citizenry moved to get reliable information via dial-up, satellite, and cell phone connections that still existed. Anonymous sent connection into and phone numbers via FAX and cellphone. Check HAMRadioCoin - crypto via radio. Can't stop the signal, Mal.
As an aside, my final tour in the AF was spent running a lab that did penetration testing and cyber-defense on regular networks and SCADA systems. During the tour prior to that I was the the unit's sysadmin/netadmin for the multiple networks. I'm also on the code development team for a coin based on BTC. I'm not only well aware of what a man in the middle attack is, I've both performed them and have protected DoD networks from them. Removing traces of a botnet from my son's PC and sniffing packets? Yawn. I maintain about 2 dozen machines of various types running Windows and Linux, both local and remote servers. The LAST computers within my span of control I'm concerned about are any of my miners.