Basic Threat Modeling For Bitcoin Mining At Home

2022-4-1 18:31

In addition to the KYC-free units of censorship-resistant internet money, mining bitcoin at home brings unique security threats.

Home mining is one of the best expressions of individual sovereignty available, but every retail mining operation carries a variety of risks that need to be accounted for and mitigated as much as possible.

Broadening awareness of the benefits of converting electricity into KYC-free units of censorship-resistant internet money in a basement, garage or backyard shed has been a key catalyst for the ongoing surge in at-home mining. But just like storing private keys can involve tedious operations security (OPSEC) measures and careful planning, every serious miner must also consider the risks and vulnerabilities of their home mining operations. Unlike secure storage planning, however, mining faces a significantly wider array of heightened risks.

Understanding these risks and modeling responses to prevent or react to attack scenarios is essential for long-term, at-home mining success.

Home Bitcoin Mining Vulnerabilities

Theft is the most basic and obvious vulnerability to at-home bitcoin miners. For starters, every mining operation regardless of scale involves at least one rather valuable piece of computing equipment — a bitcoin ASIC miner — built with precious metals and specialized microchips that sells for anywhere from a few hundred dollars to over $10,000 at current prices, depending on the model.

Visibility is also a concern. How conspicuous is a mining setup? Just like publicly advertising large amounts of bitcoin-denominated wealth is always ill advised, distinctly noticeable mining setups aren’t always the safest. Noise levels, heat signatures, spiking electricity bills and other signals are easy giveaways (with relatively simple mitigations) to close neighbors or utility companies that someone is probably mining bitcoin. Consider a permanent bare spot on an otherwise snowy roof or an ongoing 80-decibel fan noise as examples, and the point is made.

Custody is also a key consideration since miners are responsible for managing the security of each step in the flow of mining rewards from their pool accounts to cold storage.

The list of potential vulnerabilities goes on, and not every mining operation faces the same types or degrees of risks. But every setup has risks. Beyond just acquiring hardware, transmitting power and building efficient airflows, modeling these risks is an essential part of every miner’s planning.

Threat Model Basics For Home Bitcoin Mining

So, what is a threat model?

The term “threat model” is just a fancy way of expressing what someone is defending and who they’re defending it from. And unlike a financial model, threat models are minimally mathematical and highly intuitive and deductive in assessing what risks exist and how to mitigate them.

Consider the example of cannabis farmers who doubled as bitcoin miners outside of the U.K. city of Birmingham. Police inadvertently discovered their illegal bitcoin mine while raiding their illegal cannabis farm. It’s safe to say that the threats facing this cannabis-bitcoin venture were poorly modeled and mitigated, if at all.

For most technology companies, threat modeling usually involves code review and software changes. For most humans, day-to-day threat modeling is intuitive, which is why most people prefer well-lit walkways to dark alleys. For miners, the same sort of threat assessments affect a variety of software, firmware and hardware products.

Building A Home Bitcoin Mining Threat Model

Threat models can be as complex or simplistic as the creator wants. But a home miner can’t adequately prepare against potential threats if they don’t understand what risks they face.

Setting the scope of a threat model is the first and possibly most important step. Think carefully about what needs protecting (e.g., mining hardware, site access, electrical and cooling infrastructure, internet access, payout deposits and wallet storage) and who it needs protection from (e.g., friends and family, neighbors or unexpected visitors, targeted attacks). Of course, not every miner faces the same potential risks. Someone with two S9s in a suburban neighborhood deals with different risks than a landowner in the Midwest with a dozen S19s on 80 acres. But listing any possible attack scenario is key to setting the scope of the model.

The key to making this list is simply asking, “What could go wrong?” Any answer gets added to the list.

Focusing on pool accounts and payout withdrawals, for example, this aspect of a mining threat model would include pool account security and planning strategies and tools to account for vulnerabilities in password protection, two-factor authentication, payout address reuse, etc.

Likelihood and effort are two additional considerations. Take the “bad scenario” list and use basic probabilistic attack analysis to evaluate how likely each risk in the list is to happen. After ranking these scenarios, decide how much effort and preparation each item deserves. This involves two steps phrased as questions. First, what mitigatory steps are required for a particular risk? Second, based on the perceived likelihood of a given threat, how much effort is a miner willing to give to prevent it? There is no rulebook or answer key for this process. Each of these steps are up to the discretion of the miner.

“Let’s build a threat model” isn’t usually the first thought a home miner has when planning their operation, but this extra OPSEC work can avoid serious problems in the future. And threat modeling really isn’t that complex. But, like any other aspect of OPSEC, threat analysis is best thought of as an ongoing process that can always be adapted and refined, not a finished task.

Additional Resources

Nothing in this article is meant to be an exhaustive explanation of how to safeguard a home mining setup. Instead, the goal of this article is to provide a simple breakdown of what threat models are, how miners can use them and encourage home miners to begin building one of their own.

Continue reading about threat modeling and how to develop one for a mining operation with these resources:

The Electronic Frontier Foundation published a surveillance self-defense guide with an important chapter on developing a security plan. Over a dozen security professionals published a “Threat Modeling Manifesto.”Carnegie Mellon’s Software Engineering Institute published a lengthy article on available methods for successful threat modeling.One of the principal security solutions architects at Amazon Web Services also published a long article about how to approach threat modeling.Conclusion

Small miners, especially at-home operators, are mostly left to fend for themselves regarding the security and threats facing their setups. Large institutional miners always have best operational security practices and threat models in place to safeguard their mining facilities. But there is no playbook or standardized manual for at-home mining security.

Even for miners who have been hashing for years, it’s never too early or too late to create a threat model for an at-home operation of any scale. Thinking carefully about all aspects of home mining and planning to safeguard them with a custom-made threat model is key to ensuring a miner’s long-term survival.

This is a guest post by Zack Voell. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Speed Mining Service (SMS) на Currencies.ru

$ 1.9622 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $1.9622 - H: $1.9622
Капитализация $205.406k Rank 99999
Доступно / Всего 104.68k SMS

mining home bitcoin internet censorship-resistant money brings

mining home → Результатов: 103


Фото:

Home Crypto Mining Spikes in Brazil Amid Record High Unemployment

With rising unemployment rates and rampant economic uncertainty, in the wake of the Covid crisis, a growing number of Brazilians are finding an alternative income source in cryptocurrency mining. GPU rigs have been spotted even in favelas as a relatively small investment can return more than the average salary in Brazil. Pandemic and Uncertainty Turn […]

2021-6-1 15:30


Фото:

Chinese Listed Companies and Bitcoin Mining: Partner or Predator?

This article was originally published by 8btc and written by Lylian Teng. Some Chinese listed companies have jumped on the bandwagon of bitcoin mining following the bitcoin bull run throughout 2017, either under the guise of cloud computing or providing mining hosting services, in an effort to bypass regulations considering the country’s tough stance on bitcoin.

2019-5-29 18:53


Crypnode Technologies Limited: Home Masternode Crypto Opportunity?

Crypnode is an innovative company that provides its customers with the opportunity to benefit from the masternode model without the complexities that are involved with masternodes. Compared to the traditional cryptocurrency mining, masternodes have numerous benefits such as reduced electricity costs, higher returns, and infinite growth possibilities.

2019-3-2 22:47


Фото:

Mongolia Will See At Least 1000 New Bitcoin Miners In 2019

Participants in Mongolia’s Bitcoin mining industry plan to significantly expand the scope of their operations, local media report January 11. Japan’s Ginco Doubles Down On Mongolia The East Asian country, known for its cheap electricity and being home to the world’s northernmost desert, will see one of its miners almost treble in size this year alone, despite the ongoing Bitcoin bear market.

2019-1-12 05:00


Redstone, Telecor’s Data and Mining Facility Set to Launch in 2019

Telecor has announced the construction of a brand new data and mining center in Russia called Redstone, and it would begin operations in early 2019. The firm says its data center which is being constructed at the Krasnokamensk in almost completed and would serve as the new home for cryptocurrency miners from various regions starting […] The post Redstone, Telecor’s Data and Mining Facility Set to Launch in 2019 appeared first on ZyCrypto.

2018-12-14 12:21