Antminer Firmware Update -April 2017 [Bitmain responds to Antbleed]

[BitcoinXio]

We need to clarify the intention of having this feature. We planned to add this feature to the code to empower customers to control their miners which often times can be hosted outside their premises. This was after more than one incident of miners being stolen from a mining farm or being hijacked by the operator of the mining farm

This feature was intended to allow the owners of Antminer to remotely shut down their miners that may have been stolen or hijacked by their hosting service provider, and to also provide law enforcement agencies with more tracking information in such cases. We never intended to use this feature on any Antminer without authorization from its owner. This is similar to the remote erase or shutdown feature provided by most famous smartphone manufacturers.

Read full post here: https://blog.bitmain.com/en/antminer-fi ... pril-2017/

[bitkilo]

Thank you very much for posting, I will comment once I have had time to read the reply.

Edit:
I have had some time to look over the response from Bitmain and this is how i see it. Please note that i do not have any mining experience so my view is that of outsider with no financial interests in any mining operations.

Reading the reply from Bitmain this does sound like it would have been quite a useful "feature" for Antminer customers especially so after the incidents quoted in the response from them.
I do believe the response that this feature was never intended to be malicious but i admit it doesn’t look good that this code was left on the firmware after they were "unable to finish the development of this feature and shut down the testing server in December 2016" as quoted from the response below:

However, this feature was never completed. We started to develop this feature since Antminer S7 and wanted to finish its development on the Antminer S9. We hoped to make it a useful feature that we could advertise to our customers. But, due to some technical problems, we were unable to finish the development of this feature and shut down the testing server in December 2016. It is a bug to leave the code there before the feature is fully complete and acknowledged to the users. This bug has now been pointed out in context of Bitcoin’s scaling roadmap debate and has caused considerable misunderstandings within the Bitcoin community. We apologize for this.

The code may be open-source and therefor available for anyone with experience to find but as they have stated "It is a bug to leave the code there before the feature is fully complete and acknowledged to the users"

This could be seen as a good thing for Bitmain as i think they will now be much more professional in handling matters like this in the future, users should always be made aware of what is running on the equipment they have purchased.

I would recommend that anyone running an effected Antminer to download the firmware upgrades that remove this unfinished feature as instructed by Bitmain, please be sure that any firmware upgrades are downloaded directly from https://blog.bitmain.com/en/antminer-fi ... pril-2017/

[LiteCoinGuy]

the owners of the malicious miners did not even know this "feature". nice try but that is another lie from Bitmain.

[bitkilo]

the owners of the malicious miners did not even know this "feature". nice try but that is another lie from Bitmain.

I think it is a little more tricky than that. The "feature" was left in open-source software which would lead me to believe that it was either a very bad oversight by Bitmain for not removing this unfinished feature before release or it was left in plain sight for plausible deniability later on such as now.

We can all make mistakes and even at a big company level like Bitmain so i am not sure we will ever know if this was intentional or not. Whatever the reason this has not been discovered at a good time for them.

[grabberfish]

the owners of the malicious miners did not even know this "feature". nice try but that is another lie from Bitmain.

I think it is a little more tricky than that. The "feature" was left in open-source software which would lead me to believe that it was either a very bad oversight by Bitmain for not removing this unfinished feature before release or it was left in plain sight for plausible deniability later on such as now.

We can all make mistakes and even at a big company level like Bitmain so i am not sure we will ever know if this was intentional or not. Whatever the reason this has not been discovered at a good time for them.

@bitkilo, Bitmain explained in their blog post yesterday what the feature was to be used for. This was already being speculated by many because of what we could see from the history of the domain, plus knowing how network security is handled that this would have to be a permitted outbound connection. Their mistake was leaving legacy code in when the original project had been canned.

Anyone with even basic knowledge of software, systems and networks could have seen this for what it was: an engineering oversight, but some people thought they would blow this out of proportion and orchestrated a vicious campaign against one of the biggest hardware suppliers to the bitcoin market. The level of deceit and underhand tactics displayed by those involved clearly demonstrates a particular type of conceit and totalitarianism that harms the entire ecosystem. We are trying to build world-changing solutions here, and a sub-section of the community is trying to enact a scorched earth policy because their attempts to usurp bitcoin for their own commercial gains is failing as the masses see through the Core-led hubris and salvoes of vitriolic diatribe.

Responsible disclosure is an accepted route to patching discovered vulnerabilities in the security world. Core, on the other hand, seeks to maximise black hat activities with dissemination of bug discoveries before alerting (let alone working with) the developers of other clients and hardware manufacturers. This most recent disclosure "Antbleed" (what an utterly pathetic propaganda smear campaign that was) was a systematic attack on Bitmain with one objective in mind: to hurt their business with FUD. Fortunately it was handled in a professional manner by Bitmain, explaining in detail what happened and what they had done to correct this.

It's never a good time to be on the receiving end of an attack of any kind, but this one simply demonstrated what lowlifes those involved in the attack truly are. They showed their colours, we know them for what they are.

the owners of the malicious miners did not even know this "feature". nice try but that is another lie from Bitmain.

@LiteCoinGuy, I have no idea if English is your first language, but you seem proficient enough in its use and so I will say this to you: Bitmain are not malicious miners. They have no desire to cause harm to others and you have not a single shred of evidence to demonstrate or back up such a claim. Use some basic business logic. You should apologise to Bitmain and edit your posts to correct your wrongs. But I suspect you will not. This speaks volume about you personally. You are a troll and a liar.

[bitkilo]

the owners of the malicious miners did not even know this "feature". nice try but that is another lie from Bitmain.

I think it is a little more tricky than that. The "feature" was left in open-source software which would lead me to believe that it was either a very bad oversight by Bitmain for not removing this unfinished feature before release or it was left in plain sight for plausible deniability later on such as now.

We can all make mistakes and even at a big company level like Bitmain so i am not sure we will ever know if this was intentional or not. Whatever the reason this has not been discovered at a good time for them.

@bitkilo, Bitmain explained in their blog post yesterday what the feature was to be used for. This was already being speculated by many because of what we could see from the history of the domain, plus knowing how network security is handled that this would have to be a permitted outbound connection. Their mistake was leaving legacy code in when the original project had been canned.

Anyone with even basic knowledge of software, systems and networks could have seen this for what it was: an engineering oversight, but some people thought they would blow this out of proportion and orchestrated a vicious campaign against one of the biggest hardware suppliers to the bitcoin market. The level of deceit and underhand tactics displayed by those involved clearly demonstrates a particular type of conceit and totalitarianism that harms the entire ecosystem. We are trying to build world-changing solutions here, and a sub-section of the community is trying to enact a scorched earth policy because their attempts to usurp bitcoin for their own commercial gains is failing as the masses see through the Core-led hubris and salvoes of vitriolic diatribe.

Responsible disclosure is an accepted route to patching discovered vulnerabilities in the security world. Core, on the other hand, seeks to maximise black hat activities with dissemination of bug discoveries before alerting (let alone working with) the developers of other clients and hardware manufacturers. This most recent disclosure "Antbleed" (what an utterly pathetic propaganda smear campaign that was) was a systematic attack on Bitmain with one objective in mind: to hurt their business with FUD. Fortunately it was handled in a professional manner by Bitmain, explaining in detail what happened and what they had done to correct this.

It's never a good time to be on the receiving end of an attack of any kind, but this one simply demonstrated what lowlifes those involved in the attack truly are. They showed their colours, we know them for what they are.

Yes they did explain what this was going to be used for and i even posted here that this sounded like it would have been a great feature for Antminer users but they also said in the same response that "It is a bug to leave the code there before the feature is fully complete and acknowledged to the users" so there is no denying it malicious intent or not this was a major oversight by them.
I have not thrown any accusations against Bitmain, all i have done is reply to the situation as i see it.

Please clear something up for me since i am not a coder, when you say that this would have to be a permitted outbound connection does that mean that this setting would have to be manually activated by the users themselves and they are shipped in an "off state"?

[grabberfish]

Please clear something up for me since i am not a coder, when you say that this would have to be a permitted outbound connection does that mean that this setting would have to be manually activated by the users themselves and they are shipped in an "off state"?

Sure thing. When securing a network at build time, the correct methods are to close all traffic across all zones. For clarity, zones are logical segments of the environment that are split according to certain factors, such as public facing systems, protected non-public systems, management servers, and so on. In the case of large mining environments we would expect something like a zone for the public facing proxies (Zone A), a zone for mining nodes (Zone B) and a zone for monitoring/management (Zone C). We start by blocking all comms in all directions. then we activate:

• * Permit public traffic from the public Internet into Zone A on TCP/8333

• * Permit Zone B TCP/8333 to Zone A

• * Permit Zone C to Zone B UDP/161 (SNMP)

• * Permit Zone C to Zone A UDP/161(SNMP)

• * Permit Zone C to Zone B TCP/22 (SSH)

• * Permit Zone C to Zone A TCP/22(SSH)

• * Log and drop all other traffic

As a very basic example (omitting connection tracking, established, related...), this would prevent all connection attempts from the mining nodes in Zone B to be able to reach the outside world, but they can talk to the proxy. External nodes can reach the proxies but no more. The internal mining nodes (Zone B) could not even issue a DNS call for auth.minerlink.com as port 53 is not permitted in our example. But the firewall logs would detect such an attempt and flag it for an admin to investigate. The only way this would work as a malicious exploit would be if the firewalls were permitting non-explicit traffic and nobody was watching the logs. In which case, some port-scanning script kiddie would be all over those networks before Core could put up another bunch of lies. But these are Security 101 lessons and any network admin worth his salt would be doing this at day 1. That's why it is so incredulous.

HTH.

[bitkilo]

Ok thank you for explaining that, it is not exactly clear to me but i can see what you are getting at.
So basically you are saying that this type of connection would never be allowed to go through at any large mining operation, being blocked by the miners setting up the connections correctly in the first place and detected by the firewall as sort of a last resort?
What about the average person that is just running one of these miners, do you think they would also have this blocked by their firewalls?

If what you say is true and i won't know until i get a second opinion then why did Bitmain not explain it in this way, why would they rush out a response that left more questions than it answered.

[grabberfish]

Ok thank you for explaining that, it is not exactly clear to me but i can see what you are getting at.

My pleasure. Knowledge is power. Let me know if you'd like further clarification and on which aspects and I'll be happy to try and deliver.

So basically you are saying that this type of connection would never be allowed to go through at any large mining operation, being blocked by the miners setting up the connections correctly in the first place and detected by the firewall as sort of a last resort?

Correct. Any corporate network with kit to protect would (should) be built in this way. There are many other layers we put in there to detect and block nefarious or suspicious traffic. It's a fascinating field watching all the protocol transmissions in progress.

What about the average person that is just running one of these miners, do you think they would also have this blocked by their firewalls?

Typically a domestic user has no idea of packet filtering and security best practices, relying solely upon the CPE (ISP issued modem or similar) to protect them. In fact, 99% of users know more about the dark side of the moon than systems security simply because they are not aware of how easy it can be to break into networks. That being said, if someone is in possession of an ASIC mining rig or FPGA/GPU mining gear, then they will (should) have their own security equipment on their borders. But let s consider the accusations being thrown around: that Bitmain did this to be able to shut down 70% of the network. That is just the dumbest proposition and anyone with half-decent nous on security matters can see through the lies.

If what you say is true and i won't know until i get a second opinion then why did Bitmain not explain it in this way, why would they rush out a response that left more questions than it answered.

Well, they explained what the code was there for. They probably did not go into why it was a non-attack vector because it's a stupid claim, in addition to being beyond the scope of what the code was for.