roll your own cryptocurrency firewall

Protecting your valuable crypto assets by receiving early bird warnings before it’s too late.

This article was published first via https://www.21cryptos.com/. It is the first in a series of at least five articles that address different risks that crypto traders and HODLERs are typically exposed to in different forms. If you like this article, give 21Cryptos a try.

Most security articles focus on what you absolutely SHOULDN’T do and are often accompanied with complex procedures to implement and keep up.

“safe” by Paul Keller is licensed under CC BY 2.0

Being a security guy for more than a decade, I want to break up with the mindset that good security must be complex. After reading them, you will hopefully be inspired and motivated to implement some measures to raise the bar for your overall personal security. Don’t be afraid, I will be your friendly guide throughout this journey.

About Canaries

In software development a Canary is referred to as an early test version of software, alluding to the method used in coal mines to detect the presence of carbon monoxide. The birds rapid breathing made it an ideal early warning system to warn the miners if they were in danger of being intoxicated.

Don’t be afraid, no single Canary is going to be harmed with this measure to enhance your security! Computer Security guys are utilizing that concept in different forms. Canary-Tokens are one of them and I will show you how to use them to your advantage. No expensive hardware or complex scripts involved.

“Yellow bird” by Klaus Post is licensed under CC BY 2.0

Why an early warning system?

If you are a little like me, you assume perfect security is not possible and at some point, a compromise in inevitable. New and severe vulnerabilities in Firewalls and Operating Systems are discovered all the time, so it’s a matter of being prepared for the WHEN and not IF you are hacked. It’s bad if your last line of defense is falling, it’s worse if you don’t realize it only after all your crypto has been transferred out.

Canary-Tokens are a free, quick & painless way to help you discover that you have been breached — by having attackers announce themselves.

Deploy your first virtual Canary

As usual, there are multiple ways to do it. Some are more complex and involve rolling your own Linux or Windows system. For this article, we focus on things you can do now and without spending an evening on the installation. All you need is a web browser and about 10 minutes of time.

For our first test, let’s assume you have a backup folder on some of your PCs where you store encrypted backup copies for crypto wallets. This is a good place for a Canary where you definitely want to get notified when someone accessed these files. In case you don’t have backups of your wallets, drop that article and do that NOW!

First things first, head over to https://canarytokens.org/ now. The side looks like a simply web-form with some basic instructions how to use it. A Dropdown Menu allows you to select from various pre-defined Canary formats.

choose from different types of canary tokens

Please select the option “Microsoft Word Document”. Additionally, insert an E-Mail address to get notified and a helpful message to remind you what Canary is responsible when it has been triggered.

For my example I use the text “Tezos Keyfile Canary compromised!” Verify your mail address and message a last time and press the “Create my Canary Token” Button to generate it. Now click the “Download your MS Word file” to download it.

the type of alert you will see

Since we are testing right now, head over to the location of your downloaded Canary document and open it. You will see an empty and boring document, nothing more and nothing less.

But wait, let’s head over to our configured mail account and see if our Canary Token triggered properly! You should see an e-mail popping up within one minute after opening the document.

The message you will find in your inbox should roughly look like this. This would already be pretty great, but there’s even more information logged and accessible when you click the “More info on this token here” link.

our canary trigger shown on a map

You just established the baseline for a very efficient early warning system and spent only about 10 minutes to do it.

Distribute Canary-Tokens over sensitive places

Of course, generating a Canary-Token is only the first step. So, what’s next? You should distribute those tokens all over the sensitive places in your network.

“Sleepy hacker” by Thomas Bonte is licensed under CC BY 2.0

A couple of ideas to get you started:

• Drop the file on a Windows network share (PDF, Word, Folder
• Canary)Attach a Canary to an email with a tempting Subject line (PDF, Word Canary)
• Unzip the file on a juicily named Windows network share (PDF, Word, Folder Canary)
• Left in a secure location with your paper wallet backups (QR Code Canary)
• Underneath your phone battery when crossing international borders (QR Code Canary)

These are only some possible options. I am sure you can find a lot more that fit your environment perfectly. The only limit is your imagination and the result will be some sad hackers that go to sleep instead of training your crypto wallets!

I hope you had at as much fun reading this article as I had writing it. Stay tuned for the next part in this series.

Cheers, Marsmensch.

BTC donations welcome and never forget:

Have fun, this is crypto after all!

BTC  33ENWZ9RCYBG7nv6ac8KxBUSuQX64Hx3x3