After a huge DDoS attack German bank DKB is now tunneling all its traffic through US-based company Cloudflare – unencrypted! Meanwhile the distributed structure of Bitcoin makes it immune to DDoS attacks and keeps its user’s privacy.

22 comments

  1. EqualDraft0

    |Author

    I don’t see any evidence that Cloudflare is terminating the SSL. When setting up with Cloudflare you can choose if you want them to do the SSL or you want to do it yourself. However, if you do the SSL you don’t get a lot of the caching and packet inspection based features that Cloudflare offers. But you still can get DDOS protection.

  2. 9DD90

    |Author

    Cloudflare, and most CDNs out there, work as reverse proxies. Reddit, for example, is hosted at Amazon AWS, but we always connect to Fastly (CDN) servers when we access it.

    Yes, this can be seen as a “man in the middle”, but the bank hired Cloudflare to handle the traffic and probably filter bots. They are not being attacked.

    The connection between the bank servers and Cloudflare is encrypted and everything between the user and Cloudflare is also encrypted, but yes, Cloudflare can see and modify the data if they wanted to. Also, a target for those that want to see what’s being transferred.

    Is this a problem? Sure… but I don’t trust Cloudflare more or less than I trust Akamai (what most banks use) or the hosting provider (Amazon AWS, Google Cloud, Azure, IBM, etc) the bank uses.

  3. 1337shill

    |Author

    > immune

    > keeps its user’s privacy

    Bitcoin is not ideal for privacy. It’s a public blockchain. I love Bitcoin, been around it for a long time. But your statements don’t make sense.

  4. kendall1004

    |Author

    Well ****,

    that’s my main bank.

    I just cancelled my Fidor Bank account last week because of their sudden urge to charge me for cards, account and what not…

    DKB was not so keen on clients trading cryptocurrencies, thats why i have a second account somewhere else. Thanks for the headsup!

  5. First off I dont see any evidence of “unencrypted” user data being visible to cloudflare here. It is entirely possible to use cloudflare with additional application layer encryption that ensures no unencrypted user data is visible to the cache.

    **Edit:** unfortunately later evidence suggests this bank appears to not have done this though 🙁

    Secondly, bitcoin might not be susceptible to a traditional http based denial-of-service attack but that does not mean it cannot be attacked. For example, spamming the mempool with many transactions would be considered a type of denial-of-service attack and is something that has indeed happened in the past.

    Dont get me wrong, a decentralised network is better and more resilient in many ways than a centralised bank, but this is ill informed and misleading information that you are presenting.

  6. Bitcoin is very much not “immune” to DDoS attacks. Perhaps [resistant](//en.bitcoin.it/wiki/Weaknesses#Denial_of_Service_.28DoS.29_attacks), but absolutely not immune. In fact, there have been quite a few DoS attacks in Bitcoin’s history; they weren’t catastrophic, but they still happened and the network was still affected.

  7. etmetm

    |Author

    In light of GDRP, it would be useful if DKB looked at a purely German or at least EU based DDoS mitigator…

    Edit: Not trying to judge Cloudflare in any way – just more info on the matter: It looks as though Cloudflare openend a German subsidiary [Cloudflare GmbH](https://www.cloudflare.com/impressum/) recently and tries to comply with [GDRP](https://blog.cloudflare.com/advancing-privacy-protection-with-the-gdpr/), which might have led DKB to the decision to sign a “data processing agreement” with them.

  8. rtherge

    |Author

    almost every bank in the UK is now fronted by akamai – same deal there.. check your bank’s online portal – chances are it’s using some form of cloud fronting too (which allows the cloud provider and nsa to see what everyone is doing on the bank).

Leave a Reply

Your email address will not be published.