Pierluigi Paganini August 15, 2016

Two researchers have devised a cryptocurrency scheme dubbed DDoSCoin that pays everytime a user participates in a DDoS attack against certain servers.

The assistant professor at the University of Colorado Eric Wustrow and the phD student at the University of Michigan Benjamin VanderSloot have conducted a curious proof-of-concept project aimed at the creation of a cryptocurrency that pays when users participate in DDoS attacks.

Yes, it is not a joke, DDoSCoin is the name of the cryptocurrency that pays users that take part to DDoS attacks against TLS web servers.

Every time a TLS connection is confirmed, it is created a signature used to recognize the attacker’s activity.

The duo published a paper titled DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work that details their efforts.

The DDoSCoin is equivalent to other cryptocurrencies like Bitcoin, with substantial difference that the mining process requests the participation in DDoS attacks.

“In this paper, we present DDoSCoin, which is a cryptocurrency with a malicious proof-of-work. DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers.” explained the researchers in the paper. “This proof involves making a large number of TLS connections to a target server, and using cryptographic responses to prove that a large number of connections has been made. Like proof-of-work puzzles, these proofs are inexpensive to verify, and can be made arbitrarily difficult to solve.”

DDoSCoin represents a novelty in the hacking landscape, it leverages on the ability of proving the use of bandwidth to a (potentially unwilling) target domain.

“Proof-of-DDoS can be used to replace proof-of-work in a cryptocurrency setting, provided that there is consensus around what victims are valid targets.”

I suggest you to read the paper … it is very interesting.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – DDoSCoin, virtual currency)