The assistant professor at the University of Colorado Eric Wustrow and the phD student at the University of Michigan Benjamin VanderSloot have conducted a curious proof-of-concept project aimed at the creation of a cryptocurrency that pays when users participate in DDoS attacks.
Yes, it is not a joke, DDoSCoin is the name of the cryptocurrency that pays users that take part to DDoS attacks against TLS web servers.
Every time a TLS connection is confirmed, it is created a signature used to recognize the attacker’s activity.
The duo published a paper titled DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work that details their efforts.
The DDoSCoin is equivalent to other cryptocurrencies like Bitcoin, with substantial difference that the mining process requests the participation in DDoS attacks.
“In this paper, we present DDoSCoin, which is a cryptocurrency with a malicious proof-of-work. DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers.” explained the researchers in the paper. “This proof involves making a large number of TLS connections to a target server, and using cryptographic responses to prove that a large number of connections has been made. Like proof-of-work puzzles, these proofs are inexpensive to verify, and can be made arbitrarily difficult to solve.”
DDoSCoin represents a novelty in the hacking landscape, it leverages on the ability of proving the use of bandwidth to a (potentially unwilling) target domain.
“Proof-of-DDoS can be used to replace proof-of-work in a cryptocurrency setting, provided that there is consensus around what victims are valid targets.”
In order to specify a target for mining activity, the virtual currency scheme introduces the payment opcode PAY_TO_DDOS.
The PAY_TO_DDOS opcode takes two parameters in an output script: a string representing the server to attack, and a target difficulty corresponding to the amount of connections the payer wishes to be made.
I suggest you to read the paper … it is very interesting.
(Security Affairs – DDoSCoin, virtual currency)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.