BSides Tel Aviv Blockchain technologies might be abused to create a takedown-resistant infrastructure for botnets.
During a presentation at BSides Tel Aviv on Tuesday, security researcher Omer Zohar demonstrated proof-of-concept code for a fully functional command-and-control infrastructure built on top of the Ethereum network. Zohar was exploring the scope for potential misuse of blockchain in a bid to keep one step ahead of hackers and develop potential mitigation strategies.
The distributed ledger technology might be abused to create a decentralised and distributed infrastructure for the ultimate zombie network (botnet) C&C.
Managing a botnet is onerous. Once infected, a host must be able to discover, reach and maintain communication with its controller. Crooks of various stripes have spent years attempting to perfect these capabilities to avoid detection, maintain anonymity and resist takedown efforts.
Pwn goal: Hackers used the username root, password root for botnet control database loginREAD MORE
Hacker techniques have evolved from simple HTTP requests, through DIY TCP protocols and encryption, on to the use of P2P networks, DGAs, Fast Flux and the occasional abuse of cloud-based services and social media accounts.
While all these techniques have a varying degree of resilience and covertness, all are vulnerable to takedown once network topology has been determined, Zohar said. Blockchain-based technologies might be abused to overcome these weaknesses. Secure communications, high availability, authentication and anonymity functions that a botnet operator might want are all handled by blockchain technology, thus blockchain-based command infrastructures would also be takeover and takedown resistant. All big pluses.
But they aren't without their disadvantages. Chief among them, Zohar discovered, is higher operational costs. Users have to pay for every byte sent to the chain. Some Ether must be sent with every implant, a process that increases in cost as the value of cryptocurrencies rises.
Zohar's research was explained as part of a presentation entitled Unblockable Chains – Is Blockchain the ultimate malicious infrastructure? Zohar is investigating how emerging technologies such as blockchain and AI might improve bad-guy infrastructure and how to mitigate against it. You can find the code and further details right here. ®