Proof-of-work turned to nefarious purposes, like taking down a Census
A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks.
University of Colorado assistant professor Eric Wustrow and University of Michigan phD student Benjamin VanderSloot create the platform that allows TLS web servers to be targeted.
Signatures are created when TLS connections are confirmed, gifting attackers another means to be paid for denial of service attacks.
The DDoSCoins could be traded in for cryptocurrencies like Bitcoin and Ethereum, the pair say.
“DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers,” the researchers write in the paper DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work [PDF].
“This proof involves making a large number of TLS connections to a target server, and using cryptographic responses to prove that a large number of connections has been made.
“Proof-of-DDoS can be used to replace proof-of-work in a cryptocurrency setting, provided that there is consensus around what victims are valid targets.”
Those wanting to set up a target for DDoS, perhaps census.abs.gov.au, in honour of this week’s Australian #CensusFail, can use the PAY_TO_DDOS transaction, and a second for updating victim domains bad guys can use for mining coins.
It is an interesting concept for the well-oiled DDoS machine that has become so commoditised that the bloke-in-the-pub can order cheap and very large anonymous attacks to any target of their choosing. ®
Sponsored: 2016 Cyberthreat defense report