Using the Blockchain as a C&C for a botnet

[grue]

http://www.scribd.com/doc/250009335/A-Novel-Approach-for-Computer-Worm-Control-Using-Decentralized-Data-Structures

In this paper, we propose a novel communications module for controlling a computer worm in a way that (if properly executed) completely masks the identity of the operator, allows for rapid distribution of commands, and cannot be realistically censored. This new control technique utilizes the Blockchain, a decentralized data structure, to store and retrieve data related to the operation of the worm

Thoughts?

[shorena]

Frist though was: whatever let them make their own coin, then I understood the proposal.
Wouldnt this also enable everyone to controll the botnet though? If the only identifier is a specific amount, someone will probably figure out the amount (because it looks odd) or use the same amount by chance and mess up the botnet. This would have to be very robust and would be "easily" detectable [1] locally because the virus has to query the blockchain constantly. Also - as we know - a single satoshi would not work with the current implementation.

[1] which will most likely result in all slim clients beeing considered a virus -_-

[Vessko]

I've discussed this with the author of the paper on Reddit. Basically, there are a few problems with the idea:

1) No need to involve viruses. For those not familiar with the subject - a virus is a program that replicates itself. (Don't ask me what a worm is, because I'd have to write a whole article and you still won't have a clear understanding after reading it.) But the paper really talks about a novel way to implement a C&C channel. Such things are mostly used by non-replicating malware (e.g., Trojans) and mostly for controlling botnets.

2) No real need for it. There are multiple malicious programs that use P2P communication. They are extremely difficult to shut down. Sometimes we can sinkhole them but these cases are rare and even then it is a whack-a-mole game - the botnets keep re-appearing. My point is - P2P C&C channels already exist and are fairly efficient; there is no need to use the blockchain.

3) Confidentiality problems. The blockchain is public. Any communication over it is publicly accessible, so it will have to be encrypted (otherwise somebody else could take control of the botnet). Sending encrypted information to the bot herder is easy - just use his public key. Communicating confidentially the other way, however, isn't easy. You can't have a public key for the bots, because capturing a single sample will let the attacker discover the secret key and take control of the botnet. Basically, each bot will have to generate its own public key, which is a hassle, because the bot herder will have to keep a database of them and encrypt his commands with each and every one of them - and the numbers can easily be millions.

4) Costs - something I didn't mention in the Reddit thread. The bot herder will have to pay transaction fees for every message, not to mention that he will have to transfer some funds. Even if he transfers 1 satoshi to himself, he will still have to pay transaction fees, if he wants the message to be processed in a timely manner. These fees might be minimal - but why pay them when it is possible to implement a P2P C&C channel for free?

Somebody asked why not use an altcoin for this purpose - because you can't convince people to mine it. But, basically, this is a curious idea which, I think, is without practical value. That doesn't mean that somebody won't implement it, but I don't expect it to be widely used. The only advantage I can see for it is that we won't even try to shut down the network that supports the C&C channel. But that's not a big advantage, because there are other means - for instance, we could try convincing the miners to drop transactions that contain such messages (if they are easily identifiable).

Basically, the idea is similar to that Dutch student's who designed a messaging platform based on Bitcoin's blockchain. Thank goodness, it was just a design for a course project and not a real implementation, or we'd see a lot of blockchain spam that we don't want.

[Flashman]

Crap, Pandora's box is open...

I don't know about "The" blockchain, seems the devs could find ways to shut it off, but a blockchain of their own, secured by stolen resources, would be a whole new ballgame.

What we are facing with that, is the possibility of self modifying, evolving trojans or virii using a blockchain as DNA and telepathic shared memory... we get beyond the first digital amoeba and then we've got complex digital life, looking for a way to survive. Digital rats gnawing holes in your shit. The "Whack a mole" analogy will seem a whole lot less amusing when every mole knows exactly how you whacked the last one and can adapt and evade.

[Vessko]

a blockchain of their own, secured by stolen resources, would be a whole new ballgame.

Definitely possible (they could use the Bitmessage protocol, for instance) - but not worth the bother. Reliable P2P C&C channels already exist and are widely used.

What we are facing with that, is the possibility of self modifying, evolving trojans or virii using a blockchain as DNA and telepathic shared memory...

With all due respect, this makes no sense. Lay off the SciFi, why don't you.

we get beyond the first digital amoeba and then we've got complex digital life, looking for a way to survive.

Somebody did that recently. They made a full simulation of a nematode (a small worm, 1.2mm long), down to every cell and every neuron connection (some 600+ of such connections). Then they let it "roam" in a simulated environment and it behaved exactly like the real thing.

The "Whack a mole" analogy will seem a whole lot less amusing when every mole knows exactly how you whacked the last one and can adapt and evade.

Simply unnecessary. There is no need for the botnet to have such a memory and intelligence; it unnecessarily complicate things without added survival. All that is needed is for the bot herder to learn about the attacks and relay his commands reliably to the botnet - and we have that already; using a blockchain adds no benefits.