Help Irongeek.com pay for bandwidth and research equipment:
Unblockable Chains – Is Blockchain the ultimate malicious infrastructure? - Omer Zohar Converge 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)
Unblockable Chains – Is Blockchain the ultimate malicious infrastructure? Omer Zohar
As Crypto coins and Blockchain technology gain more traction in recent years, it
brings promise of creating a decentralized, distributed and transparent economy
which aim to disrupt the centric based approach current organizational
structures.
But can it also be abused? Certainly, crypto coins has been the currency of
choice for transactions on the dark web – But what about the underlying
technology, the Blockchain? Could this distributed ledger, the global Blockchain,
be abused for some nefarious purposes, such as building a resilient
infrastructure to command and control malicious activities?
In this principal research, we demonstrate a POC of a fully functional C&C
infrastructure on top of the Ethereum network – Currently the second largest
public blockchain which also offers a distributed computing platform featuring
smart contract (scripting) functionality.
Managing a botnet is a problem in distributed computing. While covertly inserted
into an unknown environment a bot must discover and make contract with its
operator and maintain contact over a long period. Over the years many attempts
were made to devise the perfect scheme to discover, transfer and receive data
without being detected and taken down. From plain O’ HTTP requests, thru DIY TCP
Protocols and encryption and up to using fancy P2P networks, DGAs, Fast Flux or
cloud services. All had their pros and cons and eventually a way to detect them
was found. Will Blockchain prove as a better solution?
In this talk, which will include many code examples and a live demo, we will
discuss:
* How can the blockchain solves the ‘first contact’ problem?
* How to deal with the fact that all data, code and transactions are publicly
visible on the blockchain?
* What is the footprint of running a blockchain node on the client and how to
minimize resources?
* Cost analysis: Is it feasible financially to run a botnet at scale on top of a
blockchain?
* Is it takedown resilient? Can an adversary take interrupt or take over the
network? Or cause its resources (ether) to deplete? What are the design pitfalls
to mitigate such concerns?
* What information will be revealed to someone tracking the bot? how do you deal
with it?
* Does it scale?
Finally, we will try to offer possible mitigations and detection methods.