Stories
Slash Boxes
Comments

SoylentNews is people

Meet DDoSCoin, the Cryptocurrency That Pays When You P0wn

posted by janrinok on Saturday August 13 2016, @02:42PM   Printer-friendly
from the theoretically,-of-course dept.

Arthur T Knackerbracket has found the following story:

A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks.

University of Colorado assistant professor Eric Wustrow and University of Michigan phD student Benjamin VanderSloot create the platform that allows TLS web servers to be targeted.

Signatures are created when TLS connections are confirmed, gifting attackers another means to be paid for denial of service attacks.

The DDoSCoins could be traded in for cryptocurrencies like Bitcoin and Ethereum, the pair say.

"DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers," the researchers write in the paper DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work [PDF].

[...] It is an interesting concept for the well-oiled DDoS machine that has become so commoditised that the bloke-in-the-pub can order cheap and very large anonymous attacks to any target of their choosing.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Meet DDoSCoin, the Cryptocurrency That Pays When You P0wn | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by SunTzuWarmaster on Saturday August 13 2016, @04:25PM

    by SunTzuWarmaster (3971) on Saturday August 13 2016, @04:25PM (#387536)
    I'm not sure if this works the way a normal *Coin works, but it it leaves a permanent and irrevocable record of participation in an attack, this would seem like a "one stop kiddie-scripter shop" to round people up. Newflash - *Coin is NOT anonymous in the same way your real wallet is not anonymous. Wallet on the ground with money in it? Anonymous. Someone taking money from the wallet to buy groceries and having them shipped to their house? Not anonymous.
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 2) by Adamsjas on Saturday August 13 2016, @04:54PM

    by Adamsjas (4507) on Saturday August 13 2016, @04:54PM (#387550)

    Its a trap.

    • (Score: 3, Insightful) by Scruffy Beard 2 on Sunday August 14 2016, @11:04PM

      by Scruffy Beard 2 (6030) on Sunday August 14 2016, @11:04PM (#388006)

      I read it the other way:
      For about 5 years, we have been telling people to "Encrypt Everything." The idea is that if you encrypt everything, interesting data no longer stands out just because it is encrypted. The common refrain I hear from people pushing this is that modern CPUs can handle it.

      Suddenly, with this DDOSCoin, you have a system to make offering strong encryption expensive (even over tor): with built-in financial rewards. If people start submitting their "winnings" from normal browsing traffic, you now have known plain-text for doing cryptanalysis.

  • (Score: 3, Insightful) by JNCF on Saturday August 13 2016, @04:54PM

    by JNCF (4317) on Saturday August 13 2016, @04:54PM (#387551) Journal

    [If] it leaves a permanent and irrevocable record of participation in an attack, this would seem like a "one stop kiddie-scripter shop" to round people up.

    As your namesake put it, "do not gobble proffered baits."

  • (Score: 2) by Hyperturtle on Sunday August 14 2016, @12:23AM

    by Hyperturtle (2824) on Sunday August 14 2016, @12:23AM (#387663)

    No doubt.

    This is only of real value as a point system, lacking badges and achievements. Is DDoSing and other 'darknet' activities approaching gamification?

    It'd be easy to cater to the low IQ/high ego crowd, and round them up as suggested. What are you going to do if you get caught -- say you cheated and the points weren't earned? Or that you were hacked?

    Of course, it could be a way to find out who is worth recruiting, since it is difficult to effectively start a government employement conversation with many of the specifically skilled people in IT that are not interested in such recruitment.

    Anyone game to this game would probably be young enough to properly 'train' outside of IT--or at least play to the ego of older people keeping scores, or the proverbial mercenaries that IT recruiters are unlikely to find on the regular job forums (except perhaps for the silk road founder, of course...)