A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks.
University of Colorado assistant professor Eric Wustrow and University of Michigan phD student Benjamin VanderSloot create the platform that allows TLS web servers to be targeted.
Signatures are created when TLS connections are confirmed, gifting attackers another means to be paid for denial of service attacks.
The DDoSCoins could be traded in for cryptocurrencies like Bitcoin and Ethereum, the pair say.
"DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers," the researchers write in the paper DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work [PDF].
[...] It is an interesting concept for the well-oiled DDoS machine that has become so commoditised that the bloke-in-the-pub can order cheap and very large anonymous attacks to any target of their choosing.
(Score: 4, Interesting) by SunTzuWarmaster on Saturday August 13 2016, @04:25PM
(Score: 2) by Adamsjas on Saturday August 13 2016, @04:54PM
Its a trap.
(Score: 3, Insightful) by Scruffy Beard 2 on Sunday August 14 2016, @11:04PM
I read it the other way:
For about 5 years, we have been telling people to "Encrypt Everything." The idea is that if you encrypt everything, interesting data no longer stands out just because it is encrypted. The common refrain I hear from people pushing this is that modern CPUs can handle it.
Suddenly, with this DDOSCoin, you have a system to make offering strong encryption expensive (even over tor): with built-in financial rewards. If people start submitting their "winnings" from normal browsing traffic, you now have known plain-text for doing cryptanalysis.
(Score: 3, Insightful) by JNCF on Saturday August 13 2016, @04:54PM
[If] it leaves a permanent and irrevocable record of participation in an attack, this would seem like a "one stop kiddie-scripter shop" to round people up.
As your namesake put it, "do not gobble proffered baits."
(Score: 2) by Hyperturtle on Sunday August 14 2016, @12:23AM
No doubt.
This is only of real value as a point system, lacking badges and achievements. Is DDoSing and other 'darknet' activities approaching gamification?
It'd be easy to cater to the low IQ/high ego crowd, and round them up as suggested. What are you going to do if you get caught -- say you cheated and the points weren't earned? Or that you were hacked?
Of course, it could be a way to find out who is worth recruiting, since it is difficult to effectively start a government employement conversation with many of the specifically skilled people in IT that are not interested in such recruitment.
Anyone game to this game would probably be young enough to properly 'train' outside of IT--or at least play to the ego of older people keeping scores, or the proverbial mercenaries that IT recruiters are unlikely to find on the regular job forums (except perhaps for the silk road founder, of course...)