Slashdot Mirror

← Back to Stories (view on slashdot.org)

DDoSCoin: New Crypto-Currency Rewards Users For Participating In DDoS Attacks (softpedia.com)

Posted by BeauHD on from the money-as-an-incentive dept.

An anonymous reader writes from a report via Softpedia: "In the most innovative, weirdest, and stupidest idea of the month, two researchers from the University of Colorado Boulder and the University of Michigan have created a crypto-currency that rewards people for participating in DDoS attacks," reports Softpedia. "Called DDoSCoin, this digital currency rewards a person (the miner) for using their computer as part of a DDoS attack. Just like Bitcoin, DDoSCoin uses cryptographic data to provide a proof-of-work. In DDoSCoin's case, this proof-of-work is extracted from the TLS connection a miner establishes with the website they're supposed to attack." This means that DDoSCoin can be used only with DDoS attacks on TLS-enabled websites. Participating in DDoS attacks gives miners DDoSCoin, which can then be converted in Bitcoin or fiat currency. Furthermore, anyone can request a DDoS attack via the PAY_TO_DDOS transaction. The research paper that proposes DDoSCoin is only a theoretical exercise, and a DDoSCoin crypto-currency does not currently exist in the real world. For now.

45 comments

  1. Um, why? by Anonymous Coward · · Score: 1

    Why would we want to encourage users to participate in DDoS attacks by paying them? How is this research? The idea of paying for criminal services using crypto-currency isn't new, so I don't see how this is particularly innovative. And why are researchers being funded to carry out "research" that encourage DDoS attacks?

    1. Re:Um, why? by Anonymous Coward · · Score: 0

      Since it is made up money, it does not actually cost them any real money for the DDoS Attack.

  2. A Better Name? by IonOtter · · Score: 2, Funny

    How about DarwinCoin: stupidity-based currency that eliminates the wielder from the gene pool.

    --
    [End Of Line]
    1. Re: A Better Name? by Anonymous Coward · · Score: 0

      Already exists. It's called Dogecoin. /ducks

    2. Re: A Better Name? by Anonymous Coward · · Score: 0

      Better than /fucksdogs like IonFurFag up there.

    3. Re: A Better Name? by IonOtter · · Score: 1

      Hate detected...

      --
      [End Of Line]
    4. Re: A Better Name? by Ash-Fox · · Score: 1

      Why so mad?

      --
      Change is certain; progress is not obligatory.
  3. We're less than half way through the month by El+Cubano · · Score: 1

    In the most innovative, weirdest, and stupidest idea of the month ...

    Give it time. We're less than half-way through the month. There's plenty more stupid out there.

  4. I can't even by softnewsit · · Score: 2

    I can't even wrap my head around the idea of this currency... WHY DOES THIS EXIST? EVEN IN THEORY!

    --
    Go away!
    1. Re:I can't even by ShanghaiBill · · Score: 0

      I can't even wrap my head around the idea of this currency... WHY DOES THIS EXIST? EVEN IN THEORY!

      Indeed. I can see how you can create these coins by participating in a DDOS, but then what can you do with it? Who is going to accept is as payment for anything?

    2. Re:I can't even by omnichad · · Score: 1

      It's like being a hit man who gets paid by having other people do hits for them in return (to generate the currency).

    3. Re:I can't even by EvilSS · · Score: 1

      Indeed. I can see how you can create these coins by participating in a DDOS, but then what can you do with it? Who is going to accept is as payment for anything?

      They are a proof of work, a modern day varmint pelt. You could set up a way to exchange them for bitcoin or another virtual currency paid for by the person or persons who wanted the DDOS in the first place. The "good" news is that botnets are cheap and plentiful right now, and thus so are DDOS attacks. This scheme wouldn't be worth it since each node would be lucky to earn more than a few fractions of a cent.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    4. Re:I can't even by flopsquad · · Score: 2

      I can't even wrap my head around the idea of this currency... WHY DOES THIS EXIST? EVEN IN THEORY!

      There can be no light without the dark. Asshattery like this is more than proof of (its own) concept. It shows us that there can be noble and benevolent cryptocurrencies that reward doing good stuff!

      Imaging a CC that rewarded participating in SETI or protein folding or whatever.

      Or take saving for retirement. There could be a CC that rewarded you for doing that. And it would end up giving you like $0.000003 in value for performing an action that will ultimately end up being more valuable (with compound interest) by a factor of 10^10. But what's important is that you got your FogeyCoin for making that deposit, ya know?

      --
      Nothing posted to /. has ever been legal advice, including this.
    5. Re: I can't even by AA1 · · Score: 1

      It already exists. Take a look at CureCoin

    6. Re:I can't even by Jesus_666 · · Score: 1

      Gridcoin already exists.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
    7. Re:I can't even by Keybounce · · Score: 1

      This scheme wouldn't be worth it since each node would be lucky to earn more than a few fractions of a cent.

      Don't worry, we'll make up for it in volume :-)

  5. Is it Spoofable by vux984 · · Score: 3, Interesting

    Is it spoofable?

    Can I simply drop the ddos packets at my outgoing firewall, but still show as having contributed, and having 'done the work' ?

    Or setup a target virtual machine on the IP address, configure my router to point at that, and then ddos the shite out of it ?

    1. Re: Is it Spoofable by Ash-Fox · · Score: 1

      No, read the summary.

      --
      Change is certain; progress is not obligatory.
    2. Re: Is it Spoofable by vux984 · · Score: 1

      I did. and so, yes, i guess outright dropping the packets isn't going to fly, but i still wonder if there is room to proxy it in some way, and make a single connection to the target count as multiple attempts...

    3. Re: Is it Spoofable by Ash-Fox · · Score: 2

      I did. and so, yes, i guess outright dropping the packets isn't going to fly, but i still wonder if there is room to proxy it in some way, and make a single connection to the target count as multiple attempts...

      From the paper:

      Miners in DDoSCoin repeatedly create connections to a TLS victim server, and check for a response that satisfies a target difficulty decided by the network. If the response satisfies this condition, then parameters of the TLS hand-shake can be published by the miner to create a new valid block.

      You have to somehow generate valid responses to create blocks in a short time span, which is currently not very feasable with current technology if you're bruteforcing it.

      --
      Change is certain; progress is not obligatory.
  6. I'm old by PopeRatzo · · Score: 1

    It really seems like people just don't know how to behave any more.

    --
    You are welcome on my lawn.
  7. Correction by JustAnotherOldGuy · · Score: 0

    "...two researchers from the University of Colorado Boulder..."

    Correction:

    "two assholes from the University of Colorado Boulder..."

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Correction by Anonymous Coward · · Score: 0

      It's a grad student from the University of Michigan and a junior faculty member from the University of Colorado Boulder.

      Not that this diminishes your point.

    2. Re:Correction by JustAnotherOldGuy · · Score: 1

      Updated correction:

      "...two assholes, a grad student from the University of Michigan and a junior faculty member from the University of Colorado Boulder..."

      --
      Just cruising through this digital world at 33 1/3 rpm...
  8. Back in my day... by Anonymous Coward · · Score: 0

    ...you'd just show up on /b/ and make a case as to why your intended target was a horrible pedophile/cat abuser/scientologist, then end your post with a link to LOIC.

    If you could engender enough outrage to outweigh the "NOT YOUR PERSONAL ARMY"'s, then maybe you'd have something.

    1. Re:Back in my day... by Anonymous Coward · · Score: 0

      so 'back in your day' was like 3 years ago, sheesh. what are you, 16?

    2. Re:Back in my day... by Anonymous Coward · · Score: 0

      underage b&

  9. What happened to USENIX? by pedantic+bore · · Score: 1

    USENIX used to be one of my favorite conferences. Important work was presented there. Or at least work that, at the time, seemed like it had the potential to be important, although no program committee has yet been perfect at foreseeing the future...

    This just seems like a silly joke taken too far.

    --
    Am I part of the core demographic for Swedish Fish?
    1. Re:What happened to USENIX? by pedantic+bore · · Score: 2

      Oh, never mind. I saw the USENIX in the URL and jumped to a conclusion. It's just the Workshop on Offensive Technologies. Perfectly appropriate for that.

      --
      Am I part of the core demographic for Swedish Fish?
  10. The awards goes to.... by TiggertheMad · · Score: 1

    "The academy would like to acknowledge the hard work and dedication of the researchers at UCB and U of M for their innovative work with crypto currencies and security. In addition to the usual financial grants that the academy bestows upon recipients, we will be awarding several punches in the junk to the researchers involved for taking a good idea and being total tools. Good work gentlemen, and fuck you."

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
    1. Re:The awards goes to.... by JustAnotherOldGuy · · Score: 1

      "In unrelated news, the University of Michigan and the University of Colorado Boulder both came under devastating, high-volume DDOS attacks of unprecedented severity, crippling both campuses and causing widespread outages. The attack shows no sign of slowing. Ever."

      --
      Just cruising through this digital world at 33 1/3 rpm...
  11. The victim can crash the market, as the issuer by Anonymous Coward · · Score: 1

    If someone knows their network is being DDoSed, and the currency is based on proof of a connection to their (supposedly limited) servers... What's to stop them form setting up a local farm of nodes and "issuing" more currency to themselves?

    This crashes the market for the DDoS-coin and removes an incentive for other people to attack.

  12. Softpedia is not news, it is infected malware site by Anonymous Coward · · Score: 0

    Suddenly there are a lot of stories coming from Softpedia. Nobody ever takes them seriously that have been on the internet a long time. They take freeware and turn it into malware versions. For Slashdot to keep quoting them seems fishy.

  13. Until it gets an exchange rate with Bitcoin by tepples · · Score: 1

    Since it is made up money, it does not actually cost them any real money

    That's true only until DDoSCoin gets an implementation. Once it does, watch an exchange rate with a better-known cryptocurrency emerge.

    1. Re:Until it gets an exchange rate with Bitcoin by Anonymous Coward · · Score: 0

      It will still Not cost them anything. They don't have to buy it, it is free to them.

    2. Re:Until it gets an exchange rate with Bitcoin by tepples · · Score: 1

      In order to buy more DDoS credits, you need to make TLS handshakes with the server chosen by someone paying you. Buying credits from someone else might be easier than mining them yourself by performing DDoSes for others.

  14. Perverse reward system by Anonymous Coward · · Score: 0

    The payoff of DDoSCoin happens when the user gets the target system to respond to a web request. This means that so long as the website isn't over-saturated, attackers get paid. Once the site collapses under the DDoS, people stop getting paid. Users would apparently be encouraged to attack the largest sites where bounties are offered. Smaller and less secure sites just aren't worth it because you're identified as part of the attack by your IP address (your 'cost' for the attack), while you're less likely to earn a payoff. And since the payoff for attacking sites that can handle it is a better risk/reward than the payoff for attacking a low-bandwidth site, this scheme perversely encourages unsuccessful DDoS attacks.

    1. Re: Perverse reward system by cunina · · Score: 1

      That assumes that the risk is inversely proportional to the size of the site, which might be flawed. Bigger sites probably have more sophisticated tools to identify and track attackers. Plus a bigger legal budget.

  15. Think past the edge of the envelope, people by Opportunist · · Score: 1

    What they demonstrated here is that, when you abstract it further, you can reward behaviour that you want with scrip that can then again be used to pay for the same activity being used by you. Now, do we possibly know of some application for that? Well?

    C'mon, no file sharer's here?

    Now, I am not aware of the more recent development in the area (it's been a while since I torrented a Linux ISO), but back then it was so that you had to allow uploads to be eligible for downloads. Further back, some of you might remember the times of FTP servers with quotas where you had to upload some stuff before you were allowed to download something. This all worked on a per-session base. I.e. if I wanted something now, I had to upload now.

    This introduces the possibility of uploading when you have content for "credit".

    On a more legal as well as perverted note: Porn. There's plenty of amateur porn sites around that could use such a system. You upload a video and if someone watches, you get store credits to watch other videos with. Of course, anyone not providing content for the porn site has to pay with real cash.

    You think this wouldn't take off? Fuck, if I was them I'd patent the living crap out of this!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  16. Boon for the DDoS target? by Anonymous Coward · · Score: 0

    So if I'm the target of a DDoSCoin attack, I can just make a bunch of fake connection data and get paid more than the miners.

  17. (while high on marijuana) by Anonymous Coward · · Score: 0

    didn't got it... if I use my PC as DDoS, I canreport myself and get e-money? wow! $_$

  18. Now that's by Zoup · · Score: 1

    WTF