DDoSCoin: New Crypto-Currency Rewards Users For Participating In DDoS Attacks (softpedia.com)

← Back to Stories (view on slashdot.org)

DDoSCoin: New Crypto-Currency Rewards Users For Participating In DDoS Attacks (softpedia.com)

Posted by BeauHD on Friday August 12, 2016 @10:40AM from the money-as-an-incentive dept.

An anonymous reader writes from a report via Softpedia: "In the most innovative, weirdest, and stupidest idea of the month, two researchers from the University of Colorado Boulder and the University of Michigan have created a crypto-currency that rewards people for participating in DDoS attacks," reports Softpedia. "Called DDoSCoin, this digital currency rewards a person (the miner) for using their computer as part of a DDoS attack. Just like Bitcoin, DDoSCoin uses cryptographic data to provide a proof-of-work. In DDoSCoin's case, this proof-of-work is extracted from the TLS connection a miner establishes with the website they're supposed to attack." This means that DDoSCoin can be used only with DDoS attacks on TLS-enabled websites. Participating in DDoS attacks gives miners DDoSCoin, which can then be converted in Bitcoin or fiat currency. Furthermore, anyone can request a DDoS attack via the PAY_TO_DDOS transaction. The research paper that proposes DDoSCoin is only a theoretical exercise, and a DDoSCoin crypto-currency does not currently exist in the real world. For now.

28 of 45 comments (clear)

Min score:

Reason:

Sort:

Um, why? by Anonymous Coward · 2016-08-12 10:45 · Score: 1

Why would we want to encourage users to participate in DDoS attacks by paying them? How is this research? The idea of paying for criminal services using crypto-currency isn't new, so I don't see how this is particularly innovative. And why are researchers being funded to carry out "research" that encourage DDoS attacks?
A Better Name? by IonOtter · 2016-08-12 10:47 · Score: 2, Funny

How about DarwinCoin: stupidity-based currency that eliminates the wielder from the gene pool.

--
[End Of Line]
1. Re: A Better Name? by IonOtter · 2016-08-12 12:48 · Score: 1
  
  Hate detected...
  
  --
  [End Of Line]
2. Re: A Better Name? by Ash-Fox · 2016-08-12 13:13 · Score: 1
  
  Why so mad?
  
  --
  Change is certain; progress is not obligatory.
We're less than half way through the month by El+Cubano · 2016-08-12 10:58 · Score: 1

In the most innovative, weirdest, and stupidest idea of the month ...
Give it time. We're less than half-way through the month. There's plenty more stupid out there.
I can't even by softnewsit · 2016-08-12 11:01 · Score: 2

I can't even wrap my head around the idea of this currency... WHY DOES THIS EXIST? EVEN IN THEORY!

--
Go away!
1. Re:I can't even by omnichad · 2016-08-12 12:11 · Score: 1
  
  It's like being a hit man who gets paid by having other people do hits for them in return (to generate the currency).
2. Re:I can't even by EvilSS · 2016-08-12 12:18 · Score: 1
  
  Indeed. I can see how you can create these coins by participating in a DDOS, but then what can you do with it? Who is going to accept is as payment for anything?
  They are a proof of work, a modern day varmint pelt. You could set up a way to exchange them for bitcoin or another virtual currency paid for by the person or persons who wanted the DDOS in the first place. The "good" news is that botnets are cheap and plentiful right now, and thus so are DDOS attacks. This scheme wouldn't be worth it since each node would be lucky to earn more than a few fractions of a cent.
  
  --
  I browse on +1 so AC's need not respond, I won't see it.
3. Re:I can't even by flopsquad · 2016-08-12 14:12 · Score: 2
  
  I can't even wrap my head around the idea of this currency... WHY DOES THIS EXIST? EVEN IN THEORY!
  There can be no light without the dark. Asshattery like this is more than proof of (its own) concept. It shows us that there can be noble and benevolent cryptocurrencies that reward doing good stuff!
  
  Imaging a CC that rewarded participating in SETI or protein folding or whatever.
  
  Or take saving for retirement. There could be a CC that rewarded you for doing that. And it would end up giving you like $0.000003 in value for performing an action that will ultimately end up being more valuable (with compound interest) by a factor of 10^10. But what's important is that you got your FogeyCoin for making that deposit, ya know?
  
  --
  Nothing posted to /. has ever been legal advice, including this.
4. Re: I can't even by AA1 · 2016-08-12 14:30 · Score: 1
  
  It already exists. Take a look at CureCoin
5. Re:I can't even by Jesus_666 · 2016-08-13 03:33 · Score: 1
  
  Gridcoin already exists.
  
  --
  USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
6. Re:I can't even by Keybounce · 2016-08-13 09:14 · Score: 1
  
  This scheme wouldn't be worth it since each node would be lucky to earn more than a few fractions of a cent.
  Don't worry, we'll make up for it in volume :-)
Is it Spoofable by vux984 · 2016-08-12 11:03 · Score: 3, Interesting

Is it spoofable?
Can I simply drop the ddos packets at my outgoing firewall, but still show as having contributed, and having 'done the work' ?
Or setup a target virtual machine on the IP address, configure my router to point at that, and then ddos the shite out of it ?
1. Re: Is it Spoofable by Ash-Fox · 2016-08-12 13:14 · Score: 1
  
  No, read the summary.
  
  --
  Change is certain; progress is not obligatory.
2. Re: Is it Spoofable by vux984 · 2016-08-12 13:28 · Score: 1
  
  I did. and so, yes, i guess outright dropping the packets isn't going to fly, but i still wonder if there is room to proxy it in some way, and make a single connection to the target count as multiple attempts...
3. Re: Is it Spoofable by Ash-Fox · 2016-08-12 14:42 · Score: 2
  
  I did. and so, yes, i guess outright dropping the packets isn't going to fly, but i still wonder if there is room to proxy it in some way, and make a single connection to the target count as multiple attempts...
  From the paper:
  
  Miners in DDoSCoin repeatedly create connections to a TLS victim server, and check for a response that satisfies a target difficulty decided by the network. If the response satisfies this condition, then parameters of the TLS hand-shake can be published by the miner to create a new valid block.
  You have to somehow generate valid responses to create blocks in a short time span, which is currently not very feasable with current technology if you're bruteforcing it.
  
  --
  Change is certain; progress is not obligatory.
I'm old by PopeRatzo · 2016-08-12 11:20 · Score: 1

It really seems like people just don't know how to behave any more.

--
You are welcome on my lawn.
What happened to USENIX? by pedantic+bore · 2016-08-12 11:47 · Score: 1

USENIX used to be one of my favorite conferences. Important work was presented there. Or at least work that, at the time, seemed like it had the potential to be important, although no program committee has yet been perfect at foreseeing the future...
This just seems like a silly joke taken too far.

--
Am I part of the core demographic for Swedish Fish?
1. Re:What happened to USENIX? by pedantic+bore · 2016-08-12 11:51 · Score: 2
  
  Oh, never mind. I saw the USENIX in the URL and jumped to a conclusion. It's just the Workshop on Offensive Technologies. Perfectly appropriate for that.
  
  --
  Am I part of the core demographic for Swedish Fish?
The awards goes to.... by TiggertheMad · 2016-08-12 11:52 · Score: 1

"The academy would like to acknowledge the hard work and dedication of the researchers at UCB and U of M for their innovative work with crypto currencies and security. In addition to the usual financial grants that the academy bestows upon recipients, we will be awarding several punches in the junk to the researchers involved for taking a good idea and being total tools. Good work gentlemen, and fuck you."

--

HA! I just wasted some of your bandwidth with a frivolous sig!
1. Re:The awards goes to.... by JustAnotherOldGuy · 2016-08-12 12:17 · Score: 1
  
  "In unrelated news, the University of Michigan and the University of Colorado Boulder both came under devastating, high-volume DDOS attacks of unprecedented severity, crippling both campuses and causing widespread outages. The attack shows no sign of slowing. Ever."
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
The victim can crash the market, as the issuer by Anonymous Coward · 2016-08-12 12:10 · Score: 1

If someone knows their network is being DDoSed, and the currency is based on proof of a connection to their (supposedly limited) servers... What's to stop them form setting up a local farm of nodes and "issuing" more currency to themselves?
This crashes the market for the DDoS-coin and removes an incentive for other people to attack.
Re:Correction by JustAnotherOldGuy · 2016-08-12 12:14 · Score: 1

Updated correction:
"...two assholes, a grad student from the University of Michigan and a junior faculty member from the University of Colorado Boulder..."

--
Just cruising through this digital world at 33 1/3 rpm...
Until it gets an exchange rate with Bitcoin by tepples · 2016-08-12 13:34 · Score: 1

Since it is made up money, it does not actually cost them any real money
That's true only until DDoSCoin gets an implementation. Once it does, watch an exchange rate with a better-known cryptocurrency emerge.
1. Re:Until it gets an exchange rate with Bitcoin by tepples · 2016-08-12 13:50 · Score: 1
  
  In order to buy more DDoS credits, you need to make TLS handshakes with the server chosen by someone paying you. Buying credits from someone else might be easier than mining them yourself by performing DDoSes for others.
Re: Perverse reward system by cunina · 2016-08-12 15:01 · Score: 1

That assumes that the risk is inversely proportional to the size of the site, which might be flawed. Bigger sites probably have more sophisticated tools to identify and track attackers. Plus a bigger legal budget.
Think past the edge of the envelope, people by Opportunist · 2016-08-12 15:08 · Score: 1

What they demonstrated here is that, when you abstract it further, you can reward behaviour that you want with scrip that can then again be used to pay for the same activity being used by you. Now, do we possibly know of some application for that? Well?
C'mon, no file sharer's here?
Now, I am not aware of the more recent development in the area (it's been a while since I torrented a Linux ISO), but back then it was so that you had to allow uploads to be eligible for downloads. Further back, some of you might remember the times of FTP servers with quotas where you had to upload some stuff before you were allowed to download something. This all worked on a per-session base. I.e. if I wanted something now, I had to upload now.
This introduces the possibility of uploading when you have content for "credit".
On a more legal as well as perverted note: Porn. There's plenty of amateur porn sites around that could use such a system. You upload a video and if someone watches, you get store credits to watch other videos with. Of course, anyone not providing content for the porn site has to pay with real cash.
You think this wouldn't take off? Fuck, if I was them I'd patent the living crap out of this!

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Now that's by Zoup · 2016-08-12 17:34 · Score: 1

WTF