BSides Tel Aviv Blockchain technologies might be abused to create a takedown-resistant infrastructure for botnets. During a presentation at BSides Tel Aviv on Tuesday, security researcher Omer Zohar demonstrated a proof-of-concept for a fully functional command-and-control infrastructure built on top of the Ethereum network.

Zohar was exploring the scope for potential misuse of blockchain in a bid to keep one step ahead of hackers and develop potential mitigation strategies. The distributed ledger technology might be abused to create a decentralised and distributed infrastructure for the ultimate zombie network (botnet) C&C.

Managing a botnet is onerous. Once infected, a host must be able to discover, reach and maintain communication with its controller.

Crooks of various stripes have spent years attempting to perfect these capabilities to avoid detection, maintain anonymity and resist takedown efforts. Hacker techniques have evolved from simple HTTP requests, through DIY TCP protocols and encryption, on to the use of P2P networks, DGAs, Fast Flux and the occasional abuse of cloud-based services and social media accounts.

While all these techniques have a varying degree of resilience and covertness, all are vulnerable to takedown once network topology has been determined, Zohar said. Blockchain-based technologies might be abused to overcome these weaknesses. Read more from…

thumbnail courtesy of