A Cryptocurrency known as a DDoSCoin has been developed by two researchers. Report by Cryptocoins News, indicate that the DDoSCoin will be rewarding users that participate in a DDoS attack (distributed denial of service). Which only function when a website that is TLS-enabled (Transport Layer Security) is targeted by a user’s computer. TLS is a Cryptologic protocol in-charge of secure Internet communicating.
The two researchers Benjamin VanderSloot and Eric Wustrow, a University of Michigan, Ph.D. student and the University of Colorado, Boulder Assistant Professor, respectively, have published a paper named “DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work”. That shows with proof how DDoS currency grants miners access to participation through sending out requests to a web server on interest.
They, however, made it clear that they were not publishing a working altcoin using proof-of-DDoS in their work, but just a concept of one., as we found out from EcoTimes.
Even if Cryptocurrency endlessly allows for proof-of-work substituting, it’s worth noting that giving access to some of the resources remains an uphill task. However, the paper proves how DDoSCoin helps minimize this through providing bandwidth to the target domain. With this, the authors hope will help others develop the proof-of-resource problem.
According to The hacker News, for one to set up such a target you’ll need to employ any of these two mechanisms:
1) PAY_TO_DDOS: Here a premium, or price so that one can target particular domain
2) The second one a proof-of-stake that had been proposed as an alternative to Proof of Work would update a list of valid victims to be attacked
As you await for the attack to launch, a transaction is recorded and stored in a database. No all the miners need is to select the block with the transaction initiate the attack and get paid.
This consensus would help miners send and receive a substantial amount of traffic that would, in the end, provide a well-grounded proof of work, which can be easily be verified and the sender can claim an award that will be possible to sell for different currencies. To decentralize the DDoS attacks, Botnet owners or any other attacker can access the reward directly.
DDoSCoin is created only to reward attacks launched on servers on TLS protocol, and only about 56 percent of the top 1 million websites have TLS enabled. However, according to Alexa analysis, the number is set to increase. Victims of attack are chosen by consensus using proof-of-stake protocol. This enables the DDoSCoin participants to choose a target conjointly. Having the similar transactions to bitcoin, enables DDoSCoin to be swapped for bitcoins without no much issues.
The researchers, all the same, agree there is a possibility of malicious behavior, of which they have taken precautions to minimize possible harm.
On compatibility issues, they indicated that DDoSCoin would not work with TLS 1.2 and below.
Testing was done on a quad-core server supporting TLS and running on Nginx a version of the Unix operating system. It was noted that the CPU consumption of all the four cores reached to full utilization when running the miner, while only the attacker needed about 30% of a single core. This resulted in slower response times.
In defending against an attack, the paper noted that website owners could disable the TLS 1.2 and only remain with earlier versions of it.
However, websites can take legal actions towards the mining operations.