bitcoin1
Bitcoin News 

Could the Bitcoin blockchain be spreading malware ?

TK 0 Comments

Store by Thomas Fox Brewster

The blockchain, the public ledger of all Bitcoin transactions, has all kinds of good uses outside of providing stability for the world’s most popular cryptocurrency, from decentralised data storage to super-flexible email. But it can also be put to malicious use. According to Interpol’s Christian Karam, speaking from the Black Hat Asia conference, it could be abused to store malware control mechanisms or provide access to illicit content such as child abuse images that would be extremely difficult to take down.

To prove the point, Kaspersky researcher Vitaly Kamluk, who is currently on secondment at Interpol, created a proof of concept malware that could take in information from a hacker-controlled Bitcoin address (the unique identifier of owners of cryptocurrency) and a transaction hash (an encrypted representation of a transaction) over a command line. The malware, or demo app, as Kamluk calls it, connects to the Bitcoin network, requesting certain blockchain data from a Bitcoin address containing the ostensibly legitimate, but eventually malicious, information on the network. The app then locates the related transaction information from the data, extracting chunks of code stored as recipient Bitcoin wallet identifiers, he told FORBES. These are then pieced together and run.

A malicious hacker could use such techniques to craft payloads that would perform actions on target’s PCs, such as stealing data or scooping up passwords with keyloggers. In the proof of concept, the malware was primed to take commands from hacker tool Metasploit, but the researchers were keen to point out they did nothing evil with their power. Such attacks would also work with any other blockchain-based cryptocurrency, Kamluk said.
uploaded data to the blockchain

Researchers uploaded data to the blockchain that could have been put to malicious use

The issue lies in the ability to “pollute” the blockchain with information that isn’t related to transactions. There are a variety of known methods for adding arbitrary data to the blockchain. This “bloat” has long been seen as a problem with the ledger, though it’s also there by design. It’s what allows services like PayStamper to add data to the blockchain, in that company’s case information related to customer transactions. Once the information is there, whether for good or bad, it’s there forever under the current rules of Bitcoin, notes Kamluk.

There have been some prior indications such techniques could be put to criminal use. Last year, a virus signature from the infamous Stoned virus was uploaded to the blockchain, though there was no obvious danger to users.

University of Newcastle researchers earlier this year presented “ZombieCoin”, a botnet command and control (C&C) mechanism for sending commands to malware running on the Bitcoin network. Their method was similar to Kamluk and Karam’s. To send messages to their bots, they used the OP RETURN function, which allows Bitcoin users to insert up to 40 bytes of data in transactions. That bandwidth “is more than sufficient to embed most botnet commands which are typically instruction sets in the format”, their paper read. They also used some “subliminal channels” in the signatures sent out across the network.

Using these techniques, they were able to have their bots carry out commands, including the collection and encrypted transmission of a screenshot back to their botnet master system. They claimed any regulation or attempt to delete bad blockchain data would have a negative impact on the cryptocurrency, as it isn’t designed to be tampered with.

“We believe this is a desirable avenue botmasters may explore in the near future… Bitcoin is an ideal C&C dissemination mechanism for botnets,” the paper read.

“Most importantly, C&C communications over the Bitcoin network cannot be shut down simply by confiscating a few servers or poisoning routing tables. Furthermore, disrupting C&C communication would be very hard to do without seriously impacting legitimate Bitcoin users and may break Bitcoin.

“Any form of regulation would be a fragrant violation of the libertarian ideology Bitcoin is built upon. It would also entail significant protocol modification on the majority of Bitcoin clients scattered all over the world.”

Ittay Eyal, a Bitcoin researcher in the Department of Computer Science at Cornell, believes that botnet owners would be put off using the blockchain for their malware communications, as “the goal is timely transfer of commands and feedback”. But the Newcastle study showed that 50 per cent of the time the bots responded within five seconds of a command going out, and 90 per cent of the time within 10 seconds.

Newcastle researcher Taha Ali told FORBES there are two issues with using the blockchain for botnet attacks. A sizeable botnet could start making too many connections to the Bitcoin network and deny normal users access – effectively carrying out a Distributed Denial of Service on Bitcoin. And as Bitcoin usage is very limited today, network admins in big companies will find it suspicious if too many PCs suddenly start connecting to the Bitcoin network one day. “However, as Bitcoin usage grows – as trends seem to suggest – then the botnet scenario is very very promising,” Ali added. “Criminals don’t need to create their own C&C infrastructure, Bitcoin is already resistant to typical botnet takedown tactics, and anonymity and security is already built in.”

Though for now, Blockchain-based botnets remain the work of researchers, not criminals, as far as anyone is aware, their potential as a surreptitious form of malicious communication remains a concern. “The use of the blockchain for command and control of malware is even more difficult to control, because the instructions can be encoded in a way that looks opaque to everyone except the malware itself. There is no good solution for this; it’s a price we have to pay for freely transmitting information,” added Eyal’s Cornell colleague, Emin Gün Sirer.

Gavin Andreson, chief scientist at the Bitcoin Foundation, said using C&C on the blockchain would be “very expensive” due to the transaction fees hackers would have to pay. He also noted that botnet operators don’t want there to be any permanent record of their crimes. “The risk to them is that their command server gets seized, and then they are prosecuted for everything it ever did. It is much better if the commands are impermanent. Using the Bitcoin peer-to-peer network (instead of the blockchain) makes a lot more sense, but there are much larger peer-to-peer networks where botnet activity is easier to hide, so even then it is unlikely any botnet operator would choose to piggyback on the Bitcoin network.”

Whilst there have been no concrete examples of botnet control via the Blockchain, there have been a number of cases of illegal content appearing in the database. Links to child abuse imagery were allegedly placed in the ledger back in 2013.

“This is not good for the network or the database,” added Karam, who is worried about such material being irremovable and accessible in perpetuity. He wants the Bitcoin community to take note of the pollution problem, though hasn’t directly reached out to stakeholders.

Blockchain.info, which provides services for exploring the blockchain and Bitcoin wallet provider, declined to comment on this article.

Via: http://www.forbes.com/sites/thomasbrewster/2015/03/27/bitcoin-blockchain-pollution-a-criminal-opportunity/

Facebooktwittergoogle_plusredditmailby feather

Leave a Reply