Researchers build cloud botnet and run Litecoin mining programs
Two security researchers used the free services of multiple cloud-computing businesses to create a botnet capable of mining a couple hundred dollars in crypto-currency on a daily basis.Bishop Fox’s senior security associates Oscar Salazar and Rob Ragan have experimented with the resources of cloud services by creating numerous free accounts, which were used for Litecoin mining, a virtual currency used as an alternative to the more famous Bitcoin.
The duo discovered that the online servers they had access to had the power to generate as much as $1,750 / €1,300 per week, without investing a single cent in the operation.
According to Wired, they relied on an automated process to create the necessary free accounts and proceeded to test about 15 services that did not require additional information during the sign-up procedure apart from a password.
At the end of the process, they were the masters of a cloud-based botnet with about a thousand computers.
“A lot of these companies are startups trying to get as many users as quickly as possible,” says Salazar. “They’re not really thinking about defending against these kinds of attacks,” the two associates told the publication.
For the creation of legitimate-looking email addresses, the duo modified information dumped online as a result of various data breaches.
Mining for Litecoin showed them that the computing power of the remote machines could produce some 25 cents a day, for each account. This may seem quite low, but considering the 1,000 accounts, it does add to a pretty sum without having to pay for electricity bills.
These figures are only estimates, because Ragan and Salazar did not keep the botnet mining for more than a few hours.
However, they left some of the mining programs running for two weeks in order to see if they could carry out their activity without being shut down by the operators of the cloud service.
Leveraging the online systems for making virtual money is only one side of the risks presented by creating an army of cloud computers, as these could also be used for criminal activities, such as password cracking, which has been previously discussed by experts in the industry.
Conducting distributed denial-of-service (DDoS) attacks is another way to use the machines. Ragan and Salazar told Wired that their botnet had the capacity to send the traffic seen from 20,000 computers.
On the same note, the administrators of the websites targeted by a DDoS attack carried out this way would have problems filtering out the traffic, because it originates from legitimate services.
Cloud systems will be more prominent on the radar of cybercriminals because of the computer power they offer and because they are suitable for coin mining activities.