Somebody thought this was actually a good idea

Aug 12, 2016 14:55 GMT  ·  By

In the most innovative, weirdest, and stupidest idea of the month, two researchers from the University of Colorado Boulder and the University of Michigan have created a crypto-currency that rewards people for participating in DDoS attacks.

Called DDoSCoin, this digital currency rewards a person (called miner) for using their computer as part of a DDoS attack.

DDoSCoin works only when targeting TLS-enabled websites

Just like Bitcoin, DDoSCoin uses cryptographic data to provide a proof-of-work. In DDoSCoin's case, this proof-of-work is extracted from the TLS connection a miner establishes with the website they're supposed to attack.

"In modern versions of TLS, the server signs a client-provided parameter during the handshake, along with server-provided values used in the key exchange of the connection," the researchers explain. "This allows the client to prove to others that it has communicated with the server."

Because of this, DDoSCoin rewards miners who launch DDoS attacks only on TLS-enabled hosts. According to Alexa, just 56 percent of the Top 1 Million sites support TLS.

Anyone can set up targets to attack

Another controversial feature found in the DDoSCoin schematics is a transaction called PAY_TO_DDOS, which allows others to set targets to attack.

PAY_TO_DDOS includes two arguments: (1) the domain of the victim website and (2) the number of TLS connections that need to be established.

These transactions are recorded as blocks inside the DDoSCoin blockchain (database). Miners will select one of the blocks, launch attacks, and receive the DDoSCoin crypto-currency as a reward for fulfilling the transaction.

The two researchers say that DDoSCoin can be exchanged for other crypto-currencies such as Bitcoin, and even fiat currencies.

There's still a problem with the target selection system

To fulfill a transaction, more than one miner must participate, otherwise, one miner sending traffic to a victim can be easily blocked.

To be technically called a DDoS ("Distributed" Denial of Service), multiple miners must participate in fulfilling a transaction and attack a domain. For this, the researchers created a system that allows miners to decide together on which transaction (attack) to execute.

Anyone can set up PAY_TO_DDOS transactions, even the websites admins themselves. Researchers say that domain owners could flood the network with low reward PAY_TO_DDOS transactions that the miners would not want to compute in an effort to deter attacks on their servers.

The paper is only a theoretical exercise, and a DDoSCoin crypto-currency does not currently exist. Such a network would surely be deemed illegal in nature in no time.