• Solution. Support. Expertise
  • +43 664 635 1238
  • +1 647-947-4502
  • info@tdwebservices.com
A Money-Mining Botnet hidden in the Clouds of AmazonA Money-Mining Botnet hidden in the Clouds of AmazonA Money-Mining Botnet hidden in the Clouds of AmazonA Money-Mining Botnet hidden in the Clouds of Amazon
  • Hosting
    • Hosting
      • Business Hosting
      • Enterprise Hosting
      • TDWS VPS
      • Managed WordPress Hosting
      • Highly Optimized WordPress Hosting
      • Laravel Hosting
      • Odoo Hosting
      • Moodle Hosting
      • TDWS Reseller Plans
    • E-Commerce Solutions
      • Managed WooCommerce Hosting
      • Highly Optimized WooCommerce Hosting
      • Magento Hosting
      • PrestaShop Hosting
      • OpenCart Hosting
    • Dedicated Servers
      • Gaming Servers
    • TDWS Global Monitoring System
      • Server Monitoring
      • Network Monitoring
      • Application Monitoring
      • Database Monitoring
      • Cloud Monitoring
      • Container Monitoring
      • Storage Monitoring
  • Cloud
    • TDWS Cloud
      • TDWS Cloud Servers
      • TDWS CloudSites
      • TDWS Box Cloud
      • TDWS Virtual Private Cloud
      • TDWS Cloud Drive
    • TDWS Private Cloud
      • KVM Hypervisor Private Cloud
      • Xen Hypervisor Private Cloud
      • Microsoft Hyper-V Private Cloud
      • VMware ESXi Private Cloud
      • VMware Public Cloud Servers
    • Services
      • DB as a Service
      • Disaster Recovery as a Service
    • Other
      • TDWS Cloud Infrastructure
      • TDWS Hybrid Cloud
  • Insights
    • Small Business
    • Knowledge Base
    • Cloud Computing
    • Expert Opinion
    • Industry debates
    • Thought Leadership
  • About Us
    • Why Us
    • Data Centers
    • Affiliate
    • TDWS Channel Partners
    • Contact Us
    • TDWS Customer Reviews
    • TDWS Video
    • Legal
      • TD Web Services Acceptable Use Policy (“AUP”)
      • TDAG DMCA Notice Policy
      • TDAG Privacy Policy
      • Master Service Agreement
      • Service Level Agreement
Login
✕
How 5G will Power the Future Internet of Things
24 September 2015
Enhance Performance with a Dedicated Server
8 November 2015

A Money-Mining Botnet hidden in the Clouds of Amazon

Published by Trupti Vaghela on 28 October 2015
Categories
  • Industry debates
Tags
  • Cloud
  • Cloud Computing

It has been a long standing habit for hackers to apply malware to dominate PC’s, however Oscar Salazar and Rob Ragan had a different mindset. They set out to explore the available computing resources rather than the traditional approach of stealing computing resources.

Salazar and Ragan will be revealing next month in Las Vegas how they put together a botnet with freemium accounts and free trials within online application-hosting services. These are mainly used by coders in testing and development to avoid purchasing storage or their individual servers. The duo generated distinctive email addresses and signups for the free accounts in bulk by automating the process and subsequently bring together a cloud-based botnet of approximately a thousand computers.

That Salazar and Ragan believe their creation may have been even legal given that it was adept at initiating synchronized cyberattacks, excavating hundreds of dollars of cryptocurrency and even cracking passwords is just a tip off the iceberg.

Ragan who works with alongside Salazar as a researcher for the security consultancy Bishop Fox said, “We essentially built a supercomputer for free, we’re definitely going to see more malicious activity coming out of these services.”

Many players such as CloudBees, Heroku, Google, and Cloud Foundry are enabling developers to host remotely on servers in datacenters located elsewhere, and reselling resources from other companies like Amazon and Rackspace. The duo tested account creation form around 150 of these services. Two thirds did not require additional credentials beyond email addresses. They did not ask for credit card information, fill out of captcha or phone number. The choice was easy within the two thirds remaining. They opted to go for approximately 15 services that allowed them register for free trial or free account. They have withheld the names of the susceptible services to avoid aiding malicious hackers to prey on them. Salazar said, “A lot of these companies are startups trying to get as many users as quickly as possible, they’re not really thinking about defending against these kinds of attacks.”

The Feat

Upon creating their automated process for rapid-fire registration and confirmation using Mandrill email service and their program operational on google App Engine, they applied the service by the name FreeDNS.afraid.org to generate unlimited email addresses on various domains. Their emails appeared realistic by using variations of actual email addresses dumped online from past data breaches. They controlled the hundreds of computers in their possession by use of python fabric, which is a tool that facilitates for developers to manage several python scripts.

They started off with mining the cryptocurrency Litecoin, Using their cloud-based botnet. Unlike bitcoin (most easily mined with GPU chips), cryptocoin is well-matched to the cloud computer’s CPU. They established that it was possible to mine 25 cents per account daily based upon the exchange rates for Litecoin then. BY focusing the entire botnet towards that effort would have yielded $1,750 weekly. “And it’s all on someone else’s electricity bill,” says Ragan.

They were however wary of conducting any real damage in hogging the services; electricity or processing hence they shut down the mining process in a couple of hours. They however maintained a small sum of mining programs operating for two weeks none of which was ever discovered or shut down in the time.

Aside from mining Litecoin, the duo says they could have employed their cloudbots towards malicious ends, e.g. click fraud, password-cracking distribution, the more common denial of service attacks that flood websites with junk traffic.

According to Salazar and Ragan, none of their test targets stayed online long enough to give them an accurate reading. As a result they were not able to measure the size of their attack. “We’re still looking for volunteers,” Ragan jokes. They do however say that their botnet could have funneled approximately 20,000 PCs worth of attack traffic towards a given target. This is since cloud services offer more networking bandwidth that any average home computer may possess.

What is more disturbing is that targets would have found it especially difficult filtering out an attack launched from reputable cloud services. “Imagine a distributed denial-of-service attack where the incoming IP addresses are all from Google and Amazon,” says Ragan. “That becomes a challenge. You can’t blacklist that whole IP range.”

Legality

It would be illegal to apply a cloud based botnet for an attack of that kind. Crafting the botnet, might not be.

According to the two researchers, regardless of legal protections, companies should and need to implement their own anti-automation techniques to prevent this kinds of bot-based signups. While they admitted that they did indeed violate a lot of companies’ terms of service, it is still a legal debate whether the actions found a crime. Most terms of service abuses go without punishment: which is good as minority of internet users actually read them.

They indicated that at their BlackHat talk, they would release both the software that was used to create cloudbots and control them in addition to defense software that they say can shield against their schemes.

“We wanted to raise awareness that’s there’s insufficient anti-automation being used to protect against this type of attack,” says Ragan. “Will we see a rise in this type of botnet? The answer is undoubtedly yes.”

In the time that Salazar and Ragan were conducting their experiments, they have seen companies like Engine Yard and AppFog turn off their free option resulting from malicious hackers’ exploitation of their services.

Share
0
Trupti Vaghela
Trupti Vaghela

Related posts

20 February 2023

Why an LMS is Essential for Selling Courses Online


Read more
16 February 2023

CentOS Stream vs AlmaLinux: Which Distribution is Right for You?


Read more
13 July 2020

Improving your customers’ user experience with 10gbps 


Read more
29 June 2020

Does investing in 10gbps have a favorable ROI for your eCommerce?


Read more
11 May 2020

How Fast Should A Website Load in 2020?


Read more
8 May 2020

Choosing the Right Hybrid IT Infrastructure Mix for Your Applications


Read more
16 December 2019

How to use turnkey websites to grow your agency


Read more
23 November 2019

Tips For Backing Up Your VPS


Read more

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Our Services

  • Business Hosting
  • TDWS VPS
  • Dedicated Servers
  • E-Commerce Solutions
  • Enterprise Hosting
  • Managed WordPress Hosting
  • Highly Optimized WordPress Hosting
  • SSL Certificates

TDWS Cloud

  • TDWS Cloud Servers
  • TDWS CloudSites
  • VMware Public Cloud Servers
  • VMware ESXi Private Cloud
  • Microsoft Hyper-V Private Cloud
  • TDWS Virtual Private Cloud
  • Hybrid Cloud
  • Cloud Infrastructure

Recent Posts

  • The Power of Plus Addressing
  • Why an LMS is Essential for Selling Courses Online
  • CentOS Stream vs AlmaLinux: Which Distribution is Right for You?
  • De-Risk Your IT Strategy with TDWS High-Performance Cloud
  • Speeding Up Success: How Power Day Sale Improved Website Performance and Increased Conversions

About Us

  • About Us
  • Why Us
  • Affiliate
  • Contact Us
  • Data Centers
© 2021 TD Web Services. All Rights Reserved.