CloudBots: Harvesting Crypto Coins Like a Botnet Farmer

Presented at Black Hat USA 2014, Aug. 6, 2014, 11:45 a.m. (60 minutes)

What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service. We explore just how easy it is to generate massive amounts of unique email addresses; in order to register free trial accounts, deploy code, and distribute commands (C2). We managed to build this cloud-based botnet all for the low cost of $0 and semi-legally. This botnet doesn't get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares! While riding on the fluffy Kumobot (kumo means cloud in Japanese), it was discovered that we were not the only ones doing this! With the rise of crypto currency we now face the impending rise of botnets that mine for digital gold on someone else's systems with someone else's dime footing the electric bill. Through our efforts in building a cloud-based botnet we built enough tools to share a framework for penetration testers and security researchers. The anti-anti-automation framework will show those tasked with defense exactly what it looks like when their free trial gets assaulted.

Presenters:

  • Oscar Salazar - Bishop Fox
    Oscar Salazar is a Senior Security Associate at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech start-ups. In this role, he focuses on application penetration testing, source code review, and secure software design. Oscar has presented at RSA, BSides, and Adobe's annual private Security Summit conference.
  • Rob Ragan - Bishop Fox
    Rob Ragan is a Senior Security Associate at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Rob's primary areas of expertise are application security assessment, source code review, and secure software design. Rob actively conducts web application security research and has repeatedly presented at Black Hat, DEF CON, RSA, B-Sides, InfoSec World, Hacker Halted, and Adobe's annual private Security Summit conference. He is also a contributing author to "Hacking Exposed Web Applications," 3rd Edition.

Links:

Similar Presentations: