• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Hiding A Bitcoin Mining Botnet In The Cloud

August 15, 2014

Views: 4,929

This is a pretty interesting story, and an interesting use (or mis-use) of cloud resources. We’ve covered similar stuff before like the case when Yahoo! was Spreading Bitcoin Mining Botnet Malware Via Ads, and then more recently when the Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet.

Cloud Security

But this time it’s not malware based, a pair of researchers realised they could automate the sign-up to multiple cloud providers and leverage the free tier/free trial/freemimum accounts to mine Cryptocurrency (in this case Litecoin).

Hackers have long used malware to enslave armies of unwitting PCs, but security researchers Rob Ragan and Oscar Salazar had a different thought: Why steal computing resources from innocent victims when there’s so much free processing power out there for the taking?

At the Black Hat conference in Las Vegas next month Ragan and Salazar plan to reveal how they built a botnet using only free trials and freemium accounts on online application-hosting services—the kind coders use for development and testing to avoid having to buy their own servers and storage. The hacker duo used an automated process to generate unique email addresses and sign up for those free accounts en masse, assembling a cloud-based botnet of around a thousand computers.

That online zombie horde was capable of launching coordinated cyberattacks, cracking passwords, or mining hundreds of dollars a day worth of cryptocurrency. And by assembling that botnet from cloud accounts rather than hijacked computers, Ragan and Salazar believe their creation may have even been legal.

“We essentially built a supercomputer for free,” says Ragan, who along with Salazar works as a researcher for the security consultancy Bishop Fox. “We’re definitely going to see more malicious activity coming out of these services.”

Companies like Google, Heroku, Cloud Foundry, CloudBees, and many more offer developers the ability to host their applications on servers in faraway data centers, often reselling computing resources owned by companies like Amazon and Rackspace. Ragan and Salazar tested the account creation process for more than 150 of those services. Only a third of them required any credentials beyond an email address—additional information like a credit card, phone number, or filling out a captcha. Choosing among the easy two-thirds, they targeted about 15 services that let them sign up for a free account or a free trial. The researchers won’t name those vulnerable services, to avoid helping malicious hackers follow in their footsteps. “A lot of these companies are startups trying to get as many users as quickly as possible,” says Salazar. “They’re not really thinking about defending against these kinds of attacks.”

Other than mining Cryptocoins this distributed super computer could easily be used for other (more nefarious) purposes such as password cracking, DDoSing or doing any other large scale parallel task.

Mining Litecoins is a low hanging fruit though, low technical barrier and instant money – you don’t have to deal with other people in terms of renting out a DDoSing botnet etc. All you have to deal with is an exchange, and withdrawing your money.

Also $1750 a week isn’t bad money!

Ragan and Salazar created their automated rapid-fire signup and confirmation process with the email service Mandrill and their own program running on Google App Engine. A service called FreeDNS.afraid.org let them create unlimited email addresses on different domains; to create realistic-looking addresses they used variations on actual addresses that they found dumped online after past data breaches. Then they used Python Fabric, a tool that lets developers manage multiple Python scripts, to control the hundreds of computers over which they had taken possession.

One of their first experiments with their new cloud-based botnet was mining the cryptocurrency Litecoin. (That second-most-used cryptocoin is better suited to the cloud computers’ CPUs than Bitcoin, which is most easily mined with GPU chips.) They found that they could produce about 25 cents per account per day based on Litecoin’s exchange rates at the time. Putting their entire botnet behind that effort would have generated $1,750 a week. “And it’s all on someone else’s electricity bill,” says Ragan.

Ragan and Salazar were wary of doing real damage by hogging the services’ electricity or processing, however, so they turned off their mining operation in a matter of hours. For testing, however, they left a small number of mining programs running for two weeks. None were ever detected or shut down.

Aside from Litecoin mining, the researchers say they could have used their cloudbots for more malicious ends—like distributed password-cracking, click fraud, or denial of service attacks that flood target websites with junk traffic. Because the cloud services offer far more networking bandwidth than the average home computer possesses, they say their botnet could have funneled about 20,000 PCs-worth of attack traffic at any given target. Ragan and Salazar weren’t able to actually measure the size of their attack, however, because none of their test targets were able to stay online long enough for an accurate reading. “We’re still looking for volunteers,” Ragan jokes.

More disturbing yet, Ragan and Salazar say targets would find it especially tough to filter out an attack launched from reputable cloud services. “Imagine a distributed denial-of-service attack where the incoming IP addresses are all from Google and Amazon,” says Ragan. “That becomes a challenge. You can’t blacklist that whole IP range.”

I’m guessing after this a whole bunch of cloud providers might be adding additional security layers to their services to discourage this type of automated sign-up and botnet building activity, but then again a lot of the newer ones are concentrating on user growth – so adding barriers isn’t in their best interest.

We shall keep an eye on this and see if anyone else manages to take it any further.

Source: Wired

Share
Tweet
Share34
Buffer
WhatsApp
Email
34 Shares

Filed Under: Networking Hacking Tools, Web Hacking Tagged With: bitcoin, bitcoin mining, bitcoin mining botnet, cloud security



Reader Interactions

Comments

  1. lordspartner says

    August 16, 2014 at 4:45 pm

    This is not news. They are not the first to mine with cloud resources. Every one just has different approaches.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 289

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 450

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 484

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 395

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 608

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 563

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (234)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,294,854)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,089)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,624)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,684)
  • Password List Download Best Word List – Most Common Passwords (933,493)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,148)
  • Hack Tools/Exploits (673,293)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,159)

Search

Recent Posts

  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy