Hackers exploit cloud services to build Money-Mining Botnet

Pierluigi Paganini July 28, 2014

Two security experts will present at the next BlackHat conference how to exploit cloud services to build Money-Mining Botnet.

Cloud computing is becoming the paradigm most abused by cybercrime, cloud architectures represent privileged targets of cyber criminals that desire to steal data they contain or to abuse their resources to conduct cyber attacks.

Two researchers, Rob Ragan and Oscar Salazar, have recently demonstrated how it is possible to use a cloud infrastructure to legally mine crypto currency. The researchers have developed a free LiteCoin-mining botnet that has generated $US1750 a week using free cloud sign up promotions.

The automatic tool was used recruit machines for the mining botnet across some 150 popular free services that each generated about 25 cents a day, the researchers will present the exploit to the next BlackHat conference.

“What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service.” the researchers declared.

The researchers are convinced that cybercrime will soon exploit similar techniques to turn cloud hosting services in “free supercomputer”.

“We’re definitely going to see more malicious activity coming out of these services.” “We essentially built a supercomputer for free,” Ragan said.

The attack schema designed by the researchers relies on application-hosting services that lack of security for sign-up procedures, this circumstance has made possible the creation of 1,000 non-existent users on 150 websites which offer cloud application services.

Cloud Computing

The experts haven’t revealed the name of the cloud hosting service providers they successfully exploited to avoid that cybercrime will immediately emulate them.

The two created the botnet starting from a a self-made list of fake email addresses, the fake customers didn’t raise any suspicions in the companies which were providing the services.

A lot of these companies are startups trying to get as many users as quickly as possible [which are] not really thinking about defending against these kinds of attacks,” Salazar told Wired.

Ragan and Salazar described to the Wired the process and the tools used in their experiment:

“Ragan and Salazar created their automated rapid-fire signup and confirmation process with the email service Mandrill and their own program running on Google App Engine. A service called FreeDNS.afraid.org let them create unlimited email addresses on different domains; to create realistic-looking addresses they used variations on actual addresses that they found dumped online after past data breaches. Then they used Python Fabric, a tool that lets developers manage multiple Python scripts, to control the hundreds of computers over which they had taken possession.” state the post published by Wired.

As explained by the researchers, many of the companies targeted use cloud services resold from Amazon, for this reason it could be very difficult to prevent such kind of attacks.

“Imagine a distributed denial-of-service attack where the incoming IP addresses are all from Google and Amazon,” “That becomes a challenge. You can’t blacklist that whole IP range.”Ragan said. 

It is clear that the technique adopted by the researchers “violates” the majority lot of terms-of-service, the researchers once completed the experiment have dismantled their botnet.

[adrotate banner=”9″]

Pierluigi Paganini

Security Affairs –  (Hacking, cloud services)

[adrotate banner=”13″]

you might also like

leave a comment