Leveraging bitcoin testnet for bidirectional botnet command and control systems

Abstract

Over the past twenty years, the number of devices connected to the Internet grew exponentially. Botnets bene ted from this rise to increase their size and the magnitude of their attacks. However, they still have a weak point in their Command & Control (C&C) system, which is often based on centralized services or require a complex infrastructure to keep operating without being taken down by authorities. The recent spread of blockchain technologies may give botnets a powerful tool to make them very hard to disrupt. Recent research showed how it is possi- ble to embed C&C messages in Bitcoin transactions, making them nearly impossible to block. Nevertheless, transactions have a cost and allow very limited amounts of data to be transmitted. Because of that, only mes- sages from the botmaster to the bots are sent via Bitcoin, while bots are assumed to communicate through external channels. Furthermore, for the same reason, Bitcoin-based messages are sent in clear. In this pa- per we show how, using Bitcoin Testnet, it is possible to overcome these limitations and implement a cost-free, bidirectional, and encrypted C&C channel between the botmaster and the bots. We propose a communica- tion protocol and analyze its viability in real life. Our results show that this approach would enable a botmaster to build a robust and hard-to- disrupt C&C system at virtually no cost, thus representing a realistic threat for which countermeasures should be devised.