Advantages become disadvantages, researchers say Lightning Network is the best choice for creating botnets

Bitcoin's Lightning Network is a faster and cheaper way to send Bitcoin. But it could also be a more efficient way to send malware.

Researchers from Florida International University stated in a paper published on December 24 that the anonymity of Lightning Network and its lack of censorship make it extremely attractive for botnet attacks. They believe that these characteristics provide many advantages for spreading and remotely controlling malware. They even made a proof-of-concept LNBot themselves-a hidden hybrid botnet that could be used to steal funds.


Ahmet Kurt, a co-author of the paper and a researcher at the Florida International University's Cyberphysical Systems Security Lab, said:

"We think shutting it down (botnets) is very difficult. We have listed some possible countermeasures, and the community can find some other possible countermeasures to stop this type of attack."

Hackers install malicious software (ie computer viruses) on a large number of computers and use this software to control these computers, forming a botnet. Hackers can then use the computers they control to do evil. The hacker controls the computer through a command and control (C & C) server (the target machine can receive commands from the server, so as to achieve the purpose of the server controlling the target machine, and at the same time, it can hide the personal identity), without revealing its identity .


(Schematic: how to attack botnets by spreading malware through Lightning Network)

However, the paper states that hackers realize that it is difficult for them to maintain a centralized C & C server without detection. As a result, they tried more hidden channels, such as social media networks, but it made no sense if some users did not log in to their accounts frequently. As a result, hackers started experimenting with peer-to-peer technologies such as Bitcoin. But in Bitcoin, all instructions are public and hackers can easily expose them. So none of these options work.

In contrast, Bitcoin's expansion plan-Lightning Network-is likely to be the best option for hackers to control botnets.

The Lightning Network is a two-tier capacity expansion solution built on the Bitcoin blockchain, which can process more transactions at a lower cost. You can trade with anyone at any time, and any party has the right to close the transaction channel and settle on the Bitcoin blockchain.

The researchers stated:

"In this article, we propose that Lightning Network with the above features (ie faster transactions and low cost) is an ideal botnet C & C infrastructure. Specifically, Lightning Network provides a lot of botnet attackers There are no advantages over existing technologies. "

The advantages of the Lightning Network are: first, the anonymity of transactions is much higher, and not all transactions are publicly recorded on the ledger-unlike Bitcoin. However, this means that an attacker can communicate with the C & C server more secretly.

Second, knowing the location of one C & C server does not reveal the location of other C & C servers-this gives attackers multiple ways to control botnets. Although there is a glimmer of hope:

"Although shutting down the C & C server will neither expose the originator of the botnet nor block the entire botnet, it will shut down a portion of the botnet, thereby reducing harm to the victims."

Third, according to researchers, communications from C & C servers cannot be censored. Because the Lightning Network is a peer-to-peer network, there is no authoritative organization to specify what information can be transmitted and what information cannot be transmitted. Although there are watchtowers to resolve disputes, these watchtowers do not have the authority to review information. Therefore, Lightning Network is the perfect choice for the rapid development of botnets.

If a botnet is built on the Lightning Network, the results can be disastrous. An attacker would be able to control a Lightning Network node (the computer responsible for running the network) to make payments. This will completely destroy this network.

And the cost is not high.

The paper states that the cost of running 100 C & C servers is 0.06 bitcoin, and at the current bitcoin price of $ 7,270, it costs only $ 436.

"This is a one-time investment cost. LNBot consisting of 100 C & C servers. Considering that each C & C server can control thousands of robots, this is a very small amount."

These attacks fit perfectly with the current version of Lightning Network, and there is little to stop them. Researchers built 100 real-time C & C servers and run them on today's network. They don't need to make any changes at all. In addition, the paper states that Lightning Network developers are adding a feature that may make it harder for botnets to be destroyed.

Kurt says:

"The purpose of this research is to make security researchers and Lightning Network developers think about how to stop this situation."