Sometimes, truth is stranger than fiction! The recent Distributed Denial-of-Service (DDoS) attacks on Final Fantasy XIV’s gaming platform are quite surreal, yet a timely signpost of where things are heading. Using traditional cyber security technology, we are playing “whack a mole” against the ever-changing DDoS attacks.
We live in an age where DDoS attacks will only grow over time, while becoming more mature in the process. It’s no longer just a script kiddie activity. Considering a rising number of unsecured IoT devices are connected to one another, the potential for DDoS attacks to creep in and overpower an organization is very real.
Just last year, KrebsOnSecurity.com experienced the largest recorded DDoS attack, which came disguised as traffic designed to resemble generic routing encapsulation (GRE) data packets, a communication protocol used to establish a direct, point-to-point connection between network nodes. GRE lets two peers share data they wouldn’t be able to share over the public network itself.
Brian Krebs is a leading cybersecurity guru, but his site was struck by a DDoS attack more sophisticated than what had been seen previously. According to Krebs, this attack was seemingly launched almost exclusively by an extremely large botnet of hacked devices. Large DDoS attacks appear to stem from a method known as a DNS reflection attack. In cases like these, perpetrators can leverage unmanaged DNS services on the Web to create huge traffic floods.
Blockchain, a truly distributed system, has built-in protections against losing communication with nodes. To date, the largest blockchain is Bitcoin. Even though Bitcoin is a truly open network, its protocol has warded off several attempts made to attack this network.
What’s crucial to realize is the collective computing power available within blockchain makes it extremely hard to be successful in a cyberattack. Multiple blockchain nodes across many different institutions must be attacked to overwhelm the full system.
When it comes to a DDoS attack, the blockchain has protections to ensure transactions can continue even if several nodes go offline. Of course, not all blockchain networks are equal, and a particular network’s robustness largely depends upon its diversity and number of nodes and its hash rate.
Ethereum currently has 34,051 nodes; Bitcoin has 7,524. However, the hash rates are vastly different. Ethereum has a hash rate of approximately 55 TH/s (Tera [trillion] hashes per second) and Bitcoin has 5,660,000 TH/s. However, Ethereum hash rates are rapidly climbing day by day and are following a similar pattern to Bitcoin hash rate growth.
The public Bitcoin and Ethereum networks rely on miners using their hardware and software to do what amount to brute force attacks to “crack/guess” the correct SHA256 (an encryption algorithm) to solve a block. Each attempt to solve the block requires the miner to calculate a hash value for the block. They call these attempts a hash, and the speed with which they can make these attempts is called their hash rate. When they calculate the correct hash, they collect a reward plus any transaction fees included in the block.
That block is then appended to the end of the existing blockchain, validating all of the transactions in that block and every previous block. This validation cements all transactions in place, making them virtually impossible to reverse.
Attacking the miners directly is close to impossible. They do their work behind a peer-to-peer network designed to resist any sort of direct attack called the Bitcoin protocol. Peer-to-peer networks are notoriously hard to stop or even disrupt.
Attacking the transactions is also close to impossible because they are stored in everyone’s copy of the blockchain and cryptographically verified by the mining process.
To bring down the public Bitcoin or Ethereum networks you would have to beat them at their own game, fight fire with fire if you like, and use mining and the Bitcoin protocol against them. This is possible if you own 51 percent of the mining capability (hash rate), but it’s extremely expensive. And if you are one bad actor, the other non-bad actors will very quickly overwhelm the 51 percent to take back control of the network. The advantage here is that it enables an asymmetric attack on the bad actor. Raising the cost of an attack and the speed of response.
You could argue that Bitcoin has been the ultimate hacker honey pot for many years now. Yet despite this the Bitcoin core network has remained secure. Issues have been mostly about wallet security, secure storage of keys, and Bitcoin web site exchange scalability.
Blockchain nodes can run consensus algorithms – if several nodes are offline, others continue – even if they were taken offline by a DDoS attack. The protocol recovers as nodes are brought back online and are re-synched to ensure that consistency and integrity is preserved. This is possible due to the unique set of encoded algorithms in the blockchain.
Because IoT devices, by their very nature, are built at a low price point, sophisticated security will unlikely be embedded in them. That’s why they will remain the DDoS client of choice for future botnets. With the number of IoT devices in operation expected to climb from around 8.7 billion today to 29 billion by 2020, according to Gartner research, the ease of launching massive DDoS attacks will grow and no existing system can address this problem unless it is truly distributed. That’s where the blockchain solidly comes in handy.
From an IoT botnet perspective, running Ethereum or Bitcoin mining on a IoT device would give you such a low hash rate it would be virtually meaningless. Mining requires high performance computing equipment. We do not see vast swarms of botnets on PCs mining Bitcoin today simply because they do not have the CPU capacity. IoT devices have even less CPU capacity.
If you want a longer-term view of blockchain in the future, be sure to read the sci-fi book Neptune’s Brood by Charles Stross, which will give you a galactic view of how blockchain may facilitate money transfer and exchange with a discussion of the potential fraudulent aspects (spoiler alert: nothing changes, even in the future!).
The article was originally published on Venturebeat and is re-posted here by permission.