Cyber-Criminals Putting Botnets to Work on Bitcoin Mining

The market for bitcoins—a virtual currency secured by hard cryptographic problems—fluctuates as cyber-criminals attack the largest online bitcoin exchange.

As a digital currency based on tough math problems, bitcoins have mostly remained a form of underground cash used by technically savvy consumers of questionable goods.

Over the past year, however, interest in the currency has exploded, as the digital money has gained adherents. The currency's popularity has particularly taken off in the past month, with the value of a bitcoin jumped to more than $200, from less than $20 at the beginning of the year.

The currency’s has not only attracted a handful of startups focused on serving bitcoin consumers, but naturally the criminal element as well.

In March and April, for example, Mt.Gox—the most popular exchange for turning bitcoins into more real currencies—has been suffering a distributed denial-of-service attack (DDoS), causing intermittent outages.

"We are continuing to experience a DDoS attack like we have never seen," the exchange said in a statement posted on April 4. "While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours."

The attacks are likely intended to destabilize the currency. The exchange handles roughly 80 percent of the trade in bitcoins, it claims, making the site a prime target for those who would extort money or seek to cause fluctuations in the currency's value.

Yet, doing so in a predictable manner is difficult. The intrinsic value of a bitcoin is difficult to estimate, according to Robert Graham, CEO of security consultancy Errata Security. In a blog post analyzing bitcoins, Graham showed that different assumptions could result in wildly different values for a bitcoin, from 1 cent to $15,000.

"I don't know how a DDoS attack would directly affect the price," he said. "I could imagine that it could be used for arbitrage," where the criminals could cause delays at the exchanges to enable them to take advantages of small differences in prices.

The DDoS attack is not the only cyber-criminal attack on bitcoins. ZeroAccess, a massive botnet, uses compromised computers to gather money from fraudulent ad clicks, but also uses the processing power of infected computers to "mine" bitcoins.

Bitcoin mining is the primary way that bitcoin transactions are validated, with a successful validation gaining the "miner" a bounty of bitcoins. In effect, the mining process is a mathematical lottery: Miners with more processing power are more likely to successfully calculate the right number, gaining the bounty.

While the power of the ZeroAccess botnet—even with millions of infected computers—is less than some of the specialized bitcoin mining hardware platforms, the botnet is likely successfully mining bitcoins. And, since the operators of ZeroAccess do not have pay the cost of the electricity needed to run the botnet, the activity is profitable, Richard Henderson, security strategist with Fortinet, told eWEEK.

"The logic dictates that they wouldn't be doing it unless they were generating a lot of bitcoins," he said. "They are probably just sitting on their bitcoins. Will they cash out? It's impossible to say."

While the value of bitcoins has crashed in the past week, dropping to less than $100 on April 12, the currency is sustainable in the long term, says Errata's Graham.

"There is always a desire for underground currency and that means there will always be some value to bitcoins," he said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...