Dealing with DDoS - Blockchain would have saved Final Fantasy XIV
Dealing with DDoS - Blockchain would have saved Final Fantasy XIV

The recent Distributed Denial-of-Service (DDoS) attack on Final Fantasy XIV is a timely suggestion of where things are heading. Considering a growing number of insecure Internet of Things (IoT) devices are connected to one another, the potential for DDoS attacks to overpower an organisation is very real. According to leading cyber-security guru Brian Krebs, his site fell victim last year to a DDoS attack more sophisticated than any seen previously. The attack was launched almost exclusively by an extremely large botnet of hacked devices.

 

Large DDoS attacks often stem from a method known as a DNS reflection attack. In cases like these, perpetrators can leverage unmanaged DNS services on the Web to create huge traffic floods. The attack on Krebs' site came disguised as traffic designed to resemble generic routing encapsulation (GRE) data packets, a communication protocol used to establish a direct, point-to-point connection between network nodes. GRE lets two peers share data they wouldn't be able to share over the public network itself. One thing is clear, using traditional cyber-security technology, we are merely playing ‘whack a mole' against ever-changing DDoS attacks.

 

Collective computing power can foil a DDoS attack

 

As a distributed system, blockchain has built-in protections against losing communication with nodes. Even though bitcoin is an open network, its protocol has warded off several attempted attacks. The collective computing power available within blockchain makes it extremely hard for a cyber-attack to be successful – multiple nodes across multiple institutions must be attacked to overwhelm the full system. Where DDoS attacks are concerned, blockchain has protections to make sure that transactions can continue, even when several nodes go offline. The protocol recovers as nodes are brought back online and are resynced to ensure consistency and integrity is preserved. This is possible due to the unique set of encoded algorithms in the blockchain.

 

A blockchain's robustness largely depends upon its diversity, the number of nodes and its ‘hash rate'. Bitcoin and Ethereum public blockchains rely on miners using their hardware and software to do what amounts to brute force attacks to “crack/guess” the correct SHA256 (an encryption algorithm) to solve a block. Each attempt to solve the block requires the miner to calculate a hash value for the block; these attempts are called a ‘hash', and the speed they make these attempts is their ‘hash rate'. When they calculate the correct hash, they collect a reward plus any transaction fees included in the block. Once that block is added to the chain, all transactions within in it are immediately validated, along with every previous block (and every transaction in those blocks). This validation cements all transactions in place making them virtually impossible to reverse.

 

Attacking the miners directly is close to impossible, they do their work behind a Peer to Peer (P2P) network called ‘The Bitcoin Protocol' – which is designed to resist direct attack. P2P networks are notoriously hard to stop or even disrupt. Attacking the transactions is just as difficult, because they are stored in every single user's copy of the blockchain and are cryptographically verified by the mining process – it's a sort of open ledger that anyone can read and verify themselves.

 

IoT devices will make companies vulnerable 

Devices connected to the IoT are, by their very nature, built at a low price point – meaning they are unlikely to be embedded with sophisticated security. No surprise then that they're likely to remain the preferred DDoS client for future botnets. From an IoT botnet perspective, any Ethereum or Bitcoin mining on an IoT device would produce such a low hash rate that it would be essentially meaningless. Mining requires a high performance computing equipment, which is not what IoT devices are built upon. Already, an IoT Mirai ELF/Linux malware Bitcoin mining variant has been found, and almost four years ago, KrebsonSecurity.com discussed Bitcoin mining bots. While in that case PC's were the compromised hosts, to mine bitcoin is a far more CPU-intensive activity. This means that we do not see vast swarms of botnets on PCs mining bitcoin today, as they do not have the CPU capacity – while IoT devices have even less CPU capacity. 

In Charles Stross' sci-fi book, Neptunes Brood, he offers a futuristic, galactic view of how the IoT and blockchain may facilitate money transfer and exchange, while exposing the potential fraudulent aspects (spoiler alert: nothing changes, even in the future!). With the number of IoT devices in operation expected to climb from around 8.7 billion today to 29 billion by 2020 – this future of connected devices is no longer the stuff of fiction. Ultimately, the ease of launching massive DDoS attacks will grow – and no existing system can address this problem unless it is truly distributed. That's where blockchain comes in.


Contriubted by Stephen Holmes, VP FinTech Lab, VirtusaPolaris

 

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.