Topic: ASIC botnet: The new threat? (Read 4256 times)

in the case of bASIC, it would be easy to spot as the firmware will be released as open source. Same with Avalon.

In the case of a hardcoded backdoor into the hardware or BFL (closed source), traffic analysis would show other outgoing communication than the account you config (your own choice of pool or solo mining). Whoever makes the hardware has little control over where/how you deploy the hardware.

What if BFL/bASIC backdoors the ASIC's? 

There's probably something like zeus for miners already out in the wild. What you're seeing isn't whats really there.

Though I appreciate links, as I requested them (maybe you missed that post), neither of these fit any criteria of the quote.

Top line from The AMA post:

20GH = 20,000 MH; 20,000 MH / 10,000comps = 2MH/comp. Or roughly what you'd get out of an old crappy CPU. I did say in the quote that CPU mining is most likely of the unlikely scenarios.

For the symantec stuff, GPU malware != GPU botnet. Simply is one, low-risk (hasn't spread much) example of code that has that ability. No one is claiming that it is impossible to do, that isn't what we're discussing, so this is not a useful link. If it were a report of how it was a widespread hidden threat that would make more sense.


As to the other guy with the botnetter friend, well. I will just leave that conversation be then.

Cool stuff. I wonder how sustainable the botnets actually are over time.

Even so, I don't think "botnetting" ASIC devices will be all that possible until the general public utilizes them daily (assuming it ever reaches that point). They're way too much of a niche device, tailored to a subset of the bitcoin community. To presume these botters are going to utilize ASICs attached to PCs undetected is a bit absurd....though not impossible.

I'm not suggesting he is a botnetter. I know he is a botnetter, he paid BTC 20 for the custom miner from a guy on Silk Road that installs itself on machines through a trojan horse and makes them into dedicated workers.

The people that run the botnets don't care if it's CPU or GPU, but they are more interested in harvesting good GPU machines. With most recent machines sporting some kind of GPU, they are actively being milked.

Check some of the stats individual people are getting on pools. A single individual that has 300 GH/s surely does not have all these machines in his own office.

Maybe you missed those threads:

https://bitcointalk.org/index.php?topic=81356.0;all
https://bitcointalksearch.org/topic/wonder-who-this-solominer-is-8862169-67634

http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/

http://arstechnica.com/tech-policy/2011/08/symantec-spots-malware-that-uses-your-gpu-to-mine-bitcoins/

http://www.symantec.com/security_response/writeup.jsp?docid=2011-081115-5847-99&tabid=2

I'm not asking for accurate numbers, I'm asking for any confirmed botnet reports, and evidence as to them being GPU based, as you so casually stated that they were.

What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there".

That is hardly conclusive evidence of the roving bands of GPU botnets you claim.

CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful.

To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here).

He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before)

There is a banner when you register that says "In case of illegal activity your account will be locked",
https://deepbit.net/register.php

With the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning

I think a smart GPU botnet would setup a Bitcoin mining proxy or a mining pool.

Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.

Actually there are plenty of GPU botnets and big pools like Deepbit have to take frequent action against them. Deepbit blocks single accounts that have more than 150 (?) different IPs connecting.

To see if they are CPU or GPU botnets, one should ask if Tycho would release the stats on such an account so one can judge how much MH/s per IP they generate.

A smart GPU botnet would of course create a different account for each worker but that is sooooo much work, right? ;-)

kokjo is an idiot who picks fights with everyone, constantly pretends to misunderstand what is being said, and initiates verbal abuse toward people.

You have some contrary evidence? Or you just have no logical response?

Did the FPGA get cheaper? BTCFPGA MM Quad is still $1k.

This made LOL. No, seriously....it did.

This is null.

The only thing left is don't get owned.

The incentive is Bitcoin. Or cryto-currency.

I don't mean to sound insensitive but it sounds like you're approaching a very technical problem from a very non-technical point of view. So let's try a different approach.

To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin. Why would this change with ASICs? If as you say, ASICs become cheap like water, difficulty becomes high like a mountain. A 60GH/sec ASIC becomes the equivalent of a 300MH/sec GPU today, and there is as little incentive to seek out ASICs as there is for the other methods.

How many people are rich? By definition, very few (limited resource world). Thus very few people would "set it and forget it" after buying hardware that has no function except mining. Most people with money would as MrTeal said rather buy Bitcoins directly. It's faster, easier, can just throw it somewhere and forget about it. This idea of an ASIC botnet is really just a bugaboo.

There's no incentive for the vast majority of people to buy ASIC mining hardware regardless of price. Everyone needs a CPU and some sort of graphics hardware in a computer. Even if Bitcoin really takes off the cast majority of people won't buy mining hardware; there's no reason to. They could just buy BTC on the market.

ASIC will, in the-not-so-distant future, cost about the same as GPU.

The cost is high now coz there's a HIGH demand for ASIC. Once that little bubble burst, I'd imagine ASIC price will fall.

I'll personally order a few and plug them in and forget em, I got other things to do. So does my rich friend who's even less tech savvy than I am.

With that, there's a chance they'll get own, becoming part of a net.

Anybody that spent that much money on their ASICs is going to be watching the returns (the money flowing in). If they notice an anomaly, they will know something is wrong.

Was there ever FPGA botnet?

The target is likely too limited and diverse for a botnet attack.  There will be relatively few people out there using ASICS and of those that do they will likely be using many different types of OS/distributions.  Unless you have zero days for everything it's going to be unlikely to get anything on a mass scale.

Additionally, how many people will actually have their ASICS hooked up to a desktop machine?  Personally, I will have mine hooked up to minimal boxes with some minimal version of linux where every service will be turned off except the mining client and sshd on a non-standard port so I can access it locally on my network.

Luckily, ASICS will boost the difficulty up high enough so that having a botnet that mines off cpu/gpu as they do now will possibly pay less than the effort is worth.

if you're the botter and you're smart you're gonna tell the bot to

mine cpu
and if gpu exists, mine gpu
and if asic exists, mine asic

in effect turning it into a cpu/gpu/asic botnet, or short

"botnet"

So in summary, It's possible, but unlikely, unless.....

.....Ok then, my hypothesis is simple:
One day ASIC will be quiet affordable and user-friendly. (any objections?)

Normal people will continue doing unsafe computer actions. (any objections?)

More knowledgeable individuals will simply own those machines. (any objections?)

Thus we have ASIC botnet. (May not be worth it for YOU)

0 day of what? Some flaw in the ASIC miners code? Or a flaw in the host machine? These are not typically the leads to botnets anyway.

Here's the thing, what are botnets used for? They are used for DDoS, and spam-mail traditionally. Why? Because every computer that is on the internet, has access to the internet. Traditionally low-hanging fruit is picked from this bunch, such that easy vulnerabilities that have remained unpatched for long periods of time allow for continuous usage of the targets.

So let's look at this: Every computer on the net has an internet connection, only a fraction are part of botnets.

Every computer has a GPU, only a fraction are "botnettable", only some portion of these GPUs could be used for effective mining, and it's a high-risk venture that would likely lose the machine, and thus is less profitable than other botnet ventures. This is likely why we've not seen any evidence of a GPU mining botnet on bitcoin.

An extremely tiny fraction of computers will have ASICs connected to them, of these some fraction will be botnettable at some point, and most use of this botnet will result in the botnet being broken up in very short time-scale. The difficulty will both be in even locating computers with ASICs, let alone exploiting them, let alone exploiting them effectively.

Is it impossible? I will go ahead and say it is not, just so I don't have egg on my face at some point. But will it happen? I will again say no, it is too difficult, with too little reward.

The only scenario I could really foresee would be some disruption hacktivist, who manages some malicious code that can collect the IPs of the vastly reduced mining world, and utilizing some "zero-day attack" disrupts the block chain, either taking control, forking it, or generally fouling it up. This would likely be as easily or more easily accomplished by finding the IPs and DDoS'ing the heaviest ASIC miners connections though.

Always ask yourself for the motivation behind actions, they are very important.

Hmmm. interesting. When it comes to 1337 h@xoring I have learned to never say never. 

Ya. Currently.

How bout a 0 day attack?

I think these would be hard targets for a botnet. Anyone who owns an ASIC miner would likely know a lot about it and know about the risks.

Absolutely. I'm not saying that taking over the device isn't possible, I'm saying that keeping it undetected would be difficult. My guess is that ASIC devices won't be customized to go slower, such as having a Jalapeno go 3GH/s instead of 4.5GH/s just be tweaking it (though someone tell me if they have proof otherwise).
That said, if you've got one Single and suddenly it's not mining for your own account anymore, something tells me you might venture a look at what's going on.

Will ASIC have it's own OS?

If not, then it's possible to own a machine with ASIC already attached.

Precisely on point. The equipment purchased for my fund is something that will be monitored 24/7 to ensure overall stable revenue (after accounting for difficulty, etc). And ....


.... won't be possible since A) the devices will never be idled and B) any variation in hashing rate will immediately draw my attention.

It's one thing to have a GPU in your system for multiple purposes that can be utilized without the owners consent...but to utilize a standalone device (outside your computer) that only does one thing without the owner's knowledge? Not very likely...

Time to stop feeding the troll guys.

You're assuming regular folks won't one day be able to buy ASIC just as any plug-n-play devices at a reasonable price.

Shouldn't be too hard to code something to run only when idled or use x amount of resources.

Those hashing powers are probably enough to create something we've never seen before in terms of how far some people will go.

This argument is mildly pointless.

An ASIC botnet? Bitcoin ASICs can be used for nothing but mining, subverting a machine used for one purpose will be quickly detected and rectified. It's not like a computer which can and will be left on for long periods of time, while idle.

You have your miner up and running, you expect it to give X performance. As soon as it doesn't do that, you check why. This would be a terrible "botnet".

LOL! U MAD?

i might not comprehend english grammar, but i seem to comprehend a bit more stuff then you do.

so every person you don't like, is teh same one? your logic is failing, dude. your logic is failing.

http://goo.gl/6ZByg

You are picking a fight with the wrong person, and I shouldn't be the one to talk about comprehension when you failed to comprehend first grade English grammar.

Which brings me to my question, are you kano? He is an idiot and has the same avatar. Spells the same way. I can only imagine it's you.

too complex for me, me to stupid can't understand -> UNBREAKABLE!!!

your logic is failing.

I can't confirm if it's hackable or not, just not that many people bother. With all the su/sudo things that need to be run...I just don't see it happening.
Of course, if you have a proof-of-concept way to hack Linux, please provide it to #linux on irc.freenode.net.

are you saying a Linux system is unhackable? WRONG!!!

im a big linux fan, but your statement is just plain WRONG!

The question is how? Most of these guys will be running Linux, and for those with Windows...you still need to download the virus and run it. Modifying the kernel without a known and unpatched exploit is also impossible, thus elevating the process to Administrator or SYSTEM is pretty much impossible.

Using a driver may work on x86 Windows, but not for x64 as every Windows x64 machine requires every driver to be digitally signed. Even if you somehow succeed, are the people who invested 30k for 1TH/s rigt going to be that stupid as to not notice their mining was redirected and there was no mining on the pool(charts, e-mail notification;dunno about solo).

You can CPU mine at a few MH/s. Intel is by far the largest provider of desktop and notebook GPUs, and before Ivy Bridge this year you couldn't even mine on an Intel GPU.  The percentage of computers sold even now that could mine at 50MH/s or above is way below 50%, let alone as a percentage of the installed base. Especially since those people with a pair of XFire 7970s is more likely to notice them running hard mining BTC than Gramma Ethel who uses her 4 year old computer to check emails.

i think most computers newer then 2 years are capable of mining(maybe only a few mhash/s but still capable).

I'd say the large majority of computers don't have GPUs capable of mining, or at least mining much faster than a CPU anyway.

This is in every miners responsibility to take care the mining rig is resilent.

However, the only threat i see is a hacked pc where the wallet is installed, but this has nothign todo with ASICS.

If youre interested to understand this things, take a webserver and install a botnet on it, you will see that the options are very limited to loading files and logging data.

What an attacker could do, logging the botnet for bitcoin related words and sent a real RAT to the victims pcs that eventually could contain a wallet.
In this case, the victim would do an extreme fail to store the passphrase on the same pc, otherwie there is not much chance to compromise the wallet.

Please consider the chances of finding a bot with a wallet where the wallet key is stored on the same pc, the time effort is immense.

I repeated it a dozen times, put your wallet on a linux pc with a virtualbox, you could even play with an additonal router as hardware firewall.


One thing that i find much more intersting is blockchain.info ability to get the ip of wallets with high load of coins or the list of 500 richest wallets, the time effort to penetrate such a server/pc with a pentest is probably much less than the above mentioned threat.

it not the ACISs that are gonna be infected, its the devices that control them(computers, beagle boards, ...) and then turn the into a botnet.

There are gpu botnets but guess there are more lucrative ways for botherders. I think there is no faster way for loosing bots than spreading a miner. Only a douchebag would not take action when the pc gets extremely slow.

To understand that ASICS are not infected i suggest you research virus spreading techniques.

so infect people that own mining ASICs? it seems like a bit impossible as we are so few. GPU botnet is much more possible, every computer have a GPU capable of mining now.

Currently, CPU botnets are pointless to mine bitcoin.

......I'm not sure if there's such a thing as GPU botnet...........

Will there be an ASIC botnet in the near future?.