Leveraging Bitcoin Testnet for Bidirectional Botnet Command and Control Systems

TL;DR

This paper demonstrates how Bitcoin Testnet can be used to establish a cost-free, encrypted, bidirectional command and control channel for botnets, posing a significant threat to cybersecurity.

Contribution

It introduces a novel protocol leveraging Bitcoin Testnet for bidirectional, encrypted botnet C&C communication, overcoming previous limitations of cost and data transmission.

Findings

Bitcoin Testnet enables cost-free C&C channels

The protocol supports bidirectional encrypted communication

It demonstrates a realistic, hard-to-disrupt botnet control method

Abstract

Over the past twenty years, the number of devices connected to the Internet grew exponentially. Botnets benefited from this rise to increase their size and the magnitude of their attacks. However, they still have a weak point in their Command & Control (C&C) system, which is often based on centralized services or require a complex infrastructure to keep operating without being taken down by authorities. The recent spread of blockchain technologies may give botnets a powerful tool to make them very hard to disrupt. Recent research showed how it is possible to embed C&C messages in Bitcoin transactions, making them nearly impossible to block. Nevertheless, transactions have a cost and allow very limited amounts of data to be transmitted. Because of that, only messages from the botmaster to the bots are sent via Bitcoin, while bots are assumed to communicate through external channels. Furthermore, for the same reason, Bitcoin-based messages are sent in clear. In this paper we show how, using Bitcoin Testnet, it is possible to overcome these limitations and implement a cost-free, bidirectional, and encrypted C&C channel between the botmaster and the bots. We propose a communication protocol and analyze its viability in real life. Our results show that this approach would enable a botmaster to build a robust and hard-to-disrupt C&C system at virtually no cost, thus representing a realistic threat for which countermeasures should be devised.