ChainChannels: Private Botnet Communication Over Public Blockchains

Botnets provide the foundation for a wide range of malicious activities on the Internet. Sophisticated Command and Control (C&C) infrastructures aim to prevent the detection and takedown of botnets and therefore pose a big challenge in the battle against network attacks of all kinds. In this paper, we present Chain Channels, a method for hidden botnet communication that exploits the digital signatures used in blockchains to inject subliminal messages. We show how subliminal messages can be included in signatures and distributed in blockchain transactions to the bots. We also show how the keying material required for extracting the subliminal information can be transmitted privately to the bots while being stored on a public blockchain. As proof of concept, we inject a subliminal message and a key in the Bitcoin blockchain and show how this information can be extracted from the transactions. Our method allows to establish a hidden C&C infrastructure over blockchains and send instructions to all bots without leaving any suspicious communication activities. The method relies only on digital signatures and is therefore applicable to numerous blockchains. The subliminal communication can not be distinguished from legitimate transactions, and mitigation would require redesigning blockchains to use new subliminal-free signature schemes. Our method provides a general hidden distribution channel over block chains and can be also applied to other scenarios where information needs to be transmitted covertly. It scales extremely well with the number of receivers (i.e., bots), and subliminal messages can even be distributed over different blockchains to exploit specific features of blockchains such as low transaction cost or fast confirmation times or to further obfuscate the existence of the C&C communication