Haha, I had the same idea.
The since (valid) transactions are passed freely to all nodes in the Bitcoin network, one can just use the network as a signed messaging platform.<p>You don't need to query blockchain.info, all you need is a Bitcoin client that listens for incoming transactions.<p>I've been writing an implementation on and off for a while now.
The general idea is as follows:<p>The botnet client connects to "n" Bitcoin nodes. If the same transaction is relayed by ceil(n/2) nodes, then we say that transaction is "confirmed" and examines the transaction to see if it's sent from botmaster's address (in fact we don't even have to use the botmaster's address, with BIP-0032 (<a href="https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki" rel="nofollow">https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...</a>), we can use related public keys)<p>You don't even have to use transactions ("tx" messages), you can use the block messages if you are willing to tolerate an (on average) 10 minute delay, this would drastically reduce the network traffic sent/received by the botnet client.<p>But these guys forced my hand, so I suppose I'll have to release what I have so far.
The current botcoin client (c++11 with boost::asio) connects to the network, and gets transactions.
Data extraction from transactions is unfinished.
The current problem I'm working on is making sure that people cannot easily scan the Blockchain to look for c&c transactions. This can easily be done by encrypting the messages with a client specific key.
However, I would like to have perfect forward secrecy, that is, suppose a sample client was obtained by researchers, past c&c messages should not be able to be decrypted (otherwise the blockchain contains a log of all of your C&C messages).<p>[link redacted]
Author here! I'm surprised to see this up on HN, I checked the front page, and here it was. This was written for a computer security class, and definitely hasn't been proofread yet. If anyone has any questions, I can answer anything you like.
Another similar idea (from back in 2008[1]) is to use the Bittorrent DHT as distributed storage for C&C commands. I have no idea anyone has implemented a real-life bonnet in the intervening six years, but it seems plausible enough.<p>[1]: <a href="https://iseclab.org/papers/securecomm08_overbot.pdf" rel="nofollow">https://iseclab.org/papers/securecomm08_overbot.pdf</a>
Can't worms simply relay to each other the message signed by the botnet master? No Sybil attack there.<p>The trend of throwing blockchains at problems for which they are totally uncalled for is profoundly annoying.
So something I've been wondering about with all the talk around The Pirate Bay recently is why aren't people using the blockchain to store data needed to bootstrap your joining of a decentralised network.<p>It could be as simple as storing the magnet links themselves.
FWIW, keybase.io do the same; they store the root of the merkle tree into the blockchain with a similar principle of throwaway addresses, making it the whole database they handle basically unforkable.
The main problem I see with this is that you would have to have each client in the botnet sync with the Bitcoin network. This is a lengthy task and results in gigs of data.<p>Hardly inconspicuous.<p>But I like the idea.
I'm still struggling to fully understand how bitcoin works.<p>I guess I can understand what the blockchain is, but I struggle to understand how the number of bitcoin can be stable, and how transactions are achieved. I guess I like drawings better.