[Paleopsych] New Scientist: How zombie networks fuel cybercrime
checker at panix.com
Tue Jan 11 19:08:03 UTC 2005
How zombie networks fuel cybercrime
20044.11.3 (note date)
[What are the best sites for finding about the range of opinion on the
threats of cyberterrorism? I note that the Department of Homeland Security
did not make a position of Assistant Secretary for Cyberterrorism. Such a
position would have meant this Asst. Sec'y would be second in line to see
the President of the Central Gummint. As it is now, the chief for
cyberterrorism is buried five layers deep.
[We all know that our ports are almost completely insecure and that the
power grid and water supply are only marginally less insecure. But
cyberterrorism may be the biggest threat of all. I just don't have enough
information to form an opinion. HELP!]
In June, the websites of Google, Yahoo and Microsoft disappeared for
hours when their servers were swamped with hundreds of thousands of
simultaneous webpage requests that they could not possibly service. It
sounds a tough attack to orchestrate, but executing it could not have
A hacker kicked off the assault by typing a simple command into an
internet chat room. That command awakened dormant software "bots" that
had been planted in tens of thousands of PCs around the world with the
help of computer viruses.
When the bots read the command in an internet chat room they were
monitoring, they began firing a blizzard of page requests at the
servers hosting the company sites. Result: the servers effectively got
tongue-tied trying to service the requests, and had to go offline
until the attack ceased.
This modus operandi is fuelling a growing crime wave against
e-commerce in which these networks of bots, dubbed botnets, are
increasingly being offered for hire by hacking groups.
Want to take down a commercial rival's website? Or how about spamming,
perhaps sending out letters "phishing" for people's passwords and bank
account details? And gambling sites that need a continuous web
presence to make money are a favourite target for botnet-based
The distributed denial of service (DDOS) attack on Yahoo, Microsoft
and Google was especially effective because it targeted one of their
web-hosting companies, Akamai Technologies in Cambridge,
Massachusetts. But Akamai is far from alone in falling prey to botnet
For instance, just last week, UK online betting firm Blue Square fell
victim to a botnet-based blackmail attempt. And an executive at a
satellite TV firm in Massachusetts has been charged with hiring
several botnets to disrupt the websites of three rivals, costing one
of their web-hosting firms $1 million.
The case marks a watershed: "It's the first time we have prosecuted
individuals for the mercenary use of botnets," says Frank Harrill of
the FBI's cybercrime squad in Los Angeles. "But it won't be the last."
While DDOS attacks are nothing new, they used to have a limited
impact. A group of hackers would agree on a time to simultaneously
contact the target web server manually, but they could rarely
conscript enough attacking PCs to overwhelm every channel of a
major-league website. But botnets make it a piece of cake to
orchestrate distributed attacks from a vast ad hoc network. You could
call it disorganised crime.
So how does an innocent PC become part of a botnet? First, a computer
virus installs a "back door" program that leaves an internet port on a
PC open. Both SoBig and MyDoom employed this tactic.
The hacker then probes PCs connected to the net to look for open ports
and, when they find one, they install a bot on its hard drive.
Security experts call these bot-loaded PCs "zombies", since the hacker
can wake them from the dead on command.
Because bots can be placed on any number of PCs, and chat rooms
provide a useful central location from which to control them, there is
no technical limit to the size of a botnet, says Viki Navratilova, a
systems administrator at the University of Chicago.
And the Internet Relay Chat protocol that chat rooms run is a very
convenient means of command and control, says David Dittrich, a
systems administrator at the University of Washington in Seattle,
because it allows the person who runs the chat room to communicate
with all members (or bots) simultaneously.
In January, attacking botnets typically comprised around 2000 innocent
computers. But by May that had risen to more than 60,000, according to
the latest research from e-security firm Symantec Antivirus. Fuelling
this is the increase in always-on broadband connections, which makes
it much more likely that a large number of zombies will be logged onto
a chat room at any one time.
The botnet controllers are cashing in. Eavesdropped chat-room
exchanges reveal that a DDOS attack appears to cost between $500 and
$1500, with smaller botnet attacks priced between $1 and $40 per
zombie harnessed. "It's such a reliable way to make money that hackers
don't need day jobs," says Navratilova.
More information about the paleopsych