[Paleopsych] New Scientist: How zombie networks fuel cybercrime

Premise Checker checker at panix.com
Tue Jan 11 19:08:03 UTC 2005 

How zombie networks fuel cybercrime
http://www.newscientist.com/news/news.jsp?id=ns99996616
20044.11.3 (note date)

[What are the best sites for finding about the range of opinion on the 
threats of cyberterrorism? I note that the Department of Homeland Security 
did not make a position of Assistant Secretary for Cyberterrorism. Such a 
position would have meant this Asst. Sec'y would be second in line to see 
the President of the Central Gummint. As it is now, the chief for 
cyberterrorism is buried five layers deep.

[We all know that our ports are almost completely insecure and that the 
power grid and water supply are only marginally less insecure. But 
cyberterrorism may be the biggest threat of all. I just don't have enough 
information to form an opinion. HELP!]

    In June, the websites of Google, Yahoo and Microsoft disappeared for
    hours when their servers were swamped with hundreds of thousands of
    simultaneous webpage requests that they could not possibly service. It
    sounds a tough attack to orchestrate, but executing it could not have
    been simpler.

    A hacker kicked off the assault by typing a simple command into an
    internet chat room. That command awakened dormant software "bots" that
    had been planted in tens of thousands of PCs around the world with the
    help of computer viruses.

    When the bots read the command in an internet chat room they were
    monitoring, they began firing a blizzard of page requests at the
    servers hosting the company sites. Result: the servers effectively got
    tongue-tied trying to service the requests, and had to go offline
    until the attack ceased.

    This modus operandi is fuelling a growing crime wave against
    e-commerce in which these networks of bots, dubbed botnets, are
    increasingly being offered for hire by hacking groups.

    Want to take down a commercial rival's website? Or how about spamming,
    perhaps sending out letters "phishing" for people's passwords and bank
    account details? And gambling sites that need a continuous web
    presence to make money are a favourite target for botnet-based
    blackmail.

    Disorganised crime

    The distributed denial of service (DDOS) attack on Yahoo, Microsoft
    and Google was especially effective because it targeted one of their
    web-hosting companies, Akamai Technologies in Cambridge,
    Massachusetts. But Akamai is far from alone in falling prey to botnet
    sabotage.

    For instance, just last week, UK online betting firm Blue Square fell
    victim to a botnet-based blackmail attempt. And an executive at a
    satellite TV firm in Massachusetts has been charged with hiring
    several botnets to disrupt the websites of three rivals, costing one
    of their web-hosting firms $1 million.

    The case marks a watershed: "It's the first time we have prosecuted
    individuals for the mercenary use of botnets," says Frank Harrill of
    the FBI's cybercrime squad in Los Angeles. "But it won't be the last."

    While DDOS attacks are nothing new, they used to have a limited
    impact. A group of hackers would agree on a time to simultaneously
    contact the target web server manually, but they could rarely
    conscript enough attacking PCs to overwhelm every channel of a
    major-league website. But botnets make it a piece of cake to
    orchestrate distributed attacks from a vast ad hoc network. You could
    call it disorganised crime.

    Zombie PCs

    So how does an innocent PC become part of a botnet? First, a computer
    virus installs a "back door" program that leaves an internet port on a
    PC open. Both SoBig and MyDoom employed this tactic.

    The hacker then probes PCs connected to the net to look for open ports
    and, when they find one, they install a bot on its hard drive.
    Security experts call these bot-loaded PCs "zombies", since the hacker
    can wake them from the dead on command.

    Because bots can be placed on any number of PCs, and chat rooms
    provide a useful central location from which to control them, there is
    no technical limit to the size of a botnet, says Viki Navratilova, a
    systems administrator at the University of Chicago.

    And the Internet Relay Chat protocol that chat rooms run is a very
    convenient means of command and control, says David Dittrich, a
    systems administrator at the University of Washington in Seattle,
    because it allows the person who runs the chat room to communicate
    with all members (or bots) simultaneously.

    In January, attacking botnets typically comprised around 2000 innocent
    computers. But by May that had risen to more than 60,000, according to
    the latest research from e-security firm Symantec Antivirus. Fuelling
    this is the increase in always-on broadband connections, which makes
    it much more likely that a large number of zombies will be logged onto
    a chat room at any one time.

    Reliable income

    The botnet controllers are cashing in. Eavesdropped chat-room
    exchanges reveal that a DDOS attack appears to cost between $500 and
    $1500, with smaller botnet attacks priced between $1 and $40 per
    zombie harnessed. "It's such a reliable way to make money that hackers
    don't need day jobs," says Navratilova.

More information about the paleopsych mailing list