Pages

11 June 2014

Information Warfare: Botnet Killers


June 9, 2014: The U.S. FBI (Federal Bureau of Investigation) recently announced the shutdown of one of the largest botnets ever detected. The Gameover Zeus botnet controlled over half a million PCs and the operator of the botnet (Evgeniy Bogachev) was indicted. Bogachev is a Russian citizen living in Russia and despite evidence that he and his crew of Russian and Ukrainian hackers stole over $100 million, it is difficult to get Russia to extradite these guys for trial in the United States. Gameover Zeus has been operating at least since 2011 and specialized in bank fraud (stealing IDs and passwords of users and making fraudulent transfers). Gameover Zeus was also used for extortion by getting into PCs and encrypting the contents and then offering the decryption key only if the owner sends a few hundred dollars in untraceable money to the botnet operators. 

Botnets are large numbers of infected PCs, known as zombies, under the control of botherders (the people who run the networks/botnets full of zombies). Zombies are created by hackers, who write computer viruses that get into your computer from an infected website or booby trapped file attachment to spam email. 

For nearly a decade now the FBI has been treating the creators and operators of these botnets as criminals (which they are) and hunting them down. The U.S. FBI has been increasingly successful at this and is finding, arresting and prosecuting a growing number of botnet owners. This is usually accompanied by shutting down the botnets in question. For example, in 2007 the FBI announced that Operation Bot Roast had identified over a million compromised PCs, in scores of botnets. The FBI tried to get in touch with as many of these computer users as possible, and direct them to organizations and companies that could help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do). The take down of the Gameover Zeus botnet is a continuation of the effort the FBI began years ago with Bot Roast. 

Currently, on any given day, over 100 million of the 1.4 billion laptop and desktop computers on the planet are zombiefied. These captive computers are organized into botnets of thousands, or millions, of PCs that do the bidding of their controllers. The most common use of botnets is transmitting spam, and secret programs that create more zombies, or steal information (government secrets, or your banking information.) Internet criminals spend most of their time seeking out poorly protected PCs connected to the Internet that can be turned into zombies. This can cost up to a dollar per zombie PC. The "owners" of these zombies then use them to make money (sending spam, launching DDOS attacks, bank and consumer fraud or extortion and so on.) Some botnet owners rent their zombies out. There is no honor among thieves, either, with some Internet crooks seeking out botnets, and using their tools to try and take control. The good guys play this game as well, seeking out the botnets, and purifying the infected machines by finding and deleting the hidden software that makes a PC a zombie. 

The purification process is a growing business. Like other computer security companies, Microsoft equips their anti-virus software with the ability to remove the secret software that turns PCs into zombies. The most successful of these efforts is the one Microsoft operates, which automatically updates its operating system and its security software, and removes secret hacker software in the process. This effort is now setting over 50 million zombie computers free from their control software each year. Microsoft operating systems run over 80 percent of active PCs worldwide. 

Most owners of zombiefied computers don't even realize their PCs have been taken over. Some with heavily infected machines do notice that the malware slows down the PC, and there have been cases where the user just went out and bought a new computer. Usually, reformatting the hard drive and reinstalling your software works, and is a lot cheaper. But most computer users today don't know how to reformat a hard drive or even get someone to do it for them. Microsoft and Internet security firms have, since 2007 much improved and automated security software that detects and automatically removes the software secretly planted on PCs to turn them into zombies. Microsoft’s software security system is now removing hacker software from several million computers a month. 

The FBI has identified the operators of many botnet (networks of zombie PCs) operators, arrested some, and is still pursuing many others. To avoid the FBI, many botherders seek sanctuary in countries without an extradition treaty with the United States. Criminal gangs are increasingly active in this area, and, in the case of China, so are government Cyber War operations. But even China has been hit by the hackers, and recently enacted laws against computer crimes. 

The most powerful Internet weapons on the planet are botnets. And many of them are getting into uniform. In wartime, many of these botnets would be turned into weapons. A botnet can be used to shut down essential military networks, or infect military computers with destructive (to the computer) software. This isn't science fiction. It is real.

No comments:

Post a Comment