17 December 2015

Information Warfare: Mighty Microsoft And Its Sidekick FBI


December 15, 2015: The U.S. FBI (Federal Bureau of Investigation) and Microsoft recently announced another successful operation against hackers that severely damaged the Dorknet botnet and the software that sustains it. The Dorknet organization infects over 100,000 PCs a month and uses them for large scale extortion and larceny via the Internet. Dorknet usually controls a million or more PCs at any one time. The hackers behind Dorknet also sell other hackers software (mainly NgrBot) to build their own botnets. What makes Dorknet so dangerous is that it uses worm malware. Worms automatically seek out vulnerable PCs, inflects them and then keeps going. Microsoft is the major threat to Dorknet. But Microsoft is not alone as it works with a growing network of computer security firms that share information on malware and jointly adjust their security software to block and track malware like Dorknet. The FBI, and similar organizations worldwide, assist in this by conducting criminal investigations based on evidence collected by Microsoft and its consortium of security firms. Microsoft took the lead in helping the FBI overcome a shortage of technical knowledge about PCs and the Internet. This was, and is, a common problem throughout government. But it is particularly serious when the organization responsible for dealing with Internet criminals is not trained or equipped to do so. 

The FBI also helps by offering bounties of nearly $10 million for the top ten most wanted hackers. Over the last few year this has led to substantial damage to operations like the Gameover Zeus botnet and the hackers who created it. At its peak in 2014 the Gameover Zeus botnet controlled over half a million PCs. The creator is known by name but he is a Russian citizen living in Russia and despite evidence that he and his crew of Russian and Ukrainian hackers stole over $100 million, it proved impossible to get Russia to extradite him (or any other hacker) for trial in the United States. Gameover Zeus has been operating at least since 2011 and specialized in bank fraud (stealing IDs and passwords of users and making fraudulent transfers). Gameover Zeus was also used for extortion by getting into PCs and encrypting the contents and then offering the decryption key only if the owner sends a few hundred dollars in untraceable money to the botnet operators. 

Botnets are large numbers of infected PCs, known as zombies, under the control of botherders (the people who run the networks/botnets full of zombies). Zombies are created by hackers, who write computer viruses that get into your computer from an infected website or booby trapped file attachment to spam email. Since 2001 the FBI has been treating the creators and operators of these botnets as criminals (which they are) and hunting them down. The U.S. FBI has been increasingly successful at this and is finding, arresting and prosecuting a growing number of botnet owners. This is usually accompanied by shutting down the botnets in question. For example, in 2007 the FBI announced that Operation Bot Roast had identified over a million compromised PCs, in scores of botnets. The FBI tried to get in touch with as many of these computer users as possible, and direct victims to organizations and companies that could help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do). The takedown of the Gameover Zeus and Dorknet botnets is a continuation of the effort the FBI began years ago with Bot Roast. 

Currently, on any given day, over ten million of the laptop and desktop computers worldwide on the planet are zombiefied. These captive computers are organized into botnets of thousands, or over a million, of PCs that do the bidding of their controllers. The most common use of botnets is transmitting spam, and secret programs that create more zombies, or steal information (government secrets, or your banking information.) Internet criminals spend most of their time seeking out poorly protected PCs connected to the Internet that can be turned into zombies. This can cost up to a dollar per zombie PC. The "owners" of these zombies then use them to make money (sending spam, launching DDOS attacks, bank and consumer fraud or extortion and so on.) Some botnet owners rent their zombies out. There is no honor among thieves, either, with some Internet crooks seeking out botnets, and using their tools to try and take control. The good guys play this game as well, seeking out the botnets, and purifying the infected machines by finding and deleting the hidden software that makes a PC a zombie. 

Most owners of zombiefied computers don't even realize their PCs have been taken over. Some with heavily infected machines do notice that the malware slows down the PC, and there have been cases where the user just went out and bought a new computer. Usually, reformatting the hard drive and reinstalling your software works, and is a lot cheaper. But most computer users today don't know how to reformat a hard drive or even get someone to do it for them. Microsoft and Internet security firms have, since 2007, much improved and automated security software that detects and automatically removes the software secretly planted on PCs to turn them into zombies. Microsoft’s software security system is now removing hacker software from several million computers a month. 

To avoid the FBI, many botherders seek sanctuary in countries without an extradition treaty with the United States. Criminal gangs are increasingly active in this area, and, in the case of China, so are government Cyber War operations. But even China has been hit by the hackers, and recently enacted laws against computer crimes. 

The most powerful Internet weapons on the planet are botnets. And many of them are getting into uniform. In wartime, many of these botnets would be turned into weapons. A botnet can be used to shut down essential military networks, or infect military computers with destructive (to the computer) software. This isn't science fiction. It is real.

No comments: