DoD Buzz

BotNets Biggest Cyber Threat

The US has long pondered how best to use its offensive cyber capabilities and has long shied away from using them, fearful that we might pull down the Internet curtain on ourselves if we tried to wipe out an enemy's networks. The New York Times ran a piece this weekend about just how daunting is this balancing act.

The central point of the Times' piece: “We knew we could pull it off — we had the tools,” said one senior official who worked at the Pentagon when the highly classified plan was developed.

But the attack never got the green light. Bush administration officials worried that the effects would not be limited to Iraq but would instead create worldwide financial havoc, spreading across the Middle East to Europe and perhaps to the United States.

One of the reasons for that concern is that BotNets -- networks of infected computers that can be controlled without the owner knowing it -- have become what Kevin Coleman says is "a critical problem that must be addressed." BotNets cross borders with impunity, just as a US cyber attack might. So attacking computers in one country could end up with an ally of an enemy attacking us or we could end up seriously degrading the capabilities of neutral or friendly countries that share borders and Internet infrastructure with an enemy.

Kevin's piece on Defense Tech goes into detail about the scope of the BotNet threat and asks the question: Should governments pass laws requiring software that would make it difficult to create BotNets.

His story follows:

BotNets have become a critical problem that must be addressed. They have evolved to the point where evidence suggests they are now targeting and affected cell phones. A BotNet is a collection of compromised computers that have been infected with software that allows the computer to be controlled remotely by the BotMaster. Each computer represents a node on the BotNet that is often referred to as a zombie.

Last year the Georgia Tech Information Security Center (GTISC) reported that 10 percent of online computers were part of BotNets. This year GTISC researchers estimate that BotNet affected machines may comprise 15 percent of online computers- a fifty percent growth in one year. Based on that number, there are 34 million computers in the United States that have been compromised and are now part of a BotNet. According to the CIA World Fact Book, there are about 1.5 billion internet users. When you factor in multiple devices per user and shared computers we estimate there are about 1.3 billion user devices connected to the Internet currently. Using the GTISC 15 percent compromise factor that translates to an estimated 195 million bots. According to one report some 150,000 computers become infected every day and join the millions of zombies that make up the BotNets.

This is not just thrown together software. The software used to establish Bots and control BotNets has now risen to professional status. Multiple automated propagation vectors are used to spread various payloads that include worms, viruses and Trojans that allow remote control of the infected computer. Another alarming trend is the use of rootkits. The malicious code that turns the PC into a Bot is being hidden in a rootkit and this is making it exceptionally difficult to defend against, detect and eradicate the Botware. These compromised computers are under the total control of a BotMaster and form a BotNet that can be tasked with bombarding a web site with so much traffic it crashes. That is what is known as a distributed denial of service attack (DDoS). Two relatively new trends have emerged. Malware writers have begun to offer malicious software as a service to those who control BotNets and BotMasters are selling the services of the BotNets they control on a traffic generated by their BotNet basis. BotNets that are specifically created for DDoS attacks can be leased with costs ranging from $50 to $2,500 depending on the capacity used and the length of the attack. International law enforcement and militaries around the world are aware of and concerned about the widespread availability of cyber mercenary or BotHerders (those who operate and sell BotNet capacity), and the fact that they have been hired by countries to do espionage and other dirty deeds.

It has now been recognized that unprotected computers pose a threat to every other computer or device connected to the Internet. One industry leader I spoke with that did not want to be identified said,"It is just a matter of time until laws are passed that mandate computer security software and updates on every computer that uses the Internet." That was not the first time I have heard that comment and the frequency of that topic arising in conversation is significantly increasing. What do you think, should there be mandatory computer security capabilities installed and updated in every computer and device connected to the Internet?

INTEL: Armenia recently accused neighbor Azerbaijan of buying BotNets to cripple Armenian access to the Internet.

INTEL: According to a report from Kaspersky Labs, BotNets, not spam, viruses, or worms, currently pose the biggest computer security threat.

INTEL: One research study found that some of the largest BotNets are comprised of corporate machines.

INTEL: On average it takes corporations nearly three months to apply a Windows patch across all devices. That means malware and BotNets continue to take advantage of known vulnerabilities within enterprise environments during that unpatched period.

INTEL: Researchers predict that by 2012 there will be approximately 17 billion devices connected to the internet.

INTEL: BotNet growth is also the main driver of spam. Spam now equates to 92% of all email. Spam grows roughly 33% each month that means Spam increases by over 117 billion emails every day.

INTEL: According to the security firm Network Box, the number of viruses sent over email has increased by 300 per cent in the last three months.

Show Full Article

Related Topics


Most Popular Military News