March 6, 2007:
We're seeing history
repeat itself in the way some Cyber War weapons, like botnets (PCs that are
secretly controlled by the criminals) are primarily owned by civilian
organizations. Same thing happened when artillery showed up centuries ago. Most
kings and magnates could not afford to build and maintain a useful number of
these large guns. But some sharp entrepreneurs saw an opportunity, and set
themselves up as mercenaries.
We're seeing the same thing with botnets,
which can be used to spew spam, launch a widespread attack on secret files,
or shut down websites (with a DOS, or
Denial of Service) attack.
There are currently 4-5 million PCs that
have been infiltrated by hackers, turned into "zombies" and used by crooks for
sending out spam, or performing other illegal acts. This has become a big
business, with each PC in a botnet producing $300-$500 a year, or more, for
those who control them. Botnets of 100,000 or more PCs are not unusual, and
many of them are for rent.
Government agencies are believed to track
the major botnets (some control 100,000 or more PCs), but they often keep their
findings to themselves. Commercial and academic researchers are more open,
which why we know what we do about botnets, and where they are going.
Currently, there are several dozen major (over 10,000 zombies) botnets out
there, and hundreds more smaller ones. A 10,000 PC botnet can earn millions of
dollars a year, although there are also expenses. You need to constantly
replace zombies that get cleaned up and removed from your control. A zombie PC
usually hides its status from its legal user. All you might notice, if your PC
had been infected by zombie software, and turned into part of a botnet, is
spurts of intense hard drive activity from time to time, as well as occasional
sluggish Internet access. Since both of these conditions are typical of most
current PCs, you don't know you are infected unless your security software is
capable of detecting and removing the zombie software. The way computer
security software works these days (unobtrusively, in the background), you
might get infected, and cleansed, several times in a month, without even
knowing it. But the owner of a botnet knows when he losses one of his zombies,
and must constantly search the Internet for new victims.
Botnet owners often hire specialized
programmers to help with running the botnet, as well as buying new zombies, and
custom software needed to keep up with security software, and the attempts of
police and security researchers from tracking them down. You also need to put
some money aside for possible legal expenses (if you get busted), although its
more common to pay protection money to local gangsters or cops to keep other
criminals, legal or otherwise, off your back.
It takes a lot of special skills to build
and maintain a botnet. Moreover, the larger botnets (100,000 or more zombies)
can be used as military weapons. A botnet that size can shut down military
websites, or be used to worm its way into classified sites. Do any governments
maintain their own botnets? No one is admitting to it. But in preparing for a
future Cyber War, whoever has the biggest botnets, will likely prevail.
Currently, there is one huge botnet, with up to 100,000 zombies, that seems to
be doing nothing. Rather ominous.