BBC News
watch One-Minute World News
Last Updated: Thursday, 21 February 2008, 11:32 GMT
The battle against the botnet hordes
By Chris Vallance
Reporter, BBC iPM

Hand on computer mouse, Eyewire
Few owners of hijacked PCs know their machine has been attacked

On 11th February a US teenager who used the online nickname of "Sobe" pleaded guilty to delinquency charges resulting from his surreptitious installation of adware on hundreds of thousands of computers.

The computers "Sobe" used had been hi-jacked and co-opted into a network of computers called a "botnet".

Botnets are networks of computers which have been subverted by malicious code so they fall under the control of cyber criminals.

Typically owners of machines forming a botnet do not know their computer has been hijacked. Home users account for 95% of all attacks mounted by botnet, according to figures from security firm Symantec.

Talking to the BBC, Shawn Henry, deputy assistant director of the FBI's Cyber Division said botnets were the "Swiss army knife" for cyber crime.

Botnets are mostly used to send spam and harvest private data from infected machines but they can also be used to deluge websites with data to knock them offline, host phishing sites and other illegal content.

Nick Truman, BT's head of customer internet security, said the inventive criminals were finding many more uses for botnets. He said: "There really is no limit to what a 'good' botnet is capable of. They make easy money for the controller and are in huge demand."

Botnets are an emerging threat
DC Bob Burls, Met Police Computer Crime Unit
International conflicts can also be waged with a botnet. The dispute between Estonia and Russia showed their potential use in attacks on important assets.

The existence of large botnets may also present an opportunity for terrorists and that worries the FBI. "Certainly some type of terrorist organisation who wanted to render a network inoperable could use a botnet for that type of crime," said Mr Henry.

Bigger danger

There's no doubt that botnets are a growing problem.

Said Mr Truman from BT: "The problem is getting worse┐we have deployed a system called Streamshield which analyses spam and identifies the source on our networks. To date, we have not detected a real spammer, only compromised computers, some of which send millions of e-mails in a 24 hour period if left unchecked."

The shadowy nature of botnets makes gauging their actual size very hard.

Mr Henry from the FBI said: "I've seen many numbers - just in one of our investigations we had over one million bots that we were able to identify. I imagine you could multiply that multiple times but there's really not any good way to get your arms around the entire scope of the problem."

FBI seal, FBI
The FBI has launched many operations against botnets
There's little disagreement among analysts that botnets are a growth area for organised crime. Steve Santorelli from cyber security think tank Team Cymru estimates revenue from botnets is in the "hundreds of millions" and the rewards are not lost on organised crime gangs.

"In the same way in the 60's and 70's you had a wheel man, a getaway driver..., now you have a computer hacker instead," he said.

It is a lucrative business. Bot controllers or herders lease their networks to other spammers and criminals for commercial gain. "If you look at the installation of adware┐ some of these adware companies will pay 5 cents or even 10 cents [per computer] for a US based machine", said Mr Santorelli.

And if you don't like the idea of renting, access to bot technology isn't hard as botnet kits are available online for $40 to $50. "You can just log on in exactly the same way you log on to you internet banking," said Mr Santorelli.

It means the whole system is accessible to many different kinds of internet criminal. Said Mr Henry: "The fact of the matter is that anyone with criminal intent can get access to a botnet because they can lease the botnet from the person in control."

But as organised crime embraces the botnet so law enforcement is hot on their heels. The result is a technological arms race that rivals anything seen on a real battlefield.

"When banks put in bandit barriers and dye-packs they started to rob armoured cars. When we look at the cyber world it's the same kind of thing...it's constantly a chess game back and forth," said Mr Henry.

STAYING SAFE ONLINE
Use anti-spyware and anti-virus programs
On at least a weekly basis update anti-virus and spyware products
Install a firewall and make sure it is switched on
Make sure updates to your operating system are installed
Take time to educate yourself and family about the risks
Monitor your computer and stay alert to threats

British police are also on the trail of the bot-herders. Detective Constable Bob Burls of the Metropolitan Police Computer Crime Unit describes himself as on the "bleeding edge" of this battle with the hackers, and botnets are a top priority. He said: "Botnets are an emerging threat."

DC Burls spends most of his time breaking the botnets, "They are complex investigations they're very time consuming, they cross international boundaries but we are making progress, they're very satisfying when you get a suspect before a court"

However, the botnets themselves are becoming more sophisticated. Initially they were run via Internet Relay Chat with a clear command and control structure that was easy to close down.

But recent botnets employ peer to peer techniques that lack a central point of control. Mr Santorelli is pessimistic about our ability to shut down these networks by technical means alone.

Those difficulties have led law enforcement and security experts to stress that users need to take responsibility for their own security.

All are keen to stress the importance of four basic steps users can take to protect themselves: using properly configured firewalls and anti-virus systems, regularly updating software and not clicking on unknown links or downloading content from untrusted sources.

Said Mr Truman from BT: "You don't leave home and leave your house unlocked - why let the bad guys into your house via your PC?"

Some would like to take the idea further. John Walker, security expert and visiting professor at Nottingham Trent University, thinks smoking style warnings are needed.

He said: "When you buy a router it should come with a health warning."



SEE ALSO
PC security threats hit new high
21 Sep 04 |  Technology
Boom times for hi-tech criminals
02 Jan 08 |  Technology
Arrests made in botnet crackdown
30 Nov 07 |  Technology
FBI tries to fight zombie hordes
14 Jun 07 |  Technology
'Surge' in hijacked PC networks
19 Mar 07 |  Technology
Storm chaos prompts virus surge
19 Jan 07 |  Technology

RELATED BBC LINKS

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific