BBC Home > BBC News > Technology

The battle against the botnet hordes

21 February 08 11:32 GMT
By Chris Vallance
Reporter, BBC iPM

On 11th February a US teenager who used the online nickname of "Sobe" pleaded guilty to delinquency charges resulting from his surreptitious installation of adware on hundreds of thousands of computers.

The computers "Sobe" used had been hi-jacked and co-opted into a network of computers called a "botnet".

Botnets are networks of computers which have been subverted by malicious code so they fall under the control of cyber criminals.

Typically owners of machines forming a botnet do not know their computer has been hijacked. Home users account for 95% of all attacks mounted by botnet, according to figures from security firm Symantec.

Talking to the BBC, Shawn Henry, deputy assistant director of the FBI's Cyber Division said botnets were the "Swiss army knife" for cyber crime.

Botnets are mostly used to send spam and harvest private data from infected machines but they can also be used to deluge websites with data to knock them offline, host phishing sites and other illegal content.

Nick Truman, BT's head of customer internet security, said the inventive criminals were finding many more uses for botnets. He said: "There really is no limit to what a 'good' botnet is capable of. They make easy money for the controller and are in huge demand."

International conflicts can also be waged with a botnet. The dispute between Estonia and Russia showed their potential use in attacks on important assets.

The existence of large botnets may also present an opportunity for terrorists and that worries the FBI. "Certainly some type of terrorist organisation who wanted to render a network inoperable could use a botnet for that type of crime," said Mr Henry.

Bigger danger

There's no doubt that botnets are a growing problem.

Said Mr Truman from BT: "The problem is getting worse¿we have deployed a system called Streamshield which analyses spam and identifies the source on our networks. To date, we have not detected a real spammer, only compromised computers, some of which send millions of e-mails in a 24 hour period if left unchecked."

The shadowy nature of botnets makes gauging their actual size very hard.

Mr Henry from the FBI said: "I've seen many numbers - just in one of our investigations we had over one million bots that we were able to identify. I imagine you could multiply that multiple times but there's really not any good way to get your arms around the entire scope of the problem."

There's little disagreement among analysts that botnets are a growth area for organised crime. Steve Santorelli from cyber security think tank Team Cymru estimates revenue from botnets is in the "hundreds of millions" and the rewards are not lost on organised crime gangs.

"In the same way in the 60's and 70's you had a wheel man, a getaway driver..., now you have a computer hacker instead," he said.

It is a lucrative business. Bot controllers or herders lease their networks to other spammers and criminals for commercial gain. "If you look at the installation of adware¿ some of these adware companies will pay 5 cents or even 10 cents [per computer] for a US based machine", said Mr Santorelli.

And if you don't like the idea of renting, access to bot technology isn't hard as botnet kits are available online for $40 to $50. "You can just log on in exactly the same way you log on to you internet banking," said Mr Santorelli.

It means the whole system is accessible to many different kinds of internet criminal. Said Mr Henry: "The fact of the matter is that anyone with criminal intent can get access to a botnet because they can lease the botnet from the person in control."

But as organised crime embraces the botnet so law enforcement is hot on their heels. The result is a technological arms race that rivals anything seen on a real battlefield.

"When banks put in bandit barriers and dye-packs they started to rob armoured cars. When we look at the cyber world it's the same kind of's constantly a chess game back and forth," said Mr Henry.

British police are also on the trail of the bot-herders. Detective Constable Bob Burls of the Metropolitan Police Computer Crime Unit describes himself as on the "bleeding edge" of this battle with the hackers, and botnets are a top priority. He said: "Botnets are an emerging threat."

DC Burls spends most of his time breaking the botnets, "They are complex investigations they're very time consuming, they cross international boundaries but we are making progress, they're very satisfying when you get a suspect before a court"

However, the botnets themselves are becoming more sophisticated. Initially they were run via Internet Relay Chat with a clear command and control structure that was easy to close down.

But recent botnets employ peer to peer techniques that lack a central point of control. Mr Santorelli is pessimistic about our ability to shut down these networks by technical means alone.

Those difficulties have led law enforcement and security experts to stress that users need to take responsibility for their own security.

All are keen to stress the importance of four basic steps users can take to protect themselves: using properly configured firewalls and anti-virus systems, regularly updating software and not clicking on unknown links or downloading content from untrusted sources.

Said Mr Truman from BT: "You don't leave home and leave your house unlocked - why let the bad guys into your house via your PC?"

Some would like to take the idea further. John Walker, security expert and visiting professor at Nottingham Trent University, thinks smoking style warnings are needed.

He said: "When you buy a router it should come with a health warning."

Related BBC sites